20. Security Concerns Flashcards

1
Q

Meaning of CIA?

A

Confidentiality, Integrity, & Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the CIA triad?

A

The 3 properties of securing information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does Confidentiality mean in the CIA triad?

A

Information should only be known to authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does Integrity mean in the CIA triad?

A

Data is stored & transferred without unauthorized altercation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does Availability mean in the CIA triad?

A

Authorized users can access & modify data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is snooping?

A

Unauthorized access to data at rest

data at rest means data that is stored and not actively being accessed or transferred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is eavesdropping/wiretapping (aka sniffing)?

A

Snooping on network data or phone calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

3 confidentiality concerns?

A
  • Snooping
  • Eavesdropping/wiretapping
  • Social engineering/dumpster diving
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3 integrity concerns?

A
  • On-path attack
  • Replay
  • Impersonation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does an on-path attack work?

A

Host intercepts & forwards communication between 2 nodes

To thwart on-path attacks, both sender and receiver should authenticate and encrypt their messages to prevent unauthorized alterations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does a replay attack work?

A

Data is captured & reused to impersonate the original client or gain unauthorized server access

Replay attacks often involve exploiting an access token generated by an application. The application needs to use encryption and time-stamping to ensure that the tokens cannot be misused.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an access control system? (SKIP (RATE 5))

This flashcard should be deleted..!

A

Security measure to regulate recourse access

Using methods like password or biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

3 types of controls an access control system normally consists of?

A
  • Authentication
  • Authorizaion
  • Accounting

A security system that depends on one mechanism only is often not very effective. Providing multiple controls of different types offers much better security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly