Computer Security - Michael's Notes

# Computer Security ## Types of Attacks | Type | Description | | ---------------- | ----------- | | Flooding Attacks | | | Intrusion | | ## The Security of Software ## Practice Quiz Notes - Network-based intrusion detection makes use of signature detection and anomaly detection. - A good technique for choosing a password is to use the first letter of each word of a phrase - An auditing function monitors and keeps a record of user accesses to system resources. - At the basic machine level, all of the data manipulated by machine instructions executed by the computer processor are stored in either the processor’s registers or in memory. - Software security is closely related to software quality and reliability. - Many computer security vulnerabilities result from poor programming practices. - The default set of rights should always follow the rule of least privilege or read-only access. - Security flaws occur as a consequence of insufficient checking and validation of data and error codes in programs. - Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion - Flooding attacks take a variety of forms based on which network protocol is being used to implement the attack. - Defensive programming is sometimes referred to as secure programming - RFC 4949 defines user authentication as “the process of verifying an identity claimed by or for a system entity”. - Issued as RFC 2104, HMAC has been chosen as the mandatory-to-implement MAC for IP security. - HMAC can be proved secure provided that the embedded hash function has some reasonable cryptographic strengths. - The privilege management component deals with the management and control of the ways entitites are granted access to resources - A denial-of-service attack is an attempt to compromise availability by hindering or blocking completely the provision of some service. - The one-way hash function is important not only in message authentication but also in digital signatures. - A(n) {poison packet} triggers a bug in the system’s network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded. - The buffer overflow type of attack has been known since it was first widely used by the {Morris Internet} Worm in 1988.