Dion Test 1 Flashcards
3DES
Symmetric
DLP
Data Loss Protection - Prevents data loss. Software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks
Aircrack-ng
Suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks. Includes packet capture and export of the data collected as a text file or pcap file
Collects wireless packet data
Autopsy
Cross-platform, open-source forensic tool suite
Digital forensics platform
BeEF
Browser Exploitation Framework - Penetration testing tool that focuses on the web browser
Brute Force Attack
Focuses on trying multiple passwords for a single user
Chain of custody forms list…
Everybody who has worked with or who has touched the evidence that’s part of the investigation. These forms record every action taken by each individual in possession of the evidence
tracert (trace route)
Networking diagnostic command for displaying possible routes and measuring transit delays of packets across an IP network
Used to determine the path traffic takes from one device to another
Shows how many hops, Uses ICMP
Displays the route of packets and timing between point A and point B. It’s very useful to help an administrator understand where along a route potential delays are arising
SQL Injection
Code injection technique used to attack data-driven applications.
Takes advantage of code vulnerabilities on website
Technique that exploits vulnerabilities in a target website’s SQL-based application software by injecting malicious SQL statements or by exploiting incorrect input
If you see “1=1 or 9=9, !=0”…its SQL Injection
Command injection
An attack where the goal is to execute arbitrary (random) commands on the host operating system via a vulnerable application
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Guides governance-related topics, including fraud, controls, finance, and ethics
Cryptographic Erase (CE)
Sanitizes a self-encrypting drive by erasing the media encryption key and then reimaging the drive.
CYOD
Choose Your Own Device
Data Custodian
Responsible for the safe custody, transport, storage of the data and implementation of business rules. Determines who has access to data
Data Owner
A senior executive role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of the information asset…Should not be an IT person
Covers activities such as making sure there are definitions in place, action is taken on data quality issues and Data Quality Reporting
Person accountable for the classification, protection, use, and quality of one or more data sets within an organization
DPO (Data Protection Officer)
Ensures that the organization processes the personal data of its staff, customers, providers, or any other individuals in compliance with the applicable data protection rules
Ensure that a company is complying with laws
Organization’s GDPR focal point and possesses
expert knowledge of data protection law and practices
Data Steward
Works for data owner and makes sure the data is appropriately labeled and classified…focused on the quality of the data
Data Wiping/Clearing
Data wiping/clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Keeps hard drive reusable
Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse
FACT: The database server is part of a critical production network
dd tool
Linux command Line tool
Can create forensic images (not a proprietary tool because it’s open-source).
Primary purpose is to convert and copy files
Degaussing
Involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Magnets
Degaussing is Purging
Dereferencing
Software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing it points to
DES
Data Encryption Standard - Symmtreic key algorithm for the encryption of digital data. Short key length of 56 bits
Diffie–Hellman
Key exchange. Method of securely exchanging cryptographic keys over a public channel
Directory traversal/Path Traversal
HTTP/web attack that allows attackers to access restricted directories and execute commands outside of the web server’s root directory
If you see “../” = most likely directory traversal
Occurs when attacker is able to read files on the web server outside of the directory of the website on remote server
Disk Management
Utility in Windows that enables you to perform advanced storage tasks
DSA
Digital Signature Algorithm - Asymmetric. Used for digital signature and its verification. Doesn’t perform encryption
HIPAA
Federal law that required the creation of national standards to protect sensitive patient health info from being disclosed without the patient’s consent or knowledge
EDM (Exact Data Match)
Pattern matching technique that uses a structured database of string values to detect matches
ECC
Elliptical curve cryptography - is a public key encryption. Asymmetric
FACT: MAC Address Reporting can help identify rougue devices
FERPA
Family Educational Rights and Privacy Act - United States law that governs the access to educational info and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments
FM-200
Non-flammable gas used for fire suppression
FTK Imager
Proprietary tool that can create perfect copies or forensic images of computer data without making changes to the original evidence. Identical in every way to the original
GLBA (Gramm-Leach-Bliley Act)
Requires financial institutions to explain their info sharing practices to their customers and safeguard sensitive data.
Guidelines for banks
GPG
GNU Privacy Guard - Asymmetric. Security tool for encrypting files.
AES
Advanced Encryption Standard - symmetric-key algorithm for encrypting digital data
Block cipher
Hypervisor
Also known as a virtual machine monitor - a process that creates and runs virtual machines
Allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.
IdP
Identity Provider - Provides the validation of the user’s identity
Verifies user’s identity
IDS
Intrusion Detection System - Logs and detects malicious activity but does not block them.
MD5 hash
Can validate file integrity has not been compromised during the download
Hash=data integrity
IOC (Indicators of Compromise)
Artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.
Something found on network that shows how computer was attacked
ipconfig
Command line tool that displays all current TCP/IP network configuration values on a given system
Used on Windows to troubleshoot network issues and gives you info about your current network configuration and it has the ability to renew your Ip addresses and DNS cache
PGP
Pretty Good Privacy -Asymmetric
Used to secure email communicates like S/MIME
IPS
Intrusion Prevention System - network security that detects and prevents identified threats.
Continuously monitors your network, looking for possible malicious incidents, and capturing info about them
John the Ripper
Password cracking software tool
journalctl
Command line tool for viewing logs collected by systemd.
The systemd-journald service is responsible for systemd’s log collection, and it retrieves messages from the kernel, systemd services, and other sources
grep using the -e further filter the results
Jumpbox/Jumpbox system
System on a network used to access and manage devices in a separate security zone…creates network segmentation
Jumpbox system is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.
Keylogger
Software or hardware. Records keystrokes
LDAPS
Lightweight Directory Access Protocol - Client server model for mutual authentication. Used to enable access to a directory of resources (workstations, users, information, etc.) Port 389
Used to store information about authentication such as passwords & usernames or other info about devices and users
Line Conditioner
Device that adjusts voltages in under-voltage and overvoltage conditions to maintain a 120 V output
Lockheed Martin cyber kill chain
Provides a general life cycle description of how attacks occur…7 steps (does not deal with the specifics of how to mitigate them)
Traces the stages of a cyber-attack, identifies vulnerabilities and helps security teams stop the attack at every stage of the chain
Mac Filtering
Blocks traffic coming from certain known machines or devices. Router uses the MAC address of a computer or device on the network to identify it and block or permit the access.
Traffic coming in from a specified MAC address will be filtered depending upon the policy.
Mantrap
Physical control that prevents multiple people from passing through a door at the same time.
Ex:Subway turnstiles
Memdump
Command line tool
Process of taking (dumping) all information content in RAM and storing it. Helps software developers diagnose, identify and resolve the problem that led to application or system failure
Metasploit
Computer security project that provides info about security vulnerabilities and aids in penetration testing and IDS signature development
Penetration testing software
Exploitation framework platform that can be used to craft and execute exploits against targets. Contains a variety of tools and serve as a “Swiss Army knife” of exploitation…one-stop shop for hackers and security professionals alike. Metasploit is one of the leading exploitation frameworks available
MITRE ATT&CK
MITRE Adversarial Tactics, Techniques, and Common Knowledge.
Guideline for classifying and describing cyberattacks and intrusions based on real world observations
Classifies and describes cyberattacks based on real world observations
nbtstat
NetBIOS over TCP/IP - Command line tool used for diagnosing or troubleshooting NetBIOS name issues
Nessus
Vulnerability scanner
Netcat
Used to create a reverse shell from a victimized machine back to an attacker
netstat
Command line tool. Generates displays that show network status and protocol statistics. You can display the status of TCP and UDP endpoints in table format, routing table info, and interface info
Nmap
Port scanner
NTLM
128-bit fixed output. Windows New Technology LAN Manager (NTLM) - a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity
OpenIOC
Open Indicators of Compromise. Contains in depth of research on APTs (does not integrate the detection and mitigation strategy)
Open framework meant for sharing threat intelligence information in a machine readable format
Password spraying
Focuses on attempting only one or two passwords per user.
Takes a large number of usernames and loops them with a single password
PCI DSS
Payment Card Industry (PCI) Data Security Standard (DSS) - An information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data
Port 21
FTP
Port 389
LDAP
Port 443
HTTPS
PDU (Power Distribution Unit)
A device designed to provide power to devices that require power, and may or may not support remote monitoring and access.
Processor Cache
Volatile and changes the most frequently…more than RAM
Proxy Server
Server application/device that acts as an mediator/middle man between a device and remote server
Processes requests on a client’s behalf
4 types : IP proxy, Caching Proxy, Internet Content Filter, & Web security gateway
Purging
Involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one
Act of removing data in a way that can’t be reconstructed using any known forensic techniques
Degaussing is purging
Race Conditions
Occur when the outcome from execution processes is directly dependent on the order and timing of certain events
Two operations (typically one is malicous, one is legit) are happening at the same time and compete for which one will be executed first
RAM
Random Access Memory - temporary storage on a computer
Can quickly change or be overwritten…info stored in RAM is lost when power is removed from the computer
RC4
Symmetric. Stream cipher
Reimage
Process of installing a new operating system on a machine
RIPEMD
Family of cryptographic hash functions.160-bit fixed output
RP
Relying Party - Resource host
RSA
RSA - asymmetric cryptography algorithm
SAML
Security Assertion Markup Language - Allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP)
Often used with SOAP
Solution for providing single sign-on (SSO) and federated identity management. It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the SP can trust the identity of a user (the principal) without the user having to authenticate directly with the SP.
Secure erase (SE)
Used to perform the sanitization of flash-based devices (such as SSDs or USB devices) when cryptographic erase is not available
SHA-2
256-bit fixed output. Cryptographic hash functions designed by the United States National Security Agency (NSA)
SOX (Sarbanes-Oxley Act)
Federal law created to help protect shareholders, employees, and the public from accounting errors and fraudulent financial practices.
SP
Service Provider
Sensitive Personal Information (SPI)
Sensitive Personal Information - Doesn’t identify an individual but is information that is private or could potentially harm the individual should it be made public
Info about an individual’s race or ethnic origin, opinions, & beliefs
Ex: Full name, Social Security Number, driver’s license, financial information, and medical records
Stuxnet Attack
Was a multi-part worm that traveled on USB sticks and spread through Microsoft Windows computers
USB/Removable Media
Surge Protector
Defends against possible voltage spikes that could damage your electronics, appliances, or equipment.
Swap files
Temporary files on a hard disk used as virtual memory
Syslog
System Logging Protocol uses port 514.
A way network devices can use a standard message format to communicate with a logging server.
Designed specifically to make it easy to monitor network devices. Standard for sending and receiving notification messages in a particular format from various network devices
Standard network-based logging protocol…Centralizes all syslog messages from network devices
Diamond Model of Intrusion Analysis
Model to describe cyber attacks. Contains 4 parts - adversary, infrastructure, capability, and target. It gives analysts a comprehensive view of cyber attacks. Graphical representation of an attacker’s behavior
Tokenization
When all or part of data in a field is replaced with a randomly generated token. Token is stored with the original value on a token server or token vault, separate from the production database
This is an example of a deidentification control
Twofish
Symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits
VPN
Virtual Private Network - encrypted connection over the Internet from a device to a network
Not typically included in an endpoint security suite
Remote access capability to connect a trusted device over an untrusted network back to the corporate network
What does “set type=ns” do in the nslookup command?
tells nslookup only reports information on name servers
nslookup command is used to query the Domain Name System to obtain the mapping between a domain name and an IP address or to view other DNS records
What should be done FIRST after forensically imaging a hard drive for evidence in an investigation?
Create a hash digest of the source drive and destination image file to ensure they match
Hash=data integrity
Wildcard Certificate
Public key certificate that can be used with multiple subdomains of a domain. Saves money & reduces the management burden of managing multiple certificates, one for each subdomain.
Ex: A single wildcard certificate for *.diontraining.com will secure all these domains (www.diontraining.com, mail.diontraining.com, ftp.diontraining.com, etc.).
XSRF/CSRF
Cross-Site Reference Forgery - Forces authenticated users to submit a request to a Web application against which they are currently authenticated/logged in
Zero-fill (Sanatizing method)
Relies on overwriting a storage device by setting all bits to the value of zero
