Security Concepts Flashcards
(31 cards)
What are the 3 terms to describe the CIA Triad
Confidentiality, Integrity and Availability
Confidentiality
Only authorized individuals have access to information and resources
Snooping
Gathering information that is left out in the open
Mitigation: Clear desk policy
Dumpster Diving
Looking for sensitive documents in the trash
Mitigation: Use a shredder
Eavesdropping attack
Listening for sensitive information
Mitigation: Have important meetings in private locations
Social Engineering
Psychological tricks to get access or information
Mitigation: Training
Wiretapping
Monitoring of network traffic
Mitigation: Network traffic encryption
Integrity
Do not allow unauthorized changes
Unauthorized modification
Attacker makes changes without permission
Mitigation: Least privilege access
Impersonation Attack
Attacker pretends to be someone else
Mitigation: User training
Man in the middle
Sit in the middle of communication
Mitigation: Traffic Encryption
Replay
Eavesdrop on logins and reused captured credentials
Mitigation: Traffic Encryption
Availability
Protect authorized access to system and data
Denial of service
Bombarding of system with overwhelming about of information
Mitigation: Firewalls and ISP DDOS protection
Power Outage
Increased power usage, natural disasters etc
Mitigation: Redundant power supplies
Hardware Failures
Equipment can fail occasionally
Mitigation: Build systems with redundancy
Destruction of equipment
Intentional or accidental damage
Mitigation: Redundancy, backup data centers
Service outages
Programming errors or underlying equipment.
Mitigation: Resilient systems
Identification
Username
Authentication
Password
Authorisation
Access control lists
Accounting
Logs for user activity
Password Rules
Length - At least 8 characters
Complexity - digits / special characters
Expiration - Force password changes
Password Managers
Use of unique strong passwords for each site
