Security

Card Set Information

Author:
Anonymous
ID:
128120
Filename:
Security
Updated:
2012-01-16 08:10:19
Tags:
Security Tag
Folders:

Description:
Test
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user Anonymous on FreezingBlue Flashcards. What would you like to do?


  1. Define computer security
    The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, information, data...).
  2. What is the OSI security architecture?
    It defines a systematic approach for managers, describing a way of organizing the task of providing security.
  3. What is the difference between passive and active security threats?
    Passive attacks have to do with eavesdropping on, or monitoring transmissions. Email, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gainunauthorized access to computer systems.
  4. List and briefly define categories of passive and active network security attacks.
    Passive: Unauthorized Disclosure. Active: Deception, Disruption, Usurpation (An event that results in control of system services of functions by an unauthorized entity)
  5. List and briefly define categories of security services.
    Authentication, Access Control, Data Confidentiality, Data Integrity, Non-repudiation (Prevents either sender or receiver from denying a transmitted message), Availability
  6. List and briefly define categories of security mechanisms.
    Encipherment, Digital Signature, Access Control, Data Integrity, Authentication Exchange, Trusted Functionality, Event Detection, Security Audit Trail
  7. What are the essential ingredients of a symmetric cipher?
    Plaintext, Encryption algorithm, Secret key, Ciphertext, Decryption algorithm
  8. What are the two principal requirements for the secure use of symmetric encryption?
    – A strong encryption algorithm. The opponent should be unable to decrypt ciphertext or discover the key even if he or she is in possession of a number of ciphertexts together with the plaintext that produced each ciphertext. – Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure.
  9. List three approaches to message authentication.
    – Using conventional encryption – Using public-key encryption –Using a secret value
  10. What is a message authentication code?
    A small block of data, that is appended to a message to assure that the sender is authentic and that the message is unaltered.
  11. What properties must a hash function have to be useful for message authentication?
    – H can be applied to a block of data of any size. – H produces a fixed length output. – H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical –For any given value h, it is computationally infeasible to find x such that H(x) = h (one-way property). – For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x) (weak collision resistant) – It is computationally infeasible to find any pair (x, y) such that H(x) = H(y) (strong collision resistant)
  12. What are the principal ingredients of a public-key cryptosystem?
    Plaintext, Encryption algorithm, Public and private keys, Ciphertext, Decryption algorithm
  13. List and briefly define three uses of a public-key cryptosystem.
    Encryption/decryption: The sender encrypts a message with the recipient's public key. Digital signature: The sender "signs" a message with its private key. Key exchange: Two sides cooperate to exchange as session key. Several different approaches are possible, involving the private key(s) of one or both parties.
  14. What is the difference between a private key and a secret key?
    The key used in conventional encryption is typically referred to as a secret key. The two keys used for public-key encryption are referred to as the public key and the private key.
  15. What is a digital signature?
    A mechanism for authenticating a message. Bob uses a secure hash function, such as SHA-512, to generate a hash value for the messageand then encrypts the hash code with his private key, creating a digital signature. Bob sends the message with the signature attached. When Alice receives the message she calculates a hash value for the message, decrypts the signature using Bob's public key and compares the calculated hash value to the decrypted hash value. If the two hash values match, Alice is assured that the message must have been signed by Bob. It is important to emphasize that the digital signature does not provide confidentiality.
  16. What is a public-key certificate?
    A certificate consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party (= certificate authority CA). The user can then publish the certificate and anyone needing this user's public key can obtain the certificate and verify that it is valid by means of the attached signature.
  17. How can public-key encryption be used to distribute a secret key for symmetric encryption?
    Digital Envelope - Bob does the following:– Prepare a message – Generate a random symmetric key that will be used this time only. – Encrypt that message using symmetric key encryption with the one-time key. – Encrypt the one-time key using public-key encryption with Alice's public key. – Attach the encrypted one-time key to the encrypted message and send it to Alice.
  18. In general terms, what are four means of authenticating a user's identity?
    Something the individual knows: Examples includes a password, a personal identification number (PIN), or answers to a prearranged set of questions. Something the individual possesses: Examples include electronic key-cards, smart cards, and physical keys. This type of authenticator is referred to as a token. Something the individual is (static biometrics): Examples include recognition by fingerprint, retina, and face. Something the individual does (dynamic biometrics): Examples include recognition by voice pattern, handwriting characteristics, and typing rhythm.
  19. How does behavior-blocking software work?
    Behavior-blocking software integrates with the operating system of a host computer and monitors program behavior in real-time for malicious actions. The behavior blocking software then blocks potentially malicious actions before they have a chance to affect the system.
  20. In general terms, how does a worm propagate?
    – Search for other systems to infect by examining host tables or similar repositories of remote system addresses. – Establish a connection with a remote system. – Copy itself to the remote system and cause the copy to be run.
  21. List and briefly describe the principal threats to the secrecy of passwords?
    Offline dictionary attack: The attacker obtains the system password file and compares the password hashes against hashes of commonly used passwords. If a match is found, the attacker can gain access by that ID/password combination. Specific account attack: The attacker targets a specific account and submits password guesses until the correct password is discovered. Popular password attack: A variation of the preceding attack is to use a popular password and try it against a wide range of user Ids. Password guessing against single user: The attacker attempts to gain knowledge about the account holder and system password policies and uses that knowledge to guess the password.Workstation hijacking: The attacker waits until a logged-in workstation is unattended. Exploiting user mistakes: Strict polices force more complicated password and the user is more likely to write it down because it is difficult to remember. An attacker may trick the user or an account manager into revealing a password (also: preconfigured passwords for system administrators are a threat) Exploiting multiple password use Electronic monitoring: If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping.
  22. Which attacks against passwords do you know? Name and briefly describe three
    Offline dictionary attack: The attacker obtains the system password file and compares the password hashes against hashes of commonly used passwords. If a match is found, the attacker can gain access by that ID/password combination. Specific account attack: The attacker targets a specific account and submits password guesses until the correct password is discovered. Popular password attack: A variation of the preceding attack is to use a popular password and try it against a wide range of user Ids. Password guessing against single user: The attacker attempts to gain knowledge about the account holder and system password policies and uses that knowledge to guess the password.Workstation hijacking: The attacker waits until a logged-in workstation is unattended. Exploiting user mistakes: Strict polices force more complicated password and the user is more likely to write it down because it is difficult to remember. An attacker may trick the user or an account manager into revealing a password (also: preconfigured passwords for system administrators are a threat) Exploiting multiple password use Electronic monitoring: If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping.
  23. What are the two common techniques used to protect a password file?
    Using a salt value. This salt is stored in plaintext with the hash from (salt + password). Password File Access Control. The hashed passwords are kept in a separate file from the user Ids referred to as shadow password file. Only privileged users have access to this file.
  24. List and briefly describe four common techniques for selecting or assigning passwords.
    – User education – Computer-generated passwords – Reactive password checking: The system periodically runs its own password cracker and notifies the user if it was able to crack his or her password.– Proactive password checking: The user chooses his password based on rules given by the system (eg. at least eight characters long etc.)
  25. Explain the difference between a simple memory card and a smart card.
    Memory Card: Stores but does not process data. Smart Card: Has a microprocessor, different types memory, I/O ports etc. May also have a crypto coprocessor and an embedded antenna.
  26. List and briefly describe the principal characteristics used for biometric identification.
    Facial characteristics, Fingerprints, Hand geometry, Retinal pattern, Iris, Signature, Voice
  27. In the context of biometric user authentication, explain the terms, enrollment, verification, and identification.
    Enrollment: Each individual who is to be included in the database of authorized users must first be enrolled in the system. Verification: The user enters a PIN and also uses a biometric sensor. Identification: The individual uses the biometric sensor but presents no additional info.
  28. Define the terms false match rate and false non-match rate, and explain the use of a threshold in relationship to these two rates.
    False match rate: It measures the percent of invalid inputs which are incorrectly accepted. False non-match rate: It measures the percent of valid inputs which are incorrectly rejected. By moving the threshold, the probabilities can be altered but note that a decrease in false match rate necessarily results in an increase in false non-match rate, and vice versa
  29. Describe the general concept of a challenge-response protocol.
    The host generates a random number r and returns it to the user (=challenge). In addition, the host specifies two functions, a hash function h() and another function f() to be used in the response. The user calculates f(r', h(P')), where r' = r and P' is the user's password. When the response arrives, the host compares the incoming result to the calculated f(r, h(P)) and if it matches the user is authenticated. Advantages: Only the hashes of the passwords have to be stored and they do not have to betransmitted directly, so i cannot be captured during transmission.
  30. Briefly define the difference between DAC and MAC.
    Discretionary access control: Controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do. Mandatory access control: Controls access based on comparing security labels with security clearances.
  31. Define race condition. State how it can occur when multiple processes access shared memory.
    A race condition occurs when multiple processes and threads compete to gain uncontrolled access to some resource. Without suitable synchronization of accesses, it is possible that values may be corrupted or changes lost.
  32. How does RBAC relate to DAC and MAC?.
    Role-based access control: Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.
  33. List and define the three classes of subject in an access control system.
    Owner: This may be the creator of a resource, such as a file. Group: In addition to the privileges assigned to an owner, a named group of users may also be the granted access rights. World: The latest amount of access is granted to users who are able to access the system but are not included in the categories owner and group of this resource.
  34. In the context of access control, what is the difference between a subject and an object?
    A subject is an entity capable of accessing objects (eg. user, application, process). An object is resource to which access is controlled. An object is an entity used to contain information (eg. records, files, directories, processors, communication ports)
  35. What is the difference between an access control list and a capability ticket?
    In practice, an access matrix is usually sparse and is implemented by decomposition in one of two ways. The matrix may be decomposed by columns, yielding access control lists. For each object, an ACL lists users and their permitted access rights. Decomposition by row yields capability tickets. A capability ticket specifies authorized objects and operations for a particular user.
  36. What is a protection domain?
    A protection domain is a set of objects together with access rights to those objects. In terms of the access matrix, a row defines a protection domain. Although, in the protection domain model a user can spawn processes with a subset of access rights of the user. This is useful for servers to spawn processes for different classes of users and for not fully trusted processes to reduce their access rights to a safe subset.
  37. Briefly define the four RBAC models of Figure 4.9a.
    RBAC 0 : contains the minimum functionality for an RBAC system. RBAC 1 : includes the RBAC 0 functionality and adds role hierarchies, which enable one role to inherit permissions from another role.RBAC 2 : includes RBAC 0 and adds constraints, which restrict the ways in which the components of a RBAC system may be configured.RBAC 3 : contains the functionality of all the other three models.

What would you like to do?

Home > Flashcards > Print Preview