Unit 1.1 - CIA Triad and Authentication Flashcards
What is the equation fused to model computer security?
Protection = Prevention + (Detection + Response)
What is the CIA Triad? (what each letter represents and what each of those categories is)
Confidentiality - the data is not revealed
Integrity - data is intact (not modified or corrupted)
Accessibility - data is accessible to allowed users
What are the 3 data states?
Data in rest, data in transit, data in use
What tools are used to achieve CIA (AAA?)
Authentication - prove who you are
Access Control - what you are allowed to see or get to
Accounting - keep track of what you have done and what’s happened
What are the 2 methods of password attacks?
Steal the password
Guess the password (brute force or stupid user)
What are some rules for creating a strong password?
Use minimum 8 - 10 characters
Use lower and upper case characters
Include special characters/symbols
Don’t use any personal information
Don’t reuse passwords on important websites
Don’t use any dictionary words
How are databases used in password attacks?
Databases are used for dictionary attacks, password spraying, and credential stuffing.
What are dictionary attacks?
Uses a database of words that people are likely to use and rapidly tests them for a given account
What is password spraying?
Uses a database of weak passwords and tests each one against a large number of accounts
What is credential stuffing?
Uses a database of usernames and passwords from a data breach in order to gain access to user accounts
What is password hashing and why do we use it?
Hashing is a special mathematical function that performs a one way conversion. We use it to avoid storing passwords in plain text.
What does it mean to add salt to a hash?
Salting is adding a random string of characters to a password before the hashing algorithm is applied so that rainbow tables are less effective
What is a rainbow table?
A file of pre-computed hash values for every possible combination of characters
What is the birthday attack?
Takes advantage of the fact that it is likely there will be multiple accounts that have the same passwords and can then use that information to reverse the hashing algorithm.
What is the ‘pass the hash’ method?
Attacker logs in with the username and password hash instead of the text password