Introduction Flashcards
Easy shit
Computer Security
Generic name for collection of tools to thwart hackers
Network Security
Protect data in transmission
Internet Security
Network security, but for interconnected networks
CIA Security Triad
Confidentiality, Integrity, and Availability (also Accountability and Authenticity have been added elsewhere)
Types of Attacks
Passive-Difficult to detect, possible to prevent
Active-Difficult to prevent, possible to detect
Repudiation
Send something, then deny you sent it
Security Services
Layers to process/communicate security-related concerns and implement security policies
Authentication
Peer Entity-Used in association with a logical connection to ensure the identity of connected entity; Ex: Ciphers, Digital Signatures, Key Exchange
Data Origin-Connectionless; assures that source of data is as claimed; doesn’t protect against duplication;
Ex: Ciphers, Digital Signatures
Access Control
Preventing unauthorized use of a resource; protects against masquerade attacks
Data Confidentiality
Connection-Protect data throughout its transmission
Connectionless-Protect entire block of data
Selective Field-Protect certain fields of data
Traffic Flow-Protect against skimmers of traffic
Ex: Ciphers, routing control
Data Integrity
Connection w/ and w/o Recovery-Detects against modding, deletion, insertion, etc. of data during a connection; may attempt recovery
Selective Field Connection-Connection Integrity but only for selected fields
Connectionless-Checks for modding; maybe limited replay detection
Selective Field Connectionless-Selective Field but for a single block of data
Ex: Ciphers, Digital Signatures
Nonrepudiation
Origin-Proof that whoever sent it did send it
Destination-Proof that whoever received it did receive it
Ex: Digital Signatures, Notarization, Data Integrity
