352CIS-3 Chapter 6

Questions and Answers

What is the main benefit of using isolation in systems?

• To prevent unauthorized data access
• To eliminate the need for user authentication
• To contain faults within compromised components (correct)
• To allow free interaction between components

How does encapsulation contribute to security in programming?

• By enforcing uniform interface methods across the system
• By allowing internal structure changes without affecting other parts (correct)
• By merging data and operations into one entity
• By making data accessible to all system parts

What does the principle of modularity aim to achieve in software design?

• To centralize all code in a single module
• To enable independent development of separate modules (correct)
• To create tightly coupled components for efficiency
• To restrict access to the entire system

What does simplicity of design focus on in secure systems?

Minimizing the number of mechanisms in operation (B)

What does the open design principle promote?

Allowing external scrutiny of design and code (A)

Which principle would best prevent a single individual from abusing system privileges?

Separation of Duties (B)

What is NOT a goal of the encapsulation principle?

To expose the internal state of an object (B)

In which way does isolation provide a security advantage?

It prevents the spread of security breaches between components (D)

Which of the following is a characteristic of simplicity of design?

Design principles eliminating redundancy (D)

How can modularity enhance security in systems?

By allowing isolated testing and development of components (A)

What is the primary challenge involved in balancing security and usability in IT?

Determining the fine line between security and usability. (B)

Why might users disable or avoid using two-factor authentication (2FA)?

The implementation is too complicated and inflexible. (A)

What defines a trust relationship in IT?

A secured communication channel allowing authentication and authorization. (A)

What is one benefit of establishing a trust relationship between domains?

It allows user accounts to be used across different domains. (C)

What is the main benefit of ensuring a system provides depth in defense?

It requires attackers to overcome multiple security layers. (B)

How does poor usability impact a security system?

It may cause users to bypass security measures. (D)

What is meant by 'Fail-Safe Defaults' in system design?

The system's default state is secure, denying access automatically. (D)

What constitutes a secure user-device interaction?

A trust relationship between systems. (A)

How does the principle of 'Least Astonishment' contribute to system security?

By making the system's response consistent and predictable. (A)

Which factor is critical in the design of effective security measures?

A balanced integration of security and usability. (D)

What is an example of a poor design choice in security systems?

Making authentication steps too burdensome. (D)

What does minimizing the 'Trust Surface' in an IT ecosystem achieve?

It facilitates easier risk assessment and enhances security posture. (A)

What role does simplicity play in secure system design?

It enhances user understanding and compliance. (A)

What is the main focus of secure design principles?

To ensure systems are free from vulnerabilities. (B)

Why is usability an essential aspect of secure design?

It ensures people can safely use systems without confusion. (C)

Which aspect is often overlooked in security system designs?

The balance between security features and usability. (C)

Which of the following best describes 'Encapsulation' in system design?

Hiding the inner workings of a system from users. (D)

What does the principle of 'Open Design' advocate in system architecture?

Making every aspect of the system transparent for user understanding. (B)

How does 'Simplicity of Design' contribute to security?

By minimizing potential vulnerabilities and enhancing understandability. (C)

What is a core benefit of modularity in system design?

It allows for easier identification and isolation of vulnerabilities. (B)

What is the primary benefit of modular design in software applications?

It allows for independent updates and secure patching of modules. (A)

How does the principle of 'Simplicity of Design' affect security?

By ensuring that complex mechanisms do not create vulnerabilities. (D)

Complete mediation ensures what in a security system?

That all accesses to resources are authenticated and authorized. (B)

What advantage does 'Minimization of Implementation' offer?

It reduces the chance of a security breach affecting all users. (A)

In the context of layering and defense-in-depth, what is a key feature?

Multiple security measures provide coverage even if one layer falls. (D)

What is a potential drawback of complex system designs?

They can increase the chances of introducing errors and vulnerabilities. (B)

Which of the following best describes 'Encapsulation' in a software context?

Hiding the implementation details and exposing only the necessary components. (A)

Which principle helps to ensure that individual modules in a software application can be updated without affecting others?

Modularity. (C)

Why is testing important in the context of simplicity of design?

A simpler system design is easier to test and reduce potential vulnerabilities. (D)

Separation of Duties allows a single user to have multiple privileges to effectively manage the system.

False (B)

Layering and Defense-in-Depth is a strategy that strengthens security by using multiple layers of defenses.

True (A)

Fail Safe Defaults means that the system will grant maximum privileges to users by default.

False (B)

The principle of Least Astonishment dictates that a system's behaviour should not surprise the users.

True (A)

Minimizing the Trust Surface involves increasing the number of areas where trust is required in a system.

False (B)

In Layering and Defense-in-Depth, if one layer is compromised, the next layer will provide ongoing protection.

True (A)

The principle of Fail Secure ensures that a system continues to operate even during a failure.

False (B)

Least Astonishment is primarily concerned with user experience and not with security.

False (B)

Separation of Duties can help prevent fraud by dividing tasks among different individuals.

True (A)

A smaller Trust Surface generally results in a more susceptible system to attacks.

False (B)

Layering and defense-in-depth allows attackers to compromise a system without overcoming multiple barriers.

False (B)

Fail-Safe Defaults require that systems grant access by default unless explicitly denied.

False (B)

The principle of Least Astonishment aims to create unpredictable user interactions with a system.

False (B)

Minimizing the Trust Surface increases the number of components that need to be trusted, thereby enhancing security.

False (B)

The concept of Fail Secure ensures that a system exposes resources to unauthorized users during a failure.

False (B)

A system following Secure Design principles is likely to demonstrate a commitment to minimizing vulnerabilities.

True (A)

In the context of usability, systems should be designed in a complex manner to prevent user misunderstanding.

False (B)

Defensive measures such as firewalls and intrusion detection systems contribute to the depth of defense in security.

True (A)

Fail-Safe Defaults are not important because systems can recover from unauthorized access automatically.

False (B)

Reducing the Trust Surface can lead to a more manageable security architecture by minimizing potential vulnerabilities.

True (A)

Separation of Duties is not a principle that enhances security by dividing tasks among multiple users.

False (B)

Layering and Defense-in-Depth ensures that if one layer of security is compromised, other layers provide additional protection.

True (A)

Fail Safe Defaults refers to setting security measures that deny access unless explicitly granted.

True (A)

The Least Astonishment principle suggests that systems should operate in unpredictable ways to enhance security.

False (B)

Minimizing the Trust Surface in a system reduces the number of points that can be attacked, thereby enhancing security.

True (A)

Fail Secure ensures that if a system encounters an error, it operates in a secure mode limiting access.

True (A)

The defense-in-depth strategy incorporates multiple security layers to counteract physical attacks only.

False (B)

Separation of Duties does not typically reduce the risk of insider threats.

False (B)

Layering security measures creates redundancy, making a system more robust against breaches.

True (A)

The primary aim of Fail Safe Defaults is to allow maximum access to users unless restrictions are applied.

False (B)

Separation of duties is an essential principle in IT security that prevents one individual from having too much control over any single action.

True (A)

Layering and defense-in-depth strategies aim to rely solely on a single security measure to protect sensitive information.

False (B)

Fail safe defaults ensure that a system operates in a secure manner by default when a failure occurs.

True (A)

The principle of least astonishment dictates that system behavior should be surprising to users in order to improve security.

False (B)

Minimizing the trust surface in an IT ecosystem involves reducing the number of trusted interactions to improve security.

True (A)

A failed authentication process in a secure system should automatically grant access to users based on their previous successful logins.

False (B)

Fail secure systems prioritize preserving functionality over security when a failure occurs.

False (B)

The principle of least astonishment is disrupted when users encounter unexpected behaviors in a system, thereby increasing security risks.

True (A)

Effective separation of duties can lead to a lack of accountability in IT security processes.

False (B)

Flashcards

Benefit of Multiple Defense Layers

Adding multiple layers of security (firewalls, intrusion detection, anti-malware) makes it harder for attackers to penetrate a system.

Fail-Safe Defaults

Systems should be secure by default; access should be denied unless explicitly allowed.

Least Astonishment

Systems should behave predictably, ensuring users don't accidentally compromise security.

Minimize Trust Surface

Reduce the number of components and interactions a system trusts to lower attack opportunities.

Trust Surface

The collection of components, systems, data, and interactions a system trusts. A smaller trust surface means less that needs protection.

Secure Design

Building security into software/hardware from the start, focusing on prevention through testing and best practices.

Usability in Security

Designing systems to be easy to use and less prone to human error, enhancing security.

Security vs. Usability

Finding the right balance between strong security measures and easy-to-use systems is crucial for IT security.

2-Factor Authentication (2FA)

A security measure requiring two forms of verification for access, enhancing security.

Trust Relationship (IT)

A secure connection between systems, enabling verification and authorization for users and resources.

User Benefit

User experience of completing tasks easier and more efficiently.

Plug-in Architectures

Modular systems where modules/plugins can be added or updated independently.

Simplicity of Design

Systems should be as simple and small as possible to reduce security flaws.

Minimization of Implementation

Limit shared functions/mechanisms to reduce impact of breaches on users.

Open Design

Security shouldn't rely on secret designs; designs and mechanisms should be testable and transparent.

Complete Mediation

All resource accesses must be checked for permissions every time.

Layering and Defense-in-Depth

Multiple overlapping security layers for protection even if one layer fails.

Separation of Duties (SOD)

No single user/role has the privileges to compromise the entire system on their own.

Isolation

System components are separated to contain security breaches within a specific part.

Encapsulation

Objects hide their internal data and operations, exposing only necessary interfaces.

Modularity

Software is divided into independent yet cohesive modules, each performing a specific function.

Economy of mechanism

Designing a system with the least number of components possible.

Minimization of Implementation

Employing the least possible mechanisms to achieve a given function, thereby reducing implementation risks.

Open Design

Making the system's design and architecture publicly available for scrutiny, ideally to expose potential weaknesses.

Complete Mediation

Every access attempt to system resources must be checked for authorization.

Layering and Defense in Depth

Implementing multiple layers of security controls to protect against various attack vectors.

Fail-Safe Defaults

System defaults should be secure.

Fail-Secure

When an error or security issue occurs, the system should be prevented from escalating privileges or allowing unintended consequences by reverting to a secure state.

Separation of Duties

No single user/role has enough privilege to compromise a system on their own.

Isolation

System components are separated to contain security breaches within a specific part.

Encapsulation

Objects hide internal data and operations, exposing only necessary interfaces.

Modularity

Software is divided into independent modules to handle specific functions.

Simplicity of Design

Systems should be as small and simple as possible to reduce vulnerabilities.

Minimization of Implementation

Use limited mechanisms to achieve functions to reduce failure risk.

Open Design

Security shouldn't depend on secret designs; designs are testable and transparent.

Complete Mediation

Every system resource access needs permission check.

Layering and Defense-in-Depth

Multiple overlapping security layers for added protection.

Multiple Defense Layers

Adding layers of security (firewalls, intrusion detection, anti-malware) makes a system harder to break into.

Fail-Safe Defaults

Systems should be secure by default, denying access unless explicitly allowed.

Least Astonishment

Systems should act predictably to avoid user mistakes or errors causing security breaches.

Minimize Trust Surface

Reduce the parts of a system that need trust for security.

Trust Surface

The components, data, and interactions a system relies on that need to be trustworthy.

Plug-in Architectures

Modular systems where individual modules or plugins can be added or updated independently.

Simplicity of Design

Systems should be as simple and small as possible to minimize security flaws.

Security Design

Building security directly into systems and software from the start.

Usability in Security

Designing systems that are easy to use, reducing human errors leading to safety issues.

Minimization of Implementation

Limit shared functions/mechanisms to reduce the impact of a breach and enhance security.

Open Design

Security should not rely on secret designs. Designs and mechanisms should be transparent and testable.

Complete Mediation

Every access attempt to system resources must be checked for authorization.

Layering and Defense-in-Depth

Implementing multiple overlapping security layers to protect against varied attack vectors.

Benefit of Usability

Users can complete tasks easily and efficiently.

Security vs Usability

Balancing strong security with ease of use for IT systems.

2FA

Two-factor authentication; requires two verification steps.

Trust Relationship (IT)

Secure connection between systems for authentication & user access to resources between them.

Study Notes

Secure-by-Design Principles

• Secure-by-design principles provide a framework for creating secure systems.
• These guidelines help designers and developers consider security throughout the design process.
• Creating systems that protect against attacks is the objective.

Agenda

• Fundamentals and Importance of Secure Design for Programs and Systems
• Separation of Duties
• Isolation
• Encapsulation
• Modularity
• Simplicity of Design (Economy of mechanism)
• Minimization of Implementation (Least common mechanism)
• Open Design
• Complete Mediation
• Layering and Defense-in-Depth
• Fail Safe Defaults and Fail Secure
• Least Astonishment
• Minimize Trust Surface
• Secure Design and Usability
• Trust Relationships

Fundamental Security Design Principles

• These guidelines provide a framework for secure systems.

Separation of Duties

• No user should have enough privileges to misuse the system.
• SOD makes unauthorized system access, modification, or deletion more difficult.
• It prevents both internal and external abuses.
• Breaking down tasks into steps and assigning them to multiple people is one approach.

Isolation

• Components of a system remain separate, interacting only through defined methods.
• Isolation prevents security breaches in one component from spreading.
• Virtual machines on the same physical host are an example.

Encapsulation

• Objects encapsulate data and operations. This hides internal state via interfaces.
• Encapsulation's benefit is the ability to change internal structure without affecting other parts.
• An object's data isn't directly accessible; methods act as access points.

Modularity

• Software is divided into separate modules developed independently but operate cohesively.
• Modularity improves maintainability, comprehensibility, and enables secure updates.
• Independent development and securing of each module is useful.

Simplicity of Design

• Systems should be as simple and small as possible.
• Fewer security flaws are a result of simplicity.
• Easier to test and verify security properties in simple systems.
• Fewer lines of code and complex protocols are better.

Minimization of Implementation

• Sharing of functions/mechanisms is minimized and shared among different users.
• Mutual security is enabled.
• Reduces the likelihood of a breach affecting all users.
• Individual user sessions, not shared ones, are better.

Open Design

• A system's security should not rely on the secrecy of its design or implementation.
• Design should be testable and transparent.
• Widespread expert review can lead to flaw identification and correction.
• Open standards like AES or TLS are examples; encryption algorithms are typically open for public review, but not keys.

Complete Mediation

• Every access to a system's resources must be checked for authority.
• All actions need security enforcement every time.
• Prevents unauthorized access, leaving no vulnerabilities.
• File systems checking permissions every time a file is accessed is an example.

Layering and Defense-in-Depth

• Security is implemented in overlapping layers.
• Defense-in-depth protects even when a single layer fails.
• Networks with firewalls, intrusion detection systems, and anti-malware technologies are examples.

Fail-Safe Defaults

• The default system state is secure in the event of failure.
• Access is denied by default; explicit permission is needed.
• Protects against accidental exposure of resources to unauthorized users.
• Firewalls are one example: blocking all traffic by default, allowing only what's explicitly allowed.

Least Astonishment

• Users must not be surprised by system behavior.
• User actions' system responses need to be consistent and predictable.
• Predictable systems are less vulnerable to misuse (both intentional and accidental).
• User interface consistency is key.

Minimize Trust Surface

• The "attack surface" in cybersecurity is reduced by minimizing trust surface.
• It represents the volume of trusted components, systems, data, and interactions within an IT ecosystem.
• Every component of a system should be vetted for its trust.
• Reduces potential areas for attackers.
• Fewer open ports in a firewall helps to minimize trust surface.

Secure Design and Usability

• Security by design is a method of creating software systems with no vulnerabilities.
• Continuous testing, authentication safeguards, and best practices are part of this.
• Maintaining customer trust requires demonstration of processes focusing on protecting the delivery of their products
• Designing systems that are easy for people to use and understand, allowing use safely.
• Users can achieve tasks readily and efficiently.

Balancing Security and Usability

• Determining the balance between security and usability is crucial.
• Security and usability are often at odds, so a balance between them is key.
• The design needs to prevent vulnerabilities while being easy for users to understand and use.

Trust Relationships

• Secure communication channels between domains, systems, or entities are trust relationships.
• Authentication and authorization of users and resources between domains are facilitated.
• Use in partner-vendor relationships, and for user-device interaction are trust relationships.
• Enables global groups and user accounts between domains.