Fundamentals of Information Security - D340 WGU

Flashcards for this course in WGU

Putting yourself at risk

Not updating to new security patches

Use of weak passwords

Downloading programs from the internet

Opening attachments from unknown senders

Using wireless connections w/out encryptions

Confidentiality

Refers to the ability to protect data from those who are not authorized to view it. You could implement this at many levels of the process.

Integrity

Is the ability to prevent people from changing your data in an unauthorized or undesirable manner. To maintain integrity, not only do you need to have the means to prevent unauthorized changes to your data, but you need the ability to reverse unwanted authorized changes.

Availability

Refers to the ability to access our data when we need it. You could lose availability due to the loss of power, operation/application issues, network issues, or the comprising of a system.

The Parkerian Hexad

This concept adds to the CIA Triad with three new categories, possession, utility and authenticity.

Possession

Refers to the physical disposition of the media on which the data is stored. This enables you to discuss your loss of data in its physical medium w/out involving other factors such as availability.

Authenticity

Allows you to say whether you've attributed the data in question to the proper owner or creator. You can enforce this by having digital signatures in emails.

Utility

Refers to how useful the data is to you, this concept can have various degrees/layers to it.

Types of Attacks

There are four main types of attacks in security. Interception, Interruption, Modification and Fabrication.

Interception

This attacks allows unauthorized users to access your data, applications or environments, and they primarily attacks against confidentiality.

Interruption

This attack makes your assets unusable or unavailable to you on a temporary or permanent basis. These attacks affect availability and integrity.

Modification

This attacks involves tampering with an asset. This will usually affect availability and integrity.

Fabrication

This attack involves generating data, processes, communications, or similar materials within a system. These attacks can also affect availability and integrity.

Threats

This is something that has the potential to cause harm to a system.

Vulnerabilities

These are weaknesses or “holes” that threats can exploit that can cause harm to system.

Risks

This is the likelihood that something bad will happen, to have a risk there has to be threat and a vulnerability that the threat could exploit.

Impact

This is another concept added by the NSA (National Security Agency). It takes into account the value of the asset being threatened and uses it to calculate risk.

Risk Management

This process has 5 steps, Identifying assets, Identifying threats, Assessing vulnerabilities, Assessing risks and Mitigating risks.

The 3 types of risk mitigation

They are physical, logical and administrative risk controls.

Physical mitigation

This protects the physical environment in which your systems sit, or where your data is stored.

Logical mitigation

Also known as “technical controls” this protects the systems, networks and environments that process, transmit ad store your data.

Administrative mitigation

These are controls based on rules, laws, guidelines, and other items that are “paper” in nature.

The 5 stages of incident response

These are stages of IR, Preparation, Detection and analysis, Containment, Eradication, Recovery and Post incident analysis.

Preparation

This involves creating policies and procedures that govern incident response and handling, conducting training and education for both incident handlers and those who are expecting incidents, and developing and maintaining documentation.

Detection and analysis

In this phase, you detect an issue, decide if it actually an incident, and respond to it accordingly.

Containment

This involves taking steps to ensure that the situation doesn’t cause any more damage than it already has or at least lessen any ongoing harm.

Eradication

This involves in the attempt to remove the effects of the issue from your environment. In the case of an affected system, you’ll isolate and cut off connection from the command and control center.

Recovery

This involves devices or data from a backup data, rebuilding systems or reloading systems, or rebuilding applications.

Post incident activity

Otherwise known as “post mortem”. This involves attempting to determine specifically what happened, why it happened and what you can do to keep it from happening again.

Defense in Depth

The triple “AAA”

AAA is an information security framework for controlling access to data and system resources, enforcing policies, and auditing actions.

Authentication

Verifies a user’s identification via the process of logging into a system.

Authorization (Access Control)

Determines what a user has the authority to do and have access to.

Accounting

Tracks and records user access and actions with system logs.

Least Privilege

A user, system, process, or application is only given the permissions necessary to complete its assigned tasks or functions and nothing more.

Identification

This is a simple assertion of who we are. This may include who we claim to be as people, who a system claims to be over the network, or who the originating party of an emails claims to be.

Who we claim to Be

This way we can identify ourselves by our full names, shortened versions of our nick names, nick names, account numbers, usernames, IDs, cards, fingerprints or DNA samples.

Identity Verification

This is a step beyond identification but it’s still a step short of authentication. When you have to show your drivers license, social security card, birth certificate. These things are considered forms of verification.

False Identification

This is also known as “falsification” where forms of fake IDs are used to access areas not meant for certain people, things or places.

Authentication

This is a set of methods used to establish whether a claim of identity is true.

Factors

There are several approaches to authentication, something you know, something you are, something you have, something you do and where you are. These are ideas of factors used daily.

Multifactor Authentication

This type of authentication refers to using two or more steps to verify your identity, IE an atm card and your pin would be considered so.

Mutual Authentication

This type of authentication requires both parties of any given transaction to authenticate each other, they’re usually software based. It is reliant on digital certificates.

Man in the Middle attack

Passwords

This is familiar to the most of us who use computers regularly. When its combined with a username it will give access to systems on your computer, smartphone and other applications.

Biometrics

This is technology that uses the users characteristics unique to them to verify them to access to certain things, it can be a fingerprint, their face or even in the future voice…

Biometrics Factors

These are defined by seven factors: Universality, Uniqueness, Permanence, Collectability, Performance, Acceptability, and Circumvention.

Universality

This allows you to find your chosen biometric type in the majority of the people who are enrolling in the system.

Uniqueness

This allows you to measure how unique a biometric is amongst individuals.

Permanence

This allows the biometric to be tested on how well it resists change over time and advancing ages of individuals.

Collectability

This biometric measures how easy it is to acquire any given characteristic.

Performance

This measures how well a biometric does in the terms of speed, accuracy and error rate.

Acceptability

This biometric looks to see how the acceptance of characteristics rank against the users in the system.

Circumvention

This type of biometric looks to see how easily it can trick the system by using forms of falsified identifiers.

Measuring Performance chart

Hardware Tokens

These are devices that can be small or big that can be used to access secured information of any kind, some maybe a USB type “dongle” or a LCD screen that requires a pin/pass.

What are access controls?

Things that are used to provide access to resources.

Four types of access controls

There are four types of access levels, allowing, denying, limiting and revoking.

Allowing access

This gives the party access to certain resources.

Denying access

This is the opposite of granting access, it can be set up this way in various ways. Time based, area based and info based.

Limiting access

This is only allowing access to a certain extent, like only having a low level key that only opens one door while the master key opens all of them.

Revoking access

This is taking away access from a party after it was granted. If you fire an employee this is common to do after because they will have access to the resources.

Sandboxes

These are isolated environments containing a set of resources for a given purpose.

Implementing access controls

The two main ways to implement access controls are through, access control lists and capabilities.

Access control lists (ACLs) or “ackles”

These are lists that contain info about what kind of access certain parties have to any system.

The 3 file system ACLs permissions

These are, read, write and execute.

Read permission

This allows the user to read the contents of a file or directory.

Write permission

This allows the user to write the contents of a file or directory.

Execute permission

This allows the user to execute the contents of a file if the file contains either a program or a script capable of running on the system in question.

Network ACLs

This filters access based on identifiers used for network transaction, such as internet protocols (IP) addresses, media access control (MAC) addresses and ports.

Blackholes

This happens when a user sees any traffic being sent to filtered destinations suddenly disappearing into thin air.

Socket

When you combine two attributes together to become more secure.

Media access control (MAC)

These are addresses that have unique identifiers hard coded into each network interface in a given system.

IP addresses

These are unique addresses assigned to each device on any network that uses the internet protocol for communication.

Port

These are numerical designation for one side of a connection between two devices, and we use them to identify the application to which traffic should be routed.

Confused deputy problem

This occurs when the software with access to a resource (the deputy) has a greater level of permission to access the resource than the user who is controlling the software.

Cross site request forgery (CSRF) attack

This attack misuses the authority of the browser on the user’s computer.

Clickjacking attack

This is also known as “user interface redressing” which takes advantage of some of pages rendering features that are available in newer web browsers.

Capabilities

These are permissions based on a user’s token, or key otherwise know as a capability.

Access control models

This is used to determine who should have access to what resources.

Most common access control models

These are discretionary, mandatory, rule based, role based, attribute based and multilevel access control.

Discretionary access control (DAC)

In this model, the owner of the resource determines who gets access to it and exactly what level of access they can have.

Mandatory access control (MAC)

In this model, the owner of the resource doesn’t get to decide who gets to access it. Instead, a separate group or individual gets to.

Rules based access control

This model allows access according to set of rules defined by the system administrator.

Role based access control (RBAC)

This model allows access based on the role of the individual being granted access.

Attribute based access control

This model allows access based on the specific attributes of a person, resource, or environment.

The principle of least privilege

This ideology states that you should give a party only the bare minimum level of access it needs to perform its functionality.

Multilevel access control

This model allows access to the combination of several access controls to be used together to protect information while access is controlled.

Bell lapadula model

This model combines the discretionary (DAC) and mandatory (MAC) access controls, primarily concerning the confidentiality of a resource. In other words, making sure unauthorized people can’t read it.

Biba model

This model is concerned with protecting the integrity of data, even at the expense of confidentiality. This means its more important to keep people from altering the data than from viewing it.

Brewer and nash model

This model is also known as the “chinese wall” which prevents the conflict of interest.

Three resources of brewer and nash

Objects: resources, such as the files of a single company.

Company groups: all objects of a single company.

Conflict classes: all groups of objects concerning competing parties.

Accountability

This means making sure that a person is held responsible for their actions.

4 steps of reviewing accountability

Nonrepudiation

This renders someone unable to successfully deny that they have made a statement or take an action, generally because they have sufficient evidence that they did it.

deterrence

in accountability, this relates to help against misbehavior in a companies environments. This usually has penalties associated with the unaccepted behavior.

Intrusion detection and prevention

The two major ways you can use tools to monitor systems and alert you on strange activity, are intrusion detection systems (IDS) or intrusion prevention systems (IPS).

Intrusion detection systems (IDS)

This strictly monitors and alerts you on attacks and undesirable activity taking place.

Intrusion prevention systems

This works with data provided from the IDS to directly take action in the ongoing environment.

Admissibility of records

This can be considered a “chain of custody”, where you track information such as the location of the evidence over time, how exactly it passed from one person to another, and how it was protected while it was stored.