Computer Security Introduction

Questions and Answers

What does computer security primarily protect?

• User privacy only
• Network speed and performance
• Software applications alone
• The assets of a computer system (correct)

Which of the following best defines a vulnerability in computer security?

• An attack method employed by hackers
• A collection of user credentials
• A specific type of software
• A weakness in the security system (correct)

In the context of computer security, which term describes a potential violation of security?

• Attack
• Control
• Countermeasure
• Threat (correct)

What is a countermeasure in computer security?

A protective measure against threats (B)

Which of the following is NOT an asset in computer security?

Malware (B)

What does the C-I-A Triad represent in computer security?

Confidentiality, Integrity, Availability (B)

Which statement best describes an attack in the context of computer security?

The act of exploiting a vulnerability (A)

Which of the following could be considered a unique and irreplaceable asset?

Class projects (A)

What do the three components Method, Opportunity, and Motive collectively refer to in the context of a malicious attack?

Factors that enable a malicious attack. (B)

Which type of threat involves an unauthorized party not only accessing but also tampering with an asset?

Modification (B)

What does confidentiality in computer security primarily ensure?

Assets are accessed only by authorized parties. (D)

In the context of asset security, what does an interruption signify?

An asset is lost, unavailable, or unusable. (B)

What is the role of 'motive' in the MOM framework for malicious attacks?

The reasoning behind performing the attack. (B)

Which of the following is NOT one of the three security goals addressed in computer security?

Authenticity (C)

Which of the following is a necessary condition for a successful malicious attack according to the MOM framework?

Availability of method, opportunity, and motive. (B)

What type of security control aims to address the integrity of systems?

Technical controls (D)

What are the three basic security primitives mentioned?

Confidentiality, integrity, and availability (B)

Which of the following is NOT considered a physical control?

Intrusion detection systems (B)

What role do policies and procedures play in security controls?

They enhance security by fostering user cooperation. (C)

How do vulnerabilities and threats interact in a security context?

Vulnerabilities create opportunities for threats to exploit. (A)

What must be understood for effective cooperation with security requirements?

The necessity of security in specific situations (D)

Which of the following describes VirusTotal's main function?

It inspects items using over 70 antivirus scanners. (C)

Which of the following best captures the relationship between different attackers and their capabilities?

Attackers vary in capabilities and motivations, leading to different threats. (A)

Which security control is most beneficial for mitigating the risk of physical theft?

Locks and cables (A)

What is the primary purpose of a control in the context of threats and vulnerabilities?

To remove or reduce a vulnerability (C)

Which of the following correctly describes the relationship among threats, controls, and vulnerabilities?

Without understanding threats, controls cannot be devised. (A)

What does the term nonrepudiation refer to?

Proving the authenticity of a document or communication. (C)

Which of the following factors defines the 'Access Control Policy'?

Who + What + How = Yes/No (D)

What type of threats are classified as having benign intent?

Unintentional actions like human error (A)

Which of the following best describes an Advanced Persistent Threat (APT)?

A well-organized and directed threat with patience and funding (D)

Which type of harm involves unauthorized access to an asset?

Interception (C)

In the context of types of attackers, which description fits a 'criminal-for-hire'?

A hacker performing attacks for monetary gain (D)

What does integrity in security refer to?

Modification of assets only by authorized parties (B)

Which of the following describes the goal of recovery in security?

Stopping the attack and repairing the damage (D)

Which of the following represents the relationship between confidentiality, integrity, and availability?

They can overlap and be mutually exclusive. (B)

What is an example of a deterrence control?

Legal consequences for unauthorized access (C)

What role do trust and assumptions play in security?

They underlie all aspects of security. (D)

What is a characteristic of deflection controls?

Redirecting threats to less critical parts of the system (D)

Which option best defines availability in a security context?

Making sure assets can be accessed at appropriate times (C)

What is the primary focus of preventive measures in security?

Stopping attacks before they occur (D)

What term refers to data in their normal, unscrambled state?

Cleartext (D)

What is one potential disadvantage of weak encryption?

It can degrade the performance of the entire system. (B)

Which type of control includes parts of the program that enforce security restrictions?

Internal program controls (D)

Which method ensures that user access is restricted from one another in a network?

Operating system controls (C)

What is an example of an independent control program?

Antivirus software (B)

What aspect does encryption primarily address?

Confidentiality of data (D)

Which statement is true regarding the use of encryption?

It should be complemented by other security tools. (D)

What is a potential result of not using encryption properly?

It may create vulnerabilities in the system. (A)

Flashcards

Computer Security

Protecting computer system assets (hardware, software, data).

Assets

The valuable parts of a computer system: hardware, software, and data.

Vulnerability

A weakness in a system that can be exploited.

Threat

A potential danger to a computer system.

Attack

An attempt to exploit a vulnerability.

Control/Countermeasure

A protective measure against threats.

C-I-A Triad

Confidentiality, Integrity, and Availability - core security principles.

Control

An action, device, procedure, or technique that removes or reduces a vulnerability.

Threat-Vulnerability Relationship

A threat is blocked by a control of a vulnerability. Knowing possible threats is key to creating good controls.

C-I-A Triad

Confidentiality, Integrity, Availability. A key security concept.

Authentication

Proving something is genuine. A security process.

Nonrepudiation

Assurance that someone can't deny something. A security property.

Access Control

Policy of who, what, and how to determine access (yes or no).

Types of Threats

Natural causes, human causes (benign or malicious and random or directed).

APT (Advanced Persistent Threat)

Organized, directed, well-financed, patient, silent threats.

Types of Attackers

Terrorist, criminal, hacker, individual, loosely connected group, or organized crime.

Types of Harm

Interception, interruption, modification, fabrication.

Threat Interception

Unauthorized party gains access to an asset.

Encryption

Transforming data into an unreadable format (ciphertext) to protect confidentiality and integrity.

Plaintext

Original, readable data.

Ciphertext

Encrypted data.

Software Controls

Security features within programs for access restrictions.

Internal Program Control

Security components within a program, limiting access.

Operating System Controls

Security restrictions enforced by the operating system.

Hardware Controls

Security implemented through special hardware.

Independent Control Programs

Applications like password checkers and virus scans.

Interruption Threat

An asset of the system is lost, unavailable, or unusable.

Modification Threat

Unauthorized access and tampering (forging) of an asset.

Fabrication Threat

Creating counterfeit objects on a system (fake data).

Method (MOM)

Skills, knowledge, tools, and other means needed for an attack.

Opportunity (MOM)

Time and access required to execute an attack.

Motive (MOM)

Reason for an attacker to target a system.

Confidentiality

Ensuring only authorized users access computer assets.

Integrity

Ensuring computer data is accurate and unaltered.

Availability

Ensuring computer systems and data are accessible when needed.

CIA Triad

The three core goals of computer security: Confidentiality, Integrity, and Availability.

Security Controls

Measures used to protect a system from threats and vulnerabilities.

Hardware Controls

Security measures implemented using physical components, e.g., encryption hardware.

Software Controls

Security measures using computer programs, such as firewalls and intrusion detection systems.

Policy and Procedure Controls

Security measures based on agreed-upon rules and guidelines, not hardware/software, e.g., password changes.

Physical Controls

Security measures implemented physically, like locks or security guards.

C-I-A Triad

Confidentiality, Integrity, and Availability; core principles of security.

Vulnerabilities

Weaknesses in a system that can be exploited by threats.

Threats

Potential dangers that could exploit vulnerabilities.

User Awareness

Understanding the need for security measures among users; crucial for cooperation.

Confidentiality

Ensuring that assets are accessible only to authorized parties.

Integrity

Guaranteeing that assets can be modified only by authorized parties or in authorized ways.

Availability

Ensuring that assets are accessible to authorized parties at the correct times.

Security Goals

Prevention, Detection, and Recovery of security breaches.

Security Prevention

Techniques to stop security breaches before they happen.

Security Detection

Techniques to discover security breaches after they start.

Security Recovery

Techniques to restore systems and data after a security breach.

Security Trust

The foundation of all security.

Security Policies

Define and describe the security rules and requirements of a system.

Security Mechanisms

Implement the security policies.

Deterrence Control

Discouraging attacks by making them less attractive.

Deflection Control

Redirecting attacks to less important systems.

Response Control

Actions taken after an attack to minimize damage and restore systems.

Study Notes

Computer Security Introduction

• Computer security protects a computer system's assets: hardware, software, and data.
• Chapter 1 objectives include defining computer security and basic terms, introducing the C-I-A Triad, access control terminology, basic threats, vulnerabilities, and attacks, and control mapping to threats.
• Assets include hardware (computers, devices, disk drives, memory, printers, network gear), software (operating system, utilities like antivirus, commercial applications, word processing, photo editing, individual applications), and data (documents, photos, music, videos, email, class projects).
• Hardware assets are easily replaceable; data assets are unique and irreplaceable.
• Basic terms include vulnerability (a weakness in the security system), threat (circumstances potentially causing loss or harm), attack (a human exploiting a vulnerability), and controls/countermeasures (actions, devices, procedures, techniques to reduce a vulnerability).
• Threats are blocked by controls on vulnerabilities. Knowledge of threats is key to control design.
• The C-I-A Triad includes confidentiality (ensuring access only by authorized parties), integrity (assets only changed by authorized parties), and availability (assets accessible to authorized parties).
• Access control defines who (subject) has what (object) access and how (mode).
• Types of threats include natural causes (fire, power failure), human causes (benign/malicious intent, human error, random/directed attacks, impersonation).
• Advanced Persistent Threats (APTs) are organized, directed, well-financed, patient, and silent.
• Types of attackers include hackers, individuals, terrorists, criminal-for-hire, loosely connected groups, and organized crime members.
• Types of harm include interception, interruption, modification, and fabrication.
• Interception is unauthorized access to an asset.
• Interruption is an asset becoming unavailable or lost.
• Modification is unauthorized tampering with an asset.
• Fabrication is creating counterfeit objects in a system.
• Method-Opportunity-Motive (MOM) describes attacker characteristics needed to conduct an attack.

Security Goals

• Prevention aims to stop attackers from violating security policies.
• Detection aims to identify attackers violating security policies.
• Recovery aims to stop attacks, evaluate damage, repair it, and ensure continued correct functioning.

Trust and Assumptions

• Trust underlies security policies, mechanisms, and procedures.
• Policies must unambiguously define system states and capture security requirements.
• Mechanisms must be assumed to enforce policies and work correctly.

Different Types of Controls

• Deterrence discourages attacks by increasing costs.
• Deflection redirects threats to less critical components.
• Response involves reacting after a detected attack to minimize damage, restore services, and analyze the attack.
• Prevention aims to stop attacks before they occur (e.g., firewalls, antivirus).

Controls Available

• Encryption renders data unreadable to unauthorized parties while maintaining integrity.
• Weak encryption can be detrimental.
• Software/program controls include security restrictions within programs, access limitations, operating system controls, and independent control programs.
• Hardware controls include encryption devices, locks, security verification devices, firewalls, and intrusion detection systems.
• Physical controls include locks, entry point guards, backups, and disaster preparedness planning.

Effectiveness of Controls

• Awareness of problems is necessary; people must understand why security is required.

Summary

• Vulnerabilities are weaknesses; threats exploit vulnerabilities, and controls help prevent such exploitation.
• Confidentiality, integrity, availability are core security principles.
• Attacker types depend on their capabilities and motivations.
• Controls vary, have different functions, and can exist at different levels/points within the system.