6.1

Question 1

What is security? (when we say an organization/person is secure)

Answer 1

1. It can do what it wants, when it wants
2. It can keep a secret
3. It can prevent an adversary from doing the same

Question 2

What is security? (when we say a system is secure)

Answer 2

We say a system (say, a network) is secure if an organization can use it without reducing its own security

Question 3

Nothing is secure by default.

Answer 3

You need to take measures to make it secure.

Question 4

Name 4 security layers.

Answer 4

Physical
Communications
Technical
Human

Question 5

The security layers are…

Answer 5

cumulative. And overlap.

Question 6

What is the goal of the physical layer? How can you reach that goal?

Answer 6

The goal is to keep physical things from theft or damage
There are many ways to do this:
Physical barriers
Surveillance
Violence

Question 7

Physical security is the most effective, but is also

Answer 7

stupid.

Question 8

Why you need the communication layer?

Answer 8

Because you want to communicate with another place:
* Without an adversary knowing what is said
* And perhaps without the adversary knowing that communication even happened

Question 9

You can try to communicate

Answer 9

Secretly: Whispering, steganography - the adversary does not know you are communicating
By misdirection: Slang – the adversary knows you are communicating but not about what
By transformation: Ship semaphores, encryption – the enemy knows what you are talking about, but not what you are saying

Question 10

Communications can also cover

Answer 10

the movement of materials

Question 11

Communications can cover movement of materials, but nowadays modern communication technology changed. This led to…

Answer 11

inventions such as cryptography, steganography, frequency hopping, denial of service attacks and more

Question 12

Technical security refers to…

Answer 12

any security measure that requires a computer to implement it, or which is targeted at a computer

Question 13

Technical security includes…

Answer 13

Cryptography (it overlaps with the communications layer)
Privilege escalation attacks and other attacks on the operating system
Intrusion detection and prevention
Honey pots

Question 14

The human layer refers to…

Answer 14

security issues that result from the fact that any organization is made up of people

Question 15

The weakest part of any security system is…

Answer 15

the people involved.

Question 16

How do we mitigate the problem with people?

Answer 16

Make sure everyone involved knows only what they need to know in order to do their job (compartmentalization)

Surveillance:
- Watch people’s social media, financial transactions, travel plans and so on
- Look for suspicious patterns

Minimize a person’s attack surface
- A personal attack surface is the sum total of ways that an adversary can gain leverage over a person
- Leverage can be used to make a person do something they perhaps ordinarily would not

Question 17

Make sure all the systems contributing to security support the three A’s

Answer 17

Authentication
Authorization
Accounting

Question 18

AAA works for

Answer 18

all scales of system and across all layers