Cybersecurity Flashcards
What is security?
The state of being free from danger
What is a threat?
It represents the possibility of being attached / possible danger to system
What is confidentiality?
Protecting info from unauthorized access to protect privacy
Security Goals: Keep secrecy of message
Potential Threat: Data exposure
Defense Technique: Cryptography
What is Integrity?
Protecting information from improper modification or destruction
Security Goals: Ensure authenticity of message
Potential Threat: Data modification
Defense Technique: Hashing
What is system availability?
The system should be available all the time from anywhere
Security Goals: Ensure timely and reliable access and use of dataa
Potential Threat: Denial of service
Defense Technique: Firewalls, IDS, IPs
What is user authentication?
The process of proving you are who you claim.
- What they know- passwords, access codes
- Who they are - fingerprints, face recognition
- what they have: access cards
2FA must use two of the above categories
Security Goals: Provide you are who you claim
Potential Threat: Masquerading or impersonation
Defense Technique: 2Fa, authentication protocols like Kebrous, regis, etc.
What is user authorization / privileges separation?
The users who have access to the same system may have different permissions
Least Privilege Principle: the minimum # of permissions that allow a person to do their job
Security Goals:
Potential Threat: Privilege escalation (give people more privilege than needed)
Defense Technique: access control
What is accounting?
Monitoring and capturing the events done by the user while accessing the system.
Security Goals: Make everyone accountable for what they are doing in the system
Potential Threat: Repudiation (deny what you did)
Defense Technique: Log files