Domain 2:Threats, Vulnerabilities, and Mitigations Flashcards
Nation state
These are government-sponsored entities that engage in cyber operations to further their national interests.
Advanced Persistent Threat (APT
APT is a sophisticated and focused cyberattack launched by well-funded and highly skilled opponents, such as nation-backed agents or organized cybercriminal group
Unskilled attacker
unskilled attackers lack technical prowess and often resort to using off-the-shelf tools or purchasing tools from the dark web. T
Hacktivists
Hacktivists are individuals or groups driven by ideological, political, or social motives.
Insider threats
Insider threats originate from within an organization and can be particularly challenging to detect. These threat actors include employees, contractors, or business partners who misuse their access to compromise data, systems, or networks.
Organized crime
Their operations are characterized by a hierarchical structure, division of labor, and a focus on monetary gains.
Shadow IT
Shadow IT refers to technology used within an organization without proper approval or oversight from the IT department
Internal threat actors:
These originate from within an organization’s own ranks, often taking advantage of their familiarity with systems, networks, and processes. They can be employees, contractors, or even business partners. Internal threat actors may exploit their access to data and systems to launch attacks, whether intentionally or inadvertently. These attacks could stem from various motivations, such as financial gain, revenge, or personal grievances.
External Threat actors
These come from outside the organization and include a wide range of entities, from individual hackers to organized crime groups and nation states. External threat actors typically lack direct knowledge of the target’s internal systems, which may lead them to rely on reconnaissance and social engineering to gain access. Their attacks can vary greatly and can encompass espionage, data theft, and financial fraud.
Well funded threat actors
: These actors have access to substantial resources, which may be in the form of financial backing, advanced technology, or even government support. Nation state and APT threat actors fall into this category, often possessing significant budgets, specialized teams, and cutting-edge tools. Their attacks can be highly sophisticated and involve well-disguised techniques designed to evade detection.
Limited resources
Some threat actors, especially small-scale cybercriminals or unskilled attackers, may operate with limited resources. They might rely on readily available hacking tools, social engineering, or other low-cost methods. While their attacks may lack complexity, they can still be effective, particularly when targeting less secure targets. Understanding the level of resources/funding at a threat actor’s disposal provides insight into their potential impact and the scale of their operations.
Well-resourced threat actor
These actors possess advanced technical skills and deep knowledge of various attack vectors. Nation states, APT groups, and certain organized crime syndicates often fall into this category. Their attacks involve zero-day vulnerabilities, custom malware, and intricate evasion techniques.
Limited resources
Some threat actors, especially small-scale cybercriminals or unskilled attackers, may operate with limited resources. They might rely on readily available hacking tools, social engineering, or other low-cost methods. While their attacks may lack complexity, they can still be effective, particularly when targeting less secure targets. Understanding the level of resources/funding at a threat actor’s disposal provides insight into their potential impact and the scale of their operations.
Highly sophisticated threat actors
These actors possess advanced technical skills and deep knowledge of various attack vectors. Nation states, APT groups, and certain organized crime syndicates often fall into this category. Their attacks involve zero-day vulnerabilities, custom malware, and intricate evasion techniques.
Less sophisticated threat actors:
Unskilled attackers, script kiddies, and some cybercriminals operate with less advanced technical skills. They might rely on easily accessible tools, pre-made malware, and simpler attack methods. Despite their limited capabilities, their attacks can still cause significant disruptions and data breaches. They may purchase products from the dark web.
SSL/TLS downgrade attack
SSL/TLS downgrade attack is where an attacker exploits vulnerabilities in the communication between a client (such as a web browser). The attacker suggests using an older, less secure encryption method instead of the stronger ones that both parties support. The server is thus tricked into using less secure encryption protocols or algorithms, making it easier for the attacker to intercept and decrypt the data being transmitted, thereby compromising the security and confidentiality of the connection
Bluesnarfing
g. Bluesnarfing, in contrast, is a malicious act that involves gaining unauthorized access to a Bluetooth-enabled device’s data (such as contacts, messages, or files) without the owner’s knowledge or consent.
SNMP Manager
SNMP managers are centralized systems responsible for monitoring and managing network devices. They initiate SNMP requests to gather information from SNMP agents and can also configure and control devices. Managers use SNMP protocol operations such as GET, SET, and GETNEXT to retrieve or modify information stored in the Management Information Base (MIB), which stores information about devices on the network. SNMP managers play a vital role in network monitoring and troubleshooting by polling SNMP agents for data and making decisions based on the collected information.
Isolation Duration
Isolation duration determines how long a system should remain in quarantine based on the severity of the alert and the steps taken for remediation.
False Negative
A false negative means that there is a vulnerability that has already been patched, but the scanner does not detect it
Risk Exemption
Exemption refers to the act of relieving an individual, group, or entity from a specific obligation, rule, or policy that is generally applied across the organization. Exemptions are typically granted when adherence to a specific rule or policy is impractical or unfeasible. They are usually formal and documented and have a specified duration, and they may require approval from regulatory or governing bodies on a case-by-case basis.
Risk Exception
Risk exception: An exception in risk management pertains to an approved deviation from a set policy or standard. This deviation is typically temporary and is allowed due to the absence of a viable alternative, often with compensatory controls to mitigate associated risks.
Remote desktop protcol number
Remote Desktop Protocol (RDP) 3389 TCP This Windows proprietary protocol that enables remote connections to other computers
Whaling
An email attack where the target is the CEO or a high-level executive.
On-Path attack
It is an interception attack, examples of which include Man-in-the-Middle and replay attacks
hat type of attack uses a tar.gz file extension?
RAT(Remote Access Trojan)
Pharming
Pharming is a two-step process that begins with an attacker installing malicious code on a victim’s computer or server. That code sends the victim to a spoofed website, where they may be tricked into offering their personal data or login credentials for a website or online service
DNS posining
happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website. DNS poisoning also goes by the terms “DNS spoofing” and “DNS cache poisoning.”
SSL
SSL is technology your applications or browsers may have used to create a secure, encrypted communication channel over any network. However, SSL is an older technology that contains some security flaws. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities.
DNS
The Internet’s DNS system works much like a phone book by managing the mapping between names and numbers. DNS servers translate requests for names into IP addresses, controlling which server an end user will reach when they type a domain name into their web browser.
Salting
In the context of cybersecurity, “salting” refers to the technique of adding random data (or a “salt”) to passwords before they are hashed and stored.
DSA
Ays The Digital Signature Algorithm (DSA) is a public-key cryptosystem and Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem
ECDSA
ECDSA (Elliptic Curve Digital Signature Algorithm)
• Purpose: Used for digital signatures. • Function: Provides authentication by ensuring the integrity and authenticity of data. It generates a digital signature using a private key, which can be verified using the corresponding public key. • Performance: Generally faster and more efficient than traditional algorithms like RSA for the same level of security. • Usage: Commonly used in SSL/TLS certificates to verify the identity of servers.
What is the difference between ECDH and ECDSA?
- ECDSA is about ensuring the authenticity and integrity of data through digital signatures.
- ECDHE is about securely negotiating and exchanging encryption keys to keep your communications confidential.
Registration Authority
A Registration Authority (RA) is a function for certificate enrollment used in public key infrastructures. RA, Acceptes requests for digital certificates ,Authenticating the entity making the request
HMAC
Hash-based message authentication code (or HMAC) is a cryptographic authentication technique that uses a hash function and a secret key. With HMAC, you can achieve authentication and verify that data is correct and authentic with shared secrets, as opposed to approaches that use signatures and asymmetric cryptography
Which of the following defines a file format for storing and exchanging personal identity information, including private keys and digital certificates?
P12
http port number
80
By default, these two protocols are on their standard port number of 80 for HTTP and 443 for HTTPS.
Directive Controls
Directive controls involve providing specific instructions or guidelines to ensure compliance with policies, procedures, or regulations. They establish a clear framework for employees to follow. Examples of directive controls include a code of conduct or ethical guidelines that outline acceptable behavior within an organization, standard operating procedures (SOPs) that detail step-by-step instructions for completing tasks, and regulatory requirements that mandate specific reporting procedures for financial institutions.
TPM VS HSM
TPM is a hardware-based security component integrated into computers and devices. It generates, stores, and manages cryptographic keys in a secure environment. An HSM is a physical device designed to manage cryptographic keys and perform encryption and decryption operations
