Chapter 1 Flashcards Preview

CSE 565: Cryptography And Network Security > Chapter 1 > Flashcards

Flashcards in Chapter 1 Deck (42)
Loading flashcards...
1
Q

What is Cryptography?

A

To encode a message

2
Q

What four main areas can Cryptographic algorithms and protocols be classified?

A

Symmetric encryption, asymetric encryption, data integrity algorithms, and authentication protcols

3
Q

What is symmetric encryption

A

used to conceal the contents of blocks or streams of data of any size

4
Q

What is asymmetric encryption

A

used to conceal small blocks of data

5
Q

What is the data integrity algorithm

A

Used to protect blocks of data

6
Q

What is a authentication protocol

A

designed to authenticate the identity of entities

7
Q

What is computer Security?

A

protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources

8
Q

What are the two concepts related to confidentiality?

A

Data confidentiality and privacy

9
Q

What are the two concepts related to integrity?

A

Data and system integrity

10
Q

What is a CIA triad?

A

Integrity, Availability, Confidentiality, Authenticity, and Accountability

11
Q

What are the challenges of computer security?

A

1) requirements 2) security mechanism or algorithm 3) procedures 4) where to use security mechanism 5) security mechanisms involve more than a particular algorithm or protocol 6) Computer and network security 7) users and system managers perceive security as negative 8) Requires regular or constant monitoring 9) Security is implemented after the design of the system is completed 10) Security admins/users view strong security as a impediment

12
Q

OSI security architecture is what?

A

Focuses on security attacks, mechanisms, and services Is a recommendation by the X.800

13
Q

What is the difference between a passive and active attack?

A

Passive-eavesdropping on, or monitoring of transmissions Active-Some modification of the data stream or the creation of a false stream

14
Q

What are the four active attack categories?

A

masquerade, replay, modification of messages, and denial of service

15
Q

What is a masquerade?

A

pretending to be a different entity

16
Q

What does replay means in relation to the active attack category?

A

passive capture of data unit retransmission to produce an unauthorized effect

17
Q

What are two specific authentication services?

A

peer entity authentication- provides for the corroboration of the identity of a peer entity in an association Data origin authentication-provides for the corroboration of the source of a data unit

18
Q

What is access control?

A

the ability to limit and control the access to host systems and applications via communications links

19
Q

What is data confidentiality?

A

protection of transmitted data from passive attacks

20
Q

What is a connection-oriented integrity service?

A

assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays

21
Q

What is nonrepudiation?

A

prevents either sender or receiver from denying a transmitted message

22
Q

What are the fundamental security design principles?

A

Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychological acceptability Isolation Encapsulation Modularity Layering Least astonishment

23
Q

What is economy of mechanism?

A

design of security measures embodied in both hardware and software should be as simple and small as possible

24
Q

What is fail-safe default?

A

access decisions should be based on permission

25
Q

What is complete mediation?

A

every access must be checked against access control mechanism

26
Q

What is open design

A

design of security mechanism should be open rather than secret

27
Q

What is separation of privilege

A

practice in which multiple privilege attributes are required to achieve access to a restricted resource

28
Q

What is least privilege

A

every process and every user of the system should operate using the least set of privileges necessary to perform the task

29
Q

What is least common mechanism

A

design should minimize the functions shared by different users

30
Q

What is Psychological acceptability

A

security mechanisms should not interfere unduly with the work of users, while at the same time meeting the needs of those who authorize access

31
Q

What is isolation?

A

isolation of public access, processes and files, and security mechanisms

32
Q

What is encapsulation

A

a specific form of isolation based on object oriented functionality

33
Q

What is modularity?

A

refers to both the development of security functions as separate, protected modules and to the use of a modular architecture for mechanism design and implementation

34
Q

What is layering?

A

use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems

35
Q

What is least astonishment?

A

program or user interface should always respond in the way that is least likely to astonish the user

36
Q

What is a attack surface?

A

consists of the reachable and exploitable vulnerabilities in a system ex) open ports, services, code, interfaces, and employees

37
Q

What is a network attack surface?

A

vulnerabilities over an enterprise network, WAN, or the internet

38
Q

What is a software attack surface?

A

vulnerabilities in application, utility, or operating system code

39
Q

What is a human attack surface?

A

vulnerabilities created by personnel or outsiders

40
Q

What categories of attack services are there?

A

Network, software, and human attack surface

41
Q

What is a attack tree?

A

a branching, hierarchical data structure that represents a set of potential techniques of exploiting security vulnerabilities

42
Q

What two kinds of threats can a program present?

A

Information access and service threat