Week 5 - Systems security Flashcards
non-repudation
means’ that the owner of a message is unable to reupdate ownership. can be achieved by cryptography or accounting methods.
what is a system?
a set of things working as part of a mechanism with an interconnection between its components, with a goal of providing a service.
explain cyber-physical-social systems
integration of cyber, physical and social spaces.
Define interface
a common point through which two systems interact
what is the application layer?
sends and receives data
what is the host layer?
the hardware that hosts the OS
what is the operating system?
a collection of software that runs the interface, manages system components (storage, memory) and peripherals (printers, audio).
What is the network layer (layer 3)
routing packets in a network.
Availability from a computer systems perspective
key components ensure the system is always fully functional
(web and database server or backed up data by the system)
Authentication from a computer systems perspective
allows legitimate users only.
Authorisation from a computer systems perspective
role based access controls, e.g only admin can make changes
Confidentiality from a computer systems perspective
techniques like cryptography and access control ensure authorised users have access to data
Integrity from a computer systems perspective
techniques like cryptography and access control ensure authorised users have access to data
Accounting and non-repudiation from a computer systems perspective
mechanisms to log all actions with identity, date, time.
What is an attack vector?
how the attack targets the system
what is packet sniffing?
monitoring network traffic to capture packets on a wired or wireless network
Define interception attack vector
the act of preventing someone or something from reaching the intended destination
breaches confidentiality
Define modification attack vector
making changes without permission or authorisation
breaches integrity
Define interruption attack vector
stop or hinder communication
breaches integrity and availability
Define replay attack vector
lays between modification and interception, attacker intercepts data then communicate it to target without modification with the intent of receiving a response that holds information of interest
Define Man in the middle attack
a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other
may use replay attack vector or modification attack vector.
define fabrication attack vector
masquerading as a sender or receiver to fabricate a message or data. observation over a long period of time
can be used to breach 1 of 5 security objectives-
confidentiality, integrity, availability, authentication and non-repudiation
define transmission control protocol (TCP)
layer 4,
transport data segments
communications standard that enables application programs and computing devices to exchange messages over a network
Define systems security
security of a whole system including applications, host devices, network components, people and processes.
Define cryptography
encode and decode information to secure communication.
achieves confidentiality and integrity (CIA)
what is the ISO 27000 information security standard?
International organisation for Standardisation (ISO)
a set of standards that if met demonstrates an organisation has met a level of security maturity.
implementation is accredited by a qualified auditor.
What does ISO 2700:2018 address?
best practices for managing information risks by implementing security controls
What does ISMS stand for?
information security management systems.
