Introduction Flashcards
What is a network?
An interconnected configuration of system components designed to communicate and share
What is a computer network physically?
A hardware infrastructure interconnecting end devices
What are end devices? Give examples
The devices that are the sources or destinations of data transmitted across the network
E.g., PC’s, game consoles, smart TV’s, smartphones, Network Interface Cards (NIC) and OS’s
What is infrastructure?
communication links (such as fibre cable, radio, etc.) or packet switches (such as routers, link layer switches, etc.)
What are packet switches?
Intermediary network devices that forward data packets between devices within a network based on the packet’s destination addresses
What is a computer network logically?
A system providing information exchange between applications that are not sharing memory
What is Moore’s Law?
“The number of transistors that fit in unit area of an integrated circuit (or equivalently the total processing power of computers) doubles every two years”
What is Metcalfe’s law?
“The value, usefulness, or utility of a network equal the square of the number of users (or connected devices)”
What is the internet physically?
A public network of computer networks with billions of end-devices, networks
What is the internet logically?
A network facility that provides services to globally distributed applications
What is a service, and what is an application?
Services: Core functions provided by the Internet that support data exchange and communication (e.g., email services, web hosting, DNS).
Applications: Software programs that use these services to provide specific functionalities to users (e.g., Gmail, web browsers, instant messaging apps)
What is standardisation for the internet? What does it ensure?
The establishment of uniform hardware and protocol specifications
Ensures device interoperability across different vendors, which fosters competition and results in lower prices for end users
What would be three reasons for government regulations on the internet?
Fighting digital crimes
Facilitating open market competitions
Practicing censorship
What is the internet of things physically? What are some downsides of it?
An extension of the Internet to billions of resource-poor devices
Consists of constrained devices with limited memory, processing power, energy, and accessibility
What is the internet of things logically? Examples
A network that extends the reach of distributed applications to the physical world (including humans, animals, plants, terrain, etc.)
E.g., vehicular networks, intelligent lighting, smart cities, etc.
What are the three primary elements of network infrastructure?
Network edges
Access Networks
Network Core
What are network edges?
End systems/devices or hosts that run applications at the edge of the network, such as worldwide web or email
E.g., computers, smartphones, smart cars, laptops, etc.
What are the two different network models?
Client/Server Model and Peer-to-Peer Model
What is the Client/Server model?
Clients (typically end-user devices) request services or resources from servers, which are powerful computers or software systems that provide services or resources to clients upon requests
What is the Peer-to-Peer model?
End-user devices that are part of the network act as both clients and servers, providing resources or services to other peers whilst also requesting resources or services from them
What is an embedded system?
A specialised computer system designed to perform specific functions within a larger mechanical or electrical system
What are the five types of embedded systems?
Standalone embedded systems
Network-aware embedded systems
Network-connected embedded systems
Network-central embedded systems
Fully networked embedded systems
What is a standalone embedded system?
Systems that have a standalone functionality and do not communicate with other systems
What is a network-aware embedded system? What type of network protocol do they come with? What is their most common form of communication with external sources? Are software updates over a network possible for such systems?
Systems that allow access of some internal functionality from outside
Proprietary network protocols dedicated to this purpose
Simple data retrieval (diagnostics, sensing)
Yes, but they are not typically straightforward
What is a network-connected embedded systems? What is an alternative name for them?
On-line systems that use standard protocols open to the public
Machine-to-machine networks
What is a network-central embedded system? For example:
Systems that have some standalone function but the design of both hardware and software aim at operation in a networked context
Many smartphone apps, television sets, and intelligent lighting
What is a fully-networked embedded system? What type of devices are they typically?
Systems that do not have a meaningful standalone function when they are disconnected from the network.
Very low resource devices with elementary behaviour
What are access networks? What are two distinct categories of access networks? What have been the two primary access networks for homes in the past decades?
The links that connect end devices to a router in the network core
Mobile, wireless acess networks and wired access networks.
Digital Subscriber Line (for telephone lines) and Cable Internet
What is a router?
Networking devices that transfer data between each other
What are the two ways that routers transfer data between each other?
Circuit switching and packet switching
What is circuit switching? What does it require prior to data transmission? What does it need to reserve? What happens to unused, reserved resources? What is its primary advantage?
Involves establishing a dedicated communication path between the sender and receiver, ensuring exclusive access to resources for the entire session
Network setup
Resources for the session
They remain unused
Provides predictable performance
What is packet switching? What are its two primary advantages? Does it involve the sharing of network resources? What does it prevent, and why?
Involves breaking data into packets, allowing them to travel independently through the network via variable routes
Flexibility and efficient resource utilisation
Yes
Idle time as resources are used when needed, without reservations
What is statistical multiplexing?
A technique used in packet switching networks where multiple data streams share the same transmission medium, and resources are allocated dynamically as needed rather than dedicating a fixed amount of bandwidth to each packet
What is the store-and-forward method? How long does it take to transmit a packet of L bits onto a link at R bps? What
Involves each packet of data being received, stored temporarily, and then being forwarded to the next node or destination in the network
L/R
What is the structure of the internet? Specifically, what is at its centre, and what are the following layers?
Tier-1 ISPs, followed by Tier-2 ISPs, and finally Tier-3 ISPs?
What coverage do tier-1 ISPs have? How do they connect to one another?
National/International Coverage
Privately among one another in a peer-to-peer manner
What coverage do tier-2 ISPs have? What do they connect to? How do they interact with tier-1 ISPs? How do they interact with other tier-2 ISPs?
Often regional
Other tier-2 ISPs and tier-1 ISPs
Pay them for connectivity to the rest of the internet
They interconnect privately among one another
What is the coverage of tier-3 ISPs? What are some examples of such ISPs? What are they closest to? Do they have peering and purchasing? What are they customers of?
Local
Businesses, corporations
End systems
No peering, only purchases
Higher tier ISPs
What do last hope networks refer to?
Tier-3 ISPs and local ISPs
What are the primary 7 security attributes for computer networks?
Confidentiality
Integrity
Availability
Authenticity
Non-repudiation
Privacy
Accountability
What is confidentiality?
Keeping secret data hidden from those that are not supposed to see it
What is integrity?
Ensuring that data is not altered by those who are not supposed to change it
What is availability?
Ensuring that data can be used by those that are supposed to use it
What is authenticity?
Ensuring that the data is authentic, i.e., of undisputable origin
What is non-repudiation?
Ensuring that a sender cannot deny the authenticity of data they have sent, nor a recipient can deny receiving it
What is privacy?
Ensuring that one’s data is not used in ways that it should not be
What is accountability?
Ensuring that the information provider is accountable
What are security requirements? What are they expressed in terms of?
Requirements related to security
Security attributes
What are security policies?
Policies about what the system should achieve, what is allowed in which context, and how to enforce those permissions
What is a security model?
Aformal framework used to express and interpret security policies
What is ‘need to know’?
A principle in information security that restricts access to sensitive information to only those individuals who require it to perform their job duties
What is an attacker model? Why is it important, provide an example:
A model describing the various capabilities, goals, and resources of potential adversaries in cybersecurity scenarios
https connection is ‘secure’ if attacker is an eavesdropper, but not secure if the attacker is the web site or its administrator
What are the 11 CCWAPSS Security Scoring Principles?
- Authentication (evaluating methods used to verify identity of users)
- Authorisation (assessing system’s mechanism for determining what actions/resources users are permitted to perform/access)
- Input Check (examining proccedures to validate and sanitise user inputs)
- Error Handling (assessing how system responds to errors and exceptions to ensure that it does not create security risks)
- Password Quality
- Privacy
- Sessions (reviewing how sessions are managed)
- Patching (assessing how security patches and updates are applied)
- Admin Access (evaluating security controls and policies governing administrative access to the system)
- Encryption (analysing use of encryption techniques to protect data)
- Third Parties (assessing security measures in place to manage and mitigate risks associated with third-party services, vendors, or integrations)
What are the four most imporatnt aspects of security engineering?
Design - must address security goals and not imply security problems
Software Quality - implementation of design must not have vulnerabilities
Security Tool Selection - crypto chosen must be well-selected
System usage - users must know how to use the system in the expected manner
What are the three most common security trade-offs?
Security and Usability
Performance and Costs
Confidentiality and Availability
What are the two steps in one security requirement engineering approach?
- Identifying the actors, their goals, and interdependencies
- Identifying attackers, vulnerabilities, and attacks
What does the “Identifying the actors, their goals, and interdependencies” step involve?
Determining the stakeholders (parties with legitimate interests in the system) and their interests, as these will have to be accounted for
What does the “Identifying attackers, vulnerabilities, and attacks” step involve?
Outsiders may try to attack the system and must be considered, but so must insider attackers.
Both types of attacks must be labelled as agents in the system but with malicious intents as their goals.
Based on the vulnerabilities and malicious intents of attackers, we identify potential attacks and assign countermeasures to protect against such attacks.
