Cybersecurity Fundementals Flashcards
What is the the CIANA pentagon?
C - Confidentiality (encryption/safeguard)
I - Integrity (checksums/hash digests)
A - Availability (redundancy/backups)
N - Non-repudiation (digital signature)
A - Authentication (proving of identity)
What is the reason for the CIANA pentagon?
The five CIANA principles are used to guide organizations in implementing and
maintaining effective security controls, including firewalls, intrusion
detection systems, and access control lists
What is snooping?
Unauthorized access to another person’s data
What is eavesdropping?
Unlawful interception of information while being transmitted over a
computer network
What is wiretapping?
Involves the targeted interception of telephone lines or Internet-based
communications
What is social engineering?
Leverages psychological manipulation to coax individuals into revealing
sensitive information
What is dumpster diving?
Looks through someone’s trash looking for discarded information that
could be useful or sensitive
What is an on-path/man in the middle attack and what is the countermeasure?
▪ A malicious actor intercepts the communication between two
unsuspecting parties
▪ Organizations must implement multi-layered security measures
What is a replay attack and what is the countermeasure?
▪ An adversary captures data during transmission and then retransmits it (for example login credentials/one time tokens)
▪ Preemptive and reactive security measures are used in effective
countermeasures
What is an impersonation attack and what is the countermeasure?
▪ Occurs when a malicious actor poses as a legitimate user to gain
unauthorized access or execute prohibited actions
▪ Organizations implement user awareness training programs
What is an unauthorized data modification attack and what is the countermeasure?
▪ An unauthorized user or modifies data in an unintended manner (modification, addition, or deletion of data)
▪ Techniques such as checksums, digital hash digests, and digital signatures, coupled with robust access control mechanisms.
Why is availability important?
Security systems and data must be accessible and operational when needed in order to prevent breaches.
What is a denial of service attack?
▪ Attempts to make a computer or network resource unavailable to its
intended users by overwhelming the target with a flood of Internet traffic
What are 3 defenses to a DoS attack?
● Traffic Filtering
* Controls the packets allowed to enter or exit a network based on attributes
● Rate Limiting
* Set up rate-limiting caps on the number of server requests within a given time from a user or IP address
● IP Allow Listing
* Only traffic from trusted IP addresses is allowed to reach particular services or servers
Name 4 other availability concerns that could result from unexpected outside factors?
Power outage
Hardware failure
Destruction
Service outage