Concepts Flashcards
What is social engineering attack?
It is the use of deception to make people submit their personal information online.
What is Diversion Theft?
It is a social engineering attack, where social engineers trick a courier company into sending the package to a different location and intercepting the mail.
What is Baiting?
It is a social engineering attack, where an attacker leaves a physical device infected with a type of malware in a place where it can be found. Like a USB that gets left around.
What is Honey Trap?
It is a social engineering attack, where a scammer pretends to be an attractive person online to build a fake relationship online to earn money or collect personally identifiable information (PII) such as the victim’s phone number and email account.
What is Pretexting?
It is a social engineering attack, where the attacker is practically lying in order to gain access to personal data or other privileged information. It is the use of believable reasons for the target to go along with whatever the person perormfing the social engineering is attempting to do.
I.e. an attacker may pose as a third-party vendor and claim that he needs to know a person’s full name and title to identify her identity.
What is Phishing?
It is a social engineering attack, where an attacker collects sensitive information such as login credentials, credit card numbers, bank account details, often posing as a trusted resource.
Phishing emails usually create a sense of urgency so that a victim feels that it is important to disclose information quickly. Despite being a relatively straightforward attack, phishing is one of the biggest cybersecurity risks.
i.e. A typical example is the use of email spoofing to disguise itself as a trusted resource like a financial institution to trick the target into downloading an infected attachment or clicking a malicious link.
What is Qui Pro Quo?
It is a social engineering attack that exploits the human tendency to reciprocate to gain access to information.
I.e. an attacker can provide free technical assistance by making a phone call to a victim and requesting assistance by making a phone call to a victim and requesting that they disable antivirus software or install a Trojan that takes over a computer.
What is Smishing?
It is a social engineering attack, is phishing done via SMS instead of email.
What is Spear Phishing?
It is a social engineering attack that targets a specific individual or organization. These types of attacks are aimed at infecting the victim with ransomware or tricking them into revealing sensitive information and data.
What is Rogue Security Software?
It is a social engineering attack, it is software that claims that there is malware present on your computer. The end-user receives a pop-up message requesting payment for the removal. If payment is not made, the pop-ups will continue, but the files are generally safe.
What is Vishing?
It is a social engineering attack, of phishing over the phone and directed at users of voice over IP (VoIP) services such as Skype. Vishing along with deep, false voices is a huge cybersecurity risk.
What is Tailgating?
It is a social engineering attack, where an attacker follows a person to a safe area. This attack relies on the person being followed, assuming they have legitmate access to the area.
What is Whaling?
It is a social engineering attack like spear-phishing yet targets high-profile individuals, like politicians, celebrities, and public company objectives.
What is Waterholing?
It is a social engineering attack, which occurs when an attacker targets a specific group of people by infecting a website they know and trust.
What are the 5 Principles (components) of Social Engineering (attacks)?
1) Authority of intimidation.
2) Consensus
3) Scarcity
4) Urgency
5) Trust and Familiarity
What is meant by the Principle of Social Engineering, of Authority or Intimidation?
Attackers use this principle of attack by playing the role of a person in leadership. They make use of this role to intimidate the target into action, or into revealing information.
What is meant by the Principle of Social Engineering, of Consensus?
This is when a hacker declares that action is normal or generally accepted in the context of an attack. Attackers use this technique when they receive skepticism from their target.
What is meant by the Principle of Social Engineering, of Scarcity?
Scarcity is similar to urgency, but the attacker will claim that there is a limited supply. The target is under the pressure to make a decision or is at risk of losing the offer due to a limited number.
What is meant by the Principle of Social Engineering, of Urgency?
This is when the attacker claims that something will only exist for a limited time. Scams like this are common for bitcoin.
What is meant by the Principle of Social Engineering, of Trust and Familiarity?
This is where the attacker tries to take advantage of exploiting a target by presenting it with something familiar. This is often something the target likes or supports.
What is up to 10 different strategies to prevent social engineering attacks?
1) Regularly conduct penetration tests using social engineering techniques. This helps identify who needs training.
2) Start a security training program targeted to create awareness.
3) Implement secure emails and web gateways to scan emails for malicious links and filter them into the trash.
4) Keep anti-malware and antivirus software up-to-date to prevent malware in phishing emails from being installed.
5) stay up-to-date with software and firmware patches on the endpoints.
6) Implement 2FA.
7) Keep track of employees with advanced authentication or who handle sensitive information.
8) Training against social engineering, password hygiene, and secure remote work practices.
9) Make sure employees don’t use the same passwords for work and personal accounts.
10) Implement spam filters for email.
What is Malware?
Nefarious software is designed for nefarious purposes.
What is Polymorphic Malware?
It changes the form and shape of code after each replication. This makes the code and signature more difficult to detect.
What is a Virus?
It is a piece of malicious code that replicates itself and is attached to another piece of executable code. Viruses are system based problems.
What is Crypto-Malware?
This is a malware designed to encrypt files on a system (without being authorized to do so). This renders the files unusable, sometimes permanently, and sometimes until a ransom is paid.
What is Crypto-Jacking?
This is malware that helps attackers to mine cryptocurrency illegally.
What is Ransomware?
This form of malware performs certain actions and extracts ransom from a user. Whenever money is demanded, then it is ransomware.
What is Worm?
This is similar to viruses in that they try to penetrate computer systems and networks and then create a new copy of themselves on the penetrated system.
Worms do not need to bind to another piece of code to reproduce. Worms are network-based problems. They can also travel without human interaction and can survive on their own.
What is a Trojan?
It is a stand-alone program installed by an authorized user, yet it has hs malicious functionality.
What is a Rootkit?
This is a form of malware specifically designed to modify the operation of an operating system in some way to facilitate non-standard functionality.
A rootkit can do everything an operating system can do, and has a lot of power to perform the malicious activity and avoid detection. Sometimes this is done by hiding files, affecting application performance, etc.
Rootkits include firmware, library, virtual, kernel, and application layers.
What is a Keylogger?
A keylogger is a software that is designed to record all keystrokes typed by a user. Keyloggers turn into malware when the user is unaware of them and is not under the user’s control.
What is Adware?
This is software that supports itself through advertising. It appears free to the user, but is self-paid through paid commercials.
What is Spy Software?
Spyware is software that “spies” on its users by recording and/or reporting their activities. This could include keylogging, recording how a user uses a program, browser history, etc.
What is a Bot?
A bot is a software program that acts under the control of another program. A bunch of these bots is called a botnet, which can be used for anything from bitcoin mining to distributed computing projects.
Uses range from customer service to influential political opinions.
What is a RAT?
A RAT is a Remote Access Trojan, a set of tools designed to provide the ability to covert surveillance and or ability to gain unauthorized access to a target system.
Or defined as a type of malware that controls a system through a remote work connection.
What is a Logic Bomb?
This is malware that sits idle for a period of time until they are activated. They can be triggered by an event or specific time or date.
What is a Backdoor?
It is a way into a system to gain access without using proper channels. It is usually a backdoor into a system.
What are Indicators of Compromise (IOCs)? What does this mean, not identify actual components.
These are indicators that a system has been compromised by authorized activity. The behavior of a system after it has been infected with malware provides forensic clues about the type of malware.
What are Plain Text / Known Encryption attacks?
This is when a hacker has access to both plaintext and encrypted copies of a message, and this allows them to crack the encryption and decrypt other messages.
What are Password Attacks and Bad Password Choices?
Since password and username authentication is everywhere, and because people have so many credentials to remember, they try not to complicate things. They reuse passwords and easy-to-find information (pet names, etc) to create passwords. Or they use common passwords, “abc123”.
What are Rainbow Tables?
These are pre-computed lookup tables of hash values for a given password.
The exam has a number of questions about the “fastest way” to crack a password. The answer is through Rainbow Tables as the hashes have already been provided. One can mitigate this by using salting, which adds a random set of characters to make a hash harder to guess or calculate.
What is a “Dictionary file”?
These are like Rainbow Tables, will need a little more assembly. A dictionary will have many possible passwords, which can be then combined or modified to generate passwords for you to test.
Kali’s RockYou dictionary is an example, and these dictionaries can be used alongside tools like fcrackzip.
What is Brute Force?
This is an attack where all the passwords of a list are tried.
What are Collision Hybrid attacks?
These attacks exploit math problems in cryptographic methods, like hashes. In normal hashes, one input is to have one output. When hash values are duplicated or
What are Degrade Hybrid attacks?
These attacks capitalize on older versions of software with backward compatibility issues.
What are Replay attacks?
These attacks happen with a capture of a series of packets or communications and then a replay of those messages to achieve authentication.
What is a Denial of Service (DoS) attack?
This is where attackers exploit vulnerabilities to deny authorized users access to specific functions or an entire system.
What are DDoS attacks?
These are Denial of Service attacks using multiple computers.
What are Man in the Middle (MitM) attacks?
This is when an attacker themselves in the middle between two communication hosts. The attacker observes all traffic then can forward traffic to the intended recipient.
This can also be utilized through session hijacking, where an attacker steals a cookie and uses it for false authentication.
What is a Buffer Overflow attack?
This occurs when an input buffer is overwritten with more data than it can handle. As a result, user input spills into other parts of memory. this make it possible for attacker to crash programs and overwrite data. Also often allow for higher level of escalation.
What is an Injection attack?
In this vulnerability, an attacker can inject data to be interpreted or executed by an application for malicious purposes.
What is Cross-Site Scripting attacks?
This is where an attacker is using a script in their input.
If run immediately and not maintained is a non-persistent xss attack.
If stored on the backend and then used against others later, it is called a persistent attack.
What is Application forgery on various sites?
This is an attack when an end-user is used to perform actions on a web application in which the user is authenticated. This attack utilities a cookie that is sent between we applications.
What are Increased Priviledges?
This simply means starting an ordinary privilege level and reaching the root or administration level. This can be done by stealing the credentials or with the help of other attacks on processes running with elevated privileges.
What are ARP Poisoning attacks?
When inquiries of the ARP table are received, the ARP table does not normally include verification. In this type of attack, an attacker can quickly provide false data in response. This is called ARP poisoning and results in a bad address of the malicious address.
What is an Amplification attack?
This refers to the use of a protocol in such a way that it applifies results by using multiple machines.
What is DNS Spoofing and poisoning attack?
DNS poisoning or spoofing is where a DNS record is changed. This results in incorrectly diverted traffic.
What is Domain hijacking attack?
Domain hijacking is simply the unauthorized act of changing the registration of a domain name.
What is a “Man in the Browser” attack?
This is similar to Man in the middle. MitB attacks involve malware that modifies the behavior of the browser through helpers or extensions.
What are Zero day attacks?
A zero day vulnerability is which there is no prior knowledge beyond the Hacker or vendor.
What are Replay attacks?
Replay attacks occur when an attacker detects a communication between two parties and replays it at a later time. This could cause a 2nd authentication not intended.
The best ways to fight these are encryption and timestamps.
What is Pass the hash attack?
This is when an attacker captures the hash value, which allows them to be able to authenticate connection without actually knowing the password.
What is Clickjacking?
Where elements of the website cause the user to click something that isn’t wanted.
A real-life example, someone subscribes to a service through a clickjacking and then needs to make a lot of phone calls to fix everything.
What is Session hijacking?
Also called TCP/IP hijacking, where an attacker takes control of an existing session between a client and a server. Since the user is already authenticated, the attacker can continue with all privileges after the attack is complete.
They could also use a DoS attack against the original client to keep them busy.
What is “URL” and “spell/typo hijacking” squat?
URL hijacking is a class of attacks that manipulate or alter a URL. This could include typos or misleading the user into thinking that they are clicking the correct URL. This could also involve malware.
The typo squat is where attackers take advantage of common typos. Political candidates face this threat all the time.
What is Driver tampering?
This isvan attack that changes drivers and therefore driver’s behavior.
This is done by shimming, which is inserting another level of code between the driver and the operating system.
This is a way developers facilitate future enhancements, but it also opens Backdoor.
What is Phishing?
Phishing refers to making it appear that a request is coming from a different than it really is.
Typically this means impersonating a known or trusted source.
What is MAC Spoofing?
This refers to changing a MAC address to bypass security checks looking for a specific MAC address.
What is IP Address Spoofing?
Changing the “from” field when sending IP packets.
What is a Smurf Attack?
When an attacker sends a spoofed packet to a broadcast address on a network, that packet will be distributed to all users on the network. Typically this means that other devices will send an echo reply to the request. The (spoofed) sender of the original echo-request packet now receives many responses.
What is Spoofing from Trusted Relationships?
One can spoof a package from one system to another system that already trusts the source. When system admins should configure firewalls to not allow packets from outside the network masquerading as packets from inside the network.
What is a Sequencing Number Spoofing?
The TCP three-way handshake generates two sequence numbers. These numbers are required for future communication. So if you are off the network, it is more difficult to see (and therefore spoof) packet sequence numbers.
What are Replay Attacks?
These are attacks where traffic is recorded between the endpoints and the wireless access point. Once recorded, the messages can be replayed to authenticate, perform a transaction, etc.
What are IV - Initialization Vector Attacks?
Initialization vectors are used in wireless systems as a “scrambling element” at the beginning of connections. Therefore, these attacks are attempts to find the IV and use it to undermine the encryption. The IV is sent in clear text and is only 24 bits long, which means it likely repeats every few hours.
What is Evil Twin Wireless Attack?
This attack uses replacement hardware. Devices connect to access points that are the “best” connection options, and inadvertently get attached to evin twins.
What is a Rogue Access Point Wireless Attack?
This is similar to an evil twin. An attacker can use an unauthorized access point to persuade users to login, enter credentials, etc.
What is Wireless Jamming?
This refers to the blocking of wireless or radio signals and the denial of service. It is illegal, so don’t do it.
What is WPS?
WPS = Wi-Fi Protected Service
This is a wireless security standard designed for easy Wi-Fi setup. Unfortuntely, the PIN used is susceptible to brute force attacks.
What is Bluejacking?
A bluetooth-related attack, which involves the unuthorized sending of messages to a Bluetooth-enabled device.
What is Bluesnarfing?
Bluesnarfing is a bluetooth-related attack that involved information theft.
What is RFID?
This is radio frequency identification. RFID tags can be passive or active. Active tags have their own power source, while passive tags are powered by Radio Frequency fields. RFIDs are increasingly used for authentication, building access, etc.
What is NFC?
NFC = Near Field Communication.
It is a wireless protocol that allows devices to talk in a very short range (about 4 inches). This is increasingly popular in mobile payment systems (touch to pay).
What are disassociation attacks?
These are attacks which disassociate or disconnect a device from the network. The Wi-Fi framework includes a “de-authorization” frame that could be sent to a device to remove it from a network. This can lead to a denial of service attack for which attackers can listen to reconnection messages and try to steal a password
What is Jamming?
This refers to the blocking of wireless or radio signals and the denial of service. This happens a lot in the military.
What is WPS?
This is a wireless security standard designed for easy Wi-Fi setup. Unfortunately, the pin it uses is susceptible to brute force attacks.
What is Bluejacking?
This involves the unauthorized sending of messages to a Bluetooth enabled device.
What is BlueSnarfing?
This is a Bluetooth related attack that involves informational theft (rather than sending unwanted information).
What is RFID?
Radio frequency ID tags can be active or passive and are used for authentication purposes.
What is NFC?
This is Near Field Communication, a wireless protocol that allows devices to talk in very short range (about 4 inches).
What is Dissolution?
Dissolution attacks mean disconnecting (or disassociating) a device from the network, and may include the “de-authentication” frame.
What are Race Conditions?
These are errors that occur when “the output of a function depends on the sequence or timing on the inputs.” If the inputs do not occur in order or are scheduled, errors occur. There are ways to work around this with locks etc. Race conditions can be used to lock down a program or system.
What are End of Life vulnerabilities?
End of Life refers to a system that no longer works as expected. Many vulnerabilities detected after after the end of life cycle bevause there is often no support for fixes or patches.
What is Lack of Supplier Support vulnerability?
This is when there is no support available if a firm keeps using software after the end of its life, or is used in a way not covered, and they are responsible for all risks.
What are Integrated System vulnerabilities?
These are vulnerabilities that occur when a system is running inside another system and often do not receive normal system updates.
What are improper handling of errors?
Avoid sharing debugging information with the outside world. Capture info to a protected log file, not the console.
What is improper inputs vulnerabilities?
These create overflow problems, XSS, XRSF, cross-paths, injection problems and more.
What is the “default settings” vulnerability?
This is a factory user name and password that often leaves default credentials, which are easy to crack.
What are “incorrect or weak configuration” vulnerabilities?
Any type of configuration that weakens the security posture of an organization or its systems.
What are “untrained users” vulnerability?
These users just break their computers, often bypassing controls or unsafe behavior.
What is “depletion of resources” vulnerability?
It is when a software program consumes all the resources available on a system.
What are “vulnerable business processes” vulnerabilities?
This falls into social engineering, it is when hackers can exploit vulnerable business practices like HR not consulting with IT, or not verifying purchase orders before sending a check.
What are “incorrectly configured accounts” vulnerabilities?
When an administrator accidentally makes configuration errors, or when user accounts have “too much” access.
What are “weak cipher suites or implementations”?
When users try to launch implementation software or poor implementation of a known cryptographic algorithm.
What is a “memory or buffer vulnerability”?
It is when the user is asked to enter input but the programmer does not verify or limit the length of input, a buffer overflow may occur, this means that other areas of memory will be overwritten.
What is “DDoS” vulnerability?
DDoS = distributed denial of service attacks
Using multiple systems to take down a target.
What are “memory leaks/loss”?
When the computer software where does not manage the memory usage properly.
What is “buffer overflow”?
This is an input valudation attack that takes advantage of programs that don’t validate the length of inputs.
This is both from programming errors and weaknesses of programming languages.
What is “integer overflow”?
Refers to an integer that “rolls over” once the maximum value is reached.
Depending on the integer, it can pass to “0” or to a negative number, which can cause logic errors.
What is “pointer reference?”
This is like an “index” of variables.
When de-referencing, we lose the index of where information is, often resulting in program crashes as information becomes misplaced or over-written.
What is “DLL injection”?
Adding a DLL (digital link library / somrtimes executible) to the program at run-time. The DLL either has a vulnerability to exploit or is maliscious.
What is “system spread and undocumented resources”?
This is the expansion of systems over time where growth exceeds understanding and documentation.
Note, the foundation of a comprehensife security program is understanding al of the resources available and how they are connected.
What are “architecture or design weaknesses”?
Structural weaknesses translate into vulnerabilities and increased risk from a systematic way. I.e. a non-segmented network allowing users to travel throughout it with ease.
What is “inadequate certificate or key management”?
When certificate or key mismangement exists, aka by not managing these keys effectively, they can be stolrn or lost.
What is a “zero-day attack”?
It is a new or not yet patched vulnerability. There often is no patch created yet.
What is penetration testing?
It is a simulated attack on a system by a hypothetical “malicious outsider”. It is meant to help identify vulnerabilities of a system.
What is “passive reconnaissance”?
Gathering information about a topic without sending traffic to a target, like using search engines. These also use passive tools like wireshark or tripwire.
What is “active reconaissance”?
Gathering information aboit a target by actively engaging or interacting directly with a target. Nmap is an active tool and can be detected by the defender.
What is a “pivot attack”?
It is where an attacker gains access to a system and then uses that system to attack or scan other systems within that network.
What is “initial exploitation”?
After reconaissance, it is simply demonstrating that a vulnerability is actually present and exploitable, but not “developing” the vulneranility.
What is persistence?
To try harder.
What is “priviledge escalation”?
Moving from a normal and assigned user account (and priviledges) to higher levels.
This is done by exploiting vulnerabilies or stealing credentials.
What is a “white box” test?
It is the penetration tester using predefined information delivered by an organization to test more complex features of a system.
What is “black box” testing?
To simulate an attack and test the software within the network without prior knowledge of internal data or infrastructure knowldge.
Many times, developers find new problems because they are not evaluating by a predefined set of rules.
What is “gray box” testing?
A mix of white and black box testing. An evaluator may have some information about a system but that information is incorrect.
What is “vulnerability scanning”?
Scanning a system for vulnerabilities. It is the process of scanning sysyems for holes, weaknesses, and problems. The goal is to find the weaknesses before the attackers.
What kind of vulnerabilities are we searching for during vulnerability scanning? Existing or new?
Existing, not zero-day.
What are “common configuration issue”?
These are often found during vulnerability scanning, like weak passwords or default credentials being used.
What is the difference between an intrusive or non-intrusive vulnerability scan?
With intrusive, it meand that data can be changed. With non-intrusive it means that data within the system is not changed. It is often the choice of the customer.
What is the difference between a credential and non-credential scans?
Credentialed scans mean attacker receives the credentials ahead of time.
What is a false positive scan?
When a scan turns up a vulnerability that doesn’t actually exist,or not reporting one that does exist, callrd a false negative.
What is the point of “web servers”?
They provide the means for users to access web pages or other data and are therefore subject to attack.
What are the point of “operating systems”?
These are the interfaces to the applications used to perform tasks or the physical hardware.
What are the point of “application servers”?
These are three servers that run messaging platforms, email servers, database servers, and more.
What are “network infrastructure devices”?
These are switches, routers, hubs, firewalls, and other special devices.
What is “Defense in Depth”?
Is a security principle that uses several different security features to increase the level of security.
What is “vendor diversity”?
This means having more suppliers.
What is “control diversity”?
It is multi-layered security in administrative and technical controls or policies to guide user actions
What are “technical policies or controls”?
These controls are those that operate in the system through technical intervention like passwords, logical access control, AV, firewalls, IPS / IDS, etc.
Why are “zones and topologies” important?
They allow layers of defense in an organization, and the innermost layers have maximum protection.
What is “DMZ”?
It is a semi-secure area that is protected from the rest of the internet by an external firewall, and the trusted area by an internal firewall.
This zone can gace web servers, remote access servers, and external email servers.
What us an “extranet”?
An externsion of a selected part of a corporate intranet to external partners. It involves both privacy and security.
What is an “intranet”?
A network that exsists entirely within the trusted zone of a network. This signifies that it is under the security control of the system administrators.
If intranet users need to access external information, a proxy server must be used to mask the location of the requester.
What are “wireless networks”?
The transmission of data over radio waves rather tgan physical cables. These networks can be concentrated and radial (a primary access point and wireless clients connecting to this AP) or a mesh network.
What is a “honeypot”?
It is a “fake” network, designed to look like the real one and thus attract attackers.
What is a “guest zone”?
It is a network segment that is isolated from the rest of the systems that guests should never have access to.
What is NAT?
Network Address Translation is used to translate private, non-routable IP addresses into public, routable IP addresses. It can be to compensate for the lack of available IP address spaces. Not all systems require all IP addresses to be routable. It is best if your organization’s topology is hidden from outsiders.
What is PAT?
Port Address Translation. Allows internal private addresses to share a single external IP address.
What is “ad hoc networking”?
Is a mesh topology in which systems can send packets to each other without a central router or switch. It is an easy and cheap direct method of communication yet it is more difficult to manage traffic and security statistics.
What are “enclaves”?
Sections of a network that are logically isolated from the rest of the network. Four ways of segmentation include physical and logical segmentation, virtualization, and air gap.
What is “physical segmentation”?
Uses seperate physical equipment for each type of traffic. Switches, routers, and cables are separate and more $$$.
What is “logical segmentation”?
Completed by using a VLAN, (virtual implementation of a LAN).
What is a “VLAN”?
A collection of devices with similar communication needs and functions that work with a single switch.
What is “virtualization”?
Provides logical isolation of the server while allowing physical co-location.
What is an “air gap”?
When there is no data path between two networks that are not connected in any way except by physical air gap. This can ve broken when someone uses a USB or other medium to transfer info out.
What are “sensors”?
These acquire data can can be network- or host-based.
What are “collectors”?
Essentially hubs for multiple sensors. Collected data often goes to other systems.
What are “correlation engines”?
These systems take collected data and compare it to known models. When traffic is routed “around” the sensors, then the engine won’t see it.
What are “process filters”?
These examine packets on a network interface and filter them based on source/destination, ports, protocols, and more. These filters must be placed inline with sensors.
What are “proxies”?
These are servers that act a as bridge between clients and other systems. For this to work, the proxy must be in the natural flow of traffic.
What are “firewalls”?
These are devices that determine whether or not traffic can pass through according to a set of rules. They need to be inline with the traffic they are regulating and are typically placed between network segments.
What are “VPN concentrators”?
These accept multiple VPN connections and terminate them at a single network point. Wherever this termination occurs, it is best to be on a network segment that allows all users to connect directly.
What are “SSL accelerators”?
These help SSL / TLS encryption at scale. They must be placed between servers and the requestors for a server.
What is a “load balancer”?
These help distribute incoming traffic across multiple servers. The load balancer must reside between the server that provides that service and the requestors for a server.
What is a “DDoS mitigator”?
This helps protect against DDoS attacks, so it must be outside the area it is protecting. It would be the first device to find a packet on its way from the internet over a network (assuming the device was present).
What are “aggregation switches”?
These provide connectivity for many other switches. This is a many-to-one connection. In must be older than the “many” devices.
What is a “Switch Port Analyzer (SPAN)”?
It is a way to copy traffic running in a port. The can be a problem if the traffic is very heavy.
What is “virtualization”?
This is an abstraction of the operating system layer so that multiple operating systems can be hosted on a single piece of hardware. These are low-level program that allow multiple operating systems to run simultaneously on a single host.
What is a “Type I Hypervisor”?
This hyper visor is running directly on the hardware. It is called native or embedded hypervisor.
What is a “Type II Hypervisor”?
This hypervisor runs on a host operating system and is common for consumers, like VMware.
What are “containers”?
These are virtual environments where parts of an operating system is separate from the kernel. This allows multiple instances of an application simultaneously. These are like virtual machines, but are for applications.
What is “virtual machine escape”?
The is when an attacker or malware can escape or move from one virtual machine to another machine using an underlying operating system.
What is “cloud storage”?
This is storage over a network. It enables better performance, availability, reliability, scalability, and flexibility.
What is “Saas”?
Software as a service. This allows providers to deliver software to end users from the cloud rather than having users download software allowing simple updates and integration.
What is “PaaS”?
Platform as a service, as offering an IT platform in the cloud. Good for scalable applications, it could work for something like a database service.
What is “IaaS”?
Infrastructure as a service. Claud-based systems that allow organizations to pay for scalable IT infrastructure instead of building their own data centers.
What is a “private cloud”?
Resources for your organization only. It is more expensive although it has less risk of exposure.
What is a “public cloud”?
The is when a cloud service is provided on a system that is open to public use. It has the least amount of security checks.
What is a “community cloud”?
This is when multiple organizations share a cloud environment for a specific, shared purpose.
What is a “hybrid cloud”?
This is a mix of community, private, and public environments that are often segregated to protect confidential and private data from public or community use.
What is a “VDI”?
Virtual Desktop Infrastructure. This allows someone to use any machine to access information hosted on the cloud.
What is a “CASB”?
Cloud Access Security Broker. This is a service that enforces security policies between your cloud service and your clients. This lets customers know they are using a cloud service securely.
What is “Security as a service”?
No acronym. This is the outsourcing of security functions. It is a third-party vendor offering a wide range of security specialties. This allows scalability without the infrastructure.
What is the “waterfall software development process”?
It is a linear process where once one phase is completed another phase starts. It tends to break easily.
What is the “agile software development process”?
This process focuses on small and quick increases in functionality. The two subcategories are scrum and XP.
Scrum is process-based while XP focuses on “user stories”.
Each adds functionality to a product iteratively.
What is “DevOps”?
A buzzword that refers to the combination of development and operations. This often takes care of large-scale systems. Automating tasks, allows us to focus on the most important and urgent items. I.e. Routine security processes can be automated.
What is “continuous integration”?
This occurs when one continuously updates and improves a production code base, and is mixed with automated testing and development in the mix.
I.e. Making a routine and incremental changes can help with safety. Well-documented changes allow tracing for any sort of problem.
What is “baselining”?
It is a process of defining metrics, measuring success against them, and then taking future snapshots of system health. And rinsing and repeating.
What are “immutable systems”?
Systems that once implemented are never modified. If there are problems or an update is needed, a completely new system replaces the older one. This can simplify difference and tracking issues.
What is “infrastructure as code”?
The use of code to build systems programmatically rather than with manual configuration. This helps maintain settings and configurations and simplifies things as systems get larger and more complex.
What is “version control”?
Thus tracks the versions of a product that is being worked on during any stage like development, staging, or production.
What is “change management”?
This is the way an organizations manages the versions currently in use and also manages changes as they are released.
What is “provisioning”?
The process by which you assign privileges and permissions to a user.
What is “de-provisioning”?
Reverse revocation of permissions.
What is “correct error handling”?
It is when errors when an attacker forces errors into an exception-handling state, these errors are caught and handled in a compilation routine and then safely reported in a log file.
What is “validation of the correct entry”?
By validating user inputs we help mitigate attacks like buffer overflows, XSS, XSRF, path traversal, and more. If the input does not make sense with the rules, it is probably a standardized request.
What is “entry standardization”?
This is the process of taking the lead and creating the simplest form of the string before continuing.
What are “store procedures”?
These are pre-compiled methods for use in databases. This helps prevent users from trying to run SQL injections because the procedures for storing entry data is standardized.
What is “code signaling”?
This is applying a digital signature to a code. It has two purposes. 1) It provides end users with a means to verify the integrity of code, and 2) it provides evidence of the origin of the software.
What is “concealment and camouflage of code”?
Purposely not exposing more information versus necessary and hiding information purposely from attackers.
What are “code reuse” and “dead code”?
This is the process of re-using code that is checked and discarding code that no longer has a purpose.
Dead code still can be run, but the results are not utilized anywhere.
What is “server-side and client-side execution and validation”?
Server-side validation is the most secure when it is performed on the server. Endpoints or clients can be easily compromised prior to validation.
What is “memory management”?
This is a set of actions used to control and coordinate the memory of a computer. This includes freeing up memory after use. If not done properly, we can get a memory leak (vulnerability).
What are “third-party libraries” and “SDKs”?
These are controlled libraries to reuse code.
What is “data exposure”?
This is losing control of the data.
What is “code quality and testing”?
Code should be reviewed before going into production to find bugs and weaknesses before an attacker does.
What is “code analysis”?
This is the process by which code is inspected. It can be done dynamically (while executing code) or statically (without executing code).
What is “static code analysis”?
This is done using automated tools. Any system including the unit, subsystem, system, and full application level is a candidate for static testing.
What is “dynamic code analysis”?
Performed by running code on the target system or in an emulator.
What is a “sandbox”?
It is an isolated environment that allows administrators to run untrusted or unverified code.