Flashcards in Lecture 4: 27th September 2019 Deck (29)
What are the main 3 general, high-level aims of security systems?
Prevent: Lock out the unauthorised user
Detect: Discover when an intrusion has been made or an asset is missing
React: Recover from the attack.
What are the desired system characteristics? What are the main 3?
Confidentiality: No unauthorised disclosure
Integrity: Prevent unauthorised modification
Availability: Prevent the withholding of resources.
Reliability: Uptime of system must be near to 100
Auditability: Evidence of actions
Authenticity: No unauthorised users.
The first 3 (CIA) are the main ones.
What is an exploit?
an attack performed by someone to take advantage of the vulnerability
What is a threat?
a circumstance that has the potential to cause loss or harm such as human attacks or natural disasters
What is malware?
same as Malcode or Virus, basically software with an exploits coded. Often there is a signature – a pattern within the code.
What is an attack?
an assault launched by cybercriminals using one or more computers against one or more computers or networks in an attempt to breach their security
What is an attack vector?
the mechanism or entry route of an exploit
Which system layers should security protect?
Hardware: Registers, memory overflow
Operating system: kernel, memory allocation, access rights
Data Storage: access and authorisation
Network: access, authorisation, data packets, routing data
Applications: data and program access and authorisation
Internet: the most problematic application
Physical: the physical machine is also vulnerable
How should security authenticate each layer in a system?
Can authenticate separately at each layer (takes more time, people use simple or 1 password => insecure) or use 1 single authentication measure (less secure than long and different passwords for every layer but quicker and, in practice, not significantly less secure) for every layer.
How can you ensure you have a legally sufficient and defensible level of security measures on a system?
Adhere to recognised international security standards and guides, e.g. from NIST or ITIL.
What should risk analysis consider?
Subject: the who, a person or a process (a program)
Object: the what, the data, the file, the process
Mode: the how, the mode or method of access
Policy: the who, what, how & possibly when.
What are the 4 theoretical types of threats?
Modification; fabrication; interrupt; intercept.
How can we mitigate threats?
Multi-Level Authentication: not just one weak password,
Least Privilege: don’t give most users a lot of access to the system
Fail Securely (or nicely): compartmentalise the system and have die-time routines
Trust No-One: trust is a slow process and not given by default
What should we consider about attacks when taking measures against them?
Who will perform them, what the attack will target, where they will be deployed from, how they work and what the type of attack is.
What is a virus?
A self-replicating program that has some detrimental effects, such as providing backdoors, deleting or stealing data.
Why should special security precautions be taken on special dates?
Attacks also deployed on notable dates: Friday 13th, Xmas PSN attack, etc.
What is a worm?
A program that copies itself from one computer to
What is a rabbit?
A program that multiplies so rapidly it exhausts resources of a specific type, e.g. disk space or iNode tables. Aka bacterium.
What is a logic bomb?
A program that performs an action that violates The security policy when a trigger is executed. A logic bomb may be inserted to go off when someone’s login id has not been executed for a while, or when a random file is read.
What is adware?
Software that automatically displays or downloads advertising material such as banners or pop-ups. Some also come with key-loggers or spyware.
What is spyware?
Software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. It can log their keystrokes or Internet usage. This is privacy-invasive software.
What is spam?
Irrelevant and unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.
What is a botnet?
A large network of private computers that have been infected with malicious software without the knowledge or consent of the owner to launch attacks such as spam or DDoS.
What is a rootkit?
Software that enables a user to covertly gain control of privileged elements of a computer system without being detected.
What was the RAMNIT attack?
A BOTNET that propagated with a worm and stole cookies, login credentials, and Internet usage logs, before setting up a back door.
What was the WannaCry attack?
A worm that infected Windows machines with ransomware that encrypted data and demanded cryptocurrency to decrypt them. It spread through SMB ports after scanning 25 random IPs every second and then through networks, such as the NHS in the UK.
What is the difference between WannaCrypt and WannaCry?
Same, just different names.
What are some good catalogues of vulnerabilities and existing attacks?
NIST NVD, MITRE CVE, and McAfee Quarterly Threat Report