Lesson 1: The Security Mindset Flashcards

1
Q

security mindset

A

requires you to think like an adversary; how could a malicious party circumvent the goals of a system or product?

understanding techniques for circumventing a defense

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

computer security

A

field that studies how systems work in the presence of adversaries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

think like a defender

A

know what you’re defending and against whom

weigh benefits vs costs: no system is ever completely secure

exercise “rational paranoia”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

how do you think like an attacker?

A
  1. look for weakest links
  2. identify assumptions that security depends on
  3. do not think like the designer of the system; do not constrain yourself; think outside the box
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

how do you think like a defender?

A
  1. security policy: what are you trying to defend?
  2. threat models: who are your adversaries?
  3. assessing risk: what’s worst case scenario
  4. countermeasures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What should a security policy consider?

A
  • what assets are you defending?
  • what security properties do you want to enforce?
    e. g: authenticity (how do you know the sender is really the sender), integrity (no one has tampered with data), confidentiality (how can i ensure that only certain authorized parties can actually see this data), availability (how do i prevent attacker who is blocking access to my data)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what are key ideas when considering threat models

A
  • who is the adversary?
  • what are they capable of?
  • what kind of attacks do we want to prevent?
  • what attacks should we ignore?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do we assess risk?

A

• what would security breaches cost us?

    • direct costs: money, property
    • indirect costs: reputation

• how likely are these costs?

    • probability of attacks?
    • probability of success?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly