Introduction to Computer Security

Questions and Answers

PDF Questions PDF Answers

What is defined as a weakness in a system that might be exploited to cause harm?

Vulnerability (correct)

Threat

Security Policy

Attack

Which of the following represents a potential danger that might exploit a vulnerability?

Risk Assessment

Security Policy

Vulnerability

Attack (correct)

What type of attack involves unauthorized access to information, compromising confidentiality?

Fabrication

Modification

Disruption

Interception (correct)

What is meant by confidentiality in the context of information security?

Preserving authorized restrictions on information access and disclosure.

Which attack targets the integrity of information by tampering with it?

Modification

Which of the following describes integrity in information security?

Protecting data from unauthorized modification or destruction.

What attack is characterized by inserting counterfeit objects into a system?

Fabrication

What is the outcome of an attack focused on the availability of an asset?

Asset becoming lost or unusable

What does availability in the CIA Triad encompass?

Ensuring timely and reliable access to information.

Which concept ensures that a party cannot deny the authenticity of their actions?

Non-repudiation

Which of the following attacks would likely involve the unauthorized copying of files?

Interception

What type of threat can arise from natural disasters or human error?

Accidental Threat

What is a security mechanism?

A strategy designed to prevent, detect, or recover from security attacks.

Which of the following best defines a security attack?

An assault on system security violating the security policy.

Which of the following describes authorization in information security?

Defining what authenticated users are allowed to do.

What is meant by the term 'security services'?

Functions needed to ensure security objectives like secrecy and identification.

What was a significant outcome of the Colonial Pipeline ransomware attack in 2021?

Widespread disruption to fuel supply

What was a key security flaw in the T-Mobile data breach of 2021?

Inadequate encryption practices

How can better access controls help prevent vulnerabilities in supply chains?

By limiting unauthorized system access

What impact does attacking critical infrastructure have on public safety?

It reduces the trust in emergency services

What is a measure organizations should take to address vulnerabilities in widely used open-source software?

Regular system audits and vulnerability scans

What is the main characteristic of a passive attack?

It learns information without affecting system resources.

Which of the following is an example of an active attack?

Denial of service

What distinguishes masquerade attacks from other active attacks?

They involve impersonating a different entity.

Which of the following is a key goal of active attacks?

To detect attacks and recover from disruptions.

What is one of the methods used in passive attacks?

Traffic analysis.

Which of the following statements about active attacks is correct?

They modify the data stream or create false streams.

In which attack scenario are legitimate messages altered to create an unauthorized effect?

Message modification

How did the SolarWinds hack primarily occur?

Compromising a software update to a platform.

What might be the result of an attack on the availability of an asset?

The result could be that the asset becomes lost, unavailable, or unusable.

How can interception be characterized in terms of security threats?

Interception involves unauthorized parties gaining access to information, compromising confidentiality.

Explain the concept of modification in the context of information security.

Modification occurs when an unauthorized party tampers with the asset, affecting its integrity.

What does fabrication refer to in security threats?

Fabrication refers to unauthorized parties inserting counterfeit objects into a system.

What type of threats can result from human errors and natural disasters?

These threats are known as accidental threats, as they arise unintentionally.

What is a primary attack goal in security terms?

A primary goal is to violate the security policy by exploiting vulnerabilities.

Describe what interruption means within security threats.

Interruption means that an asset becomes lost or unusable due to an attack.

How does security policy relate to vulnerability and threat?

A security policy defines the standards and measures to protect against vulnerabilities and threats.

What does the 'Availability' aspect of the CIA Triad ensure in information security?

Availability ensures timely and reliable access to and use of information and systems.

Briefly explain what is meant by 'Integrity' in the context of information security.

Integrity involves protecting information from unauthorized modification or destruction.

What is the primary purpose of authentication in cybersecurity?

The primary purpose of authentication is to verify the identity of a user.

Describe the concept of non-repudiation in information security.

Non-repudiation ensures that a party cannot deny the authenticity of their actions.

How do security mechanisms contribute to information security?

Security mechanisms are designed to prevent, detect, or recover from attacks.

What is the significance of protecting confidentiality in information security?

Confidentiality preserves authorized restrictions on information access and disclosure.

Explain the role of authorization in a secure information system.

Authorization defines what an authenticated user is allowed to do.

What types of security services are necessary for maintaining information security?

Necessary security services include identification, authorization, and secrecy.

What is the primary difference between passive and active attacks?

Passive attacks attempt to learn or utilize information without affecting system resources, while active attacks modify system resources or disrupt operations.

Name two specific types of passive attacks.

The release of message contents and traffic analysis.

What are the challenges associated with preventing active attacks?

Active attacks are difficult to prevent due to a wide variety of physical, software, and network vulnerabilities.

What is a masquerade attack?

A masquerade attack occurs when one entity pretends to be a different entity to gain unauthorized access or information.

How does a replay attack function?

In a replay attack, a data unit is passively captured and retransmitted to create an unauthorized effect.

Explain what a denial of service attack entails.

A denial of service attack prevents or inhibits the normal use or management of communication facilities.

What was the main vulnerability exploited in the SolarWinds Hack of 2020?

The main vulnerability was a compromised software update to the SolarWinds Orion platform.

What is the purpose of traffic analysis in passive attacks?

Traffic analysis seeks to glean information from patterns in data transmission without altering the information itself.

What vulnerabilities were exploited in the Colonial Pipeline ransomware attack, and how could they have been prevented with improved security measures?

The attack exploited vulnerabilities in network security and incident response protocols. Better controls like regular system updates and enhanced monitoring could have mitigated these risks.

In the T-Mobile data breach, what key security flaws allowed hackers to access personal information of millions?

Weak security measures, including insufficient encryption and lack of multi-factor authentication, were major flaws. These weaknesses left personal data vulnerable to unauthorized access.

How did the Log4j vulnerability demonstrate the risks associated with widely used open-source software?

The Log4j vulnerability exposed many systems to potential attacks due to its widespread adoption. It highlighted the need for rigorous security monitoring and vulnerability management in open-source projects.

What are effective strategies for preventing ransomware attacks on critical infrastructure?

Strategies include regular backups, employee training on phishing, and implementing strong network segmentation. These measures can reduce the impact of potential ransomware attacks.

How could better access controls and system monitoring have prevented vulnerabilities in the supply chain?

Better access controls could ensure that only authorized users have system access, while robust monitoring would quickly identify unusual activities. Together, these measures enhance overall security.

Study Notes

Introduction to Computer Security

• Gene Spafford, professor of computer science at Purdue University, famously stated: "The only secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then, I have my doubts."
• Computer security emphasizes measures and controls to ensure confidentiality, integrity, and availability of information system assets, including hardware, software, firmware, and information processed, stored, and communicated.

The CIA Triad

• Confidentiality involves preserving authorized restrictions on information access and disclosure, protecting personal privacy, and proprietary information. Loss of confidentiality is the unauthorized disclosure of information.
• Integrity guards against improper information modification or destruction, ensuring non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.
• Availability ensures timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.

Beyond the CIA Triad

• Authentication verifies the identity of a user.
• Non-repudiation ensures that parties cannot deny the authenticity of their actions.
• Authorization defines what an authenticated user is allowed to do.

Terminology

• Security attacks are assaults on system security to evade security objectives and violate the system's security policy.
• Security mechanisms are designed to prevent, detect, or recover from attacks.
• Security services provide specific security functions.

Vulnerability, Threat, and Attack

• Vulnerability is a weakness in a system that might be exploited to cause harm.
• Threat is a potential danger that might exploit a vulnerability. Threats can be accidental (natural disasters, human error) or malicious (attackers, insider fraud).
• Attack is a deliberate attempt to evade security services and violate the security policy. Attacks exploit vulnerabilities.

Security Threats

• Security threats disrupt the normal flow of information between a source and destination.
• Interruption makes assets lost, unavailable, or unusable. Example: destruction of hardware, cutting communication lines, disabling file management systems.
• Interception grants unauthorized parties access to information. Examples: wiretapping, unauthorized copying of files.
• Modification involves unauthorized tampering with assets. Examples: changing database values, altering programs, modifying message content.
• Fabrication introduces counterfeit objects into a system. Examples: inserting offending messages, adding records to a file.

Security Attacks - Classification

• Passive attacks attempt to learn or use information from a system but don't affect system resources.
• Active attacks attempt to alter system resources or affect their operation.

Passive Attacks

• Two types of passive attacks are:
  • Release of message contents: The unauthorized access and viewing of sensitive information.
  • Traffic analysis: The gathering of information about communication patterns.

Active Attacks

• Active attacks involve data stream modification or the creation of false streams.
• They are difficult to prevent due to the vast array of possible physical, software, and network vulnerabilities.
• They are mitigated through detection and recovery from disruptions or delays caused by them.

Specific Active Attacks

• Masquerade: One entity pretends to be another. Often includes other forms of active attacks.
• Replay: Passive capture and retransmission of data to produce unauthorized effects.
• Modification of messages: Altering a portion of legitimate messages, delaying, or reordering them to produce unauthorized effects.
• Denial of service: Preventing or inhibiting the normal use or management of communication facilities.

Security in Daily Life

• Recent cybersecurity incidents raise discussion points about security measures in daily life.
• SolarWinds Hack (2020): Software update compromised allowing attackers to infiltrate government agencies and corporations.
• Colonial Pipeline Ransomware Attack (2021): Shutdown of a major fuel pipeline in the U.S. caused disruption.
• T-Mobile Data Breach (2021): Hackers gained access to personal information of over 40 million customers due to weak security measures.
• Log4j Vulnerability (2021): Critical vulnerability in the popular logging library Log4j allowed attackers to execute arbitrary code on affected systems.

Introduction to Computer Security

• Gene Spafford's quote: A secure system is extremely difficult to achieve, highlighting the complexity of information security.
• Definition of computer security: Measures and controls protecting information system assets, including hardware, software, firmware, and information processed, stored, and communicated.

The CIA Triad

• Confidentiality: Protecting information from unauthorized disclosure, safeguarding personal and proprietary information. Loss of confidentiality means unauthorized disclosure.

  • Example: Encryption in online banking protects sensitive information.

• Integrity: Safeguarding information against unauthorized modification or destruction, ensuring non-repudiation and authenticity. Loss of integrity means unauthorized modification or destruction.

  • Example: Digital signatures in file verification ensure data integrity.

• Availability: Guaranteeing timely and reliable access and use of information. Loss of availability disrupts access or use of information systems.

  • Example: Load balancing and backups ensure system functionality and accessibility.

Expanding Beyond the CIA Triad

• Authentication: Verifying a user's identity using methods like biometrics or two-factor authentication.

• Non-repudiation: Ensuring a party cannot deny their actions. For example, digital signatures in contracts provide a mechanism to prevent denials.

• Authorization: Defining what an authenticated user can do based on access control policies.

Terminology: Attacks, Mechanisms, and Services

• Security attack: An attempt to evade security objectives and violate system security policies.

• Security mechanism: A tool designed to prevent, detect, or recover from attacks.

• Security service: Security functions required for identification, authorization, secrecy, etc.

Vulnerability, Threat, and Attack

• Vulnerability: A weakness in a system that could be exploited to cause harm.

• Threat: A potential danger that could exploit a vulnerability. Threats can be accidental or malicious.

• Attack: A deliberate attempt to evade security services and violate security policies. Attacks exploit vulnerabilities.

Security Threats

• Interruption: Disrupts asset availability, causing loss, unavailability, or unusable state.
  • Example: Destruction of hardware, cutting communication lines, or disabling file management systems.
• Interception: Unauthorized access to information, violating confidentiality.
  • Example: Wiretapping or unauthorized file copying.
• Modification: Unauthorized tampering with assets, violating integrity.
  • Example: Changing database values, altering programs, or modifying message content.
• Fabrication: Inserting counterfeit objects into the system, violating authenticity.
  • Example: Inserting inappropriate messages, adding records to files.

Security Attacks: Classification

• Passive attacks: Attempt to learn or use information without affecting system resources.

  • Release of message content: Interception of confidential information.
  • Traffic analysis: Analyzing communication patterns to gain insights.

• Active attacks: Attempt to alter system resources or affect their operation. Difficult to prevent due to diverse vulnerabilities. Aim is to detect and recover from disruptions

  • Masquerade: One entity pretending to be another. May involve other active attacks.
  • Replay: Capturing data and retransmitting it for unauthorized purposes.
  • Modification of messages: Altering or manipulating messages for unauthorized effects.
  • Denial of service: Preventing or obstructing normal use or management of communication facilities.

Recent Cybersecurity Incidents for Discussion

• SolarWinds Hack (2020): Hackers exploited a software update to infiltrate government agencies and corporations.
• Colonial Pipeline Ransomware Attack (2021): A ransomware attack disrupted a major fuel pipeline, impacting public safety and the economy.
• T-Mobile Data Breach (2021): Hackers gained access to personal information due to weak security measures.
• Log4j Vulnerability (2021): A critical vulnerability in the logging library allowed attackers to execute arbitrary code.

Description

Explore the fundamental principles of computer security, including the importance of the CIA Triad: Confidentiality, Integrity, and Availability. Learn how these concepts protect information systems from unauthorized access and modifications.