CIS4360 Intro to Computer Security: Midterm 1
Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.
Integrity
Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator.
Keystream
An example of __________is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
Masquerade
An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized user
Masquerade
__________is a procedure that allows communicating parties to verify that received or stored messages are authentic.
Message Authentication
_________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Privacy
Digital signatures and key management are the two most important applications of ________ encryption.
Public-Key
A _____assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.
Risk
A _______is any action that compromises the security of information owned by an organization.
Security Attack
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources
Security Policy
A _____________ processes the input elements continuously, producing output one element at a time.
Stream cipher
Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is _______
Symmetric Encryption
Data contained in an information system; or a service provided by a system; or a system capability; a facility tat houses system operations and equipment
System Resource (Asset)
_____________is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Traffic Padding
A message authentication code is a small block of data generated by a secret key and appended to a message.
True
Attacks are threats carried out
True
Brute-force attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
True
Computer Security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.
True
Computer security is a protection of the integrity, availability and confidentiality of information system resources
True
In the context of security our concern is with the vulnerabilities of system resources.
True
Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.
True
Symmetric encryption is used primarily to provide confidentiality
True
System Availability assures that systems work promptly and service is not denied to authorized users
True
The advantage of a stream cipher is that it is faster than block ciphers.
True
The first step in devising security services and mechanisms is to develop a security policy.
True
The secret key is input to the encryption algorithm.
True
X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications.
True
IF the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to
Use Longer Keys
A circumstance that results in control of system services or functions by an unauthorized entity.
Usurpation
Replay, masquerade, modification of messages, and denial of service are example of
active attacks
A _______is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.
attack
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a
attack
A loss of _____ is the unauthorized disclosure of information
confidentiality
A ____________is any means taken to deal with a security attack
countermeasure
A _________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.
denial-of-service
The assets of a computer system can be categorized as (4 things)
hardware, software, communication lines and networks, and data.
A ______ is an attempt to learn or make use of information from the system that does not affect system resources.
passive attack
Release of message contents and traffic analysis are two types of
passive attacks
Security implementation involves four complementary courses of action:
prevention, detection, response, and recovery
A _________ stream is one that is unpredictable without knowledge of the input key and which has an apparently random character.
pseudorandom
In public key encryption, the __________ is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.
public and private key
The OSI security architecture focuses on (3 things)
security attacks, mechanisms, and services
A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is
vulnerability
DES takes a plaintext block of 64 bits and a key of ______ bits to produce a ciphertext block of 64 bits.
56
-The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity - Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes
Accountability
verifying that users are who they say they are each input arriving at the system came from a trusted source
Authenticity (under Integrity)
A loss of __________ is the disruption of access to or use of information or an information system.
Availability
ensuring timely and reliable access to and use of information
Availability
A _________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
Brute-Force Attack
______ is the scrambled message produced as output
Ciphertext
Messages are destroyed/deleted/read/ modified/delayed/recorded/duplicated fabricated
Communication Lines Threat
__________is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.
Computer security
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information
Confidentiality
Vulnerabilities (3 types)
Corrupted (loss of Integrity) Leaky (loss of confidentiality) Unavailable or slow (loss of availability)
A __________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
Cryptanalytic
The most important symmetric algorithms, all of which are block ciphers, are (3 of them)
DES (Data encryption standard), Triple DES, and AES (Advancted encryption standard)
The assurance that data received are exactly as sent by an authorized entity is
Data Integrity
Files are deleted, unauthorized analysis or reading is performed.
Data threat
The _______ algorithm takes the ciphertext and the secret key and produces the original plaintext.
Decryption
The __________prevents or inhibits the normal use or management of communications facilities.
Denial Of Service
attempts to disable a user authentication service by flooding the service with numerous authentication attempts
Denial-of-Service
(Contingency planning) is a functional area that primarily requires computer security technical measures.
FALSE access control; identification & authentication; system & communication protection; and system & information integrity functional areas that primarily require management controls and procedures include: awareness & training; audit & accountability; certification, accreditation, & security assessments; CONTINGENCY PLANNING; maintenance; physical & environmental protection; planning; personnel security; risk assessment; and systems & services acquisition
Privacy ensures that information and programs are changed only in a specified and authorized manner.
False (Confidentiality)
On average, _____ of all possible keys must be tried in order to achieve success with a brute-force attack.
Half
