week 8-9

Question 1

threat model: malicious users

Answer 1

implies that message traffic is safe and there is no need to encrypt communications

Question 2

threat model: snooping attackers

Answer 2

implies that message traffic is visible, and encrypted wifi and network layers are needed

Question 3

threat model: co-located user

Answer 3

implies that local files and memory are accessible, and so nothing can be stored unencrypted; implies that server can be compromised

Question 4

assumptions in threat modeling

Answer 4

are potential holes the adversary can exploit; assuming one threat model over another leaves you susceptible to the other

Question 5

the best approach to building secure software is to

Answer 5

incorporate security-minded thinking into all phases of development; do not just add after functional requirements are met

Question 6

security requirements

Answer 6

security-related goals or policies + required mechanisms for enforcing them

Question 7

abuse cases

Answer 7

describe what a system should not do; a case in which a security breach occurs

Question 8

threat modeling

Answer 8

to make explicit the adversary’s assumed powers; build software assuming that someone can do x, then add something to keep them from doing it

Question 9

best practice for threat modeling

Answer 9

compare against similar systems, understand past attacks, challenge assumptions and prepare for someone to get past a defense

Question 10

flaws

Answer 10

problems in the design of a program; works as intended, but didn’t anticipate certain cases

Question 11

bugs

Answer 11

problems in implementation; design may be strong, but doesn’t work as intended

Question 12

50% of security problems are:

Answer 12

design flaws; didn’t anticipate certain cases

Question 13

prevention

Answer 13

aim to eliminate siftware defects entirely

Question 14

mitigation

Answer 14

aim to reduce the harm from exploitation of unknown defects; if an abuse case becomes real, reduces the harm able to be done

Question 15

detection & recovery

Answer 15

identify and understand an attack, undo damage

Question 16

default-deny policy

Answer 16

a program denies all access, and only allows that which has been explicitly permitted

Question 17

separation of responsibility

Answer 17

privilege is split up so no one person/program has total power; multi-factor authentication

Question 18

reference monitor

Answer 18

code that checks for permission to access a resource

Question 19

account for human factors

Answer 19

security measures must be easy to use and have instructions if not intuitive

Question 20

Kerkhoff’s principle

Answer 20

a cryptosystem should be secure, even if everything about the system but the key is public knowledge;

Question 21

threat model: malicious users

Answer 21

implies that message traffic is safe and there is no need to encrypt communications

Question 22

threat model: snooping attackers

Answer 22

implies that message traffic is visible, and encrypted wifi and network layers are needed

Question 23

threat model: co-located user

Answer 23

implies that local files and memory are accessible, and so nothing can be stored unencrypted; implies that server can be compromised

Question 24

assumptions in threat modeling

Answer 24

are potential holes the adversary can exploit; assuming one threat model over another leaves you susceptible to the other

Question 25

the best approach to building secure software is to

Answer 25

incorporate security-minded thinking into all phases of development; do not just add after functional requirements are met

Question 26

security requirements

Answer 26

security-related goals or policies + required mechanisms for enforcing them

Question 27

abuse cases

Answer 27

describe what a system should not do; a case in which a security breach occurs

Question 28

threat modeling

Answer 28

to make explicit the adversary's assumed powers; build software assuming that someone can do x, then add something to keep them from doing it

Question 29

best practice for threat modeling

Answer 29

compare against similar systems, understand past attacks, challenge assumptions and prepare for someone to get past a defense

Question 30

flaws

Answer 30

problems in the design of a program; works as intended, but didn't anticipate certain cases

Question 31

bugs

Answer 31

problems in implementation; design may be strong, but doesn't work as intended

Question 32

50% of security problems are:

Answer 32

design flaws; didn't anticipate certain cases

Question 33

prevention

Answer 33

aim to eliminate siftware defects entirely

Question 34

mitigation

Answer 34

aim to reduce the harm from exploitation of unknown defects; if an abuse case becomes real, reduces the harm able to be done

Question 35

detection & recovery

Answer 35

identify and understand an attack, undo damage

Question 36

default-deny policy

Answer 36

a program denies all access, and only allows that which has been explicitly permitted

Question 37

separation of responsibility

Answer 37

privilege is split up so no one person/program has total power; multi-factor authentication

Question 38

reference monitor

Answer 38

code that checks for permission to access a resource

Question 39

account for human factors

Answer 39

security measures must be easy to use and have instructions if not intuitive

Question 40

Kerkhoff's principle

Answer 40

a cryptosystem should be secure, even if everything about the system but the key is public knowledge;

Question 41

SSH forwarding

Answer 41

forwarding ports from the client machine to the server machine et vice; used to encrypt applications, bypass firewalls,

Question 42

phishing

Answer 42

a social engineering attack; luring users in to provide personal information by imitating another service they use/want

Question 43

spear phishing

Answer 43

tailored phishing; phishing attack on a particular person

Question 44

CSS

Answer 44

cascading style sheets

Question 45

cookies

Answer 45

a name/value pair sent by an HTTP response in a header; the browser stores this to retrieve information that was stored during the last session

Question 46

HTTP request / response

Answer 46

the browser sends requests and the server sends responses; these are stateless, with each request handled separately and without the server remembering / storing these interactions

Question 47

Cross-site scripting

Answer 47

attacks against a user by a rogue website using Javascript code

Question 48

cross-site request forgery

Answer 48

attacks against a user by a rogue website using Javascript code; the site embeds an HTML tag that makes requests the user usually would; ex, transferring funds

Question 49

protecting cookies

Answer 49

using appropriate HTTP response headers; encode data when in/output

Question 50

input sanitization

Answer 50

removes or encodes unsafe characters to prevent harmful input; prevents attacks via XXS Code / SQL injection