Network Security and the CIA Triad

Questions and Answers

What is the MOST critical focus of network security, distinguishing it from general computer science?

• Achieving desired system behavior.
• Optimizing system performance.
• Ensuring user-friendly interfaces.
• Preventing undesired system behavior. (correct)

Which of the following scenarios BEST exemplifies a violation of the 'Confidentiality' principle within the CIA triad?

• An employee accidentally leaves a laptop containing unencrypted customer data on a train. (correct)
• A disgruntled employee intentionally deletes important project files from a shared drive.
• A server containing critical financial data crashes due to a power outage.
• A hacker modifies sensitive patient records in a hospital database.

In the context of network security, which of the following BEST describes the role of 'Authentication'?

• Verifying the identity of a user or system attempting to access resources. (correct)
• Ensuring that data remains unchanged during transmission.
• Controlling which resources a user can access after logging in.
• Encrypting data to prevent unauthorized viewing.

Which of the following scenarios BEST demonstrates a successful implementation of 'Physical Security' as a tool for confidentiality?

Storing sensitive data in a locked, windowless room accessible only by authorized personnel. (A)

What is the MOST significant characteristic of a 'Checksum' function used to ensure data integrity?

It produces a numerical value that is highly sensitive to even minor changes in the data. (D)

In the context of data integrity, how do 'Data Correcting Codes' provide an advantage over simple checksums?

They can automatically fix small errors in data, while checksums only detect them. (A)

Which of the following BEST describes the primary purpose of 'Computational Redundancies' in ensuring availability?

To provide backup systems that can take over in case of failures. (A)

How does 'Assurance' contribute to the overall security of a system?

It manages how trust is provided and managed within the system. (D)

Which of the following is the MOST critical function of 'Digital Signatures' in establishing Authenticity?

Providing non-repudiation, ensuring that the sender cannot deny having sent the message. (D)

Which of the following tools is MOST directly associated with achieving 'Anonymity' in online communications?

Proxies. (A)

What underlying principle is MOST directly compromised by 'Eavesdropping'?

Confidentiality. (C)

Which scenario BEST demonstrates the 'Alteration' threat in network security?

A malicious actor intercepts and modifies financial transaction data during transmission. (C)

Which is the PRIMARY goal of a 'Denial-of-Service' attack?

To prevent legitimate users from accessing a service or resource. (C)

What key element defines an act of 'Repudiation' in the context of network security?

The denial of having sent or received data. (B)

How would the use of a 'Mixing' tool help achieve anonymity?

By intertwining transactions, information, or communications to prevent tracing. (B)

In the CIA triad, what is the relationship between 'Confidentiality' and 'Integrity'?

Confidentiality protects against unauthorized disclosure, while integrity ensures data accuracy and completeness. (B)

Which of the following BEST represents a scenario where 'Authentication' and 'Authorization' are both successfully implemented?

A user enters the correct username and password but is only able to access public files. (D)

Which of the following is a critical distinction between 'Policies' and 'Protections' in the context of trust management?

Policies determine expectations, while protections enforce permissions. (B)

How does implementing 'Physical Protections' contribute to the overall 'Availability' of a system?

By ensuring that the system is resistant to environmental disruptions and physical damage. (D)

How does the concept of 'Non-Repudiation' relate to digital signatures and online transactions?

It prevents a sender from denying they sent a message. (B)

Which action would MOST directly mitigate the risk associated with 'Eavesdropping' attacks?

Encrypting network communications. (D)

What is the MOST effective method to counter a 'Man-in-the-Middle' attack?

Implementing end-to-end encryption. (A)

What strategy would be MOST effective in defending against a 'Denial-of-Service' attack?

Filtering malicious traffic. (A)

In a situation where a customer denies placing an order online, what security measure could offer protection against such 'Repudiation'?

Digital signatures. (D)

Within the context of 'Assurance', how do 'Permissions' interact with 'Policies' and 'Protections' to manage trust?

Permissions are behaviors allowed to agents, informed by policies and enforced by protections. (C)

Which of the following attack types PRIMARILY targets the 'Availability' aspect of the CIA triad?

Distributed Denial-of-Service (DDoS). (D)

An organization implements a system where user actions are logged and timestamped, providing an audit trail. Which security concept does this PRIMARILY support?

Non-Repudiation. (A)

A company decides to use homomorphic encryption. What security goal is BEST achieved by this technology?

Allowing computation on encrypted data without decryption. (A)

A network administrator notices unusual traffic patterns and suspects a network sniffing attack. What immediate action should they take to contain the potential damage?

Deploy intrusion detection systems and analyze network traffic. (C)

A company wants to ensure that even if there is a full breach of their data center, customer PII remains unreadable. Which of the following security measures BEST achieves this?

Encrypting all data at rest with rotating keys. (A)

A company's incident response team discovers that an attacker has successfully launched an SQL injection attack. What security principle has been MOST directly violated?

Integrity. (B)

An organization adopts a 'Zero Trust' security model. What fundamentally changes about their network security approach?

Every user and device, whether inside or outside the network, must be authenticated and authorized. (C)

How Can 'Aggregation' can be used to better achieve anonymity?

By combining and showing result data for all the entities, rather than any single entity. (B)

Why should security best-practices still be followed if obscurity is baked into a system?

Obscurity is only useful as a part of defense in depth. (C)

What is the BEST way to keep the password database secure?

Strong hashing algorithms with long, randomized salts. (A)

A server is undergoing an alteration attack. What is the BEST way to reduce the attack surface?

Reducing open ports and services. (C)

An attacker copies the files off a server, but the data itself is still secure. What CIA triad component has been affected?

Availability. (C)

What is the STRONGEST reason to use a VPN?

To gain security on untrusted networks. (A)

Flashcards

Computer/Network Security

Policies, processes, and practices to prevent unauthorized access or misuse of a computer network and its resources.

Desired Behavior

Achieving a desired behavior in computer science.

Preventing undesired behavior

Preventing undesired behavior in computer science.

Adversary

An enemy/hacker/adversary actively trying to circumvent security.

CIA Triad

Fundamental security objectives for data, information, and computing services.

Confidentiality

Preventing the disclosure of data to unauthorized parties.

Encryption

The process of converting information into a code to prevent unauthorized access.

Access Control

Rules limiting access to confidential information to those with a need to know.

Authentication

Determining someone's identity or role.

Physical Security

Physical barriers to limit access to protected resources.

Integrity

Protecting information from unauthorized modification.

Backups

Periodic archiving of data.

Checksums

Function that maps file contents to a numerical value for integrity checks.

Data Correcting Codes

Storing data so small changes can be automatically detected and corrected.

Availability

Ensuring authorized parties can access information when needed.

Physical Protections

Infrastructure to keep information available despite physical challenges.

Computational Redundancies

Computers and storage that serve as fallbacks during failures.

Assurance

How trust is provided and managed in computer systems.

Policies

Behavioral expectations for people or systems.

Permissions

Behaviors allowed by agents interacting with a person or system.

Protections

Mechanisms in place to enforce permissions and policies.

Authenticity

Ability to determine statements are genuine.

Digital Signatures

Cryptographic computations allowing commitment to document authenticity.

Nonrepudiation

Property that authentic statements cannot be denied.

Anonymity

Records/transactions not attributable to any individual.

Aggregation

Combining data from many individuals so sums cannot be tied to individuals.

Mixing

Intertwining transactions so they cannot be traced to individuals.

Proxies

Trusted agents acting without tracing back to the individual.

Alias

Fictional identities filling in for real ones in communications.

Eavesdropping

Interception of information intended for someone else.

Alteration

Unauthorized modification of information.

Man-in-the-Middle Attack

Attack where a network stream is intercepted, modified, and retransmitted.

Denial-of-Service

Interruption/degradation of a data service or information access.

Repudiation

Denial of a commitment or data receipt.

Study Notes

• Network security includes policies, processes, and practices to prevent, detect, and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
• Most of computer science focuses on achieving desired behavior.
• Security focuses on preventing undesired behavior.
• Security involves considering enemies/opponents/hackers/adversaries who are actively and maliciously trying to circumvent protective measures.

Principles of Security

• The CIA triad embodies fundamental security objectives for data, information, and computing services.
• CIA represents Confidentiality, Integrity, and Availability.

CIA Triad Explained

• Confidentiality prevents the disclosure of data to unauthorized parties.
• Integrity protects information from being modified by unauthorized parties.
• Availability ensures authorized parties can access information when needed.

Tools for Confidentiality

• Encryption is the process of converting information or data into a code to prevent unauthorized access.
• Access control (authorization) includes rules and policies that limit access to confidential information to individuals or systems with a "need to know".
• Authentication determines the identity or role of an individual, often through a combination of factors.
• Physical security involves establishing physical barriers to limit access to protected computational resources.

Integrity Tools

• Backups involve the periodic archiving of data.
• Checksums compute a function that maps the contents of a file to a numerical value.
• Data correcting codes involve methods for storing data.

Availability Tools

• Physical protections infrastructure meant to keep information available even in the event of physical challenges.
• Computational redundancies includes computers and storage devices that serve as fallbacks if there is failures.

Other Security Concepts

• A.A.A. refers to Authenticity, Assurance and Anonymity.

Assurance

• Assurance describes how trust is provided and managed in computer systems.
• Trust management relies on:
• Policies: specifies behavioral expectations for people or systems.
• Permissions: describes behaviors allowed by agents interacting with a person or system.
• Protections: mechanisms to enforce permissions and polices.

Authenticity

• Authenticity is being able to determine that statements, policies, and permissions issued by persons or systems are genuine.
• The primary tool for authenticity is digital signatures which allows a person or system to commit to the authenticity of their documents achieving nonrepudiation.
• Nonrepudiation is the property that authentic statements issued by some person or system can not be denied.

Anonymity

• Anonymity is the property that certain records or transactions are not attributable to any individual.
• Tools to achieve anonymity:
• Aggregation: combining data from many individuals so disclosed sums or averages can not be tied to any individual.
• Mixing: intertwining transactions, information, or communications in a way that cannot be traced.
• Proxies: trusted agents that are willing to engage in actions without being traced back to an individual.
• Alias: fictional identities used in communications/transactions, known only to a trusted entity.

Threats and Attacks

• Eavesdropping is the interception of information intended for someone else during transmission.
• Alteration: unauthorized modification of information.
• A Man-in-the-middle attack is an example of of alteration, where a network stream is intercepted, modified, and retransmitted.
• Denial-of-service is the interruption or degradation of a data service or information access.
• Email spam is an example of a denial-of-service.
• Repudiation is the denial of a commitment or data receipt.
• Repudiation involves backing out of a contract or protocol requiring receipt acknowledgements.