Lecture 2: Course overview (key definitions)

Question 1

Give the definition of cyber security provided from the NIST computer security handbook.

Answer 1

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (include hardware, software, firmware, information/data, and telecommunications).

Question 2

What is NIST?

Answer 2

The National Institute of Standards and Technology is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce. Its mission is to promote American innovation and industrial competitiveness.

Question 3

What is the difference between computer security and cyber security?

Answer 3

computer security: concerned with the security of a single computer

cyber security: concerned with the security
of multiple computers

Question 4

Define “a threat”

Answer 4

A threat represents a potential security harm to an asset

system resource

Question 5

Define “an attack”

Answer 5

An attack a threat that is carried out and, if successful,

leads to an undesirable violation of security

Question 6

Define “the threat agent”

Answer 6

The threat agent carrying out the attack is referred to as an attacker

Question 7

Define “a countermeasure”

Answer 7

A countermeasure is any means taken to deal with a security attack (e.g. prevention, detection/recovery).

Question 8

Define “a residual level of risk to the assets”

Answer 8

A residual level of risk to the assets is represented by

vulnerabilities possibly exploited by threat agents.

Question 9

What assets (system resources) do we need to protect?

Answer 9

Hardware
Software
Data
Communication facilities and networks

Question 10

How are those assets threatened?

Answer 10

A leaky, corrupted and/or unavailable computer system or network

Question 11

Define the hardware asset

Answer 11

computer systems and other data processing,

data storage, and data communications devices

Question 12

Define the software asset

Answer 12

operating system, system utilities, and applications

Question 13

Define the data asset

Answer 13

files and databases, as well as security-related

data (e.g. password files)

Question 14

Define the communication facilities and networks asset

Answer 14

local and wide area network communication links, bridges, routers, etc.

Question 15

What is meant by a computer system or network having the vulnerability of being leaky?

Answer 15

meaning that it gives access to information
through the network while it should not (see
Confidentiality)

Question 16

What is meant by a computer system or network having the vulnerability of being corrupted?

Answer 16

meaning that it does the wrong thing or gives
wrong answers (see Integrity).

Question 17

What is meant by a computer system or network having the vulnerability of being unavailable?

Answer 17

meaning that it becomes impossible to use it or

impractical (see Availability)

Question 18

What are the two types of passive attacks?

Answer 18

1) Eavesdropping (interception)

2) Traffic analysis (inference)

Question 19

What are the characteristics of a passive attack?

Answer 19

1) DO NOT alter information and resources in the system

2) may be hard to detect but easy to prevent

Question 20

Define the passive attack of eavesdropping (interception)

Answer 20

the attacker directly accesses
sensitive data traveling between authorised source
and destination

Question 21

Define the passive attack of traffic analysis (inference)

Answer 21

the attacker gains information from observing the amount of traffic between source and destination

Question 22

What are the three types of active attacks?

Answer 22

1) Masquerade
2) Modification of messages (falsification)
3) Distributed denial of service (misappropriation)

Question 23

What are the three types of active attacks?

Answer 23

1) Masquerade
2) Modification of messages (falsification)
3) Distributed denial of service (misappropriation)

Question 24

What are the characteristics of an active attack?

Answer 24

1) DO alter information and/or resources in the system

2) may be hard to prevent but easy to detect (and recover)

Question 25

Define the active attack of modification of messages (falsification)

Answer 25

the attacker changes messages during transmission

Question 26

Define the active attack of modification of messages (falsification)

Answer 26

the attacker changes messages during transmission

Question 27

Define the active attack of distributed denial of service (misappropriation):

Answer 27

the attacker prevents legitimate users from accessing | resources.

Question 28

What are the two types of inside attacks?

Answer 28

1) Exposure | 2) Falsification

Question 29

What are the characteristics of an inside attack?

Answer 29

1) initiated by an entity INSIDE the security perimeter | 2) authorization to access system resources but use of them in a malicious way

Question 30

Define the inside attack of exposure

Answer 30

the attacker intentionally releases sensitive information to an outsider.

Question 31

Define the inside attack of falsification

Answer 31

the attacker alters or replaces valid data or introduces false data into a file or database

Question 32

What are the two types of outside attacks?

Answer 32

1) Obstruction | 2) Intrusion

Question 33

What are the characteristics of an outside attack?

Answer 33

initiated from OUTSIDE the perimeter, by an unauthorised or illegitimate user of the system

Question 34

Define the outside attack of obstruction

Answer 34

the attacker disables communication links or | alters communication control information

Question 35

Define the outside attack of intrusion

Answer 35

the attacker gains unauthorised access to sensitive data by overcoming the access control protections

Question 36

What is information security management required to do?

Answer 36

1. Identify threats 2. Classify all threats according to likelihood and severity 3. Apply security controls based on cost benefit analysis

Question 37

What do countermeasures to vulnerabilities and threats comprise?

Answer 37

1. Computer security technical measures (e.g. access control, authentication, system protection) 2. Management measures (e.g. awareness and training) 3. Both (e.g. configuration management)

Question 38

Give the information security definition from the ISO security architecture. [security, vulnerability, threat]

Answer 38

The term security is used in the sense of minimizing the vulnerabilities of assets and resources. An asset is anything of value. A vulnerability is any weakness that could be exploited to violate a system or the information it contains. A threat is a potential violation of security.

Question 39

What is the CIA triad?

Answer 39

Traditional definitions are based on 3 information security goals: confidentiality, integrity, availability

Question 40

Define confidentiality

Answer 40

preventing unauthorised disclosure of | information (POODLE attack)

Question 41

Define integrity

Answer 41

``` preventing unauthorised (accidental or deliberate) modification or destruction of information (SQLI attack) ```

Question 42

Define availability

Answer 42

ensuring resources are accessible when required | by an authorised user (DoS attack)

Question 43

What does the OSI Security Architecture X.800 define?

Answer 43

``` security threats (attacks), security services and security mechanisms and how they are related. ```

Question 44

Define security service

Answer 44

a processing or communication service to give a specific kind of protection to system resources

Question 45

Define security mechanism

Answer 45

a method of implementing one or more security services

Question 46

What does a security service, provided by a layer of communicating open systems, ensure?

Answer 46

adequate security of the systems or of data | transfers as defined by ITU-T X.800

Question 47

What are the 8 security services?

Answer 47

1) peer entity authentication 2) data origin authentication 3) access control 4) data confidentiality 5) traffic flow confidentiality 6) data integrity 7) non-repudiation 8) availability

Question 48

What does the security service of peer entity authentication provide?

Answer 48

confirmation of the claimed identify of an entity

Question 49

What does the security service of data origin authentication provide?

Answer 49

confirmation of the claimed source (origin) of a data unit (message)

Question 50

What does the security service of access control provide?

Answer 50

protection against unauthorization use of resources. Access control service is usually provided in combination with authentication and authorisation services

Question 51

What does the security service of data confidentiality protect?

Answer 51

data against unauthorised disclosure

Question 52

What does the security service of traffic flow confidentiality protect?

Answer 52

disclosure of data which can be derived from knowledge of traffic flows

Question 53

What does the security service of data integrity detect?

Answer 53

any modification, insertion, deletion or replay of data in a message or a stream of messages

Question 54

What does the security service of non-repudiation protect against?

Answer 54

any attempt by the creator of a message to falsely deny creating the data or its contents

Question 55

What does the security service of availability protect?

Answer 55

a system against denial of service

Question 56

In terms of non-repudiation, what does X.800 talk about?

Answer 56

non-repudiation of origin to protect against denial by the sender of a message, and non-repudiation of receipt to protect against denial by the recipient of a message

Question 57

What are the 8 security mechanisms?

Answer 57

1) Encipherment 2) Digital signature 3) Access control 4) Data integrity 5) Authentication exchange 6) Traffic padding 7) Routing control 8) Notarization

Question 58

What is the security mechanism of enchipherment?

Answer 58

the transformation of data in order to hide its information content --> relates to public-key and symmetric-key encryption

Question 59

What is the security mechanism of digital signature?

Answer 59

cryptographic algorithms which transform data using a signing key --> essential property is that signed data can only be created with the signing key --> relates to standard signature schemes

Question 60

What are the security mechanisms of access control?

Answer 60

include access control lists, passwords, or tokens, which may be used to indicate access rights

Question 61

What are the security mechanisms of data integrity?

Answer 61

“corruption detection techniques“ which can be used with ”sequence information“ --> Message Authentication Codes (MACs)

Question 62

What is the security mechanisms of authentication exchange?

Answer 62

protocols which exchange information to ensure identity of protocol participants --> e.g. TLS

Question 63

What is the security mechanisms of traffic padding?

Answer 63

spurious traffic generated to protect against traffic analysis. typically used in combination with encipherment

Question 64

What is the security mechanisms of routing control?

Answer 64

the use of specific secure routes

Question 65

What is the security mechanisms of notarization?

Answer 65

uses a trusted third party to assure the source or receipt of data. The trusted third party is sometimes called a notary

Question 66

What security mechanism(s) relate to the security service of peer entity authentication?

Answer 66

1) Encipherment 2) Digital signature 3) Padding

Question 67

What security mechanism(s) relate to the security service of data origin authentication?

Answer 67

1) Encipherment | 2) Digital signature

Question 68

What security mechanism(s) relate to the security service of access control ?

Answer 68

1) Encipherment

Question 69

What security mechanism(s) relate to the security service of Data Confidentiality?

Answer 69

1) Encipherment | 2) Routing control

Question 70

What security mechanism(s) relate to the security service of Traffic Flow Confidentiality?

Answer 70

1) Encipherment 2) Padding 3) Routing control

Question 71

What security mechanism(s) relate to the security service of Data Integrity?

Answer 71

1) Encipherment 2) Digital signature 3) Data Integrity

Question 72

What security mechanism(s) relate to the security service of Non-repudiation?

Answer 72

1) Digital signature 2) Data Integrity 3) Notarization

Question 73

What security mechanism(s) relate to the security service of Availability?

Answer 73

1) Data Integrity | 2) Auth. exchange

Question 74

What security service(s) relate to the security mechanism of Encipherment?

Answer 74

1) Peer entity authentication 2) Data origin authentication 3) Data Confidentiality 4) Traffic Flow Confidentiality 5) Data Integrity

Question 75

What security service(s) relate to the security mechanism of Digital Signature?

Answer 75

1) Peer entity authentication 2) Data origin authentication 3) Data Integrity 4) Non-repudiation

Question 76

What security service(s) relate to the security mechanism of Access control?

Answer 76

1) Access control

Question 77

What security service(s) relate to the security mechanism of Data Integrity?

Answer 77

1) Data Integrity 2) Non-repudiation 3) Availability

Question 78

What security service(s) relate to the security mechanism of Auth. exchange?

Answer 78

1) Peer entity authentication | 2) Availability

Question 79

What security service(s) relate to the security mechanism of Padding?

Answer 79

1) Traffic Flow Confidentiality

Question 80

What security service(s) relate to the security mechanism of Routing control?

Answer 80

1) Data Confidentiality | 2) Traffic Flow Confidentiality

Question 81

What security service(s) relate to the security mechanism of Notarization?

Answer 81

1) Non-repudiation