InfoSec Lecture 4: Auditing and Accountability
10 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What are the three main components required for accountability?

identification, authentication, and access control

Which of the following are benefits of accountability? (Select all that apply)

  • Deterrence (correct)
  • Intrusion detection and prevention (correct)
  • Nonrepudiation (correct)
  • Admissibility of records (correct)

    • Auditing is a primary way to ensure accountability.

    True

    _______ gives us a history of the activities that have taken place in the environment being logged.

    <p>Logging</p> Signup and view all the answers

    Match the following auditing examples with their description:

    <p>Passwords = Commonly audited item related to construction and usage policies. Software licensing = Audit topic ensuring appropriate software licenses on organizational systems.</p> Signup and view all the answers

    What does encryption refer to in the context of cryptography?

    <p>Conversion of unencrypted data into encrypted form</p> Signup and view all the answers

    Digital signatures ensure non-repudiation, meaning a user can deny sending a message.

    <p>False</p> Signup and view all the answers

    What is the main purpose of certificates in cryptography?

    <p>link a public key to a particular individual</p> Signup and view all the answers

    Hash functions create a largely unique and fixed-length _____ value.

    <p>hash</p> Signup and view all the answers

    Match the cryptography technique with its description:

    <p>Symmetric key encryption = Same key used for encryption and decryption Asymmetric cryptography = Involves the use of two keys: public and private Hash functions = Create unique and fixed-length hash values</p> Signup and view all the answers

    Study Notes

    Introduction to Auditing and Accountability

    • After identification, authentication, and authorization, tracking activities and ensuring adherence to rules and policies is essential for security.

    Accountability

    • Accountability depends on identification, authentication, and access control being in place to know who performed a transaction and what permissions were used.
    • Accountability is achieved through monitoring and logging to determine details of a situation.

    Security Benefits of Accountability

    Nonrepudiation: sufficient evidence to prevent individuals from denying actions or statements, achieved through system or network logs, digital forensic examination, and encryption technologies.

    Deterrence: accountability can deter individuals from misbehavior if they know they will be held accountable for their actions.

    Intrusion detection and prevention: logging and monitoring detect and prevent intrusions, divided into IDS (intrusion detection systems) and IPS (intrusion prevention systems).

    Admissibility of records: regulated and consistent tracking systems ensure records are accepted in legal settings.

    How We Accomplish Accountability

    • Ensuring accountability by laying out rules and ensuring they are followed, and taking further steps to ensure adherence.

    Auditing

    • Auditing ensures accountability through technical means, providing accurate records of who did what and when.
    • Examples of what we audit: passwords, software licensing, and other items.

    Reason for Auditing

    • Auditing provides data to implement accountability, assess activities over time, and facilitate accountability on a large scale.
    • Auditing is necessary for larger organizations and may be compelled by contractual or regulatory requirements.

    Logging

    • Logging gives a history of activities in the environment, necessary for audits and investigations.
    • Logging is a reactive tool, allowing us to view what happened after it has taken place.

    Where is Logging Used

    • Logging mechanisms are configurable and can be set up to log various events, from critical events to every action carried out by the system or software.

    Accessibility of Logging

    • Logs are generally only available to system administrators for review and are not modifiable by users.
    • Collecting logs without reviewing them is futile, and administrators should schedule regular reviews to catch unusual events.

    Introduction to Cryptography

    • Cryptography is the chief security measure that allows us to make use of technologies.
    • It is an integral part of computing, networking, and transactions that take place over devices.
    • Cryptography is used in daily activities such as conversations on cell phones, checking email, online shopping, and filing taxes.

    Encryption and Decryption

    • Encryption is the transformation of unencrypted data (plaintext) into encrypted form (ciphertext).
    • Decryption is the process of recovering the plaintext message from the ciphertext.
    • Cryptanalysis is the science of breaking through the encryption used to create the ciphertext.
    • Cryptology is the overarching field of study that covers cryptography and cryptanalysis.

    Goals of Cryptography

    • Confidentiality: information is only read/known/learnt by authorized people.
    • Authenticity: process of confirming the correctness of the claimed identity.
    • Integrity: information should only be modified by authorized people.
    • Non-Repudiation: a user should not be able to deny sending a message.

    Symmetric Cryptography

    • Symmetric cryptography uses a single key for both encryption and decryption.
    • The key has to be private and shared between the sender and the receiver.
    • Symmetric key algorithms include:
      • DES (Data Encryption Standard)
      • 3DES (Triple DES)
      • AES (Advanced Encryption Standard)

    Asymmetric Cryptography

    • Asymmetric cryptography uses two keys: a public key and a private key.
    • The public key is used to encrypt messages and verify signatures.
    • The private key is used to decrypt messages and sign (create) signatures.
    • Asymmetric key algorithms include:
      • RSA (Rivest-Shamir-Adleman)

    Hash Functions

    • Hash functions create a fixed-length hash value from a message.
    • Any slight change to the message will change the hash.
    • Hash functions are used to verify the integrity of a message.
    • Examples of hash functions include: MD5, SHA-3, and RACE.

    Digital Signatures

    • Digital signatures are used to:
      • Enable detection of changes to the message contents.
      • Ensure that the message was legitimately sent by the expected party.
      • Prevent the sender from denying that he or she sent the message (nonrepudiation).
    • Digital signatures are generated by hashing the message and encrypting the hash with the sender's private key.

    Certificates

    • Certificates link a public key to a particular individual and are often used as a form of electronic identification.
    • Certificates are created by taking the public key and identifying information, such as a name and address, and having them signed by a Certificate Authority (CA).

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers the concepts of auditing and accountability in information security, based on the textbook 'The Basics of Information Security' by Jason Andress and referenced book 'Cryptography and Network Security' by William Stallings.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser