First-handout Flashcards

1
Q

Resources that can be misused

A

> Data
Time
Trust
Monetary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat

A

A certain way that an attacker can put a system at risk like eavesdrop, fraud, access denial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Threat model

A

collection of threats A collection of attackers abilities like a powerful attacker can read and modify all communications and generate messages on a communication channel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vulnerability

A

Systematic artifact/tool that exposes the user, data, or system to a threat like buffer overflow, or key leakage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Source of vulnerabilities

A

> Bad software/hardware
Bad design
Bad policy / configuration
System misuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Adversary

A

Entity trying to bypass the security infrastrucure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Types of adversaries

A

Curios and clueless like script kiddies
Casual attackers seeking to understand systems
Malicious groups of largely sophisticated users
Competitors
governments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Also there are insider adversary and outsider adversary

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Attack

A

when someone tries to exploit vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Kinds of attacks

A

> Passive like eavesdropping
Active like password guessing
Denial of service
Distributed Denial of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Example attacks

A

> IP spoofing, port scanning, ping of death, ARP poisoning, routing manipulation, DNS spoofing

> Spyware, adware, worms, viruses, spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security terminology

A

Trust (degree to which an entity is expected to behave)

What the entity is not expected to do — Not expose passwords

what the entity is exposed to do (obligations)
obtain permissions, refresh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Trust model

A

Describes for a particular environment who is trusted to do what

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security model

A

combination of trust and threat model that addresses the set of perceived risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Every design must have a security model

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

eavesdrop

A

Message interception

17
Q

impersonation

A

fake source address in a packet

18
Q

hijack

A

take over ongiong connection by removing sender or receiver

19
Q

Denial of service

A

Prevent service from being used by others

20
Q

Confidentiality

A

Only sender and intended receiver should inderstand message content

21
Q

Authentication

A

Sender, receiver confirm identity of each other

22
Q

Message integrity

A

Sender , receiver ensure that the message is not altered

23
Q

Access and availability

A

Service accessible and available to users

24
Q

Good security solution

A

Handle the problem to a great extent
Handle future variations of the problem
Inexpensive
Require few deployment points

25
Q

Malware attack

A

a computer network or system infected with a computer virus or other type of malware

26
Q

phishing

A

spam emails with the intention of tricking receipient into doing something that undermines their security or their organization security

27
Q

DDOS

A

Distributed Denial of dervice

28
Q

Sometimes IOT are used as DDOS

A

True

29
Q

How to protect against cybercrime

A

Keep software and OS updated
Use antivirus and keep it updated
Use strong passwords
Dont give up personal information