Module 1.2

Question 1

What is an asset again?

Answer 1

• > anything valuable to organization
• > system resource
• > 6 examples -> program/application, shared systems, critical systems or support systems, plants, personnel, equipment, data/info
• database is example

Question 2

Cyber security review? where is assets in the def?

Answer 2

-> preventing damage to, protecting and restoring
components of computers (ASSETS)
to meet goals of objectives such as confidentiality, integrity, availability, authenticity and non-repudiation

Question 3

Examples of assets in cyber security definition 4? 3 main?

Answer 3

computer
electronic communication systems/services
wire/electronic communication
information contained within those above

systems
information
services

Question 4

what are 4 classes of assets we need to protect?

Answer 4

hardware
software
communication
data

Question 5

what are hardware assets (3 examples?)

Answer 5

hardware components in systems
eg. data processing systems
storage systems
data communication devices

Question 6

name three software assets

Answer 6

operating systems, system utilities, applications

Question 7

what are communication assets? 4 examples?

what else can these be categorized as??

Answer 7

->communication components that build our communication network
eg. LAN WAN communication links/devices
switches
bridges
routers
-routers can also be categorized as hardware

Question 8

3 examples of data assets?

Answer 8

• files
• databases
• security related data such as password files

Question 9

What is a threat?

threat to?

Answer 9

• event/circumstance that has potential for adverse effects
• through information systems - unauthorized access, destruction, disclosure, modifying data, denying access
• effects operations, individuals, organization, nation, assets
• threat to security objectives

Question 10

What is an attack -what is a realization of?

Answer 10

• a malicious activity that aims to collect damage or destroy information system or system resources
• realization of a threat

Question 11

what is the threat of unauthorized disclosure?

threat to?

Answer 11

even when a unauthorized person gains access to the data

->threat to confidentiality

Question 12

What are the 4 realizations/attacks of unauthorized disclosure?

Answer 12

-exposure, interception, inference, intrusion

Question 13

what is exposure?

Answer 13

sensitive data released to unauthorized person

Question 14

what is interception?

Answer 14

unauthorized user directly accesses sensitive data that is travelling between authorized source/destination

Question 15

what is inference?

Answer 15

unauthorized user indirectly gets access to sensitive info by reasoning from characteristics or by products of communication
->learning through inferring what info is about

Question 16

what is intrusion?

Answer 16

unauthorized user gains access to sensitive data by bypassing system’s security (breaking in)

Question 17

What is the threat of deception?

threat to?

Answer 17

event that may result in authorized entity receiving false data/believing it
->threat to system integrity (correct operation) and data integrity (trustworthiness of data)

Question 18

What are the three attacks of deception?

Answer 18

Masquerade, Falsification, Repudiation

Question 19

What is Masquerade?

Answer 19

unauthorized entity gains access to system and pretends to be an authorized entity to perform malicious acts

Question 20

What is Falsification?

ex?

Answer 20

false data inserted to deceive authorized person

->eg into communication so they take a corrective action which can cause asset damage

Question 21

What is Repudiation?

Answer 21

entity deceives another by saying it’s not them

-you do unauthorized actions in the system but don’t take accountability

Question 22

What is disruption? threat to?

Answer 22

events that interrupts/prevent correct operation system’s services
->Threat to system integrity and availability

Question 23

What are the three realizations of disruption?

Answer 23

incapacitation, corruption, obstruction

Question 24

What is incapacitation?

Answer 24

interrupts/prevents system operation by disabling a system component

Question 25

What is corruption?

Answer 25

altering system operation by modifying system functions or data (not disabling, but corrupting so it can't provide reliable services)

Question 26

What is obstruction?

Answer 26

interrupts services by hindering system operation (eg. jam communication so no interruption in delivery)

Question 27

What is usurpation? what is it threat to?

Answer 27

event that results in control of system by unauthorized entity ->threat to system integrity

Question 28

Two types of usurpation

Answer 28

misappropriation and misuse

Question 29

what is Misappropriation

Answer 29

entity goes ahead an starts controlling system resources in a way they aren't supposed to (unauthorized to)

Question 30

misuse, 1 ex?

Answer 30

cause component to perform function that's detrimental to system security (Eg. deny authorized users access)

Question 31

What is a passive attack? - goal? - 2 types?

Answer 31

learn or use system's information in a way that does not effect the system - >goal of obtaining information - release of message contents - passive attacker eavesdropping on information that will intercept or see exposure of sensitive info - traffic analysis - observe what is going on in system and infer through analysis other information

Question 32

What is an active attack? | involves what?

Answer 32

- attempt to alter system or effect its operation | - involves modifying data stream or manipulating components

Question 33

what categories of active attacks?

Answer 33

- replay - intercept a communication and replay it as someone else for deception - masquerade - pose as someone else - modification of messages - falsification, injection - denial of service - disruption threats - actively interrupt communication

Question 34

What is an inside attack? | two types of insiders?

Answer 34

initiated by entity inside security perimeter -an insider(eg. building) - insiders are authorized users but use them in a way they aren't supposed to - malicious employees causing damage to assets - non malicious employees- accidently cause harm or misconfigure system controls

Question 35

What are outside attacks?

Answer 35

-initiated by unauthorized entity outside security perimeter - an outsider -outsiders can be pranksters criminals/terrorists governments anything outside organization trying to cause damage

Question 36

What is an attack surface?

Answer 36

-collection of system's reachable and exploitable vulnerabilities (potential and existing)

Question 37

The smaller the attack surface?

Answer 37

-the fewer opportunities for the adversary to enter and threaten assets

Question 38

First category of attack surface?

Answer 38

-network attack services - networking components that provide entry points

Question 39

Second category of attack surface?

Answer 39

-software attack surfaces - vulnerabilities in programming/code that may allow entry

Question 40

Third category of attack surface? 1 ex?

Answer 40

- human attack surface - all the individuals that are part of system and operation that may comprise to provide access - phishing attack

Question 41

Why is an attack surface important to know? - 3 points

Answer 41

- the smaller the fewer entry points, the larger surface the more entry points - we want to minimize it to reduce entry points/focus on making existing entry points difficult to entry

Question 42

2 examples of a network attack surface?

Answer 42

- open ports facing web/servers that can listen using code | - service running inside a firewall that may be bypassed to gain entry into system's network components

Question 43

2 examples of software attack surfaces?

Answer 43

- code processing incoming data/documents/emails since we could inject commands in the data streams and gain access - interfaces, SQL, web forms since it's like the outward facing component of software which can be abused to gain entry

Question 44

1 example of human attack surface?

Answer 44

-employee with access to sensitive information since he could leak it or accidently give it out for adversary entry into system

Question 45

what is social engineering?

Answer 45

-manipulating people so they give up confidential information

Question 46

1 benefit of a attack surface?

Answer 46

technique for assessing scale and severity of threats

Question 47

2 benefit of attack surface?

Answer 47

helps developers know where security is required since we can add countermeasures where (vulnerabilities) entry points are

Question 48

3 benefit of attack surface?

Answer 48

get guidance on setting priorities for testing, strengthening security measures, or modifying the service

Question 49

What is an attack tree? why an attack tree?

Answer 49

- branching data structure representing potential techniques to exploit security vulnerabilities - help understand the different kinds of attacks and threats that may exist

Question 50

what is the root?

Answer 50

highlights what is the goal/objective of the attack from perspective of a hypothetical attacker - usually will violate one of our security objectives

Question 51

what are branches? how many levels? | -what are they not??

Answer 51

- what are the sub goals we need to achieve the root goal - can have many levels of branching - not actions to initiate attack!

Question 52

combine branches using And how? or how?

Answer 52

AND - using angle sign | OR - simple branching

Question 53

what are leaves?

Answer 53

- all the ways that we can initiate the attack - actions we need to perform - always exists LAST (no branch without a leaf usually)

Question 54

first benefit of attack trees? attack pattern?

Answer 54

- exploit information/take action on types of attack patterns that emerge from attack trees - attack patterns - ways of achieving certain kinds of objectives will follow patterns

Question 55

second benefit of attack tree?

Answer 55

-publication of security advisories have developed knowledge about general/specific attack patterns

Question 56

third benefit of attack tree?

Answer 56

-useful for documenting security attacks in a structured form that reveal vulnerabilities which impacts design and choice of countermeasures and systems