Cybersecurity: CIA Triad

Questions and Answers

Which component of the CIA triad focuses on ensuring that data is accurate and reliable?

• Integrity (correct)
• Authentication
• Confidentiality
• Availability

In the context of cybersecurity, what does 'authentication' primarily aim to achieve?

• Verifying the identity of a user or process (correct)
• Guaranteeing data integrity
• Ensuring data is accessible to authorized users
• Protecting data from unauthorized disclosure

Which of the following scenarios primarily threatens the 'confidentiality' of data?

• A server outage preventing users from accessing their files
• A virus corrupting a database, leading to data loss
• A hacker gaining unauthorized access to sensitive customer records (correct)
• An employee accidentally deleting important financial documents

Encrypting an income tax return aims to protect which aspect of the CIA triad?

Confidentiality (A)

Origin integrity primarily refers to:

The source of the data (C)

What is the main goal of prevention mechanisms in maintaining data integrity?

To block unauthorized attempts to alter data (C)

Which of the following is an example of how availability is ensured in a system?

Implementing a fault-tolerant system that continues to operate despite hardware failures (B)

What is a denial-of-service attack designed to compromise?

Availability (C)

Disconnecting a computer from the Internet primarily increases confidentiality at the expense of:

Integrity and availability (A)

What is the purpose of 'identification' in the context of system access?

Professing an identity to the system (B)

In cybersecurity, what is a 'security policy'?

A statement of what is and is not allowed (D)

Which of the following best describes a 'security mechanism'?

A tool or method for enforcing a security policy (C)

What is a 'vulnerability' in the context of cybersecurity?

A weakness that can be exploited (A)

Which of the following describes a 'threat' in cybersecurity?

A set of circumstances that could cause harm (C)

What is the purpose of a 'control' in cybersecurity?

To remove or reduce a vulnerability (A)

What is the primary function of cryptography in cybersecurity?

To prevent unauthorized access or modification of data (C)

In cryptography, what is the process of converting ciphertext back into its original form called?

Decryption (D)

In symmetric encryption, which of the following is true?

The encryption and decryption keys are the same. (A)

In asymmetric encryption, how are the encryption and decryption keys related?

They come in pairs, where one key encrypts and the other decrypts. (B)

Which of the following is a key disadvantage of the Caesar cipher?

Its pattern is easily discernible. (B)

Physical security primarily aims to protect:

Personnel, hardware, software, and data from physical threats (A)

Which of these is a key element of physical security?

Access control (B)

What is the purpose of disaster recovery policies in physical security?

To quickly recover from disruptive events (D)

Which type of malware is designed to hold a computer system or its data captive until a ransom is paid?

Ransomware (A)

What is a 'rootkit' primarily used for?

Creating a backdoor for illegal access (B)

Which of these is a common symptom of a malware infection?

Unexplained network connection problems (D)

A denial-of-service (DoS) attack is characterized by:

Disrupting network services to make them unavailable (A)

What is the key difference between a DoS and a DDoS attack?

DoS attacks originate from a single source, while DDoS attacks come from multiple coordinated sources. (C)

What is the primary goal of SEO poisoning?

To increase traffic to malicious websites (A)

Flashcards

Confidentiality

Ensuring assets are accessed only by authorized parties, and sensitive information is protected from unauthorized access.

Integrity

Ensuring assets can be modified only by authorized parties or in authorized ways, maintaining accuracy and consistency.

Availability

Ensuring assets are accessible to authorized parties at appropriate times, with timely response and fault tolerance.

Identification

The process by which a subject professes an identity, initiating accountability.

Authentication

Verifying or testing that a claimed identity is valid, requiring corresponding information.

Security Policy

A statement of what is, and what is not, allowed in a system.

Security Mechanism

A method, tool, or procedure for enforcing a security policy.

Vulnerability

A weakness in a security system that might be exploited.

Threat

A set of circumstances that has the potential to cause loss or harm.

Control

An action, device, procedure, or technique that removes or reduces a vulnerability.

Encryption

The process of encoding a message so that its meaning is not obvious.

Decryption

The process of transforming an encrypted message back into its normal, original form.

Plaintext

The original form of a message.

Ciphertext

The encrypted form of a message.

Cryptosystem

A system for encryption and decryption.

DDoS

A denial of service from multiple, coordinated sources.

Worm

A self-replicating program that exploits network vulnerabilities to spread.

Rootkit

Modifying the operating system to create a backdoor for unauthorized access.

Botnet

A network of infected hosts controlled by attackers.

Zombie

Infected hosts in a botnet, controlled by handler systems.

Trojan Horse

A virus that carries out malicious operations under the guise of a desired operation.

Physical Security

The protection of personnel, hardware, software, networks, and data from physical harm.

Denial of Service (DoS)

A network, host, or application is sent an enormous quantity of data that it cannot handle.

Intrusion Detection System (IDS)

A device that monitors activity to identify malicious or suspicious events.

Firewall

Prevents undesirable network traffic from entering protected areas.

VPN

Network that allows a secure connection over a less secure network, using encryption.

SEO Poisoning

Increasing traffic to malicious websites and forcing them to rank higher.

Study Notes

Introduction to Cybersecurity

• This section covers confidentiality, integrity, availability, cryptography, physical security, firewalls, VPNs, wireless security, intrusion detection/prevention, computing device protection, and legal/ethical issues.

Confidentiality, Integrity, and Availability (CIA Triad)

• Known as the CIA triad.
• Considered the three most crucial components of security.
• Confidentiality ensures assets are accessed only by authorized parties and sensitive data is protected from unauthorized access.
• Defining and enforcing access levels is key, separating data into groups based on access and sensitivity.
• Implementing file permissions, access control lists, and encryption is important for data protection.
• User identification and authentication are required, needing a gatekeeper to verify user identities.
• Integrity ensures assets are modified only by authorized parties in authorized ways, maintaining their precision, accuracy, and consistency.
• Data integrity refers to the content of the information.
• Origin integrity refers to the source of the data.
• Integrity mechanisms include prevention and detection.
• Prevention mechanisms maintain data integrity by blocking unauthorized change attempts; authentication and access controls help.
• Detection mechanisms report when data integrity is compromised and analyze data to check the expected constraints still hold.
• Integrity includes correctness and trustworthiness, affected by data origin and current protection levels.
• Availability ensures assets are accessible to authorized parties at needed times.
• A data item, service, or system is available if there is a timely response to the request.
• Resources are allocated fairly, with fault tolerance to handle hardware/software faults, easy usability, and controlled concurrency.
• Denial of service attacks can block availability and can be difficult to detect and can be mistaken for atypical events.

Balancing Act

• Disconnecting from the Internet increases confidentiality but decreases availability and integrity (due to missed updates).
• Extensive data checks by different people increase integrity but can decrease confidentiality (more data exposure) and availability (due to data locks during verification).

Identification and Authentication

• Identification initiates accountability when a subject professes an identity.
• A subject must provide an identity to start authentication, authorization, and accountability.
• Authentication verifies a claimed identity is valid.
• Authentication requires information that corresponds exactly to the claimed identity.

Security Policy and Mechanism

• A security policy states what is allowed and disallowed.
• A security mechanism enforces a security policy (method, tool, or procedure).

Vulnerabilities, Threats, and Controls

• Vulnerability is a weakness in the security system exploitable to cause loss or harm.
• A threat is a set of circumstances with the potential to cause loss or harm.
• A control is an action, device, procedure, or technique that reduces a vulnerability; a threat can be blocked by a control.

Cryptography

• Cryptography is a strong tool against many security threats, making data unreadable and unmodifiable.
• Encryption encodes messages to obscure their meaning.
• Decryption transforms encrypted messages back to their original form.
• A cryptosystem handles encryption and decryption.
• Plaintext refers to the original message.
• Ciphertext refers to the encrypted message.
• Plaintext can be denoted as a sequence of characters: P=
• Ciphertext is written as: C =
• Transformations: C = E(P) and P = D(C), where C is ciphertext, E is encryption, P is plaintext, and D is decryption.
• A cryptosystem aims for P = D(E(P)) to protect messages while allowing proper receiver reading.
• The cryptosystem involves rules for encrypting plaintext and decrypting ciphertext.
• Encryption/decryption rules (algorithms) often use a key (K), written as C = E(K, P).
• A key selects a specific algorithm from a set (E).
• Keyed encryptions are harder to break than keyless systems.
• Some level of encryption is useful for algorithms to be widely available, while differing keys prevent breaches.
• Symmetric encryption uses the same keys for encryption and decryption (P = D(K, E(K, P))).
• Asymmetric encryption uses key pairs; a decryption key KD inverts the encryption of key KE (P = D(KD, E(KE, P))).

Caesar Cipher

• A type of cryptography, which involves each letter being translated to the letter a fixed number of places after it in the alphabet.
• Caesar used a shift of 3 (ci = E(pi) = pi + 3).
• Advantages: easy to memorize/implement.
• Disadvantage: pattern is obvious.
• Secure encryption shouldn't allow predicting the entire pattern from a small ciphertext piece.

Physical Security

• Physical security protects personnel, hardware, software, networks, and data from actions/events causing serious loss or damage.
• This includes protection from fire, flood, natural disasters, burglary, theft, vandalism, and terrorism.
• Security breaches can be carried out with brute force, requiring little technical knowledge.
• It has three components: access control, surveillance, and testing.
• Obstacles should be placed/physical sites hardened against accidents, attacks, and disasters.
• Examples include fencing, locks, access control cards, biometric systems, and fire suppression.
• Physical locations should be monitored by surveillance cameras and notification systems, such as intrusion detectors, heat sensors, and smoke detectors.
• Disaster recovery policies/procedures should be regularly tested to ensure safety and reduce recovery time from disruptive events.

Types of Malware

• Malware is used to steal data, bypass access controls, cause harm, or compromise a system.
• Spyware tracks user activity.
• Adware delivers ads, often with spyware.
• Bots automatically perform actions.
• Ransomware holds a computer/data captive until payment is made.
• Scareware persuades specific actions based on fear
• Rootkits modify OS to create backdoors for illegal access.
• Viruses attach to executable files.
• Trojan horses carry out malicious operations disguised as desired ones.
• Worms self-replicate by exploiting network vulnerabilities.
• Man-in-The-Middle/Mobile takes control of devices without user knowledge.

Symptoms of Malware

• Increased CPU usage
• Decreased computer or browsing speed
• Frequent freezing/crashing
• Unexplained network issues or modified files
• Unknown files, programs, desktop icons or running processes
• Programs turn off/reconfigure, and emails send without consent.

Denial of Service (DoS)

• A disruption of network services achieved through overwhelming traffic and maliciously formatted packets

Distributed Denial of Service (DDoS)

• Dos attacks from multiple, coordinated sources
• Botnets - networks of infected hosts
• Zombies - infected hosts controlled by handler systems

SEO Poisoning

• Techniques that improve a website's ranking by a search engine
• SEO poisoning increases traffic to malicious websites and forces malicious sites to rank higher

Firewalls

• Firewalls prevent undesirable traffic from entering protected areas of a network; usually installed between networks to control traffic and prevent unauthorized access.
• It can be implemented in software or hardware.
• Hardware firewalls are freestanding units and often perform Network Address Translation.

VPN (Virtual Private Network)

• A user requests a VPN session with the firewall and the user's client and the firewall negotiate a session encryption key.
• The firewall and the client key encrypt all traffic between the two.
• The network is restricted to those with special access by the VPN.

Intrusion Detection System (IDS)

• A device to identify malicious or suspicious events.
• Monitors users/system activity, audits system configuration for vulnerabilities, assess integrity of critical files, recognizes attack patterns and identifies abnormal activity through statistical analysis.
• Manages audit trails, highlights policy violations, corrects configuration errors, and operates traps for intruder information.

Protecting Computing Devices

• Advice includes keeping firewalls on, using up-to-date antivirus/antispyware and downloading software from official websites only.
• Manage the OS/browser, set security settings to medium or higher, keep them up-to-date, and install latest patches.
• Password protect data/devices. encrypt data, and only store necessary information.
• Use wireless networks safely by using a strong password, disable SSID (Service Set Identifier) broadcast, and use WPA3/WPA2
• VPN use for preventing eavesdropping, and be cautious on public Wi-Fi.
• Strong Password should consist of unique passwords for each online account. A Password manager is helpful to remember and keep track of the accounts. Do not use dictionary words in any language, do not use misspelling of the dictionary words, do not use computer names or account names. If possible use special characters such as ! @ # $ % ^ & * ( ).
• Use a password with 10 or more characters.

Two Factor Authentication

• Popular websites use two factor authentication
• Requires Username / password or PIN and a second token for access:
  • Physical object - credit card, ATM card, phone, or fob
  • Biometric scan - fingerprint, palm print, as well as facial or voice recognition

Deleting of Digital Data

• Tools such as Eraser and CCleaner are adequate to delete the data permanently
• Destroy the storage device to ensure that data is unrecoverable
• Delete the online versions

Legal, Ethical, and Professional Considerations

• Digital objects are subject to copyright.
• Bypassing antipiracy measures is a crime.
• Manufacturing/distributing devices that disable antipiracy or copy digital items is a crime (except for research/education
• Making backup copies against hardware/software failure or storing copies in an archive is acceptable.
• Searching may find vulnerabilities, but Cracking without consent may be a serious offense.
• Law not always deals the correct behaviour
• Ethic is an objectively defined standard of right and wrong. Ethical principles are not universal.
• Unuthorized access to computers is a crime, prints out have been used in court.