Essential Knowledge Flashcards
OSI Model - Layer 1
1. Type
2. Data Unit
- Physical (USB, Bluetooth)
- Bit
OSI Model - Layer 2
1. Type
2. Data Unit
- Data Link (ARP, PPP)
- Frame
OSI Model - Layer 3
1. Type
2. Data Unit
- Network (IP)
- Packet
OSI Model - Layer 4
1. Type
2. Data Unit
- Transport (TCP)
- Segment
OSI Model - Layer 5
1. Type
2. Data Unit
- Session (X255, SCP)
- Data
OSI Model - Layer 6
1. Type
2. Data Unit
- Presentation (AFP, MIME)
- Data
OSI Model - Layer 7
1. Type
2. Data Unit
- Application (FTP, HTTP, SMTP)
- Data
TCP/IP Model - Layer 1
1. Type
2. OSI Layer Equivalent
- Network Access
- Physical (Layer 1) / Data Link (Layer 2)
TCP/IP Model - Layer 2
1. Type
2. OSI Layer Equivalent
- Internet
- Network (Layer 3)
TCP/IP Model - Layer 3
1. Type
2. OSI Layer Equivalent
- Transport
- Transport (Layer 4)
TCP/IP Model - Layer 4
1. Type
2. OSI Layer Equivalent
- Application
- Session (Layer 5), Presentation (Layer 6), Application (Layer 7)
How does TCP Handshake gets initialised?
- SYN
- SYN-ACK
- ACK
What does ARP stand for?
Address Resolution Protocol.
What is ARP used for?
Resolves IP address to physical address
What are the the 5 Network Security Zones?
- Internet
- Internet DMZ
- Production Network Zone
- Intranet Zone
- Management Network Zone
What does CVSS Stand for?
Common Vulnerability Scoring System
What is CVSS is used for?
Places numerical score based on severity for vulnerabilities and risks.
What does NVD stand for?
National Vulnerability Database
What is NVD?
US government repository of vulnerabilities
What are the 7 Vulnerability Categories?
- Misconfiguration
- Default Installation
- Buffer Overflow
- Missing Patches
- Design Flaws
- Operating System Flaws
- Default Passwords
What does EISA stand for?
Enterprise Information Security Architecture
What is EISA?
Process that determines how systems work within an organization
What are the 5 steps to Threat Modelling?
- Identify security objectives
- Application Overview
- Decompose application
- Identify threats
- Identify vulnerabilities
What are the 5 Phases of Risk Management?
- Risk Identification
- Risk Assessment
- Risk Treatment
- Risk Tracking
- Risk Review