Identify Security Requirements

Question 1

What are the 4 factors in authentication? Describe each factor.

Answer 1

1. Something you know: includes passwords and PINs
2. Something you are: includes physical attributes such as height, weight, hair color, etc. Fingerprints and facial characteristics are also included
3. Something you have: includes something in physical possession such as ATM cards or driver’s license
4. Something you do: includes the actions or behaviors of an individual. Handwriting is an example of this.

Question 2

What categories of attacks affect each aspect of the CIA triad?

Answer 2

INTERCEPTION affects Confidentiality
INTERRUPTION, MODIFICATION, and FABRICATION can affect both Integrity and Availability.

Question 3

Define Interception attacks.

Answer 3

Allow unauthorized users to access your data, applications, or environments. Affects CONFIDENTIALITY.

Question 4

Define Interruption attacks.

Answer 4

Makes your assets unusable or unavailability to you on a temporary or permanent basis.

Question 5

Define Modification attacks.

Answer 5

Involve tampering with an asset.

Question 6

Define Fabrication attacks.

Answer 6

Involve generating data, processes, communications, or other similar material with a system.

Question 7

Define threats, vulnerabilities and risks in relation to Information Security.

Answer 7

Threat: something that has the potential to cause harm
Vulnerabilities: weaknesses, or holes, that threats can exploit to cause you harm
Risk: the likelihood that something bad will happen. You need both a threat and vulnerability that the threat could exploit.

Ex: A wooden structure (vulnerability) next to a fire (threat) creates a risk. Were the structure be made of concrete, you no longer have a vulnerability that can be exploited by the threat (the fire). Therefore, you have no risk.

Question 8

Define hardware token.

Answer 8

A small device, typically the size of a credit card or keychain fob, that you use to authorize your access to a specific network. Often called dongles.

Question 9

Define hash functions.

Answer 9

A modern type of cryptography, called a keyless cryptography. It converts plaintext into a largely unique and fixed-length value. Can’t be used to discover the contents of the original message but can be used to determine whether the message has been changed.

Question 10

Define DES

Answer 10

A block cipher that uses a 56-bit key

Question 11

Define AES

Answer 11

Symmetric key encryption. Uses three different ciphers: one with a 128-bit key, one with a 192-bit key and one with a 256-bit key, all of which encrypt blocks of 128 bits

Question 12

Define SSL/TLS

Answer 12

Secure Sockets Layer and Transport Layer Security are asymmetric algorithms that secure common internet traffic. Encrypts connections between two systems communicating over a network.

Question 13

Define protocols in algorithms

Answer 13

Rules that define communication between devices

Question 14

Define port

Answer 14

A numerical designation for one side of a connection between two devices. We use them to identify the application to which traffic should be routed.

Question 15

Define digital certificate

Answer 15

Links a public key to an individual by validating that the key belongs to the proper owner, and they’re often used as a form of electronic identification for that person.

Question 16

Define ECC

Answer 16

Elliptic curve cryptography. Can use short keys while maintaining a higher cryptographic strength than many other types of algorithms. Easily implemented on devices such as cellphones because it is fast and efficient

Question 17

True of False:

RSA is an asymmetric algorithm that can provide confidentiality for data in motion.

Answer 17

True

It includes the SSL protocol

Question 18

What type of media is most likely to withstand physical conditions such as temperature changes, humidity, magnetic fields, electricity, etc?

Answer 18

Flash media (flash drives)