Cybersecurity: Types of Attacks
24 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Information security is the support structure that prevents unauthorized access, modification, destruction or disclosure of information during its creation, transmission, processing, maintenance or ______.

storage

Network Security is used for protecting data during their transmission from one computer to ______.

another

The main three objectives in any security plan are: Confidentiality, ______, Availability.

Integrity

Confidentiality requires that the information in the computer system only be accessible for reading by authorized ______.

<p>parties</p> Signup and view all the answers

Integrity requires that computer system assets (Hardware, Software, and Data) can be modified by authorized ______.

<p>parties</p> Signup and view all the answers

Good integrity includes the assurance that data leaving point A and arriving at point B arrives without ______.

<p>modification</p> Signup and view all the answers

An Attack: An action of malicious intruder that exploits vulnerabilities of the system to cause a threat to occur. Types of attacks: - ______ and Internal attacks

<p>External</p> Signup and view all the answers

External attacks come from outside the trusted network. If an attack occurs from any untrusted point, it can be categorized as an ______ based attack

<p>external</p> Signup and view all the answers

Internal attacks come from within the trusted network. If an attack occurs from within any trusted point, security categorizes it as an ______ attack

<p>internal</p> Signup and view all the answers

A structured attack is an attack that is carried out by an individual who has discernible characteristics. Those characteristics are means, determination, knowledge, funds, and time. The job of the information security specialist is to make the attacker’s job as difficult as possible and provide countermeasures to identity attacks and attackers before they complete their ______

<p>quest</p> Signup and view all the answers

An unstructured attack is one carried out by an individual who does not have sufficient knowledge and experience to carry out an attack. Because the Internet contains such a vast repository of hacker tools and utilities, a simple Google search will provide anyone with pre-built tools that can be executed with a simple click of the ______

<p>mouse</p> Signup and view all the answers

Structured attack: A structured attack is an attack that is carried out by an individual who has discernible characteristics. Those characteristics are means, determination, knowledge, funds, and ______

<p>time</p> Signup and view all the answers

A defense-in-depth security model uses multiple layers of defense so that, if one layer is compromised, it does not necessarily mean that the ______ will be able to access all the resources on your network.

<p>attacker</p> Signup and view all the answers

A defense-in-depth model increases an ______ risk of detection and reduces an attacker’s chance of success.

<p>attacker's</p> Signup and view all the answers

The base layers of the defense-in-depth model are: - Policies, procedures, and awareness layer. This foundational layer affects every other defense-in-depth layer. Components in this layer include security policies, security procedures, and security education programs for ______.

<p>users</p> Signup and view all the answers

Physical security layer. This layer wraps around the remaining five core layers. Components in this layer include security guards, ______, and monitoring devices.

<p>locks</p> Signup and view all the answers

Examples include: - Perimeter layer. Hardware or software firewalls, or both. - Internal network layer. Network segmentation, Internet Protocol security (IPSec), and network intrusion-detection systems ______.

<p>(NIDS)</p> Signup and view all the answers

A security strategy for an organization is most effective when data is protected by more than one layer of security. A defense-in-depth security model uses multiple layers of defense so that, if one layer is compromised, it does not necessarily mean that the attacker will be able to access all the ______ on your network.

<p>resources</p> Signup and view all the answers

Good integrity assures that point A and point B are indeed who they claim to be. Modification includes writing, changing, deleting, and creating. Availability requires that computer assets (Hardware, Software, and Data) are available to authorized parities. Availability is the attribute that ensures the reliable and timely access of resources to authorized individuals. A security professional needs to understand the meaning of security related words. These words are: vulnerability, threat, countermeasure, subject, ________.

<p>object</p> Signup and view all the answers

Object - An entity containing or receiving information; Access to an object usually implies access to the information that it contains. Subject - Generally a person, process, or device that causes information to flow among objects. Vulnerability - A point of weakness within a system that can be exploited by attackers to make a successful attack. Threat - Something that is a source of danger; that can be exploited or cause harm to a system. Countermeasure - Reducing the impact of an attack, detecting the occurrence of an attack, and/or assisting in the recovery from an attack. Achieving Security To achieve security we need the followings: Policy What to protect? Mechanism How to protect? Assurance How good is the protection?

<p>mechanism</p> Signup and view all the answers

Good integrity assures that point A and point B are indeed who they claim to be. Modification includes writing, changing, deleting, and creating. Availability requires that computer assets (Hardware, Software, and Data) are available to authorized parities. Availability is the attribute that ensures the reliable and timely access of resources to authorized individuals. A security professional needs to understand the meaning of security related words. These words are: vulnerability, threat, countermeasure, subject, ________.

<p>object</p> Signup and view all the answers

Object - An entity containing or receiving information; Access to an object usually implies access to the information that it contains. Subject - Generally a person, process, or device that causes information to flow among objects. Vulnerability - A point of weakness within a system that can be exploited by attackers to make a successful attack. Threat - Something that is a source of danger; that can be exploited or cause harm to a system. Countermeasure - Reducing the impact of an attack, detecting the occurrence of an attack, and/or assisting in the recovery from an attack. Achieving Security To achieve security we need the followings: Policy What to protect? Mechanism How to protect? Assurance How good is the protection?

<p>mechanism</p> Signup and view all the answers

Good integrity assures that point A and point B are indeed who they claim to be. Modification includes writing, changing, deleting, and creating. Availability requires that computer assets (Hardware, Software, and Data) are available to authorized parities. Availability is the attribute that ensures the reliable and timely access of resources to authorized individuals. A security professional needs to understand the meaning of security related words. These words are: vulnerability, threat, countermeasure, subject, ________.

<p>object</p> Signup and view all the answers

Object - An entity containing or receiving information; Access to an object usually implies access to the information that it contains. Subject - Generally a person, process, or device that causes information to flow among objects. Vulnerability - A point of weakness within a system that can be exploited by attackers to make a successful attack. Threat - Something that is a source of danger; that can be exploited or cause harm to a system. Countermeasure - Reducing the impact of an attack, detecting the occurrence of an attack, and/or assisting in the recovery from an attack. Achieving Security To achieve security we need the followings: Policy What to protect? Mechanism How to protect? Assurance How good is the protection?

<p>mechanism</p> Signup and view all the answers

Study Notes

Information Security

  • Security is the support structure that prevents unauthorized access, modification, destruction, or disclosure of information during its creation, transmission, processing, maintenance, or storage.

Security Types

  • Information Security: protects information and its elements, including systems, hardware that use, store, and transmit information.
  • Computer Security: protects data in the computer.
  • Network Security: protects data during transmission from one computer to another.

Security Objectives

  • The three main objectives in any security plan are: Confidentiality, Integrity, and Availability (CIA triad).

Confidentiality

  • Ensures that information in the computer system is only accessible for reading by authorized parties.
  • Includes printing, displaying, and other forms of disclosure.

Integrity

  • Ensures that computer system assets (Hardware, Software, and Data) can be modified by authorized parties.
  • Includes writing, changing, deleting, and creating.
  • Ensures data transmission without modification.

Availability

  • Ensures that computer assets (Hardware, Software, and Data) are available to authorized parties.
  • Ensures reliable and timely access of resources to authorized individuals.

Security Terminology

  • Object: an entity containing or receiving information; access to an object implies access to the information it contains.
  • Subject: a person, process, or device that causes information to flow among objects.
  • Vulnerability: a point of weakness within a system that can be exploited by attackers.
  • Threat: something that is a source of danger; can be exploited or cause harm to a system.
  • Countermeasure: reduces the impact of an attack, detects the occurrence of an attack, and/or assists in the recovery from an attack.

Achieving Security

  • Policy: determines what to protect.
  • Mechanism: determines how to protect.
  • Assurance: determines how good the protection is.

Attack

  • An action of a malicious intruder that exploits vulnerabilities of the system to cause a threat.
  • Types of attacks: External and Internal attacks, Structured and Unstructured attacks.

External and Internal Attacks

  • External Attacks: come from outside the trusted network.
  • Internal Attacks: come from within the trusted network.

Structured and Unstructured Attacks

  • Structured Attack: an attack carried out by an individual who has discernible characteristics (means, determination, knowledge, funds, and time).
  • Unstructured Attack: an attack carried out by an individual who lacks sufficient knowledge and experience.

Defense-in-Depth Model

  • A security strategy that uses multiple layers of defense to protect data.
  • Layers include: Policies, procedures, and awareness layer, Physical security layer, Perimeter layer, Internal network layer, and others.
  • Increases an attacker's risk of detection and reduces their chance of success.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Learn about different types of cyber attacks in the field of cybersecurity. Explore external attacks that originate outside the trusted network and internal attacks that come from within the trusted network.

Use Quizgecko on...
Browser
Browser