Network and Computer Security Flashcards
What does CIA stand for?
Confidentiality
Integrity
Availability
Define Identification
Associating an indentity with a subject
Define Authentication
Verifying the validity of something
Define Authorization
Granting (or denying) the right or permission of a system entity to access an object
Define Access Control
Controlling the access of system entities (on behalf of subjects) to objects based on an access control policy
What are four widely used mechanisms for authentication?
- Something you know - Password/PIN
- Something you have - Smart card or one-time password
- Something you are - Biometric Characteristics/Facial Scan/Photograph
- Location
What do good systems include?
Allow for passwords and validate passwords securely
How to access systems securely that require a password
Allow passwords of arbitrary length
Store passwords hashed
Define Social Engineering
Tricking people into giving up private information or doing things they shouldn’t, usually by pretending to be someone they trust.
Define a Soft Token
A one-time use password
What is a bad example of a Hard Token?
UniCard as it could easily be duplicated
What is a Biometric Scan?
Uses characteristics of your body
- Fingerprint
- Retina scan
- Face scan
To authenticate your identity
What do Typical Access Control models focus on?
Authorization
- Specification of who is allowed to do what
- How to update/change permissions
Give an example of a simple access control model.
AC = Subject x Object x Request
List 4 key factors of access control models.
- Often depend on system state
- Subjects and permissionsd change over time
- Access rights might require the fulfillment of obligations
- They are prone to implementation and configuration mistakes (bugs)
What does a security policy do?
Defines what is allowed (and/or forbidden)
- It is analogous to a set of laws
- Defined in terms of rules and/or requirements