465 midterm Flashcards
midterm
Confidentiality
Prevent unauthorized access to information. Example: Encryption, Access control.
Integrity
Ensure data is accurate and unaltered unless authorized.
Example: Checksums, Backups.
Availability
Ensure authorized users can access data when needed.
Example: Computational redundancies, Physical protections.
Encryption
Transforms plaintext into ciphertext using a key.
Example: AES, RSA.
Access Control
Limits access to authorized users only.
Example: Role-based access control (RBAC).
Authentication
Verifies a user’s identity.
Example: Passwords, Biometrics.
Authorization
Determines what an authenticated user can access.
Example: Access Control List (ACL).
Physical Security
Prevents unauthorized physical access.
Example: Locks, Security guards.
Backups
Copies of data stored for recovery purposes.
Example: Cloud backups, RAID.
Checksums
Detects accidental data corruption.
Example: MD5, SHA-256.
Data Correcting Nodes
Reverts small unauthorized modifications.
Example: Error-correcting codes.
Physical Protections
Prevents damage or destruction of hardware.
Example: Fireproof safes, Server rooms.
Computational Redundancies
Extra resources to maintain availability.
Example: Load balancers, Clustering.
Assurance
Trust in a security system’s effectiveness.
Example: Policies, Permissions.
Authenticity
Ensures a message or user is genuine.
Example: Digital signatures.
Anonymity
Hides the sender’s identity.
Example: Proxies, Pseudonyms.
Eavesdropping
Unauthorized interception of communication.
Example: Wiretapping, Packet sniffing.
Man-in-the-Middle Attack
Attacker alters communication between parties.
Example: HTTPS downgrade attacks.
Denial-of-Service (DoS)
Overloads a system to make it unavailable.
Example: DDoS attacks.
Masquerading
Pretending to be someone else.
Example: Phishing, Spoofing.
Repudiation
Denying having sent or received a message.
Example: Digital signatures prevent this.
Correlation & Traceback
Linking anonymous actions to a specific user.
Example: Traffic analysis.
Economy of Mechanism
Keep security systems simple.
Example: Minimal, well-documented code.
Fail-Safe Defaults
Default access should be restrictive.
Example: No default admin privileges.