Information Security Flashcards
What is the CIA triad?
Confidentiality
Integrity
Availability
What does data Confidentiality mean?
This can refer to data confidentiality: private or confidential information is not made available or disclosed to unauthorized individuals
Privacy - individuals control or influence what information related to them is collected and stored and by whom. And who that information may be shared with.
Example: Student records kept private. FERPA
What is Integrity?
Assures that information and programs are changed only in a specified and authorized manner.
Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Example: Incorrect data in a database could have negative impact.
What is availability?
Assures that systems work promptly and service is not denied to authorized users.
Example: School website is up and available to users when they need it.
What is Authenticity?
Verifying that users are who they say they are and that each input arriving at the system is from a trusted source.
What is Accountability?
The security goal that generates the requirement for actions of that entity to be traced uniquely to that entity.
What does it mean for something to have low breach impact?
The loss could be expected to have limited adverse effect on an organization’s operations, assets, or individuals.
What does it mean for something to have medium or moderate breach impact?
The loss could be expected to have a serious adverse effect on organizational operations, assets, or individuals.
What does it mean for something to have high breach impact?
The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, assets, or individuals.
What are some computer security challenges?
- Solutions are often complex
- require constant monitoring
- is often an afterthought
- little perceived benefit
- constant battle between perpetrators and the security specialist
What is a security attack?
Any action that compromises the security of information owned by an organization.
What is a security mechanism?
A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
What is a security service?
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.
Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
What is the difference between a threat and an attack?
Threat - A possible danger that might exploit a vulnerability
Attack- An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt to evade security services or policies.
What are two different types of security attacks?
Passive - gathering information from the system but not physically affecting the resources themselves
Active- attempt to alter system resources or affect their operation.
What is Nonrepudiation?
When someone can’t deny the authenticity of something.
What is ISOC?
Internet Society - professional membership society responsible for internet infrastructure standards including the IETF
What are some characteristics of a firewall?
All traffic must pass through it
Only authorized traffic will be allowed to pass.
The firewall itself should be immune to penetration
There can be more than one in an organization.
What is IP address spoofing?
The intruder transmits packets from the outside with a source IP address field containing the address of an internal host.
What is a countermeasure for IP spoofing?
Discard packets with internal source IP if they arrive at external opening.
What is a source routing attack?
The source station specifies the route that a packet should take as it crosses the internet, in the hopes that this will bypass security measures that do not analyze the source routing information
A countermeasure is to discard all packets that use this option.
What is a tiny fragment attack?
The intruder uses the IP fragmentation option to create extremely small fragments and force the TCP header information into a seperate packer fragment.
A countermeasure is to enforce a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header.
What is an application level gateway or application proxy?
A filter of application-level traffic
Tend to be more secure than packet filters
Additional processing overhead necessary on each connection
What is plaintext?
The original text of the message
What is ciphertext?
The encoded message
What is a cipher?
An algorithm for translating plaintext to ciphertext
What is a key?
Info used in cipher known only to the sender or receiver
What is cryptography?
The study of encryption principles and methods
What is cryptanalysis?
Code breaking - study of principles or methods of deciphering ciphertext without knowing key
What is cryptology?
The study of both encryption and decryption
How does symmetric encryption work?
Both sender and receiver share a key used to both encrypt and decrypt the message being sent.
- A strong encryption algorithm is required
- sender and receiver must have received the key in a secret fashion.
What is substitution in terms of cryptography?
elements of the plaintext are mapped to another element.
What is transposition in terms of cryptography?
Elements of the plaintext are rearranged
An encryption scheme is computationally secure if…
The cost of breaking the cipher exceeds the value of the information
The time required to break the cipher exceeds the useful lifetime of the information.
What goes into a risk management process?
- Determine what is at risk
- Determine the rough value
- Determine for each asset the threats
- Determine an appropriate response
-monitor and control risk
What is SLE ?
Single Loss Expectancy
Asset value * Exposure factor
What is ALE?
Annualized Loss Expectancy
SLE * Rate of occurrence
What is a rootkit?
A set of hacker tools used after attacker has broken into a computer system and gained root access.
Malware can be classified into two broad categories…
Based on how it spreads or propagates
actions it takes once the target is reached.
What is a auto rooter?
Malicious hacker tools used to break into new systems remotely.
What is a kit (virus generator)?
set of tools for generating new viruses automatically.
What is a backdoor?
A means of bypassing security measures to gain access to unauthorized functionalities.
What is an infection vector?
The means by which a virus spreads or propagates
What is the payload in terms of a virus?
What the virus does besides spreading. May involve damage or benign but noticeable activity.
