_________carries the lifeblood of information through an organization.
A(n) __________ information security policy outlines the implementation of a security program within the organization
The senior technology officer is typically the chief __________ officer
In an organization, the value of _____________ of information is especially high when it involves personal information about employees, customers, or patients.
The _____________of information is the quality or state of ownership or control of some object or item
The timing attack explores the contents of a Web browser's _______
buffer-overrun or buffer-overflow
A(n) _____-________ or _____-_______ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.
The expert hacker sometimes is called elite hacker.
A momentary low voltage is called a(n) _____
When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting industrial _________
A famous study entitled "Protection Analysis: Final Report" was published in ______
________ was the first operating system to integrate security as its core functions
___________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a _____ value
During the ________ ________ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design
systems development life cycle
The most successful kind of top-down approach involves a formal development strategy referred to as a ________ _______ _______ _______
Organizations are moving toward more _______-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.
The ______ is a methodology for the design and implementation of an information system in an organization
The _________ model consists of six general phases
People with the primary responsibility for administering the systems that house the information used by the organization perform the ________ __________ role.
Is Happy99.exe an example of a Trojan horse program?
"4-1-9" fraud is an example of a _______ ________ attack.
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4.0, the browser will crash.
________ _______ are software programs that hide their true nature, and reveal their designed behavior only when activated
Complete loss of power for a moment is known as a _______
One form of online vandalism is ________operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
________ is any technology that aids in gathering information about a person or organization without their knowledge
A _______ _____ __ _______ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
In a ________-___-_______ attack, the attacker sends a large number of connection or information requests to a target.
A(n) _____ desk policy requires that employees secure all information in appropriate storage containers at the end of each day.
All information that has been approved by management for public release has a(n) _________ classification.
You can assess the relative risk for each of the vulnerabilities by a process called risk __________.
Security ____________ are the technical implementations of the policies defined by the organization.
Operational ___________ analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
The architecture of a(n) _______ ________ firewall provides a DMZ
.The ___________ authentication system is named after the three-headed dog of Greek mythology, that guards the gates to the underworld.
The _________ packet-filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall.
The circuit gateway firewall operates at the_______ layer.
______ firewalls combine the elements of other types of firewalls — that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.
The military uses a ____-level classification scheme
In the U.S. military classification scheme, __________ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
_____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
The ___________security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.
The ________ security policy is a planning document that outlines the process of implementing security in the organization.
The _______ ________strategy attempts to prevent the exploitation of the vulnerability.
The ________ ________strategy attempts to shift risk to other assets, other processes, or other organizations
___ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.
The ________ _______strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
standard of due care
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) _________ __ ____ _______
1. IP source and destination address 2.Direction (inbound or outbound) 3.TCP or UDP source and destination port request are all restrictions most commonly implemented in ______-_______ firewalls
______ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.
_______ inspection firewalls keep track of each network connection between internal and external systems.
The proxy server is often placed in an unsecured area of the network or is placed in the _____________ zone.
______ is the protocol for handling TCP traffic through a proxy server.
Telnet protocol packets usually go to TCP port ___.
rating and filtering
In most common implementation models, the content filter has two components:
____________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.
TACACS, Extended TACACS, and TACACS+
Which of the following is a valid version of TACACS? _________,________ ___________ and __________.
In ___________ mode, the data within an IP packet is encrypted, but the header information is not.
Alarm _________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm
The initial estimation of the defensive state of an organization's networks and systems is called doorknob ________.
A signature-based IDPS is sometimes called a(n) _________-based IDPS.
In _________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.
A(n) ______ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
False Attack Stimulus
________ __________ __________ is an event that triggers an alarm when no actual attack is in progress.
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.
Most NBA sensors can be deployed in _______ mode only, using the same connection methods as network-based IDPSs.
______ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall
___________ are decoy systems designed to lure potential attackers away from critical systems.
Trap and trace
______ ____ _______ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
A(n) __________ is a proposed systems user.
___________ is the action of luring an individual into committing a crime to get a conviction.
Biometric access control
_________ _______ __________ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.
The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate.
A message ________ is a fingerprint of the author's message that is compared with the recipient's locally calculated hash of the same message.
To ________ means to encrypt, encode, or convert plaintext into the equivalent ciphertext.
The successor to 3DES is the __________Encryption Standard.
Digital ___________ are public-key container files that allow computer programs to validate the key and identify to whom it belongs.
_________ is the entire range of values that can possibly be used to construct an individual key
More advanced substitution ciphers use two or more alphabets, and are referred to as ______________ substitutions.
______ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
A ______ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
_____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.Digital Certificates.
________ ___________ are encrypted messages that can be mathematically proven to be authentic.
An X.509 v3 certificate binds a _____________ name , which uniquely identifies a certificate entity, to a user's public key.
_____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding.
The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
__________ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.
In information security, ________theft occurs when an employee steals a few pieces of information at a time, knowing that taking more would be noticed — but eventually the employee gets something complete or useable.
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a ____________ approach.
A _______ can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected
_____ attacks can be launched against routers.
One form of e-mail attack that is also a DoS is called a ______ _______, in which an attacker routes large quantities of connection or information to the target.
A(n) ________ can allow an attacker to collect information on how to access password-protected sites
______ __________ means identifying, examining, and understanding the information and systems currently in place within the organization.
You should adopt __________ standards that do not convey information to potential system attackers.
____________ means that an information asset should fit in only one category
____________ means that an information asset should fit in the list somewhere
__________ are activities performed within the organization to improve security
One method of protecting the residential user is to install a __________ firewall directly on the user's system
The DMZ can be a dedicated port on the firewall device linking a single _______ host
Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of _____________ rules.
Firewall Rule Set __ states that responses to internal requests are allowed.
Some ________ can filter packets by protocol name.
A ________ ________ firewall keeps track of each network connection between internal and external systems
A _________ ___________ the state and contect of each packet by recording which station sent the packet and when.
The Application Gateway,Application-level firewall or simply the Application firewall is most commonly called a ________ __________.
A ________ _________ is when the IDPS system mistakes normal system activity for an attack.
A _______ is not optimized to detect multihost scanning, nor it is able to detect the scanning of non-host network devices, such as routers or switches
Your organization's operational goals, constraints, and culture affect the selection of the _____and other security tools and technologies to protect your systems.
Intrusion detection and prevention systems
___________ ___________ and _________ __________ perform monitoring and analysis of system events and user behaviors.
A ________ can be used to eavesdrop on network traffic.
You can combine the____ operation with a block cipher operation
_________ functions don't require the use of keys.
DES uses a ____-bit key
encapsulating security payload protocol
The __________ __________ ________ _________ provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.
Confidenciallity,Integrity and Availability
What does CIA stand for?
Layers os security:Physical, Personal, Operational, Communication,Network and Informational security.
What does P.P.O.C.N.I represent?
A robot Network
What is a Botnet?
Commitee on National Security Systems
What does CNSS stand for?
The biggest security risks are from_______.
____________ was the first internet Browser.
An ________ is the Organizational resource being protected.
____________ is a technique used to compromise a system.
______ is a single instance of an information asset suffering damage
__________ is a condition or state of being vulnerable to an attacker.
______ is the probability that something unwanted will happen.
A ______ is a category or objects, persons,or other entities that presents a danger to an asset.
A _______ _______ is a specific instance or a component of a threat.
Computer Security Institute
What does CSI stand for?
Malicious code attack
includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information.
transmission of a virus hoax with a real virus attached; more devious form of attack
Back door attacks
gaining access to system or network using known or previously unknown/newly discovered access mechanism.
attempting to reverse calculate a password.
Brute force attack
trying every possible combination of options of a password.
selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses
attacker sends large number of connection or information requests to a target.
Distributed denial-of-service attack
coordinated stream of requests is launched against target from many locations simultaneously.
technique used to gain unauthorized access; intruder assumes a trusted IP address
attacker monitors network packets, modifies them, and inserts them back into network
unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks.
also a DoS; attacker routes large quantities of e-mail to target.
program or device that monitors data traveling over network
an attempt to gain personal/financial information from individual
redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information.
using social skills to convince people to reveal access credentials
relatively new; works by exploring contents of a Web browser's cache to create malicious cookie.
Hackers of limited skill using expert software to attack.
Script Kitty's using automated exploits to engage in distributed Dos attacks
process of identifying and controlling risks facing an organization. It involves identifying, classifying, and prioritizing an organization's assets.
process of examining an organization's current information technology security situation
applying controls to reduce risks to an organization's data and information systems
Determines the extent to which an organization's information assests are exposed or at risk.
final risk assessment
A ______ _______ __________ worksheet shows asset, asset impact, vulnerability, vulnerability likelihood, and risk-rating factor
Information asset classification worksheet
A __________ _______ _________ worksheet assembles information about information assets and their impact.
Weighted criteria analysis
A ___________ ________ ________ worksheet assigns ranked value or impact weight to each information asset.
Ranked vulnerability risk
A ________ ___________ _____ worksheet assigns ranked value of risk rating for each uncontrolled asset-vulnerability pair.
Defend risk control strategy
A control strategy that attempts to prevent exploitation of the vulnerability
Tranfer risk control strategy
A control strategy that attempts to shift risk to other assets, processes, or organizations
Mitigate risk control strategy
A control strategy that attempts to reduce impact of vulnerability exploitation through planning and preparation
Accept risk control strategy
A control strategy that attempts to do nothing to protect a vulnerability and accepting the outcome of its exploitation
Terminate risk control strategy
A control strategy that directs the organization to avoid those business activities that introduce uncontrollable risks
Annualized loss expectancy
What does ALE stand for?
Single loss expectancy
What does SLE stand for?
annualized rate of occurrence
What does ARO stand for?
SLE = asset value × exposure factor (EF)
What is the equation for Expected loss per risk ?
CBA = ALE(prior) - ALE(post) - ACS
What is the equation for the Cost Benefit Analysis (CBA) Formula
It is annualized loss expectancy of risk before implementation of control
What is the ALE (prior)?
It is estimated ALE based on control being in place for a period of time
What is the ALE (post)?
Annualized Cost of the Safeguard
What is the ACS?
Using actual values or estimates is known as __________ ____________.
_______________ ____________ is using evaluation process based on characteristics using nonnumerical measures
Utilizing _______ rather than specific estimates relieves organization from difficulty of determining exact values
Benchmarking and Best Practices
An alternative approach to risk management is ______________ and _________ _____________.
_______________ is a process of seeking out and studying practices in other organizations that one's own organization desires to duplicate
Metrics-based measures and Process-based measures
________ and ______based measures are two measures typically used to compare practices:
Best business practices
_______ _________ __________ are security efforts that provide a superior level of information protection
__________ is the analysis of measures against established standards
A ___________ feasability study examines how well proposed IS alternatives will contribute to organization's efficiency, effectiveness, and overall operation
A ___________ feasability study examines user and management acceptance and support, and the overall requirements of the organization's stakeholders
A ___________ feasability study examines if organization has or can acquire the technology necessary to implement and support the control alternatives
A ___________ feasability study defines what can/cannot occur based on consensus and relationships
level of risk
Organization must define the _____ __ ____ it can live with.
_________risk that has not been completely removed, shifted, or planned for.
________ ________ is a method by which systems determine whether and how to admit a user into a trusted area of the organization
_____use data classification schemes
_____-_____________ ________ are strictly-enforced versions of MACs that are managed by a central authority
A ________ is an entity that seeks a resource
___________ is the process of validating a supplicant's purported identity
_____________ is the matching of an authenticated entity to a list of information assets and corresponding access levels
_____________ensures that all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity
Packet filtering firewalls
_________ __________ ___________ examine header information of data packets
_______ __________ firewalls require that filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed
________ _________firewalls allow the firewall to react to emergent event and update or create rules to deal with event
_________ ________firewalls keep track of each network connection between internal and external systems using a state table
An _________ __________ is frequently installed on a dedicated computer; also known as a proxy server
___________ ___________can be implemented behind the proxy server, further protecting internal systems
A _______ ________firewall ,like filtering firewalls, do not usually look at data traffic flowing between two networks, but prevent direct connections between one network and another using tunnels to direct specific traffic.
MAC layer firewalls
_________ __________ firewalls use MAC addresses of specific host computers are linked to access control list (ACL) entries that identify specific types of packets that can be sent to each host; all other traffic is blocked
An ___________ ________ protects Appl,Presentation and Session layers of ISO
A ___________ ________protects Transport layer of ISO
_________ ________ protects Network layer of ISO
MAC layer Firewall
A ________ ________ ________ protects the Data-Link layer of ISO
Combine elements of other types of firewalls
_______ generation Firewalls are static packet filtering firewalls
_______ generation Firewalls are application-level firewalls or proxy servers
_______ generation Firewalls are stateful inspection firewalls
_______ generation Firewalls are dynamic packet filtering firewalls; allow only packets with particular source, destination, and port addresses to enter
_______ generation Firewalls are kernel proxies; specialized form working under kernel of Windows NT
Screened host firewall
A ________ ________ ___________combines packet filtering router with separate, dedicated firewall
bastion (also known as a sacrificial host)
Separate host is often referred to as __________.
Dual-homed host firewall
______-________ _____ firewall is a Bastion host contains two network interface cards one connected to external network, one connected to internal network
Screened subnet firewall
A _________ ________ firewall consists of two or more internal bastion hosts behind packet filtering router, with each host protecting trusted network
Attacker can use device called a ____ ______ to locate connection points
__________ is an emerging alternative derived from RADIUS
Secure European System for Applications in a Multivendor Environment (SESAME) is similar to Kerberos
What does Sesame stand for?
when an attacker attempts to gain entry into or disrupt the normal operations of an information system, almost always with the intent to do harm
NIDPS signature matching
detects an attack by using special implementation of TCP/IP stack , looks for invalid data packets
decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves
collection of honeypots connecting several honey pot systems on a subnet
A _________ ______ is a honeypot that has been protected so it cannot be easily compromised such as with traditional IDPS's
Trap and Trace
Use combination of techniques to detect an intrusion and trace it back to its source
Tools used by both attackers and defenders to identify computers active on a network
Active and Passive vulnerability scanners
2 types of Vulnerability Scanners are?
An _______ detects violation of its configuration and activates alarm
Centralized Control strategy
The _________ ________ ________is when all IDPS control functions are implemented and managed in a central location
Fully distributed Control strategy
The _________ ________ ________ _______is when all control functions are applied at the physical location of each IDPS component
Partially distributed Control strategy
The _________ ________ ________ _______is when combines Centralized & Fully distributed control strategies.
_____________ is the process of attracting attention to system by placing tantalizing bits of information in key locations Enticement is legal and ethical, entrapment is not
___________ is the action of luring an individual into committing a crime to get a conviction
_________ is the organized research of Internet addresses owned or controlled by a target organization
_____________ is a systematic survey of all of target organization's Internet addresses collected during the footprinting phase
________ _________ scanners scan networks for highly detailed information; initiate traffic to determine holes
_________ __________ scanners listen in on network and determine vulnerable versions of both server and client software
process of making and using codes to secure transmission of information
process of obtaining original message from encrypted message without knowing algorithms
converting original message into a form unreadable by unauthorized individuals
the process of converting the ciphertext message back into plaintext
bit stream or block cipher method
Plaintext can be encrypted through ___ _________ or ________ _______ method
each plaintext bit transformed into cipher bit one bit at a time
message divided into blocks (e.g., sets of 8- or 16-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key
Substitute one value for another
uses only one alphabet
Simple Polyalphabetic substitution
more advanced; uses two or more alphabets
advanced cipher type that uses simple polyalphabetic code; made up of 26 distinct cipher alphabets
Rearranges values within a block to create ciphertext
Uses set of characters once per encryption process
Book or Running Key Cipher
Uses text in book as key to decrypt a message
Mathematical algorithms that generate message summary/digest to confirm message identity and confirm no content has changed
Uses same "secret key" to encipher and decipher message
Data Encryption Standard -DES
one of most popular symmetric encryption cryptosystems - 64-bit block size; 56-bit key
Triple DES - 3DES
created to provide security far beyond DES
Advanced Encryption Standard (AES):
developed to replace both DES and 3DES
Also known as public-key encryption - Uses two different but related keys, RSA algorithm
For cryptosystems, security of encrypted data is not dependent on keeping encrypting ________ secret
Secure Hash Standard as defined by NIST
What is SHS?
Integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely
The encrypted message from plaintext
A series of encryptions and Decryptions between a number of systems.
The hidding of Messages i.e. within a picture or graphic ,Wav. mps
the amount of effort (usually hours) to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are known
A substitution cipher that shifts each letter to the right by 3 letters.
Transposion Cipher or permutation Cipher
simply rearranges the values within a block to create the ciphertext.
public functions that create a hash value or message digest
a fingerprint of the authors message that is compared with the recipients locally calculated hash of the same message.
Message authentication Code
a key dependent one way hash function that allows only specific recipients the access the message digest.