Tenta Flashcards
What are the two steps in password authentication?
Identification (announcing who you are) and Authentication (proving who you are).
What are the four means of user authentication?
1) Something you know (e.g., password), 2) Something you possess (e.g., token), 3) Something you are (e.g., biometric), 4) Something you do (e.g., behavior-based).
What is multi-factor authentication (MFA)?
A method that combines two or more authentication factors to verify identity.
What role does a username/login ID play in password authentication?
It determines the user’s authorization and privileges in the system.
What role does a password play in password authentication?
It confirms the user’s identity and establishes trust for access.
What is a hash function?
A one-way function that’s easy to compute but hard to reverse.
Why is a salt added to a password before hashing?
To ensure unique hashes even for identical passwords, preventing rainbow table attacks.
What is a rainbow table?
A precomputed table for reversing cryptographic hash functions, used in password cracking.
What are the three main password cracking strategies?
Exhaustive search (brute force), intelligent search (e.g., dictionary attack), and using dedicated cracking servers.
What is a password spoofing attack?
An attack where a fake interface captures user credentials.
What is shoulder surfing?
Observing a user enter a password over their shoulder.
What is a key logger?
Software or hardware that records keystrokes.
What is proactive password checking?
Enforcing rules or using dictionaries to prevent weak passwords from being used.
What is a Bloom filter used for in password checking?
To efficiently check if a password exists in a blacklist of weak passwords.
What are the drawbacks of memory cards?
They require special readers, can be lost, and may cause user dissatisfaction.
What is a smart card?
A card with an embedded microprocessor used for authentication.
What are the three types of memory in smart cards?
ROM, EEPROM, and RAM.
What are the smart card authentication protocols?
Static, dynamic password generation, and challenge-response.
What is biometric authentication?
Authentication based on unique physical characteristics.
What are the two types of biometric matching?
Verification (1:1 comparison) and Identification (1:n comparison).
What is the Equal Error Rate (EER)?
The point where False Match Rate (FMR) and False Non-Match Rate (FNMR) are equal.
What is FMR in biometric systems?
False Match Rate – the rate at which unauthorized users are incorrectly accepted.
What is FNMR in biometric systems?
False Non-Match Rate – the rate at which legitimate users are incorrectly rejected.
What biometric method has superior performance?
Iris pattern recognition.
What are fingerprint minutiae?
Features like ridge endings and bifurcations used for fingerprint recognition.
What is challenge-response protocol?
A method where the system issues a challenge that the user must respond to correctly.
What are major threats in remote user authentication?
DoS, eavesdropping, host attacks, replay, client attacks, and Trojan horses.
Why should default passwords be changed?
To prevent easy access by attackers who know factory-set credentials.
What is a trusted path?
A secure method of communication ensuring interaction with a legitimate system component.
What does a password policy typically enforce?
Rules on password length, complexity, and change frequency.
What is the function of password ageing?
To require users to change passwords regularly.
What is single sign-on (SSO)?
Authentication once to access multiple services.
How can failed logins help identify attacks?
They may indicate unauthorized attempts to access an account.
What were some of the top 10 passwords used by Adobe users in 2013?
‘123456’, ‘123456789’, ‘password’, ‘qwerty’, ‘picture1’
What is NIST SP 800-63-3?
A Digital Authentication Guideline defining confidence in user identities presented electronically.
What does Cisco Identity Services Engine (ISE) provide regarding authentication?
An example of an admin password policy.
What are some types of CAPTCHA used in challenge-response mechanisms?
Image CAPTCHA, Text CAPTCHA, FunCAPTCHA, Phone Prompt, Authenticator App.
What is the purpose of a CAPTCHA in authentication?
To verify the user is human and not a bot.
What are the three types of memory in a smart card?
Read-only memory (ROM), EEPROM, and RAM.
What is the role of the embedded microprocessor in a smart card?
To process data and support authentication protocols.
What are the types of interfaces used by smart tokens?
Manual interface (keypad/display) and electronic interface (contact/contactless).
What are fingerprint minutiae?
Features like ridge endings, bifurcations, cores, and deltas.
Why are multiple fingers often recorded in biometric systems?
To increase accuracy of fingerprint recognition.
What is False Match Rate (FMR)?
The rate at which unauthorized users are incorrectly accepted.
What is False Non-Match Rate (FNMR)?
The rate at which legitimate users are incorrectly rejected.
What is Equal Error Rate (EER)?
The point where FMR and FNMR are equal; used to evaluate biometric systems.
Which biometric method generally has the lowest EER?
Iris pattern recognition.
What are biometric systems used for in low-security applications?
Convenience, e.g., unlocking a smartphone with fingerprint or face.
Why might high-security applications use biometrics?
To reduce FMR and enhance difficulty of misuse.
How can combining biometrics improve security?
Using multiple biometrics lowers FMR but may increase FNMR.
What is a Replay Attack in authentication?
An adversary reuses a previously captured user response.
What is a Trojan Horse attack in authentication?
A malicious program or device mimicking a legitimate one to steal credentials.
What is a Client Attack?
An adversary attempts to authenticate without access to host or communication path, e.g., by guessing passwords.
What is a Host Attack?
Targeting the user file where credentials or biometric templates are stored.
What is Eavesdropping in authentication?
Observing the authentication process to steal credentials.
What is Denial of Service (DoS) in authentication?
Flooding the system with requests to disable the service.
What is a trusted path?
A secure mechanism ensuring communication with the operating system, not spoofed software.
How do browsers help prevent spoofing?
By displaying the real URL in a way that cannot be spoofed by web servers.
Why are characters often hidden during password entry?
To prevent shoulder surfing.
Why might showing characters during password entry be useful?
Improves usability, especially for long or complex passwords.
What is a threat in the context of information security?
A potential security harm to an asset.
When does a threat materialize?
When an attack successfully exploits a vulnerability.
Who or what is a threat agent?
The entity carrying out an attack, such as an attacker.
What motivates hackers as threat agents?
Curiosity, challenge, and reputation.
What tools do hackers typically use?
Viruses, worms, phishing.
What is the primary goal of thieves as threat agents?
Monetary gain.
What skill level is usually associated with hacktivists?
Apprentice.
What are nation state attackers often motivated by?
Cyberwarfare, counter-intelligence, strategic goals.
What skill level is typically associated with nation state actors?
Master.
Give an example of a tool used by organized crime groups.
Botnets, ransomware, inside information.
What are examples of tangible assets?
Servers, networking equipment, storage devices, workstations.
What are examples of intangible assets?
Brand reputation, data, software, encryption keys.
Why is identifying intangible assets challenging?
They are not readily discovered or documented like hardware or software.
Define a vulnerability in a system.
A weakness that could be exploited to damage assets.
What are the three categories of vulnerabilities?
Corrupted (integrity), Leaky (confidentiality), Unavailable (availability).
Give an example of a leaky vulnerability.
Insecure data transfer and storage.
Name a tool used to find vulnerabilities.
Nessus Vulnerability Scanner, NMAP.
What are the three steps in threat modeling?
1) Decompose the application, 2) Determine and rank threats, 3) Determine countermeasures.
What is the purpose of decomposing an application in threat modeling?
To understand how the application functions and identify vulnerabilities.
What are entry points in threat modeling?
Places where data enters the system.
What is an exit point in an application?
Places where data exits, such as output or session termination.
What is a trust level in threat modeling?
A defined access right assigned to entities interacting with the system.
What do data flow diagrams (DFDs) represent?
Visual representations of how data moves and is processed in the application.
What does a privilege boundary in a DFD signify?
A change in trust level.
What is the role of a data store in DFD?
To represent where data is stored without modifying it.
What does STRIDE stand for?
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.
What security property does Spoofing violate?
Authentication.
Give an example of Tampering.
Changing data in the backend to grant unauthorized privileges.
What is Repudiation in STRIDE?
Denial of an action to avoid responsibility.
What does Information Disclosure violate?
Confidentiality.
Give an example of a DoS attack.
Flooding the network with requests.
What does Elevation of Privilege entail?
Gaining more privileges than entitled.
What does DREAD stand for?
Damage, Reproducibility, Exploitability, Affected Users, Discoverability.
What is a limitation of the DREAD model?
Subjective scoring and lack of widespread adoption.
What is an alternative to DREAD for threat ranking?
Qualitative risk model (Low, Medium, High).
What is an attack surface?
Reachable and exploitable vulnerabilities in a system.
Name a category of attack surface.
Software, Network, Human.
What is attack surface analysis useful for?
Assessing the scale and severity of threats.
What is the root node in an attack tree?
The ultimate goal of the attacker.
What do leaf nodes in an attack tree represent?
Specific methods to initiate an attack.
How should credentials be protected?
With encryption in storage and transit.
What should passwords be stored with?
Salted hashes.
What is an effective authorization method?
Role-based access control.
What principle restricts access to only necessary resources?
Principle of least privilege.
What protocols are recommended for data protection in transit?
SSL/TLS.
What technique protects data integrity?
Hashed message authentication codes (HMACs).
What mitigates Spoofing?
Authentication and protecting secret data.
How to defend against Tampering?
Authorization, hashes, HMACs, digital signatures.
How to mitigate Repudiation?
Digital signatures, audit trails, timestamps.
What helps prevent Information Disclosure?
Encryption, privacy-enhanced protocols.
How to reduce Denial of Service risk?
Throttling, filtering, quality of service.
What helps against Elevation of Privilege?
Strong access control and least privilege.
Name a threat modeling tool from Microsoft.
Microsoft Threat Modeling Tool.
What is OWASP Threat Dragon?
An open-source tool for threat modeling.
What is malware?
A program covertly inserted into a system to compromise confidentiality, integrity, or availability.
What are the two main malware classification methods?
By propagation and by payload.
Name types of malware based on propagation.
Virus, worm, Trojan horse.
Name types of malware based on payload.
Ransomware, logic bomb, botnet, spyware, keylogger, phishing, backdoor, rootkit.
What was Creeper?
The first computer worm spreading via ARPANET; displayed a message but did no harm.
What was the significance of Reaper?
First antivirus created to remove Creeper.
What made WannaCry unique?
It was a global ransomware attack using Bitcoin for payment.
What is Stuxnet known for?
Infected USB drives; targeted Iranian nuclear facilities.
What is Mirai?
A botnet of IoT devices used in DDoS attacks.
What does Mozi target?
IoT devices using weak passwords and unpatched vulnerabilities.
How does a virus propagate?
By attaching itself to executable code and running with the host program.
What are boot sector infectors?
Viruses that infect the master boot record.
What are polymorphic viruses?
Viruses that replicate with different bit patterns to avoid detection.
What is a stealth virus?
A virus that hides its presence from antivirus programs.
What is a multipartite virus?
A virus that infects multiple file types for complex eradication.
How does a worm differ from a virus?
A worm replicates without attaching to a host file.
What was the Morris Worm?
An early worm targeting UNIX systems using multiple attack vectors.
What is a zero-day exploit in worms?
An attack that uses previously unknown vulnerabilities.
What is a Trojan horse?
Software that appears harmless but hides malicious functionality.
How is a Trojan typically installed?
By tricking users into copying and running the program.
What does ransomware do?
Encrypts data and demands ransom for decryption.
Give an example of ransomware.
Gpcode, WannaCry.
What is a logic bomb?
Malicious code triggered by specific events or conditions.
What is a botnet?
A network of infected machines used for malicious tasks.
Name some uses of bots.
DDoS, keylogging, spam, sniffing, manipulating polls.
What is spyware?
Malware that monitors user activity and redirects web traffic.
What is phishing?
Tricking users into revealing personal data through fake websites or emails.
What is a keylogger?
Malware that records keystrokes to steal sensitive info.
What is a backdoor?
A hidden way to access a system, often installed by developers.
What is a rootkit?
Software that hides the presence of malicious processes or programs.
What causes a buffer overflow?
Storing more data than a buffer’s allocated space.
What is stack smashing?
A buffer overflow on the stack, used to alter control flow.
What are heap buffer overflows?
Overflows targeting the heap to redirect data or pointers.
Name a function vulnerable to buffer overflow.
gets(), strcpy(), strcat(), vsprintf().
What is SQL injection (SQLi)?
A vulnerability that allows attackers to interfere with database queries.
What is union-based SQLi?
Using UNION SELECT to extract additional data from a query.
What is Boolean-based SQLi?
Injecting conditions like ‘OR 1=1’ to bypass authentication.
What is command injection?
Injecting system commands via unvalidated input.
What is a cross-site scripting (XSS) attack?
Injecting script code into HTML output sent to other users.
What is Server-Side Request Forgery (SSRF)?
Tricking a server into making internal network requests.
What is XML External Entity (XXE) attack?
An attack exploiting XML parsers to access sensitive files or internal services.
What is Metasploit?
A framework for exploiting vulnerabilities and injecting payloads.
What does Kali Linux include?
A collection of tools for penetration testing.
What is Burp Suite used for?
Web vulnerability scanning and proxying.
What is the role of Wireshark?
Network traffic analysis.
What is OWASP ZAP?
Tool for fuzzing, spidering and proxying web apps.
What does Nmap do?
Scans networks and discovers devices.
What is Maltego used for?
Information gathering and analysis.
What does Fiddler do?
Analyzes web traffic and supports proxying.
What is cryptography?
The art and science of keeping messages secure using mathematical techniques.
What are the five key goals of cryptography?
Confidentiality, privacy preservation, authentication, data integrity, non-repudiation.
What is plaintext?
The original, unencrypted message or data.
What is ciphertext?
The scrambled message produced by encryption.
What is an encryption algorithm?
An algorithm that performs substitutions and transformations on plaintext.
What is a secret key?
Used in symmetric encryption for both encrypting and decrypting.
What is a public key?
Used in asymmetric encryption for encrypting data.
What is a private key?
Used in asymmetric encryption for decrypting data.
What is cryptanalysis?
The process of attempting to discover the plaintext or key.
What is a ciphertext-only attack?
The attacker only knows the ciphertext and attempts to decrypt it.
What is a known plaintext attack?
The attacker knows plaintext-ciphertext pairs encrypted with the same key.
What is a chosen plaintext attack?
The attacker chooses plaintexts and obtains their ciphertexts.
What is a chosen ciphertext attack?
The attacker chooses ciphertexts and gets corresponding plaintexts.
What is a chosen text attack?
Combination of chosen plaintext and chosen ciphertext attacks.
What is the difference between symmetric and asymmetric encryption?
Symmetric uses one key; asymmetric uses two keys (public/private).
What is a block cipher?
Processes input in fixed-size blocks, e.g., 128-bit blocks in AES.
What is a stream cipher?
Encrypts data one bit or byte at a time.
What is the Caesar cipher?
A substitution cipher that shifts letters a fixed number down the alphabet.
How is Caesar cipher represented mathematically?
ek(x) = (x + k) mod 26; dk(y) = (y - k) mod 26.
What is symmetric encryption?
Both sender and receiver use the same secret key.
What is asymmetric encryption?
Sender and receiver use different keys (public/private).
What problem does a digital certificate solve?
It helps verify public key authenticity.
What is a certificate authority (CA)?
A trusted third party that issues digital certificates.
What is in an X.509 certificate?
Subject’s name, public key, and digital signature from CA.
What is a Feistel Cipher Structure?
A block cipher design dividing data into left/right halves with multiple rounds.
What is a Substitution-Permutation Network (SPN)?
A cipher structure used in AES combining S-boxes and P-boxes.
What cipher uses the SPN structure?
AES (Advanced Encryption Standard).
How many rounds does AES use?
10 for 128-bit keys, 12 for 192-bit, 14 for 256-bit keys.
What is AES?
A symmetric block cipher standard replacing DES.
What are the AES key sizes?
128, 192, or 256 bits.
Name applications of AES.
SSL/TLS, SFTP, WPA, IPSec, WhatsApp, BitLocker.
What is ECB mode?
Encrypts each block independently with the same key.
What is CBC mode?
Each block is XORed with the previous ciphertext block before encryption.
What are other cipher modes?
CFB, OFB, CTR.
What is a hash function?
A function that maps variable-length input to a fixed-length output.
What is preimage resistance?
It’s hard to find any input that hashes to a specific output.
What is second preimage resistance?
It’s hard to find a different input with the same hash.
What is collision resistance?
It’s hard to find two inputs with the same hash.
Name common hashing algorithms.
MD5, RIPEMD128, SHA-1, SHA-256.
What are hash functions used for?
Password verification, digital signatures, integrity checking, etc.
What is a MAC?
A short piece of information to authenticate a message using a shared key.
How is MAC generated?
Using encryption algorithms or hash functions (e.g., HMAC).
What is HMAC?
A keyed-hash message authentication code standard documented in RFC 2104.
What are HMAC’s design goals?
Usability, replaceability of hash functions, and strong authentication.
What is AEAD?
Authenticated Encryption with Associated Data, ensures both confidentiality and integrity.
What is the role of ‘Associated Data’ in AEAD?
It is not encrypted but is authenticated for integrity protection.
What does IoT stand for?
Internet of Things.
Why is IoT security important?
Because IoT devices handle sensitive data and are increasingly integrated into critical infrastructure.
Name traditional physical security safeguards.
Fences, locks, and signatures.
Give examples of smart environments in IoT.
Smart lighting, connected cars, smart homes.
What is the ‘headless’ nature of IoT devices?
They often lack user interfaces, making them harder to monitor and secure.
Why are resource constraints an IoT security issue?
IoT devices often have limited processing power, memory, and energy, making strong security hard to implement.
What is the challenge posed by heterogenous protocols?
Different IoT devices use various communication protocols, making standardization and security more complex.
Why is dynamic communication a risk in IoT?
IoT devices often connect and disconnect dynamically, which complicates monitoring and control.
What is tamper resistance in IoT devices?
The ability of a device to resist physical access or modification.
What does ‘longevity expectations’ refer to in IoT?
IoT devices are expected to function for many years, often beyond their supported update cycles.
What are the three core information security goals?
Confidentiality, Integrity, and Availability.
What threats correspond to each security goal?
Disclosure (Confidentiality), Alteration (Integrity), Destruction (Availability).
How have cyber threats evolved over time?
From individual hackers to organized crime and nation state actors.
What is the impact of nation state threats?
High-level attacks for espionage, sabotage, and influence.
Who are the main threat actors in IoT security?
Hackers, nation states, and organized crime groups.
Name device-level IoT security measures.
Hardware encryption, secure platforms, enhanced algorithms.
Name network-level IoT security measures.
VPNs, firewalls, intrusion prevention and detection systems (IPS/IDS).
What are examples of service-level security strategies?
Security-by-design, privacy-by-design, and compliance with standards.
What are cybersecurity trust labels?
Certifications or marks indicating a device meets certain security standards.
What is the main concept of the Zero-Trust Model?
Never trust, always verify.
What does the Zero-Trust Model assume about users and devices?
They should not be trusted by default, even inside secure networks.
What is AI?
Artificial Intelligence – the ability of machines to mimic human intelligence.
How did Prof. Max Tegmark define intelligence?
The ability to accomplish complex goals.
When did modern Homo Sapiens emerge on the ‘Earth-as-one-year’ timeline?
11 minutes ago.
How recently did the internet emerge on the same timeline?
0.17 seconds ago.
What does intelligence require according to the lecture?
Computations to manage data and make decisions.
What is the theoretical processing power difference between machines and biological tissue?
A factor of 10^33.
How long could Moore’s Law potentially continue?
Another 200 years.
What is a requirement for intelligent behavior?
Not just computation, but the right computations (software).
Is there a single agreed-upon definition of AI?
No, the definition evolves with new research.
What is machine learning (ML)?
A subfield of AI where computers learn from past data.
What makes ML different from traditional programming?
ML learns from data without being explicitly programmed.
What are the three main components of a machine learning system?
Learning algorithm, input data, and the learned model.
What does the model produce from new data?
Predictions or decisions.
What is classification in ML?
Mapping observations into predefined categories using labeled data.
Give an example of classification.
Classifying emails as spam or not spam.
What is regression in ML?
Predicting a numerical value based on input features.
Give an example of regression.
Estimating a car’s price based on model, year, mileage, etc.
What is clustering in ML?
Grouping observations based on similarities without labeled data.
What algorithm is used for clustering?
k-Means.
What are the two main learning paradigms in ML?
Supervised and unsupervised learning.
What is required for supervised learning?
Labeled data.
What is reinforcement learning?
Learning actions through rewards to maximize outcomes.
What is deep learning?
An ML technique using neural networks to learn multiple abstraction levels.
What enabled deep learning advances?
Big data and high computational power.
Give two application examples of deep learning.
Speech recognition and image recognition.
List four current AI system examples.
Robotics, text-to-image generation, self-driving cars, conversation systems like ChatGPT.
What is AI ethics?
A field concerned with moral principles guiding AI behavior and impact.
Give an example of an ethical dilemma in AI.
Self-driving cars deciding between protecting passengers or pedestrians.
Why is training data in AI an ethical concern?
It may affect user privacy and introduce bias.
What are three focal points of AI ethics?
Prediction quality, outcome impact, and effect on humans.
What are the two main categories of attacks on ML models?
Adversarial input attacks and data poisoning attacks.
What is an adversarial input attack?
Slightly modifying input features to trick ML models into incorrect classification.
What is a real-world example of adversarial input?
A stop sign misclassified as a speed limit sign due to added stickers.
What is a data poisoning attack?
Injecting malicious data into the training set to mislead the model.
What are the two goals of poisoning attacks?
Affect availability (useless model) or integrity (add backdoor).
What is the black-box problem in AI?
AI models are often too complex to understand.
What does LIME stand for?
Local Interpretable Model-Agnostic Explanations.
What is the purpose of LIME?
To interpret and explain decisions made by AI models.
What is an Internet Security Protocol?
A framework of standards that ensures private and secure communications over IP networks using cryptographic services.
What is S/MIME?
Secure/Multipurpose Internet Mail Extension – a security enhancement to the MIME email format.
Which algorithms does S/MIME use by default?
AES (symmetric) and RSA (asymmetric).
What is ‘Envelope data’ in S/MIME?
Encrypted content and encryption keys for one or more recipients.
What is ‘Signed data’ in S/MIME?
A digital signature of the content created using the sender’s private key.
What is the process of secret key handling in S/MIME?
Message is encrypted with AES using a pseudorandom key; the key is encrypted with the recipient’s RSA public key.
What are the components of the Internet Mail Architecture (RFC 5598)?
Message User Agent (MUA) and Message Handling Service (MHS: MSA, MTA, MDA).
What is TLS?
A cryptographic protocol ensuring secure transmission between users and servers.
What three functions does TLS provide?
Authentication, data integrity (via MAC), and confidentiality (via encryption).
What is a TLS session?
An association between a client and server created by the handshake protocol.
What is a TLS connection?
A peer-to-peer transport service linked to one session.
What does the TLS Handshake Protocol do?
Authenticates client and server, negotiates keys and algorithms.
Name some uses of TLS.
HTTPS, IMAP, SMTP, XMPP, MQTT (IoT), video conferencing.
Which TLS versions are deprecated?
TLS 1.0 and 1.1.
Which TLS version is most widely used?
TLS 1.2.
What makes TLS 1.3 different?
Simpler and stronger ciphers, single roundtrip, better performance.
What is the BEAST attack?
Targets block cipher vulnerabilities like DES to steal HTTPS cookies.
What is POODLE?
Forces downgrade to SSL 3.0 to exploit vulnerabilities.
What is SWEET32?
Targets older block and stream ciphers like DES and RC4.
What is the LUCKY13 attack?
Exploits timing side-channels in MAC padding.
What is HTTPS?
Hypertext Transfer Protocol Secure – an encrypted version of HTTP using SSL/TLS.
Which port does HTTPS use by default?
Port 443.
What data is encrypted in HTTPS?
URL, document content, form data, cookies, HTTP headers.
What is IPSec?
A protocol suite securing IP traffic with encryption, authentication, and key exchange.
At what level is IPSec implemented?
IP level (network layer).
Name IPSec’s three functional areas.
Authentication, confidentiality, key management.
What are the two core components of IPSec?
Encapsulating Security Payload (ESP) and Internet Key Exchange (IKE).
Give examples of IPSec applications.
VoIP, LAN/WAN security, e-commerce, intranet/extranet communication.
What is Kerberos?
A TTP-based protocol for secure remote authentication.
What is a Ticket Granting Ticket (TGT)?
A token generated by the Kerberos server used to access application servers.
What does Kerberos prevent?
Password transmission over the network.
What does Kerberos support?
Single Sign-On (SSO) and mutual authentication.
What is a VPN?
A virtual private tunnel between a device and remote server that encrypts data and hides IP addresses.
What are the types of VPNs?
Remote access VPN, Site-to-site VPN, VPN apps.
Name two VPN disadvantages.
Potential speed reduction, possible logging by free VPNs.
What is SSH?
A cryptographic protocol for secure network services over insecure networks.
Which port does SSH use?
TCP port 22.
What encryption types are used in SSH?
Symmetric, asymmetric, and hashing.
What is SSH’s encryption mode?
Encrypt-and-authenticate (E&A).
How do you generate a key pair for GitHub SSH access?
ssh-keygen -t ed25519 -C 'email@example.com' and copy the public key.
What is SFTP?
Secure File Transfer Protocol – secure version of FTP using SSH.
How is HTTPS different from SFTP?
HTTPS secures web traffic using SSL/TLS; SFTP secures file transfers using SSH.
What is OAuth2?
An authorization protocol that allows limited access to user data across services.
What is access control?
A security technique that regulates who or what can view or use resources in a computing environment.
What is a reference monitor?
A component that validates access requests and grants or denies access based on security policy.
In the filing cabinet analogy, what is the reference monitor?
The locked filing cabinets.
In the nightclub analogy, what is the reference monitor?
The security guard with the guest list.
What is a UID in UNIX?
A unique user identification number.
What is a GID in UNIX?
A group ID used to organize users.
What is an inode in UNIX?
A file-based data structure that holds metadata about files.
What do the permission bits rwx stand for?
Read (4), Write (2), Execute (1).
What does chmod 777 do?
Grants full read, write, execute permissions to owner, group, and others.
What command changes file ownership?
sudo chown user file.txt
What does ‘d’ at the beginning of a UNIX permission string indicate?
It indicates a directory.
What does ‘r’ mean for a directory?
Allows reading file names in the directory.
What does ‘w’ mean for a directory?
Allows modifying directory contents (create, delete, rename files).
What does ‘x’ mean for a directory?
Allows accessing files if their name is known (traverse permission).
What is Discretionary Access Control (DAC)?
Access based on user identity; users can delegate their privileges.
What is a key disadvantage of the access control matrix?
It becomes inefficient and hard to manage at scale.
What is an Access Control List (ACL)?
A list for each object specifying which subjects have what access.
What is a Capability List?
A list for each subject specifying access rights to various objects.
What is the structure of an Access Control Matrix?
Subjects in rows, objects in columns, access rights in entries.
What are three implementations of ACM?
Authorization table, ACLs, and Capability lists.
What is a disadvantage of ACLs?
Poor efficiency due to search overhead and large storage space needs.
What is a disadvantage of Capability Lists?
Hard to revoke/change rights and manage memory.
How is ACL like the nightclub analogy?
Focuses on the object (club), and who is allowed in.
How is a Capability List like the filing cabinet analogy?
Each user has a key ring (capabilities) for the cabinets they can access.
What is Role-Based Access Control (RBAC)?
Access based on user roles within an organization.
Why is RBAC convenient?
Roles are more stable than changing user-permission pairs.
Where is RBAC commonly used?
Active Directory, Oracle DB, Microsoft SQL Server, PostgreSQL.
What is Attribute-Based Access Control (ABAC)?
Access decisions based on attributes of subjects, objects, and environment.
Give an example of subject attributes in ABAC.
Age, department, role.
What are environment attributes in ABAC?
Context like location, time, or network condition.
Where is ABAC useful?
Firewalls, servers, APIs, databases.
What is Rule-Based Access Control (RuBAC)?
Uses predefined rules to allow/deny access, e.g., firewall policies.
What is Mandatory Access Control (MAC)?
Access decisions made by a central authority, often used in military/government.
What is vertical access control?
Restricts access based on user type (e.g., admin vs. regular user).
What is horizontal access control?
Restricts access based on ownership of resources.
What is context-dependent access control?
Restricts access based on system/user state or sequence of actions.
What is a security intrusion?
An event or series of events where an intruder gains or attempts to gain unauthorized access.
What is intrusion detection?
A service that monitors and analyzes system events for signs of unauthorized access.
What are the five stages of intruder behavior?
- Target acquisition, 2. Initial access, 3. Privilege escalation, 4. System exploit & access maintenance, 5. Covering tracks.
What are the three main components of an IDS?
- Sensors, 2. Analyzers, 3. User Interface.
What does a sensor do in IDS?
Collects data such as logs, packets, system calls.
What does an analyzer do in IDS?
Determines if an intrusion has occurred.
What does the user interface provide in IDS?
Guidance and control over the IDS output.
What is HIDS?
Host-based Intrusion Detection System – monitors individual host systems.
What is NIDS?
Network-based Intrusion Detection System – monitors network traffic.
What is a distributed IDS?
An IDS combining multiple sensors and data from across systems.
What is signature-based detection?
Uses known attack patterns or rules to detect intrusions.
What is anomaly detection?
Identifies deviations from normal behavior, useful for zero-day attacks.
What are the three IDS development methods?
- Statistical, 2. Knowledge-based, 3. Machine Learning.
What can HIDS detect?
Changes to registry, critical files, failed logins, rootkits, backdoors.
List drawbacks of HIDS.
Resource use, tampering risk, false alarms, management difficulty.
Name HIDS best practices.
Deploy on critical systems, secure the HIDS, monitor alerts, update signatures.
Where can NIDS be deployed?
- Between Internet and firewall, 2. Inside firewall, 3. On backbone, 4. On workstation networks.
What is the difference between inline and passive NIDS sensors?
Inline inspects live traffic; passive inspects copied traffic.
What layers does NIDS monitor?
Network, transport, and application.
What attacks are detected by signature-based NIDS?
DoS, scanning, worms.
What attacks are detected by anomaly-based NIDS?
Sudden behavior changes, policy violations.
What data can a NIDS sensor log?
Timestamp, protocols, IPs, ports, session ID, severity, and payload.
What is a honeypot?
A decoy system designed to attract attackers and log their behavior.
What are the types of honeypots?
Low interaction and high interaction honeypots.
What is a firewall?
A system that controls incoming and outgoing traffic based on rules.
List advantages of firewalls.
Blocks unauthorized access, monitors traffic, supports VPN/IPSec.
List disadvantages of firewalls.
Can’t stop insider threats or attacks bypassing the firewall.
What is a packet filtering firewall?
Inspects IP header info to allow/deny packets based on rules.
What is a stateful inspection firewall?
Maintains a table of active connections to make decisions.
What is an application proxy firewall?
Acts as an intermediary for application traffic like FTP, Telnet.
What are some attacks against packet filtering firewalls?
IP spoofing, source routing, tiny fragment attacks.
What are weaknesses of packet filtering firewalls?
No application awareness, weak logging, vulnerable to config errors.
Name five places a firewall can be deployed.
Standalone device, router, LAN switch, server, personal device.
What is a host-based firewall?
Firewall software on individual devices like servers or workstations.
What is a DMZ in networking?
A separate network zone for publicly accessible services.
What is a distributed firewall?
A network of firewalls managed centrally across hosts.
What is an IPS?
An intrusion detection system that can block or prevent attacks.
What is a HIPS?
Host-based IPS – protects system resources and files.
What is a NIPS?
Network-based IPS – protects against network-level attacks.
What are four IPS techniques?
- Pattern matching, 2. Stateful matching, 3. Traffic anomaly, 4. Statistical anomaly.
What attacks can HIPS/NIPS prevent?
Rootkits, privilege escalation, buffer overflow, directory traversal.
What is privacy?
The claim of individuals to control how, when, and to what extent information about them is communicated.
How does the UN define the right to privacy?
Protection against arbitrary interference with privacy, family, home, or correspondence.
What is Glancy’s interpretation of privacy?
Part of the fundamental right to life and enjoyment of life.
What is trust?
Belief in the reliability, truth, or ability of someone or something.
What is ethics?
The study of right and wrong and how people should act.
Who defined privacy as ‘the right to be let alone’?
Warren and Brandeis (1890).
What is contextual integrity in privacy?
Adherence to informational norms of a context—what is appropriate sharing.
Who defined power as the ability to get someone to do something they wouldn’t otherwise do?
R. Dahl (1957).
What was Foucault’s view on power?
Power is not a possession but a dynamic force that exists everywhere.
What is surveillance according to David Lyon?
Systematic and routine attention to personal details for influence or control.
What is dataveillance?
Systematic use of personal data systems to monitor behavior.
What is sousveillance?
Bottom-up surveillance by individuals, often toward powerful institutions.
What is the chilling effect?
When people self-censor due to fear of surveillance or regulation.
What is consent under GDPR Article 4(11)?
Freely given, specific, informed and unambiguous indication of data subject’s wishes.
What is Zero Trust?
A model where no user or system is inherently trusted – ‘never trust, always verify’.
Name types of trust discussed in the lecture.
Institutional trust, trust in government, trust in self, business, citizens.
What is the freedom vs. security trade-off?
How much freedom one is willing to sacrifice in exchange for security.
What is ‘function creep’ in data usage?
When data collected for one purpose is used for another.
What is surveillance capitalism?
Business model that profits from the extraction and analysis of personal data.
Who coined ‘Big Other’?
Shoshana Zuboff.
What does ‘Big Other’ refer to?
An information-driven structure of surveillance used for behavior prediction and control.
What is the purpose of whistleblowing?
To expose unethical or illegal conduct, often in the public interest.
What does SFS 2016:749 §4 protect?
Workers from reprisals for whistleblowing on serious misconduct.
What does SFS 2021:890 §2 define?
The conditions under which work-related reporting is protected under EU law.
What is deontology?
Ethics based on rules and duties.
What is consequentialism?
Ethics based on outcomes or consequences.
What is virtue ethics?
Ethics based on character and virtues.
What is intersectionality?
The way race, gender, class, etc., intersect to affect individuals’ experiences.
Who coined the term intersectionality?
Kimberlé Crenshaw (1989).
What is the difference between misinformation and disinformation?
Misinformation is false info spread unknowingly; disinformation is spread deliberately.
Who is Frances Haugen?
Facebook whistleblower who exposed the company’s harmful practices.
What is the ‘stochastic parrot’ critique?
Criticism of large language models generating text without understanding meaning.
Who coined the term ‘stochastic parrot’?
Bender, Gebru, McMillan-Major, & Shmitchell (2021).
What is the Anthropocene?
A proposed epoch where human activity dominates Earth’s systems.
What are key themes in environmental ethics?
Sustainable consumption, lifecycle management, intergenerational justice.
What is social engineering?
Psychological manipulation to trick users into giving up sensitive information.
Who was Kevin Mitnick?
A famous hacker who used social engineering; later became a security consultant.
What did Kevin Mitnick say about security threats?
The biggest threat is people, not technology.
What is Information Security Governance?
Strategic direction and oversight of security, risk, and resources.
What is COBIT?
A framework for developing, monitoring, and improving IT governance.
List two COBIT principles.
- Meeting stakeholder needs, 2. Holistic approach to business.
Give an example of a COBIT control objective.
Use unique user IDs and conduct regular access rights reviews.
What is the difference between a policy and a procedure?
A policy is a broad statement; a procedure is detailed instructions.
What is a standard in security governance?
Mandatory specification for implementing a policy.
What is a guideline?
A non-mandatory recommendation related to a policy.
Give one sign of non-effective governance.
Board focuses only on profits and ignores security.
Give one sign of effective governance.
Executives participate in risk committees and set acceptable risk levels.
Name three types of organizational security policies.
Authentication policy, access control policy, business continuity policy.
What are the four steps of the policy lifecycle?
- Plan, 2. Implement, 3. Monitor, 4. Evaluate.
What is the goal of IT security management?
To protect critical assets cost-effectively.
Name three responsibilities in IT security management.
Determine requirements, specify safeguards, monitor implementation.
Who is responsible for security?
Management, IT staff, users, third parties.
What is security awareness?
Informing employees about risks and responsibilities.
Name three common information security roles.
Chief Security Officer, Security Manager, Security Technician.
What is ISO/IEC 27001?
Standard for implementing and maintaining an ISMS.
What is ISO/IEC 27002?
Code of practice for security controls.
What does ISO 27005 cover?
Information security risk management.
How many controls are listed in ISO 27002:2022?
93 controls.
What is ISMS?
Information Security Management System.
Why are background checks important?
To reduce risks of fraud, theft, or misuse.
What is the purpose of employment agreements in security?
To define responsibilities, confidentiality, and policy compliance.
What is the goal during employment termination?
Ensure orderly exit and removal of access.
What is the principle of least privilege?
Users have only the access necessary for their role.
What is the principle of separation of duties?
Dividing tasks among people to prevent abuse.
Why implement email and internet use policies?
To prevent malware, ensure productivity, and avoid misconduct.
Why is incident response important?
To minimize damage, recover quickly, and learn from incidents.
What are examples of physical security measures?
Fences, locked doors, access control to server rooms.
Why consider environmental factors?
To mitigate risks like flooding or natural disasters.
What is IT security operations?
All tasks and oversight to keep systems secure and running.
What is a SOC?
Security Operations Center – facility to monitor and protect systems.
What does access control cover?
Data, services, networks, remote access.
What is enforced via automated access control policies?
Who gets access, when, and how.
Why is security important in system development?
To ensure safe design, patching, and secure operations.
What is the aim of business continuity planning?
To ensure operations continue during major failures or disasters.
What is PCI-DSS?
Payment Card Industry Data Security Standard – for organizations handling card payments.
What is operational security?
The ongoing protection of assets, ensuring proper access, oversight, and controls.
What is a security incident?
An event where corporate assets are at risk or have been compromised.
How is risk calculated?
Risk = Likelihood × Impact or Risk = Threat × Vulnerability × Impact.
What are the four main steps of risk management?
Identification, Assessment, Prioritization, Mitigation.
What are the four risk handling strategies?
Avoidance, Mitigation, Transference, Acceptance.
What does a SOC do?
Detects, monitors, and manages security incidents and vulnerabilities.
List four key SOC functions.
Detection, incident handling, threat intelligence, vulnerability management.
What is threat hunting?
Investigating potential threats proactively, possibly based on CTI information.
What is forensics in SOC?
Evidence collection and management during incident investigation.
What is the difference between VM and Pentesting?
VM looks from the inside (authenticated), Pentesting simulates external attacks.
What is CVSS?
Common Vulnerability Scoring System – used in vulnerability management.
What is the process of penetration testing?
Reconnaissance → Scanning → Access → Exfiltration.
What are the 4 phases of incident management?
1) Preparation, 2) Detection and analysis, 3) Containment, eradication, recovery, 4) Post-incident activity.
What is the goal of containment?
To stop the attack as early as possible.
What is the goal of eradication?
To remove the threat from the system.
What happens in the post-incident phase?
Lessons learned are documented for future improvement.
What is threat intelligence?
Information about threats, their sources, capabilities, and intentions.
What are the phases of the intelligence cycle?
Direction, Collection, Analysis, Production, Dissemination & Feedback.
What are the levels of threat intelligence?
Strategic, Tactical, Operational.
What can trigger threat hunting?
CTI data such as IoCs (Indicators of Compromise) or TTPs (Tactics, Techniques, and Procedures).
What is SIEM?
Security Information and Event Management – aggregates and analyzes security data.
What is EDR?
Endpoint Detection and Response – monitors and responds to threats on endpoints.
What is SOAR?
Security Orchestration, Automation, and Response – enhances SIEM with automated workflows.
Name some SIEM tools.
Splunk, Qradar, Sentinel.
Name some EDR tools.
Microsoft Defender, Qualys.
What are typical conflicts between business and security?
Budget constraints, legacy systems, differing priorities.
Name three security risks related to AI tools.
Privacy issues, hallucinations, data poisoning.
What are examples of AI misuse in security?
Deepfakes, reconnaissance, payload crafting, anomaly detection evasion.
How can students engage with cybersecurity in practice?
Via thesis projects and internships.
What is risk in information security?
The expectation of loss from a threat exploiting a vulnerability with a harmful result.
What is the primary goal of risk management?
To reduce risk to an acceptable level.
Define asset in the context of risk management.
A system resource that has value to its owner and requires protection.
What is asset valuation (AV)?
Monetary and non-monetary value of an asset.
Define threat.
Potential for violation of security by exploiting a vulnerability.
Define vulnerability.
Flaw or weakness that could be exploited.
What is exposure?
Susceptibility to asset loss due to a threat.
What is a safeguard?
A countermeasure to reduce or remove vulnerabilities or threats.
What is quantitative risk analysis?
Uses mathematical models to calculate expected losses.
What is qualitative risk analysis?
Uses expert judgment, scenarios, and ratings to assess risk.
Give one advantage and one drawback of quantitative risk analysis.
Advantage: structured calculation; Drawback: inputs often imprecise.
What is the ALE formula?
ALE = SLE × ARO
What is SLE?
Single Loss Expectancy – the cost of one loss.
What is ARO?
Annual Rate of Occurrence – frequency of threat occurring per year.
What is the EF?
Exposure Factor – percent of asset lost in an incident.
Name methods used in qualitative risk analysis.
Brainstorming, Delphi, Storyboarding, Focus groups, Interviews.
What is a risk scenario?
A narrative that describes a potential major threat.
What are common risk consequence ratings?
Insignificant – Severe.
What are common risk likelihood ratings?
Rare – Almost Certain.
What are the 5 main risk treatment strategies?
Avoidance, Acceptance, Transference, Reduce likelihood, Reduce consequence.
How can you treat risk of stolen data?
Mitigate by encrypting data.
How can you treat data loss due to fire?
Transfer risk using insurance.
What is the baseline approach to risk?
Implementing standard controls for common threats without deep analysis.
When is the baseline approach recommended?
For small organizations with limited resources.
What are the three types of security controls?
Physical, Administrative, Technical.
Give two examples of physical controls.
Locks, security guards.
Give two examples of administrative controls.
Policies, awareness training.
Give two examples of technical controls.
Encryption, access control.
What is defense in depth?
A layered approach using multiple, diverse security measures.
Why is layered security beneficial?
Reduces risk of total failure from single point of weakness.
What are the three core security strategies?
Prevention, Detection, Reaction.
Give an example of a prevention measure.
Encrypt orders in e-commerce.
Give an example of a detection measure.
Check for unauthorized transactions.
Give an example of a reaction measure.
Report fraud and cancel the credit card.
What is host security?
Security that focuses on protecting individual devices.
What is network security?
Security focused on protecting the network and controlling access.
What is the ideal approach for mature organizations?
Combine host and network-level security.
List five key security goals.
Confidentiality, Integrity, Availability, Authenticity, Accountability.
What is confidentiality?
Preventing unauthorized disclosure of information.
What is integrity?
Preventing unauthorized modification of information.
What is availability?
Ensuring access to authorized users when needed.
What is authenticity?
Verifying identity of communication partners.
What is accountability?
Ensuring users are held responsible for actions.
What is non-repudiation?
Preventing denial of having performed an action.
Name a confidentiality control.
Encryption.
Name an integrity control.
Hashing.
Name an availability control.
Redundancy.
Name an accountability control.
Audit logs.
Name a non-repudiation control.
Digital signature.
