Computer Security Test 1

Example of Modification

-unauthorised changing values in a database -modify hardware

Ozil is given the right to read and modify FileArsenal.docx

Violation of Integrity

Denial of Services (DOS) attacks are caused by

replay attacks

Access Control

specifies and controls who can access what

Types of Attacks

Passive Attack Active Attack

In what type of attack that there is no modification to message contents?

Passive attacks

OS Controls

Trusted OS Confined programs Access logs for auditing

Non-repudiation

does not allow the sender of a message to refute the claim of not sending the message

Confidentiality

ensures that computer related assets are accessed only by authorised parties

Example of Interruption

erasure of a program or data file, malicious destruction of a hardware device

(Cryptographic Services) Confidentiality

content cannot be revealed

Stream cipher

convert each symbol of the plaintext into a symbol of ciphertext

Encryption can be used to defense the _______ of data

secrecy

Interception

some unauthorised party has gained access to an asset

Fabrication

unauthorised party might create a fabrication of counterfeit objects on a computing system

Modification

unauthorised party not only accesses but tampers with an asset

Attack

Realization of a threat

Passive Attack

the attacker only monitors free traffic attacking the confidentiality of the data

Encryption

the process of coding message so that it's meaning is concealed

Decryption

the process of transforming encrypted message into the original form

Example of Interception

-Wiretapping to obtain data in a network -Illicit copying of programs or data files

Adminstrative Controls

-enforcing standards of design, documentations, programming, testing, configuration management -security audits -separation of duties among employees

Allowing certain users specific accesses comes in the purview of ________________?

Access control

In what attack that the message contents are modified?

Active attacks

What attack is related to confidentiality?

Interception

Software Controls

Internal Program Controls Operating System Controls Independent Control Programs Development Controls

What attack is related to availability?

Interruption

4 Primary Security Principles

Confidentiality, Authentication, Non-repudiation, Integrity

What attack is related to authentication?

Fabrication

Type of Vulnerabilities

Hardware, software, data, others

Input to DES is divided into blocks of 64 bits. It is then permutated by a process called ____?

Initial Permutation

What attack is related to integrity?

Modification

Controls Against Program Threats

OS Controls Adminstrative controls

If the recipient of the message has to be satisfied with the identity of the sender, which principle comes into picture?

Principle of Authentication

Which principle is violated when a Computer is not accessible?

Principle of Availability

Only the sender and the intended recipients have access to the contents of a message

Principle of Confidentiality

The contents of the message must not be modified while the message is in transmission to ensure the ________________?

Principle of Integrity

Ensures that the sender of a message cannot later claim that the message was never sent

Principle of non repudiation

What can be achieved by using Cryptography?

Secrecy, Integrity

Hardware Controls

Smart card Locks Devices to verify identities Boards to control access to disks

Methods of Defense

Software controls, hardware controls, physical controls

Walcott crashes the operating system IN Ramsey 's computer

Violation of Availability

Alexis copies Wilshere's homework

Violation of Confidentiality

Carl installs a software(sniffer) and captures his office mate's traffic

Violation of Confidentiality

Jack hacks the website of www.visa.com and adds a message in support of wikileaks

Violation of Integrity

Nick pretends to be a system administrator and calls Ellen from human resources at his company to ask for her password. He then logs in as Ellen and increases his salary by 20%

Violation of Integrity

Cryptosystem

a system for encryption and decryption

Vulnerabilities

a weakness in the system that can be exploited

Accountability

ability to map between action in a system and responsibility for the action

Example of Fabrication

adding records to a database insert spurious transactions to a network communication system

Active attack

adversary attempts to alter the transmission attacking data integrity, confidentiality, and authentication

Interruption

an asset become lost, unavailable, or unusable

Availability

assets are accessible to authorised parties at appropriate times

Integrity

assets can be modified only by authorised parties or only in authorised ways

Key-based Algorithm

based on the secrecy of the algorithm, the secrecy of the key(s), or both

Block Cipher

break the plaintext into strings(blocks) of fixed lengths and encrypt one block at a time

Threats

has potentiality for loss or harm

Authentication

identifies the user of the computer system and builds a trust with the recipient of the message

Physical Controls

lock on doors backups

(Cryptographic Services) Integrity

message cannot be altered

(Cryptographic Services) Authentication

message cannot be forged

(Cryptographic Services) Non-repudiation

only sender could have produced the message

Restricted Algorithm

requires keeping the algorithm secret