Semester 6 - Secure Computing Midterm

The flashcards below were created by user djon on FreezingBlue Flashcards.

  1. 3 definitions of security
    • confidentiality
    • integrity
    • availability
  2. confientiality
    information about system or its users cannot be learned by an attacker
  3. Integrity
    • when you ask for data, you get the "right " data
    • system reaching states that would occur if there was no attacker
  4. Availability
    actions by an attacker do not prevent users from having access to use of the system
  5. security is about
    • honest user
    • dishonest attacker
    • how the attacks disrupts and learns info
  6. Network attacker
    intercepts and controls network communication
  7. Web hacker
    • Hacks websites
    • sets up malicious sites
    • no control of network
  8. OS Attacker
    controls malicious files and applications
  9. reliability
    the ability of a system to consistently perform its intended function on demand without failure
  10. Accountability
    is the property that ensures that the actions of an entity can be traced
  11. Non-repudiation
    • the ability to prove that an event has taken place
    • a system must be able to prove that certain messages were sent and recieved
  12. Autentication
    the process of determining whether someone or something is who or what it is declared to be
  13. privacy
    • informational self-determination
    • you get to control information about you
  14. PIPEDA
    • Personal Information Protection and Electronic Documents Act
    • Canada's private-sector privacy legislation
  15. Assets
    • things we want to protect
    • hardware
    • software
    • data
  16. Vulnerabilities
    • bugs
    • defects
    • weaknesses
  17. Threats
    a potential cause of an incident, that may result in harm of systems
  18. 2 types of threats
    • intentional - individual cracker
    • accidental - application bug
  19. 4 categories of threats
    • Interception
    • Interruption
    • Modification
    • Fabrication
  20. Technology weaknesses
    standards or lack of standards, application exploits
  21. configuration weaknesses
    • unsecured accounts
    • no anti-virus
  22. policy weaknesses
    • lack of a written security policy
    • software and hardware changes do not follow policy
  23. Human error
    • accident
    • ignorance
  24. Threat model
    • a view of the application and its environment through security glasses
    • "whom do we want to stop from doing what?"
  25. Exploit
    tool that an attacker uses vulnerability to cause damage to the target system.
  26. Risk
    where the threat and vulnerability overlap
  27. attack
    an action which exploits a vulnerability
  28. black hat, white hat, grey hat
    • black - bad intentions without invitation
    • white - good intentions with invitation
    • grey - good intention without invitation
  29. Control
    removing a vulnerability
  30. PDDDR
    • Prevent it
    • Deter it
    • Deflect it
    • Detect it
    • Recover from it
  31. DHTML
    • Dynamic HTML
    • DOM
    • Scripting
    • Presentation
    • Markup
  32. XSL
    • Extensible Stylesheet Language
    • styles XML
    • XSLT
    • XPath
    • XSL-FO
  33. %0A
  34. %20 or +
  35. GET Method
    • retrieves resources
    • can be used to send parameter in the URL query string
  36. POST Method
    • perform actions
    • parameters can be sent in the query string of the URL or message body
  37. HEAD Method
    • used to check whether a resource is present before making a GET request
    • shouldn't contain anything in the message body
  38. MIME
    • Multi-purpose Internet Mail Extension
    • a set of rules that allow multimedia documents to be exchanged among different computer systems.
Card Set
Semester 6 - Secure Computing Midterm
pre-midterm of secure computing
Show Answers