Computer Security Chapter 1

Questions and Answers

What is the primary focus of computer security?

• To enhance user experience in software applications.
• To protect the assets of a computer or computer system. (correct)
• To maximize profits from computer systems.
• To increase the speed of computer operations.

Which classification does not belong among the measures to protect computer assets?

• Detection
• Obsolescence (correct)
• Prevention
• Reaction

What is an example of a preventive measure in the physical world?

• Noticing that an item is missing.
• Installing a surveillance camera.
• Using locks on doors and window bars. (correct)
• Calling the police after a theft.

In the case of credit card fraud, what is a detection measure?

Regularly checking credit card statements. (B)

Which of the following statements about reaction measures in cyber security is true?

You can ask for a new credit card number if fraud occurs. (B)

What is a vulnerability in a computing system?

A weakness in the system that may be exploited (C)

Which statement best describes a threat to a computing system?

Circumstances that have the potential to cause loss or harm (C)

How can the risk associated with a vulnerability be controlled?

By blocking threats through control mechanisms (D)

In the example of the man and the rising water, what does the water represent?

A threat posing risk to the man (B)

What is the relationship between a vulnerability and a threat?

A threat exploits vulnerabilities to cause harm (B)

What is the primary focus of Confidentiality in the CIA Triad?

Allowing only authorized parties to access assets (D)

What encompasses the authorization in the context of asset access?

The permission for a person, process, or program to access an object (A)

In the CIA Triad, what does Integrity refer to?

Modification of assets allowed only by authorized parties (D)

Which of the following is an example of access modes defined under Confidentiality?

Printing a document (B)

What role do subjects play in the context of the CIA Triad?

They access data items (B)

What does Availability ensure in the context of the CIA Triad?

Authorized users can access assets without delays when needed (D)

Which statement best encapsulates the concept of Integrity?

Only authorized parties can change data in specific ways (D)

What does preserving the integrity of an item imply?

The item is only modified by authorized people (A), The item is precise and accurate (C)

Which aspect of integrity involves managing changes to resources?

Authorized actions (D)

What does availability refer to in the context of assets?

Assets being accessible to authorized parties at appropriate times (C)

In what context is the term 'denial of service' used?

Availability of data and services (C)

Which of the following is NOT a component of the AAA framework?

Access Control (D)

What is the primary purpose of authentication within the AAA framework?

To identify who the user is (B)

What should happen to resources in order to ensure proper protection?

They should be separated and protected (C)

Which property does NOT directly relate to the concept of integrity?

The item is always present in perfect form (A)

Which of the following statements about error detection is accurate?

It helps protect the integrity of resources (A)

What defines the usability of assets in terms of availability?

They must meet service's needs effectively (A)

Computer security is the protection of assets of a computer system.

True (A)

There are five classifications of protection in computer security.

False (B)

Detection measures can help identify when an asset has been damaged.

True (A)

In the case of credit card fraud, reaction measures do not include asking for a new credit card number.

False (B)

Prevention measures in computer security can include using encryption.

True (A)

Confidentiality ensures that assets are accessible to any party.

False (B)

Integrity allows assets to be modified by any party without restrictions.

False (B)

Availability guarantees that assets are accessible to authorized parties when needed.

True (A)

The CIA Triad consists of Confidentiality, Integrity, and Authenticity.

False (B)

In the context of asset access, an access mode can include read, write, or execute.

True (A)

Modification of assets under Integrity includes actions like deleting and creating.

True (A)

Access to assets can be granted to anyone based on personal preference.

False (B)

A vulnerability in a system is a strength that prevents exploitation.

False (B)

A threat to a computing system is a set of circumstances that has the potential to cause loss or harm.

True (A)

Manipulating user identities can help secure a system against threats.

True (A)

The water in the example represents security threats.

True (A)

Controlling a vulnerability helps block a threat.

True (A)

Integrity means the item is unmodified.

True (A)

Availability refers to unauthorized access to assets.

False (B)

Error detection and correction are important aspects of integrity.

True (A)

Denial of service (DoS) is an aspect of integrity.

False (B)

The AAA framework includes authentication, authorization, and assurance.

False (B)

Integrity can involve modification only by authorized people.

True (A)

Availability requires that data is present in an unusable form.

False (B)

The integrity of an item can be characterized by its meaningfulness.

True (A)

Separation and protection of resources are part of the integrity aspects.

True (A)

Assets must be inaccessible to authorized parties during a denial of service.

True (A)

Flashcards

What is computer security?

The act of protecting assets, which include hardware, software, data, processes, storage media, and people, from unauthorized access, use, disclosure, disruption, modification, or destruction.

Principle of Easiest Penetration

A principle that assumes an intruder will exploit any available weakness or vulnerability to gain access to a system.

Prevention (Security)

Measures taken to stop an attack or security breach from happening in the first place.

Detection (Security)

Measures taken to detect when a security breach has occurred, how it happened, and who was responsible.

Reaction (Security)

Measures taken to recover from a security breach, such as restoring lost data or fixing damaged systems.

Confidentiality

Ensuring that only authorized individuals or systems can access sensitive information.

Integrity

Preventing unauthorized modification of data or systems.

Availability

Guaranteeing that authorized users or systems have access to resources when needed, without delays.

CIA Triad

A combination of confidentiality, integrity, and availability.

Subject

The person, process, or program that attempts to access a data item.

Object

The data item being accessed (e.g., a file, folder, database record).

Access Mode

The specific way in which a subject can access an object (e.g., read, write, execute).

Vulnerability

A weakness in a system, such as a design flaw or a lack of security measures, that can be exploited by attackers to cause harm.

Threat

Any potential event or situation that could cause harm to a system or its data.

Risk

The potential for loss or harm caused by a threat exploiting a vulnerability.

Security Controls

Actions taken to prevent threats from exploiting vulnerabilities.

Data Integrity

The quality of information being unmodified or changed only in allowed ways, ensuring accuracy and consistency. It includes aspects like user authorization, resource protection, and error detection.

Data Availability

The ability of authorized parties to access resources, such as data or services, at appropriate times. It ensures availability and prevents denial of service attacks.

Data Authorization

Ensuring data is only accessed by authorized individuals. This involves verifying user identity and granting specific permissions based on their roles.

Data Separation and Protection

Protecting data and resources from unauthorized access, modification, or destruction. This may involve physical security measures, encryption, and access control.

Error Detection and Correction

Mechanisms to detect and correct errors in data. This can include checksums, data validation, and error recovery procedures.

Authentication

A process of verifying the identity of a user or device accessing a system. It ensures that the person or entity accessing the system is legitimate.

Authorization

A process defining what actions a user is allowed to perform after successful authentication. It restricts access to specific resources and functions based on user roles and permissions.

AAA System

A framework for managing user access, enforcing policies, and controlling resource consumption. It ensures that only authorized users have access to the resources they need.

Denial of Service (DoS)

The opposite of availability, where access to critical resources is intentionally blocked, preventing users from using services or data.

Computer Security

Preserving the value of your computer system (hardware, software, data) through prevention, detection, and recovery methods.

Prevention

Measures taken to stop an attack before it happens, like locks on doors.

Detection

Methods to notice a security breach, like a burglar alarm going off.

Reaction

Actions taken to recover from a security breach, like calling the police after a break-in.

Integrity (Data Security)

Ensuring only authorized users can access sensitive information and preventing unauthorized changes to data.

Availability (Data Security)

The ability of authorized users to access data and systems when needed without delay.

Study Notes

Chapter 1: Basic Security Concepts

• Computer security protects computer system assets.
• Assets include hardware, software, data, processes, storage media, and people.
• The "Principle of Easiest Penetration" suggests intruders will use readily available methods.
• Security protection has three classifications:
  • Prevention: measures to stop damage.
  • Detection: identifying when and how assets are harmed.
  • Reaction: measures to recover from damage.

Example from the Physical World

• Prevention: Locks, walls prevent access to property.
• Detection: Noticing something missing triggers an alarm (CCTV, burglar alarm).
• Reaction: Calling the police or replacing stolen items.

Example from the Cyber World: Credit Card Fraud

• Prevention: Encryption and merchant checks before processing credit card orders or not using credit card numbers online.
• Detection: Unauthorized transactions appearing on statements.
• Reaction: Requesting new cards, recovering costs from the fraudster.

Security Goals - CIA Triad

• Confidentiality: Assets accessible only to authorized parties.
• Integrity: Assets modified only by authorized parties.
• Availability: Authorized parties access needed assets without delay.
• Security is achieved through combining the CIA principles from an asset perspective, not a user perspective.

Confidentiality

• Computer assets are accessible only to authorized parties.
• Access includes viewing, printing, and knowing the existence of the asset.
• A subject is a person/process/program.
• An object is a data item.
• An access mode is the type of access (read, write, execute).
• A policy describes how access is controlled.

Integrity

• Assets can only be modified by authorized parties.
• Modification includes writing, changing status, deleting, creating.
• Integrity can mean various things in different contexts:
  • Accurate
  • Precise
  • Unmodified
  • Modified only in acceptable ways
  • Modified only by authorized people
  • Modified only by authorized processes
  • Consistent
  • Internally consistent
  • Meaningful and usable
• Specific aspects of integrity: authorized actions, separation, protection of resources, and error detection/correction.

Availability

• Assets are accessible to authorized parties at appropriate times.
• Denial of service (DoS), preventing access from authorized users, is an availability threat.
• Availability concerns both data and services.
• Factors affecting availability include capacity and service needs.

Other Protection Requirements (AAA)

• A three-process framework manages user access, enforces policies, and monitors network resource consumption.
• Authentication: Verifying user identity.
• Authorization: Determining user access permissions.
• Accounting: Tracking user activities and resource consumption.

Vulnerabilities and Threats

• A vulnerability is a weakness in a system's design or implementation.
• A threat is a circumstance that has the potential to cause harm or loss.

Computer Network Vulnerabilities

• Various hardware, software, and network vulnerabilities contribute to potential security threats. Examples include radiation, taps, cross-talk, communication lines, improper connections, and unauthorized access.

Security Threats (Interception, Interruption, Modification, Fabrication)

• Interruption: System unavailable or unusable.
• Interception: Unauthorized access to an asset.
• Modification: Tampering with an asset.
• Fabrication: Introducing counterfeit objects into a system.

Examples of Security Threats (Interruption, Interception, Modification, Fabrication)

• Interruption: Destroying hardware components such as a hard drive, cutting communication lines, and disabling file management systems.
• Interception: Wiretapping, illegally copying files.
• Modification: Altering data files, changing program behavior, modifying files.
• Fabrication: Adding records to files, inserting spurious messages into networks.