2201

Question 1

Data

Answer 1

The building block of information, usually unorganized and unprocessed

Question 2

Information

Answer 2

Processed organized data to offer meaning and context

Question 3

Assets

Answer 3

Resource. this can be hardware or software of people

Question 4

Security

Answer 4

Protecting assets from attackers, viruses worms natural disasters, power failures or vandalism.

Question 5

Information System (is)

Answer 5

A system for collecting, processings storing,and distributing information

Question 6

Information Security (infosec)

Answer 6

Practice of preventing or reducing to Chance of unauthorized access, use, disclosure, disruption, modification or destruction of information and information systems

Question 7

Security plan

Answer 7

Find a balance between protection usability and cost the cost should not outweigh the value of the assets

Question 8

CIA triad

Answer 8

Confidentiality integrity and availability

Question 9

D A D

Answer 9

Disclosure, alteration and denial

Question 10

Confidentiality

Answer 10

Ability to protect information from those who are not authorized to view it

Question 11

confidentiality breach

Answer 11

When someone gets access to information that they were not suppose to

Question 12

Privacy

Answer 12

Data or information is accessible to one authorized source this is different from confidentiality which is accessed by many authorized ppl.

Question 13

Integrity

Answer 13

Ability to prevent data from being changed in an unauthorized and undesirable manner

Question 14

Integrity violation

Answer 14

Modification of data in an undesirable manner

Question 15

Availability

Answer 15

’ When an authorized person can access information when required

Question 16

Unavailability

Answer 16

Attacking availability may occur when attacker o fails to attack integrity or breach confidentiality

Eg creating too much traffic

Question 17

How to offer CIA triad

Answer 17

Confidentiality: using encryption l

Integrity: Using encryption and hash

Availability: Using backup & redundancy

Question 18

Identification

Answer 18

The claim of WHAT someone or some thing is

Question 19

Identification

Answer 19

Claim of what something or someone is

Question 20

Authentication

Answer 20

Establishes whether this claim is true(identification)

Question 21

Identification vs authentication

Answer 21

Identification → public statement of identity
Authentication - private response to challenge

Question 22

Identification verification

Answer 22

We can verify usingadditional documents (step between identification & authentication)

Question 23

Five authentication factors

Answer 23

Something You know, have, are, do and somewhere you are

Question 24

Which 3 things must be balanced in authentication implementation

Answer 24

Protection usability and cost

Question 25

Mutual authentication

Answer 25

Implemented using a digital certificate can be used in combination with MFA

Question 26

Password capture attack

Answer 26

Video recordings of entries phishing keylog

Question 27

Two branches of biometric characteristics

Answer 27

Physiologica &l biological

Question 28

5 physiological characteristics of biometric identification

Answer 28

' Fingerprints, iris scan, hand geometry, facial I'd DNA

Question 29

Four behavioural characteristics of biometrics

Answer 29

Voice pitch, voice Cadence, typing style, signature

Question 30

Biometric characteristics

Answer 30

Performance uniqueness permanence universality collectability acceptability circumvention

Question 31

Universality (biom)

Answer 31

The chosen biometric is possessed by most

Question 32

Uniqueness (biom)

Answer 32

The given trait is unique to those who possess it

Question 33

Permanence

Answer 33

How well a given characteristicevades change over time

Question 34

Acceptability

Answer 34

Acceptability notes how feasible and reasonable the request is

Question 35

Performance

Answer 35

A set of metrics to judge the robustness of the system and now well it functions

Question 36

Collectability

Answer 36

How convenient and reasonable collection is

Question 37

Circumvention

Answer 37

How easily the System can b fooled

Question 38

Measuring biometric performance

Answer 38

Far → false acceptance rate FRR → false rejection rate EER → equal error rate

Question 39

Bell la Padula model -

Answer 39

Combines dad and MAC to support confidentiality (exclusively) The simple security property: a subject with a given security level can not read an object to a higher security level. • no read up • The * property: a subject with a given security level cannot write to an object at a lower security level. • no write down - No stealing of secrets no divulging of secrets

Question 40

Biba model

Answer 40

Implements MAC to protect integrity - (exclusively) The simple integrity axiom: a subject with a given integrity must not read data at lower integrity level. • no read down • The * integrity axiom: a subject with a given integrity must not write data at higher integrity level. • no write up - Does not offer confidentiality Think of baby example

Question 41

Chinese wall model

Answer 41

Designed to prevent conflicts of interest Can implement rbac Think of the lawyer who is between two companies

Question 42

DQ The Bell-LaPadula and Biba models each has its own primary security focus (confidentiality or integrity). If we combine these two models, what will happen?

Question 43

Auditing vs accountability

Answer 43

Accountability is accomplished through conducting auditing in the monitored environment

Question 44

How do we achieve accountability through auditing?

Answer 44

In analyzing the data we have collected in auditing

Question 45

Accountability

Answer 45

Using appropriate logging and ,monitoring keep track of activities following security, business conduct ethics etc

Question 46

Security benefits of accountability

Answer 46

Nonrepudiation Who/what misused out resources Detect and prevent intrusions Prepare materials for legal proceedings

Question 47

Nonrepudiation

Answer 47

A situation that uses sufficient evidence to prevent the individual from denying that they did something

Question 48

How can we enforce Nonrepudiation?

Answer 48

Getting a signature from a package delivery, Using a system or network of logs Using digital forensics Digital signature Etc

Question 49

Deterrence (accountability)

Answer 49

Accountability can be a great deterrent against misbehaviour, can warn offended to keep the away from the offence Eg) badge access time, internet usage at work

Question 50

Admissibility of records

Answer 50

A regular and consistent tracking system must be productive admissible evidence! We need to be able to show where evidence was, how it was passed from one person to another and how it was protected Must have a hash proving that it is original and not been modified —> hash function

Question 51

Hash function

Answer 51

An algorithm that analyzes the data and produces a code or hash. This can be used to prove the originality of evidence e

Question 52

Hash mismatch

Answer 52

When data that a hash algorithm had documented is then modified

Question 53

Cryptographic hash function (CHF)

Answer 53

An algorithm that matches arbitrary length input with a fixed length string. Think of this as an address The arbitrary length input is labelled as a message and the fixed length output is labelled as digest Used for integrity, authentication and Nonrepudiation

Question 54

5 properties of chf

Answer 54

Cryptographic hash function 1 deterministic - same method always produces the same hash 2 one way function - given a hash it it infeasible to produce the original method 3 collision resistance - there is no way to find hash that represents two distinct messages, one digest per message 4 avalanche effect - any chance (even minor) generates a new and entirely different digest 5 computationally efficient- algorithm does not take a long time to compute

Question 55

Dr. Haque wants to implement a new lab accommodation policy for her research students. Her students should be present in her lab during the weekdays from 9 am to 5 pm. Which of the following approach can she use to implement the new policy? Why? Hint: students use an access card to get into the lab, then use lab workstations. a) Deterrence b) Record admissibility

Answer 55

In using deterrence. Eg having students key in with their time of arrival, dr haque can ensure that she has time evidence, thus deterring misbehaviour and implementing record admissibility through a clock in timing system

Question 56

Intrusion detection System (IDS)

Answer 56

IDS is a device or software that monitors a system or network for malicious activity or policy violation Usually reports any such activity or violation to the admin Can detect the following: Denial of service attacks Buffer overflow Protocol attacks Password cracking Malicious codes such as virus or worm Impersonation attack Illegal data manipulation Unauthorized file access

Question 57

DISCUSS the difference between authentication and accountability

Answer 57

AuthenticatIon is a matter of identification and verification, whereas accountability comes after authentication and authorization and access control. It is the next step in security that ensures the appropriate use of a system

Question 58

Order: access control, identification, Accountability, authorization, verification

Answer 58

Identification then verification then authentication the. Authorization then access control and then accountability

Question 59

What are the two types of IDS systems

Answer 59

Network intrusion detection system Host intrusion detection system Both posses the same two working principles,et: signature based detection and anomaly based detection

Question 60

Host vs network intrusion system detection HIDS VS NIDS

Answer 60

Host ids monitors malicious activities as traffic in a single device Network ids monitors traffic flow In A network These two can works together

Question 61

HIDS

Answer 61

Host-based intrusion detection system - takes snapshot of existing systems file and compares with previous/normal state - adds much more granularity

Question 62

NIDS

Answer 62

Network intrusion detection system Monitoring ongoing traffic of a system without overwhelming it Should ideally combined with other security measures such as a firewall Can inspect traffic on and offline (offline occurs with collected traffic data)

Question 63

Signature based IDS

Answer 63

works similar to an antivirus attack. Maintain database of signatures that signal particular type of attack comparing oncoming traffic to those signatures

Question 64

Signatures (in context if ids)

Answer 64

Subject lines and attachments on emails known to carry viruses, re,one logins and other malicious byte sequences

Question 65

Drawbacks of a signature based ids system

Answer 65

Usually precise IF the signature database is up to date Fails to detect new or specially crafted packets —> attackers can also created these databases This means attackers can test these packets to bypass this ids Searching overhead can become timely and inefficient as the number of signatures increases

Question 66

Anomaly based IDS

Answer 66

Uses a baseline of regular traffic and activity on a network. Form of machine learning this way it can identify the deviation from baseline traffic/activity

Question 67

Downsides to anomaly/machine based IDs

Answer 67

Higher rate of false positives compared to the signature based IDS

Question 68

Intrusion Prevention System (IPS)

Answer 68

Identifies suspicious activity Logs security events Attempts to block intrusions or limit data Reports intrusion attempts

Question 69

Intrusion Prevention System (PS) types and methods

Answer 69

Similar to IDs there can be both host and network (hips and nips)

Question 70

IPS vs IDs system

Answer 70

IDs will only defect, where's IPs can take action Traffic needs to flow though lPS Traffic does not need to flow through IDs Packet processing overload is higher in IPS than IDs

Question 71

If you place a NIDS in your network, why do you still need a HIDS?

Answer 71

An hids will provide a more granular level of security. it will use a more real time analysis of what is occurring in a specific device

Question 72

What are the differences between signature and anomaly-based IDS?

Answer 72

Pattern matching vs machine learning