Introduction to Computer Security

Questions and Answers

What is defined as a weakness in a system that might be exploited to cause harm?

• Vulnerability (correct)
• Threat
• Security Policy
• Attack

Which of the following represents a potential danger that might exploit a vulnerability?

• Risk Assessment
• Security Policy
• Vulnerability
• Attack (correct)

What type of attack involves unauthorized access to information, compromising confidentiality?

• Fabrication
• Modification
• Disruption
• Interception (correct)

Which attack targets the integrity of information by tampering with it?

Modification (C)

What is meant by confidentiality in the context of information security?

Preserving authorized restrictions on information access and disclosure. (D)

What attack is characterized by inserting counterfeit objects into a system?

Fabrication (D)

Which of the following describes integrity in information security?

Protecting data from unauthorized modification or destruction. (B)

What is the outcome of an attack focused on the availability of an asset?

Asset becoming lost or unusable (D)

What does availability in the CIA Triad encompass?

Ensuring timely and reliable access to information. (C)

Which concept ensures that a party cannot deny the authenticity of their actions?

Non-repudiation (B)

Which of the following attacks would likely involve the unauthorized copying of files?

Interception (C)

What is a security mechanism?

A strategy designed to prevent, detect, or recover from security attacks. (B)

What type of threat can arise from natural disasters or human error?

Accidental Threat (B)

Which of the following best defines a security attack?

An assault on system security violating the security policy. (A)

Which of the following describes authorization in information security?

Defining what authenticated users are allowed to do. (A)

What is meant by the term 'security services'?

Functions needed to ensure security objectives like secrecy and identification. (C)

What was a significant outcome of the Colonial Pipeline ransomware attack in 2021?

Widespread disruption to fuel supply (C)

What was a key security flaw in the T-Mobile data breach of 2021?

Inadequate encryption practices (C)

How can better access controls help prevent vulnerabilities in supply chains?

By limiting unauthorized system access (D)

What impact does attacking critical infrastructure have on public safety?

It reduces the trust in emergency services (B)

What is a measure organizations should take to address vulnerabilities in widely used open-source software?

Regular system audits and vulnerability scans (B)

What is the main characteristic of a passive attack?

It learns information without affecting system resources. (B)

Which of the following is an example of an active attack?

Denial of service (C)

What distinguishes masquerade attacks from other active attacks?

They involve impersonating a different entity. (C)

Which of the following is a key goal of active attacks?

To detect attacks and recover from disruptions. (A)

What is one of the methods used in passive attacks?

Traffic analysis. (D)

Which of the following statements about active attacks is correct?

They modify the data stream or create false streams. (B)

In which attack scenario are legitimate messages altered to create an unauthorized effect?

Message modification (D)

How did the SolarWinds hack primarily occur?

Compromising a software update to a platform. (C)

What might be the result of an attack on the availability of an asset?

The result could be that the asset becomes lost, unavailable, or unusable.

How can interception be characterized in terms of security threats?

Interception involves unauthorized parties gaining access to information, compromising confidentiality.

Explain the concept of modification in the context of information security.

Modification occurs when an unauthorized party tampers with the asset, affecting its integrity.

What does fabrication refer to in security threats?

Fabrication refers to unauthorized parties inserting counterfeit objects into a system.

What type of threats can result from human errors and natural disasters?

These threats are known as accidental threats, as they arise unintentionally.

What is a primary attack goal in security terms?

A primary goal is to violate the security policy by exploiting vulnerabilities.

Describe what interruption means within security threats.

Interruption means that an asset becomes lost or unusable due to an attack.

How does security policy relate to vulnerability and threat?

A security policy defines the standards and measures to protect against vulnerabilities and threats.

What does the 'Availability' aspect of the CIA Triad ensure in information security?

Availability ensures timely and reliable access to and use of information and systems.

Briefly explain what is meant by 'Integrity' in the context of information security.

Integrity involves protecting information from unauthorized modification or destruction.

What is the primary purpose of authentication in cybersecurity?

The primary purpose of authentication is to verify the identity of a user.

Describe the concept of non-repudiation in information security.

Non-repudiation ensures that a party cannot deny the authenticity of their actions.

How do security mechanisms contribute to information security?

Security mechanisms are designed to prevent, detect, or recover from attacks.

What is the significance of protecting confidentiality in information security?

Confidentiality preserves authorized restrictions on information access and disclosure.

Explain the role of authorization in a secure information system.

Authorization defines what an authenticated user is allowed to do.

What types of security services are necessary for maintaining information security?

Necessary security services include identification, authorization, and secrecy.

What is the primary difference between passive and active attacks?

Passive attacks attempt to learn or utilize information without affecting system resources, while active attacks modify system resources or disrupt operations.

Name two specific types of passive attacks.

The release of message contents and traffic analysis.

What are the challenges associated with preventing active attacks?

Active attacks are difficult to prevent due to a wide variety of physical, software, and network vulnerabilities.

What is a masquerade attack?

A masquerade attack occurs when one entity pretends to be a different entity to gain unauthorized access or information.

How does a replay attack function?

In a replay attack, a data unit is passively captured and retransmitted to create an unauthorized effect.

Explain what a denial of service attack entails.

A denial of service attack prevents or inhibits the normal use or management of communication facilities.

What was the main vulnerability exploited in the SolarWinds Hack of 2020?

The main vulnerability was a compromised software update to the SolarWinds Orion platform.

What is the purpose of traffic analysis in passive attacks?

Traffic analysis seeks to glean information from patterns in data transmission without altering the information itself.

What vulnerabilities were exploited in the Colonial Pipeline ransomware attack, and how could they have been prevented with improved security measures?

The attack exploited vulnerabilities in network security and incident response protocols. Better controls like regular system updates and enhanced monitoring could have mitigated these risks.

In the T-Mobile data breach, what key security flaws allowed hackers to access personal information of millions?

Weak security measures, including insufficient encryption and lack of multi-factor authentication, were major flaws. These weaknesses left personal data vulnerable to unauthorized access.

How did the Log4j vulnerability demonstrate the risks associated with widely used open-source software?

The Log4j vulnerability exposed many systems to potential attacks due to its widespread adoption. It highlighted the need for rigorous security monitoring and vulnerability management in open-source projects.

What are effective strategies for preventing ransomware attacks on critical infrastructure?

Strategies include regular backups, employee training on phishing, and implementing strong network segmentation. These measures can reduce the impact of potential ransomware attacks.

How could better access controls and system monitoring have prevented vulnerabilities in the supply chain?

Better access controls could ensure that only authorized users have system access, while robust monitoring would quickly identify unusual activities. Together, these measures enhance overall security.

What are the main user threats that can compromise an organization's data security?

The main user threats include lack of awareness of security policies, poorly enforced policies, data theft, and unauthorized activities.

How can device vulnerabilities affect an organization's IT infrastructure?

Device vulnerabilities can lead to security breaches due to unprotected devices, outdated software, or unauthorized access through external media.

What is an Advanced Persistent Threat (APT), and how does it differ from other cyber attacks?

An APT is a continuous, targeted cyber attack that employs sophisticated methods and multiple actors to achieve its goals.

What role do backdoors and rootkits play in cybercriminal activities?

Backdoors allow unauthorized access by bypassing authentication mechanisms, while rootkits modify the operating system to maintain control over a compromised system.

What are the consequences of using devices with outdated software in a security context?

Using outdated software can expose vulnerabilities that cybercriminals exploit to gain unauthorized access or deploy malware.

Describe the potential threats posed by IoT devices within an organization.

IoT devices can introduce vulnerabilities due to inadequate security measures, making them targets for cyber attacks.

In what ways can poor enforcement of security policies lead to security breaches?

Poor enforcement may result in users ignoring security protocols, leading to unauthorized access and increased risk of data breaches.

Explain how malware can be introduced into an organization’s system through unauthorized USB drives.

Unauthorized USB drives can carry malware, which may be activated upon insertion into an organization's devices, allowing attackers to exploit weaknesses.

What is the main objective of social engineering attacks?

To manipulate individuals into divulging confidential information or performing specific actions.

How can organizations defend against social engineering techniques?

By promoting awareness of these tactics and educating employees on prevention measures.

What is shoulder surfing and how is it typically conducted?

Shoulder surfing involves observing someone’s actions to gain sensitive information like PINs or codes, often done from a close distance or using binoculars.

What is dumpster diving and what should be done with sensitive documents?

Dumpster diving is the act of searching through trash to find confidential information; sensitive documents should be shredded or properly destroyed.

What distinguishes impersonation from other forms of deception in cybercrime?

Impersonation involves pretending to be someone else to trick individuals into actions or disclosures they would not normally make.

What does the term 'quid pro quo' in social engineering refer to?

'Quid pro quo' refers to a tactic where a criminal requests personal information in exchange for a perceived benefit, like a gift.

Why is it important for employees to avoid disclosing information to unknown parties?

Disclosing information can lead to unauthorized access and security breaches within organizations.

What are the potential risks associated with hoaxes in cybersecurity?

Hoaxes can create panic and divert attention, potentially causing disruptions similar to actual security breaches.

What are the three main components of a computer virus?

The three main components of a computer virus are the infection mechanism, trigger, and payload.

How does a logic bomb work?

A logic bomb is a malicious program that remains inactive until a specific trigger event occurs, at which point it executes harmful code.

What is the primary function of ransomware?

Ransomware is designed to hold a computer system or its data captive until a payment is made.

In what way do worms differ from traditional viruses?

Worms replicate independently by exploiting vulnerabilities in networks, unlike viruses that attach themselves to files.

Describe the payload of a virus.

The payload of a virus is the action it performs once activated, which can be damaging or involve noticeable but nonthreatening activity.

What motivates cybercriminals to deploy malware like Trojan horses?

Cybercriminals use Trojan horses to mask malicious operations under the guise of legitimate software to infiltrate systems.

What key security policy should employees adopt regarding unknown contacts?

Employees should not give in to pressure from unknown individuals regarding security issues.

What role does employee education play in organizational security?

Employee education on key security policies empowers individuals to take ownership of security issues.

What method do cybercriminals use in a remote code execution attack?

They exploit vulnerabilities in applications to execute commands with the privileges of the user running the application.

What is the first step in defending against application attacks?

Writing solid code and treating all external input as hostile.

What characterizes spam emails that might indicate they are malicious?

Indicators include lack of a subject line, misspelled words, and urgent requests to update account details.

How do outdated applications contribute to application attacks?

Outdated applications may have unpatched vulnerabilities that can be exploited by attackers.

What should an employee do upon receiving a suspicious email?

They should report it to their cybersecurity team for further investigation.

What is privilege escalation in the context of application attacks?

It is an exploitation of a flaw that allows attackers to gain access to restricted resources.

What role does input validation play in application security?

It ensures that all external inputs are checked and treated as potentially harmful.

Why is it important to filter spam emails?

Spam emails can contain malicious links or malware that threaten the security of users.

What is the main risk associated with ransomware attacks after the ransom is paid?

Victims often do not regain access to their data even after paying the ransom.

What two main methods do Denial of Service attacks rely on?

They rely on overwhelming traffic and sending maliciously formatted packets.

How do Man-in-the-Middle attacks operate?

They intercept or modify communications between two devices, allowing attackers to steal or manipulate information.

What characterizes a Zero-Day attack?

A Zero-Day attack exploits software vulnerabilities before they are known or patched by the vendor.

What are some common ways ransomware spreads to victims?

Ransomware commonly spreads through phishing emails or exploiting software vulnerabilities.

What potential impact can a Denial of Service attack have on an organization?

It can cause significant loss of time and money due to service interruptions.

What role does user awareness play in preventing Man-in-the-Middle attacks?

User awareness is critical in recognizing phishing attempts and securing communications.

Which aspect of network security is crucial for defending against Zero-Day attacks?

Adopting a holistic view of network architecture is crucial for timely defenses.

Study Notes

Vulnerability and Threat

• Vulnerability: A weakness in a system that might be exploited to cause harm.
• Threat: A potential danger that might exploit a vulnerability.

Information Security Concepts

• Confidentiality: Keeping information secret and accessible only to authorized individuals.
• Integrity: Ensuring information is accurate and hasn't been tampered with.
• Availability: Making sure that information and systems are accessible when needed.
• Authentication: Verifying the identity of a user or device.
• Authorization: Granting specific access permissions to individuals or devices based on their role or need.
• Non-repudiation: Preventing parties from denying their involvement in a transaction or action.

Types of Attacks

• Passive Attack: Obtaining information without altering the system.
  • Interception: Intercepting information being transmitted.
  • Traffic Analysis: Analyzing network traffic patterns to gain information.
• Active Attack: Altering system functionality or data.
  • Masquerade Attack: Impersonating a legitimate user or system.
  • Modification/Alteration: Changing information without authorization.
  • Fabrication: Creating fake information or events.
  • Replays: Repeating legitimate transmissions, often after capturing and storing them.
  • Denial of Service (DoS) Attack: Overloading a system to make it unavailable.
  • Man-in-the-Middle Attack: Intervening in a communication between two legitimate parties.
  • Zero-Day Attack: Exploiting vulnerabilities before a patch is available.

Security Mechanisms

• Security mechanisms: Features, processes, or tools designed to protect information and systems.

Threats to Information Security

• Accidental Threats: Caused by human errors or natural disasters.
• Deliberate Threats: Intentional actions by attackers.

Attack Goals

• Confidentiality: Stealing sensitive information.
• Integrity: Tampering with data and systems.
• Availability: Disrupting operations and making systems unavailable.

Specific Attack Scenarios

• SolarWinds Hack: A supply chain attack where attackers compromised software updates from SolarWinds, allowing them to infiltrate networks using a backdoor.
• Colonial Pipeline Ransomware Attack: Attackers exploited vulnerabilities in Colonial Pipeline's systems, encrypting data and demanding ransom to restore it.
• T-Mobile Data Breach: Hackers gained access to sensitive data through a flaw in T-Mobile's systems, resulting in a massive data breach.

Preventing Security Breaches

• Robust Access Controls: Restricting access based on roles and needs.
• Regular Software Updates: Patching vulnerabilities in software.
• Employee Training: Teaching employees about security best practices.
• Strong Security Policies: Defining rules and procedures for secure information handling.

Security Challenges

• Open-Source Software Vulnerabilities: Bugs in popular open-source software can affect a large number of systems.
• Supply Chain Vulnerabilities: Attackers can target vulnerabilities in the supply chain to compromise organizations.
• User Threats: Users can accidentally or intentionally compromise security through careless actions.
• Device Vulnerabilities: Weak security on devices can create entry points for attackers.

Advanced Threats

• Advanced Persistent Threat (APT): A sophisticated and targeted attack, often conducted by nation-states or organized criminal groups.
• Backdoors and Rootkits: Hidden tools used by attackers to gain persistent access to systems.

Malware

• Computer Virus: Code that spreads from one program to another, often causing harm.
  • Logic Bomb: A program designed to cause harm at a specific time or under certain conditions.
  • Ransomware: Software that encrypts data and demands ransom for its decryption.
  • Worm: Self-replicating malware that spreads across networks without human interaction.
• Trojan Horse: Malware disguised as legitimate software.

Social Engineering

• Social Engineering: Manipulating people into revealing information or granting unauthorized access.
  • Shoulder surfing: Looking over someone's shoulder to see what they are typing.
  • Dumpster diving: Searching through trash for sensitive documents.
  • Impersonation: Pretending to be someone you are not.
  • Quid pro quo: Offering something in exchange for something else, often information.

Protecting Against Social Engineering

• Employee awareness: Training employees to recognize social engineering tactics.
• Strong passwords: Using unique and complex passwords.
• Avoiding phishing attempts: Being cautious about clicking on suspicious links or opening attachments.

Application Attacks

• Remote code execution: An attacker executes code on a victim's computer without their knowledge.
• Privilege escalation: Gaining higher-level access to a system.
• Input validation: Preventing attackers from manipulating input to exploit vulnerabilities.
• Spam filtering: Blocking unsolicited and potentially malicious emails.

Network Attacks

• Denial of Service (DoS): Overloading a network or system, making it unavailable to legitimate users.
  • Flood attack: Sending a massive number of requests to a server.
  • Slowloris attack: Sending slow, incomplete requests to a server.
• Man-in-the-Middle Attack: Intervening in a communication between two parties to intercept data.
• Zero-Day Attack: Attacking a vulnerability before a patch is available.

Protecting Networks

• Network segmentation: Dividing the network into smaller, isolated segments.
• Intrusion detection systems (IDS): Monitoring network traffic for suspicious activity.
• Firewalls: Filtering traffic based on rules to block unauthorized access.
• User awareness: Training users to recognize and avoid suspicious activity.

Description

Explore the fundamental principles of computer security, including the importance of the CIA Triad: Confidentiality, Integrity, and Availability. Learn how these concepts protect information systems from unauthorized access and modifications.