网络安全是保护计算机、服务器、移动设备、电子系统、网络和数据免受恶意攻击的做法。它也被称为信息技术安全或电子信息安全。该术语适用于从商业到移动计算的各种环境,并且可以分为几个常见的类别。
网络安全的五种类型是什么?
1. 关键基础设施网络安全
关键基础设施组织通常比其他组织更容易受到攻击,因为 SCADA(监督控制和数据采集)系统通常依赖于较旧的软件。
英国能源、交通、健康、水和数字基础设施部门的基本服务运营商以及数字服务提供商受NIS 条例(2018 年网络和信息系统条例)的约束。
2.网络安全
网络安全涉及解决影响您的操作系统和网络架构的漏洞,包括服务器和主机、防火墙和无线接入点以及网络协议。
3. 云安全
云安全涉及保护云中的数据、应用程序和基础设施。
4. IoT(物联网)安全
物联网安全涉及保护连接到物联网的智能设备和网络。物联网设备包括无需人工干预即可连接到互联网的设备,例如智能火警、灯光、恒温器和其他电器。
5. 应用安全
应用程序安全涉及解决因设计、编码和发布软件或网站的开发过程不安全而导致的漏洞。
网络安全的优势
当今的网络安全行业主要专注于保护设备和系统免受攻击者的侵害。虽然这些努力背后的位和字节可能难以可视化,但考虑效果要容易得多。如果没有网络安全专业人员孜孜不倦地工作,由于一直存在的拒绝服务攻击尝试,许多网站将几乎无法访问。
简而言之,网络安全至关重要,因为它有助于保护我们已经了解和享受的生活方式
Cyber Security FIT2093 代写案例
1. How many different password combinations are possible when a 5-digit password is created based
on numbers 0 to 9 and letters a to z (lower case alphabets only)?
a. 365
b. 536
c. 55
d. 3636
2. A _________ approach involves trying every possible key until an intelligible translation of the
ciphertext into plaintext is obtained.
a. brute-force
b. AES
c. block cipher
d. computational
3. An indirect leakage of information to an attacker by deduction from given information is
called ________.
a. masquerade
b. interception
c. repudiation
d. Inference
4. An attack that involve writing or modification is called ________.
a. passive
b. active
c. repudiation
d. disclosure
5. Ensuring that users have access rights that are sufficient for their needs but not more than
needed is an application of the principle of ________.
a. Least privilege
b. Input validation
c. Never trusting user input
d. Open design
6. An advantage of biometric authentication compared to passwords is ___________.
a. it avoids the need to memorise a secret
b. it has a lower false positive rate
c. it has a lower false rejection rate
d. none of the above
7. Which of the following is false about textbook RSA public key encryption?
a. Decrypting with a private key will undo encryption with the public key
b. Encrypting with a public key will undo decryption with the private key
c. Encrypting with a public key will undo encryption with the private key
d. Encryption with the private key will undo encryption with the private key
8. An advantage of encrypt-then-MAC compared to encryption only could be _______.
a. that encrypt-then-MAC should be faster than encryption only
b. none because encrypt should be enough to protect both confidentiality and integrity
c. that encrypt-then-MAC guarantees both integrity and confidentiality
d. that encrypt-then-MAC is slower to compute than encryption only
9. For long messages, CBC-MAC (CMAC) produces authentication tags that are much shorter than the length of ciphertexts produced by CBC mode of operation for encryption because ___________.
a. CMAC only outputs the last block in the cipher block chain
b. CMAC outputs all the blocks in the cipher block chain
c. CMAC outputs the first block in the cipher block chain
d. CMAC outputs the first 10 blocks in the cipher block chain
10. In the TLS protocol, the perfect forward secrecy property ensures that if an attacker steals a web server’s long term private key in time T, then ______.
a. the attacker cannot decrypt all ciphertexts sent to the server at past times T’ prior to T (even
if the attacker eavesdropped and recorded those ciphertexts)
b. the attacker cannot decrypt all ciphertexts sent to the server at future times T’ subsequent to T
c. the attacker cannot decrypt any ciphertexts at any time
d. None of the above
11. In the TLS protocol, the purpose of the handshake sub-protocol is to
a. Establish a shared symmetric key
b. Establish a shared public key
c. Perform symmetric key encryption
d. None of the above’
12. Malicious javascript downloaded to a client’s browser from an attacker’s website is usually
prevented from accessing any client’s browser page not on the attacker’s domain because
of _____.
a. the browser’s Same Origin Policy
b. the attacker’s good intentions
c. the TLS session encryption
d. None of the above
13. In a reflected XSS attack, the attacker manages to inject malicious javascript into the client’s session with a vulnerable server because _____.
a. the server fails to filter out from its response javascript sent in browser’s request
b. the server fails to use encryption in its TLS session with the browser
c. the server has an SQL injection vulnerability
d. the server fails use a random salt in its password authentication
14. Which of the following is false?
Potential security risks for cloud-hosted databases _________.
a. include exposure of database contents in case of cloud server exposure
b. could be reduced by client-side encryption of the database prior to uploading to the cloud server
c. include unauthorised database access by a rogue cloud server provider employee
d. can be eliminated by using a TLS encrypted session to upload the database to the server
15. An important security property of blockchain systems is that ______.
a. it is infeasible for a dishonest insider to delete past data stored in blockchain
b. it is infeasible for a dishonest insider to insert new data into the blockchain
c. it is infeasible for dishonest insider to read past data stored in blockchain
d. none of the above
