Studied by 10 peopleTags & Description
when is a system classed as secure?
A system is secure if its resources are used and accessed as intended under all circumstances- only designated users can access and use the correct resources
why is security important?
Security is important as systems containing data could be useful to competitors and loss of data can impair the corporation to function
what is the security problem?
total security cannot be achieved
how can we limit security breaches?
use security mechanisms such as
antivirus software
our behaviour
what is a security violation?
an intentional (malicious) or accidental breach/ breaking of security
intentional = malware
accidental = a link click/ easier to prevent against
what is an attack?
an attempt to breach security, doesn’t mean it has breached
what is a threat?
a potential security violation, something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer devices and networks.
what is an intruder?
a person who attempts to gain unauthorised access to a system
what does an intruder try to do?
attempts to damage a system or disturb the data on a system.
systems = refers to network systems, own system, house security, operating systems
attempts to violate security.
what are the different types of security violations?
breach of confidentiality
breach of integrity
breach of availability
theft of service
denial of service
breach CIA, service ToDay
what is a breach of confidentiality?
Involves unauthorised access to data (or theft of information). For example, credit-card information, identity information used for identity theft, etc.
can be done with an online system or can be physically done
can result in money for the intruder
what is a breach of integrity
Involves unauthorised modification of data. For example, changing the content of a website, changing the text of a message, modifying the source code of commercial application
what is a breach of availability?
Involves unauthorised destruction of data. For example, website defacement, etc.
what is a theft of service?
Involves unauthorised use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server.
recourses no longer accessible, or on own computer with malicious software that prevents own access
what is a denial of service? [security violation]
Involves preventing legitimate use of the system. Denial-of-service (DOS) by overwhelming the service with illegitimate traffic
web servers have capacity to serve number of users. many malicious requests (people/bots) that means legitimate users cannot access the web server.
e.g. Internet worm that lead into DOS attack when bug failed to delay spread
what are the different security violation methods?
masquerading
replay attack
man-in-the-middle attack
session hijacking
what is masquerading?
One participant in a communication pretends to be someone else (another host or another person).
This is a breach of authentication, as the participant has access that would not normally be allowed or obtain privileges to which would not normally be entitled.
the receiver doesn’t know that the communication is not with intended user
what is a replay attack?
Consists of the malicious or fraudulent repeat of a valid data transmission.
replay can be the whole attack eg. repeat of a request to transfer money → ordering online, can repeat the transaction and change the data to order something else, frequently along with message modification.
replay done with message modification, the attacker changes details in communication without the sender’s knowledge (change authorised details of a user to hackers details during an authentication request )
what is a man-in-the-middle attack?
An attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice versa.
what is session hijacking?
Intercept an active network communication to bypass authentication.
what is a security measure?
an action to make it difficult or costly for an attack and be successful in order to deter perpetrators
do we need to PREVENT or DETECT attacks?
both, but in some cases e.g. DOS attack
better to PREVENT attacks
sufficient to DETECT attacks so counter measures can be taken
what are the different security level measures?
physical
human
operating system
network
what is the physical security measure level?
the sites containing the computer systems must be physically secured from intruder entry
Data centres, servers, connected terminals
(eg. door locked, access cards, access to the physical space/ resource)
what is the human security measure level?
authorization ensures only authorised users, but authorised users can be encouraged or tricked into giving away their access
Avoid social engineering such as phishing (fake email), dumpster diving
phishing - urgent, legitimate-looking emails, when replying IP address and our info is stored somewhere, or we are submit sensitive information
dumpster dive- searching our bins, notebooks and gaining access
what is the operating system security measure level?
operating system needs to have protection mechanisms from accidental or purposeful security breaches, debugging
eg. runaway process = accidental DOS attack, bad query can reveal password, stack overflow can launch unauthorised processes
preventative measures include passwords managers, updating the os to get latest security patches
what is the network security measure level?
data travels over private leased lines, shared lines (Internet), wireless connections etc.
can lead to intercepted communications, interruption, DOS
firewalls
which security measure level is the weakest?
Security is as weak as the weakest link in the chain so all levels need to be maintained - physical and human levels must be ensured to allow operating system security to be ensured as weakness at higher levels allows lower level security to be circumnavigated
what are program threats?
programs that can do malicious actions like attacking other programs, by using a weakness in the protection mechanisms of a system
what are the types of program threats?
trojan horse
trap door
logic bomb
stack and buffer overflow
virus
[ turtle took lil squishes’s virus ]
what is a trojan horse?
a code segment that misused its environment eg. program runs in the users domain and is able to do anything that the user can do like block, modify, delete data
a program that pretends to be something else, e.g. login in system. the users details are stolen before the torjan redirects to the genuine page to not look suspicious
Install backdoor daemon = provides information/ allows easy access to information even if the original exploit is blocked
includes spyware - a program accompanied by another program the user has installed with goal to download ads, create popups, or capture user information
Can not self-replicate
what is a trap door?
a code designer leaves a “hole” for accessing the system that they can take advantage of later on
e.g. hardcoded credentials allows somebody else to access it without using the normal security procedures
difficult to detect as we have to analyse all of the source code
what is a logic bomb?
program activated under certain circumstances, e.g. coded to activate at at specific date/time eg. activated if employee is fired to damage the system
difficult to detect as the program acts normally under normal operations
what is a stack and buffer overflow?
The hacker exploits a bug in the program as a result of poor programming to write arguments into the return address on stack
hacker can write code in the stack that includes the commands that the hacker wants to execute
what is a virus?
A fragment of code embedded in a legitimate program
can come from spam emails downloading viral programs, exchanging infected disks, contained in documents that will execute automatically when in programs from Office suite like word or powerpoint.
a virus dropper inserts the virus into the system. once installed the virus can self-replicate, infect other programs and spread over a network, infect other machines e.g. email itself to other machines
can modify or destroy files, cause program malfunction and system crash
what are the type of viruses?
file/ parasitic
boot/ memory
macro
source code
polymorphic
encrypted
stealth
tunnelling
multipart
armoured
viruses find big, manly, snakes playing energetically to slowly make armour
what is a file/ parasitic virus?
infect system by appending self to file, causes system to jump to infected code and then return control to og program to leave no trace
what is a boot/ memory virus?
executes every time the system is booted and before operating system loaded, do not appear in file systems
what is a macro virus?
virus written in high level language like visual basic, triggered when a program is capable of executing a macro eg. macro contained in an excel spreadsheet. requires the user to do something to activate the macro
what is a source code virus?
modifies the source code to include the virus and help it to spread
what is a polymorphic virus?
virus that changes each time it is installed to avoid detection from antivirus - changes the virus signature but not virus function.
signature = pattern used to identify a virus
what is an encrypted virus?
virus includes decryption code to decrypt self and then execute to avoid detection
what is a stealth virus?
modifies parts of system that can detect viruses in order to be undetected
what is a tunnelling virus?
installs itself in the interrupt handler chain in order to bypass antivirus scanner detection
what is a multipart virus?
able to infect multiple parts of the system making it difficult to detect and contain
what is an armoured virus?
virus that is coded to make it hard for antivirus software to unravel and understand, eg. compression, unviewable file names
what are system/network threats?
threats that involve the abuse of services and network connections.
create a situation in which operating-system resources and user files are misused.
sometimes used to launch a program attack and vice versa.
what are the different types of system/ network threats?
worms
port scanning
denial of service
wow, plz dos
what are worms?
a process that uses the Spawn mechanism to copy itself / consume resources and lock other processes
Can self-replicate
Standalone → Unlike virus, doesn’t need the user to do anything for it to replicate
made up of 2 programs:
grappling hook - connects to the machine and uploads the main program onto the hooked system
main program - searches for other machines that the system can connect to and infect
E.G. MORRIS INTERNET WORM
what is port scanning?
a way for the attack to detect the systems vulnerabilities to attack
an automated attempt to make TCP/IP connection to a range of ports on one or a range of IP addresses
created sockets have port numbers, sockets help us communicate with systems. hacker will scan the ports to see which sockets are available and send the virus through that port, exploit bugs, install trojan horses, back door programs etc.
what are zombie systems?
systems that have previously been compromised and act as attackers by launching port scanners without even knowing
what is denial of service? [system/network threat]
Overload the targeted computer preventing legitimate use
easier than an attack to break the machine
2 categories
use up all resources that no useful work can be done e.g. a Java applet to start pop up windows infinitely using up all CPU time
disrupt the network
result from abusing the TCP/IP functionality where TCP session partially started and can use up network resources
what is DDOS?
distributes denial of service - a DOS attack launched from multiple sites at once by zombies
what is cryptography?
the science/ study of secret writing + cipher systems
what is encryption?
the process of encoding a message in a way that the information can not be accessed by unauthorised parties, or if accessed, cannot be understood
what is decryption?
the process of decoding a message using a key
what is a key?
a secret that is selectively distributed used for encryption and decryption
what is a cipher/ cypher?
an algorithm used to perform encryption / decryption
what is plaintext?
the original message (unencrypted)
what s ciphertext?
the coded message (encrypted)
what is cryptosystem/ cipher system?
a set of algorithms for performing cryptography actions (e.g. encryption, decryption, key generation)
what is cryptanalysis?
the study of how to crack encryption algorithms
why do we need cryptography in a computer?
Source and destination of messages can be known and protected
why do we need cryptography in a network of computers?
No immediate and reliable way of determining the sender (machine or process) or the receiver
No way of knowing if there is an eavesdropper
how are IP addresses used in a network?
used to identify senders and receivers of messages
e.g. a request message arrives with a source IP address, a response messages is sent to this IP address
identifying the receiver from an ip address alone is not secure, cannot tell if there is a middle man etc.
what are the security weaknesses of IP addresses?
IP addresses can be spoofed
Cannot reliably determine who has sent the request
Cannot reliably determine who will receive the response
how does this IP address weakness affect the operating system?
If source IP addresses can not be trusted, difficult for operating system to
decide whether to grant a request
provide protection for a request or data when it cannot determine who will receive the response
why is cryptography needed?
since no network is trusted, cryptography is used to eliminate the need to trust the network for secure communication
what does cryptography enable?
a sender to encode its message so that only a computer with a certain key can decode the message
a recipient of a message to verify that the message was created by some computer possessing a certain key
what are the components of an encryption algorithm
5 components
what essential property must the encryption algorithm provide?
explanation -
only the computer holding the key [k] can decrypt the plaintext from the ciphertext
what is important to consider when creating keys?
must be infeasible to derive a key [k] from the ciphertext [c] as c is exposed
what are the 2 main types of encryption algorithm
symmetric
asymmetric
what is symmetric encryption?
the same key is used to encrypt and decrypt a message
how are keys handled in symmetric encryption?
the key [k] must be a shared secret - the key is kept between the 2 communicating entities only
key exchange can happen directly between 2 parties or via a trusted third party called a certificate authority
what are examples of symmetric encryption algorithms?
block ciphers
stream ciphers
what is a block cipher?
works to encrypt a block of bits at a time.
if the same key is used for encrypting an extended amount of data it becomes vulnerable to attack.
can become slow when the communication to encrypt is too long
what are examples of block ciphers?
DES - data-encryption standard cipher
Triple DES
AES - advances encryption standard cipher
what is DES?
used by NIST - national institute of standards and technology
takes a 64-bit value and a 56-bit key and performs transformations with substitution and permutation operations
what is Triple DES?
DES is insecure for applications so Triple DES created → DES algorithm repeated 3 times (2 encrypt, 1 decrypt) using 2 or 3 keys
what is AES?
also a block cipher adopted by NIST
more compact and efficient than DES
what is a stream cipher?
designed to encrypt a stream of bits rather than a block.
good for long communication lengths as block cipher would be too slow.
a key is an input into a pseudo-random bit generator to generate random bits used to form a keystream
what is a keystream?
infinite set of bits that encrypts a plaintext stream by XOR it with the plaintext
what is an example of a stream cipher?
RC4 - Rivest cipher 4
what is RC4?
invented by Ron Rivest 1987
considered insecure and has vulnerabilities
what is asymmetric encryption?
also called public key encryption
different keys are used for encryption and decryption
encryption key = public
decryption ket = private
how are keys handled in asymmetric encryption?
the person who receives the encrypted message will generate a pair of private-public keys
public key is available to everyone meaning anyone can encrypt messages
private key is available to the private key holder meaning only they can decrypt the messages
what is an example of an asymmetrical encryption algorithm?
RSA
what is RSA?
most widely used encryption algorithm based on the difficulty of the factorisation of the product of two large prime numbers
relatively slow algorithm and often used for exchanging encrypted shared keys for symmetric key cryptography
A user creates and publishes a public key based on two large prime numbers and an auxiliary value
Anyone (any sender) can use the public key to encrypt a message
The prime numbers must be kept secret – if the public key is large enough, only knowing the prime numbers enables decoding the message feasibly
how does asymmetric encryption compare to symmetric encryption?
Asymmetric is more computationally expensive to execute as it’s easier to encode and decode with symmetrical keys
when is asymmetric encryption best used?
Asymmetric is not good for general-purpose encryption of large amounts of data
Best used for encrypting small amounts of data, authentication, confidentiality, key distribution
![<p>explanation -</p><p>only the computer holding the key [k] can decrypt the plaintext from the ciphertext</p>](https://knowt-user-attachments.s3.amazonaws.com/0250a88204a445ab8d6d1e0c3503b89b.jpeg)
Note
Flashcard