Chapter 1: Getting Started Flashcards
What does OSI stand for?
Open Systems Interconnection
What does PDU stand for?
Protocol Data Unit
What are the 7 OSI Layers?
Top Down Order: All People Seem To Need Daily Planning
- Application
- Presentation
- Session
- Transport
- Network
- Data Link
- Physical
What is the 1st OSI Layer?
Include Layer Name, Ex. Protocols, and PDU
- Physical
- USB Standards, Bluetooth
- Bit
What is the 2nd OSI Layer?
Include Layer Name, Ex. Protocols, and PDU
- Data Link
- ARP, CDP, PPP
- Frame
What is the 3rd OSI Layer?
Include Layer Name, Ex. Protocols, and PDU
- Network
- IP
- Packet
What is the 4th OSI Layer?
Include Layer Name, Ex. Protocols, and PDU
- Transport
- TCP. UDP
- Segment
What is the 5th OSI Layer?
Include Layer Name, Ex. Protocols, and PDU
- Session
- x.225, SCP, ZIP
- Data
What is the 6th OSI Layer?
Include Layer Name, Ex. Protocols, and PDU
- Presentation
- AFP, NCP, MIME
- Data
What is the 7th OSI Layer?
Include Layer Name, Ex. Protocols, and PDU
- Application
- FTP, HTTP, SMTP
- Data
What are the 4 TCP/IP Layers?
- Application
- Transport
- Internet
- Network Access
Which OSI Layer(s) are equivalent to the TCP/IP Network Access Layer?
- Physical
- Data Link
Which OSI Layer(s) are equivalent to the TCP/IP Internet Layer?
Network
Which OSI Layer(s) are equivalent to the TCP/IP Transport Layer?
Transport
Which OSI Layer(s) are equivalent to the TCP/IP Application Layer?
- Session
- Presentation
- Application
How does the TCP handshake get initialized?
- SYN
- SYN-ACK
- ACK
What are the 5 security zones?
- Internet
- Internet DMZ
- Production Network Zone
- Intranet Zone
- Management Network Zone
Define vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
What are the vulnerability categories?
- misconfiguration
- default installations
- buffer overflows
- missing patches (unpatched servers)
- design flaws
- operating system flaws
- application flaws
- open services
- default passwords
Define hack value
The idea a hacker holds about the perceived worth or interest in attacking a target
Define zero-day attack
An attack carried out on a system or application before the vendor becomes aware and before a patch or fix action is available to correct the underlying vulnerability.
Define payload
The contents of a packet or specific malicious content an attacker delivers that is acted upon and executed by the system.
Define exploit
Software code, a portion of data, or a sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
Define daisy chaining
A method of external testing whereby several sysstems or resources are used together to make an attack.
Define doxing
The process of searching for and publishing private information about a target (usually an individual) on the internet, typically with malicious intent.
What are the 5 sections of threat modeling?
- Identify Security Objectives
- Application Overview
- Decompose Application
- Identify Threats
- Identify Vulnerabilities
What does EISA stand for?
Enterprise Information Security Architecture
What is EISA?
A collection of requirements and processes that helps determine how an organization’s information systems are built and how they work.
What are the phases of risk management?
- Risk Identification
- Risk Assessment
- Risk Treatment
- Risk Tracking
- Risk Review
Define asset
Any item of value or worth to an organization, whether physical or virtual.
Define threat
Any circumstance or event with the potential to adversely impact organizational operations, organizational assests, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Define security controls
Safeguards or countermeasures to avoid, counteract or minimize security risks.
Define risk
The potential for damage to or loss of an IT asset
Give an example of a preventive measure
Authentication
Give an example of a detective measure
Audit
Give an example of a corrective measure
Backups and restore
What does BIA stand for?
Business Impact Analysis
Define BIA
An organized process to gauge the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency.
What does MTD stand for?
Maximum Tolerable Downtime
Define MTD
A measurement of the potential cost due to a particular asset being unavailable, used as a means to prioritize the recovery of assests should the worst occur.
What does BCP stand for?
Business Continuity Plan
Define BCP
A set of plans and procedures to follow in the event of a failure or a disaster, security related or not, to get business services back up and running.
Includes a DRP that addresses exactly what to do to recover lost data or services
What does DRP stand for?
Disaster Recovery Plan
Define DRP
A documented set of procedures to recover business infrasstructures in the event of a disaster.
What does ALE stand for?
Annualized Loss Expectancy
Define ALE
A measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period.
What is the equation for ALE?
ALE = ARO * SLE
ARO = Annualized Rate of Occurance
SLE = Single Loss Expectancy
What does ARO stand for?
Annualized Rate of Occurance
Define ARO
An estimate of the number of times during a year a particular asset would be lost or experience downtime.
What does SLE stand for?
Single Loss Expectancy
Define SLE
The monetary value expected from the occurance of a risk of an asset
What is the equation for SLE?
SLE = AV * EF
AV = Asset Value
EF = Exposure Factor
What does EF stand for?
Exposure Factor
Define EF
The subjective, potential percentage of loss to a specific asset if a specific threat is realized.
What does CIA stand for?
Confidentiality, Integrity, Availability
This is the Holy Trinity of IT security
Define Confidentiality
A security objective that ensures a resource can be accessed only by authorized users. This is alos the security priniciple that stipulates sensitive informatino is not disclosed to unauthorized individuals, entities, or processes.
Define Integrity
The security property that data is not modified in an unauthorized and undetected manner. Also, this is the principle of taking measures to ensure that data received is in the same condition and state as when it was originally transmitted.
Define Availability
The condition of a resource being ready for use and accessible by authorized users.
Define hash
A unique numerical string, created by a hashing algorithm on a given piece of data, used to verify data integrity
Define hashing algorithm
A one-way mathematical function that generates a fixed length numerical string (hash) from a given data input.
Examples of hashing algorithms: MD5 and SHA-1
What does DoS stand for?
Denial of Service
Define DoS
An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
What does TOE stand for?
Target Of Evaluation
Define TOE
What is being tested
What does ST stand for?
Security Target
Define ST
The documentation describing TOE and security requirements
What does PP stand for?
Protection Profile
Define PP
A set of secuirty requirements specifically for the type of product being tested.
Define access control
Restricting access to a resource in some selective manner
What does MAC stand for?
Mandatory Access Control
Define MAC
An access control model in which access to system resources is restricted based on the sensitivity of the information contained in the system resource and the formal authorization of users to access information such as sensitivity.
What does DAC stand for?
Discretionary Access Control
Define DAC
An access control model in which an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users may have to information under the user’s control.
Define security policy
A document describing the security controls implemented in a business to accomplish a goal.
Define access control policy
Identifies the resources that need protection and the rules in place to control access to those resources.
Define information security policy
Identifies to employees what company systems may be used for, what they cannot be used for, and what the consequences are for breaking the rules.
Define information protection policy
Information sensitivity levels and who has access to those levels. Also addresses how data is stored, transmitted, and destroyed.
Define password policy
Everything imaginable about passwords within the organization, including length, complexity, maximum and minimum age, and reuse.
Define e-mail policy
Sometimes also called the e-mail security policy, addresses the proper use of the company e-mail system.
Define information audit policy
The framework for auditing secrity within the organization. When, where, how, how often, and sometimes even who conducts information security audits are described here.
Name the 4 policies through the prism
- promiscuous - wide open
- permissive - blocks only things that are known to be dangerous
- prudent - provides maximum security but allows some potentially and know dangerous services because of business needs
- paranoid - locks everythingn down, not even allowing the user to open so much as an internet browser
Define standards
Mandatory rules used to achieve consistency
Define baselines
Provides the minimum security level necessary
Define guidelines
Flexible, recommended actions users are to take in the event there is no standard to follow.
Define procedures
Detailed step-by-step instructions for accomplishing a taak or goal.
Define phreaker
Someone who manipulates telecommunications systems in order to make free calls.
What is a white hat hacker?
An ethical hacker. Engaged to test the security of an organization, and work solely within the bounds of an agreement that has been signed and afreed upon by all parties before the assessment begins.
What is a black hat hacker?
An attacker who breaks into computer systems with malicious intent, with-out the owner’s knowledge or permission.
What is a gray hat hacker?
A skilled hacker who straddles the line between white hat (ethical) and black hat (malicious). Sometimes perform illegal acts to exploit technology with the intent of achieving better security.
Define hactivism
The act or actions of a hacker to put forward a cause or political agenda, to affect some societal change, or to shed light on something the hacker feels to be a political injustice. Usually illegal in nature.
What is a suicide hacker?
A hacker who aims to bring down critical infrastructure for a “cause” and does not worry about the penalties associated with their actions.
What is a script kiddie?
Derogatory term used to describe an attacker, usually new to the field, who uses simple, easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
What is a cyberterrorist?
Someone motivated by religious or political beliefs to create fear and large-scale systems disruption.
What is a state-sponsored hacker?
A hacker employed by the government.
What are the 4 categories of attack types?
- Operating system attacks
- Application-level attacks
- Shrink-wrapped code attacks
- Misconfiguration attacks
What are the 5 phases of ethical hacking?
- Reconnaissance
- Scanning and enumeration
- Gaining access
- Maintaining access
- Covering tracks
Define reconnaissance
The steps taken to gather evidence and information on the targets you want to attack.
Define passive reconnaissance
Gathering information about your target without their knowledge.
Define active reconnaissance
Using tools and techniques that may or may not be discovered but put your activities as a hcaker at more risk of discovery.
Define the scanning and enumeration phase
Taking the information gathered during reconnaissance and actively apply tools and techniques to gather more in-depth information on the targets.
Define the gaining access phase
When true attacks are leveled againsed the targets enumerated in the scanning and enumeration phase.
Define the maintaining access phase
Hackers attempt to ensure they have a way back into the machine or system they’ve already compromised.
Define a zombie machine
A machine used to launch further attacks from
Define the covering tracks phase
Attackers attempt to conceal their success and avoid detection by security professionals.
Ex. altering log files, hiding files with hidden attribures or directories, etc.
What does SIEM stand for?
Security Incident and Event Manager
What does IOC stand for?
Indicator Of Compromise
Define IOC
Clues (identifiers, tidbits of information or settings, etc.) that you can readily identify as a strong sympton you’ve been hacked.
What are the 4 main types of IOC?
- E-mail indicators - senders’ addresses, subject lines, types of attachments
- Network indicators - URLs, domain names, IP addresses
- Host-based indicators - filenames, hashes, registry keys
- Behavioral indicators - PowerShell executions, remote command executions, etc.
Define tiger team
A group of people gathered together by a business entity, working to address a specific problem or goal.
Define penetration testing
A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
A clearly defined, full-scale test of the security controls of a system or network in order to identify security risks and vulnerabilities.
What are the 3 main phases of pen testing?
- Preparation - time period during which the actual contract is hammered out
- Assessment - the actual assault on the security controls
- Conclusion - final reports are prepared
What is black-box testing?
When the ethical hacker has absolutely no knowledge of the TOE. Used to simulate an outside, unknown attacker.
What is white-box testing?
When the pen testers have full knowledge of the network, system, and infrastructure they’re targeting. Used to simulate a knowledgeable internal threat such as a disgruntled network admin or other trusted user.
What is gray-box testing?
When the ethical hacker has limited knowledge of the intended target. Used to simulate an internal but non-system-admin.
What does HIPAA stand for?
Health Insurance Portability and Accountability Act
What are the 5 sub-sections of HIPAA?
- Electronic Tansactions and Code Sets
- Privacy Rule
- Security Rule
- National Identifier Requirements
- Enforcement
What does SOX stand for?
Sarbanes-Oxley Act
Define SOX
Makes corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior.
What does PCI DSS stand for?
Payment Card Industry Data Security Standard
Define PCI DSS
The security standard for organizations handling credit cards, ATM cards, and other point-of-sale cards.
What are the 12 requirements of PCI DSS?
- Install and maintain firewall configuration
- Remove vendor-supplied default passwords and other default security features
- Protect stored data
- Encrypt transmission of cardholder data
- Install, use, and update antivirus
- Develop secure systems and applications
- Use “need to know” as a guideline to restric access to data
- Assign a unique ID to each stakeholder in the process
- Restrict any physical access to the data
- Monitor all access to data and network resources
- Test security procedures and systems regularly
- Create and maintain an information security policy
What is ISO/IEC 27001:2018?
A standard that provides requirements for creating, maintaining and improving organizational information security systems.
