Upload
raven-dejesus
View
14
Download
1
Embed Size (px)
DESCRIPTION
- PowerPoint PPT Presentation
Citation preview
1
QQ security Answer
1 Security = protecting which 3 system properties?
2 What is the principle of least authority about?
3 What is access control?
4 Give examples of trust problems in a decentralized system like Ebay
5 Can a system can be 100% secure?
6 What is a rainbow table?
7 Give 2 of the most commonly-used passwords
8 Salt or pepper with your MD5? Why?
9 What is social engineering?
2
QQ security Answer
1 Security = protecting which 3 system properties?
CIA: Confidentiality (only authorized parties can access), Integrity (manipulate information only in authorized ways), Availability (can access information)
2 What is the principle of least authority about?
Only give a component as much privilege, access, rights, etc. as it needs to function, not more.
3 What is access control? Granting a user/component access to a resource
4 Give examples of trust problems in a decentralized system like Ebay
Impersonation, fraudulent actions, collusion, misrepresentation, …
5 Can a system can be 100% secure? No
6 What is a rainbow table? A dictionary mapping encrypted to cleartext
7 Give 2 of the most commonly-used passwords
password, 123456, qwerty, iloveyou, admin, …
8 Salt or pepper with your MD5? Why?
MD5(password) vulnerable to dictionary attack. MD5(password+salt) is more secure.
9 What is social engineering? Manipulate people to obtain information. Con-artists are social engineers.