Computer Security Fundamentals

Questions and Answers

What is the primary goal of Access Control?

To encrypt data in transit

To detect and prevent intrusions

To configure firewall rules

To restrict access to authorized users (correct)

What type of Access Control grants access based on user identity and permissions?

Mandatory Access Control (MAC)

Role-Based Access Control (RBAC)

Bell-LaPadula Model

Discretionary Access Control (DAC) (correct)

What is the primary focus of the Biba Model?

Availability

Confidentiality

Authentication

Integrity (correct)

What is the first step in the Vulnerability Management Process?

Vulnerability Identification

What is the purpose of Vulnerability Remediation?

To implement patches, updates, or other fixes

What is the primary goal of Vulnerability Management?

To identify and remediate vulnerabilities

What is the main purpose of a Network-Based IDS?

To monitor network traffic for signs of unauthorized access or malicious activity

What type of encryption uses a pair of keys, one for encryption and another for decryption?

Asymmetric Encryption

What is the main goal of a Default Deny Policy in firewall configuration?

To block all incoming traffic by default

What is the purpose of a vulnerability scanning tool?

To scan networks for open ports, services, and potential vulnerabilities

What is the main difference between Signature-Based Detection and Anomaly-Based Detection?

Signature-Based Detection identifies known attack patterns, while Anomaly-Based Detection identifies unusual behavior

What is the main purpose of a Host-Based Firewall?

To filter traffic based on application and system-level rules

Study Notes

Access Control

• Definition: Restricting access to computer resources to authorized users, limiting the potential damage from unauthorized access or malicious behavior.
• Types of Access Control:
  • Discretionary Access Control (DAC): Access is granted based on user identity and permissions.
  • Mandatory Access Control (MAC): Access is granted based on a set of rules that are applied to all users.
  • Role-Based Access Control (RBAC): Access is granted based on a user's role within an organization.
• Access Control Models:
  • Bell-LaPadula Model: Focuses on confidentiality and ensures that sensitive information is not accessed by unauthorized users.
  • Biba Model: Focuses on integrity and ensures that data is not modified without authorization.

Vulnerability Management

• Definition: The process of identifying, classifying, prioritizing, and remediating vulnerabilities in an organization's systems and applications.
• Vulnerability Management Process:
  1. Vulnerability Identification: Identifying potential vulnerabilities through scanning, penetration testing, and code reviews.
  2. Vulnerability Classification: Classifying vulnerabilities based on their severity and potential impact.
  3. Vulnerability Prioritization: Prioritizing vulnerabilities based on their severity and potential impact.
  4. Vulnerability Remediation: Implementing patches, updates, or other fixes to remediate vulnerabilities.
• Vulnerability Scanning Tools:
  • Network Vulnerability Scanners: Scan networks for open ports, services, and potential vulnerabilities.
  • Web Application Scanners: Scan web applications for vulnerabilities such as SQL injection and cross-site scripting.

Intrusion Detection

• Definition: The process of monitoring network traffic and system logs to identify potential security threats.
• Intrusion Detection Systems (IDS):
  • Network-Based IDS (NIDS): Monitors network traffic for signs of unauthorized access or malicious activity.
  • Host-Based IDS (HIDS): Monitors system logs and files for signs of unauthorized access or malicious activity.
• Intrusion Detection Techniques:
  • Signature-Based Detection: Identifies known attack patterns using signatures.
  • Anomaly-Based Detection: Identifies unusual behavior that may indicate a security threat.

Firewall Configuration

• Definition: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
• Firewall Types:
  • Network-Based Firewalls: Filter traffic based on source and destination IP addresses, ports, and protocols.
  • Host-Based Firewalls: Filter traffic based on application and system-level rules.
• Firewall Configuration:
  • Default Deny Policy: Blocks all incoming traffic by default, only allowing traffic that is explicitly permitted.
  • Rule-Based Configuration: Configures firewall rules based on specific ports, protocols, and IP addresses.

Encryption

• Definition: The process of converting plaintext data into unreadable ciphertext to protect it from unauthorized access.
• Encryption Types:
  • Symmetric Encryption: Uses the same key for encryption and decryption.
  • Asymmetric Encryption: Uses a pair of keys, one for encryption and another for decryption.
• Encryption Algorithms:
  • AES (Advanced Encryption Standard): A widely used symmetric encryption algorithm.
  • RSA (Rivest-Shamir-Adleman): A widely used asymmetric encryption algorithm.

Description

Test your knowledge of computer security concepts, including access control, vulnerability management, intrusion detection, firewall configuration, and encryption. Covering definitions, types, and techniques, this quiz is perfect for security professionals and enthusiasts alike.