Computer & Network Security: Topics 1-5

Vulnerability

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.

Countermeasure

An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.

Attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system.

Passive Attack

An attempt to learn or make use of information frmo the system that does not affect system resources.

System Integrity

Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Privacy

Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

A loss of ________ is the unauthorized disclosure of information. (a) Confidentiality (b) Authenticity (c) Integrity (d) Availability

Confidentiality.

An example of ________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. (a) Masquerade (b) Repudiation (c) Interception (d) Inference

Masquerade.

Denial of Service

Prevents or inhibits the normal use or management of communications facilities.

Traffic Padding

The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.

The system must keep personal identification numbers confidential, both in the host system and during transmission for a transaction. It must protect the integrity of account records and of individual transactions. Availability of the host system is important to the economic well being of the bank, but not to its fiduciary responsibility. The availability of individual teller machines is of less concern.