Identify Security Requirements Flashcards
What are the 4 factors in authentication? Describe each factor.
- Something you know: includes passwords and PINs
- Something you are: includes physical attributes such as height, weight, hair color, etc. Fingerprints and facial characteristics are also included
- Something you have: includes something in physical possession such as ATM cards or driver’s license
- Something you do: includes the actions or behaviors of an individual. Handwriting is an example of this.
What categories of attacks affect each aspect of the CIA triad?
INTERCEPTION affects Confidentiality
INTERRUPTION, MODIFICATION, and FABRICATION can affect both Integrity and Availability.
Define Interception attacks.
Allow unauthorized users to access your data, applications, or environments. Affects CONFIDENTIALITY.
Define Interruption attacks.
Makes your assets unusable or unavailability to you on a temporary or permanent basis.
Define Modification attacks.
Involve tampering with an asset.
Define Fabrication attacks.
Involve generating data, processes, communications, or other similar material with a system.
Define threats, vulnerabilities and risks in relation to Information Security.
Threat: something that has the potential to cause harm
Vulnerabilities: weaknesses, or holes, that threats can exploit to cause you harm
Risk: the likelihood that something bad will happen. You need both a threat and vulnerability that the threat could exploit.
Ex: A wooden structure (vulnerability) next to a fire (threat) creates a risk. Were the structure be made of concrete, you no longer have a vulnerability that can be exploited by the threat (the fire). Therefore, you have no risk.
Define hardware token.
A small device, typically the size of a credit card or keychain fob, that you use to authorize your access to a specific network. Often called dongles.
Define hash functions.
A modern type of cryptography, called a keyless cryptography. It converts plaintext into a largely unique and fixed-length value. Can’t be used to discover the contents of the original message but can be used to determine whether the message has been changed.
Define DES
A block cipher that uses a 56-bit key
Define AES
Symmetric key encryption. Uses three different ciphers: one with a 128-bit key, one with a 192-bit key and one with a 256-bit key, all of which encrypt blocks of 128 bits
Define SSL/TLS
Secure Sockets Layer and Transport Layer Security are asymmetric algorithms that secure common internet traffic. Encrypts connections between two systems communicating over a network.
Define protocols in algorithms
Rules that define communication between devices
Define port
A numerical designation for one side of a connection between two devices. We use them to identify the application to which traffic should be routed.
Define digital certificate
Links a public key to an individual by validating that the key belongs to the proper owner, and they’re often used as a form of electronic identification for that person.