F3 - Threats Flashcards
A key security concept is an abbreviation of three letters, what is this concept?
CIA
In CIA each letter stands for a certain concept, what is C in CIA?
Confidentiality:
The concept is too:
* preserve authorized restrictions on information access and disclosure
* may include ways of protecting personal privacy and proprietary information
In CIA each letter stands for a certain concept, what is I in CIA?
Integrity:
The concept is too:
* guarding against improper modification of information or it’s destruction.
* May include ensuring information nonrepudiation and authenticity.
In CIA each letter stands for a certain concept, what is A in CIA?
Availability:
The concept is too:
* Ensure timely and reliable access to and use of information.
What are the opposites of CIA
Disclosure (Confidentiality)
Alteration (Integrity)
Destruction (Availability)
What is a threat?
A threat is a potential security harm to an asset.
* e.g When health related data or a credit card is disclosed.
How does a threat become a threat?
A threat materializes when an attack succeds.
* E.g a deliberate attempt to vioalate the access of control policy of a system.
When someone is carrying out an attack they are generally refered to as what?
An attacker or threat agent.
What is a threat to a hardware asset? Give an example for availability and confidentiality
- Availability: Equipment is stolen or disabled, thus denying
service. - Confidentiality: An unencrypted CD-ROM or DVD is stolen.
What is a threat to a software asset? Give an example for availability, confidentiality and integrity
- availability: Programs are deleted, denying access to users.
- confidentiality: An unauthorized copy of software is made.
- integrity: A working program is modified, either to cause it to fail during execution or to cause it to do some unintended
task.
What is a threat to a data asset? Give an example for availability, confidentiality and integrity
- availability: Files are deleted, denying access to users.
- confidentiality: An unauthorized read of data is performed.
An analysis of statistical data reveals underlying data. - integrity: Existing files are modified or new files are fabricated.
What is a threat to a Communication Lines and Networks asset? Give an example for availability, confidentiality and integrity
- availability: Messages are destroyed or deleted. Communication lines or networks are rendered unavailable.
- confidentiality: Messages are read. The traffic pattern of
messages is observed. - integrity: Messages are modified, delayed, reordered, or
duplicated. False messages are fabricated.
Name a few typical threat agents
- Curious individuals
- Dishonest people — for personal gain, saving money
- Hackers, crackers, script kiddies — for challenge and reputation
- Companies — for business intelligence and marketing
- Organized criminals — for money
- Governments and security agencies — NSA, GCHQ, DGSE, etc.
- Military SIGINT — strategic and tactical intelligence, cyber defence
What is a vulnerability?
Is a weakness in a system which could either be accidentaly or intentionaly exploited in order to damage assets, such as hardware, software, reputation, etc.
What are the categories of vulnerabilities?
- Corrupted (loss of integrity).
- Leaky (loss of confidentiality).
- Unavailable or very slow (loss of availability).
Can you name examples of vulnerabilites?
- Programs left with default passwords, e.g “password”.
- Programs with uneccesary privileges.
- programs with known flaws.
- Weak access control settings on resources.
- Weak firewall configurations.
What is STRIDE?
Stride is a model for identifying security threats
What does S stand for in STRIDE?
Spoofing: it is when an agen gains access by using falsified identification.
Examples:
- Someone pretending to be another customer.
- Someone might pretend to be your website.
- Someone might place a deep link into one of your pages.
What does T stand for in STRIDE?
Tampering: violates the integretiy of an asset which could be the alteration of security settings in order for the attacker to get more privileges.
What does R stand for in STRIDE?
Repudiation: Is when an agent denies having performed an attack to avoid responsibility.
Examples:
- Someone might claim that he did not click to activate a service
- Someone might also claim that he did not receive the goods purchased
- Someone might claim that he has been a fraud victim
What does I stand for in STRIDE?
Information Disclosure:
Is when a the confidentiality of a asset is violated. Information that is disclosed to the wrong parties can lead to monetary losses or your oganization may face penalties for not protecting information.
Examples:
* Someone extracts secrets from error messages
* Someone reads the username/passwords
* Someone finds the business/personal secrets in files
What does D stand for in STRIDE?
Denial of Service:
Is when the availability in the asset is compromised. Which in turn could make e.g websites unavailable. Such attacks may be used as blackmail.
Examples:
* Someone flooding the network with requests for numerous connections
* Someone consuming operating system resources such as memory or disk usage
* Someone sending packets full of data, e.g. random data, to a program resource
What does E stand for in STRIDE?
Elevation of Privelege:
is when an agent is able to gain more priveleges that are beyong their entitlement.
Examples:
* Someone writes to memory bad data leading to process corruption
* Someone modifies bits on disk to do things other than what permitted for that user
* Someone gains access to a buggy function to gain more accesses
