Module 5 Flash Cards

studied byStudied by 10 people
5.0(2)
Get a hint
Hint

Confidentiality

1 / 174

flashcard set

Earn XP

Description and Tags

Flash cards for module 5 cyber systems

175 Terms

1

Confidentiality

Protect info from unauthorized access, whether intentional or accidental.

New cards
2

Integrity

Ensure that info is authentic and unedited, and the source is genuine.

New cards
3

Availability

Ensure the info is accessible by authorized users.

New cards
4

Intentional Actors

Attackers who want to access information. A person, group, or entity (state actor)

New cards
5

Unintentional Actors

Bugs in the OS and software or mistakes made by administrators.

New cards
6

Local Threat

A disgruntled or untrained employee

New cards
7

Remote Threat

A hacker from across the globe (State actors, hacking groups)

New cards
8

Risk assessment

Determine applicable threats both local and remote, effectiveness of current security controls, and security posture.

New cards
9

Steps to build a secure server

Plan the installation of the OS —> Install, configure, and secure the OS. Install, configure and secure server software. Ensure content is properly secured, employ appropriate network protection mechanisms. Finally Employ secure administration and maintenance processes.

New cards
10

Simplicity

Security mechanisms should be as simple as possible with complexity at the root of many issues.

New cards
11

Fail-Safe

The system should fail in a secure manner

New cards
12

Backups

Critical data should be maintained in the event of catastrophic system failure.

New cards
13

Separation of Privilege

Functions, to the degree possible, should use ___________ and provide as much granularity as possible.

New cards
14

Least Privilege

This principle dictates that each task, process, or user is granted the minimum rights required to perform its job.

New cards
15

User Education

This can be provided through training and education, ______ should understand the necessity of security.

New cards
16

Defense-in-Depth

A single security mechanism is generally insufficient, mechanisms need to be layered to prevent compromise.

New cards
17

Work Factor

Understand what it takes to break the system or network’s security features.

New cards
18

Maintain logs

Records should be maintained so that if a compromise does occur, evidence of the attack is available to the organization.

New cards
19

Application security

The process of developing, testing, and adding security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification.

New cards
20

Authentication

Ensure that a user is who they say they are.

New cards
21

Authorization

The system can validate that a user has permission to access the application by comparing the user’s identity with a list of authorized users.

New cards
22

Accounting

Logging can help identify who got access to the data and how.

New cards
23

Encryption

Other security measures can protect sensitive data from being seen or even used by a cybercriminal.

New cards
24

Application security controls

Techniques to enhance the security of an application at the coding level, making it less vulnerable to threats.

New cards
25

Static testing

Analyzes code at fixed points during its development.

New cards
26

Dynamic testing

Analyzes running code while simulating outside, or “black box” attacks

New cards
27

Interactive testing

Combines elements of both static and dynamic testing

New cards
28

Mobile testing

Designed specifically for the mobile environments and can examine how an attacker can leverage the mobile OS and the aps running on the in its entirety.

New cards
29

Security Training for Developers

It is critical that developers receive proper security training. tailored to the specific needs of their role.

New cards
30

Adopt a DevSecOps approach

The shift-left approach, aims to detect security holes from day one in order to prevent security issues to begin with and to resolve them as quickly as possible if they do indeed arise.

New cards
31

Automate

Virtually impossible to mitigate the endless number of vulnerabilities that exist using a manual approach, this is critical in order to allow teams to focus on more challenging undertakings.

New cards
32

Update and Patch Regularly

Installing software updates and patches is one of the most effective ways to keep your software secure.

New cards
33

Encrypt your data

Encryption of both data at rest and in transit is key, using an SSL/TLS with a current certificate.

New cards
34

Use Pen-testing

This type of ethical hacker attempts to break into the application in order to detect vulnerabilities and find potential attack vectors with the aim of protecting the system from a real attack.

New cards
35

“Session”

Refers to a connection for ongoing data exchange between two parties (client and server).

New cards
36

Session management funcitons

Establishing and keeping alive the communications links for the duration of the session, keeping the communication secure, synchronizing the dialogue between the two nodes, determining whether communications have been stopped and figuring out whether to restart the transmission or terminate the communication.

New cards
37

Session ID

A unique identifier assigned for tracking a customer accessing an organization’s website.

New cards
38

Session Hijacking

If a hacker obtains a customer’s session ID info, the attacker is able to manipulate the active sessions.

New cards
39

OWASP (Open Web Application Security)

considers the improper implementation of authorization/authentication as the second biggest risk to application security.

New cards
40

Authentication tokens

These are frequently sent over the network and are vulnerable to man in the middle, XSS, XSRF, Brute Force, and social engineering.

New cards
41

Man in the Middle Attacks (MITM)

Someone intercepting data being sent between two parties.

New cards
42

XSS (Cross-Site Scripting)

An attacker can maliciously inject JavaScript into an application running on the victim’s browser. Prevented easily by using input validation as well as secure cookies

New cards
43

XSRF (Cross-Site Request Forgery)

Allows an attacker to piggyback on an existing active session. The goal is to submit a fake request and get you to click on it. Prevention typically requires the use of an anti-______ token.

New cards
44

Brute Force Attack

Incessantly guessing auth tokens until one of the attempts proves successful.

New cards
45

Physical Access

An attacker with _______ to a victim’s device can steal auth tokens in multiple ways

New cards
46

Secure Socket Layers (SSL)

Provided a secure encryption communication method for TCP connections, especially HTTP. Replaced by TLS.

New cards
47

Transport Layer Security (TLS)

A widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. Encrypts the communication between web applications and servers, etc…

New cards
48

Components of TLS

Encryption, Authentication, and Integrity

New cards
49

TLS certificate

Contains important information about who owns the domain, along with the server’s public key, both of which are important for validating the server’s identity.

New cards
50

TLS handshake

Specify which version of TLS, decide on which cipher suites to use, authenticate the identify of the server using the server’s TLS certificate, and generate session keys for encrypting messages between them after the handshake is complete.

New cards
51

Cipher suite

A set of algorithms that specifies details such as which shared encryption keys, or session keys, will be used for that particular session.

New cards
52

System Boundary

The point where data transfers from the intranet to the internet and vice versa.

New cards
53

Fuzzing

A type of application security testing where developers test the results of unexpected values or inputs to discover which ones cause the application to act in an unexpected way that might open a security hole.

New cards
54

Boundary Protection

The monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communication. Through gateways, routers, firewalls, guards, and encrypted tunnels.

New cards
55

Control objectives

Statements of the desired result or purpose to be achieved by implementing said control

New cards
56

Demilitarized zone (DMZ)

A physical or logical subnet that separates an internal network from the internet.

New cards
57

Boundary Interaction Best Practices

Scan for unauthorized connections, deny comms with malicious IPs, no unauth ports, configure monitor systems to record packets, use IDS sensors, use Network based intrusion prevention, use NetFlow collection, use application layer filtering proxy servers, decrypt network traffic at Proxy, require all remote logins to use multi-factor auth, and manage all devices remotely logging into internal networks.

New cards
58

Firewalls

A software or hardware-based network security system controlling incoming and outgoing network traffic.

New cards
59

Packet Filtering

A technique used to control network access by monitoring outgoing and incoming packets and either allowing or blocking them. Accomplished by implementing Access Control Lists

New cards
60

Proxy

A network device or software acting on behalf of clients to retrieve requested content from the internet.

New cards
61

Web Proxy

A proxy dedicated solely to web traffic.

New cards
62

Network Address Translation (NAT)

An internet standard that enables a local area network to use one set of IP address for internal traffic and a second set for external traffic.

New cards
63

Intrusion Detection System (IDS)

A system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. It is passive but can still identify malicious activity and provide evidence to inform us of an attack.

New cards
64

IDS functions

Recognition of patterns associated with known attacks, Statistical analysis of abnormal traffic patterns, assessment and integrity check of defined files, monitoring and analysis of user and system activity, network traffic analysis, and even log analysis.

New cards
65

IDS sensors

Installed on a dedicated device or on the devices already installed on a network. Can analyze every packet traversing the network. Tie into a centralized command console that monitors them and generates alerts.

New cards
66

Air Force Enterprise Configuration Management Office (AFECMO)

Creates pre-configured operating system images that are compliant with all applicable TCNOs and STIGs. perform SDC/SSC testing and risk analysis on TCNOs/IAVMs published to the AFCYBER Readiness Center Site.

New cards
67

690 Network Support Squadron (NSS)/AMAC

Will direct NOSs, base NCCs/CFPs, and PMOs through the Acknowledgement Compliance Tool (ACT) to implement Normal vulnerability remediation actions. Authorize NOS personnel to test software and OS updates as well as the associated Remedy CRQ ticket for the TCNO with relevant changes and confirm with software dashboard. Normal = 11 days

New cards
68

Network Operations Squadron (NOS)/Cyberspace Operations Squadron (COS)/Vulnerability Remediation Operator (VRO)

Execute vulnerability remediation to reduce AFIN risk through the implementation of approved countermeasures.

New cards
69

NOS, COS, and VRO countermeasures

Configuration changes to systems, installation of patches, removal of non-approved software, searching for malicious files, upgrades of applications, reinstallation of OSs, and correction of system configs against stigs.

New cards
70

NOS

Responsible for patching vulnerabilities on servers, network infrastructure, boundary devices, and all other IP capable asses within their respective AOR utilizing both enterprise automated tools and manual processes.

New cards
71

VROs

Create patch packages for all vulnerabilities impacting the preponderance of the AFIN to be deployed using enterprise remediation capabilities.

New cards
72

Mandatory Deployments

Target all machines that require an update, are not a part of an exemption, and are not designated a PMO/Medical. A deadline of one day.

New cards
73

Available Deployments

Target all systems, unless stated otherwise by the tasking authority.

New cards
74

Cookies

Used to store details about the session. Which may present a security risk.

New cards
75

Program Management Office (PMO)

Responsible for remediating assets that are supported by a weapons system. Coordinate vulnerability remediation on servers, within their respective AORs with NOSs, until acceptable compliance levels are achieved.

New cards
76

Command Cyber Readiness Inspection (CCRI)

DISA-led formal inspection designed to increase accountability and the security posture of DoD Information Networks according to DoD standards.

New cards
77

CCRI process

Typically every 3 years. The inspection culminates in a week-long visit by a visit by a DISA inspection team, who perform a deep dive into the installation’s cybersecurity posture.

New cards
78

CCRI Graded Areas: Contributing Factors

Contributing Factors: Culture, Capability, and Conduct

New cards
79

CCRI Culture

Command leadership engagement in cybersecurity program, awareness and implementation of STIG reqs, authority to operate, plan of action & milstones, and Program managed system baselines.

New cards
80

CCRI Capability

Computer cyber security server provider (CCSP) alignment, external NIDS-CCSP monitoring, internal NIDS-CCSP monitoring, local incident handling, and continuity of operations plan (COOP).

New cards
81

CCRI Conduct

IA workforce-DoD 8570 Training, configuration management processes, and comprehensive vulnerability management program.

New cards
82

CCRI graded areas: endpoint security

ESS is a suite of centrally managed DCO tools that provide a means for the denial of adversary actions.

New cards
83

CCRI graded areas: site vulnerability scan

DISA calculates the score, or vulnerability index (VI) based on the total number of systems, the number of vulnerabilities on each system, and the level of severity of those vulnerabilities. No concern → Minor concern → Minimal concern → Moderate concern → Critical concern.

New cards
84

CCRI graded areas: STIGS

DISA checks to see whether or not the base is aware of and implementing STIG requirements. Also evaluates how well STIGs are implemented.

New cards
85

Assessment & Authorizations (A&A) requirements

Utilizes the Risk Management Framework (RMF) process to submit a complete and accurate security plan.

New cards
86

Risk Management Framework (RMF)

Prepare, Categorize, Assess, Authorize, and Monitor are parts of what?

New cards
87

Vulnerability Assessment Tools (VATS)

Software packages used on information systems or networks to scan looking for weaknesses like open port exploitations, weak passwords, and security configuration errors leading to potential misuse and abuse.

New cards
88

Vulnerability Management System (VMS)

A DoD information system used to record, track, and disseminate critical vulnerability information throughout the DoD Enterprise network.

New cards
89

Assured Compliance Assessment Solution (ACAS)

Automatically identifies configuration vulnerabilities threatening the security of the DoD’s computer systems. Enhances the availability and security of the DoD Information Network (DoDIN) by ensuring adherence to Information Assurance (IA) and Network Operations (NetOps) policies.

New cards
90

Security Center

Single console access used by ACAS managing Nessus scans at the enterprise network level. real-time detection of network anomalies and is scalable.

New cards
91

Nessus

A comprehensive vulnerability scanner. It performs configuration scans of servers, network devices and databases to test for specific policy settings and can check internal security policy compliance.

New cards
92

Passive Vulnerability Scanner (PVS)

Monitors the network in real-time, continuously looking for new hosts, applications and new vulnerabilities without requiring the need for active scanning.

New cards
93

Microsoft Enterprise Configuration Manager (MECM)

Designed to support a faster pace of system updating and patch management for our network connected Windows devices.

New cards
94

Host assessment

The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.

New cards
95

Network and wireless assessment

The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources.

New cards
96

Database assessment

The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure.

New cards
97

Applications scans

The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or stat/dynamic analysis of source code.

New cards
98

Vulnerability assessment scanning process

four steps: vulnerability identification, analysis, assessment and remediation.

New cards
99

DISA Security Technical Implementations Guides (STIGS)

The configuration standards for DOD IA and IA enabled devices/systems. Describes how to minimize network-based attacks and prevent system access when the attacker is interfacing with the system, either physically at the machine or over a network.

New cards
100

SRG-STIG Library Compliation

Compilations of STIGs and SRGs

New cards

Explore top notes

note Note
studied byStudied by 11 people
... ago
5.0(2)
note Note
studied byStudied by 3906 people
... ago
4.7(25)
note Note
studied byStudied by 13 people
... ago
5.0(1)
note Note
studied byStudied by 17 people
... ago
5.0(1)
note Note
studied byStudied by 58 people
... ago
4.5(2)
note Note
studied byStudied by 60 people
... ago
5.0(1)
note Note
studied byStudied by 3 people
... ago
5.0(1)
note Note
studied byStudied by 108 people
... ago
5.0(4)

Explore top flashcards

flashcards Flashcard (20)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (31)
studied byStudied by 3 people
... ago
5.0(1)
flashcards Flashcard (20)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (86)
studied byStudied by 2 people
... ago
5.0(1)
flashcards Flashcard (56)
studied byStudied by 2 people
... ago
5.0(1)
flashcards Flashcard (77)
studied byStudied by 254 people
... ago
5.0(3)
flashcards Flashcard (38)
studied byStudied by 9 people
... ago
5.0(1)
flashcards Flashcard (101)
studied byStudied by 28 people
... ago
5.0(2)
robot