Chapter 1 Flashcards
What is Cryptography?
To encode a message
What four main areas can Cryptographic algorithms and protocols be classified?
Symmetric encryption, asymetric encryption, data integrity algorithms, and authentication protcols
What is symmetric encryption
used to conceal the contents of blocks or streams of data of any size
What is asymmetric encryption
used to conceal small blocks of data
What is the data integrity algorithm
Used to protect blocks of data
What is a authentication protocol
designed to authenticate the identity of entities
What is computer Security?
protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources
What are the two concepts related to confidentiality?
Data confidentiality and privacy
What are the two concepts related to integrity?
Data and system integrity
What is a CIA triad?
Integrity, Availability, Confidentiality, Authenticity, and Accountability
What are the challenges of computer security?
1) requirements 2) security mechanism or algorithm 3) procedures 4) where to use security mechanism 5) security mechanisms involve more than a particular algorithm or protocol 6) Computer and network security 7) users and system managers perceive security as negative 8) Requires regular or constant monitoring 9) Security is implemented after the design of the system is completed 10) Security admins/users view strong security as a impediment
OSI security architecture is what?
Focuses on security attacks, mechanisms, and services Is a recommendation by the X.800
What is the difference between a passive and active attack?
Passive-eavesdropping on, or monitoring of transmissions Active-Some modification of the data stream or the creation of a false stream
What are the four active attack categories?
masquerade, replay, modification of messages, and denial of service
What is a masquerade?
pretending to be a different entity
What does replay means in relation to the active attack category?
passive capture of data unit retransmission to produce an unauthorized effect
What are two specific authentication services?
peer entity authentication- provides for the corroboration of the identity of a peer entity in an association Data origin authentication-provides for the corroboration of the source of a data unit
What is access control?
the ability to limit and control the access to host systems and applications via communications links
What is data confidentiality?
protection of transmitted data from passive attacks
What is a connection-oriented integrity service?
assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays
What is nonrepudiation?
prevents either sender or receiver from denying a transmitted message
What are the fundamental security design principles?
Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychological acceptability Isolation Encapsulation Modularity Layering Least astonishment
What is economy of mechanism?
design of security measures embodied in both hardware and software should be as simple and small as possible
What is fail-safe default?
access decisions should be based on permission
What is complete mediation?
every access must be checked against access control mechanism
What is open design
design of security mechanism should be open rather than secret
What is separation of privilege
practice in which multiple privilege attributes are required to achieve access to a restricted resource
What is least privilege
every process and every user of the system should operate using the least set of privileges necessary to perform the task
What is least common mechanism
design should minimize the functions shared by different users
What is Psychological acceptability
security mechanisms should not interfere unduly with the work of users, while at the same time meeting the needs of those who authorize access
What is isolation?
isolation of public access, processes and files, and security mechanisms
What is encapsulation
a specific form of isolation based on object oriented functionality
What is modularity?
refers to both the development of security functions as separate, protected modules and to the use of a modular architecture for mechanism design and implementation
What is layering?
use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems
What is least astonishment?
program or user interface should always respond in the way that is least likely to astonish the user
What is a attack surface?
consists of the reachable and exploitable vulnerabilities in a system ex) open ports, services, code, interfaces, and employees
What is a network attack surface?
vulnerabilities over an enterprise network, WAN, or the internet
What is a software attack surface?
vulnerabilities in application, utility, or operating system code
What is a human attack surface?
vulnerabilities created by personnel or outsiders
What categories of attack services are there?
Network, software, and human attack surface
What is a attack tree?
a branching, hierarchical data structure that represents a set of potential techniques of exploiting security vulnerabilities
What two kinds of threats can a program present?
Information access and service threat
