1.6 Cyber Security Flashcards
What is the aim of an information security system?
Confidentiality
Integrity
Availability
Non-repudiation
What is risk a function of?
A - Asset Value
T - Threat Agent
V - Vulnerability
What are the 3 types of security controls?
Administrative
Logical
Physical
What are administrative controls?
Written policies, procedures, standards, and guidelines.
What are logical controls
Use software and data to monitor and control access
What are physical controls?
Control and monitor physical environment
What are the factors of access control?
Identification - who are you
Authentification - prove you are who you say you are (like two factor authentification)
Authorization - what do you have access to
What are 4 vulnerablities?
Network
Operating Systems
Applications
Physical
Define Ciber Attack
Attempt to expose, alter, disable, destroy, steal, or gain access to an asset
What are the 3 factors of a cyber attack?
Fear
Spectacularity
Vulnerability
What is the unified kill chain?
Attacks follow the chain, an attacker must complete each step, defender must break the chain.
What are the phases of the unified kill chain?
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives
Define Reconnaissance in the UKC
Gathering information about the target.
Eg. names, email, cameras, passkeys, etc.
What is Open Port Scanning
Send out packets to lots of ports to try to map out a network
What is OS Fingerprinting
A host response to some specifically crafted packets may reveal information about the OS.
What is application scanning?
Scanning an application for vulnerabilities.
Common targets are web servers, mail servers, databases.
What are 3 attack vectors of a cyber attack?
Users - people are the weakest link
Corporate Services
Internet Services
What must the payload do?
Install itself
Bypass defences
Reinitialize on start
Hide
Recieve Commands
Phones Home
What is the Priviledge ring of escalating privileges?
Kernel - most
Device drivers
Applications - least
What does Lateral Movement mean
Spreading through the network
What are the 3 Cyber Attack categories
Active vs Passive
Insider vs Outsider
Syntactic vs Semantic
What is an active attack
Attacker takes action on the system.
DoS, Man in the Middle
What is a passive cyber attack?
Attacker pmonitors the system to gain information on the system. No direct action is taken.
Wire tapping, port scanning, keystroke logging
What is a syntactic attack?
designed to disrupt or damage
What is a semantic attack
Cause the computer system to reproduce errors and unpredictable results
What is a virus?
Syntactic Attack
Program that replicates itself when executed. Infects a single computer.
Inserts its own code.
Eg. Infector, Macro, Overwrite
What is a worm?
Syntactic attack
Replicates itself to spread and infect computers on a network
Eg. Mydoom
What is a Trojan?
Misleads users of its true intent to gain access.
What are the 3 factors to categorize a cyber event?
Scope
Magnitude
Duration
What is a cyber event?
An incident that involves the potential compromize of a computer network
What is Tempest?
A NATO security certification granted to equipment related to its emanations, including EM, electrical signals, sounds, and vibrations.
Describe Tempest Level 3
Most relaxed.
100m free-space atentuation or equivalent. Below deck usually meets requirement.
Used in NATO Zone 2.
Commercial equipment typically meets this.
Describe Tempest Level 2
Slightly relaxed.
NATO Zone 1 environments.
20m of free-space attentuation or equivalent.
Requires filtering on power and signal lines entering.
Describe Tempest Level 1
Most stringent.
NATO Zone 0.
Bridge is Zone 0 when alongside.