SWE3002 - Information and System Security

Questions and Answers

What is the primary purpose of bit stuffing in data transmission?

To ensure data integrity through error checking (correct)

To compress data for reduced transmission size

To encrypt the data being transmitted

To enhance the performance speed of data transfer

What does a digital signature primarily ensure in data transmission?

Authentication of the sender's identity (correct)

Real-time data monitoring

Integrity of the data being sent

Complete confidentiality of the data

Which mechanism is used to select secure routes for data under suspicious conditions?

Trusted functionality

Event detection

Security audit trail

Routing control (correct)

What is the purpose of a security audit trail?

To collect data for independent security reviews

What role does trusted functionality play in security mechanisms?

It ensures compliance with security policies

What is a common method used in masquerade attacks?

Using stolen login identifications and passwords

Which of the following best describes a replay attack?

Capturing data traffic and resending it as if it were the original sender

What does message modification involve?

Altering or delaying parts of a message

What does a denial of service attack primarily prevent?

The normal use of communications facilities

How is authentication typically secured?

Through the use of username and password

What determines who can access data in an access control system?

Role management

Which principle ensures that only the sender and receiver can access shared information?

Confidentiality

What is non-repudiation in security services?

Ensuring that a user cannot deny involvement in a transaction

What is the primary focus of the OSI security architecture?

Addressing security attacks, mechanisms, and services

Which of the following best describes a security mechanism?

A process designed to detect, prevent, or recover from a security attack

What characterizes a passive attack?

It aims to learn or utilize information without affecting system resources

Which type of passive attack involves analyzing transmitted information without accessing its content?

Traffic analysis

What is a common technique used to mask the contents of messages during a passive attack?

Encryption

Which of the following is NOT a type of active attack?

Traffic analysis

What is a defining characteristic of a masquerade attack?

Pretending to be a legitimate user to gain access

What distinguishes an active attack from a passive attack?

Active attacks result in compromised data integrity

What is the primary purpose of integrity in data communication?

To guarantee that the information received is accurate and unchanged

Which security mechanism establishes proof of origin and integrity of data?

Nonrepudiation

How does encipherment protect data during communication?

By encrypting the data to make it unreadable

What role does notarization play in communication security?

It serves as a mediator to reduce conflict between parties

Which mechanism is used specifically to enforce access rights to resources?

Access control

What is the result if the integrity of a message is compromised during its transmission?

The original content is no longer accurate

What does authentication exchange ensure in data communication?

The identity of the communicating parties is verified

Which security mechanism focuses on maintaining the accuracy of data units?

Data integrity

Study Notes

OSI Security Architecture

• Focuses on security attacks, mechanisms, and services.
• Security attack: Action that compromises organizational information security.
• Security mechanism: Process to detect, prevent, or recover from security attacks.
• Security service: Enhances the security of data processing systems and information transfers.

Security Attacks

• Attacks can be categorized as passive or active.

Passive Attacks

• Aim to gather information without altering system resources.
• Two types:
  • Release of message contents: Capturing sensitive information in communications (e.g., phone calls, emails).
  • Traffic analysis: Analyzing patterns of traffic without revealing content; commonly masked by encryption.
• Difficult to detect as they do not alter data.

Active Attacks

• Involve modification of data streams.
• Subdivided into:
  • Masquerade: Intruder impersonates a legitimate user to gain unauthorized access.
  • Replay: Captured data reused to deceive the receiver; the receiver thinks it’s an original message.
  • Message modification: Altering message contents to produce unauthorized effects (e.g., changing file access permissions).
  • Denial of Service (DoS): Disrupting normal communication services to target specific entities.

Security Services

• Authentication: Verifying user or system identity, often through usernames and passwords.
• Access Control: Regulating who can access information and the extent of their access.
• Confidentiality: Ensuring only authorized parties can access shared information, protecting against unauthorized access.
• Integrity: Assuring received information is accurate and unaltered during transmission.
• Non-repudiation: Ensuring proof of origin and integrity of data, preventing either party from denying the receipt or sending of messages.

Security Mechanisms

• Encipherment: Hiding data through algorithms, ensuring confidentiality.
• Access Control: Mechanisms to enforce user access rights to resources.
• Notarization: Involves a trusted third party to mediate communication, reducing conflict risks.
• Data Integrity: Mechanisms ensuring the consistency and accuracy of data.
• Authentication exchange: Two-way confirmation of identities at the TCP/IP layer.
• Traffic padding (Bit stuffing): Adding extra bits to ensure data integrity during transmission.
• Digital Signature: Electronic signature added by the sender to verify identity and data integrity.
• Routing Control: Selects secure physical routes for sensitive data.

Pervasive Security Mechanisms

• Trusted Functionality: Identifies correct processes per security policy.
• Security Label: Enhances object security through labels attached to data.
• Event Detection: Identifies security-relevant events.
• Security Audit Trail: Collects data for independent reviews of security systems.
• Security Recovery: Mechanisms for recovering from security breaches.

Description

This quiz covers Module 1, Topics 2 and 3 of SWE3002, focusing on the OSI security architecture. Key concepts include security attacks, mechanisms, and services essential for safeguarding information. Test your knowledge on how these elements work together to secure organizational data.