Lesson 1: The Security Mindset Flashcards
1
Q
security mindset
A
requires you to think like an adversary; how could a malicious party circumvent the goals of a system or product?
understanding techniques for circumventing a defense
2
Q
computer security
A
field that studies how systems work in the presence of adversaries
3
Q
think like a defender
A
know what you’re defending and against whom
weigh benefits vs costs: no system is ever completely secure
exercise “rational paranoia”
4
Q
how do you think like an attacker?
A
- look for weakest links
- identify assumptions that security depends on
- do not think like the designer of the system; do not constrain yourself; think outside the box
5
Q
how do you think like a defender?
A
- security policy: what are you trying to defend?
- threat models: who are your adversaries?
- assessing risk: what’s worst case scenario
- countermeasures
6
Q
What should a security policy consider?
A
- what assets are you defending?
- what security properties do you want to enforce?
e. g: authenticity (how do you know the sender is really the sender), integrity (no one has tampered with data), confidentiality (how can i ensure that only certain authorized parties can actually see this data), availability (how do i prevent attacker who is blocking access to my data)
7
Q
what are key ideas when considering threat models
A
- who is the adversary?
- what are they capable of?
- what kind of attacks do we want to prevent?
- what attacks should we ignore?
8
Q
How do we assess risk?
A
• what would security breaches cost us?
- direct costs: money, property
- indirect costs: reputation
• how likely are these costs?
- probability of attacks?
- probability of success?