CSIT-460 Computer Security Lecture Notes Flashcards P2

Flashcards based on lecture notes about Computer Security, covering topics such as vulnerabilities, threats, attacks, and security measures.

What is Computer Security?

The protection of computer systems and information from harm, theft, and unauthorized use.

What two things is the security of a system always ‘relative’ to?

A set of desired properties and an adversary with specific capabilities.

What is a vulnerability in computer security?

A weakness or flaw in a system’s design, code, or management that can be exploited by attackers to cause harm.

Name classifications of vulnerabilities:

Where they happen (design, building, running, etc.), how detailed they are (hardware, software, etc.), what kind of problem (memory mistakes, timing, etc.) and how they are revealed (zero-day, known, shared).

What are the three possible causes of an impact related to vulnerability?

Deliberate actions (e.g., hacking), accidents (e.g., human error), and environmental events (e.g., power outages).

Define a potential attack.

The risk that someone could use a vulnerability to harm the system; it exists whenever there is a weakness that could be exploited.

Define an actual attack.

When someone intentionally tries to break a system’s security by exploiting a vulnerability.

What is an active attacker?

Someone who tries to change or damage a system.

What is a passive attacker?

Someone who just observes and collects information.

All cyberattacks are the realization of a , but not all of those result in an __.

cyber threat, attack

Define 'Alteration' in the context of cyber threats.

Unauthorized modification of information, such as in a man-in-the-middle attack.

Define 'Eavesdropping' in the context of cyber threats.

The interception of information intended for someone else during transmission.

Define 'Denial-of-service' in the context of cyber threats.

The interruption or degradation of a data service or information access.

Define 'Masquerading' in the context of cyber threats.

The fabrication of information that is purported to be from someone who is not actually the author.

Define 'Repudiation' in the context of cyber threats.

The denial of a commitment or data receipt.

Define 'Correlation and traceback' in the context of cyber threats.

The integration of multiple data sources and information flows to determine the source of a particular data stream or piece of information.

Name five reasons why people attack other’s systems:

To make money, because they're curious, for political or social reasons, because someone paid them, or to gather secrets or help their country.

What are intrusions?

Actions that try to break into computer systems to steal, change, or damage information.

What is STRIDE?

A threat modeling methodology used to categorize and identify potential security threats in a system including: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DoS), and Elevation of Privilege.

What is DREAD?

A methodology to quantify, compare, and prioritize security threats including: Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.

What is Threat Modeling

A structured set of assumptions about potential attacks that a system aims to defend against.

What is the first key step in Threat Modeling?

Scope Your Work by creating data flow diagrams (DFDs) to visualize system components and interactions.

Give possible mitigations for spoofing

Strong, unique passwords and MFA

Give possible mitigations for tampering

Endpoint protection and patching

Give possible mitigations for repudiation

Secure, remote log storage

Give possible mitigations for information disclosure

Data encryption and access controls

Give possible mitigations for Denial of Service (Dos)

Regular, offline backups

Give possible mitigations for Elevation of Privilege

Least privilege, password policies

What is an Intrusion Detection System (IDS)?

A security technology that monitors network traffic for suspicious activity and known threats, sending alerts or logs but not taking direct action to block threats.

What is an Intrusion Prevention System (IPS)?

A security technology that monitors network traffic for threats and automatically takes action to block, drop, or prevent malicious traffic from reaching its target.

Name three types of local attacks

Privilege Escalation, Physical Access, and Shoulder Surfing

Name three types of remote attacks

Exploiting vulnerabilities over Ethernet, WiFi, 3G/4G, Bluetooth, etc., using compromised disks, CD-ROMs, USB sticks, or other removable media to introduce malware and Manipulating individuals via phone calls or messages to gain unauthorized access or information.