Security Triad *
Lisa can deny she sent an email when she uses a digital signature. (True or False)
False Digital Signatures provide non-repudiation which means she cannot deny she sent the email.
Loss of integrity indicates the data is the same. (True or False)
False Loss of integrity indicates the data has changed and is not the identical. Unauthorized users can change data, or the changes can occur through system or human errors.
Digital signatures provide repudiation. (True or False)
False Repudiation means rejection of an idea. Digital signature provide non-repudiation.
A _____ is simply a number created by executing a hashing algorithm against data, such as a file or message.
Hash NOTE: Hashing doesn't tell you what modified the message.
Another method of ensuring systems stay available is with patching. (True or False)
True
_____ how systems and users provide credentials to verify their identity - including remote access systems.
Authentication
_____ indicates that data and services are available when needed.
Availability
Name seven fault-tolerance and redundancy techniques. In the security triad what does this fall under?
Availability 1. Disk Redundancies 2. Server Redundancies 3. Site Redundancies 4. Load Balancing 5. Backup 6. Alternative Power 7. Cooling Systems
Digital signature require the use of ____ and _____.
Certificates and Public Key Infrastructure (PKI).
Vitualization can also increase availability of servers by reducing unplanned downtime. (True of False)
True This is an example of Server Redundancies
Can you use hashing on email? (Yes or No)
Yes
Another common goal of availability is safety. (True or False)
False Another common goal of security is safety.
Are Audit logs a form of non-repudiation? (True or False)
True
What is MAC?
Message Authentication Code Used in email hashing.
What is MD5? In the security triad what does this fall under?
Message Digest 5 A hashing algorithm. Integrity
What is Identification? In the security triad what does this fall under?
Users claim an identity with a unique username. Confidentiality - Access Controls
What is Authentication? In the security triad what does this fall under?
Users prove their identity with authentication, such as with a password. Confidentiality - Access Controls
PKI provides the means to _____, _____, and _____ digital certificates.
create, manage, and distribute
What are the three different methods that prevents the unauthorized disclosure of data (confidentiality)?
1. Encryption 2. Access Control 3. Steganography Think EAS
A wide variety of physical security controls helps ensure the safety of assets. Name four of them.
1. Fencing around a building. 2. Lighting 3. Locks 4. CCTV to provide video monitoring.
Three Different Meanings of MAC: 1. What is Media Access Control? 2. What is Mandatory Access Controls? 3. What is Message Authentication Code?
1. Physcial Addresses assigned to networks NICs. 2. One of several Access Control Models 3. Email hashing method
_____ help protect confidentiality by restricting access.
Access Contols
You use _____ to grant and restrict access.
Access Controls
Identification, authentication, and authorization combined provide _____ and help ensure that only authorized personnel can access data. In the security triad what does this fall under?
Access Controls Confidentiality
What does AES stand for?
Advanced Encryption Standard
_____ include keys used for encryption in Digital signatures.
Certificates
_____ prevents the unauthorized disclosure of data.
Confidentiality
REMEMBER THIS Confidentiality ensures that data is only viewable by authorized users. The best way to protect the confidentiality of data is by encrypting it. This includes any type of data, such as PII, data in databases, and data on mobile devices. Access controls help protect confidentiality by restricting access. Steganography helps provide confidentiality by hiding data, such as hiding text files within an image file.
Confidentiality Section Review 1. Encryption (Scramble) 2. Access Controls (Identification, Authentication, Authorization) 3. Steganography (Hide Date in Data)
_____, _____, _____ together form the security triad.
Confidentiality, Integrity, and Availability. Think CIA.
The best technique of <i>confidentiality</i> is _____?
Encryption
_____ scrambles data to make it unreadable by unauthorized personnel. In other words, authorized personnel can decrypt the data, but ***** makes it extremely difficult for unauthorized personnel to access data. In the security triad what does this fall under?
Encryption Confidentiality
Electronic doors are often designed to (fail-open, fail-closed) for personnel safety. Choose one.
Fail-Open Another safety option is to include a method of manually opening the door.
_____ include redundant servers and ensure a service will continue to operate, even if a server fails.
Failover clusters
What is HMAC? In the security triad what does this fall under?
Hash-Based Message Authentication Code A hashing algorithm. Integrity NOTE: Any cryptographic hash function, such as MD5 or SHA-1 may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly.
What are two forms of Integrity?
Hashing and Digital Certificates
What is a hot site, cold site, and warm site?
Hot: A site that is available 24/7. Cold: Where equipment, data, and personnel can be moved when needed. Warm: Mixture of the above.
What is authentication?
How systems and users provide credentials to verify their identity - including remote systems.
Digital signatures are associated with what item in the security triad?
Integrity
_____ provides assurances that data has not changed.
Integrity Integrity includes ensuring that no one has modified, tampered with, or corrupted the data. Ideally, only authorized users modify data. However, there are times when unauthorized or unintended changes occur. This can be from unauthorized users, from malicious software (malware), and through system and human errors. When this occurs, the data has lost integrity.
REMEMBER THIS Integrity verifies that data has not been modified. Loss of integrity can occur through unauthorized or unintended changes. Hashing algorithms, such as MD5, HMAC, or SHA-1, calculate hashes to verify integrity. A hash is simply a number created by applying the algorithm to a file or message at different times. By comparing the hashes, you can verify integrity has been maintained.
Integrity Section Review 1. Hashing 2. Digital Signatures
What is Steganography? In the security triad what does this fall under? Give an example.
Is the practice of hiding data within data. Confidentiality You can embed a hidden message in an image by modifying certain bits within the file.
What does non-repudiation mean?
It proves a user did something and they cannot deny it.
Some email programs use _____ instead of hashing to verify integrity.
MAC Message Authentication Code
REMEMBER THIS Availability ensures that systems are up and operational when needed and often addresses single points of failure. you can increase availability by adding fault tolerance and redundancies, such as RAID, fail-over clusters, backups, and generators, HVAC systems also increase availability.
N/A
REMEMBER THIS Beyond Confidentiality, Integrity and Availability, Safety is another common goal of security. For example, adding fencing and lighting around an organization's property provides safety for personnel and other assets. Similarly, adding stronger locks and door access systems increases safety. Exit doors with electronic locks typically fail in an open position so that personnel can exist safely.
N/A
Are hashs created at just the destination?
No, the are created at the source and destination. They can also be created at two different times like the 1st and 15th of the month.
What are business continuity plans and are they meant to protect people or assets?
Organizations develop business continuity plans to prepare for disasters such as fires, earthquakes, hurricanes, and tornadoes. These plans include items such as escape plans and escape routes. They ensure personnel are aware of these plans by holding drills and training.
What does PII stand for?
Personally Identifiable Information
What does PKI stand for?
Public Key Infrastructure
Fault-tolerant disk such as ____, _____, and _____ allow a system to continue to operate even if a disk fails.
RAID-1, RAID-5, RAID-6
_____ adds duplication to critical systems and provides fault tolerance.
Redundancy If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption.
A common goal of fault tolerance and redundancy techniques is to remove each ______.
SPOF Single Point of Failure If SPOF fails, the entire system fails.
What is SHA-1? In the security triad what does this fall under?
Secure Hash Algorithm 1 A hashing algorithm. Integrity
Can systems implement non-repudiation methods? (True or False)
True
Digital signatures provide assurances that the email contents have not changed (alas integrity). (True or False)
True
Digital signatures require certificates and provide authentication and non-repudiation. (True or False)
True
Integrity provides assurances that data has not been modified, tampered with, or corrupted. (True or False)
True
It's common to use digital signatures in email. (True or False)
True
Signatures on credit card receipts is another form of non-repudiation. (True or False)
True
Do digital signatures provide authentication?
Yes Authentication from the digital signatures prevent attackers from impersonating others and sending malicious emails.
Is it's also possible to lose data integrity through human error?
Yes, if a database administrator needs to modify a significant amount of data in a database, the administrator can write a script to perform a bulk update. However, if the script is faulty, it can corrupt the database, resulting in a loss of integrity.
What is Authorization? In the security triad what does this fall under?
You grant or restrict access to resources using an authorization method such as permissions. Confidentiality - Access Controls
Organizations commonly implement _____, _____, _____ to ensure high levels of availability for key systems.
redundancy, fault-tolerant methods, patching