Chapter 1 Flashcards
Computer Security:
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).
Data confidentiality:
Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
Privacy:
Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Data integrity:
Assures that information and programs are changed only in a specified and authorized manner.
System integrity:
Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system
Availability:
Assures that systems work promptly and service is not denied to authorized users.
Confidentiality:
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information
Integrity:
Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A los
Availability:
Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.
Authenticity:
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
Accountability:
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Low:
The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals.
Moderate:
The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss might (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries.
High:
The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss might (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life-threatening injuries.
Adversary (threat agent)
An entity that attacks, or is a threat to, a system.
Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system
Countermeasure
An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken
Risk
An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.
Security Policy
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
System Resource (Asset)
Data contained in an information system; or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment (i.e., a system component— hardware, firmware, software, or documentation); or a facility that houses system operations and equipment.
Threat
A potential for violation of security, which exists when there is a circumstance, capability, action, or event, that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability
Vulnerability
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
Hardware:
Including computer systems and other data processing, data storage, and data communications devices
Software:
Including the operating system, system utilities, and applications
Data:
Including files and databases, as well as security-related data, such as password files.
Communication facilities and networks:
Local and wide area network communication links, bridges, routers, and so on.
In the context of security, our concern is with the vulnerabilities of system resources. [NRC02] lists the following general categories of vulnerabilities of a computer system or network asset
It can be ________ so that it does the wrong thing or gives wrong answers. For example, stored data values may differ from what they should be because they have been improperly modified.
It can be corrupted, so that it does the wrong thing or gives wrong answers. For example, stored data values may differ from what they should be because they have been improperly modified.
In the context of security, our concern is with the vulnerabilities of system resources. [NRC02] lists the following general categories of vulnerabilities of a computer system or network asset
It can become _____. For example, someone who should not have access to some or all of the information available through the network obtains such access.
It can become leaky. For example, someone who should not have access to some or all of the information available through the network obtains such access.
In the context of security, our concern is with the vulnerabilities of system resources. [NRC02] lists the following general categories of vulnerabilities of a computer system or network asset
It can become ________ or very slow. That is, using the system or network becomes impossible or impractical.
It can become unavailable or very slow. That is, using the system or network becomes impossible or impractical.
Corresponding to the various types of vulnerabilities to a system resource are _______ that are capable of exploiting those vulnerabilities. A ______ represents a potential security harm to an asset. An _____ is a threat that is carried out (_____ ______) and, if successful, leads to an undesirable violation of security, or threat consequence. The agent carrying out the ______ referred to as an ______ or _____ agent. We can distinguish two types of attacks:
Corresponding to the various types of vulnerabilities to a system resource are threats that are capable of exploiting those vulnerabilities. A threat represents a potential security harm to an asset. An attack is a threat that is carried out (threat action) and, if successful, leads to an undesirable violation of security, or threat consequence. The agent carrying out the attack is referred to as an attacker, or threat agent. We can distinguish two types of attacks:
Active attack:
An attempt to alter system resources or affect their operation
Passive attack:
An attempt to learn or make use of information from the system that does not affect system resources.
We can also classify attacks based on the origin of the attack:
Inside attack:
Initiated by an entity inside the security perimeter (an “insider”). The insider is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
We can also classify attacks based on the origin of the attack:
Outside attack:
Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an “outsider”). On the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.
Exposure:
Exposure: This can be deliberate, as when an insider intentionally releases sensitive information, such as credit card numbers, to an outsider. It can also be the result of a human, hardware, or software error, which results in an entity gaining unauthorized knowledge of sensitive data. There have been numerous instances of this, such as universities accidentally posting student confidential information on the Web.
Unauthorized Disclosure
A circumstance or event whereby an entity gains access to data for which the entity is not authorized.
Interception:
Interception is a common attack in the context of communications. On a shared local area network (LAN), such as a wireless LAN or a broadcast Ethernet, any device attached to the LAN can receive a copy of packets intended for another device. On the Internet, a determined hacker can gain access to e-mail traffic and other data transfers. All of these situations create the potential for unauthorized access to data.
Inference:
An example of inference is known as traffic analysis, in which an adversary is able to gain information from observing the pattern of traffic on a network, such as the amount of traffic between particular pairs of hosts on the network. Another example is the inference of detailed information from a database by a user who has only limited access; this is accomplished by repeated queries whose combined results enable inference.
Intrusion:
An example of intrusion is an adversary gaining unauthorized access to sensitive data by overcoming the system’s access control protections.
Deception
is a threat to either system integrity or data integrity. The following types of attacks can result in this threat consequence:
Masquerade:
One example of masquerade is an attempt by an unauthorized user to gain access to a system by posing as an authorized user; this could happen if the unauthorized user has learned another user’s logon ID and password. Another example is malicious logic, such as a Trojan horse, that appears to perform a useful or desirable function but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.
Falsification:
This refers to the altering or replacing of valid data or the introduction of false data into a file or database. For example, a student may alter his or her grades on a school database.
Repudiation:
In this case, a user either denies sending data or a user denies receiving or possessing the data
Disruption
Disruption is a threat to availability or system integrity. The following types of attacks can result in this threat consequence:
Corruption:
Corruption: This is an attack on system integrity. Malicious software in this context could operate in such a way that system resources or services function in an unintended manner. Or a user could gain unauthorized access to a system and modify some of its functions. An example of the latter is a user placing backdoor logic in the system to provide subsequent access to a system and its resources by other than the usual procedure.
Obstruction:
Obstruction: One way to obstruct system operation is to interfere with communications by disabling communication links or altering communication control information. Another way is to overload the system by placing excess burden on communication traffic or processing resources.