1A Flashcards
A ____ is any circumstance or event with the potential to adversely affect a system through unauthorized access, destruction, disclosure, modification of data, or denial of service.
threat
A threat is a ___ danger that ___ exploit a vulnerability.
possible
may
The model Microsoft uses for threat analysis and identification is called ____.
STRIDE
What does STRIDE stand for?
- Spoofing
- Tampering
- Repudiation
- Information disclosure
- Denial of Service
- Elevation of privilege
What is spoofing?
Pretending to be something or someone other than yourself.
What is tampering?
Modifying something on a disk, network, memory, or elsewhere.
What is repudiation?
Claiming you didn’t do something or were not responsible.
What is information disclosure?
Providing information to someone not authorized to have it.
What is denial of service?
Exhausting resources needed to provide services to the user.
What is elevation of privilege?
Allowing someone to do something they are not authorized to do.
What are the three types of threat agents?
Inside Attack, Outside Attack and Botnet
What is an Inside Attack?
An inside attack is initiated by an insider, which is an entity inside of a security perimeter. Insider threats have authorization to access a system, but they use their authorization in a way that is not approved by the party that granted authorization.
What is an Outside Attack?
This is initiated by an outsider, which is an entity outside of a security perimeter. Outsider threats gain unauthorized or illegitimate access to a system.
What is utilized on outside attacks?
Botnets
What is a botnet?
A botnet is an aggregation of compromised computers, turning them into robots used by attackers.
A bot (short for ___) is an automated program that
executes commands.
robot
Botnets operate through a central command-and-control server and can be activated by attackers via ___ ___.
chat rooms
A ___ is a flaw or weakness in a system’s design, implementation, or operation and management which could be exploited to violate the system’s security policies.
vulnerability
A vulnerability ___ be exploited by a threat, but not every threat always results in an actual attack to a system
may
The degree of ___, ____, and ___ will determine an attack’s success.
vulnerability, strength of attack and effectiveness of countermeasures
An attack to a network is an intentional act by which an intelligent threat actor attempts to evade security services and violate the security policy of a system.
Network Attack
A network attack can be characterized according to ___, ___, and ___.
intent, point of initiation and method of delivery
A network attack may also affect…?
one or multiple systems
In a network attack, targeted resources may include…?
- Data stored in an information system (IS)
- Services provided to the user
- System processing power
- Hardware
- Firmware
- Software
- The physical design of the facility
What are the three types of network attacks?
Denial of Service
Distributed Denial of Service
Unauthorized Access
__ __ __ attacks are probably the nastiest, and most difficult to address. They are very easy to launch and often difficult (sometimes impossible) to track because of their timing.
Denial of Service
The following describes which type of network attack?
The intent is to send more requests to a machine than it can handle, disrupting or even totally blocking user services.
Denial of Service
The following describes which type of network attack?
While a standard DoS attack comes from one computer, a ___ ___ ___ attack involves multiple computers sending requests, and is usually performed by a botnet.
Distributed Denial of Service
The following describes which type of network attack?
The goal of these attacks is to access a resource that a machine should not provide the attacker. They may falsely identify as the originating host.
Unauthorized Access
In the cyber world, we do not want unknown or untrusted individuals to gain access to our equipment. To help control this, systems are divided into two main classifications of users and their system access
capability:
user access and administrator access
Among destructive types of break-ins and attacks, there are two major categories:
data diddling and data destruction.
___ ___ occurs when an attacker makes small changes or entries in records to change the original meaning. It is a form of computer fraud involving the intentional falsification of numbers in data entry.
Data Diddling
___ ___ is likely the worst type of attack since the fact of a break-in might not be immediately obvious.
Data Diddling
The term ___ ___ can be defined as the process of destroying the data stored on tapes, hard disks, and other forms of electronic media so that it is completely unreadable.
Data Destruction
Some countermeasures that may reduce the risk of DDoS attacks include:
- Not running your visible-to-the-world servers at a level close to capacity.
- Packet filtering to prevent obviously forged packets from entering your network address space.
- Security-related patches for host operating systems.
Some examples of data destruction include:
- Erasing the recycle bin. This method allows you to quickly delete basic junk files from the computer without having to worry about formatting your entire computer’s hard drive.
- Overwriting data to change the entire format.
- Degaussing. This method uses a magnetic field to erase data and cause irreversible damage to the data.
- Destroying hard drives with special software
- Electronic shredding. This refers to physically destroying the entire system equipment.
When data is destroyed for authorized purposes, it must be completely ____, regardless of the method, to ensure it is unreadable and cannot be accessed, recovered, or used for unauthorized purposes. This process can vary for each equipment type, classification, or scenario.
sanitized
