Professional Documents
Culture Documents
analysis)
- El Gamal is an unpatented, asymmetric key algorithm based on the discrete
logarithm problem used in Diffie-Hellman. It extends the functionality of Diffie-
Hellman to include encryption and digital signatures.
- PGP uses the IDEA algorithm (symmetric) for encryption and the RSA algorithm
(asymmetric) for key distribution and digital signatures.
- Program Evaluation Review Technique (PERT) charts. PERT charts are
project management tools used for time/progress estimation and resource
allocation, NOT for estimating the financial burden of the project
- An SA is a one-way connection between two communicating parties, meaning
that two SAs are required for each pair of communicating hosts. Additionally, each
SA only supports a single protocol (AH or ESP). Thus, if both AH and ESP are used
between two communicating hosts, a total of four SAs is required.
- SESAME is subject to password guessing like Kerberos.
The Basic Mechanism in Sesame for strong authentication is as follows:
The user sends a request for authentication to the Authentication Server as in
Kerberos, except that SESAME makes use of public key cryptography for
authentication where the client will present his digital certificate and the request
will be signed using a digital signature. The signature is communicated to the
authentication server through the preauthentication fields. Upon receipt of this
request, the authentication server will verify the certificate, then validate the
signature, and if all is fine the AS will issue a ticket granting ticket (TGT) as in
Kerberos. This TGT will be use to communicate with the privilage attribute server
(PAS) when access to a resource is needed.
Users may authenticate using either a public key pair or a conventional (symmetric)
key. If public key cryptography is used, public key data is transported in
preauthentication data fields to help establish identity. Kerberos uses tickets
for authenticating subjects to objects and SESAME uses Privileged Attribute
Certificates (PAC), which contain the subject’s identity, access capabilities for
the object, access time period, and lifetime of the PAC. The PAC is digitally signed
so that the object can validate that it came from the trusted authentication server,
which is referred to as the privilege attribute server (PAS). The PAS holds a similar
role as the KDC within Kerberos. After a user successfully authenticates to the
authentication service (AS), he is presented with a token to give to the PAS. The
PAS then creates a PAC for the user to present to the resource he is trying to
access.
-The northbridge bus connects the CPU to the VIDEO and RAM
- The only difference between a circuit-level gateway and a simple port forwarding
mechanism is that with a circuit-level gateway, the client is aware of the
intermediate system, whereas in the case of a simple port-forwarding mechanism,
the client must not be aware and may be completely oblivious of the existence of
the intermediary
- DDE (Dynamic Data Exchange) enables different applications to share data and
send commands to each other directly.
- Physical cable lengths: 10Base2, also known as RG58, or thinnet, is limited
to 185 meters. 10Base5, also known as RG8/RG11 or thicknet, is limited to 500
meters. 10BaseT is only limited to 100 meters. Note that the 2 in 10Base2 refers to
the maximum cable length (200 meters, 185, actually) and the 5 in 10Base5 is for
500 meters.
- The WAP GAP is a specific security issue associated with WAP results from the
requirement to change security protocols at the carrier's WAP gateway from the
wireless WTLS to SSL for use over the wired network. WTLS is replaced by TLS in
WAP 2.0. The gateway described above is no longer needed to translate (decrypt
from one standard and re-encrypt to another) since the Internet servers are able
to interpret the TLS transmission directly. All data remains encrypted as it passes
through the gateway.
At the WAP gateway, the transmission, which is protected by WTLS, is decrypted
and then re-encrypted for transmission using SSL, leaving data temporarily in the
clear on the gateway.
- National Information Assurance Certification and Accreditation Process
(NIACAP), establishes the minimum national standards for certifying and
accrediting national security systems. This process provides a standard set of
activities, general tasks, and a management structure to certify and accredit
systems that will maintain the Information Assurance (IA) and security posture of a
system or site.
- The object-relational database is the marriage of object-oriented and relational
technologies and combines the attributes of both.
- A system reboot is performed after shutting down the system in a controlled
manner in response to a TCB failure.
- An emergency system restart is done after a system fails in an uncontrolled
manner but consistency can be brought back automatically to the system.
- A system cold start takes place when unexpected TCB or media failures take
place and the recovery procedures cannot bring the system to a consistent state.
Intervention of administrative personnel is required to bring the system to a
consistent state from maintenance mode.
- Information Labels are similar to Sensitivity Labels, but in addition to the
classification and the category set of the Sensitivity Labels, they also have
the necessary controls to be able to operate as a trusted computer. One other
important difference is that the Reference Monitor does not use Information Labels
for access permissions
- DCE does provide the same functionality as DCOM, but DCE is an open standard
developed by the Open Software Foundation (OSF) and DCOM, developed by
Microsoft, is more proprietary in nature
- Risk management consists of two primary and one underlying activity; risk
assessment and risk mitigation are the primary activities and uncertainty
analysis is the underlying one. After having performed risk assessment and
mitigation, an uncertainty analysis should be performed. Risk management
must often rely on speculation, best guesses, incomplete data, and many
unproven assumptions. A documented uncertainty analysis allows the risk
management results to be used knowledgeably. A vulnerability analysis,
likelihood assessment and threat identification are all parts of the collection and
analysis of data part of the risk assessment, one of the primary activities of risk
management.
- RTO would be defined as part of the recovery plan and not as part of the BIA
- The Authentication Header is a mechanism for providing strong integrity
and authentication for IP datagrams. It might also provide non-repudiation,
depending on which cryptographic algorithm is used and how keying is performed.
For example, use of an asymmetric digital signature algorithm, such as RSA, could
provide non-repudiation."
ESP is a mechanism for providing integrity and confidentiality to IP datagrams.
It may also provide authentication, depending on which logarithm and algorithm
mode are used. Non-repudiation and protection from traffic analysis are not
provided by ESP
- Extensible Authentication Protocol as a framework that supports multiple,
optional authentication mechanisms for PPP, including cleartext passwords,
challenge-response, and arbitrary dialog sequences
- SSL : Application / transport layers
- Individual accountability includes:
* unique IDs (for ID)
* access rules (to determine violations)
* audit trails (detective, for logging)
- Padded cells are simulated environments to which IDSs seamlessly transfer
detected attackers and are designed to convince an attacker that the attack is
going according to the plan.
- FRAP (facilitated risk analysis process) : business managers and technical
staff. Brainstorm and identify risk, and apply a group of 26 common controls to
categorize risk
- The functional design analysis and planning stage of an SDLC is the point
at which a project plan is developed, test schedules assigned, and expectations
outlined
- default open is not a prefered security model
- External consistency ensures that the data stored in the database is consistent
with the real world
-DBMS: Cell suppression is a technique used against inference attacks by not
revealing information in the case where a statistical query produces a very small
result set. Perturbation also addresses inference attacks but involves making
minor modifications to the results to a query. Partitioning involves splitting
a database into two or more physical or logical parts; especially relevant for
multilevel secure databases.
- System development + system maintenance can be done by same people
- The running key cipher is based on modular arithmetic
- Telnet’s primary use is terminal emulation
- Root cause analysis needed for eradication phase
- Flash can be read/written multiple times quickly, but at the cost of only writing
large blocks at a time.
- As relates to operations security and TB : trusted paths are trustworthy interfaces
into privileged user functions, i.e. they are pathways through the security boundary
which separates the TCB components and untrusted components. trusted paths
would be a form of API
- In an online transaction processing system, if an invalid or erroneous transaction
is detected, it should be written to a report and reviewed
- limited privilege : trusted process characteristic where operations are
performed without allowing the user direct access to unauthorized sensitive data
- DAC and MAC both employ least privilege. But only MAC employs need to know
(compartmentalization)
- The reference monitor must meet three conditions:
(1) it must be tamperproof (isolation)
(2) it must be invoked on every access to every object (completeness) and
(3) it must be small enough for thorough validation of its operation through
analysis and tests, in order to verify completeness (v
- MSR minimum security requirements state that a password should have
minimum length of 8 characters.
- One time pads to be unbreakable the pads must:
* have completely random characters
* be secure
* must not be re-used
* key must be as long as the message
- Detection capabilities of host based IDS systems are usually limited by the audit
logging capabilities of the host
- Software librarian can enforce separation of duties to ensure programmers do not
have access to production code
- MTD = RTO + WRT ; Maximum Tolerable Downtime = Recovery Time Objective +
Work Recovery Time
- An interoperable, or cooperative, database is defined as interconnected
platforms running independent copies of software with independent copies of
data. Not to be confused with a decentralized database, involving connected or
unconnected but related platforms running independent copies of software with
independent copies of data. A dispersed database involves interconnected and
related platforms running the same software and using the same data, one of which
is centralized (software or data).
- Graham-Denning model has 8 rules
- One technique of process isolation is time-multiplexing
- Data or information owner can determine if controls in place protect sensitive data
sufficiently
- Diffie Hellmann : protocol used to enable two users using symmetric encryption
to exchange a secret key (session key) over an insecure medium without any prior
secrets. The negotiated key will subsequently be used for message encryption
- ITSEC vs Orange book : One major difference between the two is ITSEC’s
inclusion of integrity and availability as security goals, along with confidentiality.
- IPSec peer authentication performed at phase 1
- IPSec:
In phase 1 of this process, IKE creates an authenticated, secure channel between
the two IKE peers, called the IKE security association. The Diffie-Hellman key
agreement is always performed in this phase. (bi-directional SA)
In phase 2 IKE negotiates the IPSec security associations and generates the
required key material for IPSec. The sender offers one or more transform sets that
are used to specify an allowed combination of transforms with their respective
settings. (Simplex SA x2)
- SET = Secure Electronic Transaction : OSI L7 application layer protocol
- Quality assurance can also be an additional responsibility of the security
administrator. The security administrator, being responsible for application
programming, systems programming or data entry, does not provide for proper
segregation of duties
- Linear cryptanalysis : attempt to determine key from large amounts of plain /
cipher text pairs
- Output controls are used for two things: for verifying the integrity and
protecting the confidentiality of an output
- Input controls are used to validate input (correct range, etc), helps prevent
certain types of attacks eg bugger overflow
- Max key size for Rijandael is 256 bits
- ISO 27001:2005 : standard for Information Security management
- DES key length = 56 bits , parity or key sequence of 8 bits = 64bit. Uses 64-bit
blocks and output 64-bit ciphertext
- The main advantage of the qualitative impact analysis is that it prioritizes
the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
- Differential cryptanalysis : attempt to determine key by statistically analysing
a few plain - cipher text pairs
- SQL = DDL (data definition language) + DML (data manipulation
language)
- polymorphism : object acts differently, depending on the input message
- polyinstantiation : same object, different data (eg secret data, top secret data)
- Digital envelope: message encrypted with secret key, which is in turn encrypted
with public key of reciever
- UTP categories based on how tightly a cable is twisted
- Coaxial cables need fixed spacing between connections (termination / reflection,
etc)
- Degree of a table represents number of columns therefore not related to number
of primary keys
- A protection domain consists of the execution and memory space assigned
to each process. The purpose of establishing a protection domain is to protect
programs from all unauthorized modification or executional interference. The
security perimeter is the boundary that separates the Trusted Computing Base
(TCB) from the remainder of the system
- RC4 is not a block cipher (variable-key-length stream cipher)
- A stream cipher generates what is called a keystream (a sequence of bits
used as a key). It is much faster than block ciphers
- data diddling : active form of attack that alters existing data
- Elliptic Curve Cryptography has the highest strength per bit of key length of
any asymmetric algo, hence less key length is needed, used for mobile devices
- Trusted recovery ensures that security is not breached when a system crash or
other system failure occurs. When the system crashes, it must be able to restart
without compromising its required protection scheme and to recover and rollback
without being compromised after the failure. Trusted recovery is only required for
B3 and A1 level systems.
- secondary evidence : copy of a piece of evidence or oral description
- direct evidence : can prove a fact by itself (does not need backup), for example
oral testimony based on info gathered through a witness’s five senses
- Auxiliary station alarms automatically cause an alarm originating in a data
center to be transmitted over the local municipal fire or police alarm circuits for
relaying to both the local police/fire station and the appropriate headquarters.
Central station alarms are operated by private security organizations
- A data dictionary is a central collection of data element definitions, schema
objects, and reference keys.
- A single account on the system has the administrative rights to all the security-
related functions of the system. This demonstrates Trusted Facility Management
because you restrict access to administrative functions.
A failure or crash of the system cannot be used to breach security. This would fall
under Trusted Recovery.
- clapper valve holds back water in dry system (fire suppression)
- Regarding SSL: Once the server has been authenticated by the browser client,
the browser generates a master secret that is to be shared only between the server
and client. This secret serves as a seed to generate the session (private) keys. The
master secret is then encrypted with the server's public key and sent to the server.
The fact that the master secret is generated by the client's browser provides the
client assurance that the server is not reusing keys that would have been used in a
previous session with another client.
- Evaluation is the process of independently assessing a system against a
standard of comparison, such as evaluation criteria. Certification is the process of
performing a comprehensive analysis of the security features and safeguards of a
system to establish the extent to which the security requirements are satisfied.
Accreditation is the official management decision to operate a system (achieved
during implementation phase.
Acceptance testing refers to user testing of a system before accepting delivery.
- The operation/ maintenance phase of an IT system is concerned with user
authentication
- attribute certificate is a digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name or to the identifier
of another certificate that is a public-key certificate
- CER : crossover error rate, FRR : false rejection rate
- Clark_Wilson model : achieves data integrity through well-formed transactions
and seperation of duties (eg using middleware)
- RADIUS and DIAMETER are incomaptible
- The security perimeter is the imaginary line that separates the trusted
components of the kernel and the Trusted Computing Base (TCB) from those
elements that are not trusted
- Software plans and requirements usually addresses due care and due
diligence
- When access control is on what is contained in the database it is considered to be
content-dependent access control
- BIA primary objectives:
* Criticality prioritization
* downtime estimation
* resource requirments
- BIA objectives:
* interviews for data gathering
* create data gathering techniques
* identify critical business functions
* identify resources that the above functions depend upon
* how long can functions survive without the resources
* identify vulnerabilities and threats to the resources
* calculate risk to resources
* document and report
- In IPSec, an SA is simplex in operation, not duplex
- soda acid removes the fuel supply of a fire
- Operational controls are concerned most with personnel safety
- ARL vs CRL = Authority Revocation List vs Certificate Revocation List
- Pipelining : overlapping steps of different instructions
- SSL session key length vary from 40bit to 256bit
- S-RPC provides authentication
- Secure HTTP (S-HTTP) is designed to send individual messages securely
- For authentication via DES, Cipher Block Chaining and Cipher Feedback can be
used since they create a key that is dependent of the previous block and the final
block serves as a Message Authentication Code. Output feedback does not allow
any sort of MAC
- Wireless Transport Layer Security (WTLS) is a communication protocol
that allows wireless devices to send and receive encrypted information over the
Internet.
- Keyed hash also called a MAC (message authentication code) is used for
integrity protection, and authentication. Eg of MAC : encrypt message with secret
key DES, and hash the output.
- In order to protect against fraud in electronic fund transfers (EFT), the Message
Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value,
which is derived from the contents of the message itself, that is sensitive to the
bit changes in a message. It is similar to a Cyclic Redundancy Check (CRC). The
Secure Electronic Transaction (SET) was developed by a consortium including
MasterCard and VISA as a means of preventing fraud from occurring during
electronic payment
- Capacitance detectors is used for spot protection within a few inches of the
object, rather than for overall room security monitoring.
- Internet refers to the global network of public networks and ISP
- Communications security management prevents,detects and corrects errors so
CIA of network transaction may be maintained
- The computations involved in selecting keys and in enciphering data are complex,
and are not practical for manual use. However, using mathematical properties of
modular arithmetic and a method known as computing in Galois fields, RSA is
quite feasible for computer use.
- known-plaintext attack : a cryptanalysis technique in which the analyst tries
to determine the key from knowledge of some plaintext-ciphertext pairs (although
the analyst may also have other clues, such as the knowing the cryptographic
algorithm).
- chosen-ciphertext attack is defined as a cryptanalysis technique in which the
analyst tries to determine the key from knowledge of plaintext that corresponds to
ciphertext selected (i.e., dictated) by the analyst.
- chosen-plaintext attack is a cryptanalysis technique in which the analyst tries
to determine the key from knowledge of ciphertext that corresponds to plaintext
selected (i.e., dictated) by the analyst.
- Stream cipher is most suited to hardware implementations
- A central authority that determines which subjects have access to which objects is
a fom of non-discretionary access control
- cardinality of a database refers to the number of rows in a relation (eg 1 to 1,
1 to many, etc)
- X.400 is used in e-mail as a message handling protocol. X.500 is used in
directory services. X.509 is used in digital certificates and X.800 is used a network
security standard
- Split knowledge involves encryption keys being separated into two components,
each of which does not reveal the other
- Reasonableness checks, range checks, syntax checks and check digits are
common program controls
- An analytic attack refers to using algorithm and algebraic manipulation
weakness to reduce complexity.
- Content dependant protection of info increases processing overhead
- Simple Security property in Bell-LaPadula = no read up
- Simple Security property in Biba = no read down
- star property in Bell-LaPadula = confinement property
- to remember : simple = read, *(star) = write
- A reference monitor compares the security labels on a subject and object
- Phreaking:
RED BOX
A red box is a phreaking device that generates tones to simulate inserting coins in
pay phones, thus fooling the system into completing free calls. In the US, a dime is
represented by two tones, a nickel by one, and a quarter by a set of 5 tones. Any
device capable of playing back recorded sounds can potentially be used as a red
box. Commonly used devices include modified Radio Shack tone dialers, personal
MP3 players, and audio-recording greeting cards.
BLUE BOX
An early phreaking tool, the blue box is an electronic device that simulates a
telephone operator's dialing console. It functions by replicating the tones used to
switch long-distance calls and using them to route the user's own call, bypassing
the normal switching mechanism. The most typical use of a blue box was to place
free telephone calls - inversely, the Black Box enabled one to receive calls which
were free to the caller. The blue box no longer works in most western nations, as
modern switching systems are now digital and no longer use the in-band signaling
which the blue box emulates. Instead, signaling occurs on an out-of-band channel
which cannot be accessed from the line the caller is using (called Common Channel
Interoffice Signaling (CCIS)).
BLACK BOX
The black box (as distinguished from blue boxes and red boxes), sometimes called
an Agnew (see Spiro (device) for the origin of the nickname), was a device built
by phone phreaks during the 1960s and 1970s in order to defeat long distance
phone call toll charges, and specifically to block the supervision signal sent by the
receiving telephone handset when the call was answered at the receiving end of the
call.
The act of picking up the handset of a telephone causes a load to be put on the
telephone line, so that the DC voltage on the line drops below the approximately 45
volts present when the phone is disconnected. The black box consisted of a large
capacitor which was inserted in series with the telephone, thereby blocking DC
current but allowing AC current (i.e., ringing signal and also audio signal) to pass.
When the black box was switched into the telephone line, the handset could be
picked up without the telephone system knowing and starting the billing process.
In other words, the box fooled the phone company into thinking no one had
answered at the receiving end, and therefore billing was never started on the call.
WHITE BOX
The white box is simply a portable Touch-Tone Keypad.