CISSP Flash Cards

Data Remanence

Disaster Recovery Planning (DRP)

The remains of partial or even the entire data set of digital information.

Deals with restoring normal business operations after the disaster takes place...works to get the business back to normal.

Maximum tolerable downtime

802.5

The maximum period of time that a critical business function can be inoperative before the company incurs significant and long-lasting damage.

IEEE standard defines the Token Ring media access method.

Recovery Time Objective

Resource Requirements

The balance against the cost of recover and the cost of disruption.

Portion of the BIA that lists the resources that an organization needs in order to continue operating each critical business function.

Checklist

Information Owner

Test is one in which copies of the plan are handed out to each functional area to ensure the plan deal with their needs.

The one person responsible for data, its classification and control setting.

Job Rotation

Differential power analysis

To move from location to location, keeping the same function.

A side-channel attack carry-out on smart cards that examining the power emission release during processing.

Mitigate

Electromagnetic analysis

Defined as real-time monitoring and analysis of network activity and data for potential vulnerabilities and attacks in progress.

A side-channel attack on smart cards that examine the frequencies emitted and timing.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Analysis

Change Control

Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.

Maintaining full control over requests, implementation, traceability, and proper documentation of changes.

Containment

Gateway

Mitigate damage by isolating compromised systems from the network.

Used to connect two networks using dissimilar protocols at different layers of the OSI model.

Isochronous

Detection

Process must within set time constrains, applications are video related where audio and video must match perfectly.

Identification and notification of an unauthorized and/or undesired action.

Electronic Vaulting

Fault Tolerance

Periodic, automatic and transparent backup of data in bulk.

Mitigation of system or component loss or interruption through use of backup capability.

Incremental

Secure HTTP

A backup method use when time and space are a high importance.

Protocol designed to same individual message securely.

Criminal

Class C

Conduct that violates government laws developed to protect society.

Has 256 hosts.

RAID 0

Trade secrets

Creates one large disk by using several disks.

Deemed proprietary to a company and often include information that provides a competitive edge, the information is protected as long the owner takes protective actions.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

X.400

Prevention

Active Directory standard

Controls deployed to avert unauthorized and/or undesired actions.

Redundant Array of Independent Drives (RAID)

Proprietary

A group of hard drives working as one storage unit for the purpose of speed and fault tolerance.

Define the way in which the organization operates.

Classification

Data Integrity

The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.

The property that data meet with a priority expectation of quality and that the data can be relied upon.

Alarm Filtering

Coaxial Cable

The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.

A cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor.

Concentrator

Digital Signature

Layer 1 network device that is used to connect network segments together, but provides no traffic control (a hub).

An asymmetric cryptography mechanism that provides authentication.

Eavesdropping

E-Mail Spoofing

A passive network attack involving monitoring of traffic.

Forgery of the sender's email address in an email header.

Emanations

Fiber Optics

Potentially compromising leakage of electrical or acoustical signals.

Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Fraggle

Hijacking

A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses.

Interception of a communication session by an attacker.

Hub

Injection

Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).

An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.

Interception

IP Address Spoofing

Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless communication, emanations).

Forging of an IP address.

IP Fragmentation

Kerberos

An attack that breaks up malicious code into fragments, in an attempt to elude detection.

A trusted third party authentication protocol.

Incident response

Modification

Team should consist of: management, IT, legal, human resources, public relations, security etc.

A type of attack involving attempted insertion, deletion or altering of data.

Multiplexers

Open Mail Relay Servers

A device that sequentially switches multiple analog inputs to the output.

A mail server that improperly allows inbound SMTP connections for domains it does not serve.

Enticement

Packet Filtering

The legal act of luring an intruder, with intend to monitor their behavior.

A basic level of network access control that is based upon information contained in the IP packet header.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Patch Panels

Private Branch Exchange (PBX)

Provides a physical cross connect point for devices.

A telephone exchange for a specific office or business.

Phishing

Physical Tampering

A social engineering attack that uses spoofed email or websites to persuade people to divulge information.

Unauthorized access of network devices.

Proxies

Repeaters

Mediates communication between un-trusted hosts on behalf of the hosts that it protects.

Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).

Radio Frequency Interference (RFI)

Rogue Access Points

A disturbance that degrades performance of electronic devices and electronic communications.

Unauthorized wireless network access device.

Routers

Satellite

A layer 3 device that used to connect two or more network segments and regulate traffic.

A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.

Sequence Attack

Shielding

An attack involving the hijacking of a TCP session by predicting a sequence number.

Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.

Smurf

Sniffing

A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)

Eavesdropping on network communications by a third party.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Source Routing Exploitation

Spam

A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.

Unsolicited commercial email.

Switches

SYN Flooding

A layer 2 device that used to connect two or more network segments and regulate traffic.

A Denial of Service attack that floods the target system with connection requests that are not finalized.

Tapping

Tar Pits

Eavesdropping on network communications by a third party.

Mitigation of spamming and other attacks by delaying incoming connections as long as possible.

Teardrop

TEMPEST

A Denial of Service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments.

A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.

Twisted Pair

War Dialing

A simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.

Reconnaissance technique, involving automated, brute force identification of potentially vulnerable modems.

Worldwide Interoperability for Microwave Access (WI-MAX )

Accreditation

A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.

The managerial approval to operate a system based upon knowledge of risk to operate.

1029

Certification

18 USC - Fraud and Related Activity in Connection with Access Devices.

The technical and risk assessment of a system within the context of the operating environment.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Common Criteria

Covert Channel

The current internationally accepted set of standards and processes for information security products evaluation and assurance, which joins function and assurance requirements.

An unintended communication path.

Data Hiding

Embedded

A software design technique for abstraction of a process.

Hardware or software that is part of a larger system.

NIDS

Framework

Usually inspect the header, because the data payload is encrypted in most cases.

Third party processes used to organize the implementation of an architecture.

Internet Architecture Board

1024-49151

Committee for internet design, engineering, and management, responsible for the architectural oversight of the IETF.

Registered ports as defined by IANA.

ITSEC

Memory Management

The past internationally accepted set of standards and processes for information security products evaluation and assurance, which separates function and assurance requirements.

A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives.

Race Condition

Multi-Processing

Processes carry out their tasks on a shared resource in an incorrect order.

To execute more than one instruction at an instant in time.

Multi-Processor

Multi-Programming

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

More than one processor sharing same memory, also known as parallel systems.

Rapid switching back and forth between programs from the computer's perspective and appearing to do more than one thing at a time from the user's perspective.

Multi-Tasking

Preemptive

More than one process in the middle of executing at a time.

A type of multitasking that allows for more even distribution of computing time among competing request.

Process Isolation

Protection

A form of data hiding which protects running threads of execution from using each other's memory.

Memory management technique that allows two processes to run concurrently without interaction.

Reference Monitor

Relocation

The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.

Memory management technique which allows data to be moved from one memory address to another.

Ring Protection

Trademarks

Implementation of operating system protection mechanism, where more sensitive built upon the layering concept.

Protect words, names, product shapes, symbols, colors, or a combination of these, used to identify product a company.

Virtual Memory

Wiretapping

Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive.

A passive attack that eavesdrops on communications, only legal with prior consent or warrant.

Electronic Vaulting

Security Kernel

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Makes copies of files as they are modified and periodically transmits them to an off-site backup site.

Subset of operating systems components dedicated to protection mechanisms.

Structured Walk-through

State Machine Model

Representatives from each functional area or department review the plan in it’s entirely.

Abstract and mathematical in nature, defining all possible states, transitions and operations.

Internal use only

Synchronous token

Information that can be distribute within the organization but could harm the company if disclosed externally.

Generates a one-time password that is only valid for a short period of time.

User Mode

TCSEC (Orange Book)

(problem or program state) the problems solving state, the opposite of supervisor mode.

The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance, which combines function and assurance requirements.

Threads

TNI (Red Book)

A unit of execution.

The past U.S. military accepted set of standards and processes for network evaluation and assurance, which combines function and assurance requirements.

Trusted Computing Base

636

All of the protection mechanism in a computer system.

Many implementations run LDAP on SSL on this port.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Alternate Site

Business Continuity Planning (BCP)

Location to perform the business function.

Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization.

Business Continuity Program

Business Continuity Steering Committee

An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested.

A committee of decision makers, business owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization.

Asynchronous

Copyright

Encrypt/Decrypt are processes in queues, key benefit utilization of hardware devices and multiprocessor systems.

Protects the expression of an idea, rather than the idea itself.

Business Interruption Insurance

Digital Signatures

Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.

Message encrypted is input into the hash function then the hash value is encrypted with the sender's private key.

Business Recovery Timeline

Business Unit Recovery

The chronological sequence of recovery activities, or critical path, which must be followed to resume an acceptable level of operations following a business interruption.

The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster, including personnel, essential records, communication facilities, fax, mail services, etc.

Checklist Test

Cold Site

(desk check) a test that answers the questions: Does the organization have the documentation it needs? Can it be located?

Recovery alternative, a building only with sufficient power, and HVAC

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Discretionary

Contingency Plan

Enables data owners to dictate what subjects have access to the objects they own.

A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. May use any number of resources (e.e workaround procedures, alternate work area, etc.)

Crisis

Critical Functions

A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization's profitability, reputation, or ability to operate.

Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.

Critical Infrastructure

Critical Records

Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization, community, nation, etc.

Records or documents that, if damaged or destroyed, would cause considerable inconvenience and/or require replacement or recreation at considerable expense.

Damage Assessment

Data Backup Strategies

The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. And determining what can be salvaged or restored and what must be replaced.

Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives, including timeframes, technologies, offsite storage, and will ensure time objectives can be met.

Data Backups

Data Recovery

The backup of system, application, program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.

The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

User acceptance of biometric enrollment and Throughput Standards

Access Control Confidentiality Models

Enrollment times longer than 2 minutes are unacceptable; subjects will typically accept a throughput rate of about six seconds or faster.

Bell-LaPadula

Access Control Integrity Models

Bell-Lapdula

Biba and Clark-Wilson

Bell-LaPadula: model based on the simple security rule which a subject cannot read data at a higher security level (no-read up) and security rule which a subject cannot write information to a lower security level(No write down or *). This model enforces the confidentiality. Used by military and government organization.

Biba

Integrity star property

Similar to Bell-LaPadula but enforces the integrity star property (no write up) and the simple integrity property (no read down). This model prevents data from other integrity levels to interact. Used by mostly by commercial organizations.

no write up

Simple integrity property

Clark-Wilson

no read down

A model that protects integrity, which requires a subject to access data through an application thus separating duties. This model prevents unauthorized users to modify data; it maintains internal/external reliability and prevents authorized users to wrongly modify data.

Simple security rule

Security Rule

Subject cannot read data at a higher security level- Bell Lapadula

Security rule which a subject cannot write information to a lower security level - Bell Lapadula

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Brewer and Nash

Graham-Denning

The Chinese model provides a dynamic access control depending on user's previous actions. This model prevents conflict of interests from members of the same organization to look at information that creates a conflict of another members of that organization. Ex. Lawyers in a law firm with client oppositional.

This model is based on a specific commands that a user can execute to an object.

Trusted Computer System Evaluation Criteria

TSEC Level D

(Orange) From the U.S. DoD, it evaluates operating systems, application and systems. It doesn't touch the network part. It gauges the customer as to what their system is rated and provides a set of criteria for the manufacturer guidelines to follow when building a system.

D - minimal protection, any systems that fails higher levels Do not meet requirements of higher divisions.

TSEC Level C1, C2

TSEC Level B

C1, C2 - Discretionary security protection. (1) Discretionary protection (identification, authentication, resource protection). (2)Controlled access protection (object reuse, protect audit trail). (DAC)

Mandatory protection (security labels) based on Bell-LaPadula security model. (1)Labeled security (process isolation, devices labels). (2) Structured protection (trusted path,covert channel analysis), (3) security domain (trusted recovery,Monitor event and notification). (MAC)

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Countermeasures to spoofing attacks

Man in the Middle Attack

Countermeasures to spoofing attacks include patching the OS and software, enabling source/destination verification on routers, and employing an IDS to detect and block attacks.

An attack in which a malicious user is positioned between the two endpoints of a communication's link.

Replay / Playback Attack

Sniffer attack?

It is similar to hijacking. A malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the time stamp and source IP address.

Any activity that results in a malicious user obtaining information about a network or the traffic over that network.

Spamming Attack

What are some countermeasures to common attack methods?

Directing floods of messages to a victim's email inbox or other messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered.

Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs, improving security policy, using traffic filters, improving physical access control, using system monitoring/auditing.

Application Layer

Presentation Layer

Where User Interfaces with Computer application Protocols: Telnet, FTP

Presents Data to the Application Layer in Comprehensible Way i.e Data Conversion, Character Sets such as ASCII, Image Formats such as GIF, JPEG

Session Layer

Transport Layer

Manages Session which provide maintenance on Connections "Connections Between Applications".

Transport Layer handles packet sequencing, Flow Control and Error Detection. Features include: Resending or Resequencing packets. Using these features is Protocol Implementation Decision. TCP Uses them UDP does not.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Network Layer

Data Link Layer

Describes Routing i.e. Moving data from a system on one LAN to system on another.

Access to Physical Layer Local Area Networking Devices: Switches and Bridges

Physical Layer

Application Layer (TCP/IP Model) Application (layers 5-7 of OSI)

Bits are Converted into Signals Signal Processing Physical Topologies Defined at this layer Devices: Hubs, Repeaters

Where User Interfaces with Computer application. Protocols: Telnet, FTP Presents Data to the Application Layer in Comprehensible Way i.e Data Conversion, Character Sets Manages Session which provide maintenance on Connections "Connections Between Applications"

Host to Host (TCP/IP Model)

Internet (TCP/IP Model)

Transport (layer 4 of OSI), Transport Layer handles packet sequencing, Flow Control and Error Detection. Features include: Resending or Resequencing packets. Using these features is Protocol Implementation Decision. TCP Uses them UDP does not.

Internet (layer 3 of OSI)

Link (TCP/IP Model)

Twisted Pair Cabling - Cat 1

Link (layers 1 and 2 of OSI). Access to Physical Layer Local Area Networking Devices: Switches and Bridges Access to Physical Layer Local Area Networking Devices: Switches and Bridges

Voice only, Modems and BRI for ISDN

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Twisted Pair Cabling - Cat 2

Twisted Pair Cabling - Cat 3

4 Mbps , Not suitable for most networks; often employed for host- toterminal connections on mainframes.

10 Mbps Primarily used in 10Base- T Ethernet networks (offers only 4 Mpbs when used on Token Ring networks).

Twisted Pair Cabling - Cat 4

Twisted Pair Cabling - Cat 5

16 Mbps, Primarily used in Token Ring networks

100 Mbps, Used in 100Base- TX, FDDI, and ATM networks

Twisted Pair Cabling - Cat 6

Twisted Pair Cabling - Cat 7

155 Mbps, 1000 Base T Ethernet

1 Gbps, Used on gigabit- speed networks

Layer 1 Physical Protocols

Layer 2 Data Link Protocols

RJ-11, RJ-45, RS-232, BNC, EIA/TIA - 232, EIA/TIA - 449, X.21, HSSI, SONET, V.24, and V.35

SLIP, PPP, ARP, RARP, L2F, L2TP, PPTP, FDDI, and ISDN

Layer 3 Network Protocols

Layer 4 Transport Protocols

ICMP, RIP, OSPF, BGP, IGMP, IP, IPSec, IPX, NAT, and SKIP

SPX, SSL, TLS, TCP, and UDP

Layer 5 Session Protocols

Layer 6 Presentation Protocols

NFS, SQL, and RPC

Encryption protocols and format types, such as ASCII, EBCDIC, TIFF, JPEG, MPEG, and MIDI

Layer 7 Application Protocols

Continuous Lighting

"HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP, SNMP, NNTP, S - RPC, and SET"

Most common type of lighting. Consists of a series of Fixed Lights arranged to continuously flood an area during hours of limited visibility.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Glare Lighting

Flood Lighting

Uses the Glare of Lights to inhibit an Intruder.

Lighting which directs light in a particular direction or toward a particular location.

Best Practice Lighting

Trip Lighting

In Critical Areas, Install lighting at least 8 feet (2.4 meters) above the ground with illumination of 2 Ft. Candles/Lumens.

Lighting which is activated by a sensor that detects activity such as movement or heat.

Disadvantage of Trip Lighting

Standby Lighting

Nuisance tripping by Prankster. Can be used as diversion by Attacker.

Lighting which is activated when power is lost.

Emergency Exit Lighting

Emergency Egress Lighting

Shows the location of the Exit and is always on.

Lighting which shows the way out and possible hazards along the way.

This work by Steven M. Swafford is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.