Data Remanence The remains of partial or even the entire data set of digital information.

Maximum tolerable downtime The maximum period of time that a critical business function can be inoperative before the company incurs significant and long-lasting damage. Recovery Time Objective The balance against the cost of recover and the cost of disruption.

Disaster Recovery Planning (DRP) Deals with restoring normal business operations after the disaster takes place...works to get the business back to normal. 802.5 IEEE standard defines the Token Ring media access method.

Resource Requirements Portion of the BIA that lists the resources that an organization needs in order to continue operating each critical business function. Information Owner The one person responsible for data, its classification and control setting. Differential power analysis A side-channel attack carry-out on smart cards that examining the power emission release during processing. Electromagnetic analysis A side-channel attack on smart cards that examine the frequencies emitted and timing.

Checklist Test is one in which copies of the plan are handed out to each functional area to ensure the plan deal with their needs. Job Rotation To move from location to location, keeping the same function.

Mitigate Defined as real-time monitoring and analysis of network activity and data for potential vulnerabilities and attacks in progress.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Analysis Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk. Containment Mitigate damage by isolating compromised systems from the network.

Change Control Maintaining full control over requests, implementation, traceability, and proper documentation of changes. Gateway Used to connect two networks using dissimilar protocols at different layers of the OSI model. Detection Identification and notification of an unauthorized and/or undesired action. Fault Tolerance Mitigation of system or component loss or interruption through use of backup capability. Secure HTTP Protocol designed to same individual message securely. Class C Has 256 hosts. Trade secrets Deemed proprietary to a company and often include information that provides a competitive edge, the information is protected as long the owner takes protective actions.

Isochronous Process must within set time constrains, applications are video related where audio and video must match perfectly. Electronic Vaulting Periodic, automatic and transparent backup of data in bulk.

Incremental A backup method use when time and space are a high importance. Criminal Conduct that violates government laws developed to protect society. RAID 0 Creates one large disk by using several disks.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

X.400 Active Directory standard Redundant Array of Independent Drives (RAID) A group of hard drives working as one storage unit for the purpose of speed and fault tolerance. Classification The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification. Alarm Filtering The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks. Concentrator Layer 1 network device that is used to connect network segments together, but provides no traffic control (a hub). Eavesdropping A passive network attack involving monitoring of traffic. Emanations Potentially compromising leakage of electrical or acoustical signals.

Prevention Controls deployed to avert unauthorized and/or undesired actions. Proprietary Define the way in which the organization operates.

Data Integrity The property that data meet with a priority expectation of quality and that the data can be relied upon. Coaxial Cable A cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor. Digital Signature An asymmetric cryptography mechanism that provides authentication.

E-Mail Spoofing Forgery of the sender's email address in an email header. Fiber Optics Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Fraggle A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. Hub Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator). Interception Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless communication, emanations). IP Fragmentation An attack that breaks up malicious code into fragments, in an attempt to elude detection. Incident response Team should consist of: management, IT, legal, human resources, public relations, security etc. Multiplexers A device that sequentially switches multiple analog inputs to the output. Enticement The legal act of luring an intruder, with intend to monitor their behavior.

Hijacking Interception of a communication session by an attacker.

Injection An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input. IP Address Spoofing Forging of an IP address.

Kerberos A trusted third party authentication protocol.

Modification A type of attack involving attempted insertion, deletion or altering of data. Open Mail Relay Servers A mail server that improperly allows inbound SMTP connections for domains it does not serve. Packet Filtering A basic level of network access control that is based upon information contained in the IP packet header.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Patch Panels Provides a physical cross connect point for devices. Phishing A social engineering attack that uses spoofed email or websites to persuade people to divulge information. Proxies Mediates communication between un-trusted hosts on behalf of the hosts that it protects. Radio Frequency Interference (RFI) A disturbance that degrades performance of electronic devices and electronic communications. Routers A layer 3 device that used to connect two or more network segments and regulate traffic. Sequence Attack An attack involving the hijacking of a TCP session by predicting a sequence number. Smurf A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)

Private Branch Exchange (PBX) A telephone exchange for a specific office or business. Physical Tampering Unauthorized access of network devices.

Repeaters Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator). Rogue Access Points Unauthorized wireless network access device.

Satellite A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication. Shielding Enclosure of electronic communication devices to prevent leakage of electromagnetic signals. Sniffing Eavesdropping on network communications by a third party.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Source Routing Exploitation A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network. Switches A layer 2 device that used to connect two or more network segments and regulate traffic. Tapping Eavesdropping on network communications by a third party.

Spam Unsolicited commercial email.

SYN Flooding A Denial of Service attack that floods the target system with connection requests that are not finalized. Tar Pits Mitigation of spamming and other attacks by delaying incoming connections as long as possible. TEMPEST A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment. War Dialing Reconnaissance technique, involving automated, brute force identification of potentially vulnerable modems. Accreditation The managerial approval to operate a system based upon knowledge of risk to operate.

Teardrop A Denial of Service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments. Twisted Pair A simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference. Worldwide Interoperability for Microwave Access (WI-MAX ) A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery. 1029 18 USC - Fraud and Related Activity in Connection with Access Devices.

Certification The technical and risk assessment of a system within the context of the operating environment.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Common Criteria The current internationally accepted set of standards and processes for information security products evaluation and assurance, which joins function and assurance requirements. Data Hiding A software design technique for abstraction of a process. NIDS Usually inspect the header, because the data payload is encrypted in most cases. Internet Architecture Board Committee for internet design, engineering, and management, responsible for the architectural oversight of the IETF. ITSEC The past internationally accepted set of standards and processes for information security products evaluation and assurance, which separates function and assurance requirements. Race Condition Processes carry out their tasks on a shared resource in an incorrect order. Multi-Processor

Covert Channel An unintended communication path.

Embedded Hardware or software that is part of a larger system. Framework Third party processes used to organize the implementation of an architecture. 1024-49151 Registered ports as defined by IANA.

Memory Management A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives. Multi-Processing To execute more than one instruction at an instant in time.

Multi-Programming

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

More than one processor sharing same memory, also known as parallel systems.

Rapid switching back and forth between programs from the computer's perspective and appearing to do more than one thing at a time from the user's perspective.

Multi-Tasking More than one process in the middle of executing at a time.

Preemptive A type of multitasking that allows for more even distribution of computing time among competing request. Protection Memory management technique that allows two processes to run concurrently without interaction. Relocation Memory management technique which allows data to be moved from one memory address to another. Trademarks Protect words, names, product shapes, symbols, colors, or a combination of these, used to identify product a company. Wiretapping A passive attack that eavesdrops on communications, only legal with prior consent or warrant.

Process Isolation A form of data hiding which protects running threads of execution from using each other's memory. Reference Monitor The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement. Ring Protection Implementation of operating system protection mechanism, where more sensitive built upon the layering concept. Virtual Memory Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive. Electronic Vaulting

Security Kernel

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Makes copies of files as they are modified and periodically transmits them to an off-site backup site.

Subset of operating systems components dedicated to protection mechanisms.

Structured Walk-through Representatives from each functional area or department review the plan in it’s entirely. Internal use only Information that can be distribute within the organization but could harm the company if disclosed externally. User Mode (problem or program state) the problems solving state, the opposite of supervisor mode.

State Machine Model Abstract and mathematical in nature, defining all possible states, transitions and operations. Synchronous token Generates a one-time password that is only valid for a short period of time. TCSEC (Orange Book) The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance, which combines function and assurance requirements. TNI (Red Book) The past U.S. military accepted set of standards and processes for network evaluation and assurance, which combines function and assurance requirements. 636 Many implementations run LDAP on SSL on this port.

Threads A unit of execution.

Trusted Computing Base All of the protection mechanism in a computer system.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Alternate Site Location to perform the business function.

Business Continuity Planning (BCP) Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization. Business Continuity Steering Committee A committee of decision makers, business owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization.

Business Continuity Program An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested. Asynchronous Encrypt/Decrypt are processes in queues, key benefit utilization of hardware devices and multiprocessor systems. Business Interruption Insurance Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster. Business Recovery Timeline The chronological sequence of recovery activities, or critical path, which must be followed to resume an acceptable level of operations following a business interruption.

Copyright Protects the expression of an idea, rather than the idea itself.

Digital Signatures Message encrypted is input into the hash function then the hash value is encrypted with the sender's private key. Business Unit Recovery The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster, including personnel, essential records, communication facilities, fax, mail services, etc. Cold Site Recovery alternative, a building only with sufficient power, and HVAC

Checklist Test (desk check) a test that answers the questions: Does the organization have the documentation it needs? Can it be located?

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Discretionary Enables data owners to dictate what subjects have access to the objects they own.

Contingency Plan A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. May use any number of resources (e.e workaround procedures, alternate work area, etc.) Critical Functions Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization. Critical Records Records or documents that, if damaged or destroyed, would cause considerable inconvenience and/or require replacement or recreation at considerable expense. Data Backup Strategies Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives, including timeframes, technologies, offsite storage, and will ensure time objectives can be met. Data Recovery The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.

Crisis A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization's profitability, reputation, or ability to operate. Critical Infrastructure Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization, community, nation, etc. Damage Assessment The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. And determining what can be salvaged or restored and what must be replaced.

Data Backups The backup of system, application, program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

User acceptance of biometric enrollment and Throughput Standards Enrollment times longer than 2 minutes are unacceptable; subjects will typically accept a throughput rate of about six seconds or faster. Access Control Integrity Models Biba and Clark-Wilson

Access Control Confidentiality Models Bell-LaPadula

Bell-Lapdula Bell-LaPadula: model based on the simple security rule which a subject cannot read data at a higher security level (no-read up) and security rule which a subject cannot write information to a lower security level(No write down or *). This model enforces the confidentiality. Used by military and government organization. Integrity star property no write up

Biba Similar to Bell-LaPadula but enforces the integrity star property (no write up) and the simple integrity property (no read down). This model prevents data from other integrity levels to interact. Used by mostly by commercial organizations. Simple integrity property no read down

Clark-Wilson A model that protects integrity, which requires a subject to access data through an application thus separating duties. This model prevents unauthorized users to modify data; it maintains internal/external reliability and prevents authorized users to wrongly modify data. Security Rule Security rule which a subject cannot write information to a lower security level - Bell Lapadula

Simple security rule Subject cannot read data at a higher security level- Bell Lapadula

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Brewer and Nash The Chinese model provides a dynamic access control depending on user's previous actions. This model prevents conflict of interests from members of the same organization to look at information that creates a conflict of another members of that organization. Ex. Lawyers in a law firm with client oppositional. Trusted Computer System Evaluation Criteria (Orange) From the U.S. DoD, it evaluates operating systems, application and systems. It doesn't touch the network part. It gauges the customer as to what their system is rated and provides a set of criteria for the manufacturer guidelines to follow when building a system.

Graham-Denning This model is based on a specific commands that a user can execute to an object.

TSEC Level D D - minimal protection, any systems that fails higher levels Do not meet requirements of higher divisions.

TSEC Level C1, C2 C1, C2 - Discretionary security protection. (1) Discretionary protection (identification, authentication, resource protection). (2)Controlled access protection (object reuse, protect audit trail). (DAC)

TSEC Level B Mandatory protection (security labels) based on Bell-LaPadula security model. (1)Labeled security (process isolation, devices labels). (2) Structured protection (trusted path,covert channel analysis), (3) security domain (trusted recovery,Monitor event and notification). (MAC)

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Countermeasures to spoofing attacks Countermeasures to spoofing attacks include patching the OS and software, enabling source/destination verification on routers, and employing an IDS to detect and block attacks. Replay / Playback Attack It is similar to hijacking. A malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the time stamp and source IP address. Spamming Attack Directing floods of messages to a victim's email inbox or other messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered.

Man in the Middle Attack An attack in which a malicious user is positioned between the two endpoints of a communication's link.

Sniffer attack? Any activity that results in a malicious user obtaining information about a network or the traffic over that network.

What are some countermeasures to common attack methods? Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs, improving security policy, using traffic filters, improving physical access control, using system monitoring/auditing. Presentation Layer Presents Data to the Application Layer in Comprehensible Way i.e Data Conversion, Character Sets such as ASCII, Image Formats such as GIF, JPEG Transport Layer Transport Layer handles packet sequencing, Flow Control and Error Detection. Features include: Resending or Resequencing packets. Using these features is Protocol Implementation Decision. TCP Uses them UDP does not.

Application Layer Where User Interfaces with Computer application Protocols: Telnet, FTP

Session Layer Manages Session which provide maintenance on Connections "Connections Between Applications".

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Network Layer Describes Routing i.e. Moving data from a system on one LAN to system on another.

Data Link Layer Access to Physical Layer Local Area Networking Devices: Switches and Bridges Application Layer (TCP/IP Model) Application (layers 5-7 of OSI) Where User Interfaces with Computer application. Protocols: Telnet, FTP Presents Data to the Application Layer in Comprehensible Way i.e Data Conversion, Character Sets Manages Session which provide maintenance on Connections "Connections Between Applications" Internet (TCP/IP Model) Internet (layer 3 of OSI)

Physical Layer Bits are Converted into Signals Signal Processing Physical Topologies Defined at this layer Devices: Hubs, Repeaters

Host to Host (TCP/IP Model) Transport (layer 4 of OSI), Transport Layer handles packet sequencing, Flow Control and Error Detection. Features include: Resending or Resequencing packets. Using these features is Protocol Implementation Decision. TCP Uses them UDP does not. Link (TCP/IP Model) Link (layers 1 and 2 of OSI). Access to Physical Layer Local Area Networking Devices: Switches and Bridges Access to Physical Layer Local Area Networking Devices: Switches and Bridges

Twisted Pair Cabling - Cat 1 Voice only, Modems and BRI for ISDN

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Twisted Pair Cabling - Cat 2 4 Mbps , Not suitable for most networks; often employed for host- toterminal connections on mainframes. Twisted Pair Cabling - Cat 4 16 Mbps, Primarily used in Token Ring networks Twisted Pair Cabling - Cat 6 155 Mbps, 1000 Base T Ethernet Layer 1 Physical Protocols RJ-11, RJ-45, RS-232, BNC, EIA/TIA - 232, EIA/TIA - 449, X.21, HSSI, SONET, V.24, and V.35 Layer 3 Network Protocols ICMP, RIP, OSPF, BGP, IGMP, IP, IPSec, IPX, NAT, and SKIP Layer 5 Session Protocols NFS, SQL, and RPC

Twisted Pair Cabling - Cat 3 10 Mbps Primarily used in 10Base- T Ethernet networks (offers only 4 Mpbs when used on Token Ring networks). Twisted Pair Cabling - Cat 5 100 Mbps, Used in 100Base- TX, FDDI, and ATM networks Twisted Pair Cabling - Cat 7 1 Gbps, Used on gigabit- speed networks Layer 2 Data Link Protocols SLIP, PPP, ARP, RARP, L2F, L2TP, PPTP, FDDI, and ISDN

Layer 4 Transport Protocols SPX, SSL, TLS, TCP, and UDP Layer 6 Presentation Protocols Encryption protocols and format types, such as ASCII, EBCDIC, TIFF, JPEG, MPEG, and MIDI Continuous Lighting Most common type of lighting. Consists of a series of Fixed Lights arranged to continuously flood an area during hours of limited visibility.

Layer 7 Application Protocols "HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP, SNMP, NNTP, S - RPC, and SET"

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Glare Lighting Uses the Glare of Lights to inhibit an Intruder.

Flood Lighting Lighting which directs light in a particular direction or toward a particular location. Trip Lighting Lighting which is activated by a sensor that detects activity such as movement or heat. Standby Lighting Lighting which is activated when power is lost. Emergency Egress Lighting Lighting which shows the way out and possible hazards along the way.

Best Practice Lighting In Critical Areas, Install lighting at least 8 feet (2.4 meters) above the ground with illumination of 2 Ft. Candles/Lumens. Disadvantage of Trip Lighting Nuisance tripping by Prankster. Can be used as diversion by Attacker. Emergency Exit Lighting Shows the location of the Exit and is always on.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.