Introduction to Computer Security

Questions and Answers

What is a vulnerability in a security context?

A deliberate attempt to breach security

An accidental event causing security failure

A potential danger that might exploit a system

A weakness in a system that might be exploited (correct)

Which of the following describes a threat?

An action taken to exploit a vulnerability

A potential danger that might exploit a vulnerability (correct)

A systematic attack on information systems

An intentional act to breach security

What type of attack results in loss of availability of assets?

Modification

Interception

Interruption (correct)

Fabrication

Which attack aims to compromise the confidentiality of information?

Interception

What is an example of modification in the context of a security threat?

Changing values of a database

What type of threat involves the insertion of counterfeit objects in a system?

Fabrication

Which example best illustrates a threat resulting from human error?

Accidental deletion of files

What does the term 'attack on integrity' refer to?

data tampering by unauthorized parties

What distinguishes a passive attack from an active attack?

Passive attacks do not affect system resources.

Which of the following is an example of a passive attack?

Traffic analysis

What is the primary goal of an active attack?

To detect and recover from system disruptions.

In which form of attack does one party impersonate another entity?

Masquerade attack

Which attack involves unauthorized retransmission of captured data?

Replay

What characterizes a denial of service attack?

It prevents normal communications use.

What was the main consequence of the Colonial Pipeline ransomware attack in 2021?

Increased fuel prices due to supply shortages

What is a fundamental challenge in preventing active attacks?

They can exploit a variety of vulnerabilities.

Which security flaws primarily contributed to the T-Mobile data breach in 2021?

Weak customer authentication and unencrypted data storage

How could the risks associated with the Log4j vulnerability have been mitigated by organizations?

By applying timely patches and updates to affected systems

Which historical incident exemplifies a widespread cyber attack through software compromise?

SolarWinds Hack.

What is a key prevention strategy for ransomware attacks in critical infrastructure?

Implementing regular data backups and user training programs

What best describes the implications of supply chain vulnerabilities?

They can lead to widespread disruptions across multiple sectors

What does the 'C' in the CIA triad stand for?

Confidentiality

Which of the following best describes 'integrity' in the context of information security?

Protecting against unauthorized information modification or destruction

What is a loss of availability in information security?

Disruption of access to or use of information or information systems

What does non-repudiation ensure in information security?

An authenticated user cannot deny their actions

Which of the following is an example of a security attack?

An attempt to evade security measures through deception

What role does access control play in information security?

To define what an authenticated user is permitted to do

Which of the following mechanisms contributes to maintaining confidentiality?

Encryption methods in online banking

What is the primary function of security mechanisms in information security?

To prevent, detect, or recover from security attacks

Study Notes

Introduction to Computer Security

• Gene Spafford, a computer science professor at Purdue University, made a point about the difficulty of securing systems.

Computer Security

• Computer security encompasses measures and controls to safeguard information system assets.

The CIA Triad

• Confidentiality: Protecting information from unauthorized access or disclosure.
• Integrity: Ensuring information remains accurate and unaltered.
• Availability: Guaranteeing timely and reliable access to information.
• Authentication: Verifying a user's identity.
• Non-repudiation: Preventing a party from denying their involvement in an action.
• Authorization: Defining what a user is allowed to do within a system.

Security Vulnerabilities, Threats, and Attacks

• A vulnerability is a weakness in a system that could be exploited.
• A threat is a potential danger that might exploit a vulnerability.
• An attack is a deliberate attempt to bypass security measures and violate system policy.
• Attack examples include interruption of service, interception of information, modification of information, and fabrication of information.

Security Attacks: Classification

• Passive attacks aim to gather information without affecting system resources.
• Active attacks aim to modify system resources or disrupt their operation.
• Types of passive attacks include:
  • Release of message content
  • Traffic analysis
• Types of active attacks include:
  • Masquerade: Impersonating a different entity.
  • Replay: Captures and retransmits data units for unauthorized purposes.
  • Modification of messages: Altering messages to cause unauthorized effects.
  • Denial of service: Preventing or hindering access to communication facilities.

Security in Daily Life

• SolarWinds Hack (2020): Attackers infiltrated multiple government agencies and private corporations by exploiting vulnerabilities in the SolarWinds Orion platform.
• Colonial Pipeline Ransomware Attack (2021): A ransomware attack disrupted a major fuel pipeline, highlighting the impact on critical infrastructure.
• T-Mobile Data Breach (2021): Weak security allowed hackers to access personal data of over 40 million customers.
• Log4j Vulnerability (2021): A widespread vulnerability in the Log4j library allowed attackers to execute arbitrary code.

Description

This quiz covers the fundamentals of computer security, including the principles of the CIA Triad: Confidentiality, Integrity, and Availability. It also explores common vulnerabilities, threats, and types of attacks that systems may face. Perfect for anyone looking to understand the essentials of protecting information systems.