Cybersecurity Flashcards
What is Lateral Movement?
Once within the system, the hacker can access other areas within the system
What is Firmware?
permanent software programmed in read only memory or hardware
What does “DDoS” stand for and what is a DDoS attack?
(Distributed Denial of Service Attack); malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
What is a Zombie Machine?
A machine one can control because they are vulnerable
It is difficult to filter the high amount of data when an attack comes from multiple ______?
Nodes
Three Factors impacting security:
The amount of time it takes, the amount of money (resources) and probability of success.
When designing a system, what is the “KISS” rule?
Keep it Simple, Stupid.
_________ Surface
Attack
What are the three types of entities?
1) Software
2) Hardware
3) Humanware
What is Pseudo Anonymity?
Pseudonymous merely means you are not using your real, legal name to identify yourself
What is a Bug Bounty?
A bug bounty is a reward that is paid out to developers who find critical flaws in software
What is “Kerckhoff’s principle?
Kerckhoff’s principle is the concept that a cryptographic system should be designed to be secure, even if all its details, except for the key, are publicly known
Three fundamental questions you need to ask yourself when designing a system?
1) What assets do we need to protect? Ex. Phone, data, system, etc
2) How are those assets threatened?
3) What can we do to counter those threats?
What are the three components of computer security?
Integrity
Availability
Confidentiality
What is integrity?
Guarding against improper information modification or destruction. Including ensuring information non-repudiation and authenticity
What is dat availability?
Ensuring timely and reliable access to an use of information
What is data confidentiality?
Preserving authorized restrictions on information access and disclosure. Including means for protecting personal privacy and proprietary information
What are 6 Computer Security Challenges?
- Attackers only need to find a single weakness, the developer/admin needs to find ALL the weaknesses.
- The attacker can exploit Multiple weaknesses
- Users and system managers tend to no see the benefits of security until a failure occurs
- Security requires regular and constant monitoring
- It’s often an afterthought + incorporated into a system after the design is completed
- Thought of as an impediment to efficient and user-friendly operations
Three types of System Vulnerabilities (of System Resources)
Corrupted (loss of integrity)
Leaky (loss of confidentiality)
Unavailable or very slow (loss of availability)
3 Types of attacks
Active – Attempt to alter/affect system resources
Passive – does not (directly) affect the system resources
Insider vs Outsider
What is “Legacy Approach”?
Bad guys are outside, good guys are inside your org.
Dealing with a Security Attack (3x)
Prevent
Detect
Recover
What is the Old Encryption Standard - Acronym and meaning) + how many bits ?
Data Encryption Standard (DES) + 56 bits
What is the New Encryption Standard - Acronym and meaning) + how many bits ?
Advanced Encryption Standard (AES) + 64 BITS
What is a countermeasure?
an action, device, procedure, or
technique that reduces a threat, a vulnerability, or an
attack by eliminating or preventing it, by minimizing the
harm it can cause
What is Security Policy?
a set of rules and practices that specify
how a system or organization provides security services to
protect sensitive and critical system resources
Active Attack
attempt to alter/affect system resources
Passive Attack
does not (directly) affect the system resources
Three Types of Attacks
Active
Passive
Insider/Outsider
Interception (Unauthorized Disclosure)
Unauthorized access to data
Inference (Unauthorized Disclosure)
traffic analysis or use of limited
access to get detailed information
What is intrusion? (Unauthorized Disclosure)
unauthorized access to sensitive data
What is a Masquerade? (Deception)
e.g., Trojan horse; or an attempt by
an unauthorized user to gain access to a system by
posing as an authorized user
What is Falsification? (Deception)
altering or replacing of valid data or
the introduction of false data
What is repudiation? (Deception)
an entity deceives another by falsely
denying responsibility for an act?
What is incapacitation? (Disruption)
a result of physical destruction of or
damage to system hardware
What is Corruption? (Disruption)
system resources or services function in
an unintended manner; unauthorized modification
What is obstruction? (Disruption)
e.g. overload the system or interfere
with communications
What is Misappropriation? (Usurpation)
an entity assumes unauthorized
logical or physical control of a system resource
What is misuse? (Usurpation)
causes a system component to perform a
function or service that is detrimental to system
security
What are the 4 kinds of Threat Consequences?
- Unauthorized disclosure
- Deception
- Disruption
- Usurpation
What is a Passive Attack?
Passive attacks attempt to learn or make use
of information from the system but does not
affect system resources
What is an Active Attack and what are the 4 main types?
Masquerade
Replay
Modification of Messages
Denial of Service
