lec1

Cards (62)

  • Threat
    An object, person, or other entity that represents a constant danger to an asset
  • Threat Categories
    • Acts of human error or failure
    • Compromises to intellectual property
    • Deliberate acts of espionage or trespass
    • Deliberate acts of information extortion
    • Deliberate acts of sabotage or vandalism
    • Deliberate acts of theft
    • Deliberate software attack
    • Forces of nature
    • Technical hardware failures or errors
    • Technical software failures or errors
    • Technological obsolesce
  • Computer Security
    The generic name for the collection of tools designed to protect data and to thwart hackers
  • Network Security
    Measures to protect data during their transmission
  • Internet Security
    Measures to protect data during their transmission over a collection of interconnected networks
  • Aspects of Security
    • Security Attack
    • Security Mechanism
    • Security Service
  • Security Attack
    Any action that compromises the security of information owned by an organization
  • Types of Security Attacks
    • Passive
    • Active
  • Interruption
    An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on availability.
  • Interruption
    • Destruction of some hardware
    • Jamming wireless signals
    • Disabling file management systems
  • Interception
    An unauthorized party gains access to an asset. Attack on confidentiality.
  • Interception
    • Wire tapping to capture data in a network
    • Illicitly copying data or programs
    • Eavesdropping
  • Modification
    When an unauthorized party gains access and tampers an asset. Attack is on Integrity.
  • Modification
    • Changing data file
    • Altering a program and the contents of a message
  • Fabrication
    An unauthorized party inserts a counterfeit object into the system. Attack on Authenticity. Also called impersonation.
  • Fabrication
    • Hackers gaining access to a personal email and sending message
    • Insertion of records in data files
    • Insertion of fake/false messages in a network
  • Security Service
    A processing or communication service that is provided by a system to give a specific kind of production to system resources.
  • Confidentiality
    The protection of transmitted data from passive attacks.
  • Authentication
    This service assures that a communication is authentic.
  • Types of Authentication
    • Peer entity authentication
    • Data origin authentication
  • Integrity
    Data cannot be modified without authorization. Protecting data from being modified or corrupted by unauthorized users or malicious software.
  • Types of Integrity Services
    • Connection-Oriented Integrity Service
    • Connectionless-Oriented Integrity Service
  • Non-repudiation
    Prevents either sender or receiver from denying a transmitted message.
  • Access Control
    The ability to control the level of access that individuals or entities have to a network or system and how much information they can receive.
  • Availability
    The property of a system or a system resource being accessible and usable upon demand by an authorized system entity.
  • Security Mechanism

    Tools, protocols, or procedures designed to protect information, systems, and networks from unauthorized access, misuse, or damage.
  • Specific Security Mechanisms
    • Encipherment
    • Digital Signature
    • Access Control
    • Authentication Exchange
    • Anti virus software
    • Firewall
    • Multi-factor Authentication (MFA)
  • Data is transmitted over network between two communicating parties, who must cooperate for the exchange to take place.
  • Whenever an opponent presents a threat to confidentiality, authenticity of information, security aspects come into play.
  • Information access threats intercept or modify data on behalf of users who should not have access to that data.
  • Service threats exploit service flaws in computers to inhibit use by legitimate users. Viruses and worms are two examples of software attacks inserted into the system by means of a disk or also across the network.
  • Basic Terminologies
    • Cipher text
    • Cipher
    • Key
    • Encipher (Encrypt)
    • Decipher (Decrypt)
    • Cryptography
    • Cryptanalysis (Codebreaking)
    • Cryptology
  • Cryptanalysis
    The art and science of analyzing and breaking codes or ciphers used to secure information.
  • Types of Cryptanalytic Attacks
    • Cipher text only
    • Known plaintext
    • Chosen plaintext
    • Chosen cipher text
  • Substitution Techniques
    Replacing plaintext bit patterns with cipher text bit patterns.
  • Caesar Cipher
    Replacing each letter of the alphabet with the letter standing 3 places further down the alphabet.
  • Playfair Ciphers
    Treats diagrams in the plaintext as single units and translates these units into cipher text diagrams.
  • Hill Cipher
    Involves substitution of 'm' ciphertext letters for 'm' successive plaintext letters.
  • Polyalphabetic Ciphers
    The same letter of a message can be represented by different letters when encoded.
  • Vigenere Cipher
    A polyalphabetic cipher based on using successively shifted alphabets, a different shifted alphabet for each of the 26 English letters.