no more cubes

Category: Security & Privacy

  • Access Control Types

    1. Directive
    2. Deterrent
    3. Preventive
    4. Compensating
    5. Detective
    6. Corrective
    7. Recovery

  • EMail Protocols

    Privacy Enhanced Mail (PEM): Uses Data Encryption Standard (DES) in the Cipher Block Chaining (CBC) Mode.

    Secure Multipurpose Internet Mail Extension (S/MIME): Uses the user’s encryption algorithm with RC2, DES, and 3DES for confidentiality.

    Pretty Good Privacy (PGP): Uses the International Data Encryption Algorithm (IDEA) for encryption of bulk data.

  • Data Link Layer Protocols

    Synchronous data link control / SDLC: supports loop or hub go-ahead configuration used with bounded and unbounded media.

    High Level Data Link Control / HDLC: Provides an option for a 32bit checksum, maintains data integrity, and provides flow control.

    Link access procedure balanced / LAPB: Performs packet framing operations, using I-, S- and U-frames.

  • WAN Protocol Characteristics

    Frame Relay

    • Provides point to point connections by creating virtual circuit paths.
    • Forwards frames and performs error check only at the end points.

    X.25

    • Is designed to operate over unreliable network lines
    • works with the physical, data link and network layers of the OSI model.

  • Packet Switching / WAN Technology

    • X.25: defines communication between DTE and DCE devices.
    • Switched multimegabit data services (SMDS):
      • Is a connectionless protocol and can provide bandwidth for exchange of large amounts of data.
      • A connectionless, high-speed, datagram-based WAN technology for communication over public data networks.
    • Frame Relay: Forwards packets to their destinations and doesn’t unpack frames at each node.
    • Link access procedure balanced (LAPB): Ensures that frames are conrrectly sequenced and error free.
    • Asynchronous transfer mode (ATM):
      • transmits data in fixed size cells of 53 byte and can provide bandwidth on demand.
      • Connection oriented switching technology that uses a cell-switching method.
    •  Synchronous data link control (SDLC): bit oriented synchronous protocol.
    • High level data link control (HDLC): A bit oriented data link protocol.
    • Switching: A virtual connection which acts like a dedicated link between the sender and the receiver devices.
    • Password authentication protocol (PAP): uses an authentication server to compare supplied credentials against stored credentials.
    • Challenge handshake authentication protocol (CHAP): enables user auth without revealing a shared password between two entities.
    • Extensible Authentication Protocol (EAP): works directly at the data link layer.
    • Point-to-point protocol (PPP): Supports asynchronous and synchronous connections and network protocol multiplexing.
    • Serial Line Internet Protocol (SLIP): Frames datagrams for transmission but doesn’t provide error detection or data compression.

  • Change management process

    1. Submit the change
    2. Approve the change
    3. Document the change
    4. Test the change
    5. Implement the change
    6. Report the change

  • Reconnaissance Methods

    • FIN Scan: Uses an IP-bases server’s error-handling mechanism against it.
    • Operation System (OS) Identification: users an operating system’s weaknesses to obtain valuable information.
    • Port sweep: Bombards a servers’s IP address with packets to identify active services.
    • Evasive sweep: Identifies a server’s systems and services without ever completely connecting to it.

  • Components od a basic information system architecture

    • Network architecture
    • Protection mechanisms
    • Platform architecture
    • Security Models
    • Enterprise architecture

  • Security Models

    Address security, integrity and information flow

    • Graham-Denning: Defines the commands that a subject can execute to create or delete an object.
    • Noninterference: Prevents covert channels and interference attacks.
    • Brewer & Nash

    Address security and integrity

    Further Descriptions

    • Lipner: Was the first security model to separate objects into data and programs
    • Harrison-Ruzzo-Ullman: Comprised of generic rights and a small set of commands

  • Operating System States

    • Supervisory: A system routine, or highly privileged routine, is being executed by the system.
    • Ready: Processing can be resumed for an application.
    • Wait: A specific event must be completed before another process resumes.
    • (Needs review: Problem: An application is being run by the system.(?))