Lecture 2: Course overview (key definitions) Flashcards
Give the definition of cyber security provided from the NIST computer security handbook.
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (include hardware, software, firmware, information/data, and telecommunications).
What is NIST?
The National Institute of Standards and Technology is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce. Its mission is to promote American innovation and industrial competitiveness.
What is the difference between computer security and cyber security?
computer security: concerned with the security of a single computer
cyber security: concerned with the security
of multiple computers
Define “a threat”
A threat represents a potential security harm to an asset
system resource
Define “an attack”
An attack a threat that is carried out and, if successful,
leads to an undesirable violation of security
Define “the threat agent”
The threat agent carrying out the attack is referred to as an attacker
Define “a countermeasure”
A countermeasure is any means taken to deal with a security attack (e.g. prevention, detection/recovery).
Define “a residual level of risk to the assets”
A residual level of risk to the assets is represented by
vulnerabilities possibly exploited by threat agents.
What assets (system resources) do we need to protect?
Hardware
Software
Data
Communication facilities and networks
How are those assets threatened?
A leaky, corrupted and/or unavailable computer system or network
Define the hardware asset
computer systems and other data processing,
data storage, and data communications devices
Define the software asset
operating system, system utilities, and applications
Define the data asset
files and databases, as well as security-related
data (e.g. password files)
Define the communication facilities and networks asset
local and wide area network communication links, bridges, routers, etc.
What is meant by a computer system or network having the vulnerability of being leaky?
meaning that it gives access to information
through the network while it should not (see
Confidentiality)
What is meant by a computer system or network having the vulnerability of being corrupted?
meaning that it does the wrong thing or gives wrong answers (see Integrity).
What is meant by a computer system or network having the vulnerability of being unavailable?
meaning that it becomes impossible to use it or
impractical (see Availability)
What are the two types of passive attacks?
1) Eavesdropping (interception)
2) Traffic analysis (inference)
What are the characteristics of a passive attack?
1) DO NOT alter information and resources in the system
2) may be hard to detect but easy to prevent
Define the passive attack of eavesdropping (interception)
the attacker directly accesses
sensitive data traveling between authorised source
and destination
Define the passive attack of traffic analysis (inference)
the attacker gains information from observing the amount of traffic between source and destination
What are the three types of active attacks?
1) Masquerade
2) Modification of messages (falsification)
3) Distributed denial of service (misappropriation)
What are the three types of active attacks?
1) Masquerade
2) Modification of messages (falsification)
3) Distributed denial of service (misappropriation)
What are the characteristics of an active attack?
1) DO alter information and/or resources in the system
2) may be hard to prevent but easy to detect (and recover)
Define the active attack of modification of messages (falsification)
the attacker changes messages during transmission
Define the active attack of modification of messages (falsification)
the attacker changes messages during transmission
Define the active attack of distributed denial of service (misappropriation):
the attacker prevents legitimate users from accessing
resources.
What are the two types of inside attacks?
1) Exposure
2) Falsification
What are the characteristics of an inside attack?
1) initiated by an entity INSIDE the security perimeter
2) authorization to access system resources but use of them in a malicious way
Define the inside attack of exposure
the attacker intentionally releases sensitive information to an outsider.
Define the inside attack of falsification
the attacker alters or replaces valid data or introduces false data into a file or database
What are the two types of outside attacks?
1) Obstruction
2) Intrusion
What are the characteristics of an outside attack?
initiated from OUTSIDE the perimeter, by an unauthorised or illegitimate user of the system
Define the outside attack of obstruction
the attacker disables communication links or
alters communication control information
Define the outside attack of intrusion
the attacker gains unauthorised access to
sensitive data by overcoming the access control
protections
What is information security management required to do?
- Identify threats
- Classify all threats according to likelihood and severity
- Apply security controls based on cost benefit analysis
What do countermeasures to vulnerabilities and threats comprise?
- Computer security technical measures (e.g. access control, authentication, system protection)
- Management measures (e.g. awareness and training)
- Both (e.g. configuration management)
Give the information security definition from the ISO security architecture.
[security, vulnerability, threat]
The term security is used in the sense of minimizing the vulnerabilities of assets and resources. An asset is anything of value.
A vulnerability is any weakness that could be exploited to violate a system or the information it contains.
A threat is a potential violation of security.
What is the CIA triad?
Traditional definitions are based on 3 information security goals: confidentiality, integrity, availability
Define confidentiality
preventing unauthorised disclosure of
information (POODLE attack)
Define integrity
preventing unauthorised (accidental or deliberate) modification or destruction of information (SQLI attack)
Define availability
ensuring resources are accessible when required
by an authorised user (DoS attack)
What does the OSI Security Architecture X.800 define?
security threats (attacks), security services and security mechanisms and how they are related.
Define security service
a processing or communication service to give a specific kind of protection to system resources
Define security mechanism
a method of implementing one or more security services
What does a security service, provided by a layer of communicating open systems, ensure?
adequate security of the systems or of data
transfers as defined by ITU-T X.800
What are the 8 security services?
1) peer entity authentication
2) data origin authentication
3) access control
4) data confidentiality
5) traffic flow confidentiality
6) data integrity
7) non-repudiation
8) availability
What does the security service of peer entity authentication provide?
confirmation of the claimed identify of an entity
What does the security service of data origin authentication provide?
confirmation of the claimed source (origin) of a data unit (message)
What does the security service of access control provide?
protection against unauthorization use of resources. Access control service is usually provided in combination with authentication and authorisation services
What does the security service of data confidentiality protect?
data against unauthorised disclosure
What does the security service of traffic flow confidentiality protect?
disclosure of data which can be derived from knowledge of traffic flows
What does the security service of data integrity detect?
any modification, insertion, deletion or replay of data in a message or a stream of messages
What does the security service of non-repudiation protect against?
any attempt by the creator of a message to falsely deny creating the data or its contents
What does the security service of availability protect?
a system against denial of service
In terms of non-repudiation, what does X.800 talk about?
non-repudiation of origin to protect against denial by the sender of a message, and non-repudiation of receipt to protect against denial by the recipient of a message
What are the 8 security mechanisms?
1) Encipherment
2) Digital signature
3) Access control
4) Data integrity
5) Authentication exchange
6) Traffic padding
7) Routing control
8) Notarization
What is the security mechanism of enchipherment?
the transformation of data in order to hide its information content –> relates to public-key and symmetric-key encryption
What is the security mechanism of digital signature?
cryptographic algorithms which transform data using a signing key
–> essential property is that signed data can only be
created with the signing key
–> relates to standard signature schemes
What are the security mechanisms of access control?
include access control lists, passwords, or tokens, which may be used to indicate access rights
What are the security mechanisms of data integrity?
“corruption detection techniques“ which can be used with ”sequence information“
–> Message Authentication Codes (MACs)
What is the security mechanisms of authentication exchange?
protocols which exchange information to ensure identity of protocol participants
–> e.g. TLS
What is the security mechanisms of traffic padding?
spurious traffic generated to protect against traffic analysis.
typically used in combination with encipherment
What is the security mechanisms of routing control?
the use of specific secure routes
What is the security mechanisms of notarization?
uses a trusted third party to assure the source or receipt of data.
The trusted third party is sometimes called a notary
What security mechanism(s) relate to the security service of peer entity authentication?
1) Encipherment
2) Digital signature
3) Padding
What security mechanism(s) relate to the security service of data origin authentication?
1) Encipherment
2) Digital signature
What security mechanism(s) relate to the security service of access control ?
1) Encipherment
What security mechanism(s) relate to the security service of Data Confidentiality?
1) Encipherment
2) Routing control
What security mechanism(s) relate to the security service of Traffic Flow Confidentiality?
1) Encipherment
2) Padding
3) Routing control
What security mechanism(s) relate to the security service of Data Integrity?
1) Encipherment
2) Digital signature
3) Data Integrity
What security mechanism(s) relate to the security service of Non-repudiation?
1) Digital signature
2) Data Integrity
3) Notarization
What security mechanism(s) relate to the security service of Availability?
1) Data Integrity
2) Auth. exchange
What security service(s) relate to the security mechanism of Encipherment?
1) Peer entity authentication
2) Data origin authentication
3) Data Confidentiality
4) Traffic Flow Confidentiality
5) Data Integrity
What security service(s) relate to the security mechanism of Digital Signature?
1) Peer entity authentication
2) Data origin authentication
3) Data Integrity
4) Non-repudiation
What security service(s) relate to the security mechanism of Access control?
1) Access control
What security service(s) relate to the security mechanism of Data Integrity?
1) Data Integrity
2) Non-repudiation
3) Availability
What security service(s) relate to the security mechanism of Auth. exchange?
1) Peer entity authentication
2) Availability
What security service(s) relate to the security mechanism of Padding?
1) Traffic Flow Confidentiality
What security service(s) relate to the security mechanism of Routing control?
1) Data Confidentiality
2) Traffic Flow Confidentiality
What security service(s) relate to the security mechanism of Notarization?
1) Non-repudiation
