Created by Juliette Curran
over 7 years ago
|
||
Question | Answer |
SPOOFING violation of authentication | when an attacker gains access to a system/service using a false identity whether by using stolen credentials and using another IP Address Example: Stealing password by posing as Paypal in an email/access using credentials on the Dark Web Countermeasures: - Protect authentication cookies with Secure Sockets Layer (SSL) |
TAMPERING violation of integrity | is the malicious, unauthorised modification of data Example: modifying a packet as it traverses the network or tampering with persistent data in a database Countermeasures: - Use data hashing and signing and tamper-resistant protocols |
REPUDIATION violation of non-repudiation | is the ability of users (legitimate or otherwise) to deny they performed specific actions or transactions. Without proper auditing, repudiation attacks are hard to prove. Example: Attacker refusing to acknowledge they modified a file. Countermeasures: - Create secure audit trails |
INFORMATION DISCLOSURE violation of confidentiality | is the unwanted exposure of private data to individuals who are not supposed to have access to it. Example: In an IF data breach, users may gain access to sensitive data if stored in Plain Text. Countermeasures: - Secure communication links with protocols that provide message confidentiality. |
DENIAL OF SERVICE violation of availability | occur when an attacker can degrade or deny service to valid users Example: an attacker may bombard a server with requests which consumes all available system resources e.g 4chan Countermeasures: - Use resource and bandwith throttling techniques and validate and filter input |
ELEVATION OF PRIVILEGE violation of authorisation | occurs when a user with limited privileges assumes the identity of a privileged user to gain privileged access to a system Example: A remote user may be able to run commands or elevate their privilege in order to take control of a trust account or system Countermeasures: - Follow the principle of least privilege and use least privileged service accounts to process and access resources |
Want to create your own Flashcards for free with GoConqr? Learn more.