Computer and Information Security Basics

Questions and Answers

Why is it essential to define security with precision?

• To ensure that the system is aesthetically pleasing.
• To avoid under-defined questions that lack clear solutions. (correct)
• To make the system more complex and harder to understand.
• To confuse potential attackers.

Why is achieving 'perfect security' considered practically impossible?

• Because perfect security is only possible with expensive hardware.
• Because attackers always have more resources than defenders.
• Because defenders need to ensure every aspect is secure, while attackers only need to find a single vulnerability. (correct)
• Because security is solely the responsibility of end-users.

According to the content, what is crucial for flawed humans to avoid missing security considerations?

• Ignoring simple security measures.
• Adopting security models and systematic thinking. (correct)
• Relying on intuition and gut feelings.
• Taking mental shortcuts for efficiency.

What does the CIA triad primarily aim to ensure?

Confidentiality, integrity, and availability of information. (D)

According to the material, what does 'integrity' in the CIA triad specifically guard against?

Improper modification or destruction of information. (C)

In the context of computer security, what is the main purpose of 'countermeasures'?

To provide general defenses for an asset. (A)

How do threats typically function in the context of computer security?

They exploit one or more vulnerabilities of an asset. (C)

Why should the concept of 'reducing risk' be approached with caution?

Because it implies that achieving complete security is possible. (C)

What is the critical difference between something being 'more secure' versus 'fully secure'?

More secure reduces the probability of an exploitable vulnerability but never eliminates it, while fully secure is a fallacy. (A)

How does 'inference' constitute a class of threat related to unauthorized disclosure?

By deducing sensitive information from public data. (D)

What type of threat involves manipulating data, such as altering grades in a database?

Falsification. (A)

Which option illustrates a 'disruption' threat?

Launching a denial-of-service attack to incapacitate a system. (C)

What is an example of a 'misappropriation of service' that constitutes a usurpation threat?

Using telephone services without authorization. (B)

In the context of asset availability, what scenario exemplifies a threat against hardware?

Physical theft or disabling of equipment. (A)

What exemplifies a breach of confidentiality concerning data assets?

Unauthorized reading of user data. (A)

According to FIPS 200, what is the purpose of 'access control'?

To limit who gets in and what they can do. (D)

Why is 'awareness and training' a key security requirement under FIPS 200?

To prevent uninformed users from unintentionally aiding attacks. (A)

What does 'contingency management' entail according to FIPS 200?

Having plans ready for emergencies. (A)

How does 'media protection' contribute to security, as defined by FIPS 200?

By keeping storage devices safe, even when discarding them. (C)

What makes a 'good model of security' effective?

It integrates security considerations throughout every part of the organization. (C)

What is the definition of 'attack surface'?

The number of ways an attacker could interact with a system. (C)

Which of the following practices helps reduce the potential attack surface of a system?

Finding ways to reduce the points of interaction an attacker could use. (A)

What is a critical aspect of the 'evaluation' stage in a security strategy?

Proving that the implemented security measures are actually effective. (C)

When developing defenses, why is critical to define assets at risk, vulnerabilities, and attacker's capabilities?

To allow for a systematic approach to prevent attacks. (B)

In the context of threat modeling, what is the benefit of systematic thinking?

It identifies specific guarantees by defenses. (C)

What is the ultimate goal of threat modeling?

To compare techniques in terms of cost/benefit tradeoffs. (C)

In the context of HTTPS, why is encrypting communications using negotiated keys an effective defense?

Because attackers cannot deduce the key or decrypt communications. (B)

Why is constant vigilance required to maintain a strong security posture?

Because attacker's only have to find a single flaw. (A)

According to the conclusion, which of the following should be applied to ensure the best security?

Applying systematic thinking guided by models. (A)

Flashcards

Information Security

The protection of information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Confidentiality

Preserving authorized restrictions on information access and disclosure.

Integrity

Guarding against improper information modification or destruction.

Availability

Ensuring timely and reliable access to and use of information.

Assets

Valued hardware, software, data, and communications.

Threats

Specific attacks against an asset.

Countermeasures

General defenses for an asset.

Risk

Our perception of exposure to threats.

Vulnerability

A weakness in the asset that can be exploited.

Attack

A threat that is carried out leading to a violation of CIA triad.

Unauthorized disclosure

Preserving the privacy of sensitive information.

Deception

Manipulating data to be untrue or misleading.

Disruption

Interruption of operations or systems.

Usurpation

Unauthorized use of services or systems.

Access control

Limiting who can access what resources.

Awareness and training

Informing users about security risks and best practices.

Auditing and accountability

Monitoring and recording system activities.

Certification and assessment

Reviewing security measures to ensure effectiveness.

Config management

Tracking and managing how systems are set up.

Contingency management

Having plans ready for emergencies and disasters.

Identification/authorization

Verifying and validating user identities.

Incident response

Steps to take when a security breach occurs.

Maintenance

Actively maintaining systems.

Media protection

Keeping storage devices secure, even when discarded.

Physical/environmental protection

Securing physical access to systems and facilities.

Planning

All activities are planned before execution.

Personnel security

Screening and vetting personnel with access.

Risk assessment

Analysis to determine investments in proportion to risk.

Attack surface

How available an asset is in relation to threats.

Implementation

Identifying mechanisms of prevention, detection, response, and recovery.

Study Notes

Computer Security Overview

• Precision of thought is an important lesson in computer security.
• If a circle is drawn with imperfect pixels then a flood fill can penetrate it.
• A defender needs perfect pixels, but an attacker only needs one flaw.
• Perfect security is usually impossible to prove.
• Security models help humans avoid missing something.
• Requires systematic thinking to avoid mistakes based on intuition.

Information Security

• The protection of information and information systems against unauthorized access, use, disclosure, disruption, modification, or destruction.
• Ensures confidentiality, integrity and availability.

The CIA Triad

• Confidentiality: Preserving authorized restrictions on information access and disclosure, including protecting personal privacy and proprietary information.
• Integrity: Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.
• Data Integrity: The property that data has not been altered in an unauthorized manner, covering data in storage, processing, and transit.
• System Integrity: The quality of a system performing its intended function unimpaired, free from unauthorized manipulation.
• Availability: Ensuring timely and reliable access to and use of information.

Computer Security Model Components

• Assets: The valued hardware, software, data, and communications.
• Threats: Specific attacks against an asset.
• Countermeasures: General defenses for an asset.
• Risk: Summarized perception of exposure to threats.

How Threats Work

• Threats exploit one or more vulnerabilities of an asset.
• Vulnerability can be a design flaw or a resource constraint.
• An attack is a threat carried out, leading to a violation of the CIA triad.
• Types of attacks include information leakage which fails confidentiality.
• Types of attacks include doing the wrong thing, or giving the wrong answer failing integrity.
• Types of attacks include becoming unusable or inaccessible violating availability.
• A Countermeasure deals with a particular class of attack, ideally preventing.
• Ideally a Countermeasure is able to detect and recover from an attack if prevention fails.

Reducing Risk

• Security of a system is boolean: vulnerable or not vulnerable.
• Applying countermeasures reduces the probability of attacks succeeding.

Security Terminology

• "More Secure" means countermeasures reduce the probability of an exploitable vulnerability being available to attackers, but this probability never reaches zero.
• "Fully Secure" is a delusion, implying complete security is achievable.

Classes of Threats

• Unauthorized disclosure includes exposure of sensitive information, and the interception of transit information via network sniffing.
• Unauthorized disclosure includes inference of info from public data and intrusion into a system.
• Deception includes masquerading, falsification of data and repudiation.
• Disruption includes incapacitation of a system, corruption of data and obstructing communications.
• Usurpation includes misappropriation of service and misuse of service.

CIA Triad Application

• Hardware availability can be compromised by stolen or disabled equipment.
• Hardware confidentiality can be compromised by stolen physical media.
• Hardware integrity can be compromised by hardware modified with tracking or control mechanisms.
• Software availability can be compromised by corrupting OS or program files.
• Software confidentiality can be compromised by proprietary software theft.
• Software integrity can be compromised by including tracking mechanisms or malicious control (e.g., malware).
• Data availability can be compromised by deleted or corrupted files.
• Data confidentiality can be compromised by unauthorized reading of data.
• Data integrity can be compromised by malicious actor modifying files.
• Communications availability can be compromised by blocked messages or damaged communication lines.
• Communications confidentiality can be compromised by intercepted messages or traffic pattern analysis.
• Communications integrity can be compromised by modified, duplicated, fabricated, or molested messages in transit.

FIPS 200 Requirements

• Access control limits who gets in and what they can do.
• Awareness and training prevent uninformed users from aiding attacks.
• Auditing and accountability tracks who’s doing what.
• Certification and assessment periodically reviews security posture.
• Config management tracks configured items, noting changes.
• Contingency management includes plans for emergencies.
• Identification/authorization checks user identities.
• Incident response plans for responding during/after a breach.
• Maintenance actively maintains systems.
• Media protection keeps storage safe.
• Physical/environmental protection secures doors, walls, cameras, etc.
• Planning involves thoughtful action, avoiding “cowboy IT".
• Personnel security vets those working within the systems.
• Risk assessment analyzes risk and invest proportionally.
• Systems and services acquisition sources goods/services wisely.
• System and communication protection encompasses good software engineering.
• System and information integrity uses malware countermeasures.

Security Models

• The Good security thread runs through everything.
• The Bad security model involves a separate silo.

Attack Surface

• Attack surface is how many ways an attacker can interact with a system.
• Attack surface includes the software itself, the network, and humans.
• Windows 95 has a large attack surface, listening for connections on several ports with various services.
• Windows 10 has a smaller attack surface, listening on a few ports with a firewall blocking connections.
• Ubuntu Linux 22.04 has a smaller attack surface, listening on no ports.
• Reducing the attack surface is good practice.

Security Strategy

• Specification/policy defines the goal, considering tradeoffs against ease of use and cost.
• Implementation identifies mechanisms of prevention, detection, response, and recovery.
• Evaluation proves it is working rather than assuming it is.

Threat Models

• When designing a defense, the goal must be known.
• Must define assets at risk.
• Must define vulnerability which is being protected against.
• Has to define attacker's capabilities/knowledge.

Threat Modeling Example: HTTPS

• HTTPS is the encrypted form of HTTP for secure web traffic
• Assets at risk include private user communications, including credentials.
• The vulnerability is that packets may be intercepted in transit.
• Attacker can intercept packets for a specific user or for the site as a whole
• Negotiating a key in open communication known only to user and server; all content is encrypted with this key.
• Attacker cannot deduce key and therefore cannot decrypt communications. They do know, however, that communication happened and roughly how much.

Why Threat Model?

• Threat models help move from more secure to a specific guarantee.
• Threat models promote systematic thinking about when a defense can and cannot do.
• Threat models allow to compare techniques in terms of cost/benefit tradeoffs.
• Threat models help understand what attacks are still on the table.

Conclusion

• Perfect security is impossible.
• The struggle is constant to ensure everything is correct.
• An attacker has to find a single flaw.
• Use systematic thinking guided by models is best practice.
• The CIA triad is an example of best practice.
• An information security model, security strategy and attack surface/threat modeling are best practice.
• Reduce likelihood of missing something with design principles.
• FIPS 200 security requirements are an example of best practice.
• Design principles for security in software design is best practice.