Computer Security Chapter 1

Questions and Answers

Which classification of protection involves taking measures to identify when and how an asset has been compromised?

Mitigation

Reaction

Prevention

Detection (correct)

In the context of computer security, what is primarily meant by the term 'asset'?

Physical components of a computer alone

Licenses that software has

Any item that holds value within a system (correct)

Technological innovations created

Which of the following scenarios best represents the 'prevention' classification of protection?

Reporting fraud to the police after it's discovered

Using a burglar alarm after a break-in

Identifying the thief through CCTV footage

Enforcing encryption when making an online purchase (correct)

What is an example of a 'reaction' in cyber security when faced with credit card fraud?

Requesting a new credit card number after discovering fraud

How does the 'principle of easiest penetration' relate to security measures?

It indicates that intruders will exploit the path of least resistance.

Which statement best captures the essence of confidentiality in computing systems?

Only authorized parties can access information related to the existence of assets.

What does integrity refer to in the context of computer assets?

Assets can only be modified by authorized parties in authorized ways.

In discussing the CIA triad, what does the term 'availability' imply?

Assets must be accessible to authorized parties without unnecessary delays.

Which term is not directly related to the concept of confidentiality?

Data modification

What best describes a 'subject' in the context of access control?

A person, process, or program authorized to interact with data.

What does the term 'integrity' imply when referring to an item?

The item is precise and accurate.

Which of the following is not a recognized aspect of integrity according to Welke & Mayfield?

Accessibility of all users

Which phrase best describes availability in the context provided?

Assets should be present in a usable form for authorized users.

In the context of availability, what does 'denial of service (DoS)' refer to?

Legitimate access to services is restricted.

What does authentication primarily determine in the AAA framework?

The identity of the user attempting access.

Which of the following statements best illustrates the concept of separation and protection of resources?

Critical assets are isolated from general access to prevent breaches.

Which feature is critical for detecting and correcting errors as mentioned?

Implementing mechanisms that identify and rectify mistakes.

How is the definition of availability appears to depend on the presented context?

It is contingent upon having sufficient capacity to meet demand.

What is the relationship between authorization and availability?

Authorization limits user access to data and services.

Computer security includes the protection of assets that have no value.

False

The principle of easiest penetration states that intruders will often use the most complex methods available to breach security.

False

In the context of computer security, 'prevention' includes taking measures that allow assets to be damaged.

False

Detection measures in computer security aim to identify unauthorized transactions after they occur.

True

The 'reaction' classification of protection does not include financial recovery from damages.

False

Confidentiality ensures assets are accessible to all parties without restriction.

False

Integrity can be defined uniformly across all contexts in computing.

False

Access modes include actions such as viewing, printing, and executing assets.

True

Availability describes the ability to modify assets at any time by any user.

False

The CIA triad only considers the perspective of the user rather than the assets.

False

Integrity can be defined as allowing modifications by anyone without restrictions.

False

Separation and protection of resources is one of the aspects recognized by Welke & Mayfield regarding integrity.

True

In computing, availability means that assets are accessible to unauthorized parties at all times.

False

Error detection and correction is considered a vital component of the integrity framework.

True

The AAA framework primarily focuses on data retention when managing user access.

False

Availability is sometimes referred to as denial of access, particularly in the context of DoS attacks.

False

The definition of availability includes being present in a non-usable form.

False

Authorship of actions is a proposed aspect of integrity related to authorized processes.

True

The concept of integrity can involve multiple properties being satisfied at the same time.

True

The AAA system is primarily concerned with physical security rather than user access.

False

Study Notes

Chapter 1: Basic Security Concepts

• Computer security protects computer system assets (items with value).
• Assets include hardware, software, data, processes, storage media, and people.
• The principle of easiest penetration states that intruders will likely use readily available means.

Introduction

• Computer systems (hardware, software, and data) require security protection due to their value.
• Three classifications of protection are:
  • Prevention: measures to prevent damage.
  • Detection: measures to identify when and how assets are damaged.
  • Reaction: measures to recover from damage.

Example from Physical world

• Prevention: locks, walls, etc.
• Detection: burglar alarms, CCTV cameras.
• Reaction: contacting the police, replacing lost items.

Example from Cyber World: Credit Card Fraud

• Prevention: encryption, merchant verification before accepting credit cards; avoiding use of credit cards online.
• Detection: unauthorized transactions appearing on statements.
• Reaction: requesting new card numbers, recovering losses from fraudsters or issuers.

Security Goals - CIA Triad

• Confidentiality: assets are accessible only to authorized parties.
• Integrity: assets can only be modified by authorized parties in authorized ways.
• Availability: assets are accessible to authorized parties when needed.
• Security is achieved through a combination of these aspects, from the asset's perspective, not the user's.

Confidentiality

• Computer-related assets are accessed only by authorized parties.
• Access includes not only reading but also viewing, printing, and knowing the asset exists.
• A subject, object, access mode, and policy describe access to data items.

Integrity

• Assets can be modified only by authorized parties in authorized ways.
• Modification includes writing, changing status, deleting, and creating.
• Integrity means different things in different contexts.
• Examples of integrity include accuracy, precision, being unmodified, and being modified only by authorized entities and processes. Integrity should be internally consistent.

Integrity (continued)

• Integrity can mean two or more properties.
• Welke & Mayfield recognize three aspects:
  • Authorized actions
  • Separation and protection of resources.
  • Error detection and correction.

Availability

• Assets are accessible to authorized parties at appropriate times.
• Access should not be prevented from legitimate users.
• Availability is sometimes known as the opposite: denial of service (DoS).
• Availability applies to data and services.
• Definition of availability depends on capacity to meet service's needs.

Other Protection Requirements

• The AAA system manages user access while enforcing policies and privileges and measuring network resource use.
  • Authentication: verifying user identity
  • Authorization: determining user access permissions.
  • Accounting: tracking user activities and events.

Vulnerabilities and Threats

• A vulnerability is a weakness in a system's design or implementation that might be exploited to cause loss or harm.
  • Examples: unauthorized data manipulation due to a lack of user verification; hardware failures; inappropriate software protections
• A threat is a set of circumstances with the potential to cause loss or harm.
  • Understanding the difference between vulnerability (weakness) and threat (potential harm).
  • Example: rising water levels causing harm.

Computer Network Vulnerabilities

• Various network components are potential vulnerabilities, like hardware failures, unauthorized access, inadequate software protection, improper connections, cross-coupling, and misconfigured protective features.

Security Threats

• The CIA triad viewed from a different perspective, focusing on the nature and type of harm caused to assets, categorized into four acts:
  • Interruption: assets are unusable or destroyed (e.g., hard disk destruction, communication line cut).
  • Interception: unauthorized access to assets (e.g., wiretapping, illicit copying).
  • Modification: unauthorized tampering with assets (e.g., changing data file values, altering programs).
  • Fabrication: inserting counterfeit assets, damaging integrity (e.g., adding records to a file, inserting spurious messages).

Examples of Security

• Interruption (hard disk destruction, communication line cutting, disabling file management system).
• Interception (wiretapping, illicit copying of files or programs).
• Modification (changing data values, altering programs, modifying files).
• Fabrication (adding records to a file, inserting spurious network messages).

Description

Explore the foundational concepts of computer security in this quiz. Learn about asset protection, the principle of easiest penetration, and the three classifications of security measures: prevention, detection, and reaction. Test your understanding of these vital topics to safeguard computer systems.