Time-based model of security
"relationship between preventive, detective, and corrective controls such that P > D + C"
employ multiple layers of controls in order to avoid having a single point of failure
"any combo of the three basic authentication methods (know, have, biometrics)"
connects information system to the internet - lets in all traffic that is not obviously false.
filters which information is allowed to enter and leave the organizations information system - only lets in traffic that is explicitly valid.
(DMZ) demilitarized zone
separate network that permits controlled access from the internet to selected resources.
(TCP) Transmission control protocol
specifies the procedures for dividing files and documents into packets
(IP) internet protocol
specifies the structure of those packets and how to route them to the proper destination
reads destination address fields in IP packet headers and sends the packet on towards its destination
static packet filtering
screens IP packets based on source/destination fields in IP packet header. Basically it is a blacklist established by a certain set of criteria.
stateful packet filtering
Done by the firewall and has an approved list of established connections between org. and internet. Only lets these people in. A VIP list.
deep packet inspection
Packets are opened inspected internally instead of only being examined by header. (central tool of IPS)
intrusion prevention systems (IPS)
"System that drops packets that are part of an attack. Looks for signatures, patterns of attacks, normal traffic profiling, and packet standars to prevent unwanted packets from being routed to system. " Mainly uses deep packet filtering.
remote authentication dial-in user service
Dial in users connect to a remote server and submit there log-in connection.
dial-in user service (RADIUS)
"Dial-users connect to a Remote Access Server and enter in ther log-in credentials, this information is then passed to the RADIUS Server which preforms tests to verify the identity of the user."
dialing every number associated with the business to see if they are attached to a modem.
Errors or bugs in code that allow outside parties to gain a measure of control over the system.
The process of turning normal text into unreadable gibberish called cyphertext using an encryption key and an encryption algorythmn
The process of turning cyphertext into plaintext using the encryption key and a decryption algorythmn
"process by which involves making copies of all encryption keys used by employees and storing them securely. less desirable because now the company has protect the real keys, and the copies of those keys. "
asymmetric encryption systems
Public Key and Private Key are used. The public is made available to everyone and the private is kept secret and known only to the owner of the pair of keys. Either one can be used to encrypt but the only the other can decrypt the cyphertext
" a process that takes plaintext of any length and transforms it into a short code called hash. Ex.. SHA 256 takes plaintext and turns it into a 256 bit hash, no matter how big the file is. No way to convert this back to plaintext. "
An electronic document created and digitally signed by a trusted third party that certifies the identity of the owner of a public key.
(PKI) public key infastructure
the system and processes used to issue and manage asymmetric keys and digital certificates
the organization that issues the keys and record the public key in a digital certificate
cursive style imprint of a person's name that is applied to an electronic document. Provided by a third party company and is a valid legal signature.
intrusion detection systems (IDS)
creates logs of network traffic and analyzes for signs of intrusion.
use automated tools to identify whether a given system possesses any well-known vulnerabilities.
computer emergency response team (CERT)
a team composed of IT professionals and senior management who deal with major incidents.
the process of regularly applying patches and updates to all software used by the organization.