Network and Computer Security

Question 1

What are the three fundamental goals of information security?

Answer 1

Confidentiality, Integrity and Availability.

Question 2

What is Confidentiality?

Answer 2

Protecting information from disclosure to unauthorized parties.

Question 3

What is Integrity?

Answer 3

Protecting information from being modified by unauthorized parties.

Question 4

What is Availability?

Answer 4

Ensuring that information is available to authorized parties.

Question 5

What is Identification?

Answer 5

Associating an identity with a subject.

Question 6

What is Authentication?

Answer 6

Verifying the validity of something (usually the identity claimed by a system entity).

Question 7

What is Authorization?

Answer 7

Granting or denying the right or permission of a system entity to access an object.

Question 8

What are the four types of authentication?

Answer 8

• Something that you know such as a password.
• Something that you have such as a physical card.
• Something that you are, so biometrics.
• Context Location such as your current location.

Question 9

What is multi-factor authentication?

Answer 9

When several factors for authentication are combined. A common type is two factor authentication, which requires a password, and then a code sent to a phone. A good multi-factor authentication system uses two different types of authentication.

Question 10

What is social engineering?

Answer 10

Attackers making use of human nature and getting information such as a password or key information out of a person.

Question 11

What are some issues with biometrics?

Answer 11

Nearly all biometrics can be compromised such as fingerprints copied. Biometrics cannot be changed if compromised.

Question 12

What is access control?

Answer 12

This is how we can authorise users. It specifies who (Subject) is allowed to do what (Request) on what (Object). Subject is a set of users on a system, Object is the set of resources to which access is being controlled, and Request is the set of possible actions (such as read and write) a user may want to perform.

Question 13

What is an Access Control Policy?

Answer 13

Defines what is allowed or forbidden in a system. It is analogous to a set of laws usually defined in terms of rules or requirements.

Question 14

How does an Access Control Matrix Model work?

Answer 14

Has a set of current subjects S, a set of current objects O, and and the privileges for each combination of S and O.

For Example:
File 1 File 2
Alice Read
Bob Write Read

Question 15

What is Role Based Access Control?

Answer 15

Has Roles and Users. Each user will have a role, and each role will have permissions. This takes away the issues large organisations have.

Question 16

How does a Role Based Access Control Matrix work?

Answer 16

Has a set of Roles R, a set of current objects O, and and the privileges for each combination of R and O.

For Example:
File 1 File 2
User Read
Admin Write Write

Question 17

What is Discretionary Access Control?

Answer 17

A model used by Unix file systems in which the owner of a file controls the permissions for that file. It also allows users to be assigned to groups which can also own files.

Question 18

What is the Bell-LaPadula model?

Answer 18

An access control system which uses security levels. Files and users both have security levels. Users can read files with an equal or lower security level. Users cannot write to files with a lower security clearance.

Question 19

What is usage control?

Answer 19

Controlling the use of the documents for example how many times you can access it and can you share it.

Question 20

What is Break-Glass Access Control?

Answer 20

Having accounts who have permissions to access everything/more things in case of an emergency. These accounts are usually heavily logged.

Question 21

What is Steganography?

Answer 21

The science of hiding messages inside other messages or images.

Question 21

What is Cryptography?

Answer 21

The science of secret writing, encrypting information so that only people who know something can know the information.

Question 22

What is Cryptanalysis?

Answer 22

The science of analysing a cryptographic system to break/circumvent its protection.

Question 23

What is symmetric encryption?

Answer 23

Where the decryption key is or can be derived from the encryption key.

Question 24

What is asymmetric encryption?

Answer 24

Where the decryption key can’t be derived from the encryption key, so the the public key can be published without compromising the private key.