Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TU 2 IT-Sicherheit > Einführung > Flashcards

Einführung Flashcards

1
Q

Risk-Reduction ROI Formel

A

(reduction in risk in $ - cost of control) / cost of control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Reduction in risk Formel

A

Annualized rate of occurrence * expected monetary loss for a single event * reduction in probability of risk occurrence with the control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Compliance vs. Security

A
  • Compliance: Regulatory Frameworks, risks, standards, policies, documentation
    -> only mandates basic security hygiene
    -> should be technology-neutral
  • Security: Authentication Mechanisms, Secure IT Environment, Physical Controls, Network Access, Business Processes
    -> Compliance misst Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Advanced Persistent Threat (APT): Characteristics

A
  • Sophisticated & sustained
  • Undetected presence over a prolonged period of time
  • High degree of customization
  • Experienced and well-funded attacker
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

APT categories

A
  • Cyberespionage
  • Financial crimes
  • Hacktivism
  • Destruction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

APT Modus Operandi

A
  • Stage 1: Planning
  • Stage 2: Infiltration
  • Stage 3: Expansion
  • Stage 4: Execution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

APT: Planning

A

1) Research the target
2) Assemble a team of attackers
3) Acquire or build the necessary tools
4) Test the target’s detection capability
5) Zero-day vulnerability hunts on used technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

APT: Infiltration

A

5) Distraction with a DDoS attack
6) Initial Infiltration on found vulnerability to enter system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

APT: Expansion

A

7) Expand access across the network
8) Move laterally through the system
9) Gather target data in bundles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

APT: Execution

A

10) White noise attack (DDoS zur Ablenkung)
11) Exfiltrate data
12) Leave a backdoor for future attacks
-> also: clean-up, erase footsteps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Common types of security vulnerabilities

A
  • Vulnerabilities in the source code
  • Misconfigured system components
  • Trust configurations
  • Weak credentialing practices
  • Lack of strong encryption
  • Insider threat
  • Psychological vulnerability
  • Inadequate authentication
  • Injection flaws
  • Sensitive data exposure
  • Insufficient monitoring and logs
  • Shared tenancy vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Definition attack vector

A
  • Are the methods that attackers use to break into a network
  • sum of attack vectors: attack surface
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Common attack vectors (categories)

A
  • Targeting the network vulnerabilities
  • Targeting the network services
  • Targeting the users
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Attack vectors: Network Vulnerabilities

A
  • Missing or poor encryption
    -> Measure: Encryption while data is at rest, transferred or processed
  • Misconfiguration
    -> Measure: Micro-segmentation policy
  • Session Hijacking
    -> Measure: Secure Channel Protocols
  • MITM
    -> Measure: Encryption
  • Cross-Site-Scripting/SQL-Injection
    -> Measure: Don’t trust user’s input (sanitize)
    –> attacks can be made harder or even prevented without affecting the services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Attack vectors: Network Services

A
  • Brute Force attacks
  • (D)DoS
  • Zero-Day-Exploits
    –> Can’t be prevented without affecting the services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Attack vectors: Users

A
  • Phishing
  • Typosquatting
  • Compromised, weak or stolen credentials
  • Trust relationships
  • Malicious insiders
    –> Awareness Training
17
Q

Other common attack vectors

A
  • Ransomware
  • Third party vendors
18
Q

Future Shift of Attack Vectors

A
  • IoT
  • Home office
  • “Always on”
  • Miniaturization (immer kleinere Hardware)
  • Quantum computers
  • Breaking old protocols with new methods
19
Q

Social Engineering Definition

A

Using the human component to get reconnaissance (Auskundschaften) of a network

20
Q

Social Engineering: Six Levers

A
  • Reciprocration (“Gegenseitigkeit”)
  • Scarcity (“Knappheit”)
  • Consistency (“Konsistenz”)
    -> User prüfen “alltägliche” Dinge nicht genau
  • Liking (“Sympathie”)
  • Authority (“Authorität”)
  • Social validation (“soziale Bestätigung”)
    -> Schwarmintelligenz
21
Q

Popular social engineering attacks

A
  • Pretexting
    -> construct a lie such that the victim believes it is real
  • Diversion theft
    -> Convince the courier that the service is required somewhere else
    -> MITM
  • Phishing
  • Vishing
    -> phone systems
  • Spear-phishing
    -> more targeted, background information
  • Water holing
    -> exploit vulnerabilities on trusted sites
  • Baiting
    -> flash drive
  • Quid pro quo
  • Tailgating
22
Q

Defenses against Social Engineering

A
  • Education/training
  • Multi-layer defense
  • Password guidelines
  • Technical defenses against special attacks
23
Q

Security Operations Center (SOC) Definition

A
  • Centralized unit offering services regarding IT-Security
  • Can be internal within an organization or external, providing remote services for outside parties
  • Consists of a security team that defends the network against unauthorized activities. Responsibilities include protection, monitoring, detection, and analysis
24
Q

SOC: Roles and Responsibilities

A
  • Tier 1: Incident detection, incident triage
  • Tier 2: Incident Responder
  • Tier 3: Incident Resolution, post-incident, threat hunter
  • SOC manager: supervision
25
Q

SOC: Services

A
  • Preventive:
    -> Real time monitoring and triage, including call center
    -> Prevention of cybersecurity incident
    -> Regular vulnerability scan for network and host
  • Detective:
    -> Incident analysis and response
    -> Forensic artifact analysis
    -> Deploying countermeasures
  • Post:
    -> Regular security policies adaption and consultation
    -> Sensor tuning and maintenance
26
Q

How to collect Cyberintelligence

A
  • Cyber news feed
  • Signature updates
  • Incident reports
  • Threat briefs
  • Being up to date with tactics, techniques and procedures (TTP) of advanced adversaries
27
Q

SOC data sources

A
  • Monitoring systems
  • Calls / E-mails from employees, customers
  • Broadcast messages from providers/agencies/authorities
  • Threat intelligence
28
Q

Security Information and Event Management (SIEM)

A
  • One of the most important tool in SOC
  • Basic tasks: data aggregation, correlation, alert ranking and prioritization, alerting
29
Q

Incident Handling Prozess

A
  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons Learnt
30
Q

Identifizierung vs. Authentifizierung

A
  • Identifizierung ist die Fähigkeit, eindeutig einen Benutzer eines Systems oder einer Anwendung zu identifizieren
  • Authentifizierung ist die Möglichkeit, zu beweisen, dass ein Benutzer oder eine Anwendung wirklich die Person oder die Anwendung ist, die/der die Anwendung beansprucht

TU 2 IT-Sicherheit (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions