Security Basics - Topic 2 Flashcards
(26 cards)
Motivation, targets, methods: Information Warfare
Motivation:
Military or political dominance
Targets:
Critical infrastructure, political and military assets
Methods:
Attack, corrupt, exploit, deny, conjoint with a physical attack
Motivation, targets, methods: Information Warfare
Motivation:
Military or political dominance
Targets:
Governments, companies, individuals
Methods:
Advanced persistent threats
Motivation, targets, methods: Cyber Crime
Motivation:
Economic Gain
Targets:
Governments, companies, individuals
Methods:
Fraud, ID theft, Extortion, Exploit
Motivation, targets, methods: Cracking
Motivation:
Ego, personal enmity
Targets:
Governments, companies, individuals
Methods:
Attack, Exploit
Motivation, targets, methods: Hacktivism
Motivation:
Political change
Targets:
Governments, Companies
Methods:
Attack, defacing
Motivation, targets, methods: Cyber Terror
Motivation:
Political change
Targets:
Individuals, Companies
Methods:
Marketing, command and control, computer-based violence
What does CIA stand for?
Threats in a generic context (Confidentiality, Integrity and Availability)
What is disclosure?
Threats to confidentiality.
Snooping, sniffing (data in transit)
Unauthorised access (systems, data at rest)
What is deception?
Fraud and forgeries; threats to integrity
What is deception?
Fraud and forgeries; threats to integrity
Spoofing (Identity theft)
Unauthorised data modification
Replay (intercept and retransmit)
Repudiation (false denial) of origin, repudiation of receipt
What is disruption?
Threat to availability
Modification, delay, Denial of Service (DoS)
What are the three types of Integrity / Authenticity / Authentication (making sure data is authentic)?
Entity integrity (entity indeed has the claimed identity)
Content Integrity (any unauthorised modification and replay of data can be detected)
Origin Integrity (data is indeed from the claimed source)
What is freshness?
Ensuring data is not a replay/retransmission of ‘old’ data
What is non-reupdiation?
Protecting against repudiation (false denial)
What is fairness?
Either all the parties have received what they expect to receive or none of them receives anything useful
What are the three main steps of the achieving security life-cycle
Define your security goal and threat analysis: Identify what to protect against and specify security policy
Design and implement security measures: decide how to protect so as to achieve your goal.
Security assurance (operation, monitoring and maintenance): to assess how well the implementation has achieved the goal
Methods for defining the security goal
Threat analysis: identify and decide what to protect against.
Policy/requirement specification: to define what is, and/or is not, allowed.
What is threat analysis?
Identify assets, threats and vulnerabilities: to find out what are the most likely avenues in which an attack will succeed at a relatively low cost to the attacker.
Not all threats are worth defeating (cost vs benefit)
Typically carried out with an attack tree analysis method
What is the attack tree analysis method?
A conceptual diagram showing how an asset, or target, might be attacked.
Consists of one root node, child nodes and leaf nodes
The root is representative of the attack goal
Child and leaf nodes are conditions under which, or ways/methods by which, one may obtain the goal. If a method in turn requires other intermediate steps, then under each of these child nodes, branch off as appropriate.
Relationship branches may be ‘OR’ or ‘AND’
‘OR’ represents alternative attack methods to succeed in the attack
‘AND’ represents multiple steps required to launch the attack
Each node may be given a value to indicate:
- Likelihood that an attacker will mount the attack, or probability of succeeding the attack
- Cost in succeeding the attack, in terms of monetary cost, or time taken to accomplish the attack etc…
Once done any path from a leaf node to the goal is a potential attack marked with likelihood, or cost…
What are detective measures?
Measures taken during or after the attacks, e.g. logging/auditing, intrusion detection systems (host-based, network-based, hybrid, …)
What is response and recovery in the design and implementation phase of the achieving security life cycle?
Measures to repair any damage so that the system can continue to function correctly even if an attack succeeds, .e.g. backup.
What is cost-benefit analysis?
Is it cheaper to prevent (using security mechanisms) or recover (e.g. using restoration from backup) or just ignore?
What is security assurance?
To assess how well the implementation has achieved the goal
Testing to assess the correct implementation of policies
Formal evaluation of the implementation.
Name some security assurance standards
US Security Evaluation Criteria (the Orange book)
European ITSEC (Information Technology Security Evaluation Criteria)
