Upgrade to remove ads Show Only SGD 41.99/year
Terms in this set (96)What is the difference between a 'threat' and an 'attack'? Threat: Circumstance or event that can result in an attack Explain the terms 'security policy' and 'assurance' and how they relate to each other? Security policy: Identify and define various roles of users or processes Why is it particularly difficult to defend against an 'insider attack'? Insiders already have authorized access to internal systems
In practice, what is a major disadvantage of the 'access control matrix' (ACM)? How does the 'access control list' (ACL) model address that issue? What is a disadvantage of the ACL? ACM: Can be sparse/waste of space. Can become difficult to manage with a large number of users/groups. ACL: Defines all users who have access to a specific file, directory, system, etc. Managing large groups of files may also become challenging. In UNIX, what does the 'w' (write) permission mean for directories? Create, rename, delete files in directory In the Lampson, Graham, Denning access control model, what are the two operations performed on the access control matrix A when subject S0 creates an object X. Subject issues a request for X $ getfacl schedules.txt # file: schedules.txt Can the user 'alice' who does not belong to any of the groups named in the EACL write to the file 'schedule.txt'? Why or why not? No, the mask overrides Alice's permissions resulting in read-only access $ getfacl schedules.txt # file: schedules.txt If a user 'bob' who is in group 'kapadia' tries to read the file 'schedules.txt', will the read succeed? Why or why not? Yes, effective read will permit this group to read the file Give one useful reason for having a permissions 'mask'. It can be set temporarily when the file owner wants to restrict access Explain the difference between a 'primary key' and a 'foreign key' in a relational database. All attributes relate back to the primary key in a relational database. A foreign key can help draw connections to other items in the database. When a user enters the following 'city name' in a webpage, he/she can possibly perform an 'SQL Injection' attack: The SQL query will read the '; after Boston as the end of the query and will then run the command to drop the table. Proper sanitization of database inputs should prevent this from happening. Discuss two important properties of databases that make them a better choice for storing employee records as compared to a 'flat file' using a format customized by the programmer A database is scalable and incorporates powerful functions to create an manipulate data. A query language can be used to process or analyze data for insight. 'Inferential attacks' do not involve any transfers or modifications of data from/within the database. Explain this type of an attack with 1-2 examples of what kind of information can still be gained from such an attack An inferential attack on a database may reveal the structure of the data based on what is returned. Data structures can prove to be important when curating an attack on a specific system. What is the GRANT command in SQL useful for? GRANT is useful for giving permissions to certain users of the database to perform certain types of queries or manipulate data. Consider a 'Forgot password' web application that accepts a user's entered email address to make the following remote database query (where $INPUT is
replaced by what the user entered), and emails the user's password based on the results: The attacker will learn about the data structure (column name) of the database. The attacker will know when to stop the exploitation when they guess the correct variable name for the column (the web application will no longer return an error). Why do these examples of SQL injection use a -- at the end of the input? The "--" is an indicator in SQL that the query should end there and ignore anything after that. Explain the concept of 'input validation' as a defense against SQL injection attacks, and give an example of what checks are made in addition to simpler 'input sanitization'. Input validation assures that a user's input will be interpreted correctly. Type checking can be used in addition to "input sanitization" to ensure the right type of data is being entered. Explain how you would use Database roles when creating two web apps that access a remote database: one for updating a user's birthdate and another for displaying the user's profile photo. What common security principle are you following when creating these roles? I would create a role that just has write access to birthdays for the first web app and then a role with only read access for the profile picture. We are following the security principle of least privilege as we are giving the least amount of privilege and access needed to complete the task at hand. What is the 'stack' used for by a process within its allocated address space? The stack is used to store the variables and/or other information needed by the process. Briefly explain a 'buffer overflow' in the context of a C function that declares two string buffers str1and str2and uses gets(str2)to obtain input from the user and store it into str2. A buffer overflow attack is one where the attack takes advantage of the lack of checking sizes of inputs to overwrite data. The method gets() does not validate input size, allowing for the user to input whatever they really want. Str2 ends up being too large to fit the allocated memory and starts to overwrite data in other memory. With the aid of a diagram, explain what modifications are made to the stack when a function g() is called by function f(). Assume that g() is called with parameter 1 (i.e., g(1) is called), and that g() has the following local variables: integer x, and char/string buf[8]. needs answer What is the purpose of the stack frame pointer and how does it get pushed onto the stack? The stack frame pointer shows where the specific function's stack is. It gets pushed onto the stack once a new instance of the function is called. What is the purpose of RET and how does it get pushed onto the stack? The RET is the return address of the function that has been called so the pointer knows where to return once the function is completed. It gets pushed onto the stack after the function has been called. With the aid of a diagram, explain how a vulnerable C program (that uses a gets() function call to get input from the user) can be exploited to perform a denial of service attack. A program that uses gets can perform as DOS attack as gets() doesn't check for memory bounds. The input received by the gets function allows for the user to overwrite data in the buffer, effectively creating a DOS attack as important functions can be overwritten. What is the purpose of a 'NOP sled' within shellcode? The NOP sled is a sequence of no operation instructions meant to "slide" the CPU's instruction execution flow to its final, desired destination whenever the program branches to a memory address anywhere on the slide. Why can't shellcode have any 'null' characters anywhere except for at the end? Any null characters are considered to be the end of the string. Why does the input "password1 password" result in the output "Passwords match!"? Since gets() does not check for allocated memory, the input successfully overwrites the stored password. As the strncmp function is only comparing the first 9 characters, the passwords are both "password". Why does the input "password1 password1" result in the output "Passwords match!" but also result in the program crashing? The program overwrites the next part of the buffer with the null that is after "password1", effectively crashing the program as nulls are considered to be the end of a string. How does 'address space randomization' reduce the chance of executing shellcode in a buffer overflow attack? Since it is randomized at runtime, an attacker would not be able to target it because they won't know where it is running. Making the stack non-executable can easily prevent buffer overflow attacks. But why can the stack not be made non-executable in some cases? Some programs require the stack to be executable. This may be especially true for legacy code that cannot be easily updated. Explain the design principles of 'separation of privilege' and 'fail safe defaults' in your own words. Separation of privilege divides a specific program into parts which are limited to the specific privileges needed, which effectively limits the chance of attack as multiple parts are needed. Fail safe defaults denies a user access unless they are a member of the access control list. What is the difference between the concepts of 'fail-open' and 'fail-closed' in the context of designing 'fail-safe' secure systems? Provide an example for each type. Fail-open is where the default action is to allow access while fail-closed is to deny access. An example for fail-open is if a user is not apart of the restricted user list, allow them access. A fail-closed would deny users access if they are not apart of the ACL. Given an example of a) 'Sensitive PII', and explain why it is classified as 'sensitive', and b) PII that is not sensitive PII, and explain why this is PII but not sensitive. An example of sensitive PII is a social security number as it uniquely identifies someone. PII that is not sensitive is age as that does not uniquely identify someone. Microsoft uses a threat taxonomy called 'STRIDE' (as opposed to 'CIA') to identify various threat types. Name and briefly describe any two of these 'STRIDE' thread types. S: Spoofing What are two disadvantages of quantifying risk with the formula: Two disadvantages are not being able to accurately find the probability of the risk and miscalculating the damage potential as attacks are not always widely known. Briefly explain Microsoft's approach to assigning 'risk' for different types of threats. Microsoft uses the STRIDE system for assistance in evaluating a number of different components. They then assign levels to assess degrees of risk. -rw-r--r-- 1 alice alice 29 2010-01-17 18:49 aliceDetails.txt Alice opened up aliceDetails.txt and made a few changes. Will she be allowed to save those changes? Explain. Alice will be able to save the changes she made to aliceDetails.txt as she has both read and write access and owns the files. ---------- 1 bob bob 25 2010-01-17 18:49 bobDetails.txt Bob is trying to access his own file bobDetails.txt but discovers that he cannot read it. Why? How would Bob be able to gain access to this file? Bob doesn't have read permissions to see bobDetails.txt. He will have to have an administrator give him read permissions using the chmod command. drwxr-xr-- 2 alice alice 4096 2010-01-17 18:46 aliceFolder When Trudy tries to display the contents of "aliceFolder" under ALICE's home directory, using the command "ls -l" she is able to view the files and directories. Will she be able to 'cd' into the directory? Why or why not? Trudy will not be able to cd into the directory as she does not have execute permissions. Explain whether the UNIX permission structure is a column approach or a row approach? The UNIX permission structure would be considered a column approach. Permissions are granted and seen by each file or directory instead of seeing to what files a particular user has access. The following example shows the permission of a file that is used to change passwords on the system: Notice an "s" in the permissions. Explain what the "s" means and its significance. Why is it needed to change passwords? The s is the setuid flag. It allows all users to be able to execute with the same permissions as the owner of the file. It's needed to change passwords to allow individual users to change their own passwords without giving it to the administrator. Under public_html (under ALICE) there is a file called index.html with the following permissions: -rw-r--r-- 2 alice alice 4096 2010-01-17 18:46 index.html Trudy hosts a web server that is requested to display the contents of the index.html file. Will the contents be displayed? Explain why? The contents of index.html will be able to be displayed as the other bit has read permissions. drwxr-x--- 2 alice frnds 4096 2010-01-17 18:44 Documents List the privileges of each user (ALICE, BOB, and TRUDY) with respect to the folder Documents. Alice has read, write execute permissions as she is the owner of the directory. Bob has read and execute permissions as he is the member of frnds. Trudy has no permissions to the directory as she is a member of other, which has no permissions. If you log in with your regular user and run "sudo whoami", what will be the output from the command? Root If you log in with your regular user and run "sudo su mallory", what password will you be prompted for? No password asked If you log in with your regular user and run "su bob", what password will you be prompted for? Bob's password If you log in with your regular user and run "sudo sudo -u bob whoami", what password will you be prompted for and what will be the output of the command. Explain your answer. no password asked, bob. As sudo -u bob is given before whoami, asking the whoami to be applied to the user bob What's the difference between the umask environmental variable and the mask defined in the extended access-control list? the umask is the default permissions given for any new file while the mask in the extended ACL is for specific users The user bob has a umask set to 007 and is not a member of the group writers. Bob tries to execute a file with permissions 777 owned by alice and associated with the group writers. Will access be allowed? Yes The user bob has a umask set to 007 and is not a member of the group writers. Bob tries to execute a file with permissions 666 owned by alice and associated with the group writers. Will access be allowed? No #file: secretsoftheuniverse Will Mallory be able to read the secretsoftheuniverse file while being a member of the group dispatchers? No as Mallory is listed as having execute permissions before having read permissions as a member of the group dispatchers. #file: secretsoftheuniverse Will Mallory be able to write the secretsoftheuniverse file while being a member of the group dispatchers? No as Mallory is listed as having execute permissions before having write permissions as a member of the group dispatchers #file: secretsoftheuniverse Will Chuck be able to execute the secretsoftheuniverse file while being a member of the group dispatchers? Chuck is not able to execute the file as he is listed as having read permissions before having execute permissions as a member of other. How many primary keys and how many foreign keys can a table have? 1 primary and as many foreign keys What are the downsides to preventing SQL injection attacks by using functions like addslashes() and mysql_real_escape_string()? addslashes() and mysql_real_escape_string() don't always catch all of the characters that they need to catch, allowing for some to slip through sanitation and affect the data. Depending on the data as well, these could remove characters that are essentially important to the fields (like apostrophes in names, etc.). Would removing the SQL comment string (--) from user input prevent all SQL injection attacks (explain your answer)? Removing the SQL comment string from user input would not prevent all SQL injection attacks as there are some SQL injection attacks that don't use the comments to attack. Would removing all escape characters (\) and quotations (' and ") from user input prevent all SQL injection attacks (explain your answer)? Removing all escape characters from user input would not prevent all SQL injection attacks as there are attacks that do not use quotes. These attacks usually involve integers that don't necessarily need quotes around them to work. What is the main disadvantage of using input validation to prevent SQL injection attacks? The main disadvantage of using input validation to prevent SQL injection attacks is the fact that there may always be some form of input that passes through the validation that should not. Why is it not sufficient to use UNIX's access control mechanisms to secure access to a database? UNIX access control only gives read, write, and execute permissions to users. With databases, there are different options to be able to read and write to the database, as well as there can multiple tables within the databases. UNIX access control may give users permissions to tables within a database they should not have. What's the difference between addslashes() and htmlentities()? addslashes() escapes quotes, double quotes, backslashes, and NULL characters to allow the character to be input but not be able to be used for malicious intents while htmlentities() encodes the various characters to the HTML entities, allowing for the character to be shown as normal without being escaped. Data confidentiality Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Data integrity Assures that information and programs are changed only in a specified and authorized manner. System integrity Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Availability Assures that systems work promptly and service is not denied to authorized users. Authenticity The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. Accountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes. Assets data contained in an information system; or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment; or a facility that houses system operations and equipment Adversary an entity that attacks, or is a threat to, a system Threats a potential for violation of security, which exists when there is a circumstance, capability, action, or event, that could breach security and cause harm Vulnerability a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy Risk an expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result security architecture a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment access control list contains all of the users that have permissions to a particular file -- has to go through each file to determine if a user has permissions or not capability list shows all of the files a specific user has permissions -- has to go through each user to determine if a user has permissions or not role based access control gives rights based on what group a user is apart of What are some buffer overflow defenses? Choice of programming language, safe coding techniques, language extensions and use of safe libraries, stack protection mechanisms, executable address space protection, address space randomization, guard pages What are the Saltzer and Schroeder design principles? (8 total) economy of mechanism, fail-safe defaults, complete mediation, open design, separation of privilege, least privilege, least common mechanism, psychological acceptability Economy of mechanism Keep the code and design simple and small Fail-safe defaults The default action for any request should be to deny the action Complete mediation Every access to every protected object should be validated. Open design Suggests that designs should not be secret Separation of privilege Do not permit an operation based on one condition. Examples include two factor authentication, and, at a higher level, separation of duties. Least privilege Operate with the lowest level of privilege necessary to perform the required tasks.
Least common mechanism Minimize shared resources such as files and variables. Psychological acceptability "Can I implement this system in a way that makes the product easier to use?" Attack surface the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment PII Any user data that uniquely identifies a user such as contact information (name, address, phone number, e-mail address, and so on) -OR- data that is commingled or correlated with the user's PII -OR- data that is sensitive PII Sensitive PII Any user data that identifies an individual and could facilitate identity theft or fraud -OR- data that is commingled or correlated with PII and used as an authorization key -OR- data that is commingled or correlated with PII and could be used to discriminate -OR- data that is commingled or correlated with PII and contains medical history or health records or financial information -OR- data that has breadth and contents that are unknown at the time of collection and could hold sensitive PII
What are the corresponding mitigations for STRIDE? authentication, integrity, non-repudiation services, confidentiality, availability, authorization In a threat modeling DFD diagram, what are the double circles? Complex process(multi-process) In a threat modeling DFD diagram, what are the circles? Process In a threat modeling DFD diagram, what are the rectangles? External entity In a threat modeling DFD diagram, what are the parallel lines? data store In a threat modeling DFD diagram, what are the arrowed lines? data flow In a threat modeling DFD diagram, what are the dotted lines? privilege
boundary Sets with similar termsUnit 6 - Access Control43 terms mrxlowper Security Concepts44 terms groupholdings CS356 exam 194 terms rskinner956 Information Security General Concepts90 terms dameon_launert Other sets by this creatorINFO-I 430 Final66 terms carbooe I494 Midterm39 terms carbooe INFO-I 407 Midterm88 terms carbooe INFO-I 300 Final Exam48 terms carbooe Verified questions
COMPUTER SCIENCE A(n) ______________ method gets the value of a data attribute but does not change it. a. retriever b. constructor c. mutator d. accessor Verified answer
COMPUTER SCIENCE When a function is executing, what happens when the end of the function block is reached? Verified answer
COMPUTER SCIENCE Complete the blanks in the following Python code so that it prints "Gates open at 12 noon." ```python def doable(afford, busy, age): return Term 1 and not Term 2 and age Term 3 def big_question(cash): cashed_up = cash > 100 studying = False age = 20 if doable(cashed_up, studying, age): print("Gates open at 12 noon.") else: print("Another time maybe.") big_question(200) ``` Verified answer
COMPUTER SCIENCE In a program you need to store the identification numbers of 10 employees (as int s) and their weekly gross pay (as double s). A) Define two arrays that may be used in parallel to store the 10 employee identification numbers and gross pay amounts. B) Write a loop that uses these arrays to print each employee’s identification number and weekly gross pay. Verified answer Recommended textbook solutions
Information Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions
Starting Out with C++ from Control Structures to Objects8th EditionGodfrey Muganda, Judy Walters, Tony Gaddis 1,294 solutions
Information Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions
C Programming: From Problem Analysis to Program Design8th EditionD. S. Malik 1,886 solutions Other Quizlet setsMSL 3 Midterm Fall 201537 terms cmumford_26 imperialism test34 terms abbyandrachel lecture items exam 250 terms autumn_gallegos World Geography Ch2 Test119 terms Ainsley_Smith Related questionsQUESTION The AND operator displays a record if some of the conditions are true: 2 answers QUESTION
Organization-wide defaults set the default level of access users have to records they do not own. (True or False) 4 answers QUESTION What effect has cloud computing had on SMB (small business owners)? 4 answers QUESTION What techniques would you use to exclude rows with fewer than 10 visits from a report table? 4 answers |