Introduction to Computer Security Flashcards
What does not exist?
A completely secure system
Level of security depends on
Time, Money and Probability of a successful break in
Why do we constantly need updates?
Security is a process, not a product. What is considered secure today might not be tomorrow
Why shouldn’t we download updates?
Updates can introduce new vulnerabilities
What happens when you incease the complexity of a system? (SW)
Decrease its security superlinearly
Open System
Interacts with other systems or external enviornment using standard protocols (web browser interacting with websites using HTTP)
Closed System
Designed to work in isolation or only with specific components, often proprietary and less interoperable (iMessage)
Security implications of open systems
May introduce vulnerabilities through interactions with external components
only good thing about
closed systems
Fewer points of exposure
Open Source
Software whose source code is publicly available (Linux, Apache)
Closed Source
Software whose source code is proprietary and not publicly available (Mac, Windows, Adobe Photoshop)
Advantage of open source software
Community audits and faster identification of security issues
Risk of closed-source software
Hidden vulnerabiliies may persist longer due to lack of external audits
kernel
Bridge between software and hardware, core of operating system. (Creates, schedules and terminates processes)
Kerckoffs’s Principle
“A cryptosystem should be secure even if everything about the system, except the key, is public knowledge”
