chap 1 Flashcards
(35 cards)
Basic components of security
CIA
what is confidentialty
give an example
keep data and resources hidden
ex: ”For example, military and civilian institutions in the government often restrict access to information to those who need that information. ”
Which tool/access control mechnamism is it for confidentialty?
how does it support confidenitalty?
how can it be used by people that have access to the information?
what is important to protect here except the information that is consider as confidential?
-cryptography it transforming data to make it obegriplig.
-by a crypgraphic key ”controls access to the untransformed data,”
-the crypto key as well is important to protect
confidentality can be used to hide information but also…
resources such as network configurations as well as systems they use so other unothrized user dont know about it
what is integrity about?
-Which are the integiry mechanisms? and what do they do?
data integrity (integirty)- data is not corrupt
orgin integrity (authentic) - that the source of information is authentic
-Prevention and detection
P: block unatorized users attempt
D: analyze system events and report integrity failures
Give an example of integirty and authentification where authentification is not correct
”A newspaper may print information from a leak at the White House but refer it to the wrong source. The information is printed as received (preserving data integrity), but its source is incorrect (corrupting origin integrity)”
explain prevention mechanism (integiry) by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways.”
first: unauhorized attemps - ”The former occurs when a user tries to change data that she has no authority to change” ex: ”Someone breaks into the system and tries to modify the accounting data”
latter: when a user authorized to make certain changes in the data tries to change the data in other ways” ex:autorized user tries to change data by entering the money to a swiss account instead of meain there books.
Detection mechanisms is what?
they report that the data integirty is not trustworthy and analyze system and report about integiry failures
avaiability is about?
ensure access to data and resources
Attempts to block availability is called
-why is it hard to find?
DOS (denial of service) attack becuase
-hard to find becuase analyst must deciide if the unsusal access can be becuase of manipulation of resourses or of environemnt (designed that way)
what is a threat?
is a potenital violation of security, it does not have to happen in order to be consider as threat.
what is attack? who do attacks? how to prevent threaths for the system
executed threats that happens
-attackers do them
-CIA
4 types of threaths
-disclosure - unathorized access to information (snooping)
-deception - acceptance of false data (modification, spoofing, repudation of orgin, denial of receipt, fabrication
-distruption -modification
usurpation : unauthorized control of some parts of system
snooping , which of cia services try to prevent this
unathorized access to antoher persons data. ex passive looking of email that appears or what happens in another computer sceen or watch when someonelse is typing.
confidentialty services
modification is what, which cia try to prevent this
an unauthorized change of information, its active and it results from an entity changing information.
active wiretapping is what. an example. which cia service is trying to previent this
when data moving on the network new data is injected or other part of the data is deleted. its active. ex man-in-the-middle
-integirty service
masquering /spoofing. give an example. which cia service try to prevent this
one entiy says is someone its not. ex user tries to read a web page but attack has arrange user to be given another page. (can be both passive or active)
integrity try to solve this
which masquering is allowd?
delegation of susan delegate thomas the authority to act on her behalf. bu saying im thomas on susan behalf.
repudiation of orgin is what. give example
false deny that an enity sent something.
ex: customer send a iphone to vendor and agree pay for the product. vendor send iphone and dempand thepayment. customer recieve it and according to law can keep it becuase vendor should ship when product is payed.
integrity service try to solve this
definal of receipt is what. example of it. which mechanism try to prevent this?
false defial that entity recived information. ex i order iphone and vendor dont ship before payment. i ask when i will get the iphone even though she has it, can olny vendor prove she got it by reciving it. integiry and avaiablity mechnism try to prevent this
Delay is what. give examples of it. which cia mechanism try to solve this?
temporary interup a service ex an attacker force a deliver to take more time than ussal, the attack has succed in delay delivery. it can be two poeple sending email
-avaiabilty
what is policy?
it says what is and what is not allowed. can be expressed in text or mathematics
what is mechanism? and what is mechanism realtion to policies? give example of mechanism
mechanism is a tool, method, procedure to control that an system ex enforce the policy.
ex: the requirment that user have a password to authenticate herself before using computer.
what is composition of polices, give exmaple
if policies conflict, they migh create security vulnerabilites. they need to agree on what to do ex if one policy allows students and faculity to acces all data and other one allow only faculity access to all the data, then it must be resolved
