Cyber basics Flashcards
What does CIA stand for?
Confidentiality , integrity, availability
What does confidentiality in CIA refer to?
the act of sharing or revealing information only with authorized personal
What does integrity in CIA refer to?
the ability to ensure that information or data remains unchanged and accurate
What does availability in CIA refer to?
ensuring timely and reliable access to and use of information
What does the red team do?
Test defenses, search for weaknesses, provide assesments
What does the blue team do?
Maintain security, Prevent breaches, Monitor for threats, Respond to incidents, Research technologies
What is an HVA?
High Value Asset
What are the primary roles of Cybersecurity in a business?
protect assests or HVA, protect data, protect functions and processes, protect ALL org assets.
True or False: The cost of treating risk should never meet or exceed the potential loss?
True
What does NIST stand for?
National institute of Standards and Technology
Is NIST framework required or voluntarily implemented?
A voluntary framework
What is risk?
Risk is the level of organizational assets, organizational operations, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occuring.
What is risk more simply?
Risk is if you have an asset with a vulnerability that has a threat of being exploited.
What does PII (pii) refer to?
Personally identifiable information
What are the security risk factors?
Threat, Vulnerability, Likelihood, Impact
What does CONTROL refer to when associated with the word RISK?
Managing risk, including policies, procedures, guidelines, practices, or org structures
What does VULNERABILITY refer to when associated with the word RISK?
Weakness in a system, system security procedures, internal controls, or implementation
What does CYBERRISK refer to when associated with the word RISK?
risk to a business due to the failure of a business function dependent on digital technologies
What does LIKELIHOOD refer to when associated with the word RISK?
A weighted factor based on subjective analysis if the probability that a given threat is capable of exploiting a given vulnerability.
What does RMF mean?
Risk Management Framework - a flexible risk based approach
In order what are the 7 phases of the RMF?
- Prepare 2. Categorize information systems. 3. Select security controls. 4. implement security controls. 5. Assess security controls. 6. authorize information systems. 7. monitor security controls.
What is an asset?
Assets can be hardware, software, or information.
What is a threat?
A potentially negative action or event often caused by taking advantage of a vulnerability
What is a risk?
probability of exposure or loss resulting from a cyber attack.
What is a vulnerability?
errors/flaws that weaken the overall security of the device/system.
What is an exploit?
taking advantage of a program/system to produce an unintended consequence/result
What are examples of threats and attacks?
Global threat (pandemic), regional threat (weather conditions), Industry specific (microchip shortage), cybersecurity (randsomeware, DDoS, etc)
What are some common threat vectors? (methods people use to exploit a system)
Unpatched vulnerabilities, security misconfiguration, weak, leaked, or stolen credentials, social engineering, and insider threats
What are some common attacks? (type of attack)
Malware, on path (man in the middle {MiTM}), DoS, DDoS, Phishing, SQL injection, Zero Day, DNS tunneling, ARP poisoning.
What is Malware?
Malware stands for malicious software. A program or code that can harm a computer or network
What is an on path or man in the middle attack?
An attack places themselves between two devices and modifies communications between the two
What is a DoS attack?
DoS stands for denial of service when a computer aims to make a computer or network unavailable to it’s users.
What is a DDoS attack?
DDoS stands for distributed denial of service when an attacker aims to flood a server with traffic using multiple comprised computers AKA a “Botnet”.
What is phishing?
A method used where someone pretends to be legitimate in order to trick individuals into providing sensitive information data.
What is DNS tunneling?
a method where cybercriminals exploit the DNS protocol to create a covert communication channel.
What is SQL injection?
SQL injection is when someone tricks a website into running harmful commands
What is a Zero Day attack?
Exploits a software flaw that the software’s creator doesn’t know about yet.
What is ARP poisoning?
sends fake ARP (Address Resolution Protocol) messages to a network
What is an IOC?
Indicator of compromise - present after an attack
What is an IOA?
Indicator of attack - early warning or clues that reveal suspicious activity. Present before an attack
What are some common malware types?
Worm, rootkit, keylogger, bot(s), mobile malware.
What is a worm and which part of CIA is impacted?
Worms spread through a network by replicating itself and not needing interaction. This impacts Integrity.
What is a rootkit and what part of CIA is impacted?
Gives remote access to devices. This impacts confidentiality and integrety.
What is a keylogger and what part of CIA is impacted?
A keylogger can monitor keystrokes. This impacts confidentiality.
What are bots and what part of CIA is impacted?
Can launch a broad flood of attacks. This impacts availability.
What is mobile malware and what part of CIA is impacted?
This infects mobile devices and impacts confidentiality and integrity.
What are the phases of incident response?
- Prepare. 2. Detection and analysis. 3. Containment, eradication, and recovery. 4. Post incident activity.
What are 3 types of AI?
Artificial narrow intelligence , artificial general intelligence, artificial super intelligence.
What is a network?
two or more devices that can interact over links or connections.
What are the 4 types of network?
PAN, LAN, MAN, WAN
What is PAN and what does it stand for?
PAN is personal area network. A network connected by only two computers
What is LAN and what does it stand for?
LAN is local area network. A network where there is a group of connected computers in a specific place. (like a home or office)
What is MAN and what does it stand for?
MAN is metropolitan area network. A smart city for example
What is WAN and what does it stand for?
WAN is wide area network. This extends over large geographical distances, like the internet.
What are servers/clients?
A server is a computer or program that provides services to other computers. Clients are devices or applications that request and use the services provided by servers.
What is a router?
interconnecting LAN
What is a switch?
Used to interconnect devices on a LAN. It has ports.
What is a transmission medium?
The method in which network information is delivered. (satellite, copper wires, radio waves, fiber)
What is a transmission protocol?
Set of rules that dictate the proper communication between two or more computing devices.
What are some common network commands?
Ipconfig, ping, route, tracert, nslookup, netstat,arp
What is a passive attack?
Can monitor or copy data, doesnt impact the system. Threatens confidentiality
What is an active attack?
Modify or alter contact and impact the system, can threaten the availability and integrity of data.
True or false: Attacks can ONLY be passive or active
False: attacks can be either or both
What are some tools and controls for data?
Segmentation, segregation, firewalls
What is segmentation referring to?
Dividing networks into multiple segments or zones (wifi vs guest wifi)
What is segregation referring to?
Implementing rules to control communication between specific hosts, services, or subnets.
What is a firewall used for?
Hardware or software designed to protect one network from another. Bidirectionally monitoring network traffic which is then permitted or blocked based on rules. Secures traffic between trusted internal networks and untrusted external networks
Used to filter specific traffic. Can also filter traffic between individual hosts
What are the 3 states of data?
Rest, in use, transit
What does data at rest mean?
Stored or archived data
What is data in use?
Data actively being processed (on a screen)
What is data in transit?
Data that is moving
What is physical segmentation?
having devices in a separate physical location
What is logical segmentation?
Involves using a virtual local area network (VLAN) to group devices regardless of location
What is a DMZ?
part of a network that faces the public - where web servers, email and other services reside. Separated from the local area network so hackers cannot get access to internal resources.
What are Security controls
Safeguards or counter measures to avoid, detect, counteract, and minimize security risks.
What are the 3 security control categories?
Administrative, technical, physical.
What are administrative security controls?
guidance, rules, and implementation procedures.
What are technical security controls?
hardware or software that is implemented. (firewall)
What are physical security controls?
protection from physical threats (someone looking over your shoulder, locking doors, etc)
Types of AI
Artificial Narrow Intelligence - specific topicArtificial General Intelligence - broad contentArtificial Super Intelligence
What is AI
intelligent machines that can mimic human cognitive abilities
What is LLM
Large Language Model - neural networks execute searches on vast amounts of stored information
What is a network
Two or more machines connected for communications
Ipconfig
used to display the status of the currently active interfaces and details
Ping
Can test connectivity either by IP address or DNS name
Route
Can display routing table and manipulate the entries within it
Tracert
can be used to determine the route to a remote host
Nslookup
used to find the IP that corresponds to a DNS record and vice versa
Netstat
can be used to display and filter all incoming and outgoing network connections
Arp - Address Resolution Protocol
can be used to update, display, or manipulate ARP table entries
Network commands
Ipconfig - used to display the status of the currently active interfaces and details
Ping - Can test connectivity either by IP address or DNS name
Route - Can display routing table and manipulate the entries within it
Tracert - can be used to determine the route to a remote host
Nslookup - used to find the IP that corresponds to a DNS record and vice versa
Netstat - can be used to display and filter all incoming and outgoing network connections
Arp - can be used to update, display, or manipulate ARP table entries
What is Linux
OS kernel created by Linus Torvalds - a version of GNU
What is GNU
GNU’s Not Unix - an open source operating system that is the basis for Linux
What is a Distribution
An OS made from a collection of software including the Linux kernel, GNU tools, additional software, and a package manager
How many distributions are there? And which are popular
- Red Hat Enterprise Linux (RHEL), Kali Linux
What is Kali Linux
Distribution with powerful security tools - over 600 tools for security professionals
What are the primary components of an OS?
Kernel mode (core OS functions) and User mode (applications)
What functions does Kernel Mode provide?
Bootloader - a program written into the computer that loads the OS. the first software to start up
Drivers - Kernel modules can communicate with hardware devices without knowing intricate details. Essential to the system
File system - the structure that the OS uses to organize and store files and data
Network stack - allows applications to access a network through a physical networking device. A set of processes that controls how, where, and when data is stored or retrieved from a storage device.
Sudo - super user do - run command with elevated privileges than a regular user
What functions does User Mode provide?
Processes - Running instances of programs
Sessions - groups of processes from the same shell (shell = command box, same shell = commands that are typed in the same command box)
services/daemons - background processes that start at boot time and perform specific functions without intervention from a user
Application - a program that could be as simple as a command line tool or complex graphical program
What is a Linux CLI
Command Line Interface - runs on Linux startup - CLI is very powerful and requires knowledge to be used properly Servers run command lines - don’t need need a GUI
What does the Linux GUI do
X server will start GUI interface Offers familiar windows and point and click functionality
GUI is easier to use than CLI but not as powerful for automation
GUI Core utilities
Certain commands work in any distribution of linuxAKA coreutils Works across linux distributions
Basic Linux commands
Ls - lists whatever files are there
CD - change directory - changes current working directory to parent directory or down
Touch - creates an empty file Pwd - what directory you are in, correct complete path, route
Cat - Concatenate (to link together), modify or create new files, dump files
Cp - copy
Mkdir - make directory Rm - removes empty or non empty directories
rmdir - removes EMPTY directories
Mv - move file
Linux Security Issues
Access control - Weak passwords, users with superuser access
Permissions -unauthorized users with access to sensitive files
Vulnerability -Unintended weaknesses or flaws that could be exploited or triggered through a variety of means
Threats and attacks
Ransomware - code that encrypts or deletes files - unencrypt key provided after payment
Worms - Self-replicating
Trojans
Security Control Categories
Administrative - guidance, rules, and implementation procedures
Technical - hardware or software that are implemented (firewall)
Physical - protect from physical threats (someone looking over your shoulder, lock doors, etc)
What is CLAMAV
Open source anti virus toolkit and engineNot a full featured endpoint security Scans files quickly
Detects millions of viruses, worms, trojans and other malware
What are IPTables
Used for linux implementation of an endpoint firewall
Used to protect linux systems from network access
What is server hardening
Determine the servers purpose and requirements
Disable or remove unneeded apps and services/daemons
Perform os updates and continue to do so
What is client hardening
Baseline is crucial for clients
To ensure usability client hardening is less stringent than server hardening
Controls include
Endpoint security
Host firewall
Patching
Configuration
What services does Windows Server provide
Web servers
File, print, and db servers
Active Directory - user management
Cloud access
Mobile device management
What is Active Directory
centralizes user management
Oversees all users, groups, and devices in a windows environment
Enables system admins to control permissions and access
Runs on windows server softwareObjects: single
What is the difference between Active Directory and Azure Active Directory
Not simply active directory in the cloud
Leverages several other cloud capabilities to exponentially grow security and control
Example: ai enhanced password protection and automatic credential creation
Seemlessly integrates with Mobile Device Management (MDM)
What is MDM
Cloud based mobile device management
Natively integrates with Azure AD for enhanced security controls particularly in BYOD environments
What is Zero Trust
continuously verifies every transaction, asserts least privilege, relies on intelligence, advanced detection, Identity and access management
What is OWASP?
open web application security project - non-profit community
ranks the biggest cybersecurity threats
Main differences between Windows and Linux
Windows is proprietary, users don’t have kernel access
Linux is open source and a user can have root access (kernel)
Windows - frequently patched by Microsoft
Linux - patched by the open source community - more secure by design
Ipconfig - used to display the status of the currently active interfaces and details
Ping - Can test connectivity either by IP address or DNS name
Route - Can display routing table and manipulate the entries within it
Tracert - can be used to determine the route to a remote host
Nslookup - used to find the IP that corresponds to a DNS record and vice versa
Netstat - can be used to display and filter all incoming and outgoing network connections
Arp - can be used to update, display, or manipulate ARP table entries
Network commands
What is patching?
Updating existing software or OS files to eliminate new vulnerabilities
Ipconfig
- used to display the status of the currently active interfaces and details
Ping -
Can test connectivity either by IP address or DNS name
Route
Can display routing table and manipulate the entries within it
Tracert
can be used to determine the route to a remote host
Nslookup
used to find the IP that corresponds to a DNS record and vice versa
Netstat
- can be used to display and filter all incoming and outgoing network connections
Arp -
can be used to update, display, or manipulate ARP table entries
Rootkit
Foundation in Unix/Linux, but they can be found on any OS
Common characteristic: instead of modifying files in OS, it modifies files in kernel (foundational building blocks of OS) everything that runs in OS runs on top of Kernel
B/c malware becomes part of OS itself, it becomes invisivble to anti virus / malware
Identifying and removing from rootkit is very difficult
