20. Security Concerns Flashcards
Meaning of CIA?
Confidentiality, Integrity, & Availability
What is the CIA triad?
The 3 properties of securing information
What does Confidentiality mean in the CIA triad?
Information should only be known to authorized users
What does Integrity mean in the CIA triad?
Data is stored & transferred without unauthorized altercation
What does Availability mean in the CIA triad?
Authorized users can access & modify data
What is snooping?
Unauthorized access to data at rest
data at rest means data that is stored and not actively being accessed or transferred
What is eavesdropping/wiretapping (aka sniffing)?
Snooping on network data or phone calls
3 confidentiality concerns?
- Snooping
- Eavesdropping/wiretapping
- Social engineering/dumpster diving
3 integrity concerns?
- On-path attack
- Replay
- Impersonation
How does an on-path attack work?
Host intercepts & forwards communication between 2 nodes
To thwart on-path attacks, both sender and receiver should authenticate and encrypt their messages to prevent unauthorized alterations.
How does a replay attack work?
Data is captured & reused to impersonate the original client or gain unauthorized server access
Replay attacks often involve exploiting an access token generated by an application. The application needs to use encryption and time-stamping to ensure that the tokens cannot be misused.
What is an access control system? (SKIP (RATE 5))
This flashcard should be deleted..!
Security measure to regulate recourse access
Using methods like password or biometrics
3 types of controls an access control system normally consists of?
- Authentication
- Authorizaion
- Accounting
A security system that depends on one mechanism only is often not very effective. Providing multiple controls of different types offers much better security.