Unit 1.1 - CIA Triad and Authentication Flashcards

1
Q

What is the equation fused to model computer security?

A

Protection = Prevention + (Detection + Response)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the CIA Triad? (what each letter represents and what each of those categories is)

A

Confidentiality - the data is not revealed
Integrity - data is intact (not modified or corrupted)
Accessibility - data is accessible to allowed users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 3 data states?

A

Data in rest, data in transit, data in use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What tools are used to achieve CIA (AAA?)

A

Authentication - prove who you are
Access Control - what you are allowed to see or get to
Accounting - keep track of what you have done and what’s happened

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 2 methods of password attacks?

A

Steal the password
Guess the password (brute force or stupid user)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some rules for creating a strong password?

A

Use minimum 8 - 10 characters
Use lower and upper case characters
Include special characters/symbols
Don’t use any personal information
Don’t reuse passwords on important websites
Don’t use any dictionary words

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How are databases used in password attacks?

A

Databases are used for dictionary attacks, password spraying, and credential stuffing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are dictionary attacks?

A

Uses a database of words that people are likely to use and rapidly tests them for a given account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is password spraying?

A

Uses a database of weak passwords and tests each one against a large number of accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is credential stuffing?

A

Uses a database of usernames and passwords from a data breach in order to gain access to user accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is password hashing and why do we use it?

A

Hashing is a special mathematical function that performs a one way conversion. We use it to avoid storing passwords in plain text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does it mean to add salt to a hash?

A

Salting is adding a random string of characters to a password before the hashing algorithm is applied so that rainbow tables are less effective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a rainbow table?

A

A file of pre-computed hash values for every possible combination of characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the birthday attack?

A

Takes advantage of the fact that it is likely there will be multiple accounts that have the same passwords and can then use that information to reverse the hashing algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the ‘pass the hash’ method?

A

Attacker logs in with the username and password hash instead of the text password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Give an example of authentication for each of the following categories: what you have, what you know, what you are

A

What you have - smart cards, certificate
What you know - password, PIN
What you are - biometrics