Chapter 1

Question 1

What are the three fundamental questions in cybersecurity?

Answer 1

1. What assets do we need to protect?
2. How are those assets threatened?
3. What can we do to counter those threats?

Question 2

Threat Model

Answer 2

Structured way of identifying potential threats, vulnerabilities and risks to a system

Question 3

Privacy

Answer 3

Individuals control what infromation rtelated to them may be collected, stored and who can access it.

Question 4

What is the NIST definition of computer security?

Answer 4

The protection afforded to an automated information system to preserve confidentiality, integrity and availability of its resources.

Question 5

What is the CIA Triad in cybersecurity?

Answer 5

Confidentiality: Ensuring information is not disclosed to unauthorized individuals; Ensure privacy
Integrity: Ensuring data/system isn’t modified or destroyed by unauthorized individuals
Availability: Ensuring timely access to data and services

Question 6

What are the two additional security concepts beyond the CIA Triad?

Answer 6

Authenticity: Ensuring genuinity and trustworthiness, ability to verify
Accountability: Tracing actions back to responsible entity

Authenticitity: Confidence in validity of message or message originator

Question 7

Define vulnerability, threat and attack

Answer 7

Vulnerability: Weakness in a system (Flaw in design, implementation or management that can be exploited)
Threat: A potential for security violation, causing harm
Attack: Deliberate action to breach security by exploiting vulnerability

Question 8

Define Risk

Answer 8

Probability of a threat exploiting a vulnerability (Rare - almost certain)
AND
Impact it would have on system (insig. - catostrophic)

Helps determine what to fix first.

Expectation of loss

Question 9

6 Computer Security Challenges

Computers n’ security, I miss u

Answer 9

1. Procedures often counterintuitive
2. Not as simple as appears (multiple algorithms or protocols)
3. Attackers only need to find a single weaknesses (developers must find all!)
4. Good Security is Invisible
5. Requires constant monitoring
6. Impediment to efficient and user-friendly operation

Question 10

What are the two types of attacks?

Answer 10

Passive: Eavesdropping system without altering resources
Active: Attempt to modify or disrupt the system

Question 11

What is a countermeasure?

Answer 11

Action or device that reduces vulnerability, threat or attack by eliminating it, preventing it or minimizng the harm it can cause

** Prevent Detect Recover**

May introduce new vulnerabilties or residuals remain

Question 12

Security Policy

Answer 12

Set of rules and practices that speicfy how a system or org. provides security services

Ex: Strong passwords and their expiration

Question 13

What are the 4 major threat consequences? (UDDU)

Answer 13

1. Unauthorized Disclosure: Breaching confidentiality (interception)
2. Deception: Tampering with integrity (masquerade, falsification)
3. Disruption: Affecting availability or integrity (incapacitation)
4. Usurpation: Gaining unauthorized control (misappropriation, misuse)

Question 14

Unauthorized Disclosures (4)

Threat Consequances

The IEEE discloses stuff! Well switch that around to EIII

Answer 14

1. Exposure (deliberate or error)
2. Interception (unauthorized access to data)
3. Inference (traffic analysis to get detailed information)
4. Intrusion (unauthorized access to sensitive data)

CONFIDENTIALITY

Question 15

Deceptions (3)

Threat Consequances

“Make false reasons!”

Answer 15

1. Masquerade (trojan horse)
2. Falsification (alter or replace valid data, introduce false data)
3. Repudiation (I didn’t do it)

INTEGRITY

Question 16

Disruptions (3)

Threat Consequances

“I can’t operate!”

Answer 16

1. Incapacitation (destroy or damage system hardware) availability
2. Corruption (unauthorized modification) Integrity
3. Obstruction (overload system to interfere with communications) availability

AVAILABILITY, INTEGRITY, AVAILABILITY

Question 17

Usurpations (2)

Threat Consequances

mm

Answer 17

1. Misappropriation (enity takes control of system resource)
2. Misuse (Make system component perform damaging function or service)

Integrity

Question 18

Attack Surface

Answer 18

Set of all reachable and exploitable vulnerabilities in a system

Open ports, firewall, APIs, SQL queries, web forms

Question 19

4 main types of Active Attacks

Answer 19

1. Masquerade
2. Replay
3. Modification of messages
4. Denial of Service

Question 20

Passive attack example and category of countermeasure we should emphasize

Answer 20

eavesdropping/monitoring of transmissions

prevention, because it is difficult to detect

Question 21

3 Main Attack Surface Categories

Answer 21

Network
Software
Human

Question 22

Attack Tree

Answer 22

A hierarchical diagram representing possible attack methods, used for analyzing vulnerabilities and improving defenses.

used for attack surface analysis

Question 23

13 Security Design Principles

Eric, focus closely on security, like lions in prairies, even more like leopards

Answer 23

1. Economy of mechanism
2. Fail-safe default
3. Complete mediation
4. Open design
5. Separation of privileges
6. Least privilege
7. Least common mechanism
8. Isolation
9. Psychological accapetability
10. Encapsulation
11. Modularity
12. Layering
13. Least Astonishment

Question 24

Economy of mechanism

Security Design Principles

Answer 24

Security mechanisms should be as simple as possible to reduce errors and vulnerabilities.

Question 25

Fail-safe default

Security Design Principles

Answer 25

Access desicions should be based off permissions, rather than exclusion

Question 26

Complete mediation

Security Design Principles

Answer 26

Every access request must be checked against the access control system without relying on cached decisions

Question 27

Open design

Security Design Principles

Answer 27

The design should be open, rather than secret

Question 28

Separation of Privileges

Security Design Principles

Answer 28

Multiple priveleges should be required to gain access to a restricted resource (or to complete some tasks)

Question 29

Least privilege

Security Design Principles

Answer 29

Every user (or process) should operate with the least set of principles necessary to perform a task

Ex: SysAdmin not surfing web using administrator user.

Question 30

Least common mechanism

Security Design Principles

Answer 30

A design should minimize the functions shared by different users/entities

Sharing state among different software programs

Question 31

Isolation

Security Design Principles

Answer 31

• Critical resources should be separated from public access.
• User files separated from one another
• Security mechanism isolated (prevent access to them)

Firewalls example?

Question 32

Psychological acceptability

Security Design Principles

Answer 32

Security mechanisms should not interfere **unduly **with usability, ensuring user acceptance.

Question 33

Encapsulation principle

Encapsulation

Security Design Principles

Answer 33

hiding internal structures/limiting exposure to only the necessary details

similar to object-oriented programming concepts

Simplify the interface exposed to external entities, so they can’t interact with sensitive info

Question 34

Modularity

Security Design Principles

Answer 34

Development of security functions as separate, protected modules

Modular Architecture

Question 35

Layering

Security Design Principles

Answer 35

use of multiple overlapping protection approaches

multiple firewalls based on different technologies and approaches

Question 36

Least Astonishment

Security Design Principles

Answer 36

Program interface should always respond in a way that is least likely to astonish the user

an error window that belong to what running program?

Question 37

What is the scope of computer security?

Answer 37

1. Access to data must be controlled (protection)
2. Access to computer must be controlled (user authentication)
3. Data securely transmitted through networks (network security)
4. Sensitive files must be secured (file security