What is cyber security?
What are some examples of active attack?
1. Masquerade 2. Replay 3. Modification of messages 4. Denial of service
What are the 7 cyber security services?
1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non repudiation 6. Availability 7. Security mechanism
Availability
Resource accessible/ usable
What are the threats to confidentiality?
Snooping Traffic analysis
Backups
The periodic archiving of data
What are the 3 tools for integrity?
1. Backups 2. Checksums 3. Data correcting codes
Examples of the three components of Cyber security?
1. Confidentiality Trade secrets, student grades 2. Availability Services rendered 3. Integrity Accurate patient information
What are some examples of passive attacks?
1. Eavesdropping 2. Traffic analysis
What are the tools for confidentiality?
1. Encryption 2. Access control 3. Authentication 4. Authorization 5. Physical security
What is cyber security? The protection afforded to an automated information system connected to the internet in order to attain the applicable objectives of preserving the:
1. Integrity 2. Availability 3. Confidentiality
What are are the 7 layers of security that a successful organization should possess?
1. Physical 2. Personal 3. Operations 4. Communications 5. Network 6. Information
What are the tools for availability?
1. Physical protections 2. Computational redundancies
...of system resources:
1. Software 2. Firmware 3. Information /data 4. Telecommunications
What are the 3 factors for authentication?
1. Something you are 2. Something you know 3. Something you have
Security service
A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
What are the 3 areas of the Internet?
Access Edge Core
What is a security attack and what are the types of security attack?
Any action that compromises the security of information. There are broadly two types of attacks: 1. Passive 2. Active
Authentication
Assurance that communicating entity is the one claimed
Data integrity
Assurance that data received is as sent by an authorized entity
Computational redundancies
Computers and storage devices that serve as fallbacks in the case of failures.
What are the threats to denial of availability
Denial of service
Security mechanism
Feature designed to detect prevent or recover from a security attack
Physical protections
Infrastructure meant to keep information available even in the event of physical challenges
Security mechanism
Mechanism that is designed to detect, prevent or recover from a security attack.
Data correcting codes
Methods for storing data in such a way that small changes can be easily detected and automatically corrected.
Threats to integrity
Modification Masquerading Replaying Repudiation
Access control
Prevention of the unauthorized use of online resource
Non-repudiation
Protection against denial by one of the parties in a communication
Data confidentiality
Protection of data from unauthorized disclosure
Access control
Rules and policies that limit access to confidential information to those people or systems with 'a need to know'. This may be determined by identity, such a persons name or a computer sail number, or a role that a person has, such as being a manager or computer system specialist.
What is the difference between Internet and intranet?
The Internet is accessible anywhere, but the intranet is bound geographically. It is usually encrypted but follows the same protocol.
Checksums
The computation of a function that maps the contents of a file to a numerical value. The checksum function depends on the entire contents of the file and is designed in a way that even a small change to the input file (such as flipping a single bit) is likely to result in a different output value.
Repudiation
The denial of a commitment or data receipt. This involves an attempt to back out of a contract or a protocol that requires the different parties to provide receipts acknowledging that data has been received.
Authorization
The determination if a person or system is allowed access to resources, based on an access control policy. Such authorizations should prevent an attacker from tricking the system into letting him have access to protected resources.
Authentication
The determination of the identity or role that someone has. This can be done by the three factors..
Physical security
The establishment of physical barriers to limit access to protected computational resources. Eg: locks on doors, windowless rooms, sound dampening materials, copper meshes called faraday's cages to block electromagnetic signals.
Masquerading
The fabrication of information that is purported to be from someone who is not actually the author
Eavesdropping
The interception of information intended for someone else during its transmission over a communication channel (passive)
Denial of service
The interception or degradation of a data service or information access. Example: email spam that slows down an email server.
Integrity
The property that information has not been altered in an unauthorized way.
What is availability?
The property that information is accessible and modifiable in a timely fashion by those authorized to do so.
In what way is the world wide web vulnerable to threats?
The transfer and store process makes it vulnerable. Entire document is transferred and then stored on the local computer before the browser displays it. Hence it creates the opportunity for sending different types of malicious code to the user's computer.
Encryption
The transformation of information using a secret encryption key, so that the transformed information can only be read using another secret decryption key, which may in some cases be the same as the encryption key.
Alteration or modification
Unauthorized modification of information The man in the middle attack: where a network stream is intercepted, modified and retransmitted. (active)