Terminology Flashcards
System Resource/Asset
Software systems, data and network systems, personnel, equipment or a logically related group of systems.
Vulnerability
Weakness in the system that can be exploited or triggered by a threat source.
- Information system, procedures, internal controls or implementation.
Leaky system through the network.
Threat
Circumstance or event what impacts adversely the operations.
Attack
Threat carried out by through a vulnerability.
- Malicious activity that tries to collect, disrupt, deny, degrades or destroys information
Adversary (threat agent)
Individual who conducts or has the intention to conduct detrimental activities
Countermeasure
Device or technique that reduces effectiveness of attacks (prevention). If it is not possible to prevent it the goal is to detect and recover form its effects.
Residual vulnerabilities may remain -> residual level of risk to assets.
Risk
Measure of the extent that an entity can be impacted by a threat, defined by level of impact or likelihood
Security Policy
Criteria for the provision of security services in order to maintain a condition of security
Active attack
Attempt to alter resources or affect operation
Passive attack
Learn or make use of information of the system, does not affect resources
Origin of the attack
Inside -> entity inside the security perimeter, authorized to access but misuses in an unapproved way
Outside -> outside the perimeter by unauth or illegitimate user.
Threats - Unauthorized disclosure
Entity gains access to data for which the entity is not authorized
To: Confidentiality
Consequence:
- Exposure: entity gains unauthorized knowledge of sensitive data
- Interception: shared LAN any device can get unauthorized access to data
- Inference: observing the pattern of traffic on a network
- Intrusion: Overcoming access control protections to get unauth data
Threats - Deception
Event where entity receives false data and will believe it to be true
To: Integrity
Consequence:
- Masquerade: posing as auth user (obtained credentials). Trojan horse appears to have a function but gains access and executes malicious logic
- Falsification: alter, replace valid data or introduce false data
- Repudiation: deny sending data or receiving/possessing data.
Threats - Disruption
Event that interrupts or prevents the correct operation and functions
To: Availability or system integrity
- Incapacitation: limit system availability. Physical or damage of hardware. Trojan horse disabling services.
- Corruption: on system integrity. Resources or services function in an unintended manner. Like a backdoor
- Obstruction: interfere communications, disabling or altering communication control information. Overload the system
Threats - Usurpation
Event that results in control of system services or functions by unauth entity
To: System integrity
- Misappropriation: theft of service. DDoS attacks, using machine resources to attack a target host.
- Misuse: disable security functions or thwarted sec functions
Assets - Hardware
Most vulnerable and least susceptible to automated controls
Threats:
- Accidental and deliberate damage to equipment
- Theft (USB drives -> loss of confidentiality)
Assets - Software
Key threat to sw is on availability. Easy to delete.
It can be altered or damaged to affect functioning.
Backups can increase availability and recovery.
Altering is a threat to integrity/authenticity.
Assets - Data
Concerns: availability, secrecy and integrity.
Threats:
- Destroy data -> availability
- Unauthorized reading data or dbs -> secrecy
- Statistical databases (aggregate or summ information) -> secrecy. Data can be inferred by doing set operations and also the data is available during different stages of the processing of these data sets.
- Modification of data files -> data integrity
Assets - Communication Lines and Networks - Passive attacks
- Passive: obtain information being transmitted. Release of message contents and traffic analysis.
Release of MC: prevent unauthorized reads or learning
Traffic analysis: prevent inference from seeing the interaction (guessing the nature).
Difficult to catch emphasize prevention rather than detection
Assets - Communication Lines and Networks - Active attacks
Modification or falsification of the data stream
- Replay: passive capture and retransmission
A masquerade: entity pretends to be a different entity. Replay authentication sequences to gain access.
- Modification of messages: altering portion, delaying or reordering of legitimate messages
Difficult to prevent emphasize detection and recovery
List types of threat actions (attacks)
-> Confidentiality
Exposure & interception: attacker gets unauth access to data
Inference: does it by inferring
Intrusion: overcome access control
-> Availability
Incapacitation: limit availability
Obstruction: Interfere comms. overload system
-> Integrity
Corruption: service does not work as expected
Masquerade: pose as auth user
Falsification: alter valid data or create false data
Repudiation: deny sending or received/possess data
Misappropiation: theft of service or misuse of resources
Misuse: disabled sec functions or thwarting of functions
List of threat consequences
-Unauthorized disclose
exposure, interception, inference, intrusion (Confidentiality)
-Disruption
incapacitation,obstruction (Availability)
corruption (Integrity)
-Deception
masquerade, falsification, repudiation (Integrity)
-Usurpation
misappropiation, misuse (Integrity)
