ChatGPT Introduction

Question 1

What is the first principle of secure systems?

Answer 1

Secure systems do not exist: all systems have vulnerabilities due to bugs, design flaws and human errors. Security is about MINIMIZING risks.

Question 2

What determines the security level of a system?

Answer 2

The time, money and resources required to break the system, and probability of success.

Question 3

Why does complexity reduce security?

Answer 3

More complexity increases vulnerabilities, as errors in design, implementation, or usage are more likely.

Question 4

What is the KISS rule in security design?

Answer 4

Keep it Simple and Stupid: Simplify protection mechanisms to reduce potential vulnerabilities.

Question 5

What are the three entities composing a system?

Answer 5

Software, hardware and humanware.

Question 6

Why is software a critical part of system security?

Answer 6

It has a large exposed attack surface, can be accessed remotely, and often contains vulnerabilities.

Question 7

What is firmware?

Answer 7

Piece of software embedded in hardware to control its functionality - and can be modified by attackers.

Question 8

What is the Evil Maid Attack?

Answer 8

A physical attack where an unauthorized person tampers with a device, such as flashing a modified firmware.

*Flashing firmware is updating it

Question 9

Why is humanware often the weakest link in security?

Answer 9

Humans are vulnerable to fatigue, social engineering, bad habits and lack of knowledge.

Question 10

What is social engineering?

Answer 10

Manipulating individuals into divulging confidential information (phishing)

Question 11

Why is security considered a process, not a product?

Answer 11

What is considered secure today may not be secure tomorrow, must constantly update, monitor and adapt to address emerging threats.

Question 12

What challenges are associated with updating systems?

Answer 12

May not be available for all devices, can introduce new bugs (which can be vulnerabilities), and require careful cost/benefit evaluation.

Question 13

What does Kerckhoffs’s Principle state?

Answer 13

A cryptosystem should be secure even if everything about the system is public except the key.

Question 14

What is Shannon’s Reformulation of Kerckoffs’s Principle?

Answer 14

The enemy knows the system, rely on robust design not secrecy!

Question 15

What is Security Through Obscurity, and why is it flawed?

Answer 15

Relying on a closed system for security, flawed because they are not audited regularly by public communities for vulnerabilities.

Question 16

What are open and closed systems?

Answer 16

Open systems interact with external systems/environment with standard protocols

Closed systems operate in isolation or only with specific other systems (proprietary)

Question 17

What is the importance of user education in security?

Answer 17

Educated users are less likely to fall victim to attacks, but education is costly and hindered by bad habits or ideological resistance.