? From Slides Flashcards
What are we protecting in cybersecurity?
Data, systems, networks, intellectual property.
Who are we protecting assets from?
Hackers, insiders, malware, nation-states.
Why do we need to protect systems and data?
To ensure confidentiality, integrity, and availability (CIA Triad).
Does more complexity mean less security?
No, unnecessary complexity increases errors and vulnerabilities.
Is goodwill a problem in security?
Yes, attackers can exploit trust through social engineering or insider threats.
What assets do we need to protect?
Data, software, hardware, networks, personnel.
How are assets threatened?
Malware, phishing, DoS, man-in-the-middle, insiders.
How can we counter threats to assets?
Firewalls, encryption, MFA, IDS, and user training.
Are all attacks intelligent?
No, some like DoS are simple but effective.
Is prevention always possible?
No, detection and recovery are crucial.
What are four types of active attacks?
Masquerade, Replay, Modification, DoS.
What are passive attacks?
Eavesdropping, traffic analysis; hard to detect.
Why is DES limited to 56-bit keys?
NSA and IBM compromised to balance security and performance.
What are ECB mode’s advantages and disadvantages?
Fast but vulnerable to replay and pattern attacks.
How to deal with non-block data in encryption?
Use stream ciphers or padding.
What is padding in encryption?
Extra data to align plaintext to block size.
What is the risk of an unsigned public key certificate?
It can be forged, leading to MITM attacks.
How will quantum computing affect encryption?
Longer keys for symmetric, new algorithms for public-key.
Why can’t we trust CPU random number generators?
Potential backdoors and lack of transparency.
Is your face an identifier or password?
Identifier, passwords require secrecy.
Why are cleartext passwords or email storage bad?
Intercepted credentials expose systems.
Why do we need salt values?
To prevent hash collisions and defeat rainbow tables.
Why are slow hash functions important?
They slow down brute-force attacks.
How does salting prevent dictionary attacks?
Forces unique hashing for each password.
