"relationship between preventive, detective, and corrective controls such that P > D + C"
employ multiple layers of controls in order to avoid having a single point of failure
verify the identity of the individual
"any combo of the three basic authentication methods (know, have, biometrics)"
restricts access of authenticated users to specific portions of system
access control matrix
table specifying which portions of the system users are permitted to access
matches the user's authentication credentials against the access control matrix
deception to obtain unauthorized access to infomration resources
connects information system to the internet - lets in all traffic that is not obviously false.
filters which information is allowed to enter and leave the organizations information system - only lets in traffic that is explicitly valid.
(DMZ) demilitarized zone
separate network that permits controlled access from the internet to selected resources.
(TCP) Transmission control protocol
specifies the procedures for dividing files and documents into packets
(IP) internet protocol
specifies the structure of those packets and how to route them to the proper destination
reads destination address fields in IP packet headers and sends the packet on towards its destination
(ACL)access control list
determines which packets are allowed entry and which packets are not
static packet filtering
screens IP packets based on source/destination fields in IP packet header. Basically it is a blacklist established by a certain set of criteria.
stateful packet filtering
Done by the firewall and has an approved list of established connections between org. and internet. Only lets these people in. A VIP list.
deep packet inspection
Packets are opened inspected internally instead of only being examined by header. (central tool of IPS)
intrusion prevention systems (IPS)
"System that drops packets that are part of an attack. Looks for signatures, patterns of attacks, normal traffic profiling, and packet standars to prevent unwanted packets from being routed to system. " Mainly uses deep packet filtering.
remote authentication dial-in user service
Dial in users connect to a remote server and submit there log-in connection.
dial-in user service (RADIUS)
"Dial-users connect to a Remote Access Server and enter in ther log-in credentials, this information is then passed to the RADIUS Server which preforms tests to verify the identity of the user."
dialing every number associated with the business to see if they are attached to a modem.
"Workstations, printers, mobile devices, ect, server..."
Errors or bugs in code that allow outside parties to gain a measure of control over the system.
The process of turning off unnecessary features to reduce potential security threats
The process of turning normal text into unreadable gibberish called cyphertext using an encryption key and an encryption algorythmn
Normal readable text
Total gibberish created by encryption
The process of turning cyphertext into plaintext using the encryption key and a decryption algorythmn
"process by which involves making copies of all encryption keys used by employees and storing them securely. less desirable because now the company has protect the real keys, and the copies of those keys. "
symmetic encryption systems
Same key is used to encrypt and decrypt
asymmetric encryption systems
Public Key and Private Key are used. The public is made available to everyone and the private is kept secret and known only to the owner of the pair of keys. Either one can be used to encrypt but the only the other can decrypt the cyphertext
Widely distributed key
key that is kept secret and only known to the owner of the pair of keys.
" a process that takes plaintext of any length and transforms it into a short code called hash. Ex.. SHA 256 takes plaintext and turns it into a 256 bit hash, no matter how big the file is. No way to convert this back to plaintext. "
short code that is generated by hashing
information encrypted by the creator's private key
An electronic document created and digitally signed by a trusted third party that certifies the identity of the owner of a public key.
(PKI) public key infastructure
the system and processes used to issue and manage asymmetric keys and digital certificates
the organization that issues the keys and record the public key in a digital certificate
cursive style imprint of a person's name that is applied to an electronic document. Provided by a third party company and is a valid legal signature.
Process of examining logs to monitor security
intrusion detection systems (IDS)
creates logs of network traffic and analyzes for signs of intrusion.
use automated tools to identify whether a given system possesses any well-known vulnerabilities.
an authorized attempt to break into an information system.
computer emergency response team (CERT)
a team composed of IT professionals and senior management who deal with major incidents.
a set of instructions for taking advantage of a vulnerability.
code released by the software company that fixes a particular vulnerability.
the process of regularly applying patches and updates to all software used by the organization.
"One to Rule to All" Basically it is a master key that can be used to decrypt anything that was encrypted by the system.