SWE3002 Information and System Security Quiz

Questions and Answers

What is the primary purpose of computer security?

• To optimize network speeds
• To enhance software performance
• To protect data and thwart hackers (correct)
• To manage user access levels

Which term describes measures that protect data during its transmission?

• Computer Security
• Network Security (correct)
• Data Encryption
• Internet Security

What is a security attack?

• A method of monitoring network traffic
• A protocol for secure data transfer
• A service for enhancing data processing
• Any action that compromises information security (correct)

What is a security mechanism designed to do?

Detect, prevent, or recover from security attacks (A)

Which of the following enhances the security of data processing systems?

Security Service (D)

What is the primary purpose of cryptographic algorithms in network security?

To deter unauthorized access through encryption (B)

Which encryption method utilizes a single key for both encryption and decryption?

Symmetric encryption (B)

What is one method of distributing secret keys in a secure manner?

Secure protocols like SSH (C)

Which of the following is NOT a method of defense mentioned for network security?

Application whitelisting (A)

Which of the following best describes the role of authorization in network access security?

To restrict access to only authorized users (A)

What is a common characteristic of asymmetric encryption?

It requires two different keys for secure communication. (B)

Which of the following is an example of a physical control in network security?

Smartcards for secure identification (D)

What security service is exemplified by a protocol like Secure Shell (SSH)?

Message encryption/decryption (C)

What is the main distinction between passive and active attacks?

Passive attacks do not affect system resources, but active attacks do. (A)

Which type of attack is characterized by eavesdropping on communications?

Passive Attack (C)

What type of attack involves a malicious entity pretending to be another?

Masquerade (B)

Which of the following is an attack on data integrity?

Modification (A)

Denial of Service attacks primarily target which security objective?

Availability (C)

Which of the following is NOT a type of passive attack?

Replay (C)

What is a goal of security mechanisms?

To detect, prevent, or recover from security attacks (A)

Which security service ensures that data has not been altered?

Integrity (D)

What is an example of eavesdropping in passive attacks?

Monitoring network traffic (A)

How are cryptographic techniques generally classified?

As underlying elements of many security mechanisms (D)

Which of the following describes a challenge of computer security?

Security is often an afterthought. (B)

What is one of the primary security goals concerning data access?

Availability (D)

Which security service attempts to confirm the identity of a user or system?

Authentication (A)

Which term describes the unauthorized alteration of a message?

Modification (B)

Flashcards are hidden until you start studying

Study Notes

Course Overview

• SWE3002 focuses on Information and System Security with current editions from William Stallings as primary textbooks.
• Recent publications include the sixth and seventh editions of "Cryptography & Network Security."

Key Security Concepts

• Computer Security: A collection of tools designed to safeguard data and deter hackers.
• Network Security: Protects data during transmission across networks.
• Internet Security: Ensures data is protected over interconnected networks.

Aspects of Information Security

• Security Attack: Any act compromising information security.
• Security Mechanism: Designed to detect, prevent, or recover from attacks.
• Security Service: Enhances security for data processing systems and information transfers.

Security Attack Classification

• Passive Attacks: Eavesdropping to gain information without affecting system resources. Examples include:
  • Release of message contents
  • Traffic analysis
• Active Attacks: Altering system resources or impacting operations, including:
  • Masquerade: Pretending to be another entity.
  • Replay: Capturing data for unauthorized retransmission.
  • Modification of messages: Altering or delaying messages.
  • Denial of Service (DoS): Disrupting normal use of communications facilities.

Types of Security Threats

• Interruption: Attacks targeting availability.
• Interception: Breach of confidentiality.
• Modification: Integrity attacks.
• Fabrication: Authenticity attacks.

Primary Security Goals

• Objective is to ensure data and computing service security.

Challenges in Computer Security

• Complexity in security features and potential attack vectors.
• Security strategies often counter-intuitive and require constant monitoring.
• Security investment benefits become apparent only after failures occur.
• Strong security may hinder operational efficiency and user experience.

Security Services and Mechanisms (X.800)

• Security Services:
  • Confidentiality
  • Authentication
  • Integrity
  • Non-repudiation
  • Access control
  • Availability
• Security Mechanisms:
  • Cryptographic techniques including encipherment, digital signatures, and access controls.

Models for Network Security

• Requires designing algorithms for security transformations and generating secret keys.
• Involves establishing protocols for encryption and user authentication.

Network Access Security Model

• Authentication: Using functions to verify user identities.
• Authorization: Implementing controls for legitimate access to information.

Defense Methods

• Encryption: Securing sensitive data.
• Software Controls: Limiting database and operating system access.
• Hardware Controls: Using devices like smart cards for secure identification.
• Policies: Enforcing regular password changes and security practices.
• Physical Controls: Protecting physical access to systems.

Cryptographic Algorithms

• Symmetric Encryption: Uses a single key for encrypting large data blocks or streams.
• Asymmetric Encryption: Employs two different keys for concealing small data blocks used in digital signatures.
• Data Integrity Algorithms: Safeguard blocks of data to ensure they remain unchanged.