Video Content Lesson 5 Flashcards Preview

CISSP Exam > Video Content Lesson 5 > Flashcards

Flashcards in Video Content Lesson 5 Deck (50)
Loading flashcards...
2
Q

Organization

A
Computer Hardware Types
CPU
RAM
ROM
Erasable PROM
Memory Addressing
Cache Memory
Virtual Memory
3
Q

Computer Hardware Types

A

Most share the same core architecture
Mainframe (Large, does not communicate well with other computers)
Server (Server’s purpose to service requests) (receives requests, processes requests, returns data back to the requester)
Workstation (PC (anything) that requests information from the server)
Network appliances (a computer, but limited functionality–Router, Firewall, Switch)
PDAs (personal digital assistants) and smartphones (newest type of computer hardware)

4
Q

CPU

A

Parts of Computer
Central Processing Unit (CPU)
Control Unit (accesses and interprets instructions)
Arithmetic Logic Unit (ALU) - performs arithmetic and logic functions
Registers - fast memory within the CPU
Clock - circuit that emits pulses at a standard frequency

5
Q

RAM

A

Randum Access Memory (RAM) (real memory)
Real memory - slower, more abundant memory
Dynamic Ram - cheaper (uses capacitors, with lose their charge)
Must be peiodically refreshed (slower, cheap)
Static Ram - flip-flop circuit and doesn’t lose charge if powered up
Faster but more expensive

6
Q

ROM

A

Read-only memory (ROM) (real memory)
Lowest-level instructions that never change (POST)
Power On Self Testing (POST)
Programmable read-only memory (PROM) (Write once, then ROM) (Ex-Modem)

7
Q

Erasable PROM

A

Erasable programmable read-only memory (EPROM)
BIOS loaded here
UV window used to erase memory
Electrically Erasable programmable read-only memory (EEPROM)
EX - compactFlash Card

8
Q

Memory Addressing

A

1-Register - address of a CPU register
2-Implied - operation performed using a CPU register
3-Direct-actual memory location
4-Indirect - address of memory location that contains the actual data’s address

9
Q

Cache Memory

A

2 types of usage of memory
Cache - small, high-speek memory on the CPU
Does NOT require multiple clock cycles, as in real memory

10
Q

Virtual Memory

A

Virtual Memory - allows programs to address memory larger than physical memory
Memory Management Unit (MMU) translates addresses
processes requests for memory access
MMU translates address into a PAGE FRAME address

11
Q

Machine Operation

A
Hardware-Software
Machine Types
Execution Cycle
Scalar Processors
CPU Types
Capabilities
12
Q

Hardware-Software

A
Hardware (any part you can touch)
Software is any set of instructions
Machine Instructions/Source Code 
Executable Code
Source Code
Opt/Precompiled Code (Intermediate Code)
Firmware (Kind of hardware AND kind of software)
13
Q

Machine Types

A
Real Machine (see and touch - hardware designed to accept instructions and produce a result when instructions are executed)
Virtual Machine - doesn't really exist (software that emulates the functionality of a real machine)
JAVA - Compile to machine executables OR compile it to bytecode (BUT must be running virtual machine for its particular type of real machine)
Allows developers to write one set of software that can run on many different platforms
14
Q

Execution Cycle

A

1-Fetch (instruction from memory)
2-Decode (instruction)
3-Execute (instruction)
Linear function, one action at a time (cycle must complete before starting on the next instruction)
PIPELINING ( allows multiple actions at a single time, as soon as an instruction is completed begins executing the next actions)

15
Q

Scalar Processors

A

1-Scalar Processor (linear execution, single instruction at a time, can be pipelined)
2-Superscalar processor (multiple instructions at the same time, each pipeline stage can occur simultaneously, fetch 2 or more at same time)

16
Q

CPU Types

A

1-Complex Instruction Set Computing (CISC)
Each instruction preforms multiple steps
Compilers are generally simplern
Performance may suffer
2-Reduced Instructions Set Computing (RISC)
Fewer instructions (small and fewer)
Often requires multiple steps to accomplish task
Compilers can be more complex

17
Q

Capabilities

A

Multitasking (execute 2 or more processes at the same time on a single CPU by switching among processes, giving each one a finite time slice, put into back of line, repeat)
Multiprocessing (executing 2 or processes on multiple CPUs at the same time, allows multiple processes running on seperate CPUs)
Multithreading (Subdividing a process into 2 or more subprocesses, or threads, and executing them at the same time on one or more CPUs (spell check and grammar check)
OR allow multiple users to access the same shared process, each with its own local data space
Most modern machines support all 3 (Multitasking, Multiprocessing, and Multithreading)

18
Q

Operating Modes/Protection Mechanisms

A
Operating States
Operating Modes
Storage Types
Layering
Abstraction
Least Privilege
Accountability
Definitions
19
Q

Operating States

A

1-Single State (Capable of handling Information at only one security level at a time)
2-Multistate (Certified to handle Information at multiple security levels at the same time)
Very Exensive and difficult to maintain
Requires specific protection mechanisms to prevent data from crossing security level boundaries

20
Q

Operating Modes

A

1-User Mode (basic operating mode when executing user programs)
Only a subset of the full instruction set is available (protection from faulty or malicious code)
2-Privileged Mode (Full instruction set is available–therefore NO protection from faulty or malicious code
ALSO KNOWN AS Supervisor Mode or Kernel Mode

21
Q

Storage Types

A
Primary Storage (registers on CPU)
Real Storage (RAM--Memory for Programs (NO direct CPU access)
Secondary Storage (Nonvolatile storage (disks and tapes))
Virtual Storage (Memory space that can exceed real memory--Uses Frames)
22
Q

Layering

A

Secure Processes by
Layering (establishing layers of functionality)
Most sensitive processes are at the bottom layer
Each layer communicates with other layers only through well-defined, secure paths (but only to layers next to it)

23
Q

Abstraction

A

Secure Processes by
Abstraction (feature of object-oriented programming–Objects look like “black boxes”
An Object is the Data and Mechanisms that operate on that data in a self-contained box–All you need to know is entrance and exit of box
Data Hiding (Data at one security level is not visible to a process running at a different security level)

24
Q

Least Privilege

A

Least Privilege (Only allow subjects to possess the minimum access to objects required to accomplish a task)
Too much access results in “authorization creep”
Do NOT allow a subject to acquire any more access to objects than is necessary

25
Q

Accountability

A

Accountability (Must ensure that each subject is accountable for the security access granted and the subsequent actions taken)
State this in Policy and communicate this to staff with consequences

26
Q

Definitions

A

Definitions
Physical Isolation (security perimeter and DMZ)
Reference Monitor (Control layer that stands between subjects and objects to enforce access rules)
Security Kernel (Collection of components that work together to provide the reference monitor functions) (Call-by-Value Procedures; Extension for object mutation; Extention for abstract Data; Access to Hardware Devices) (runs at higher security level)
Trusted Computing Base (TCB) (all of these components running together) (Hardware, Software, and controls that work together to enforce the security policy)

27
Q

Evaluation Criteria

A
Overview
Orange Book
TCSEC
Other Criteria
International Criteria
SEI-CMMI
28
Q

Overview

A

1-Certification (technical evaluation of a computer system AND compare system to published standards)
2-Accreditation (Formal acceptance of certification process by management and IT staff)
1- Closed systems (harder to evaluate because proprietary and standards are generally not published)
2- Open systems (easiest to evaluate–interconnection components based on published standards AND generally easy to connect to other dissimilar systems)

29
Q

Orange Book

A

DOD published “Trusted Computer System Evaluation Criteria (TCSEC)”
Purpose to specify categories used to rate the functionality and assurance of a system

30
Q

TCSEC

A

Trusted Computer System Evaluation Criteria (TCSEC)
A-Verified Protection (A1)
A1-Verified Protection (Starts in the design phase; Formal Software Configuration Management (SCM))
B-Mandatory Protection (B1/B2/B3)
B1-Labeled Security (Ensures that each subject and object has a security label)
B2-Structured Protection (B1; Assurance that NO covert channels exist)
B3-Security domains (B1; B2; Positive Isolation of all unrelated processes–No process can read from or write to another location of another process)
C-Discretionary Protection (C1/C2) (Basic Access Control)
C1-Discretionary Security Protection (allows access via users or groups)
C2-Controlled access protection (C1; must enforce media cleansing)
D-Minimal Protection (lowest level)

31
Q

Other Criteria

A
Rainbow series (colored covers)
Red-Trusted Network Interpretation (TNI)--extends orange book
32
Q

International Criteria

A

Information Technology Security Evaluation Criteria (ITSEC) (Europe)
Predecessor to TCSEC
Common Criteria (reconciles many differences between existing criteria)

33
Q

SEI-CMMI

A

Software Engineering Institute’s Capability Maturity Model Integration
CMMI rating denotes relative system trustworthiness
Focal point is process management
System quality depends on the quality of system processes
“0” rating is incomplete and non-functional to
“5” Very Mature Model

34
Q

Security Models

A
State Machine Model
Bell-LaPadula Model
Biba Model
Clark-Wilson Model
Information Flow Model
Noninterference Model
Graham-Denning Model
Harrison-Ruzzo-Ullman Model
Brewer-Nash Model
35
Q

State Machine Model

A

The state of a system looks at all subjects and objects
Transition occurs as it transitions from one state to another
Since all states and transitions are defined, the system is always in a secure state
In one of these – Source Secure State, Transition Secure State, or Final Secure State

36
Q

Bell-LaPadula Model

A

1970’s DOD for classified information
addresses data CONFIDENTIALITY ONLY
Built on state machine concept
supports multiple states and all transitions between states
3 Properties- 1-Simple Security Property (no read up)
2-(star)* security property (no write down) (subject may not write an object at a lower sensitivity level)
3-Discretionary security property (access matrix enforces discretionary access control)

37
Q

Biba Model

A

Designed after Bell-LaPadula model
Addresses data INTEGRITY
designed to stop unauthorized changes
built on state machine model
1-Simple Integrity Property (no read down)
2-*(star) Secuity Property (no write up) (subject may not write an object at a higher sensitivity level)

38
Q

Clark-Wilson Model

A

Designed in 1987 for commercial applications
Enforces INTEGRITY by defining each data item and restricts the programs that can modify it
Uses security labels to grant access to objects
CDI (Contrained Data Item) - data item protected by the model
Uncontrained Data Item (data input or output)
IVP (Integrity Verification Procedure) - procedures that verify integrity of data item so that the IVP works on CDIs
TP (Transformation Procedure) - modifies the CDIs (ONLY Procedure to do so)

39
Q

Information Flow Model

A

Similar to Machine State
Controls all information FLOWing from object to subject (not focused on states)
Direction doesn’t matter subject to object or object to subject
An access matrix defines all valid information transfers (if there is NOT a defined information transfer, it will be denied)
Bell-LaPadula and Biba are limited Information FLow models (if they are put together they are similar to a limited flow model in that they define information flow in both directions)

40
Q

Noninterference Model

A

Ensures that actions at one security level have no effect on objects at another secuity level
Protects state changes from cascading into other, uninteneded areas

41
Q

Graham-Denning Model

A

3 components
1-Set of Objects
2-Set of Subject (Process and Domain)
3-Set of Rights (create object, create subject, delete object, delete subject, read access right, grant access right, delete access right, transfer access right)
Defines how Subjects and Objects interact based upon Set of Rights

42
Q

Harrison-Ruzzo-Ullman Model

A

Describes authorization systems for (creating and deleting subjects and objects)
Similar to the Graham-Denning Model
Composed of a set of generic rights and commands

43
Q

Brewer-Nash Model (Chinese Wall)

A

Focus is to prevent conflict of interest
User should NOT access confidential data for both (Client and Client’s Competitor)
Access control rules change user beharior or what user is able to do

44
Q

Common Flaws and Security Issues

A
Covert Channels
Initialization State
Parameter Checking
Maintenance Hooks
Programming
Timing Issues
EMR
45
Q

Covert Channels

A

Method to pass information not normally used for communication
Covert Timing Channel (change timing of system component to bypass controls) (used to disclose unauthorized information or modify secured data)
Covert Storage Channel (process can write data to common storage area that another process can read) (can easily be detected by isolating processes BUT must have a security level of B2 and above to prohibit)

46
Q

Initialization State

A

Initialization and failure states
MUST maintain security controls at all time
Attacker can put code in shutdown sequence and extract info for modification or disclosure
Systems should maintain security controls at all times (load at beginning of program’s initialization and continue to end of shutdown)
Ensure Security Controls stay in effect even if there is a failure and the program crashes

47
Q

Parameter Checking

A

Input and Parameter Checking
Malformed input can lead to buffer overflow or other unintended results
SQL injections into web application to access database
Always check input

48
Q

Maintenance Hooks

A

Programmers often leave “backdoors” into program
secret entry point without regular security controls
Most programs run at elevated security
Privileged mode programs are prime targets (frequently using buffer overflow/malformed input) (becomes super user)

49
Q

Programming

A

Common Flaws
Fully test programs for buffer overflow vulnerabilities
Validate that all programs adhere to your security policy
Formally control the development process

50
Q

Timing Issues

A

Windows of opportunity for an attacker to affect a system between known events
Time of check/Time of use
State changes
Communication Disconnects (when application running on one machine and data source on another machine) (properly shut down process so port is NOT left open)
Hijack of open port
Open port can be open window to your system

51
Q

EMR

A

Electro Magnetic Radiation (EMR)
Can read standard monitor from distance
Shielding and physical controls avoid interception
Cables
TEMPEST project to intercept EMR from cables (Shield and Distance between EMR and viewer)