Chapter 9 - Security Flashcards
3 main characteristics of security
confidentiality
integrity
availability
what is confidentiality
the property that data or services are protected from unauthorized access
what is integrity
the property that data or services are not subject to unauthorized manipulation
3 other characteristics of security
authentication
non-repudiation
authorization
what is authentication?
verifies the identities of the parties to a transaction and checks if they are who they claim to be
what is non-repudiation
guarantees that the sender of message cannot deny having sent it and the recipient cannot deny having received it
what is authorization
grants a user privileges to perform a task
what is security
a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people and systems that are authorized
what is an attack
an action taken against a computer system with the intention of doing harm
general scenario: 2 possible values for source
human
another system
(either inside or outside organization)
general scenario: 5 possible values for stimulus
unauthorized attempt to:
- display data
- change or delete data
- access system services
- change the system behavior
- reduce availability
general scenario: 3 possible values for artifact
- data within system
- component or resources of the system
- data produced or consumed by the system
general scenario: 6 possible values for environment
- online or offline
- connected or disconnected from a network
- behind a firewall or open to a network
- fully operation
- partially operational
- not operational
general scenario: the 2 categories of the response
transactions are carried out in a certain way
the system tracks activities in it
general scenario: response: 5 ways the system carries out transactions
Draw a picture
- data or services are protected from unauthorized access
- data or services are not being manipulated without authorization
- parties to a transaction are identified with assurance
- parties to the transaction cannot repudiate their involvement
- the data resources and system services will be available for legitimate use
3 ways the system tracks activities within
recording access/modification
recording attempts to access data, resources, or services
notifying appropriate entities when an apparent attack is occuring
general scenario: 5 possible values for response measure
picture
how much of a system is compromised when a particular component or data value is compromised
how much time passes before the attack was detected
how many attacks were resisted
how long does it take to recover from a successful attack
how much data is vulnerable to a particular attack
4 categories of security tactics
detect
resist
react
recover
4 ways to detect attacks
detect intrusion
detect service denial
verify message integrity
detect message delay
what is detecting intrusion
compare network traffic or service request patterns within a system to a set of signatures or known patterns of malicious behaviors stored in a DB
what is detecting service denial
comparison of the pattern or signature of network traffic coming into a system to historic profiles of known DoS attacks
what is verifying message integrity
use techniques such as checksums or has values to verify the integrity of messages
what is detecting message delay
checking the time that it takes to deliver a message, in attempt to detect suspicious timing behavior
4 ways to resist attacks
identify actors
authenticate actors
authorize actors
limit access
4 more ways to resist attacks
limit exposure
encrypt data
separate entities
change default settings
what does it mean to identify actors
identify the source of any external input to the system
what does it mean to authenticate actors
ensure that an actor is actually who they claim to be
what does it mean to authorize actors
ensuring that an authenticated actor has the rights to access and modify either data or services
what does it mean to limit access
limiting access to resources such as memory, network connections, or access points
what does it mean to limit exposure
minimize the attack surface of a system by having the fewest possible number of access points
what does it mean to separate entities
have physical separation of different servers attached to networks, the use of VMs, or air gap
what does it mean to change default settings
force the user to change the settings assigned by default
3 ways to react to attacks
revoke access
lock computer
inform actors
what does it mean to revoke access
limit access to sensitive resources, even for normally legitimate users and uses, if an attack is suspected
what does it mean to inform actors
notify operators, other personnel or cooperating systems when an attack is suspected or detected
1 way to recover from attacks
audit
what does it mean to audit
keep a record of user and system actions and their effects, to help trace, the actions of , and to identify, an attacker
Goal of Binding time
determine where an instance of a late bound component may be untrusted
5 factors for choice of technology
- what technologies help user authentication
- help data access rights
- resource protection
- data encryption
- does chosen technology support the chosen tactics
