Cybersecurity 101 Flashcards
Rubber Ducky
Type of cyberattack using USB that – when plugged in – acts like a keyboard and inputs pre-programmed keystrokes at high speed that can execute commands or scripts that can steal sensitive information, install malicious software, or give the attacker unauthorized access to the system
CIA Triad
Confidentiality, Integrity, Availability; all are important and must be balanced
Integrity
CIA Triad; protecting information from being modified by unauthorized parties
Confidentiality
CIA Triad; the state of being kept secret/private; ensuring that sensitive information does not reach unauthorized people
Availability
CIA Triad; ensuring timely and reliable access to and use of information
How can you prevent integrity attacks?
Use a secure hashing algorithm and process when transferring data
How can you prevent confidentiality attacks?
Using measures like encryption and authentication
How can you mitigate availability attacks?
Create regular backups of data
Hashing
A way to keep sensitive information and data secure; one-way mathematical function that turns data into a string of nondescript text that cannot be reversed or decoded
Threat Assessment
Structured process of identifying the threats posed to a group or system
Risk Mitigation
Systematic reduction of the impact or occurrence of a negative event
Social Engineering
Manipulation technique that exploits human error to gain private information, access, or valuables
Phishing
Fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal/sensitive information, such as passwords and credit card numbers
Man in the Middle
Threat actor puts themselves in the middle of two parties, typically a user and an application, to intercept their communications and data exchanges and use them for malicious purposes like making unauthorized purchases or hacking
Packet Sniffing
A method of detecting and assessing packet data sent over a network; usually done by admin but can be done by hacker
Malware
Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system
Brute-Force Attack
Cyber attack where a hacker guesses information, such as usernames and passwords, to access a private system
Code Injection
Attack that inject code into an application. Code injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell
