First-handout

Question 1

Resources that can be misused

Answer 1

> Data
Time
Trust
Monetary

Question 2

Threat

Answer 2

A certain way that an attacker can put a system at risk like eavesdrop, fraud, access denial

Question 3

Threat model

Answer 3

collection of threats A collection of attackers abilities like a powerful attacker can read and modify all communications and generate messages on a communication channel

Question 4

Vulnerability

Answer 4

Systematic artifact/tool that exposes the user, data, or system to a threat like buffer overflow, or key leakage

Question 5

Source of vulnerabilities

Answer 5

> Bad software/hardware
Bad design
Bad policy / configuration
System misuse

Question 6

Adversary

Answer 6

Entity trying to bypass the security infrastrucure

Question 7

Types of adversaries

Answer 7

Curios and clueless like script kiddies
Casual attackers seeking to understand systems
Malicious groups of largely sophisticated users
Competitors
governments

Question 8

Also there are insider adversary and outsider adversary

Answer 8

true

Question 9

Attack

Answer 9

when someone tries to exploit vulnerabilities

Question 10

Kinds of attacks

Answer 10

> Passive like eavesdropping
Active like password guessing
Denial of service
Distributed Denial of service

Question 11

Example attacks

Answer 11

> IP spoofing, port scanning, ping of death, ARP poisoning, routing manipulation, DNS spoofing

> Spyware, adware, worms, viruses, spam

Question 12

Security terminology

Answer 12

Trust (degree to which an entity is expected to behave)

What the entity is not expected to do — Not expose passwords

what the entity is exposed to do (obligations)
obtain permissions, refresh

Question 13

Trust model

Answer 13

Describes for a particular environment who is trusted to do what

Question 14

Security model

Answer 14

combination of trust and threat model that addresses the set of perceived risks

Question 15

Every design must have a security model

Answer 15

true

Question 16

eavesdrop

Answer 16

Message interception

Question 17

impersonation

Answer 17

fake source address in a packet

Question 18

hijack

Answer 18

take over ongiong connection by removing sender or receiver

Question 19

Denial of service

Answer 19

Prevent service from being used by others

Question 20

Confidentiality

Answer 20

Only sender and intended receiver should inderstand message content

Question 21

Authentication

Answer 21

Sender, receiver confirm identity of each other

Question 22

Message integrity

Answer 22

Sender , receiver ensure that the message is not altered

Question 23

Access and availability

Answer 23

Service accessible and available to users

Question 24

Good security solution

Answer 24

Handle the problem to a great extent
Handle future variations of the problem
Inexpensive
Require few deployment points

Question 25

Malware attack

Answer 25

a computer network or system infected with a computer virus or other type of malware

Question 26

phishing

Answer 26

spam emails with the intention of tricking receipient into doing something that undermines their security or their organization security

Question 27

DDOS

Answer 27

Distributed Denial of dervice

Question 28

Sometimes IOT are used as DDOS

Answer 28

True

Question 29

How to protect against cybercrime

Answer 29

Keep software and OS updated
Use antivirus and keep it updated
Use strong passwords
Dont give up personal information