Introduction Flashcards

1
Q

What is a network?

A

An interconnected configuration of system components designed to communicate and share

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a computer network physically?

A

A hardware infrastructure interconnecting end devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are end devices? Give examples

A

The devices that are the sources or destinations of data transmitted across the network

E.g., PC’s, game consoles, smart TV’s, smartphones, Network Interface Cards (NIC) and OS’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is infrastructure?

A

communication links (such as fibre cable, radio, etc.) or packet switches (such as routers, link layer switches, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are packet switches?

A

Intermediary network devices that forward data packets between devices within a network based on the packet’s destination addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a computer network logically?

A

A system providing information exchange between applications that are not sharing memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Moore’s Law?

A

“The number of transistors that fit in unit area of an integrated circuit (or equivalently the total processing power of computers) doubles every two years”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Metcalfe’s law?

A

“The value, usefulness, or utility of a network equal the square of the number of users (or connected devices)”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the internet physically?

A

A public network of computer networks with billions of end-devices, networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the internet logically?

A

A network facility that provides services to globally distributed applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a service, and what is an application?

A

Services: Core functions provided by the Internet that support data exchange and communication (e.g., email services, web hosting, DNS).

Applications: Software programs that use these services to provide specific functionalities to users (e.g., Gmail, web browsers, instant messaging apps)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is standardisation for the internet? What does it ensure?

A

The establishment of uniform hardware and protocol specifications

Ensures device interoperability across different vendors, which fosters competition and results in lower prices for end users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What would be three reasons for government regulations on the internet?

A

Fighting digital crimes

Facilitating open market competitions

Practicing censorship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the internet of things physically? What are some downsides of it?

A

An extension of the Internet to billions of resource-poor devices

Consists of constrained devices with limited memory, processing power, energy, and accessibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the internet of things logically? Examples

A

A network that extends the reach of distributed applications to the physical world (including humans, animals, plants, terrain, etc.)

E.g., vehicular networks, intelligent lighting, smart cities, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the three primary elements of network infrastructure?

A

Network edges
Access Networks
Network Core

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are network edges?

A

End systems/devices or hosts that run applications at the edge of the network, such as worldwide web or email

E.g., computers, smartphones, smart cars, laptops, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the two different network models?

A

Client/Server Model and Peer-to-Peer Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the Client/Server model?

A

Clients (typically end-user devices) request services or resources from servers, which are powerful computers or software systems that provide services or resources to clients upon requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the Peer-to-Peer model?

A

End-user devices that are part of the network act as both clients and servers, providing resources or services to other peers whilst also requesting resources or services from them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is an embedded system?

A

A specialised computer system designed to perform specific functions within a larger mechanical or electrical system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the five types of embedded systems?

A

Standalone embedded systems
Network-aware embedded systems
Network-connected embedded systems
Network-central embedded systems
Fully networked embedded systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a standalone embedded system?

A

Systems that have a standalone functionality and do not communicate with other systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a network-aware embedded system? What type of network protocol do they come with? What is their most common form of communication with external sources? Are software updates over a network possible for such systems?

A

Systems that allow access of some internal functionality from outside

Proprietary network protocols dedicated to this purpose

Simple data retrieval (diagnostics, sensing)

Yes, but they are not typically straightforward

25
What is a network-connected embedded systems? What is an alternative name for them?
On-line systems that use standard protocols open to the public Machine-to-machine networks
26
What is a network-central embedded system? For example:
Systems that have some standalone function but the design of both hardware and software aim at operation in a networked context Many smartphone apps, television sets, and intelligent lighting
27
What is a fully-networked embedded system? What type of devices are they typically?
Systems that do not have a meaningful standalone function when they are disconnected from the network. Very low resource devices with elementary behaviour
28
What are access networks? What are two distinct categories of access networks? What have been the two primary access networks for homes in the past decades?
The links that connect end devices to a router in the network core Mobile, wireless acess networks and wired access networks. Digital Subscriber Line (for telephone lines) and Cable Internet
29
What is a router?
Networking devices that transfer data between each other
30
What are the two ways that routers transfer data between each other?
Circuit switching and packet switching
31
What is circuit switching? What does it require prior to data transmission? What does it need to reserve? What happens to unused, reserved resources? What is its primary advantage?
Involves establishing a dedicated communication path between the sender and receiver, ensuring exclusive access to resources for the entire session Network setup Resources for the session They remain unused Provides predictable performance
32
What is packet switching? What are its two primary advantages? Does it involve the sharing of network resources? What does it prevent, and why?
Involves breaking data into packets, allowing them to travel independently through the network via variable routes Flexibility and efficient resource utilisation Yes Idle time as resources are used when needed, without reservations
33
What is statistical multiplexing?
A technique used in packet switching networks where multiple data streams share the same transmission medium, and resources are allocated dynamically as needed rather than dedicating a fixed amount of bandwidth to each packet
34
What is the store-and-forward method? How long does it take to transmit a packet of L bits onto a link at R bps? What
Involves each packet of data being received, stored temporarily, and then being forwarded to the next node or destination in the network L/R
35
What is the structure of the internet? Specifically, what is at its centre, and what are the following layers?
Tier-1 ISPs, followed by Tier-2 ISPs, and finally Tier-3 ISPs?
36
What coverage do tier-1 ISPs have? How do they connect to one another?
National/International Coverage Privately among one another in a peer-to-peer manner
37
What coverage do tier-2 ISPs have? What do they connect to? How do they interact with tier-1 ISPs? How do they interact with other tier-2 ISPs?
Often regional Other tier-2 ISPs and tier-1 ISPs Pay them for connectivity to the rest of the internet They interconnect privately among one another
38
What is the coverage of tier-3 ISPs? What are some examples of such ISPs? What are they closest to? Do they have peering and purchasing? What are they customers of?
Local Businesses, corporations End systems No peering, only purchases Higher tier ISPs
39
What do last hope networks refer to?
Tier-3 ISPs and local ISPs
40
What are the primary 7 security attributes for computer networks?
Confidentiality Integrity Availability Authenticity Non-repudiation Privacy Accountability
41
What is confidentiality?
Keeping secret data hidden from those that are not supposed to see it
42
What is integrity?
Ensuring that data is not altered by those who are not supposed to change it
43
What is availability?
Ensuring that data can be used by those that are supposed to use it
44
What is authenticity?
Ensuring that the data is authentic, i.e., of undisputable origin
45
What is non-repudiation?
Ensuring that a sender cannot deny the authenticity of data they have sent, nor a recipient can deny receiving it
46
What is privacy?
Ensuring that one's data is not used in ways that it should not be
47
What is accountability?
Ensuring that the information provider is accountable
48
What are security requirements? What are they expressed in terms of?
Requirements related to security Security attributes
49
What are security policies?
Policies about what the system should achieve, what is allowed in which context, and how to enforce those permissions
50
What is a security model?
Aformal framework used to express and interpret security policies
51
What is 'need to know'?
A principle in information security that restricts access to sensitive information to only those individuals who require it to perform their job duties
52
What is an attacker model? Why is it important, provide an example:
A model describing the various capabilities, goals, and resources of potential adversaries in cybersecurity scenarios https connection is ‘secure’ if attacker is an eavesdropper, but not secure if the attacker is the web site or its administrator
53
What are the 11 CCWAPSS Security Scoring Principles?
1. Authentication (evaluating methods used to verify identity of users) 2. Authorisation (assessing system's mechanism for determining what actions/resources users are permitted to perform/access) 3. Input Check (examining proccedures to validate and sanitise user inputs) 4. Error Handling (assessing how system responds to errors and exceptions to ensure that it does not create security risks) 5. Password Quality 6. Privacy 7. Sessions (reviewing how sessions are managed) 8. Patching (assessing how security patches and updates are applied) 9. Admin Access (evaluating security controls and policies governing administrative access to the system) 10. Encryption (analysing use of encryption techniques to protect data) 11. Third Parties (assessing security measures in place to manage and mitigate risks associated with third-party services, vendors, or integrations)
54
What are the four most imporatnt aspects of security engineering?
Design - must address security goals and not imply security problems Software Quality - implementation of design must not have vulnerabilities Security Tool Selection - crypto chosen must be well-selected System usage - users must know how to use the system in the expected manner
55
What are the three most common security trade-offs?
Security and Usability Performance and Costs Confidentiality and Availability
56
What are the two steps in one security requirement engineering approach?
1. Identifying the actors, their goals, and interdependencies 2. Identifying attackers, vulnerabilities, and attacks
57
What does the "Identifying the actors, their goals, and interdependencies" step involve?
Determining the stakeholders (parties with legitimate interests in the system) and their interests, as these will have to be accounted for
58
What does the "Identifying attackers, vulnerabilities, and attacks" step involve?
Outsiders may try to attack the system and must be considered, but so must insider attackers. Both types of attacks must be labelled as agents in the system but with malicious intents as their goals. Based on the vulnerabilities and malicious intents of attackers, we identify potential attacks and assign countermeasures to protect against such attacks.