Network and Computer Security Flashcards
What are the three fundamental goals of information security?
Confidentiality, Integrity and Availability.
What is Confidentiality?
Protecting information from disclosure to unauthorized parties.
What is Integrity?
Protecting information from being modified by unauthorized parties.
What is Availability?
Ensuring that information is available to authorized parties.
What is Identification?
Associating an identity with a subject.
What is Authentication?
Verifying the validity of something (usually the identity claimed by a system entity).
What is Authorization?
Granting or denying the right or permission of a system entity to access an object.
What are the four types of authentication?
- Something that you know such as a password.
- Something that you have such as a physical card.
- Something that you are, so biometrics.
- Context Location such as your current location.
What is multi-factor authentication?
When several factors for authentication are combined. A common type is two factor authentication, which requires a password, and then a code sent to a phone. A good multi-factor authentication system uses two different types of authentication.
What is social engineering?
Attackers making use of human nature and getting information such as a password or key information out of a person.
What are some issues with biometrics?
Nearly all biometrics can be compromised such as fingerprints copied. Biometrics cannot be changed if compromised.
What is access control?
This is how we can authorise users. It specifies who (Subject) is allowed to do what (Request) on what (Object). Subject is a set of users on a system, Object is the set of resources to which access is being controlled, and Request is the set of possible actions (such as read and write) a user may want to perform.
What is an Access Control Policy?
Defines what is allowed or forbidden in a system. It is analogous to a set of laws usually defined in terms of rules or requirements.
How does an Access Control Matrix Model work?
Has a set of current subjects S, a set of current objects O, and and the privileges for each combination of S and O.
For Example:
File 1 File 2
Alice Read
Bob Write Read
What is Role Based Access Control?
Has Roles and Users. Each user will have a role, and each role will have permissions. This takes away the issues large organisations have.
How does a Role Based Access Control Matrix work?
Has a set of Roles R, a set of current objects O, and and the privileges for each combination of R and O.
For Example:
File 1 File 2
User Read
Admin Write Write
What is Discretionary Access Control?
A model used by Unix file systems in which the owner of a file controls the permissions for that file. It also allows users to be assigned to groups which can also own files.
What is the Bell-LaPadula model?
An access control system which uses security levels. Files and users both have security levels. Users can read files with an equal or lower security level. Users cannot write to files with a lower security clearance.
What is usage control?
Controlling the use of the documents for example how many times you can access it and can you share it.
What is Break-Glass Access Control?
Having accounts who have permissions to access everything/more things in case of an emergency. These accounts are usually heavily logged.
What is Steganography?
The science of hiding messages inside other messages or images.
What is Cryptography?
The science of secret writing, encrypting information so that only people who know something can know the information.
What is Cryptanalysis?
The science of analysing a cryptographic system to break/circumvent its protection.
What is symmetric encryption?
Where the decryption key is or can be derived from the encryption key.
What is asymmetric encryption?
Where the decryption key can’t be derived from the encryption key, so the the public key can be published without compromising the private key.