Describe the functioning of viruses, worms, trojan horses and logic bombs.
Viruses: oldest form of malicious code objects.
Trojan Horses: Cover application with secret, usually malicious, payload.
Logic bombs: Dormant malicious code that awaits for an event to trigger.
Worms:A viruses designed to spread itself.
Understand the impact each type of threat may have on a system and the methods they use to propagate. Know the basic functioning of agents (aka bots) and the impact they may have on computer/network security.
Understand the functionality behind Java applets and ActiveX controls and be able to determine the appropriate security controls for a given computing environment.
Applets are code objects sent from a server to a client to perform some action (opposite of an agent/bot), like an online mortgage calculator. ActiveX is the Microsoft version of Java Applets.
Explain RDBMSs. Functions of tables/relations, rows/records/tuples, columns/degrees/fields/attributes. Know how relationships are defined between tables and roles of various types of keys. Describe database security threats posed by aggregation and inference.
Row=Cardinality
Column=Degree
Know storage:differences between primary memory and virtual memory, secondary storage and virtual storage, random access storage, sequential access storage, and volatile storage and nonvolatile storage.
Expert and neural networks function.
Expert has a knowledge base with if/then rules and an inference engine to draw conclusions based on it (like twenty questions)
Neural simulate the functioning of a human mind to a limited extent by arranging a series of layered calculations to solve problems. Neural networks require extensive training on a particular problem before they are able to offer solutions.
The different models of systems development:
Waterfall model describes a sequential development process that results in the development of a finished product.
The spiral model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes.
Agile development models place an emphasis on the needs of the customer and quickly developing new functionality that meets those needs in an iterative fashion.
Software maturity models help software organizations improve the maturity and quality of their software processes by implementing an evolutionary path from ad hoc, to mature software processes.
SW CMM: Software Capability Maturity Model
1: Initial
2: Repeatable
3: Defined
4: Managed
5: Optimizing
IDEAL
I: Initiating
D: Diagnosing
E: Establishing
A: Acting
L: Learning
To memorize, remember this “I, I Dr. Ed, AM LO”
then write it out in two columns
Initial——–Initiating
Diagnosing—–Repeatable
Establishing—Defined
Acting Managed
Learning Optimizing
Know the 3 basic components of change control:
1: Request Control
2: Change Control
3: Release Control
The 4 rings of the ring protection scheme:
0: operating system itself resides here, processes running in this level are often said to be running in supervisory mode or privileged mode. Level 0 processes have full control of all system resources so its essential to ensure that they are fully verified and validated.
The kernel implements the reference monitor, an operating system component that validates all user requests for access to resources against an access control scheme.
1 & 2: device drivers and other operating system services. Most operating systems do not employ these rings.
3: user applications and processes reside here, usually called user mode or protected mode.
The security kernel is the core set of operating system services that handles user requests for access to system resources. the reference monitor is a portion of the security kernel that validates user requests against the system’s access control mechanisms.
Software testing should be designed as part of the development process. Testing should be used as a management tool to improve the design, development, and production process.
4 security modes approved by the DoD: compartmented security mode (all system users must have an appropriate clearance to access all information processed by the system but do not necessarily have a need to know of all information in the system), dedicated security mode (are authorized to process only a specific classification level at a time, all users must have clearance and a need to know that information), multilevel security mode (authorized to process information at more than one level of security even when all system users do not have appropriate clearances), and system-high security mode (authorized to process only information that all system users are cleared to read and have a valid need to know. not trusted to maintain separation between security levels and all information processed by these systems must be handled as if it were classified at the same level as the most highly classified information processed.).
