comptia security Flashcards

1
Q

EAP

A

extensible authentication protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

802.1X

A

802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SRTP

A

secure real time transport protocol - to encrypt and provide authentication for RTP - real time transport protocol traffic - used for audio/video streaming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HIDS

A

host based intrusion detection system
sw installed on the system to detect attacks
HIPS - host based intrusion prevention system is an extension of a HIDS to detect and block attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HIPS

A

extension of HIDS // host based intrusion prevention system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

mail gateway

A
  • is placed between an email server and the internet and it can filter out spam (spam filter)
  • typically includes DPL (data loss prevention) capabilities
  • can inspect the contents of outgoing traffic looking for key words and block any traffic containing proprietary data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

reverse proxy

A

protects an internal web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

media gateway

A

converts data from one format to another such as telephony traffic to IP-based traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

web application firewall

A

protects a web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SSID

A

service set identifier
A service set identifier (SSID) is a unique identifier assigned to a wireless network. It allows devices on the network to identify and connect to the correct network. Most SSIDs are case-sensitive and can be up to 32 characters long

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WEP

A

wired equivalent privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

WPA2

A

Wi-Fi protected access II

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

NAC

A

network access control - can inspect VPN clients for health status, e.g. having up to date OS and antivirus sw
after they connect to a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

PaaS

A

platform as a service - a cloud computing model that provides cloud customer with a preconfigured computing platform they can use as needed
- provides an easy to configure OS and on demand computing

–> IaaS and SaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

PAP

A

password authentication protocol - an older one where pwds are sent across the network in cleartext –> CHAP, MS-CHAPv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

passive reconnaissance

A

a penetration testing method used to collect information, typically uses open-source intelligence –> active reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

pass the hash

A

pwd attack that captures and uses the pwd hash, attempts to log on as the user with the hash commonly associated with the Microsoft NTLM protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

PBKDF2

A

pwd based key derivation function 2
- a key stretching technique that adds additional bits to a pwd as a salt
- it helps prevent brute force and rainbow table attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

NTLM

A

new technology LAN manager
a suite of protocols that provide confidentiality, integrity and authentication within Windows Systems
versions: NTLM, NTLMv2, NTLM2 Session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

nonce

A

a number used once
cryptography elements frequently use a nonce to add randomness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

steganography

A

uses obfuscation to hide data within data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

OCSP

A

online certificate status protocol
an alternative to using a CRL
allows to query a CA with the serial number of a certificate
CA answers with good, revoked, unknown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

DLP

A

data loss prevention
can reduce the risk of emailing confidential info outside the organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Saas

A

sw as a service provides sw or applications such as webmail via the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
TPM
trusted platform module provides full drive encryption
26
COPE
corporate owned personally enabled mobile device deployment model = MDM mobile device mgmt that gives centralized control over COPE --> BYOD, CYOD
27
CYOD
choose your own device a mobile device deployment model employees can connect their personally owned device to the network as long as the device is on a preapproved list =storage segmentation to protect company data on mobile devices owned by users
28
ISA
interconnection security agreement specifies technical and security requirements for planning, establishing, maintaining, and disconnecting a secure connection between two or more entities: BETWEEN ANY FEDERAL AGENCY AND A THIRD PARTY INTERCONNECTING THEIR SYSTEMS
29
ALE
annual (annualized) loss expectancy the expected loss for a year it is used to measure risk with ARO and SLE in a quantitative risk assessment SLE x ARO = ALE
30
ARO
annual (annualized) rate of occurrence the number of times a loss is expected to occur in a year it is used to measure risk with ALE and SLE in a quantitative risk assessment
31
SLE
single loss expectancy the monetary value of any single loss used to measure risk with ALE and ARO in a quantative risk assessment SLE x ARO = ALE
32
S/MIME
secure/multipurpose internet mail extensions popular standard used to secure email provides: confidentiality integrity authentication non-repudiation
33
signature-based detection tool
type of monitoring used on intrusion detection and intrusion prevention systems detects attacks based on KNOWN ATTACK PATTERNS documented as attack signatures - signature based IDS systems use signatures similar to antivirus software a unique identifier is established about a known threat so that the threat can be identified in the future
34
SIEM
security information and event mgmt attempts to look at security events throughout the organisation
35
sideloading
copying an app package to mobile device useful to developers when testing apps
36
shimming
driver manipulation method uses additional code to modify the behaviour of a driver
37
Shibboleth
open source federated identity solution
38
SHA
secure hash algorithm hashing function used to provide INTEGRITY versions: SHA-1, SHA-2, SHA-3 hash is an alphanumeric string created by executing a hashing algorithm against data (file or message) hashing algo creates a fixed-length, IRREVERSIBLE output if the data never changes, the resulting hash will always be the same by comparing hashes created at two different times, you can determine if the original data is still the same if the hashes are the same, the data is the same
39
SFTP
secure file transfer protocol TCP port 22 an extension of SSH (secure shell) used to encrypt FTP traffic
40
session hijacking
an attack that attempts to impersonate a user by capturing and using a session ID session IDs are store in COOKIES!!
41
SED
self-encrypting drive
42
secure boot
process that checks and validates system files during the boot process TPM typically uses a secure boot process it is a security system offered by UEFI it is designed to prevent a computer from being hijacked by a malicious OS under secure book UEFI is configured with digital certs from valid OS vendors the system fw checks the OS boot loader using the stored certificate to ensure that the OS vendor has digitally signed it this prevents a boot loader that has been changed by malware or an OS installed without authorization from being used. the TPM can also be invoked to compare hashes of key system state data (boot fw, boot loader, and OS kernel) to ensure they have not been tampered with by a rootkit
43
SAML
security assertion markup language XML-based standard used to exchange authentication and authorization information between different parties SAML provides SSO for web-based application
44
SDN
software defined network uses sw and virtualization technologies to replace hw routers SDNs separate the data and control planes
45
LDAP
lightweight directory access protocol used to communicate with directories such as microsoft active directory it identifies objects with query strings using codes such as CN=Users and DC=GetCertifiedGetAhead
46
LDAPS
lightweight directory access protocol secure used to encrypt LDAP traffic with TLS
47
bollards
short vertical posts that act as a baricade block vehicles but not ppl
48
HVAC
heating ventilation air conditioning - physical security control that increases availability by regulating airflow within DCs and server rooms
49
RTO
recovery time objective the max amount of time it should take to restore a system after an outage it is derived from the max allowable outage time identified in the BIA
50
bcrypt
a key stretching algorithm used to protect pwds bcrypt salts pwds with additional bits before encrypting them with Blowfish this thwarts rainbow table attacks
51
BIA
bussiness impact analysis includes info on potential losses
52
DRP
disaster recovery plan includes methods to recover from an outage
53
symmetric encryption algorithms
AES - advanced encryption standard DES - data encryption standard RC4 - Rivest Cipher 4
54
hashing
provides integrity for digital signatures and other data hash=checksum hashing verifies integrity for data such as email, d/l files, and files stored on a disk hash is a number created with a hashing algorithm HASHES ARE ONE-WAY FUNCTIONS
55
digital signature
is a hash of the message encrypted with the senders private key but the encryption doesnt provide integrity the digital signature provides non-repudiation which doesnt provide integrity
56
SHA-2
secure hash algorithm version 2 is used for integrity
57
ECC
elliptic curve cryptography has minimal overhead and is often used with mobile devices for encryption
58
key stretching techniques
1) PBKDF2 = pwd-based key derivation function 2 2) bcrypt that salt pwds with additional bits to protect agains brute force attempts
59
OCSP
online certificate status protocol provides real time responses to validate certs issues by a Certificate Authority (CA)
60
CRL
certificate revocation list includes a list of revokes certs
61
DSA
digital signature algorithm creates a digital signature
62
HMAC
hash based message authentication code creates a hash Hash-based message authentication code (or HMAC) is a cryptographic authentication technique that uses a hash function and a secret key. With HMAC, you can achieve authentication and verify that data is correct and authentic with shared secrets, as opposed to approaches that use signatures and asymmetric cryptography. How does HMAC differ from hashing? A hash lets you verify only the authenticity of the data (i,. e., that the data you received is what was originally sent). An HMAC lets you verify both the authenticity and the originator of the data. A hash doesn't use a key. Why is HMAC more secure than general hashing? The strength of HMAC lies in its combination of both a secret key and a hash function. The secret key adds a layer of security by ensuring that only those with the key can generate or verify an HMAC. This aspect is particularly important in scenarios where confidentiality and data integrity are critical.
63
AUP
acceptable use policy informs users of their responsibilities when using an organisations equipment
64
cognitive pwd attack
utilizes information that a person would know eg name of a first pet and use it to change the users pwd --> Sarah Palin example
65
rainbow table attack
is a pwd attack that uses a DB of precalculated hashes - PBKDF2 and bcrypt thwart rainbow table attacks
66
SRTP
- secure real-time transport protocol - used to encrypt and provide authentication for RTP traffic - used for audio/video streaming
67
honeynet
group od servers configured as honeypots
68
an 802.1x server
provides port-based authentication and can authenticate clients clients that cant authenticate (eg guests) can be redirected to the guest network which grants them Internet access but not access to the internal network
69
NAT
network address translation translates private IP addresses to public IP addresses
70
PEAP
protected extensible authentication protocol an extension of EAP sometimes used with 802.1x PEAP requires a cert on the 802.1x server
71
PEM
privacy enhanced mail common format for PKI certs it can use either CER (ASCII) or DER (binary) formats and can be used for almost any type of certs
72
chroot
Linux command used to change the root directory often used for sandboxing
73
chmod
linux admins use it to change permissions for files
74
FDE
full disk encryption
75
SED
self-encrypting drive a drive that includes the hw and sw necessary to encrypt a hard drive - users typically enter credentials to decrypt and use the drive
76
runtime code # compiled code
runtime code = code that is interpreted when it is executed compiled code = has been optimized by an application and converted into an executable file
77
RADIUS
remote authentication dial-in user service
78
DNS
domain name system
79
DHCP
dynamic host configuration protocol
80
SCADA
supervisory control and data acquisition system
81
trojans
commonly create backdoors
82
spear phishing
eg email targeting users in the same organisation
83
vishing
similar to phishing - but uses telephone technology
84
salting
method used to prevent brute force attacks to discover pwds
85
account lockout control
locks an account after the wrong pwd is guessed too many times
86
DNS poisoning
domain name system poisoning attempts to redirect web browsers to malicious URLs
87
replay attack
attempts to capture packets to impersonate one of the parties in an online session
88
SLA
service level agreement between a company and a vendor that stipulates performance expectations such as min uptime and max downtime levels
89
BPA
business partners agreement
90
MOU/MOA
memorandum of understanding or memorandum of agreement - a type of agreement that defines responsibilities of each party - compare with ISA
91
ISA
interconnection security agreemenr specifies technical and security requirements for connections between two or more entities
92
arp (not ARP)
a command-line tool to show and manipulate ARP (address resolution protocol) cache
93
ARP poisoning
an attack that misleads systems about the actual MAC address of the system
94
XSS attack
cross-site scripting attack protection against: - input validation - WAF: web application firewall = monitors, filters, and or blocks HTTP traffic to a web server
95
normalization
organising tables and columns in a DB to reduce redundant data and improve overall DB performance
96
netcat
useful for remotelly administering servers but it doesnt collect and analyze packets - can be used for banner grabbing and will provide info on the operating system
97
protocol analyzer=sniffer
can capture traffic sent over a network and identify the type of traffic , the source of the traffic and protocol flags used within individual packets to EXAMINE PACKETS used to VIEW DATA sent in CLEAR TEXT
98
fault tolerance
the capability of a system to suffer a fault, but continue to operate the system can tolerate the fault as if it never occurred
99
RAID
RAID stands for Redundant Array of Inexpensive (Independent) Disks. row cost solution for fault tolerance for disks RAID increases data availability
100
load balancing
round-robin is one of the methods used in load balancing
101
rainbow table
a file containing precomputed hashes for character combination rainbow tables are used to discover pwds
102
bcrypt
a key stretching technique designed to protect against brute force and rainbow table attacks
103
PBKDF2
pwd based key derivation function 2 both (bcrypt as well) salt the pwd with additional bits bcrypt- based on Blowfish
104
confusion (in the context of encryption)
means that the ciphertext is significantly different than the plaintext
105
diffusion (cryptography)
ensures that small changes in the plaintext result in large changes in the ciphertext
106
obfuscation
attempt to hide data or make sth unclear
107
collision
hashing algorithm vulnerability a has vulnerability that can be used to discover pwds a hash collision occurs when two different pwds CREATE THE SAME HASH
108
ECDHE
elliptic curve diffie-hellman ephemeral allows entities to negotiate encryption keys securely over a public network
109
CASB
cloud access security broker - sw tool that enforces cloud-based security requirements - placed between the organisation's resources and the cloud - monitors all network traffic - can enforce security policies
110
CTM
counter mode a mode of operation used for encryption that combines IV with a counter the combined result is used to encrypt blocks
111
pinning
a security mechanism used by some web sites to PREVENT WEB SITE IMPERSONATION web sites provide clients with a list of PUBLIC KEY HASHES clients store the list and use it to validate the web site
112
stapling
the process of appending a digitally signed OCSP response to a certificate it reduces the overall OCSP traffic sent to a CA
113
perfect forward secrecy
a characteristic of encryption key ensuring THAT THE KEYS ARE RANDOM perfect forward secrecy methods do not use DETERMINISTIC ALGORITHMS
114
IPsec (internet protocol security) TLS (transport layer security) often use
HMAC-MD5 HMAC-SHA1 HMAC= hash-based message authentication code
115
hashing algorithms
MD5 SHA HMAC RIPEMD
116
RIPEMD
race integrity promitives evaluation message digest
117
SHA
secure hash algorithm
118
MD5
message digest 5
119
IV
initialization vector provides a starting value for a cryptographic algorithm it is a fixed-size random or pseudo-random number that helps create random encryption keys ideally the IV should be large enough so that the algorithm doesnt reuse the same IV and re-create the same encryption keys
120
RADIUS
remote authentication dial-in user service encrypts pwd packets uses shared keys for symmetric encryption when users authenticate, RADIUS servers and clients use the shared key to encrypt and decrypt data exchanged in a CHALLENGE/RESPONSE session without the shared key, clients are unable to decrypt the data and respond appropriately
121
RTO
recovery time objective = the amount of time it takes to identify a problem and then perform recovery eg restore from back up or switch in an alternative system
122
RPO
recovery point objective the amount of data loss that a system can sustain measured in time if a virus destroys a DB an RPO of 24 hours means that the data can be recovered from a backup copy to a point not more than 24 hours before the DB was infected
123
MTBF
mean time between failure expected lifetime of a product before it fails and must be replaced or repaired
124
MTTR
mean time to repair mean time to recover is a measure of the time taken to correct a fault to restore the system to full operation often specified in the maintenance contracts
125
virtual machine escape vulnerabilities
most severe issue that may exist in a virtualized environment the attacker can access a single virtual host and then leverages that access to intrude on the resources assigned to a different virtual machines
126
DATA REMNANT
the residual representation of digital data that remains even after attempts have been made to remove it or erase it
127
VIRTUALIZATION SPRAWL
when the number of virtual machines on a network reaches a point where the administrator can no longer manage them effectively
128
virtual machine migration
moving a virtual machine from one physical hardware environment to the other
129
syslog
system logging protocol port 514 is a way network devices can use a standard message format to communicate with a logging server designed to make it easy to monitor network devices devices can use a syslog agent to send out notification messages
130
nslookup
used to query the Domain Name System to obtain the mapping between a domain name and an IP address or to view other DNS records "set type=ns" tells nslookup only reports information on name servers "set type=mx" -> info only about mail exchange servers
131
risk
results from the combination of a THREAT and a VULNERABILITY
132
BCP
bussiness continuity plan
133
credentialed scan
logs into a system and retrieve their configuration information
134
non-credentialed scan
relies on external resources for config settings that can be altered or incorrect
135
TACACS+
is an extension to TACACS = terminal access controller access control system developed as a proprietary protocol by Cisco
136
RADIUS
REMOTE AUTHENTICATION DIAL-in USER SERVICE is a networking protocol that operates on port 1812 and provides centralized Authentication Authorization Accounting mgmt for users who connect and use a network service
137
KERBEROS
a network authentication protocol designed to provide strong mutual authentication for client/server applications using secret-key cryptography developed by MIT
138
CHAP
challenge-handshake authentication protocol is used to authenticate a user or network host to an authenticating entity AUTHENTICATION PROTOCOL DOES NOT PROVIDE AUTHORIZATION OR ACCOUNTING SERVICES
139
the simplest load balancing scheduling algorithm
round-robin
140
affinity
a scheduling method used with load balancers it uses the clients IP address to ensure the client is redirected to the same server during a session
141
Shibboleth
one of the federated identity solutions open source and freely available includes Open libraries written in C++ and Java
142
OAuth
open standard for authorization instead of creating a diff account for each web site you access, you can often use the same account that you have created with Google, FB, paypal etc
143
OpenID Connect
works with OAuth 2.0 allows clients to verify the identity of end users without managing their credentials exemple Skyscanner - after logging using FB credentials Skyscanner provides more personalized experience for the users is used for authentication on the Internet, not internal networks!!!
144
TFTP
trivial file transfer protocol port 69
145
SMTP
simple mail transfer protocol port 25
146
DNS
domain name service protocol port 53
147
IDOR
insecure direct object references cybersecurity issue when a web app developer uses an identifier for direct access to an object but provides no additional access control and/or authorization checks
148
race condition
sw vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events those events fail to execute in the order and timing intended by the developer - hacker gamer example !!
149
IMAP
internet message access protocol a TCP/IP application protocol that provides a means for a client to access email messages stored in a mailbox on a remote server using TCP port number 143 unlike POP3 messages persist on the server after the client has d/l them IMAP also supports mailbox mgmt functions such as creating subfolders and access to the same mailbox by more than one client at the same time
150
dereferencing
attempts to access a pointer that references an object at a particular memory location
151
WEP
wired equivalent privacy an older mechanism for encrypting data sent over a wireless connection uses 24-bit initialization vector to secure its pre-shared key replaced by WPA -wifi protected access that uses RC4 cipher and a temporal key integrity protocol (TKIP) replaced by WPA2 after the completion of the 802.11i security standard uses improved AES cipher with counter mode with cipher-block chaining message authentication protocol CCMP for encryption replaced by WPA3 most secure wireless encryption method uses the simultaneous authentication of equals SAE to increase the security of preshared keys provides the enhanced open mode WPA3 Enterprise mode supports AES with the Galois/counter mode protocol GCMP-256 for the highest levels of encryption
152
measured boot
a feature where a log of all boot actions is taken and stored in a trusted platform module for later retrieval and analysis by anti-malware sw on a remote server
153
master boot record analytics
used to capture the hard disks required information to support a forensic investigation it would not detect malware during the systems boot-up process
154
startup control
determines which programs will be loaded when the operating system is initially booted
155
risk response acctions
accept avoid mitigate or transfer
156
FTP
file transfer protocol port 20 and 21
157
data anonymization
is the process of removing personally identifiable information from data sets so that the ppl whom the data describe remain anonymous
158
hybrid pwd cracking approach
combining diff methods such as the dictionary and brute force methods into a single tool
159
proximity badge
embeds an RFID chip into the card or badge when the user swipes their card over the reader, it sends an RF signal that uniquely identifies the cards holder RFID - radio-frequency identifcation systems
160
RFID attacks
attacks against radio-frequency identification systems such as eavesdropping replay DoS
161
access control vestibule
physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens
162
VDI
virtual desktop infrastructure
163
VPC
virtual private cloud
164
UEBA
user and entity behaviour analytics can provide an automated identification of suspicious activity by user accounts and computer hosts
165
ABAC
attribute-based access control provides most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes info such as the group membership, the OS being used or even the machines IP could be considered when granting or denying access
166
order of volatility
order in which you should collect evidence
167
legal hold
process that an organization uses to perserve all forms of potentially relevant information when litigation is pending or reasonably anticipated
168
access control model with a network switch if it requires multilayer switches to use authentication via RADIUS/TACACS+
you need to use 802.1x for the protocol the IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network this defines port security the users identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server
169
nmap
the worlds most popular open-source scanning utility
170
services. msc
the services console allows to disable or enable Windows services
171
dd tool
used to copy files, disks, and partitions, and it can also be used to create forensic disk images
172
Nessus
proprietary vulnersbility scanner developed by Tenable it does contain the ability to conduct a port scan, its primary role is as a VULNERABILITY SCANNER
173
LDAPS
provides mutual authentication of the client and the server - because its using TLS
174
the five factors of authentication
knowledge - sth you know possession - sth you have biometric - sth you are action - sth you do location - somewhere you are
175
PHI
protected health information any info that identifies so as the subject of medica and insurance records, plus their associated hospital and laboratory test results this type of data is protected by the Health Insurance Portability and Accountability Act = HIPAA it requires notification of thr individual, the Secretary of the US Department of Health and Human Services -HHS, and the media if more than 500 individuals are affected in the case of a data breach
176
credit card information is protected under
the PCI DSS information security standard
177
war walking
walking around a build while locating WIRELESS networks and devices it will not help find a WIRED ROGUE DEVICE on wired network - checking valid MAC addresses against a known list - scanning for new systems or devices - physically surveying for unexpected systems can be used to find rogue devices on a WIRED NETWORK
178
ICMP
internet control message protocol
179
nbtstat
diagnostic tool for NetBIOS over TCP/IP used to troubleshoot NetBIOS name resolution problems
180
harvesting
process of gathering data, normally user credentials
181
SOW
statement of work
182
MSA
master service agreement parties agree to the terms that wil govern future transactions/future agreements
183
SLA
service level agreement outlines the detailed terms under which a service is provided including reasons the contract may be terminated
184
pass the hash = PtH
is the process of harvesting an account's cached credentials when the user logs in to a single sign-on
185
golden ticket
a Kerberos ticket that can grant other tickets in an Active Directory environment attackers who can createna golden ticket can use it to grant admin access to other domain members even to domain controllers
186
lateral movement
an umbrella term for variety of attack types compromising host credentials
187
pivoting
attackers compromise one central host - the pivot that allows them to spread out to other hosts that would otherwise be inaccessible
188
CSMA/CA
carrier-sense multiple access with collision avoidance is a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be idle
189
IoC
indicators of compromise
190
degausser
used to wipe magnetic media
191
TTX
tabletop exercise: RED TEAM - the adversary, attempting to penetrate the network or exploit it as a rogue internal attacker BLUE TEAM - consists of system administrators, cybersecurity analysts and network defenders
192
MECM
microsoft endpoint configuration mgmt provides remote control patch mgmt sw distribution OS deployment network access protection hw & sw inventory
193
SaaS
sw as a service any sw or application provided to users over a network such as the internet eg Gmail
194
private IP addresses
10.x.x.x 172.16-31.x.x 192.168.x.x
195
ATP ATTACK
An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.[1][2] In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.
196
CVSS
common vulnerability score system
197
OSINT
open-source intelligence --> refers to legally gathered information from free, public sources = information found on the internet
198
TCP
Transmission Control Protocol Transmission Control Protocol (TCP) is a communications standard that enables application programs and computing devices to exchange messages over a network. It is designed to send packets across the internet and ensure the successful delivery of data and messages over networks.
199
FDE
full disk encryption
200
CVE
common vulnerabilities & exposures
201
IoCs
indicators of compromise: telltale signs that an attcack has taken place may include: - file signatures - log patterns - etc - may be found in file and code repositories
202
OSINT
open source threat inteligence
203
CISA
cybersecurity & infrastructure security agency
204
forward proxy vs reverse proxy
A forward proxy deals with client traffic, regulating and securing it. In contrast, a reverse proxy shields servers by handling client requests, ensuring they reach the right server, and returning the results to clients, who are unaware of the server's direct involvement.
205
IPsec VPN Tunnel Mode vs IPsec VPN Transport Mode
Tunnel Mode provides end-to-end security by encrypting the entire IP packet, while Transport Mode only encrypts the payload of the packet. Another difference is the use case: Tunnel Mode is used for connecting entire networks, while Transport Mode is used for host-to-host communication.
206
RTOS
real-time operating systems specialized OS designed for embedded systems (with limited resources) that require precise timing and deterministic behavior - provide real-time scheduling (certain tasks will be completed within a specific timeframe --> critical for medical devices and automotive systems - designed to be lightweight and efficient, with a small memory footprint and low processing overhead
207
SOAR
SOAR (security orchestration, automation and response)
208
chown vs chmod
chown is an abbreviation for “changing owner”, which is pretty self-explanatory. While chmod handles what users can do with a file once they have access to it, chown assigns ownership. As you may have noticed, none of the chmod commands we discussed above changed who owns the files we're working with.
209
dd command in linux
The dd command is one of the most powerful and versatile tools in the Linux operating system. Often referred to as “data duplicator” or “disk destroyer,” dd is a command-line utility that can copy and convert data at a low level. Its capabilities range from creating disk images to performing data recovery operations.
210
Cuckoo
A Cuckoo Sandbox is a tool that is used to launch malware in a secure and isolated environment, the idea is the sandbox fools the malware into thinking it has infected a genuine host. The sandbox will then record the activity of the malware and then generate a report on what the malware has attempted to do while in this secure environment. Cuckoo is an open source automated malware analysis system. It's used to automatically run and analyze files and collect comprehensive analysis results that outline what the malware does while running inside an isolated operating system.
211
NIC teaming
What is Network Interface Card (NIC) Teaming? Network Interface Card (NIC) teaming combines multiple network interface cards to work together as a single unit. Doing this gives us a few advantages: Increased bandwidth: The biggest advantage is the extra throughput you achieve with multiple interfaces. NIC teaming can help in the following ways: 1) Bandwidth. Network bandwidth is a connection's maximum total data transfer rate. NIC teaming aggregates two or more NICs, increasing the bandwidth. 2) Redundancy. One connection to one switch is a single point of failure. Teaming supports multiple connections. Is NIC teaming the same as LACP? There are two main kinds of NIC teaming: 1) Switch dependent. Also referred to as LACP, 802.3ad, or Dynamic Link Aggregation, this teaming method uses the LACP protocol to understand the teaming topology. Three NIC teaming configurations are available. 1) Switch independent teaming—Used when a switch does not support NIC teaming. 2) Static teaming—Used for a switch that supports teaming but must be configured manually. 3) LACP teaming—Used for a switch that supports LAN Aggregation Control Protocol (LACP).
212
MAC scheme
a mandatory access control scheme Mandatory access control is a centrally-managed access system. MAC assigns each network user a security level. It also assigns objects on the network with security attributes such as clearance levels and group identities. Users with the right security credentials can access protected objects. Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. What is the difference between mandatory and discretionary access control? The main difference between discretionary access control and mandatory access control is the key factor of controlling resource access. In discretionary access control, access is controlled by the resource users, while in mandatory access control, access is controlled by the system. It isnt used to control access to administrator accounts!!
213
What are the 4 types of access control?
Access Control Models and Methods | Types of Access Control There are four types of access control methods: 1) Mandatory Access Control (MAC), 2) Role-Based Access Control (RBAC), 3) Discretionary Access Control (DAC), and 4) Rule-Based Access Control (RBAC or RB-RBAC). A method is chosen based on the level of access needed by each user, security requirement, infrastructure, etc.
214
incremental vs differential backups
A differential backup strategy only copies data changes since the last full backup. An incremental data backup strategy copies data changes since the last backup.
215
security control categories
DESCRIBE HOW A CONTROL WORKS 1) technical - uses hw, sw, fw to reduce risk 2) managerial - administrative in function, documented in orgs security policy - focus on managing risk!! 3) operational: help ensure that the day-to-day operations of an orgs comply with the security policy // implemented by operational staff 4) physical: locks, fences, security guards
216
security control types
DESCRIBE THE GOAL THAT THE CONTROL IS TRYING TO ACHIEVE preventive deterrent - to discourage detective corrective - to restore normal operations after an inc occurs compensating - are alternative controls when a primary control is not feasible directive - provide instructions to individuals on how they should handle security-related situations that arise
217
increase availability by adding:
fault tolerance and redundancies, such as RAID failover clusters backups generators PATCHING: ensuring systems stay available is by keeping them up-to-date with patches
218
redundancy
adds duplication to critical systems and provides FAULT TOLERANCE --> a system with fault tolerance can tolerate a fault goal to remove SPOF 1) disk redundancies: fault-tolerant disks: 1.1 RAID-1 (mirroring), 1.2 RAID-5 (striping with parity), 1.3. RAID-10 (striping with a mirror) all these allow a system to continue to operate even if a disk fails 2) server r.: FAILOVER CLUSTERS 3) network r.. 3.1 LOAD BALANCING (e.g. high-volume website); 3.2 NIC (network interface card) teaming: provides redundancy and increased bandwidth by putting two or more network cards in a single server 4) power r. 4.1 UPSs 4.2 power generators
219
scalability: horizontal scaling vertical scaling
to be able to increase the capacity to meet new demand adding more servers to existing one --> horizontal scaling vertical scaling: doesn't add more servers but more RESOURCES: memory, processing power to individual servers // there is a limit based on the system (e.g. when a server only supports max 32GB of RAM)
220
elasticity
automates scalability by having the system add and remove resources as needed
221
what kind of control is a lock
physical, preventive and deterrent control
222
firewall is an example of which security control?
technical & preventive control
223
examples of technical controls
encryption antivirus sw IDSs & IPSs firewalls least privilege (individuals&processes are granted only the privileges they need to perform their assigned tasks or functions, but no more --> privileges are combination of rights & permissions)
224
managerial controls
are administrative in function documented in orgs security policy these controls use planning and assessment methods to review the orgs ability to reduce and manage risk 1) risk assessments 1.1) quantitative risk assessment - uses cost and asset values to quantify risk based on monetary values 1.2) qualitative risk assessment - categorizes risk based on probability and impact 2) vulnerability assessments - attempts to discover current vulnerabilities
225
operational controls
--> help ensure that the day-to-day operations of an orgs comply with the security policy --> implemented by operational staff (instead of systems) 1) awareness & training // pwd security, clean desk policy, understand phishing etc 2) configuration & change management 3) media protection // USB flash drives, external & internal drives, backup tapes
226
NIST
https://csrc.nist.gov/publications/sp800 The National Institute of Standards and Technology is part of the U.S. Department of Commerce - they publish Special Publications (SPs) in the 800 series --> important reference for security community - SP 800-53: Security and Privacy Controls for Information Systems and Organizations --> 3 chapters discuss security controls + 3 appendices --> Appendix C: provides details on hundreds of individual security controls divided into 20 different families
227
preventive controls
1) hardening 1.1) disabling unnecessary ports and services 1.2.) implementing secure protocols 1.3) keeping a system patched 1.4) using strong pwds along with a robust pwd policy 1.5) disabling default and unnecessary accounts 2) training 3) security guards 4) account disablement process 5) IPS - Intrusion Prevention System can block malicious traffic before it reaches a network 6) change management processes - help prevent outages from configuration changes
228
deterrent controls
some physical security controls used to deter threats: 1) warning signs 2) login banners
229
what kind of control is a security guard
preventive & deterrent
230
detective controls
1) log monitoring 2) SIEM systems --> Security information and event management systems 3) security audit 4) video surveillance --> CCTV (that is also a deterrent control) 5) motion detection 6) IDS
231
corrective controls
attempts to reverse the impact of an incident or problem after it has occurred purpose --> getting things back to normal as quickly as possible --> they restore the confidentiality, integrity, and/or availability 1) backups and system recovery 2) incident handling processes: defines steps to take in response to security incidents: 2.1) incident response policy 2.2) incident response plan
232
an example of compensating control
employees have to use smart cards when authenticating to a system to allow new employees to access the network and still maintain a high level of security the org might choose to implement TOTP (Time-based One-Time Pwd) as a compensating control --> which still provides a strong auth solution
233
directive controls
are designed to provide instruction to individuals on how they should handle security-related situations that arise (not technical mechanisms) 1) policies, standards, procedures, and guidelines: step -by-step guidance on achieving a goal 2) change management
234
change management - type of control?
operational directive preventive
235
encryption -type of control?
preventive technical control
236
fire suppression system - type of control?
physical technical control
237
Windows Logs
viewable using WINDOWS EVENT VIEWER 1) Security log // functions as a security, an audit and an access log 2) System log 3) Application log
238
network logs
on routers, fws, web servers, network IDS/IPSs logging all traffic // logging all traffic that the device blocks // or both
239
COW
Copy on Write
240
TOU
Time-of-Use type of race condition that occurs when an attacker can change the state of a system resource between the time it is checked and the time it is used
241
TOC
Time-of-Check
242
TOE
Time-of-Evaluation type of race condition that involves the manipulation of data or resources during the time window when a system is making a decision or evaluation
243
Mutex
mutually exclusive flag that acts as a gatekeeper to a section of code so that only one thread can be processed at a time
244
Deadlock
occurs when two or more processes are unable to proceed because each is waiting for the other to release a resource
245
race condition
software vulnerability where the outcome depends on the timing of events not matching the developer's intended order
246
3 main types of race condition
TOC --> Time-of-Check TOU --> Time-of-Use TOE --> Target\time-of-Evaluation
247
to protect against a race condition,
users can use locks and mutexes to lock resources while a process is being run
248
vulnerabilities lead to
- unauthorized access - data breaches - system disruptions
249
forms of attacks
unauthorized access data theft malware infections denial of service attacks social engineering
250
how to fix the vulnerabilities
1) hardening the system 2) patching 3) enforcing baseline configurations 4) decommissioning old and insecure assets 4) creating isolation of segmentation for devices
251
blue tooth attacks
- bluesnarfing - bluejacking - bluebugging - bluesmark - blueborne
252
mobile phone vulnerabilities and attacks
side loading jailbreaking insecure connection methods (wifi & bluetooth)
253
methods that mitigate these vulnerabilities
1) patch management 2) mobile device mgmt solutions 3) preventing sideloading and rooting of devices
254
OS vulnerabilities
1) unpatched systems 2) zero-day Vulnerabilities 3) misconfigurations 4) data exfiltration 5) malicious updates
255
how to protect against the above
1) patching 2) encryption of data 3) utilizing host-based firewalls 4) configuring access controls and permissions 5) configuration management 6) installing endpoint protection 7) implementing Host-Based IPS 8) Requiring the Use of Application Allow Lists
256
XML Injection
Security vulnerability that targets web applications that process XML data (extensible markup language) ======================== to protect your server when it receives XML data: Input Validation Input Sanitization Encryption (TLS) *************************** otherwise it is vulnerable to snooping spoofing request forgery injection of arbitrary code
257
XSS Cross-Site Scripting
web security vulnerability where malicious scripts are injected into web pages viewed by other users / to compromise the site's visitors it gets you to run some kind of a malicious script that bypasses normal security mechanisms
258
XSRF Cross-Site Request Forgery
Web security exploit that focuses on an attacker who attempts to trick a user
259
buffer owerflow
sw vulnerability that occurs when a program writes more data to a memory buffer that it can hold ======================== occurs when data exceeds allocated memory, potentially enabling unauthorized access or code execution ========================== buffer owerflow attacks in IT are being used as the initial vector!!, causing 85% of data breaches
260
race condition
sw vulnerability that occurs when multiple processes or threads in a concurrent system access shared resources or data simultaneously - this can lead to unpredictable outcomes
261
firmware
specialized form of software stored on hardware device, like a router or a smart thermostat, that provides low-level control for the device's specific hardware
262
device spoofing (blue tooth)
occurs when an attacker impersonates a device to trick a user into connecting
263
On-Path-Attack
exploits Bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware
264
Bluejacking
an attacker sends unsolicited messages often as a prank or to test the vulnerabilities
265
Bluesnarfing
unauthorized to steal contacts call logs text messages
266
Bluebugging
make calls send text messages access the internet
267
Bluesmack
denial of service, causes device to crash or become unresponsible
268
Blueborne
infects the device over the air without any intervention from the user
269
Bluetooth best practices
1) turned off when not in use 2) device set to NON DISCOVERABLE mode by default 3) regularly updating to the latest fw to address any known vulnerability 4) only pairing with known and trusted devices 5) always using unique PINs or passkeys 6) being cautious of unsolicited connection requests 7) using encryption for sensitive data transfers
270
Bluetooth vulnerabilities
Insecure Pairing Device Spoofing On-Path Attacks
271
mobile vulnerabilities
Sideloading Jailbreaking and Rooting Insecure connection methods
272
Sideloading
the practice of installing applications on a device from unofficial sources which actually bypasses the device's default app store
273
Jailbreaking/Rooting
process that gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices --> usually done for the purposes of customization
274
Insecure connection methods (mobile vulnerabilities)
- avoid open Wi-Fi and unknown Bluetooth pairings for security (use your own data cellular connection) - long, strong, and complex password - 802.1x authentication methods
275
MDM
Mobile Device Management Solution used to conduct patching of the devices by pushing any necessary updates to the devices to ensure that they are always equipped with the latest security patches + standardized configuration
276
SQL Injection
Structured Query Language Select, Insert, Delete, Update ======================= the attacker enters the injection parameter: by entering data modifying cookies changing POST data Using HTTP headers ========================= how to prevent it: 1) input validation 2) use a web application firewall (between the client and the web server)
277
XML Bomb (Billion Laughs Attack)
XML encodes entities that expand to exponential sites, consuming memory on the host and potentially crashing it
278
XML External Entity (XXE)
An attack that embeds a request for a local resource
279
Is it HTML / JavaScript / XML question? Font | Image | Href
HTML
280
Question | ID | Type | Element | Entity
that is going to be an XML question
281
4 steps of a XSS Cross-Site Scripting Attack
1) Attacker identifies an input validation vulnerability within a trusted website 2) Attacker crafts a URL to perform code injection against the trusted website (and spread the link via email, post etc) 3) The trusted site returns a page containing the malicious code injected 4) Malicious code runs in the client's browser with permission level as the trusted site
282
functions of XSS Cross-Site Scripting Attack ================== breaks the browser's security and trust model
1) defacing the trusted website 2) stealing the user's data 3) intercepting data or communications 4) installing malware on client's system
283
https://xss-game.appspot.com
284
Non-Persistent XSS
This type of attack only occurs when it's launched and happens once
285
Persistent XSS
Allows an attacker to insert code into the backend database used by that trusted website
286
Document Object Model (DOM) XSS Attack
Exploits the client's web browser using client-side scripts to modify the content and layout of the web page ========================== DOM XSS runs with the logged in user's privileges of the local system
287
document.cookie document.write
its a DOM based xross site scripting
288
session management
enables web applications to uniquely identify a user across several different actions and requests by server-side tracking by cookie tracking
289
types of cookies
- persistent - non-persistent (session)
290
non-persistent (session) cookie
resides in memory and is used for a very short period of time (deleted afterwards)
291
persistent cookies
stored in the browser cache until either deleted by a user or expired
292
session hijacking
type of spoofing attack where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP
293
Session Prediction Attack
type of spoofing attack where the attacker attempts to predict the session token in order to hijack the session --> session tokens need to be generated using a non-predictable algorithm
294
XSRF - Cross-Site Request Forgery
Malicious script is used to exploit a session started on another site within the same web browser
295
how to prevent XSRF (Cross-Site Request Forgery)
1) use user-specific tokens in all form submissions 2) add randomness and prompt for additional information (passwords - MFA) 3) Require users to enter their current password when changing their password
296
what is buffer
a temporary storage area where a program stores its data
297
Stack
a memory region where a program stores the return addresses from function calls
298
"Smashing the Stack"
Occurs when an attacker can execute their malicious code by overwriting the return address (in the stack)
299
NOP Slide
took a pic
300
mitigation against a buffer overflow attack
ASLR Address Space Layout Randomization A security measure that randomizes memory addresses, making buffer overflow attacks harder for attackers
301
Dereferencing
A fundamental operation in programming, and the vulnerabilities arise from unsafe or concurrent usage, particularly in scenarios involving race conditions
302
Dirty COW (Copy On Write)
Popular 2016 exploit, showcasing a race condition exploitation
303
types of DDoS
1) denial of service 2) amplified distributed denial of service 3) reflected distributed denial of service
304
DNS attacks
1) DNS cache poisoning 2) DNS amplification attacks 3) DNS tunneling 4) Domain hijacking 5) DNS zone transfer attacks
305
IoCs
1) account lockouts 2) concurrent session utilization 3) blocked content 4) impossible travel 5) resource consumption 6) resource inaccessibility 7) out of cycle logging 8) published documents that you have been hacked 9) missing log files
306
ICMP
The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues. ICMP is mainly used to determine whether or not data is reaching its intended destination in a timely manner. Is ICMP the same as ping? ICMP is one of the protocols of the TCP/IP suite. The ICMP echo request and the ICMP echo reply messages are commonly known as ping messages.
307
types of flood attacks
a) ping flood (ICMP echo - ICMP internet control message protocol) --> to prevent: many organisations are simply blocking ECHO replies and having firewalls dropping these requests / attackers gets a request timeout message b) SYN Flood / an attacker will initiate multiple TCP sessions but never complete the three-way handshake --> to prevent this from occurring 1) FLOOD GUARDS can be installed in the network (can be a feature in some routers & firewalls) 2) Timeout can be configured on those half open requests after a period of time (say 10, 15, 30 seconds) 3) IPS
308
PING FLOOD
ping flood (ICMP echo - ICMP internet control message protocol) --> to prevent: many organisations are simply blocking ECHO replies and having firewalls dropping these requests / attackers gets a request timeout message
309
SYN Flood
an attacker will initiate multiple TCP sessions but never complete the three-way handshake --> to prevent this from occurring
310
how to prevent SYN FLOODs
1) FLOOD GUARDS can be installed in the network (can be a feature in some routers & firewalls) 2) Timeout can be configured on those half open requests after a period of time (say 10, 15, 30 seconds) 3) IPS
311
PERMANENT DENIAL OF SERVICE - PDoS
an attack which exploits a security flaw by reflashing a firmware, permanently breaking networking device
312
Fork Bomb
a large number of processes is created to use up a computer's available processing power (not a worm because - only inside the processor's cache on a single computer)
313
DNS Amplification Attack
specialized DDoS that allows an attacker to initiate DNS request from a spoof IP address to flood a website
314
how to prevent DNS Amplification Attack
1) Blackholing/Sinkholing: attacking IP addresses are identified and its traffic routed to a non-existent server through a null interface - this will stop the attack / attackers can move to a new IP and restart the attack all over again / only a temporary solution 2) IPS / for smaller scale attacks as you need a lot of processing power to handle a big DDoS 3) ELASTIC CLOUD INFRASTRUCTURE / one of the most effective methods, where you can scale up when the demand increases, you can ride out a DDoS attack --> very expensive when you scale up specialized clouds providers that have taken to on this challenge to ride out DDoS attacks: CLOUDFLARE AKAMAI
315
DNS Attacks