Upgrade to remove ads
CompTIA Advanced Security Practitioner CAS-002
Terms in this set (42)
Systems Development Life Cycle (SDLC) Steps
SDLC - Requirements
Define the purpose of the project and what customer needs have to be met. Distill the customer needs into a set of testable system requirements, including security controls.
SDLC - Feasibility
Determine whether sufficient resources are available to develop software meeting the customer's requirements.
SDLC - Design
Develop a design specification and verify that it addresses all requirements.
SDLC - Development
Write code, verify that it conforms to the design specification, and test it to validate that it meets all system requirements.
SDLC - Implementation
Installation by the customer, final user testing, and placing software into operation.
SDLC - Postimplementation
Formal review to evaluate the adequacy of the system. A cost-benefit analysis and review can be performed to determine the value of the project and to improve future projects.
SDLC - Maintenance
Feature enhancements in response to user experience, and security patches in response to emerging threats, with full regression testing of all software changes before they are released.
Trusted Computer System Evaluation Criteria
One of the original testing criteria
AKA Orange Book
Verified Protection - A-rated
Mandatory Security - B-rated
Discretionary Protection - C-rated
Minimal Protection - D-rated
Examines CIA of an entire system.
Contains 10 functionality classes and 7 assurance classes.
Created by International Standards Organization
8 levels of assurance
Methodically checked and tested
Methodically designed, tested, and reviewed
Semi-formally designed and tested
Semi-formally verified, designed, and tested
Formally verified, designed, and tested
Trusted Operating System
Defined as one that has implemented sufficient controls to support multilevel security.
Basic Attributes of TOS
Long-Term Protected Storage
Separation of User Processes from Supervisor Processes
Used by the Department of Defense
Defined by the following:
Simple Security - no read up
Star Security - no write down
Addresses concerns of integrity.
Availability and confidentiality are not examined.
Focuses on external threats.
Intended to be used for commercial activities.
Controls internal consistency of the system, and was developed to ensure that data can only be manipulated in ways that protect consistency.
Dictates that separation of duties must be enforced, subjects must access data through an application, and auditing is required.
Brewer and Nash
"The Chinese Wall"
Prevents conflicts of interest.
Users working on one side of the wall cannot see data on the other side of the wall.
This approach focuses on common vectors used to launch an attack.
Examples include disabling autorun on USB thumb drives, disabling USB ports, and removing CD/DVD burners.
Focuses on layering controls on top of the data.
Examples include information controls, application controls, host controls, and network controls.
Specifies that some areas are of greater importance than others.
Controls may include VPNs, strategic placement of firewalls, deployment of VLANs, and restricted access to segments of the network.
Key to keeping applications and operating systems secure. The organization should have a well-developed patch management testing and deployment system in place. Patches should be sandboxed for safety prior to distribution.
Defense in depth dictates that the company should consider not just enterprise firewalls but also host-based firewalls.
Primary detection control.
Can be used to identify problems and find acceptable solutions to ongoing issues and security concerns.
Change must be controlled and occur in an orderly manner. Change control procedures should map out how changes are approved and rolled out, and how end users are informed.
Used to prevent unauthorized changes.
Not just anyone should have the ability to make changes to equipment and hardware.
Deal with the company's ability to have data available when needed. Some common solutions include RAID, redundant servers, and cloud storage.
Piece of software designed to infect a computer system.
Usually gain access to a system by email, network, or CD/DVD/USB media.
Require no interaction on the user's part to replicate and spread. The RTM worm is known as the first worm and was created y Robert Morris in 1988.
May perform key logging, redirect users to un-requested websites, flood the user with popups, or monitor user activity.
Programs that present themselves as something useful but contain malicious payloads.
Makes sure that your PC boots using only software that is trusted by the device manager.
This method works with TPM and the secure boot process to determine if an OS is allowed to load and what portions it can execute.
THIS SET IS OFTEN IN FOLDERS WITH...
CAS 002 239Q pt 2
Comptia+ CASP Chapters 6-10
YOU MIGHT ALSO LIKE...
CISSP Operations Security
Audit Exam 3: Chapter 12
AIS Ch. 8