Slides from Hell Flashcards

1
Q

What is computer security?

A

Protection of computer systems from theft or damage.
This covers the hardware, software, and data stored on the system.

Misdirection and disruption of the services that the systems provide can also be counted as “damage”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How is the protection of computer systems achieved?

A

Includes but is not limited to:

  1. Controlling physical access to the hardware.
  2. Controlling malpractice by users, whether intentional or unintentional, such as accidental damage or being mislead by a malicious third party.
  3. Protecting against outside threats such as attacks on the network e.g code injection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the CIA triad?

A

The triad involving the three key properties of computer security:

  1. Confidentiality (only authorised users can access private data)
  2. Integrity (Data should be kept authentic, accurate and reliable)
  3. Availability (Data is easily accessible)

Good systems must strike a balance between these factors, but achieving one of them normally comes at the cost of others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is authentication?

A

Determining if someone is who they say they are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is non-repudiation?

A

The inability to refute responsibility.

Not much use knowing a malicious act happened if you didn’t record who did it - keep track of who is causing damage so you can blame it on them later.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a threat?

A

A potential negative action or event that has the potential to harm a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a vulnerability?

A

A weakness in an IT system that can be exploited by a threat to deliver a successful attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is “Risk”?

A

The potential for loss or damage when a threat exploits a vulnerability.

So: Risk = Threat * Vulnerability

“Risk” is what security programmers attempt to eliminate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why are computer systems valuable targets?

A

They often contain sensitive material which is in turn worth a lot of money.

This could be protected health information, intellectual property, governmental systems ect..

Someone would either pay for this data, or pay for it to not be public knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What costs are associated with the effects of cybercrime?

A

Economic Cost - Theft of intellectual property, repairing damaged hardware.

Reputational Cost - Loss of consumer trust, poor media coverage.

Regulatory Cost - Cost of GDPR fines ect..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the risks of allow data input online?

A
  1. Data can be unknown, untrusted, and insecure, and may be malicious. Nothing can be trusted.
  2. Text input allows malicious parties to enter malicious code that can run on your system.
  3. Its difficult to detect and/or identify malicious users attempting to damage web apps.
  4. Improper handling of data and/or not checking inputted data is a leading cause of critical vulnerabilities in todays webapps and systems.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an injection attack?

A

Attacker supplies untrusted bad input to application.
Input gets processed and affects system in negative manner.
Oldest and dangerous method of attack.
Can lead to:
Data theft and loss, data integrity loss, DoS, system compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are examples of injection attacks?

A
  1. Cross-Site Scripting (XSS)
  2. SQL Injection
  3. Buffer Overflow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Cross-Site Scripting (XSS)

A

Attacker uses compromised webapp to send users their malicious code which often gives them access to session cookies which can be used to steal their identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is SQL Injection?

A

Attacker sends SQL through text input which can return sensitive data from the DB and can also allow them to commit operations or drop the whole DB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly