Computer Security Chapter 1

Questions and Answers

Which classification of protection involves taking measures to identify when and how an asset has been compromised?

• Mitigation
• Reaction
• Prevention
• Detection (correct)

In the context of computer security, what is primarily meant by the term 'asset'?

• Physical components of a computer alone
• Licenses that software has
• Any item that holds value within a system (correct)
• Technological innovations created

Which of the following scenarios best represents the 'prevention' classification of protection?

• Reporting fraud to the police after it's discovered
• Using a burglar alarm after a break-in
• Identifying the thief through CCTV footage
• Enforcing encryption when making an online purchase (correct)

What is an example of a 'reaction' in cyber security when faced with credit card fraud?

Requesting a new credit card number after discovering fraud (A)

How does the 'principle of easiest penetration' relate to security measures?

It indicates that intruders will exploit the path of least resistance. (A)

Which statement best captures the essence of confidentiality in computing systems?

Only authorized parties can access information related to the existence of assets. (B)

What does integrity refer to in the context of computer assets?

Assets can only be modified by authorized parties in authorized ways. (C)

In discussing the CIA triad, what does the term 'availability' imply?

Assets must be accessible to authorized parties without unnecessary delays. (A)

Which term is not directly related to the concept of confidentiality?

Data modification (C)

What best describes a 'subject' in the context of access control?

A person, process, or program authorized to interact with data. (D)

What does the term 'integrity' imply when referring to an item?

The item is precise and accurate. (A)

Which of the following is not a recognized aspect of integrity according to Welke & Mayfield?

Accessibility of all users (B)

Which phrase best describes availability in the context provided?

Assets should be present in a usable form for authorized users. (C)

In the context of availability, what does 'denial of service (DoS)' refer to?

Legitimate access to services is restricted. (C)

What does authentication primarily determine in the AAA framework?

The identity of the user attempting access. (A)

Which of the following statements best illustrates the concept of separation and protection of resources?

Critical assets are isolated from general access to prevent breaches. (B)

Which feature is critical for detecting and correcting errors as mentioned?

Implementing mechanisms that identify and rectify mistakes. (A)

How is the definition of availability appears to depend on the presented context?

It is contingent upon having sufficient capacity to meet demand. (D)

What is the relationship between authorization and availability?

Authorization limits user access to data and services. (A)

Computer security includes the protection of assets that have no value.

False (B)

The principle of easiest penetration states that intruders will often use the most complex methods available to breach security.

False (B)

In the context of computer security, 'prevention' includes taking measures that allow assets to be damaged.

False (B)

Detection measures in computer security aim to identify unauthorized transactions after they occur.

True (A)

The 'reaction' classification of protection does not include financial recovery from damages.

False (B)

Confidentiality ensures assets are accessible to all parties without restriction.

False (B)

Integrity can be defined uniformly across all contexts in computing.

False (B)

Access modes include actions such as viewing, printing, and executing assets.

True (A)

Availability describes the ability to modify assets at any time by any user.

False (B)

The CIA triad only considers the perspective of the user rather than the assets.

False (B)

Integrity can be defined as allowing modifications by anyone without restrictions.

False (B)

Separation and protection of resources is one of the aspects recognized by Welke & Mayfield regarding integrity.

True (A)

In computing, availability means that assets are accessible to unauthorized parties at all times.

False (B)

Error detection and correction is considered a vital component of the integrity framework.

True (A)

The AAA framework primarily focuses on data retention when managing user access.

False (B)

Availability is sometimes referred to as denial of access, particularly in the context of DoS attacks.

False (B)

The definition of availability includes being present in a non-usable form.

False (B)

Authorship of actions is a proposed aspect of integrity related to authorized processes.

True (A)

The concept of integrity can involve multiple properties being satisfied at the same time.

True (A)

The AAA system is primarily concerned with physical security rather than user access.

False (B)

Flashcards

Computer Security

The protection of valuable computer assets, including hardware, software, data, processes, storage media, and people.

Principle of Easiest Penetration

A principle that assumes an attacker will use any available means to exploit vulnerabilities and gain unauthorized access.

Prevention (Security)

Measures taken to prevent unauthorized access or damage to computer assets.

Detection (Security)

Measures taken to detect when an asset has been compromised, including the method and perpetrator.

Reaction (Security)

Measures taken to recover from a security breach and restore assets to their original state.

Confidentiality

Ensuring access to computer resources is restricted to authorized individuals or entities.

Integrity

Protecting the accuracy and reliability of data, ensuring it is modified only by authorized parties in authorized ways.

Availability

Ensuring authorized users can access resources without delay or interruption.

CIA Triad

The combination of Confidentiality, Integrity, and Availability, forming a foundational framework for securing information resources.

Subject (Security)

The person, process, or program that attempts to access a computer resource.

Data Integrity

A state where data is complete, accurate, and consistent, ensuring its reliability and trustworthiness.

Authorized Modifications

Modifying data in ways that are permitted and controlled, ensuring that changes are authorized and tracked.

Separation and Protection of Resources

Safeguarding resources, such as data and systems, to prevent unauthorized access or manipulation.

Error Detection and Correction

Mechanisms for identifying and correcting errors in data, maintaining its accuracy and reliability.

Denial of Service (DoS)

Preventing unauthorized access to data and resources, ensuring that only authorized users can interact with them.

Authentication

The process of verifying a user's identity, confirming that they are who they claim to be.

Authorization

Determining what actions a user is allowed to perform based on their identity and assigned permissions.

AAA (Authentication, Authorization, Accounting)

A framework comprising Authentication, Authorization, and Accounting, aiming to manage user access, enforce policies, and monitor resource consumption.

CIA (Confidentiality, Integrity, Availability)

The principles that underpin secure information systems, focusing on Confidentiality, Integrity, and Availability.

Study Notes

Chapter 1: Basic Security Concepts

• Computer security protects computer system assets (items with value).
• Assets include hardware, software, data, processes, storage media, and people.
• The principle of easiest penetration states that intruders will likely use readily available means.

Introduction

• Computer systems (hardware, software, and data) require security protection due to their value.
• Three classifications of protection are:
  • Prevention: measures to prevent damage.
  • Detection: measures to identify when and how assets are damaged.
  • Reaction: measures to recover from damage.

Example from Physical world

• Prevention: locks, walls, etc.
• Detection: burglar alarms, CCTV cameras.
• Reaction: contacting the police, replacing lost items.

Example from Cyber World: Credit Card Fraud

• Prevention: encryption, merchant verification before accepting credit cards; avoiding use of credit cards online.
• Detection: unauthorized transactions appearing on statements.
• Reaction: requesting new card numbers, recovering losses from fraudsters or issuers.

Security Goals - CIA Triad

• Confidentiality: assets are accessible only to authorized parties.
• Integrity: assets can only be modified by authorized parties in authorized ways.
• Availability: assets are accessible to authorized parties when needed.
• Security is achieved through a combination of these aspects, from the asset's perspective, not the user's.

Confidentiality

• Computer-related assets are accessed only by authorized parties.
• Access includes not only reading but also viewing, printing, and knowing the asset exists.
• A subject, object, access mode, and policy describe access to data items.

Integrity

• Assets can be modified only by authorized parties in authorized ways.
• Modification includes writing, changing status, deleting, and creating.
• Integrity means different things in different contexts.
• Examples of integrity include accuracy, precision, being unmodified, and being modified only by authorized entities and processes. Integrity should be internally consistent.

Integrity (continued)

• Integrity can mean two or more properties.
• Welke & Mayfield recognize three aspects:
  • Authorized actions
  • Separation and protection of resources.
  • Error detection and correction.

Availability

• Assets are accessible to authorized parties at appropriate times.
• Access should not be prevented from legitimate users.
• Availability is sometimes known as the opposite: denial of service (DoS).
• Availability applies to data and services.
• Definition of availability depends on capacity to meet service's needs.

Other Protection Requirements

• The AAA system manages user access while enforcing policies and privileges and measuring network resource use.
  • Authentication: verifying user identity
  • Authorization: determining user access permissions.
  • Accounting: tracking user activities and events.

Vulnerabilities and Threats

• A vulnerability is a weakness in a system's design or implementation that might be exploited to cause loss or harm.
  • Examples: unauthorized data manipulation due to a lack of user verification; hardware failures; inappropriate software protections
• A threat is a set of circumstances with the potential to cause loss or harm.
  • Understanding the difference between vulnerability (weakness) and threat (potential harm).
  • Example: rising water levels causing harm.

Computer Network Vulnerabilities

• Various network components are potential vulnerabilities, like hardware failures, unauthorized access, inadequate software protection, improper connections, cross-coupling, and misconfigured protective features.

Security Threats

• The CIA triad viewed from a different perspective, focusing on the nature and type of harm caused to assets, categorized into four acts:
  • Interruption: assets are unusable or destroyed (e.g., hard disk destruction, communication line cut).
  • Interception: unauthorized access to assets (e.g., wiretapping, illicit copying).
  • Modification: unauthorized tampering with assets (e.g., changing data file values, altering programs).
  • Fabrication: inserting counterfeit assets, damaging integrity (e.g., adding records to a file, inserting spurious messages).

Examples of Security

• Interruption (hard disk destruction, communication line cutting, disabling file management system).
• Interception (wiretapping, illicit copying of files or programs).
• Modification (changing data values, altering programs, modifying files).
• Fabrication (adding records to a file, inserting spurious network messages).

Description

Explore the foundational concepts of computer security in this quiz. Learn about asset protection, the principle of easiest penetration, and the three classifications of security measures: prevention, detection, and reaction. Test your understanding of these vital topics to safeguard computer systems.