Computer Security Chapter 1: Introduction

Questions and Answers

What characterizes a passive attack in a security context?

• It targets system vulnerabilities directly.
• It learns or makes use of information without affecting system resources. (correct)
• It involves modifying system data to create chaos.
• It actively disrupts system operations.

Which of the following best defines a countermeasure?

• A metric for evaluating security effectiveness.
• A set of guidelines for user behavior.
• A method to increase the system's speed.
• An action, device, or procedure to reduce threats or vulnerabilities. (correct)

What is a vulnerability in the context of system security?

• A flaw or weakness that can be exploited to violate security policy. (correct)
• An extreme threat that compromises data integrity.
• A robust defense against potential threats.
• An authorization mechanism for user access.

Which aspect does a security policy specifically address?

The rules and practices for protecting sensitive resources. (D)

Which determination is NOT typically made by security administrators?

How much budget is allocated for security. (D)

What is the primary purpose of a system as defined in the content?

To interrelate elements for a common purpose or goal (A)

Which of the following is NOT a type of system mentioned?

Virtual systems (A)

What three main aspects does security ensure according to NIST?

Confidentiality, Integrity, and Availability (C)

Which of the following best describes a physical system?

An arrangement of existing entities (C)

What is a characteristic of abstract systems as described in the content?

They are composed of interdependent ideas or constructs (C)

Why is it important to understand security goals in computing?

To safeguard information system assets from risks (D)

Which option describes the relationship between elements in a system?

Elements interact to achieve a collective goal (B)

What role do controls play in the context of security?

They are measures that help achieve security principles like integrity (A)

What is considered a potential security threat in computing?

Exploitation of a vulnerability (B)

What does risk entail concerning computing assets?

Potential damage without consent (C)

How is trust defined in the context of risk?

Likelihood of people acting as expected (C)

What is the primary focus of Information Security?

Maintaining confidentiality, integrity, and availability of data (C)

Which term is primarily concerned with management and assurance of risks related to information?

Information Assurance (C)

What could be a serious problem resulting from a security threat?

Expectation of loss (D)

How do Computer Security and Information Security differ?

Information Security is concerned with data irrespective of its form. (A)

What is the main challenge of trusting internet servers?

Potential exposure to vulnerabilities (D)

What does trust between two individuals indicate?

Familiarity with each other’s actions (A)

Which of the following areas is included within Computer Security?

Network Security (D)

What can the lack of trust in a computer system lead to?

Skepticism about its expected performance (C)

Which statement accurately describes CyberSecurity?

It encompasses measures to protect networks and information systems from cyber threats. (A)

What aspect does the term 'acceptable risk' refer to in information security?

The level of risk that an organization is willing to accept. (D)

Which of the following best describes the level of confidence in a computer system?

Confidence in expected behavior (D)

Which of the following correctly distinguishes between Computer Security and Information Security?

Information Security encompasses risks while Computer Security does not. (D)

Which of the following is NOT considered a part of information system assets?

Personnel management (A)

What type of servers are considered the most trusted according to the content?

Internal servers (B)

Which type of users is categorized as less trusted due to the potential for abuse?

Internal users (A)

Why are Internet servers classified as the least trusted?

They are often accessed by unverifiable users. (C)

Which of the following is a characteristic of hackers as described in the content?

They often report vulnerabilities in software. (D)

What is a primary difference between hackers and crackers?

Hackers do not engage in malicious activities. (D)

Which type of malware replicates itself through email and network facilities?

Virus (B)

What term is used for individuals who use pre-written scripts to exploit systems, often lacking advanced skills?

Script kiddie (C)

What distinguishes a Trojan horse from other types of malware?

It disguises itself as useful software without replicating. (A)

What is the primary reason that internal servers are considered the most trusted?

They are under known management and control. (C)

What typically characterizes less trusted users within a network?

They may exploit privileges for malicious purposes. (D)

Which category does the Internet servers fall into regarding trust levels?

Least trusted (D)

What does the term 'risk' refer to in the context of computing assets?

Any cause that may damage computing assets unexpectedly. (B)

What is the purpose of the Secure Sockets Layer (SSL)?

To encrypt data transmitted over a network. (C)

How is 'trust' described in the context of network security?

The degree of faith in user behavior. (D)

What is a significant concern regarding remote, unauthenticated users?

They do not have established identities or credentials. (B)

What is likely to be a consequence of a vulnerability being exploited?

Loss of data integrity and potential security breaches. (B)

Flashcards

What is a system?

A set of interconnected parts that work together to achieve a specific goal. Systems can be abstract, like a set of ideas, or physical, like a computer.

What is security?

Measures taken to safeguard information systems and their assets, ensuring confidentiality, integrity, and availability.

Confidentiality

The assurance that only authorized individuals can access sensitive information.

Integrity

Ensuring that data remains accurate and unaltered, preventing unauthorized modifications.

Availability

Guaranteeing that systems and data are accessible to authorized users when needed.

Contradictory Security Goals

Confidentiality, integrity, and availability are essential for information security. But they can sometimes conflict with each other, needing careful balancing.

Information Security

Measures taken to guarantee the confidentiality, integrity, and availability of information system assets.

Computer Security

Focuses on the correct operation and availability of a computer system, without specific concern for data.

Information Security

Ensuring the confidentiality, integrity, and availability of data in all forms, including electronic, print, and physical.

Information Assurance

The assurance of information and management of risks associated with information use, processing, storage, and transmission.

Cybersecurity

A broad term encompassing cybersecurity, network security, and information security, focusing on protecting computer systems and networks.

Data Security

Protecting data and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Network Security

Measures taken to prevent unauthorized access, use, disclosure, disruption, modification, or destruction of network data.

Application Security

Measures taken to prevent unauthorized access, use, disclosure, disruption, modification, or destruction of software applications.

Trust in Computing Security

The likelihood that individuals will act in a predictable and expected manner, often based on a prior relationship or understanding.

Computing Security Risk

Anything that could potentially damage your computer system or sensitive data without your knowledge or consent.

Security Threat

An attack that exploits a weakness or vulnerability in a system to gain unauthorized access or cause harm.

Vulnerability

A flaw or weakness in a system that could be exploited by a security threat.

Trust in Computer Systems

The level of confidence we have that a computer system or its components will operate as intended.

Security Risk Impact

The potential negative consequences or damage that could result from a security risk being realized.

Security Risk Probability

The likelihood that a specific security risk will actually occur.

Expectation of Loss

The anticipation or expectation of loss or damage that may result from a security risk.

What is Trust in Computing?

Trust is the belief that someone or something will act in a predictable and reliable manner. In computing, it refers to the level of confidence we have that systems or components will behave as expected.

What is Risk in Computing?

Risk in computing refers to any event or circumstance that could potentially jeopardize the security or integrity of your computer systems and data.

Why are internal servers considered the Most Trusted?

Internal servers, domain controllers, and storage devices are considered the most trusted components within a network because they are typically under strict control and security measures.

Why are internal users considered Less Trusted?

Internal users and remote, authenticated users are considered less trusted than internal servers because there is a higher possibility for human error or misuse of privileges.

Why are internet servers considered the Least Trusted?

Internet servers and remote, unauthenticated users are considered the least trusted because they pose the highest security risk due to the lack of control and verification.

What is SSL and TLS?

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that use certificates to establish encrypted connections between a client and a server, ensuring secure communication.

What is a computer virus?

A type of malicious software that spreads by copying itself to other programs or files, often via email or network shares.

What is a worm?

A type of malware that replicates itself and spreads to other computers without human interaction.

What is a Trojan horse?

A type of malware disguised as a benign program to gain access to a user's computer and steal data.

What is spyware?

A type of malware that secretly collects information about a user's activities and sends it to a third-party without their knowledge.

What is a hacker?

A person who is skilled in computer systems and uses their knowledge to gain unauthorized access to information.

What is a cracker?

A person who uses their computer skills for malicious purposes, like stealing data or disrupting systems.

What is a script kiddie?

A person with limited skills who uses pre-made tools to exploit vulnerabilities in systems.

What is a system vulnerability?

Any weakness or flaw in a system that could be exploited by attackers to gain unauthorized access or disrupt operations.

Countermeasure

An action, device, procedure, or technique that helps reduce the risk of a threat exploiting a vulnerability.

Risk

The probability of a particular threat exploiting a vulnerability, leading to a specific harmful outcome.

Security Policy

A set of rules and practices that describe how a system or organization protects sensitive data and resources.

System Resource

Any computing infrastructure or assets that require protection.

Threat

A potential threat to the security of a system.

Study Notes

Chapter 1: Introduction

• Introduction to the study of computer security.
• Topics covered include: what secure means, risks in computing, security goals (confidentiality, integrity, availability), and contradictory goals.

System Definition

• A system is a conceptual framework used to interrelate elements.
• Defined as a set of interconnected elements that collectively work towards a shared purpose or goal.
• Systems can be abstract (interrelated ideas) or physical (tangible entities, like computing systems).

Security Definition (NIST)

• Security is defined as measures and controls that ensure confidentiality, integrity, and availability of information system assets.
• 'Is the protection as well as maintenance of the level of acceptable risk'.
• Related Terminologies include: Computer Security, Information Security, Information Assurance, and Cybersecurity. These are viewed as somewhat distinct but also overlapping.

Computing System Security

• Computer Security: focuses on the availability and correct operation of a computer system, regardless of the specific data stored.
• Network Security: is part of computer security and involves the security of the components and connections in a computer network.
• Examples are: hubs, switches, routers, modems and gateways
• Data Security: addresses the security of data (where it is stored, who uses it, how it is protected)
• This also discusses the concept of data as being stored, processed, and disseminated.

Additional Security Aspects

• Application Security: protecting software and applications from vulnerabilities and attacks.
• Endpoint Security: focuses on security for individual devices.
• Security Incident Response: procedures for handling security incidents.
• Security Awareness and Training: educating users about security threats.

Risk Concept

• Risk is anything that can damage computing assets without consent or knowledge.
• This includes potential security threats and vulnerabilities.
• Causes for it include a lack or failure of trust.

Trust

• Trust is the likelihood that people will act as expected.
• Trust can exist between individuals, but not between a user and an unknown server, therefore trust should not be assumed.
• The level of confidence in a computer system or its components to behave as expected.
• Trust is critical; but can be difficult to establish between users and unknown entities.

Types of Trust (and less Trust)

• Most trusted: internal servers, domain controllers, and storage devices attached to the network.
• Less trusted: internal users and remote, authenticated users (because of the minority who misuse their access).
• Least trusted: Internet servers and remote, unauthenticated users (as they are often unknown/outside the system and can’t be fully trusted).

Systems Weaknesses

• External Weaknesses include: malware, spyware, hackers (individuals skilled in gaining access without explicit authorization), crackers (individuals seeking to exploit security vulnerabilities), and script kiddies (those who use tools/scripts without extensive skill/technical expertise).
• Internal Weaknesses include: authenticated users, unauthorized programs, and unpatched software.

Common Security Mistake

• Incorrectly assuming that attacks only originate from outside the organization.

Security Objectives (Goals)

• Confidentiality: ensuring no data is disclosed accidentally or intentionally.
• Integrity: preventing unauthorized modifications to the data.
• Availability: guaranteeing that systems and services are accessible to authorized users when needed.

CIA triad

• Acronym for the security goals of Confidentiality, Integrity, and Availability. - These concepts are often mentioned together in computer security discussions.