Week 1 - Introduction & Application and Networking-based Attacks

Question 1

What is network security?

Answer 1

Network security (aka cybersecurity or internet security) is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.

Question 2

What are the three computer security objectives (e.g. CIA Triad)?

Answer 2

1. Confidentiality
   - Data confidentiality
   - Privacy
2. Integrity
   - Data integrity
   - System integrity
3. Availability

Question 3

What is the concept of authenticity in network security?

Answer 3

Authenticity is verifying that users are who they say they are and that each input arriving at the system came from a trusted source.

Question 4

What is the concept of accountability in network security?

Answer 4

Accountability is the security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

Question 5

What are the 3 levels of impact on organisations (security breach)

Answer 5

1. High - Severe or catastrophic adverse effect on organisational operations, organisational assets, or individuals
2. Moderate - Serious adverse effect on organisational operations, organisational assets, or individuals
3. Low - Limited adverse effect on organisational operations, organisational assets, or individuals

Question 6

What is a security attack?

Answer 6

A security attack is any action that compromises the security of information owned by an organisation.

Question 7

What is a security mechanism?

Answer 7

A security mechanism is a process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.

Question 8

What is a security service?

Answer 8

A security service is a processing or communication service that enhances the security of the data processing systems and the information transfers of an organisation
Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service

Question 9

What are the two types of security attacks?

Answer 9

Passive attacks - attempts to learn or make use of information from the system but does affect the system resources (eavesdropping, monitoring)

Active attacks - attempts to alter system resources or affect their operation (modification of message)

Question 10

What is a DDoS attack?

Answer 10

A distributed denial of service is a type of active attack where the attacker attempts to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic

Question 11

What are the 5 major service categories in X.800?

Answer 11

1. Authentication
2. Access control
3. Data confidentiality
4. Data integrity
5. Nonrepudiaition