What is cyber security?

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are some examples of active attack?

1. Masquerade 2. Replay 3. Modification of messages 4. Denial of service

What are the 7 cyber security services?

1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non repudiation 6. Availability 7. Security mechanism

Availability

Resource accessible/ usable

What are the threats to confidentiality?

Snooping Traffic analysis

Backups

The periodic archiving of data

What are the 3 tools for integrity?

1. Backups 2. Checksums 3. Data correcting codes

Examples of the three components of Cyber security?

1. Confidentiality Trade secrets, student grades 2. Availability Services rendered 3. Integrity Accurate patient information

What are some examples of passive attacks?

1. Eavesdropping 2. Traffic analysis

What are the tools for confidentiality?

1. Encryption 2. Access control 3. Authentication 4. Authorization 5. Physical security

What is cyber security? The protection afforded to an automated information system connected to the internet in order to attain the applicable objectives of preserving the:

1. Integrity 2. Availability 3. Confidentiality

What are are the 7 layers of security that a successful organization should possess?

1. Physical 2. Personal 3. Operations 4. Communications 5. Network 6. Information

What are the tools for availability?

1. Physical protections 2. Computational redundancies

...of system resources:

1. Software 2. Firmware 3. Information /data 4. Telecommunications

What are the 3 factors for authentication?

1. Something you are 2. Something you know 3. Something you have

Security service

A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.

What are the 3 areas of the Internet?

Access Edge Core

What is a security attack and what are the types of security attack?

Any action that compromises the security of information. There are broadly two types of attacks: 1. Passive 2. Active

Authentication

Assurance that communicating entity is the one claimed

Data integrity

Assurance that data received is as sent by an authorized entity

Computational redundancies

Computers and storage devices that serve as fallbacks in the case of failures.

What are the threats to denial of availability

Denial of service

Security mechanism

Feature designed to detect prevent or recover from a security attack

Physical protections

Infrastructure meant to keep information available even in the event of physical challenges

Security mechanism

Mechanism that is designed to detect, prevent or recover from a security attack.

Data correcting codes

Methods for storing data in such a way that small changes can be easily detected and automatically corrected.

Threats to integrity

Modification Masquerading Replaying Repudiation

Access control

Prevention of the unauthorized use of online resource

Non-repudiation

Protection against denial by one of the parties in a communication

Data confidentiality

Protection of data from unauthorized disclosure

Access control

Rules and policies that limit access to confidential information to those people or systems with 'a need to know'. This may be determined by identity, such a persons name or a computer sail number, or a role that a person has, such as being a manager or computer system specialist.

What is the difference between Internet and intranet?

The Internet is accessible anywhere, but the intranet is bound geographically. It is usually encrypted but follows the same protocol.

Checksums

The computation of a function that maps the contents of a file to a numerical value. The checksum function depends on the entire contents of the file and is designed in a way that even a small change to the input file (such as flipping a single bit) is likely to result in a different output value.

Repudiation

The denial of a commitment or data receipt. This involves an attempt to back out of a contract or a protocol that requires the different parties to provide receipts acknowledging that data has been received.

Authorization

The determination if a person or system is allowed access to resources, based on an access control policy. Such authorizations should prevent an attacker from tricking the system into letting him have access to protected resources.

Authentication

The determination of the identity or role that someone has. This can be done by the three factors..

Physical security

The establishment of physical barriers to limit access to protected computational resources. Eg: locks on doors, windowless rooms, sound dampening materials, copper meshes called faraday's cages to block electromagnetic signals.

Masquerading

The fabrication of information that is purported to be from someone who is not actually the author

Eavesdropping

The interception of information intended for someone else during its transmission over a communication channel (passive)

Denial of service

The interception or degradation of a data service or information access. Example: email spam that slows down an email server.

Integrity

The property that information has not been altered in an unauthorized way.

What is availability?

The property that information is accessible and modifiable in a timely fashion by those authorized to do so.

In what way is the world wide web vulnerable to threats?

The transfer and store process makes it vulnerable. Entire document is transferred and then stored on the local computer before the browser displays it. Hence it creates the opportunity for sending different types of malicious code to the user's computer.

Encryption

The transformation of information using a secret encryption key, so that the transformed information can only be read using another secret decryption key, which may in some cases be the same as the encryption key.

Alteration or modification

Unauthorized modification of information The man in the middle attack: where a network stream is intercepted, modified and retransmitted. (active)


Ensembles d'études connexes

Unit 8 Checkpoint Exam - The Securities Exchange Act of 1943 & the Secondary Markets

View Set

WEEK 11 [ADN240] "DEPRESSION, POSTPARTUM, MOOD & AFFECT"

View Set

sains tingkatan 2 bab 1 BIODIVERSITI

View Set

Supply Chain CREATING AND MANAGING SUPPLIER RELATIONSHIPS

View Set

Introduction Solving Systems by Substitution (one variable solved for, and is equal to one term)

View Set