Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Software Architecture > Chapter 9 - Security > Flashcards

Chapter 9 - Security Flashcards

1
Q

3 main characteristics of security

A

confidentiality

integrity

availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is confidentiality

A

the property that data or services are protected from unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is integrity

A

the property that data or services are not subject to unauthorized manipulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3 other characteristics of security

A

authentication

non-repudiation

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is authentication?

A

verifies the identities of the parties to a transaction and checks if they are who they claim to be

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is non-repudiation

A

guarantees that the sender of message cannot deny having sent it and the recipient cannot deny having received it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is authorization

A

grants a user privileges to perform a task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is security

A

a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people and systems that are authorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is an attack

A

an action taken against a computer system with the intention of doing harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

general scenario: 2 possible values for source

A

human

another system

(either inside or outside organization)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

general scenario: 5 possible values for stimulus

A

unauthorized attempt to:

  • display data
  • change or delete data
  • access system services
  • change the system behavior
  • reduce availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

general scenario: 3 possible values for artifact

A
  • data within system
  • component or resources of the system
  • data produced or consumed by the system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

general scenario: 6 possible values for environment

A
  • online or offline
  • connected or disconnected from a network
  • behind a firewall or open to a network
  • fully operation
  • partially operational
  • not operational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

general scenario: the 2 categories of the response

A

transactions are carried out in a certain way

the system tracks activities in it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

general scenario: response: 5 ways the system carries out transactions

Draw a picture

A
  • data or services are protected from unauthorized access
  • data or services are not being manipulated without authorization
  • parties to a transaction are identified with assurance
  • parties to the transaction cannot repudiate their involvement
  • the data resources and system services will be available for legitimate use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3 ways the system tracks activities within

A

recording access/modification

recording attempts to access data, resources, or services

notifying appropriate entities when an apparent attack is occuring

17
Q

general scenario: 5 possible values for response measure

picture

A

how much of a system is compromised when a particular component or data value is compromised

how much time passes before the attack was detected

how many attacks were resisted

how long does it take to recover from a successful attack

how much data is vulnerable to a particular attack

18
Q

4 categories of security tactics

A

detect

resist

react

recover

19
Q

4 ways to detect attacks

A

detect intrusion

detect service denial

verify message integrity

detect message delay

20
Q

what is detecting intrusion

A

compare network traffic or service request patterns within a system to a set of signatures or known patterns of malicious behaviors stored in a DB

21
Q

what is detecting service denial

A

comparison of the pattern or signature of network traffic coming into a system to historic profiles of known DoS attacks

22
Q

what is verifying message integrity

A

use techniques such as checksums or has values to verify the integrity of messages

23
Q

what is detecting message delay

A

checking the time that it takes to deliver a message, in attempt to detect suspicious timing behavior

24
Q

4 ways to resist attacks

A

identify actors

authenticate actors

authorize actors

limit access

25
Q

4 more ways to resist attacks

A

limit exposure

encrypt data

separate entities

change default settings

26
Q

what does it mean to identify actors

A

identify the source of any external input to the system

27
Q

what does it mean to authenticate actors

A

ensure that an actor is actually who they claim to be

28
Q

what does it mean to authorize actors

A

ensuring that an authenticated actor has the rights to access and modify either data or services

29
Q

what does it mean to limit access

A

limiting access to resources such as memory, network connections, or access points

30
Q

what does it mean to limit exposure

A

minimize the attack surface of a system by having the fewest possible number of access points

31
Q

what does it mean to separate entities

A

have physical separation of different servers attached to networks, the use of VMs, or air gap

32
Q

what does it mean to change default settings

A

force the user to change the settings assigned by default

33
Q

3 ways to react to attacks

A

revoke access

lock computer

inform actors

34
Q

what does it mean to revoke access

A

limit access to sensitive resources, even for normally legitimate users and uses, if an attack is suspected

35
Q

what does it mean to inform actors

A

notify operators, other personnel or cooperating systems when an attack is suspected or detected

36
Q

1 way to recover from attacks

A

audit

37
Q

what does it mean to audit

A

keep a record of user and system actions and their effects, to help trace, the actions of , and to identify, an attacker

38
Q

Goal of Binding time

A

determine where an instance of a late bound component may be untrusted

39
Q

5 factors for choice of technology

A
  • what technologies help user authentication
  • help data access rights
  • resource protection
  • data encryption
  • does chosen technology support the chosen tactics

Software Architecture (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions