CH1 Flashcards
Any potential danger to an asset
Threat
If a vulnerability exist but has not yet been exploited the threat is considered what?
Latent
If someone is actively launching an attack against your system and successfully accesses something or compromises your security against an asset the threat is what?
Realized
The entity that takes advantage of a vulnerability
malicious actor
The path used by a malicious actor to perform an attack
threat agent or threat vector
A weakness in the system design, implementation, software, or code, or the lack of a mechanism.
Vulnerability
5 places vulnerabilities can be found
Applications, Operating Systems, Hardware, Misconfiguration, Shrinkwrap software
The identifier used by vendors, security researchers, and vulnerability coordination centers to disclose vulnerabilities to the public
CVE (Common Vulnerability Exposures)
A piece of software, a tool, a technique, or a process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system.
Exploit
The probability or likelihood of the occurrence or realization of a threat.
risk
Any item of economic value owned by an individual or corporation.
asset
The amount of risk left after safeguards and controls have een put in place to protect the asset
residual risk
List 5 types of threat actors
Script kiddies, organized crime groups, state sponsors and governemnts, hacktivists, terrorist groups.
People who use existing scripts or tools to hack into computers and networks. They lack expertise to write their own scripts
Script kiddies
Group whose main purpose is to steal information, scam people, and make money
Organized crime group
These agents are interested in stealing data, including intellectual property and research-and-development data from major manufacturers, government agencies, and defense contractors.
State sponsors and governments
People who carry out cybersecurity attacks aimed at promoting a social or political cause
Hacktivist
These groups are motivated by political or religious beliefs
Terrorist Groups
These individuals perform ethical hacking to help secure companies and organizations.
White hat hacker
These individuals perform illegal activities, such as organized crime.
Black hat hacker
These individuals usually follow the law but sometimes venture over to the darker side of black hat hacking.
Gray hat hacker
The knowledge about an existing or emerging threat to assets, including networks and systems.
Threat intelligence
What 5 items make up threat intelligence
context, mechanisms, indicators of compromise, implications, and actionable advise
Typically require a host program or file to infect, requiring some human interaction.
Viruses
Can travel from system to system without human interfaction
Worm
Closely related to virus’s and worms, similar to Trojan because users don’t know it’s installed, steals information from the user and eats up bandwidth. Can also redirect web traffic and flood you with popups.
Spyware
What are the primary types of malware attack mechanisms
Master boot record infection, BIOS infection, File infection, Macro infection, Cluster, Multipartite
List 5 basic components of a virus
Search routine, infection routine, payload, antidetection routine, trigger routine.
Programs that pretend to do one thing but, when loaded, actually perform another, more malicious act.
Trojan
An attack in which an attacker leaves a USB thumb drive in the desk drawer of a victim.
Poison apple attack
What is the number one means of malware propogation?
Email attachments
A program used to combine two or more executables into a single packaged program.
Wrappers
Similar to WinZip, Rar, Tar… these programs compress files to prevent anyone from viewing the malware’s code until it is placed in memory
Packers
Encrypt or obscure the code. Some obscure the contents of the Trojan by applying an encryption algorithm.
Crypters
Popular method used by criminals, hacktivist, and nation-state attackers to make money. Encrypts specific files in the victims system until a ransom is paid to the attacker.
Ransomware
A way of moving information through a communication channel or protocol in a manner in which it was not intended to be used.
Covert channel
Software or hardware devices used to record everything a person types.
Keyloggers
A standalone environment that allows you to safely view or execute the program while keeping it contained.
Sandbox (Cisco ThreatGrid)
List 3 types of injection-based vulnerabilities
SQL injection, HTML injection, Command injection
This type of vulnerability can allow an attacker to view, insert, delete, or modify records in a database. The attacker inserts, or injects, partial or complete SQL queries via the web application.
SQL Injection
What are the 3 categories of SQL injection attacks
in-band, out-of-band, blind
SQL injection attack where attacker obtains data by using the same channel that is used to inject the SQL code (data is dumped directly in a web application or web page).
In-band SQL injection
SQL injection attack where the attacker retrieves data using a different channel (an email, text, or instant message).
Out-of-band SQL injection
SQL injection attack where the attacker does not make the application display or transfer any data; rather, the attacker is able to reconstruct the information by sending specific statements and discerning the behavior of the application and database.
Blind (or inferential) SQL injection
Vulnerability that occurs when an unauthorized user is able to control an input point and able to inject arbitrary HTML code into a web application.
HTML Injection
Attack in which an attacker tries to execute commands that he or she is not supposed to be able to execute on a system via a vulnerable application.
Command injection
Credential brute forcing, session hijacking, redirecting, exploiting default credentials, exploiting weak credentials, exploiting Kerberos vulnerabilities are all examples of what type of vulnerability.
Authentication-based vulnerabilities.
In this type of attack, an attacker attempts to log into an application or system by trying different usernames and passwords.
Credential brute force and password cracking
Brute force attack in which the attacker actively tries to log in to the application by using many different combinations of credentials
Online brute force
Brute force attack in which the attacker can gain access to encrypted data or hashed passwords.
Offline brute-force
Some of the most common web applications vulnerabilities seen today where attackers use obfuscation techniques by encoding tags or malicious portions of the script using Unicode so that the link or HTML content is disguised to the end user browsing the site.
Cross-site Scripting (XSS)
What are the 3 major categories of XSS
Reflected XSS, Stored (persistent) XSS, DOM-based XSS
Type of XSS attack in which malicious code or scripts are injected by a vulnerable web application using any method that yields a response as part of a valid HTTP request. Example - user persuaded to follow a malicious link to a vulnerable server that injects the malicious code back to the user’s browser.
Reflected XSS
Type of XSS attack in which the malicious code or script is permanently stored on a vulnerable or malicious server, using a database. These are typically carried out on blog sites, web forums, and other permanent storage methods.
Stored (persistent) XSS
Type of XSS attack in which the attacker sends a malicious URL to the victim, and after the victim clicks the link, it may load a malicious website or a site that has a vulnerable DOM router handler. After the site is rendered by the browser, the payload executes the attack in the user’s context on that site.
DOM (Document Object Model) XSS
Type of attack in which unauthorized commands are transmitted from a user who is trusted by the application. AKA (on-click attacks or session-riding).
Cross-site request forgery (CSRF or XSRF)
Occurs when a system or application attempts to perform two or more operations at the same time however, due to the nature of such a system or application, the operations must be done in the proper sequence in order to be done correctly. These are also referred to as TOCTOU attacks). Example - policy push to IPS device rebuilds ACL’s - attacker has a small window to bypass the ACL’s.
Race conditions
A non-profit charitable organization that leads several industry-wide initiatives to promote the security of applications and software. They list the top 10 most common vulnerabilities against applications at their website.
OWASP Top 10
The requirement that private or confidential information not be disclosed to unauthorized individuals
Confidentiality
The ability to make sure that a system and its data has not been altered or compromised.
Integrity
A requirement that information and programs are changed only in a specified and authorized manner
Data Integrity
A requirement that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
System Integrity
Systems, applications, and data must be available to authorized users when needed and requested. This concept is referred to as….
Availability
What are the 3 types of DDoS attacks
Direct DDoS, Reflected DDoS, Amplification DDoS
Occurs when the source of the attack generates the packets, regardless of protocol, application, and so on, that are sent directly to the victim of the attack.
Direct DDoS
Occur when the sources of the attack are sent spoofed packets that appear to be from the victim, and then the sources become unwitting participants in the DDoS attacks by sending the response traffic back to the intended victim.
Reflected DDoS
A form of reflected DDoS attack in which the response traffic (sent by the unwitting participant) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim).
Amplification DDoS
According to NIST, what are the advantages of cloud computing
Distributed storage, scalability, resource pooling, access from any location, measured service, automated management.
According to NIST, what are the essential characteristics of cloud computing
On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service
Cloud deployment model that is open for public use
Public Cloud
Cloud deployment model that is used just by the client organization on-prem or at a dedicated area in a cloud provider
Private Cloud
Cloud deployment model that is composed of two or more clouds (including on-prem)
Hybrid Cloud
Cloud deployment model that is shared between several organizations
Community Cloud
Accorindg to NIST, Cloud computing can be broken into the following 3 basic models
IaaS, PaaS, SaaS
Cloud solution where you are renting infrastructure. You purchase virtual power to execute your software as needed.
IaaS
Cloud solution providing everything except applications.
PaaS
Cloud solution designed to provide a complete packaged solution. The software is rented out to the user. Usually provided through some type of front end or web portal.
SaaS
Includes any computing devices (mechanical and digital machines) that can transfer data over a network without requiring human-to-human or human-to-computer interaction - for example, sensors, home appliances, connected security cameras, wearables, and numerous other devices.
IoT (Internet of Things)
A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
Cybersecurity incident
Any observable occurrence in a system or network. Include users connecting to a file share, server receiving a request for a web page, user sending email etc.
Event
