Unit 1: Introduction to Computer Security Flashcards
Computer security triad
CIA = confidentiality, integrity, availability
Non-repudiation
Ability to deny something; also sometimes thought of as part of the CIA camp (sometimes falls under Integrity)
Data states
- Data at rest (not being used, sitting in storage somewhere)
- Data in process (being used, read from storage into RAM/being manipulated, being played/displayed/used in some way)
- Data in transit (being transmitted between two points)
Risk management
A balance of usability, security, and cost
Risk (defined)
A potential loss of a threat that will exploit a particular vulnerability despite controls put in place
Social Engineering Tools vs. Vulnerabilities
- Tools: intimidation, lies, etc.
- Vulnerabilities: greed, fear, ignorance, etc.
Amateur vs. Professional Attackers
- Amateurs: make use of well-known vulnerabilities, unfamiliar with the granularity of tools to use or why/how they work–their goal is success of getting into a system for bragging rights, etc.; defending against them is fairly easy (implement training, update+patch systems/sw)
- Professionals: persistent; often nation-states, organized groups; often use zero-day vulnerabilities (race to exploit a vuln before it is patched–a vuln that the venor doesn’t know about and there is no patch for it); may use botnets (network of compromised computers); you will have to use a different, more robust defensive technique to defend against a pro attacker - computing systems are inherently insecure
Decimal system
aka “base 10” system; 0-9
Binary system
0 and 1
Hexadecimal system
aka “base 16” system; 0-9, a-f (a=10, b=11, etc.)
Base 64 system
64 digits; 0-9, a-z, A-Z, +, /
Bit
a single Binary digIT (either a 0 or a 1)
Nibble
4 bits
Byte
8 bits; a shortcut to representing a byte is to use hex.
Boolean operators
XOR (comes in handy for encryption; when combining two of the same numbers = 0, combining different numbers = 1), OR, and AND
