#31 Flashcards
What means that only authorized people should be able to access or read specific computer systems and data?
Secrecy or Confidentiality
Data breeches are where hackers reveal peoples credit card info. This is an example of what?
Secrecy or Confidentiality
What means that only authorized people should have the ability to use or modify systems and data?
Integrity
Hackers who learn your password and send emails masquerading as you is what?
Integrity hacker
What means that authorized people should always have access to their systems and data?
Availability
Denial of Service Attacks are where hackers overload a website with fake requests to make it slow or unreachable to others. This is an example of what?
Availability
To achieve the three goals security experts start with a specification of who your “enemy” is, at an abstract level. This is called a what?
Threat Model
What profiles attackers: their capabilities, goals and probable means of attack?
Threat models
How a system is secured depends heavily on who it’s being secured against.
True
Often you’ll see threat models specified in terms of technical capabilities. An example of this is someone who has physical access to your laptop along with ________ _______.
Unlimited Time
There are many methods for protecting computer systems, networks and data.
True
Two main security questions:
1.
2.
- who are you?
2. what should you have access to?
What is the process by which a computer understands who it is interacting with?
Authentication
Three types of authentication
1.
2.
3.
- What you know
- What you have
- What you are
Based on the knowledge of a secret that should be known only by the real user and the computer.
What you know
Username and Password
What you know
Based on possession of a secret token that only the real user has.
What you have
Physical key and lock
What you have
Based on you! You authenticate by presenting yourself to the computer.
What you are
biometric authenticators, like fingerprint and iris scanners
What you are
How many possible combinations for 4 digit PINs?
10,000
Brute Force Attack means that it tries everything.
True
How many combinations with an 8 digit PIN?
100 million
How many combinations with an 8 digit PIN that has upper and lowercase as well as symbols?
600 trillion
Three words together for a password would allow how many possibilities?
1 quadrillion
What is even better passwords against more sophisticated kinds of attacks ?
Non-dictionary words
Biometric authentication is what?
probabilistic
An attacker may be able to guess your password or steal your phone but it is much harder to do both. This is an example of what ?
Two factor Authentication
Once a system knows who you are it needs to know what you should be able to access, This is done through permissions or access control lists which describe what access each used has for every file, folder, or program on a computer.
After Authentication come Access Control
Permissions
1.
2.
3.
- read
- write
- execute
What allows a user to see the contents of a file
read
What allows a user to modify the contents
write
What allows a user to run a file
execute
Three levels of Access:
1.
2.
3.
- public
- secret
- top secret
People shouldn’t be able to read up.
True
People shouldn’t be able to write down.
True
“No read up, No write down.” Bell-LaPadula Model was formulated for who?
The US Department of Defense’s Multi-level security policy
Chinese Wall Model
Biba Model
Models for Access Control
Malicious Software
Malware
Most security errors come from implementation error
True
One of the holy grails of a system level security is a security kernel or a trusted computing base: A minimal set of operating system software that is close to probably secure?
True
What works by having a code audited by a crowd of security- minded developers?
Independent Verification
DEF CON - Las Vegas
True
Operating systems attempt to sandbox, applications by giving each their own block of memory that other programs can’t touch.
Isolation
