Computer network Security Flashcards
Define Security ?
Security is about protecting assets from threats.
Who is an Owner in terms of security ?
An owner is someone who values assets and seeks to protect assets.
Who is a threat agent ?
A threat agent is someone who values assets and seeks to abuse it.
What are threats ?
Threats are potential for a(n) asset(s) to be abused.
What are countermeasures ?
Counter measures help reduce vulnerabilities.
What are vulnerabilities ?
Risk is measured in
occurrence likelihood and impact
What is security analysis ?
surveys the threats that pose risks and proposes a policy and solution at an appropriate cost.
List all phases of security analysis ?
theat model -> risk assessment->security policy -> cost of countermeasures -> security solution.
Explain the forces/factors acting against a system’s security
Computer Software Complexity
Human Factor
Expertise of Attackers and the Threat’s they pose.
List all the profiles of Attackers you can and give examples.
Script Kiddies, Hobbist Hackers, Determined Hackers, Proffessional consultant, security services experts
When should you consider the profile of the attacker when doing security analysis ?
Risk Assessment.
What are the security properties to ensure.
CIAAAA
How do i ensure confidentiality ?
include encryption, hashing, and access control list.
________________ allows for two parties to confirm that they share the same information without sharing additional information.
private set intersection.
What is Integrity ?
Information has not been altered or changed in an unauthorised or malicious way.
Ways to ensure integrity ?
backups, message authentication codes, checksums, data correcting code, cryptography based hashing functions and digital signatures.
What is availability ?
Information and Services are accessible and modifiable in a timely fashion by those authorised to do so.
Ways to ensure availability ?
use of a firewall, keep a redundant server. invest in a intrusion detection system.
What is assurance ?
How trust is provided and managed in a computer system.
How do you manage and provide trust in a computer system.
policies, permissions, and protection.
What is accountability ?
Actions are traceable to the party/ individual responsible.
why is keeping a secure audit trail important ?
so actions affecting the security of a system can be tracked back to the responsible party.
___________________ is a stronger form of accountability.
non-repudiation
What are the ways to secure an audit trails ?
ensure that the persisted audit logs are store in isolation. an isolated remote server, printer, or make use of an append-only file.
What is authentication ?
Data and Services should only be available to authorised identities.
List Common attacks and their examples
Eavesdropping, Masquerading, repudiation, Correlation and backtrace , Denial of Service, Alteration,
Protection Countermeasures categories.
Prevention, Detection and Response..
What is Steganography ?
Study of hidden writing.
What is Steganalysis ?
The identification of discovery of hidden writing.
What is Cryptology ?
Cryptography + Cryptanalysis
What is cryptanalysis ?
breaking ciphers.
What is cryptography ?
secret writing with ciphers.
What is encryption ?
transforming plaintext to ciphertext.
What is decryption ?
recovering plaintext from ciphertext.
What is a Symmetric Cipher ?
A symmetric cipher is a cipher that makes use of the same key for encryption and decryption.
What are the two types of symmetric ciphers ?
block cipher and the stream cipher.
Explain the two types of symmetric ciphers and give examples o f some you know.
block and stream cipher
block -> caesar cipher
stream cipher -> one time pad or vernam cipher/ RC4.
List the types of Stream Ciphers you know.
Periodic, Non-Periodic, Synchronous and self-Synchronous.
