Lecture 4: 27th September 2019

Question 1

What are the main 3 general, high-level aims of security systems?

Answer 1

Prevent: Lock out the unauthorised user
Detect: Discover when an intrusion has been made or an asset is missing
React: Recover from the attack.

Question 2

What are the desired system characteristics? What are the main 3?

Answer 2

Confidentiality: No unauthorised disclosure
Integrity: Prevent unauthorised modification
Availability: Prevent the withholding of resources.
Reliability: Uptime of system must be near to 100
Auditability: Evidence of actions
Authenticity: No unauthorised users.

The first 3 (CIA) are the main ones.

Question 3

What is an exploit?

Answer 3

an attack performed by someone to take advantage of the vulnerability

Question 4

What is a threat?

Answer 4

a circumstance that has the potential to cause loss or harm such as human attacks or natural disasters

Question 5

What is malware?

Answer 5

same as Malcode or Virus, basically software with an exploits coded. Often there is a signature – a pattern within the code.

Question 6

What is an attack?

Answer 6

an assault launched by cybercriminals using one or more computers against one or more computers or networks in an attempt to breach their security

Question 7

What is an attack vector?

Answer 7

the mechanism or entry route of an exploit

Question 8

Which system layers should security protect?

Answer 8

Hardware: Registers, memory overflow
Operating system: kernel, memory allocation, access rights
Data Storage: access and authorisation
Network: access, authorisation, data packets, routing data
Applications: data and program access and authorisation
Internet: the most problematic application
Physical: the physical machine is also vulnerable

Question 9

How should security authenticate each layer in a system?

Answer 9

Can authenticate separately at each layer (takes more time, people use simple or 1 password => insecure) or use 1 single authentication measure (less secure than long and different passwords for every layer but quicker and, in practice, not significantly less secure) for every layer.

Question 10

How can you ensure you have a legally sufficient and defensible level of security measures on a system?

Answer 10

Adhere to recognised international security standards and guides, e.g. from NIST or ITIL.

Question 11

What should risk analysis consider?

Answer 11

Subject: the who, a person or a process (a program)
Object: the what, the data, the file, the process
Mode: the how, the mode or method of access
Policy: the who, what, how & possibly when.

Question 12

What are the 4 theoretical types of threats?

Answer 12

Modification; fabrication; interrupt; intercept.

Question 13

How can we mitigate threats?

Answer 13

Multi-Level Authentication: not just one weak password,
Least Privilege: don’t give most users a lot of access to the system
Fail Securely (or nicely): compartmentalise the system and have die-time routines
Trust No-One: trust is a slow process and not given by default

Question 14

What should we consider about attacks when taking measures against them?

Answer 14

Who will perform them, what the attack will target, where they will be deployed from, how they work and what the type of attack is.

Question 15

What is a virus?

Answer 15

A self-replicating program that has some detrimental effects, such as providing backdoors, deleting or stealing data.

Question 16

Why should special security precautions be taken on special dates?

Answer 16

Attacks also deployed on notable dates: Friday 13th, Xmas PSN attack, etc.

Question 17

What is a worm?

Answer 17

A program that copies itself from one computer to

another

Question 18

What is a rabbit?

Answer 18

A program that multiplies so rapidly it exhausts resources of a specific type, e.g. disk space or iNode tables. Aka bacterium.

Question 19

What is a logic bomb?

Answer 19

A program that performs an action that violates The security policy when a trigger is executed. A logic bomb may be inserted to go off when someone’s login id has not been executed for a while, or when a random file is read.

Question 20

What is adware?

Answer 20

Software that automatically displays or downloads advertising material such as banners or pop-ups. Some also come with key-loggers or spyware.

Question 21

What is spyware?

Answer 21

Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive. It can log their keystrokes or Internet usage. This is privacy-invasive software.

Question 22

What is spam?

Answer 22

Irrelevant and unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.

Question 23

What is a botnet?

Answer 23

A large network of private computers that have been infected with malicious software without the knowledge or consent of the owner to launch attacks such as spam or DDoS.

Question 24

What is a rootkit?

Answer 24

Software that enables a user to covertly gain control of privileged elements of a computer system without being detected.

Question 25

What was the RAMNIT attack?

Answer 25

A BOTNET that propagated with a worm and stole cookies, login credentials, and Internet usage logs, before setting up a back door.

Question 26

What was the WannaCry attack?

Answer 26

A worm that infected Windows machines with ransomware that encrypted data and demanded cryptocurrency to decrypt them. It spread through SMB ports after scanning 25 random IPs every second and then through networks, such as the NHS in the UK.

Question 27

What is the difference between WannaCrypt and WannaCry?

Answer 27

Same, just different names.

Question 28

What are some good catalogues of vulnerabilities and existing attacks?

Answer 28

NIST NVD, MITRE CVE, and McAfee Quarterly Threat Report

Question 29

What types of organisations are most targeted by phising attacks?

Answer 29

Financial institutions, email services, and payment services.