Introduction Flashcards

1
Q

Define security

A

Minimizing the vulnerabilities of assets and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are assets?

A

Anything of value, in information security these are information systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a vulnerability?

A

Any weakness that could be exploited to violate a system or the information is contains.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a threat?

A

A potential violation of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the CIA triad?

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is confidentiality?

A

Preventing unauthorised disclosure of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is integrity?

A

Preventing unautherised (accidental or deliberate) modification or destruction of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is availability?

A

Ensuring resources are accessible when required by an authorised user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the OSI Security Architecture?

A

Systematic approach of providing security at each layer.

Defines security services and mechanisms that provide security for data transmitted over a network.

Defines threats (or attacks), services, mechanisms and how they are related

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are passive threats?

A

Threats that do not alter information in a system.

Eavesdropping, traffic analysis

hard to detect, focus on preventing their success

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is eavesdropping?

A

Attacker monitors communication.

E.g.: sniffing packets, tapping telephone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is traffic analysis?

A

Attacker monitor the amount, source and destination of communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are active threats?

A

Threats that alter information in the system.

These may be hard to prevent, focus on detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some examples of active threats?

A

Masquerade

replay

modification of messages

Denial of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the masquerade attack?

A

The attacker claims to be a different entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the replay attack?

A

The attacker sends a message that has already been sent.

Retransmission of a passive capture of a data unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the modification of messages attack?

A

Attacker changes messages during transmission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is denial of service attack?

A

The attacker prevents legitimate users from accessing resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a security service?

A

A processing or communication service to give a specific kind of protection to system resources (supports one or more of the security requirements: CIA, authenticity, accountability).

Implemented by security mechanisms.

20
Q

What is a security mechanism?

A

Method of implementing one or more security services.

A process/device that is designed to detect, prevent or recover from attacks.

21
Q

Name some security services (8)

A

Peer entity authentication

Data origin authentication

Access control

Data confidentiality

Traffic flow confidentiality

Data integrity

Non-repudiation

Availability services

22
Q

What is Peer entity authentication?

A

Provides confirmation of the claimed identity of an entity.

Protects against masquerade or replay

23
Q

What is Data origin authentication?

A

Provides confirmation of the claimed source (origin) of a data unit (message)

24
Q

What is Access control?

A

Protection against unauthorized use of resources.
Usually provided in combination with authentication and authorisation services.

25
Q

What is data confidentiality?

A

Protects data against unautherized disclosure.

Protection of transmitted data prom passive attacks.

26
Q

What is traffic flow confidentiality?

A

Protects disclosure of data which can be derived from knowledge of traffic flows.

27
Q

What is data interity?

A

Detects modification, insertion, deletion or replay of data in a message or a stream of messages

28
Q

What is non-repudiation?

A

Protects against any attempt by the creator of a message to falsely deny creating the data or its content.

Protects against denial by the sender, or denial by the recipient

29
Q

What is availability service?

A

Protects a system against denial of service

30
Q

What are some mechanisms? (6)

A

Encipherment

Digital signature

Traffic padding

Authentication

Routing control

Notarization

access control mechanisms (passwords, tokens)

Integrity mechanisms (corruption detection)

31
Q

What is encipherment?

A

Transformation of data in order to hide its information content.

32
Q

What is digital signature?

A

Mechanism, cryptographic algorithms which transform data using a signing key.

Signed data can only be created with the signing key.

33
Q

What are authentication exchange?

A

Protocols which exchange information to ensure identity of protocol participants.
E.g. TLS

34
Q

What is traffic padding?

A

Spurious traffic generated to protect against traffic analysis.
Typically used in combination with encipherment

35
Q

What are routing control mechanisms?

A

Use of specific secure routes

36
Q

What is the notarization mechanism?

A

Uses a trusted third party to assure the source or receipt of data.
This third party is sometimes called a notary.

37
Q

What are the 6 categories of security services?

A

Authentication

Access control

Data confidentiality

Data integrity

Nonrepudiation

Availability

38
Q

What are the 8 categories of security mechanisms?

A

Crypto algorithms

Traffic padding

Data integrity

Routing control

Digital signature

Notarization

Authentication exchange

Access control

39
Q

What is risk management?

A

Tool in information security management:
1. identifies threats
2. Classifies threats according to likelihood and severity
3. Apply security controls based on cost-benefit analysis

40
Q

Define information security

A

Information security:
Preservation of CIA, in addition to authenticity, accountability, non-repudiation, reliability

41
Q

Define network security

A

Protection of networks and their services from unautherized modification, destruction or disclosure. Assurance that the network performs its critical functions correctly.

42
Q

What is privacy?

A

Assures that individuals control or influences what information related to them may be collected and stored, and by/to whom it may be disclosed.

43
Q

What is data authenticity?

A

That the digital object is indeed what it claims to be.

44
Q

What is system integrity?

A

That a system performs its functions correctly, free from unautherized manipulation.

45
Q

What is accountability?

A

The security goal that relates to the requirement for actions of an entity to be traced uniquely to that entity.

46
Q

What type of attack is a man-in-the-middle attack?

A

Masquerade

Masquerades as both client and server