Introduction Flashcards
Define security
Minimizing the vulnerabilities of assets and resources
What are assets?
Anything of value, in information security these are information systems.
What is a vulnerability?
Any weakness that could be exploited to violate a system or the information is contains.
What is a threat?
A potential violation of security
What is the CIA triad?
Confidentiality
Integrity
Availability
What is confidentiality?
Preventing unauthorised disclosure of information
What is integrity?
Preventing unautherised (accidental or deliberate) modification or destruction of information
What is availability?
Ensuring resources are accessible when required by an authorised user
What is the OSI Security Architecture?
Systematic approach of providing security at each layer.
Defines security services and mechanisms that provide security for data transmitted over a network.
Defines threats (or attacks), services, mechanisms and how they are related
What are passive threats?
Threats that do not alter information in a system.
Eavesdropping, traffic analysis
hard to detect, focus on preventing their success
What is eavesdropping?
Attacker monitors communication.
E.g.: sniffing packets, tapping telephone
What is traffic analysis?
Attacker monitor the amount, source and destination of communication.
What are active threats?
Threats that alter information in the system.
These may be hard to prevent, focus on detection
What are some examples of active threats?
Masquerade
replay
modification of messages
Denial of service
What is the masquerade attack?
The attacker claims to be a different entity
What is the replay attack?
The attacker sends a message that has already been sent.
Retransmission of a passive capture of a data unit
What is the modification of messages attack?
Attacker changes messages during transmission
What is denial of service attack?
The attacker prevents legitimate users from accessing resources