Computer Security Midterm

Computer Security

Computer Security

Protection of information and systems from unauthorized access, use, disclosure, disruption, or destruction.

CIA Triad

Ensures confidentiality, integrity, and availability.

Security Analyst

Career path associated with CIS 4367: Computer Security.

Cryptographer

Career path associated with CIS 4362: Applied Cryptography.

Digital Forensics Examiner

Career path associated with CIS 4203: Digital Forensics.

Ethical Hacker

Career path associated with CIS 4204: Ethical Hacking.

Certified in Cybersecurity (CC)

An important certification in cybersecurity.

Certified Information Systems Security Professional (CISSP)

An important certification in cybersecurity.

Certified Ethical Hacker (CEH)

An important certification in cybersecurity.

Digital Forensics Certifications

An important certification in cybersecurity.

Collegiate Penetration Testing Competition (CPTC)

A popular cybersecurity competition.

Collegiate Cyber Defense Competition (CCDC)

A popular cybersecurity competition.

National Cyber League (NCL)

A popular cybersecurity competition.

Confidentiality

Protects information access and disclosure.

Integrity

Protects information from unauthorized modification.

Availability

Ensures reliable access to information.

Active Attacks

Includes replay, masquerade, tamper, denial of service (DoS).

Passive Attacks

Includes sniffing (listening to communications).

Attack surfaces

Includes network: open ports/services, software: code receiving inputs, human: social engineering attacks.

Symmetric Cipher

uses the same key for both encryption and decryption.

Secure Use of Symmetric Ciphers

The encryption key must be kept secure, and both the sender and receiver must have securely obtained copies of the key.

Brute-Force Attack

tries all possible keys until the correct one is found.

Block Ciphers

Encrypt data in fixed-size blocks (e.g., 64 or 128 bits).

Stream Ciphers

Encrypt data bit-by-bit or byte-by-byte.

Hash Function

Generates a fixed-length output from input data, ensuring data integrity.

Message Authentication Code (MAC)

Used to ensure the authenticity and integrity of a message.

Advanced Encryption Standard (AES)

More secure and efficient than DES, using block sizes of 128 bits and key lengths of 128, 192, or 256 bits.

Data Encryption Standard (DES)

Uses a 64-bit block size and a 56-bit key, making it vulnerable to brute-force attacks.

Secure Hash Function Properties

Must be efficient to compute, one-way, second pre-image resistant, and collision resistant.

Public-Key Cryptography

Uses two keys: a public key for encryption and a private key for decryption.

Digital Signature

Created by encrypting a hash of a message with the sender's private key.

Certificate Authority (CA)

Issues public-key certificates that bind a public key to the identity of its owner.

Diffie-Hellman Key Exchange

A method for securely exchanging cryptographic keys over a public channel.

Digital Envelope

Used to securely send a symmetric key by encrypting it with the recipient's public key.

Elliptic-Curve Cryptography (ECC)

Provides equivalent security to other cryptosystems but with much smaller key sizes.

Random Number vs. Pseudorandom Number

enerated from a truly nondeterministic process, vs is generated algorithmically.

User authentication

the process of determining the validity of one or more authenticators used to claim a digital identity, ensuring a subject is in control of the technologies used for authentication.

Functions of user authentication

The user identifies themselves by presenting one or more authenticators, and the system verifies these authenticators.

Requirements for identification and authentication security

Identify information system users, processes, or devices, and authenticate their identities.

Derived security requirements for authentication

Use multifactor authentication, employ replay-resistant mechanisms, prevent identifier reuse, disable inactive identifiers, enforce password policies, and store passwords cryptographically.

Multifactor authentication (MFA)

MFA requires using at least two types of authenticators from different categories: something you know, something you have, something you are, or how you behave.

Types of authenticators in user authentication

Something you know (e.g., password), something you have (e.g., ID badge), something you are (e.g., fingerprint), and how you behave (e.g., voice pattern).

Identity Assurance Levels (IAL)

IALs are qualitative measures for identity proofing, ranging from no identity proofing (IAL0) to IAL3, which requires in-person or supervised identity proofing.

Vulnerability of password-based authentication

Password-based authentication is vulnerable to attacks such as dictionary attacks, phishing, shoulder surfing, and session hijacking.

Hashed password

A hashed password is a password that has been converted into a fixed-length string of characters through a hash function, making it harder to reverse-engineer.

Purpose of salt in password hashing

Salt is used in password hashing to add randomness, making it harder for attackers to use precomputed hash values (e.g., rainbow tables) to crack passwords.

Shadow password file in Unix/Linux systems

The shadow password file stores hashed passwords and is only accessible to privileged users, enhancing the security of stored passwords.

Dictionary attack in password cracking

A dictionary attack involves trying a large list of common passwords against a password file to find matches.

Types of card-based tokens used in authentication

Card-based tokens include embossed cards, magnetic stripe cards, memory cards, and smart cards (contact or contactless).

Drawbacks of memory cards used for authentication

Memory cards require a special reader, can be lost, and may cause user dissatisfaction due to inconvenience.

Smart token

A smart token includes an embedded microcontroller and can process data, unlike memory cards that can only store data.

Categories of authentication protocols for smart tokens

The categories are static, dynamic password generator, and challenge-response protocols.

Biometric authentication

Biometric authentication uses unique physical characteristics such as fingerprints, facial features, or retinal patterns to authenticate users.

Common threats in remote user authentication

Common threats include host attacks, client attacks, eavesdropping, replay attacks, trojan horses, and denial-of-service attacks.

Improving security in remote user authentication

Using challenge-response protocols can counter threats such as eavesdropping and replay attacks.

Examples of biometric characteristics used in authentication

Examples include facial recognition, fingerprints, hand geometry, retinal patterns, and voice recognition.

Access Control (AC)

Access Control refers to the process of granting or denying specific requests to obtain and use information, enter physical facilities, or use system resources according to a security policy.

Classes of subjects in access control

The three classes are: Owner (the individual with the most control over the resource), Group (a set of individuals with identical access rights), and World (Others) (everyone else with the least amount of access).

Categories of access control policies

The four typical categories of access control policies are Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC).

Discretionary Access Control (DAC)

DAC restricts access based on the identity of subjects or their group membership. Access rights can be passed to other subjects and are commonly implemented with access matrices.

Access Control List (ACL)

ACL lists subjects and their access rights for a resource.

Capability Ticket

A Capability Ticket specifies authorized objects and operations for a subject.

Role-Based Access Control (RBAC)

RBAC assigns permissions based on the roles that users have within an organization. It simplifies access control by grouping access rights into roles instead of assigning rights to individual users.

Attribute-Based Access Control (ABAC)

ABAC grants access based on attributes of subjects, objects, and environmental conditions, allowing more flexibility and control than RBAC or DAC.

Access Control List (ACL) vs ABAC

Trust is derived from multiple sources based on attributes of subjects, objects, and the environment.

Graham-Denning model commands

1. Transfer access rights 2. Grant access rights 3. Delete access rights 4. Read access rights 5. Create an object 6. Destroy an object 7. Create a subject 8. Destroy a subject

Identity, Credential, and Access Management (ICAM)

ICAM is responsible for creating and managing trusted digital identities, binding them to credentials, and managing access to an organization's resources.

Key elements of Access Management

1. Resource management 2. Privilege management 3. Policy management

Identity Federation in ICAM

It allows organizations to trust digital identities and credentials issued by external entities, facilitating cross-organization collaboration.

Policy rule in ABAC

A policy rule is a boolean function that grants or denies access based on attributes of subjects, objects, and the environment.

Database security

Organizational databases concentrate sensitive information such as user credentials and financial data, making them valuable and vulnerable to attacks.

Challenges in database security

Complex DBMSs often lack sufficient protection, can consist of heterogeneous databases, and may not have full-time security personnel.

Database Management System (DBMS)

A suite of programs for constructing and maintaining databases, offering facilities for querying databases and supporting multiple users and applications.

Relational Database

A collection of tables (relations) consisting of rows and columns, where each column holds specific data and each row contains values for each column.

Primary Key

A unique identifier for each row in a table, consisting of one or more columns.

SQL (Structured Query Language)

A standardized language used to define schema, manipulate, and query data in a relational database.

SQL Injection (SQLi)

A network-based attack where malicious SQL commands are injected to exploit vulnerabilities in web applications, often to extract or modify data.

Types of SQLi attacks

Inband attacks (using the same channel for SQL injection and data retrieval) and Inferential attacks (using trial and error to deduce information).

Countermeasures against SQLi attacks

Defensive coding practices, parameterized query insertion, and detection methods like signature-based and anomaly-based systems.

Database Access Control

A system that determines what parts of a database users can access and what rights they have (e.g., create, delete, query, etc.).

Types of database access administration

Centralized, ownership-based, and decentralized administration.

SQL-based access control commands

The `GRANT` command to assign access and the `REVOKE` command to remove access rights.

Role-Based Access Control (RBAC) in databases

A method of managing access by assigning permissions to roles and assigning users to those roles, rather than managing individual user permissions.

Database Encryption

A security measure where data is encrypted to protect it as the last line of defense, though it can add overhead and make data search more difficult.

Homomorphic encryption

A technique that allows computations to be performed on encrypted data, producing results that are identical to those from unencrypted data.

Data Center

A facility housing servers, storage devices, and network equipment, generally with backup power, environmental controls, and security measures.

Key security techniques for data center assets

Encryption, firewalls, multi-factor authentication, and physical security measures like surveillance and security zones.

Telecommunications Industry Association TIA-492 standard

It specifies the minimum requirements for telecommunications infrastructure in data centers, including network security and system redundancy.

Malware

Classified based on how it spreads or propagates to targets (e.g., viruses, worms, trojans) and the actions or payloads it performs on targets (e.g., data corruption, stealing information).

Parasitic malware

Needs a host program (e.g., viruses).

Independent malware

Self-contained programs (e.g., worms, trojans, bots).

Attack Kit (Exploit Kit or Crimeware)

A set of tools that ease the development and deployment of malware, allowing attackers to generate new malware variants with different propagation and payload mechanisms.

Common sources of malware attacks

Individuals, hacker groups, criminals (including organized crime), state-sponsored organizations, and national government agencies.

Advanced Persistent Threats (APTs)

Well-resourced and persistent attacks using a variety of intrusion technologies, typically attributed to state-sponsored organizations aiming for business or political motives.

Characteristics of Advanced Persistent Threats (APTs)

Advanced: Use sophisticated techniques and tools; Persistent: Long-term, continuous efforts; Threats: Intend to completely compromise targets.

Virus

A piece of software that infects programs by injecting a copy of itself, replicates, and spreads to other programs, executing secretly when the host program runs.

Components of a virus

1. Infection mechanism (vector): How it spreads; 2. Trigger (logic bomb): Conditions for payload activation; 3. Payload: The malicious action performed.

Typical phases of a virus lifecycle

1. Dormant phase: Virus is idle; 2. Triggering phase: Virus is activated; 3. Propagation phase: Virus replicates and spreads; 4. Execution phase: Payload is delivered.

Macro virus

A virus that uses macro or scripting code within documents (like Word or Excel files) to execute and propagate when the document is opened.

Worm

A standalone malware that replicates itself to spread to other systems, often exploiting vulnerabilities, whereas a virus requires a host program to spread.