Security

studied byStudied by 18 people
5.0(1)
Get a hint
Hint

when is a system classed as secure?

1 / 90

flashcard set

Earn XP

Description and Tags

91 Terms

1

when is a system classed as secure?

A system is secure if its resources are used and accessed as intended under all circumstances- only designated users can access and use the correct resources

New cards
2

why is security important?

Security is important as systems containing data could be useful to competitors and loss of data can impair the corporation to function

New cards
3

what is the security problem?

total security cannot be achieved

New cards
4

how can we limit security breaches?

use security mechanisms such as

  • antivirus software

  • our behaviour

New cards
5

what is a security violation?

an intentional (malicious) or accidental breach/ breaking of security

intentional = malware

accidental = a link click/ easier to prevent against

New cards
6

what is an attack?

an attempt to breach security, doesn’t mean it has breached

New cards
7

what is a threat?

a potential security violation, something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer devices and networks.

New cards
8

what is an intruder?

a person who attempts to gain unauthorised access to a system

New cards
9

what does an intruder try to do?

  • attempts to damage a system or disturb the data on a system.

    • systems = refers to network systems, own system, house security, operating systems

  • attempts to violate security.

New cards
10

what are the different types of security violations?

breach of confidentiality

breach of integrity

breach of availability

theft of service

denial of service

breach CIA, service ToDay

New cards
11

what is a breach of confidentiality?

  • Involves unauthorised access to data (or theft of information). For example, credit-card information, identity information used for identity theft, etc.

  • can be done with an online system or can be physically done

  • can result in money for the intruder

New cards
12

what is a breach of integrity

  • Involves unauthorised modification of data. For example, changing the content of a website, changing the text of a message, modifying the source code of commercial application

New cards
13

what is a breach of availability?

  • Involves unauthorised destruction of data. For example, website defacement, etc.

New cards
14

what is a theft of service?

  • Involves unauthorised use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server.

  • recourses no longer accessible, or on own computer with malicious software that prevents own access

New cards
15

what is a denial of service? [security violation]

  • Involves preventing legitimate use of the system. Denial-of-service (DOS) by overwhelming the service with illegitimate traffic

  • web servers have capacity to serve number of users. many malicious requests (people/bots) that means legitimate users cannot access the web server.

  • e.g. Internet worm that lead into DOS attack when bug failed to delay spread

New cards
16

what are the different security violation methods?

masquerading

replay attack

man-in-the-middle attack

session hijacking

New cards
17

what is masquerading?

  • One participant in a communication pretends to be someone else (another host or another person).

  • This is a breach of authentication, as the participant has access that would not normally be allowed or obtain privileges to which would not normally be entitled.

  • the receiver doesn’t know that the communication is not with intended user

New cards
18

what is a replay attack?

  • Consists of the malicious or fraudulent repeat of a valid data transmission.

  • replay can be the whole attack eg. repeat of a request to transfer money → ordering online, can repeat the transaction and change the data to order something else, frequently along with message modification.

  • replay done with message modification, the attacker changes details in communication without the sender’s knowledge (change authorised details of a user to hackers details during an authentication request )

New cards
19

what is a man-in-the-middle attack?

An attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice versa.

New cards
20

what is session hijacking?

  • Intercept an active network communication to bypass authentication.

New cards
21

what is a security measure?

an action to make it difficult or costly for an attack and be successful in order to deter perpetrators

New cards
22

do we need to PREVENT or DETECT attacks?

both, but in some cases e.g. DOS attack

  • better to PREVENT attacks

  • sufficient to DETECT attacks so counter measures can be taken

New cards
23

what are the different security level measures?

physical

human

operating system

network

New cards
24

what is the physical security measure level?

  • the sites containing the computer systems must be physically secured from intruder entry

  • Data centres, servers, connected terminals

  • (eg. door locked, access cards, access to the physical space/ resource)

New cards
25

what is the human security measure level?

  • authorization ensures only authorised users, but authorised users can be encouraged or tricked into giving away their access

  • Avoid social engineering such as phishing (fake email), dumpster diving

  • phishing - urgent, legitimate-looking emails, when replying IP address and our info is stored somewhere, or we are submit sensitive information

  • dumpster dive- searching our bins, notebooks and gaining access

New cards
26

what is the operating system security measure level?

  • operating system needs to have protection mechanisms from accidental or purposeful security breaches, debugging

  • eg. runaway process = accidental DOS attack, bad query can reveal password, stack overflow can launch unauthorised processes

  • preventative measures include passwords managers, updating the os to get latest security patches

New cards
27

what is the network security measure level?

  • data travels over private leased lines, shared lines (Internet), wireless connections etc.

  • can lead to intercepted communications, interruption, DOS

  • firewalls

New cards
28

which security measure level is the weakest?

Security is as weak as the weakest link in the chain so all levels need to be maintained - physical and human levels must be ensured to allow operating system security to be ensured as weakness at higher levels allows lower level security to be circumnavigated

New cards
29

what are program threats?

programs that can do malicious actions like attacking other programs, by using a weakness in the protection mechanisms of a system

New cards
30

what are the types of program threats?

trojan horse

trap door

logic bomb

stack and buffer overflow

virus

[ turtle took lil squishes’s virus ]

New cards
31

what is a trojan horse?

  • a code segment that misused its environment eg. program runs in the users domain and is able to do anything that the user can do like block, modify, delete data

  • a program that pretends to be something else, e.g. login in system. the users details are stolen before the torjan redirects to the genuine page to not look suspicious

  • Install backdoor daemon = provides information/ allows easy access to information even if the original exploit is blocked

  • includes spyware - a program accompanied by another program the user has installed with goal to download ads, create popups, or capture user information

  • Can not self-replicate

New cards
32

what is a trap door?

  • a code designer leaves a “hole” for accessing the system that they can take advantage of later on

  • e.g. hardcoded credentials allows somebody else to access it without using the normal security procedures

  • difficult to detect as we have to analyse all of the source code

New cards
33

what is a logic bomb?

  • program activated under certain circumstances, e.g. coded to activate at at specific date/time eg. activated if employee is fired to damage the system

  • difficult to detect as the program acts normally under normal operations

New cards
34

what is a stack and buffer overflow?

  • The hacker exploits a bug in the program as a result of poor programming to write arguments into the return address on stack

  • hacker can write code in the stack that includes the commands that the hacker wants to execute

New cards
35

what is a virus?

  • A fragment of code embedded in a legitimate program

  • can come from spam emails downloading viral programs, exchanging infected disks, contained in documents that will execute automatically when in programs from Office suite like word or powerpoint.

  • a virus dropper inserts the virus into the system. once installed the virus can self-replicate, infect other programs and spread over a network, infect other machines e.g. email itself to other machines

  • can modify or destroy files, cause program malfunction and system crash

New cards
36

what are the type of viruses?

file/ parasitic

boot/ memory

macro

source code

polymorphic

encrypted

stealth

tunnelling

multipart

armoured

viruses find big, manly, snakes playing energetically to slowly make armour

New cards
37

what is a file/ parasitic virus?

infect system by appending self to file, causes system to jump to infected code and then return control to og program to leave no trace

New cards
38

what is a boot/ memory virus?

executes every time the system is booted and before operating system loaded, do not appear in file systems

New cards
39

what is a macro virus?

virus written in high level language like visual basic, triggered when a program is capable of executing a macro eg. macro contained in an excel spreadsheet. requires the user to do something to activate the macro

New cards
40

what is a source code virus?

modifies the source code to include the virus and help it to spread

New cards
41

what is a polymorphic virus?

virus that changes each time it is installed to avoid detection from antivirus - changes the virus signature but not virus function.

signature = pattern used to identify a virus

New cards
42

what is an encrypted virus?

virus includes decryption code to decrypt self and then execute to avoid detection

New cards
43

what is a stealth virus?

modifies parts of system that can detect viruses in order to be undetected

New cards
44

what is a tunnelling virus?

installs itself in the interrupt handler chain in order to bypass antivirus scanner detection

New cards
45

what is a multipart virus?

able to infect multiple parts of the system making it difficult to detect and contain

New cards
46

what is an armoured virus?

virus that is coded to make it hard for antivirus software to unravel and understand, eg. compression, unviewable file names

New cards
47

what are system/network threats?

  • threats that involve the abuse of services and network connections.

  • create a situation in which operating-system resources and user files are misused.

  • sometimes used to launch a program attack and vice versa.

New cards
48

what are the different types of system/ network threats?

worms

port scanning

denial of service

wow, plz dos

New cards
49

what are worms?

  • a process that uses the Spawn mechanism to copy itself / consume resources and lock other processes

  • Can self-replicate

  • Standalone → Unlike virus, doesn’t need the user to do anything for it to replicate

  • made up of 2 programs:

    • grappling hook - connects to the machine and uploads the main program onto the hooked system

    • main program - searches for other machines that the system can connect to and infect

  • E.G. MORRIS INTERNET WORM

New cards
50

what is port scanning?

  • a way for the attack to detect the systems vulnerabilities to attack

  • an automated attempt to make TCP/IP connection to a range of ports on one or a range of IP addresses

  • created sockets have port numbers, sockets help us communicate with systems. hacker will scan the ports to see which sockets are available and send the virus through that port, exploit bugs, install trojan horses, back door programs etc.

New cards
51

what are zombie systems?

systems that have previously been compromised and act as attackers by launching port scanners without even knowing

New cards
52

what is denial of service? [system/network threat]

  • Overload the targeted computer preventing legitimate use

  • easier than an attack to break the machine

  • 2 categories

    • use up all resources that no useful work can be done e.g. a Java applet to start pop up windows infinitely using up all CPU time

    • disrupt the network

  • result from abusing the TCP/IP functionality where TCP session partially started and can use up network resources

New cards
53

what is DDOS?

distributes denial of service - a DOS attack launched from multiple sites at once by zombies

New cards
54

what is cryptography?

the science/ study of secret writing + cipher systems

New cards
55

what is encryption?

the process of encoding a message in a way that the information can not be accessed by unauthorised parties, or if accessed, cannot be understood

New cards
56

what is decryption?

the process of decoding a message using a key

New cards
57

what is a key?

a secret that is selectively distributed used for encryption and decryption

New cards
58

what is a cipher/ cypher?

an algorithm used to perform encryption / decryption

New cards
59

what is plaintext?

the original message (unencrypted)

New cards
60

what s ciphertext?

the coded message (encrypted)

New cards
61

what is cryptosystem/ cipher system?

a set of algorithms for performing cryptography actions (e.g. encryption, decryption, key generation)

New cards
62

what is cryptanalysis?

the study of how to crack encryption algorithms

New cards
63

why do we need cryptography in a computer?

Source and destination of messages can be known and protected

New cards
64

why do we need cryptography in a network of computers?

  • No immediate and reliable way of determining the sender (machine or process) or the receiver

  • No way of knowing if there is an eavesdropper

New cards
65

how are IP addresses used in a network?

used to identify senders and receivers of messages

  • e.g. a request message arrives with a source IP address, a response messages is sent to this IP address

  • identifying the receiver from an ip address alone is not secure, cannot tell if there is a middle man etc.

New cards
66

what are the security weaknesses of IP addresses?

IP addresses can be spoofed

  • Cannot reliably determine who has sent the request

  • Cannot reliably determine who will receive the response

New cards
67

how does this IP address weakness affect the operating system?

If source IP addresses can not be trusted, difficult for operating system to

  • decide whether to grant a request

  • provide protection for a request or data when it cannot determine who will receive the response

New cards
68

why is cryptography needed?

since no network is trusted, cryptography is used to eliminate the need to trust the network for secure communication

New cards
69

what does cryptography enable?

  • a sender to encode its message so that only a computer with a certain key can decode the message

  • a recipient of a message to verify that the message was created by some computer possessing a certain key

New cards
70

what are the components of an encryption algorithm

5 components

<p>5 components</p>
New cards
71

what essential property must the encryption algorithm provide?

explanation -

only the computer holding the key [k] can decrypt the plaintext from the ciphertext

<p>explanation -</p><p>only the computer holding the key [k] can decrypt the plaintext from the ciphertext</p>
New cards
72

what is important to consider when creating keys?

must be infeasible to derive a key [k] from the ciphertext [c] as c is exposed

New cards
73

what are the 2 main types of encryption algorithm

symmetric

asymmetric

New cards
74

what is symmetric encryption?

the same key is used to encrypt and decrypt a message

New cards
75

how are keys handled in symmetric encryption?

  • the key [k] must be a shared secret - the key is kept between the 2 communicating entities only

  • key exchange can happen directly between 2 parties or via a trusted third party called a certificate authority

New cards
76

what are examples of symmetric encryption algorithms?

block ciphers

stream ciphers

New cards
77

what is a block cipher?

  • works to encrypt a block of bits at a time.

  • if the same key is used for encrypting an extended amount of data it becomes vulnerable to attack.

  • can become slow when the communication to encrypt is too long

New cards
78

what are examples of block ciphers?

DES - data-encryption standard cipher

Triple DES

AES - advances encryption standard cipher

New cards
79

what is DES?

  • used by NIST - national institute of standards and technology

  • takes a 64-bit value and a 56-bit key and performs transformations with substitution and permutation operations

New cards
80

what is Triple DES?

  • DES is insecure for applications so Triple DES created → DES algorithm repeated 3 times (2 encrypt, 1 decrypt) using 2 or 3 keys

New cards
81

what is AES?

  • also a block cipher adopted by NIST

  • more compact and efficient than DES

New cards
82

what is a stream cipher?

  • designed to encrypt a stream of bits rather than a block.

  • good for long communication lengths as block cipher would be too slow.

  • a key is an input into a pseudo-random bit generator to generate random bits used to form a keystream

New cards
83

what is a keystream?

infinite set of bits that encrypts a plaintext stream by XOR it with the plaintext

New cards
84

what is an example of a stream cipher?

RC4 - Rivest cipher 4

New cards
85

what is RC4?

  • invented by Ron Rivest 1987

  • considered insecure and has vulnerabilities

New cards
86

what is asymmetric encryption?

also called public key encryption

different keys are used for encryption and decryption

encryption key = public

decryption ket = private

New cards
87

how are keys handled in asymmetric encryption?

  1. the person who receives the encrypted message will generate a pair of private-public keys

  2. public key is available to everyone meaning anyone can encrypt messages

  3. private key is available to the private key holder meaning only they can decrypt the messages

New cards
88

what is an example of an asymmetrical encryption algorithm?

RSA

New cards
89

what is RSA?

  • most widely used encryption algorithm based on the difficulty of the factorisation of the product of two large prime numbers

  • relatively slow algorithm and often used for exchanging encrypted shared keys for symmetric key cryptography

  1. A user creates and publishes a public key based on two large prime numbers and an auxiliary value

  2. Anyone (any sender) can use the public key to encrypt a message

  3. The prime numbers must be kept secret – if the public key is large enough, only knowing the prime numbers enables decoding the message feasibly

New cards
90

how does asymmetric encryption compare to symmetric encryption?

Asymmetric is more computationally expensive to execute as it’s easier to encode and decode with symmetrical keys

New cards
91

when is asymmetric encryption best used?

  • Asymmetric is not good for general-purpose encryption of large amounts of data

  • Best used for encrypting small amounts of data, authentication, confidentiality, key distribution

New cards

Explore top notes

note Note
studied byStudied by 250 people
... ago
5.0(3)
note Note
studied byStudied by 38 people
... ago
5.0(3)
note Note
studied byStudied by 21 people
... ago
5.0(1)
note Note
studied byStudied by 1 person
... ago
5.0(1)
note Note
studied byStudied by 6 people
... ago
5.0(1)
note Note
studied byStudied by 15 people
... ago
4.5(2)
note Note
studied byStudied by 7 people
... ago
5.0(1)
note Note
studied byStudied by 139 people
... ago
5.0(2)

Explore top flashcards

flashcards Flashcard (34)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (23)
studied byStudied by 5 people
... ago
5.0(1)
flashcards Flashcard (242)
studied byStudied by 22 people
... ago
5.0(1)
flashcards Flashcard (47)
studied byStudied by 4 people
... ago
5.0(1)
flashcards Flashcard (20)
studied byStudied by 18 people
... ago
5.0(2)
flashcards Flashcard (110)
studied byStudied by 2 people
... ago
5.0(1)
flashcards Flashcard (26)
studied byStudied by 15 people
... ago
5.0(1)
flashcards Flashcard (62)
studied byStudied by 1167 people
... ago
5.0(1)
robot