1
Q
these circuits provide the electronics to connect other components to the computer
A
input/output (I/0 circuits)
2
Q
contains the circuits to draw images on the computer’s video display
A
video card
3
Q
These devices often connect through standard cables or other connectors
A
- PCIe (Peripheral Component Interconnect Express)
- IDE (Integrated Drive Electronics)
- ATA (Advanced Technology Attachment)
- SATA (Serial ATA)
4
Q
What is a parallel connection
A
when we run wires in parallel to connect two endpoints
5
Q
two types of persistent storage:
A
- hard drive
- flash memory
6
Q
keeps track of where a program’s next instruction resides
A
program counter
7
Q
we separate programs into two parts:
A
- control section - contains the instructions
- data section - contains the program’s data
8
Q
basic functions of every operating system
A
- process management
- ram management
- i/o management
9
Q
major components atop the i/o system
A
- file management
- user interface
- network protocol process
10
Q
when was morris worm released
A
1988
11
Q
the first internet-wide security incident
A
morris worm
12
Q
Kerckhoffs’ principle
A
we assume that potential attackers already know everything about how the cryptosystem works
13
Q
two program modes
A
- user mode
- kernel mode
14
Q
security controls fall into three categories
A
- preventive
- detective
- corrective
15
Q
we classify controls according to the six categories
A
- physical - protection arises from physical boundaries that resist penetration
- mechanical - protection arises from connections that can only change through mechanical intervention that is not available to the attacker
- logical - protection is controlled by a structured set of rules or other configuration data in a computer-based security device
- functional - protection arises from the design and operation of functions embedded in software
- procedural - protection arises from compliance with explicitly defined operating procedures
- cryptographic - protection based on transformation of the data using cryptographic techniques
16
Q
five security services
A
- confidentiality
- integrity
- availability
- authentication
- nonrepudiation
17
Q
the worm incident helped create the ___________
A
computer emergency response team (CERT)
18
Q
first nationwide, multiorganization computer security team
A
computer emergency response team (CERT)
19
Q
access control strategies
A
islands
vaults
puzzles
patterns
20
Q
Describe the basic components inside a computer. (6)
A
A computer contains
- a motherboard, which houses the central processing unit (CPU), and
- daughterboards which house random access memory (RAM).
- I/O connections for devices
- storage such as a Hard drive or solid-state drive may also be found
- video card, or graphical processing unit
- a power supply
21
Q
List the steps the CPU performs when executing an instruction. (3)
A
- Gets instructions from RAM
- Performs the instructions
- Updates the PC to point to the next instruction
22
Q
A running program is a __________
A
Process
23
Q
Contains the circuits to draw images on the computer’s video display.
A
video card
24
Q
Refers to a computer connection that allows us to attach several separate components
A
bus
25
Wires run in parallel to connect two endpoints
Parallel connection
26
A single wire run to connect two endpoints
Serial connection
27
Contains programs and data the computer uses immediately, such as RAM
Working storage
28
Two types of persistent storage used most in computers today
Hard drive — data stored as magnetised dots on a spinning disk
Flash memory — data stored by trapping electrical charges inside a circuit
29
A list of instructions, whose data is stored in RAM
Programs
30
Summarize the differences between hardware, firmware, and software.
Hardware refers to physical components, like I/O devices.
Firmware refers to permanent software programmed into hardware to control it.
Software refers to programs and applications that can run on the hardware.
31
Explain the role of control sections and data sections. Which section would a buffer reside in?
Control sections contain the instructions to execute, and unchanging data.
Data sections are where buffers reside in, they contain variables that change, as well as free-form RAM.
32
Explain the difference between a program and a process. What information makes up the process state?
Programs are a list of instructions to be executed by the CPU, and when a program is running, it is referred to as a process.
The process state will include the program's RAM contents, program counter, and other related data being used inside the CPU.
33
Explain what happens
when the CPU switches from
one process to another. (5)
- Save the program counter for the stopped process
- Save other CPU data from stopped process
- Locate the "saved state"
- Load the saved CPU data
- Load the program counter with the starting process' program counter
34
What is a worm? What was the intended goal of the Morris worm? What was its
actual effect?
A worm is a form of malware. The Morris worm was intended to be a "harmless experiment," and took advantage of vulnerabilities in the UNIX OS. His worm drew attention to the importance of cybersecurity.
35
Three major components of the
I/O system
File management — provides I/O interface to I/O devices
User interface — manages keyboard and displays
Network protocol process — manages network
36
Identify the basic features an operating system should have in order to reliably protect processes from one another. (3)
Program dispatcher, Memory manager, and User identities
37
When the Morris worm exploited the "finger" vulnerability, where did the shell code reside when it executed?
It resided in the buffer.
38
Explain how a buffer overflow can allow an attacker to take over a computer.
An attacker can exploit the buffer overflow by overwriting information and forcing the system to run their malicious code instead.
39
Summarize the purpose and contents of an attack scenario and an attack case study.
Attack scenarios study possible attacks, it focuses on:
- goals
- resources
- how it happens
- results
- mitigation
- references
An attack case study review attacks that have actually happened, and follows this format:
- overview
- perpetrator
- attack scenario
- risk management
- references
40
Describe the four general access control strategies. (is - vhall - puz - pat)
- Islands maroon hostile processes
- Vaults give processes the right to use resources in a larger repository
- Puzzles allow processes to use secret information to retrieve data items
- Patterns compare data items and programs available to a process to patterns known to hostile data
41
Identify the basic hardware features a CPU must have in order to reliably protect processes from one
another. (2)
Program modes and RAM protection
42
Describe the format and contents of an access matrix. (2)
Rows for RAM, columns for active processes
43
Explain how to draw a diagram of process and data accesses, based on an access matrix.
Create the rows for RAM and columns for active programs and identify where they intersect.
44
How does a computer maintain its Chain of Control
- Run software to enforce security requirements when computer starts
- If said software can run other software, that means it either complies with security requirements, or is prevented from violating requirements by other defenses
45
Describe the six categories of security controls. (ph - meh - lo - fung - pro - cry)
Physical — physical boundaries
Mechanical — actions like unplugging a computer from internet
Logical — structured set of rules
Functional — operations of defensive functions embedded in software
Procedural — defined operating procedures
Cryptographic — cryptographic techniques
46
List the four components of a security control that we provide when constructing a list of security controls
Control number, Control category, Description, and Relationship to requirements
47
Describe the operation of an operating system's dispatcher process.
Its the short program that is run in kernel mode when the OS switches between processes
48
Security plan contents
- List of assets
- Risk assessment
- Prioritized list of risks
- Security requirements
- Implementation
49
Principle of Open Design
The principal of not keeping security mechanisms secret
50
How can the Chain of Control be subverted in the BIOS level?
It can be subverted by booting a different OS from a USB
51
DEP feature
If the computer has data execution prevention, it will only run instructions in a control section
52
Shannon’s maxim
The enemy knows the system
53
Puzzle technique in which we try to hide one collection of information inside another
Steganography
54
Puzzles also provide a popular but less-effective form of protection called:
Security through obscurity (STO)
55
The opposite of STO is the principle of:
Open design
56
For highly privileged operating system programs with full CPU access (What program mode)
Kernel or supervisor mode
57
For most programs and all applications (what program mode)
User mode
58
OS security features
- processes must take turns (dispatching)
- processes are assigned different parts of ram
- processes can’t damage other areas of ram
- user-oriented interface and access controls
59
We have access to only some items
Least privilege
60
A weak puzzle, like protecting data by hiding it
Security through obscurity
61
Mathematical techniques to hide or protect data
Cryptography (crypto)
62
A 2D table showing access rights of entities to resources
Access matrix
63
A permission granted to an entity to view or modify a resource
Access right
64
A property of a system that allows surreptitious remote access
Back door
65
Techniques to measure properties of an individual, typically used for authentication
Biometrics
66
An area in RAM used for temporary storage, often used with input/output operations
Buffer
67
A programming error that allows data to be written past the end of a fixed-sized buffer
Buffer overflow
68
A procedure that is running because another procedure has invoked it
Called procedure
69
A procedure that invokes another procedure, and that resumes when the other finishes
Calling procedure
70
Assurance that the CPU always executes software safely as it moves between programs
Chain of control
71
A mechanism that prevents the CPU from retrieving instructions from data sections
Data execution prevention (DEP)
72
A network program that retrieves information about a logged-in user
Finger
73
Access control in which entities have no resources except those provided to them
Island
74
The principle that security mechanisms should be published, and rely on changeable secrets
Kerckhoff’s principle
75
A cpu mode that provides unrestricted access to the computer’s instructions and ram
Kernel mode
76
Changeable secret information used in security mechanism
key
77
Who created morris worm
Robert T. Morris
78
A mechanism by which several processes take turns sharing a single CPU
multitasking
79
the principle that a system’s details shoukd be published and open to review and analysis
Open design
80
Access control that is based on approximate matching of data patterns
Pattern
81
Access control that is based on the knowledge of secret information
Puzzle
82
Defenses that rely on hiding an asset or on easily-penetrated secrets
Security through obscurity (STO)
83
A word that appears in all well-formed requirements or security policy statements
shall
84
A CPU mode that restricts access to the computer's instructions and RAM
user mode
85
Access control that provides different entities with access to different resources
Vault
IAS
flashcards
Decks in class (13)
# Cards
