1 Overview of Security Flashcards
What is confidentiality
Information has not been disclosed to unauthorized people
What is integrity
Information has not been modified or altered without proper authorization
What is availability
Information is able to be stored, accessed, or protected at all times
What is the AAA of security
Authentication, Authorization, and Accounting
What is Authentication
When a person’s identity is established with proof and confirmed by a system
What is an example of something you know
A password or pin
What is an example of something you are
A fingerprint, retina scan, or voice
What is an example of something you have
when you get a one-time passcode from your phone
What is an example of something you do
Check in sheet
What is an example of somewhere you are
log in through a vpn
What is Authorization
Occurs when a user is given access to a certain piece of data or certain areas of a building
What is Accounting
Tracking of data, computer usage, and network resources. Non-repudiation occurs when you have proof that someone has taken an action
What are the different ways to mitigate threats
Physical Controls, Technical Controls, and Administrative Controls
What are some examples of Physical Controls
Alarm systems, locks, surveillance cameras, identification cards, and security guards
What are some examples of Technical Controls
Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication
What are some examples of Administrative Controls
Policies, procedures, security awareness training, contingency planning, and disaster recovery plans. User training is the most cost-effective security control to use
What are the seven sections of the killchain
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control (C2), and Actions on Objectives
What is Reconnaissance
The attacker determines what methods to use to complete the phases of the attack
What is Weaponization
The attacker couples payload code that will enable access with exploit code that will use a vulnerability to execute on the target system
What is Delivery
The attacker identifies a vector by which to transmit the weaponized code to the target environment
What is Exploitation
The weaponized code is executed on the target system by this mechanism
What is Installation
This mechanism enables the weaponized code to run a remote access tool and achieve persistence on the target system
What is Command & Control (C2)
The weaponized code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack
What are Actions on Objectives
The attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration) or achieve other goals and motives
What is the MITRE ATT&CK framework
lists and explains specific adversary tactics, techniques, and common knowledge or procedures
What is the Diamond Model of Intrusion Analysis
A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim
What are the different types of intelligence
Proprietary, Closed-source, and Open source
What is the difference between proprietary and closed source intelligence
Proprietary intelligence is provided as a commercial service offering, often requiring a subscription. While Closed Source intelligence is mainly derived from the provider’s own research and analysis and is anonymized.
What is threat hunting
a technique designed to detect presence of threat that have not been discovered by a normal security monitoring
True or False: Is Threat hunting less disruptive than pen testing
True
What are the steps to threat hunting
establishing a hypothesis, profiling threat actors and activities, use of tools
What are the benefits of threat hunting
improve detection capabilities, integrate intelligence, reduces attack surface, block attack vectors, and identify critical assets
