Fundamentals of Information Security - D340 WGU

0.0(0)
studied byStudied by 3 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/271

flashcard set

Earn XP

Description and Tags

Flashcards for this course in WGU

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

272 Terms

1
New cards

Putting yourself at risk

Not updating to new security patches

Use of weak passwords

Downloading programs from the internet

Opening attachments from unknown senders

Using wireless connections w/out encryptions

2
New cards

Confidentiality

Refers to the ability to protect data from those who are not authorized to view it. You could implement this at many levels of the process.

3
New cards

Integrity

Is the ability to prevent people from changing your data in an unauthorized or undesirable manner. To maintain integrity, not only do you need to have the means to prevent unauthorized changes to your data, but you need the ability to reverse unwanted authorized changes.

4
New cards

Availability

Refers to the ability to access our data when we need it. You could lose availability due to the loss of power, operation/application issues, network issues, or the comprising of a system.

5
New cards

The Parkerian Hexad

This concept adds to the CIA Triad with three new categories, possession, utility and authenticity.

6
New cards

Possession

Refers to the physical disposition of the media on which the data is stored. This enables you to discuss your loss of data in its physical medium w/out involving other factors such as availability.

7
New cards

Authenticity

Allows you to say whether you've attributed the data in question to the proper owner or creator. You can enforce this by having digital signatures in emails.

8
New cards

Utility

Refers to how useful the data is to you, this concept can have various degrees/layers to it.

9
New cards

Types of Attacks

There are four main types of attacks in security. Interception, Interruption, Modification and Fabrication.

10
New cards

Interception

This attacks allows unauthorized users to access your data, applications or environments, and they primarily attacks against confidentiality.

11
New cards

Interruption

This attack makes your assets unusable or unavailable to you on a temporary or permanent basis. These attacks affect availability and integrity.

12
New cards

Modification

This attacks involves tampering with an asset. This will usually affect availability and integrity.

13
New cards

Fabrication

This attack involves generating data, processes, communications, or similar materials within a system. These attacks can also affect availability and integrity.

14
New cards

Threats

This is something that has the potential to cause harm to a system.

15
New cards

Vulnerabilities

These are weaknesses or “holes” that threats can exploit that can cause harm to system.

16
New cards

Risks

This is the likelihood that something bad will happen, to have a risk there has to be threat and a vulnerability that the threat could exploit.

17
New cards

Impact

This is another concept added by the NSA (National Security Agency). It takes into account the value of the asset being threatened and uses it to calculate risk.

18
New cards

Risk Management

This process has 5 steps, Identifying assets, Identifying threats, Assessing vulnerabilities, Assessing risks and Mitigating risks.

19
New cards

The 3 types of risk mitigation

They are physical, logical and administrative risk controls.

20
New cards

Physical mitigation

This protects the physical environment in which your systems sit, or where your data is stored.

21
New cards

Logical mitigation

Also known as “technical controls” this protects the systems, networks and environments that process, transmit ad store your data.

22
New cards

Administrative mitigation

These are controls based on rules, laws, guidelines, and other items that are “paper” in nature.

23
New cards

The 5 stages of incident response

These are stages of IR, Preparation, Detection and analysis, Containment, Eradication, Recovery and Post incident analysis.

24
New cards

Preparation

This involves creating policies and procedures that govern incident response and handling, conducting training and education for both incident handlers and those who are expecting incidents, and developing and maintaining documentation.

25
New cards

Detection and analysis

In this phase, you detect an issue, decide if it actually an incident, and respond to it accordingly.

26
New cards

Containment

This involves taking steps to ensure that the situation doesn’t cause any more damage than it already has or at least lessen any ongoing harm.

27
New cards

Eradication

This involves in the attempt to remove the effects of the issue from your environment. In the case of an affected system, you’ll isolate and cut off connection from the command and control center.

28
New cards

Recovery

This involves devices or data from a backup data, rebuilding systems or reloading systems, or rebuilding applications.

29
New cards

Post incident activity

Otherwise known as “post mortem”. This involves attempting to determine specifically what happened, why it happened and what you can do to keep it from happening again.

30
New cards

Defense in Depth

knowt flashcard image
31
New cards

The triple “AAA”

AAA is an information security framework for controlling access to data and system resources, enforcing policies, and auditing actions.

32
New cards

Authentication

Verifies a user’s identification via the process of logging into a system.

33
New cards

Authorization (Access Control)

Determines what a user has the authority to do and have access to.

34
New cards

Accounting

Tracks and records user access and actions with system logs.

35
New cards

Least Privilege

A user, system, process, or application is only given the permissions necessary to complete its assigned tasks or functions and nothing more.

36
New cards

Identification

This is a simple assertion of who we are. This may include who we claim to be as people, who a system claims to be over the network, or who the originating party of an emails claims to be.

37
New cards

Who we claim to Be

This way we can identify ourselves by our full names, shortened versions of our nick names, nick names, account numbers, usernames, IDs, cards, fingerprints or DNA samples.

38
New cards

Identity Verification

This is a step beyond identification but it’s still a step short of authentication. When you have to show your drivers license, social security card, birth certificate. These things are considered forms of verification.

39
New cards

False Identification

This is also known as “falsification” where forms of fake IDs are used to access areas not meant for certain people, things or places.

40
New cards

Authentication

This is a set of methods used to establish whether a claim of identity is true.

41
New cards

Factors

There are several approaches to authentication, something you know, something you are, something you have, something you do and where you are. These are ideas of factors used daily.

42
New cards

Multifactor Authentication

This type of authentication refers to using two or more steps to verify your identity, IE an atm card and your pin would be considered so.

43
New cards

Mutual Authentication

This type of authentication requires both parties of any given transaction to authenticate each other, they’re usually software based. It is reliant on digital certificates.

44
New cards

Man in the Middle attack

knowt flashcard image
45
New cards

Passwords

This is familiar to the most of us who use computers regularly. When its combined with a username it will give access to systems on your computer, smartphone and other applications.

46
New cards

Biometrics

This is technology that uses the users characteristics unique to them to verify them to access to certain things, it can be a fingerprint, their face or even in the future voice…

47
New cards

Biometrics Factors

These are defined by seven factors: Universality, Uniqueness, Permanence, Collectability, Performance, Acceptability, and Circumvention.

48
New cards

Universality

This allows you to find your chosen biometric type in the majority of the people who are enrolling in the system.

49
New cards

Uniqueness

This allows you to measure how unique a biometric is amongst individuals.

50
New cards

Permanence

This allows the biometric to be tested on how well it resists change over time and advancing ages of individuals.

51
New cards

Collectability

This biometric measures how easy it is to acquire any given characteristic.

52
New cards

Performance

This measures how well a biometric does in the terms of speed, accuracy and error rate.

53
New cards

Acceptability

This biometric looks to see how the acceptance of characteristics rank against the users in the system.

54
New cards

Circumvention

This type of biometric looks to see how easily it can trick the system by using forms of falsified identifiers.

55
New cards

Measuring Performance chart

knowt flashcard image
56
New cards

Hardware Tokens

These are devices that can be small or big that can be used to access secured information of any kind, some maybe a USB type “dongle” or a LCD screen that requires a pin/pass.

57
New cards

What are access controls?

Things that are used to provide access to resources.

58
New cards

Four types of access controls

There are four types of access levels, allowing, denying, limiting and revoking.

59
New cards

Allowing access

This gives the party access to certain resources.

60
New cards

Denying access

This is the opposite of granting access, it can be set up this way in various ways. Time based, area based and info based.

61
New cards

Limiting access

This is only allowing access to a certain extent, like only having a low level key that only opens one door while the master key opens all of them.

62
New cards

Revoking access

This is taking away access from a party after it was granted. If you fire an employee this is common to do after because they will have access to the resources.

63
New cards

Sandboxes

These are isolated environments containing a set of resources for a given purpose.

<p>These are isolated environments containing a set of resources for a given purpose. </p>
64
New cards

Implementing access controls

The two main ways to implement access controls are through, access control lists and capabilities.

65
New cards

Access control lists (ACLs) or “ackles”

These are lists that contain info about what kind of access certain parties have to any system.

<p>These are lists that contain info about what kind of access certain parties have to any system. </p>
66
New cards

The 3 file system ACLs permissions

These are, read, write and execute.

67
New cards

Read permission

This allows the user to read the contents of a file or directory.

68
New cards

Write permission

This allows the user to write the contents of a file or directory.

69
New cards

Execute permission

This allows the user to execute the contents of a file if the file contains either a program or a script capable of running on the system in question.

70
New cards

Network ACLs

This filters access based on identifiers used for network transaction, such as internet protocols (IP) addresses, media access control (MAC) addresses and ports.

71
New cards

Blackholes

This happens when a user sees any traffic being sent to filtered destinations suddenly disappearing into thin air.

72
New cards

Socket

When you combine two attributes together to become more secure.

73
New cards

Media access control (MAC)

These are addresses that have unique identifiers hard coded into each network interface in a given system.

74
New cards

IP addresses

These are unique addresses assigned to each device on any network that uses the internet protocol for communication.

75
New cards

Port

These are numerical designation for one side of a connection between two devices, and we use them to identify the application to which traffic should be routed.

76
New cards

Confused deputy problem

This occurs when the software with access to a resource (the deputy) has a greater level of permission to access the resource than the user who is controlling the software.

77
New cards

Cross site request forgery (CSRF) attack

This attack misuses the authority of the browser on the user’s computer.

<p></p><p>This attack misuses the authority of the browser on the user’s computer. </p>
78
New cards

Clickjacking attack

This is also known as “user interface redressing” which takes advantage of some of pages rendering features that are available in newer web browsers.

79
New cards

Capabilities

These are permissions based on a user’s token, or key otherwise know as a capability.

80
New cards

Access control models

This is used to determine who should have access to what resources.

81
New cards

Most common access control models

These are discretionary, mandatory, rule based, role based, attribute based and multilevel access control.

82
New cards

Discretionary access control (DAC)

In this model, the owner of the resource determines who gets access to it and exactly what level of access they can have.

83
New cards

Mandatory access control (MAC)

In this model, the owner of the resource doesn’t get to decide who gets to access it. Instead, a separate group or individual gets to.

84
New cards

Rules based access control

This model allows access according to set of rules defined by the system administrator.

85
New cards

Role based access control (RBAC)

This model allows access based on the role of the individual being granted access.

86
New cards

Attribute based access control

This model allows access based on the specific attributes of a person, resource, or environment.

87
New cards

The principle of least privilege

This ideology states that you should give a party only the bare minimum level of access it needs to perform its functionality.

88
New cards

Multilevel access control

This model allows access to the combination of several access controls to be used together to protect information while access is controlled.

89
New cards

Bell lapadula model

This model combines the discretionary (DAC) and mandatory (MAC) access controls, primarily concerning the confidentiality of a resource. In other words, making sure unauthorized people can’t read it.

<p>This model combines the discretionary (DAC) and mandatory (MAC) access controls, primarily concerning the confidentiality of a resource. In other words, making sure unauthorized people can’t read it. </p>
90
New cards

Biba model

This model is concerned with protecting the integrity of data, even at the expense of confidentiality. This means its more important to keep people from altering the data than from viewing it.

<p>This model is concerned with protecting the integrity of data, even at the expense of confidentiality. This means its more important to keep people from altering the data than from viewing it. </p>
91
New cards

Brewer and nash model

This model is also known as the “chinese wall” which prevents the conflict of interest.

92
New cards

Three resources of brewer and nash

Objects: resources, such as the files of a single company.

Company groups: all objects of a single company.

Conflict classes: all groups of objects concerning competing parties.

<p>Objects: resources, such as the files of a single company.</p><p>Company groups: all objects of a single company.</p><p>Conflict classes: all groups of objects concerning competing parties. </p>
93
New cards

Accountability

This means making sure that a person is held responsible for their actions.

94
New cards

4 steps of reviewing accountability

knowt flashcard image
95
New cards

Nonrepudiation

This renders someone unable to successfully deny that they have made a statement or take an action, generally because they have sufficient evidence that they did it.

96
New cards

deterrence

in accountability, this relates to help against misbehavior in a companies environments. This usually has penalties associated with the unaccepted behavior.

97
New cards

Intrusion detection and prevention

The two major ways you can use tools to monitor systems and alert you on strange activity, are intrusion detection systems (IDS) or intrusion prevention systems (IPS).

98
New cards

Intrusion detection systems (IDS)

This strictly monitors and alerts you on attacks and undesirable activity taking place.

99
New cards

Intrusion prevention systems

This works with data provided from the IDS to directly take action in the ongoing environment.

100
New cards

Admissibility of records

This can be considered a “chain of custody”, where you track information such as the location of the evidence over time, how exactly it passed from one person to another, and how it was protected while it was stored.