Modern Network Security Threats

Questions and Answers

Which scenario exemplifies a vulnerability in a communication network?

• Multi-factor authentication requires users to verify their identity through multiple channels.
• An unencrypted Wi-Fi network allows eavesdropping on transmitted data. (correct)
• A security audit identifies and patches a software bug before exploitation.
• A firewall blocks unauthorized access attempts, preventing a potential intrusion.

If a database containing customer information becomes accessible to unauthorized personnel due to a misconfiguration, which category of vulnerability does this represent?

• Corrupted
• Unavailable
• Leaky (correct)
• Slow

Which of the following actions constitutes an active attack?

• Sniffing network packets to capture sensitive information.
• Analyzing system logs to detect suspicious activity.
• Gaining unauthorized access to a server and deleting critical system files. (correct)
• Monitoring network traffic to identify patterns of communication.

Which type of attack is characterized by an individual within an organization exploiting their authorized access to compromise sensitive data?

Inside attack (C)

A company experiences a Distributed Denial-of-Service (DDoS) attack that overwhelms its servers, making its online services inaccessible to customers. Which category of vulnerability is being exploited in this scenario?

Availability (B)

Flashcards

Vulnerability

A flaw or weakness in a system that can be exploited.

System Resources

Assets users and owners want to protect, including hardware, software, data, and networks.

Types of Vulnerabilities

Categories of weaknesses, such as corrupted data, information leakage, or system unavailability.

Active Attack

An attempt to alter system resources or affect their operation.

Passive Attack

An attempt to gather information without affecting system resources.

Study Notes

Modern Network Security Threats

• Modern network security threats encompass various aspects
• Key security requirements include confidentiality, integrity, and availability
• Threat types and examples related to different computer/network assets are discussed
• Functional requirements for computer security are summarized
• Fundamental security design principles, attack surfaces, and attack trees are explained
• A comprehensive security strategy is suggested, involving specification, implementation, and correctness/assurance
• The assets of a computer system can be categorized as hardware, software, data, and communication lines/networks
• Vulnerability categories, including corruption, leakage, and unavailability, are detailed
• Different types of attacks (active and passive) are classified based on their origin (inside or outside)
• A model for computer security, presenting adversaries, attacks, countermeasures, risk, security policy, system resources, threats, and vulnerabilities, is outlined
• Components involved in authentication (user terminal/user, communications channel, and internet banking server) are discussed.
• Security strategies, including security policy, implementation, and correctness/assurance, are highlighted.
• Understanding different levels of impact on organizations/individuals in case of a security breach (low, moderate, high) is discussed
• Different security categories (unauthorized disclosure, deception, disruption, and usurpation) and related attacks are described
• Fundamental security design principles, such as economy of mechanism, fail-safe defaults, complete mediation, and open design, are presented
• Examples for CIA in the context of student grades, hospital patient allergies, and a banking authentication system are given

Description

Explore modern network security threats, including confidentiality, integrity, and availability. Learn about threat types, computer security requirements, and fundamental design principles. Understand vulnerability categories and different types of attacks.