8893606
Description
Flashcards by Juliette Curran, updated more than 1 year ago
|
Created by Juliette Curran
almost 7 years ago
|
|
| Question | Answer |
| SPOOFING violation of authentication | when an attacker gains access to a system/service using a false identity whether by using stolen credentials and using another IP Address Example: Stealing password by posing as Paypal in an email/access using credentials on the Dark Web Countermeasures: - Protect authentication cookies with Secure Sockets Layer (SSL) |
| TAMPERING violation of integrity | is the malicious, unauthorised modification of data Example: modifying a packet as it traverses the network or tampering with persistent data in a database Countermeasures: - Use data hashing and signing and tamper-resistant protocols |
| REPUDIATION violation of non-repudiation | is the ability of users (legitimate or otherwise) to deny they performed specific actions or transactions. Without proper auditing, repudiation attacks are hard to prove. Example: Attacker refusing to acknowledge they modified a file. Countermeasures: - Create secure audit trails |
| INFORMATION DISCLOSURE violation of confidentiality | is the unwanted exposure of private data to individuals who are not supposed to have access to it. Example: In an IF data breach, users may gain access to sensitive data if stored in Plain Text. Countermeasures: - Secure communication links with protocols that provide message confidentiality. |
| DENIAL OF SERVICE violation of availability | occur when an attacker can degrade or deny service to valid users Example: an attacker may bombard a server with requests which consumes all available system resources e.g 4chan Countermeasures: - Use resource and bandwith throttling techniques and validate and filter input |
| ELEVATION OF PRIVILEGE violation of authorisation | occurs when a user with limited privileges assumes the identity of a privileged user to gain privileged access to a system Example: A remote user may be able to run commands or elevate their privilege in order to take control of a trust account or system Countermeasures: - Follow the principle of least privilege and use least privileged service accounts to process and access resources |
Want to create your own Flashcards for free with GoConqr? Learn more.