Exam Prep NOTES Flashcards
Simple Explanation of Environmental Variables in Vulnerability Management
In vulnerability management, environmental variables are the specific characteristics of an organizationโs IT environment that affect:
How vulnerabilities are detected
How serious they are
What actions should be taken to fix them
Since every company has a different network setup, security policies, and IT systems, these factors influence how vulnerabilities impact them.
Example 1: Operating Systems and Software
๐น Company A uses Windows 10, and Company B uses Linux servers.
๐น A security scanner detects a vulnerability that affects only Windows systems.
โ
Company A is at risk, while Company B is safe because they donโt use Windows.
๐ Lesson: The type of operating system an organization uses is an environmental variable that affects risk assessment.
Example 2: Network Setup & Firewalls
๐น A vulnerability is found in a companyโs web server.
๐น Company X has a firewall that blocks external access to the web server.
๐น Company Y allows the web server to be accessed from the internet.
โ
Company Y is more at risk because attackers can reach the vulnerable system, while Company X is safer because its firewall provides protection.
๐ Lesson: Network security settings (firewalls, VPNs) affect how dangerous a vulnerability is.
Example 3: User Privileges & Access Controls
๐น A company has a weak password policy (e.g., โ123456โ is allowed).
๐น A vulnerability is discovered that allows attackers to steal passwords.
๐น If Company C allows employees to use weak passwords, hackers can easily break in.
๐น If Company D enforces strong passwords & multi-factor authentication, the risk is lower.
๐ Lesson: How an organization manages user security (passwords, authentication) affects vulnerability impact.
Why Does This Matter?
When security teams assess risks, they donโt just look at the vulnerability itselfโthey also consider the organizationโs specific environment to decide:
โ
Which vulnerabilities need urgent attention
โ
Which ones pose little to no risk
โ
How to best fix the problem
This is why environmental variables are critical in vulnerability management! ๐
Key Risk Indicators (KRIs):
Simple Explanation:
Key Risk Indicators (KRIs) are early warning signs that help organizations predict potential risks and their impact on business operations. They are measurable metrics that indicate whether a risk is increasing or decreasing.
Why are KRIs Important?
KRIs help organizations:
โ Monitor trends that could lead to security threats, financial losses, or operational failures.
โ Take proactive measures before risks become serious problems.
โ Improve decision-making by identifying high-risk areas early.
Example of KRIs in Cybersecurity:
Number of attempted cyberattacks per month ๐ (If this number is rising, it signals a growing threat.)
Percentage of unpatched vulnerabilities ๐ (A high number means a greater risk of attacks.)
Employee non-compliance with security policies โ (More violations increase the risk of breaches.)
KRIs are different from general risk metrics because they focus on predicting risks rather than just measuring them.
example of data management platform, and what it does?
What Does a Data Management Platform (DMP) Do?
A DMP is a centralized system that collects, stores, and processes data from different sources to help businesses make better decisions. It is widely used in marketing, advertising, and analytics.
๐น Key Functions of a DMP:
Collects Data ๐ โ Gathers data from websites, apps, CRM systems, and third-party sources.
Organizes Data ๐ โ Sorts and categorizes data (e.g., customer demographics, behaviors, and preferences).
Analyzes Data ๐ โ Provides insights into customer behavior to improve targeting and personalization.
Activates Data ๐ฏ โ Sends data to ad platforms and marketing tools to create personalized campaigns.
Ensures Data Privacy ๐ โ Manages user permissions and ensures compliance with data privacy laws (e.g., GDPR, CCPA).
Example Use Case:
A retail company uses Adobe Audience Manager (DMP) to: โ
Collect customer data from its website, mobile app, and email campaigns.
โ
Analyze which products customers are most interested in.
โ
Segment customers into groups based on behavior (e.g., frequent buyers, first-time visitors).
โ
Send targeted ads or personalized offers to each group to increase sales.
DMPs are widely used in digital marketing to improve advertising efficiency and deliver personalized experiences to customers.
Risk Tolerance vs. Risk Appetite
Both risk tolerance and risk appetite are about how much risk an organization is willing to accept, but they have different meanings:
๐น Risk Appetite = Big Picture ๐ฏ
The general level of risk an organization is willing to take to achieve its goals.
Example: A bank may have a low risk appetite for fraud but a higher risk appetite for investing in new financial technologies.
๐น Risk Tolerance = Detailed Limits ๐
The specific amount of risk an organization is able to handle within acceptable limits.
Example: A company may tolerate a 5% loss in investments, but not a 20% loss.
Difference Between End-of-Life (EOL) Vulnerability and Legacy Vulnerability (Simple Explanation)
๐น End-of-Life (EOL) Vulnerability = No More Support ๐ซ
Happens when a vendor officially stops providing updates, patches, or support for a product.
Even if the hardware or software still works, it becomes risky because it wonโt receive security fixes for new threats.
โ
Example:
Windows 7 โ Microsoft stopped providing security updates in 2020.
An old firewall that no longer gets firmware updates from the manufacturer.
๐ Key Risk: No security patches โ Hackers can exploit vulnerabilities that will never be fixed.
๐น Legacy Vulnerability = Old but Still in Use ๐๏ธ
A system is considered legacy when it is outdated but still necessary for the organization.
It might still receive support but is inherently less secure due to its old design or lack of modern security features.
โ
Example:
A company still using Windows XP because an old software application only runs on it.
A factory running 20-year-old industrial control systems because upgrading would be too expensive.
๐ Key Risk: Old technology lacks modern security protections and might not be compatible with new defenses.
๐น Which One Is Worse?
EOL Vulnerability is more dangerous because no patches or fixes will ever be released.
Legacy Vulnerability is risky but sometimes still receives limited support.
break down Layers 7, 6, and 5 of the OSI Model in simple terms with real-world examples.
๐น Layer 7: Application Layer (What the User Sees ๐)
This is the topmost layer, where applications interact with the network.
It handles data exchange between user applications and the network.
Think of it as the front door of the internet.
โ
Example:
When you open a web browser and type www.google.com, the browser (Chrome, Firefox) is using Layer 7 protocols like HTTP/HTTPS to request and display the webpage.
Other Layer 7 protocols:
Email: SMTP, IMAP, POP3
File Transfer: FTP, SFTP
Remote Access: SSH, Telnet
๐น Layer 6: Presentation Layer (Translator ๐)
This layer ensures that data is readable and properly formatted before being sent or received.
Itโs like a translator or encoder that makes sure different systems understand each other.
โ
Example:
Data Encryption & Decryption:
When you visit a secure website (HTTPS), this layer encrypts your data before sending it over the internet.
File Format Conversion:
If you send an image in .JPEG format, but the receiver only supports .PNG, this layer may help convert the format.
Compression:
When you stream a YouTube video, data is compressed to reduce bandwidth use.
๐น Layer 5: Session Layer (Handles Connections ๐)
This layer establishes, maintains, and ends communication sessions between devices.
Think of it like a phone callโit ensures the connection stays open while youโre talking and closes when youโre done.
โ
Example:
Logging into a Website:
When you log into Facebook or Gmail, this layer manages your session so you donโt have to keep re-entering your password while browsing different pages.
Online Gaming Sessions:
If youโre playing an online multiplayer game, the session layer keeps the game connection active while you play.
Remote Desktop (RDP):
When you use Remote Desktop (RDP) to control another computer, the session layer keeps your session alive until you log out.
RTOS?
What is an RTOS (Real-Time Operating System) in Simple Terms?
A Real-Time Operating System (RTOS) is a type of operating system designed to process tasks quickly and on time, without delays. It is used in systems that require immediate responses and precise timing.
๐น How is an RTOS Different from a Regular OS?
A regular OS (like Windows, Linux, macOS) is designed for general-purpose computing, where delays are acceptable.
An RTOS is designed for real-time tasks, where a delayed response could cause problems (e.g., in medical devices, self-driving cars, or industrial machines).
๐ Example Difference:
If you click a button on your computer, a small delay in response is fine.
If a carโs airbag system or a pacemaker delays responding, it could be life-threateningโthis is why RTOS is needed.
๐น Examples of Where RTOS is Used:
โ
Automobile Airbag Systems ๐ โ The system must detect a crash instantly and deploy the airbag within milliseconds.
โ
Medical Devices (Pacemakers) โค๏ธ โ A pacemaker must regulate heartbeats precisely without delay.
โ
Industrial Robots ๐ค โ Machines in factories must react to sensors in real time to avoid defects or accidents.
โ
Aviation Systems โ โ Flight control systems must process sensor data and adjust in real-time.
โ
Self-Driving Cars ๐ โ Must react immediately to obstacles to prevent accidents.
Real-Time Operating Systems (RTOS) prioritize speed and timing accuracy over complex security features.
Some RTOS implementations lack strong memory protection, making them more vulnerable to buffer overflow attacks.
Buffer overflows occur when a program writes more data into a memory buffer than it can hold, potentially allowing attackers to execute malicious code.
Since drones rely on real-time processing, a buffer overflow in critical flight control software could be catastrophic.
RTOS systems sacrifice complex security measures for speed and efficiency, which can make them vulnerable to buffer overflow attacks if not properly secured.
SD-WAN vs. SASE: Whatโs the Difference?
๐น What is SD-WAN? (Software-Defined Wide Area Network)
SD-WAN is a technology that improves WAN (Wide Area Network) performance by intelligently routing traffic based on network conditions and application needs.
โ Example Use Case:
A retail chain has multiple stores in different cities and needs a cost-effective, fast, and reliable connection between locations.
SD-WAN helps by dynamically selecting the best available internet connection (MPLS, LTE, broadband) for each store, reducing costs and improving performance.
๐ Best for: Organizations that want WAN optimization with some security features but not full security integration.
๐น What is SASE? (Secure Access Service Edge)
SASE combines SD-WAN with strong security features to protect cloud-based applications and remote users. It moves security to the cloud, ensuring secure and fast access for users no matter where they are.
โ Example Use Case:
A company with a fully remote workforce uses cloud-based applications like Microsoft 365, AWS, and Zoom.
SASE ensures that all employees securely connect to cloud services with built-in security (firewall, Zero Trust, data protection).
๐ Best for: Organizations that need both SD-WANโs performance benefits and strong security controls for cloud-based environments.
๐ Quick Analogy to Remember:
SD-WAN = High-speed, smart highway system ๐ (Optimizes traffic flow but doesnโt check who is driving).
SASE = High-speed, smart highway with security checkpoints ๐ (Optimizes traffic and ensures only authorized users access secure locations).
โ
Final Verdict:
Choose SD-WAN if you need better network performance for branch locations.
Choose SASE if you need secure, cloud-first networking for remote users and cloud apps.
Cryptographic primitive?
3๏ธโฃ A Cryptographic Primitive
Cryptographic primitives (like hash functions and encryption) are the building blocks of digital signatures, but they alone do not provide non-repudiation.
Example: A hash function (SHA-256) can confirm data integrity but cannot prove who signed it.
What is a Cryptographic Primitive? (Simple Explanation)
A cryptographic primitive is a basic building block used in cryptography to create secure communication, encryption, and authentication systems. These primitives do one specific cryptographic task and are combined to form complex security protocols like SSL/TLS, VPNs, and secure messaging apps.
๐น Key Features of Cryptographic Primitives:
โ Simple but essential โ Each primitive has a single function, like encrypting data or verifying identity.
โ Used to build larger security systems โ Primitives are combined to create secure encryption algorithms, digital signatures, and authentication protocols.
โ Must be mathematically strong โ They should resist attacks like brute force and cryptanalysis.
๐น Examples of Cryptographic Primitives:
1๏ธโฃ Hash Functions (Ensuring Data Integrity) ๐
Converts input data into a fixed-size hash (digest) that is unique to that input.
Example: SHA-256 is used to verify passwords and blockchain transactions.
๐น Real-World Use: Bitcoin mining, password storage.
2๏ธโฃ Symmetric Encryption (Secret Key Encryption) ๐
Uses a single key to encrypt and decrypt data.
Example: AES (Advanced Encryption Standard) secures Wi-Fi (WPA2/WPA3) and file encryption.
๐น Real-World Use: Secure messaging apps like Signal, WhatsApp.
3๏ธโฃ Asymmetric Encryption (Public-Key Cryptography) ๐
Uses two keys (public & private) for encryption and decryption.
Example: RSA and ECC encrypt sensitive data and enable digital signatures.
๐น Real-World Use: SSL/TLS certificates, email encryption (PGP/GPG).
4๏ธโฃ Digital Signatures (Authentication & Integrity) โ
Ensures that a message or file is authentic and has not been altered.
Example: ECDSA (Elliptic Curve Digital Signature Algorithm) for blockchain transactions.
๐น Real-World Use: Verifying software updates, legal documents, smart contracts.
5๏ธโฃ Key Exchange Algorithms (Secure Key Sharing) ๐๐
Enables two parties to securely share encryption keys over an insecure network.
Example: Diffie-Hellman Key Exchange is used in VPNs and HTTPS (TLS handshakes).
๐น Real-World Use: Establishing secure browser connections (TLS).
What is 802.1X in Simple Terms?
๐น 802.1X is a security standard that controls who can connect to a network. It ensures that only authorized users and devices can access a wired or wireless network.
๐น How Does 802.1X Work?
802.1X uses a system called port-based network access control (PNAC) to authenticate users or devices before allowing them to connect.
It involves three main components:
1๏ธโฃ Supplicant (The User or Device) ๐ฅ๏ธ๐ฑ
This is the device trying to connect to the network (laptop, phone, etc.).
The device sends login credentials (username/password or a certificate) for authentication.
2๏ธโฃ Authenticator (The Network Device ๐)
This is the network switch (for wired) or Wi-Fi access point (for wireless).
It forwards the authentication request to the authentication server.
3๏ธโฃ Authentication Server (Verifies Identity ๐)
A RADIUS server (like Microsoft NPS or Cisco ISE) checks the credentials.
If authentication passes, the device gets access to the network.
If authentication fails, the device is blocked.
๐น Example Use Case: Office Wi-Fi Security
Imagine you walk into your office and connect to the Wi-Fi.
Your laptop (supplicant) tries to connect.
The Wi-Fi router (authenticator) asks for your credentials.
Your credentials are sent to the RADIUS server (authentication server) for verification.
If you are an authorized employee, you get access.
If not, access is denied.
๐ Without 802.1X, anyone could connect to the network, making it easier for hackers to gain access!
Why Is It Called โPort-Basedโ?
๐น In 802.1X, each connection point (wired or wireless) is treated as a โport.โ
๐น Even in Wi-Fi, each deviceโs connection acts like a logical port, even though thereโs no physical cable.
๐น The network switch or access point controls access at the โportโ levelโmeaning a device must be authenticated before the port allows traffic to pass.
๐ Simple Explanation for Wired vs. Wireless
1๏ธโฃ Wired Network (Switch Ports)
Each physical Ethernet port on a switch represents a โportโ in 802.1X.
The switch blocks traffic until authentication is successful.
2๏ธโฃ Wireless Network (Wi-Fi โPortsโ)
In Wi-Fi, thereโs no physical port, but each wireless connection is treated as a โlogical portโ.
The access point blocks traffic until authentication is completed.
What is Time of Check (TOC)?
๐น Time of Check (TOC) refers to the moment when a system verifies a condition or state before performing an action.
๐น If something changes after the check but before execution, it can lead to a security issue known as a Time of Check to Time of Use (TOCTOU) vulnerability.
๐น Simple Example of Time of Check:
Imagine youโre buying a flight ticket online ๐ซ:
1๏ธโฃ You check the price of a ticket: $500 (Time of Check โ
).
2๏ธโฃ You proceed to payment and confirm your booking.
3๏ธโฃ Between step 1 and 2, the price changes to $550, but the system still charges you $500 because it didnโt check again before finalizing.
4๏ธโฃ The airline loses $50 due to a Time of Check issue.
๐น Example of Time of Check in Cybersecurity (TOCTOU Attack)
๐ Scenario: A User Requesting Access to a File
1๏ธโฃ A program checks if the user has permission to read a file (Time of Check โ
).
2๏ธโฃ Before the program opens the file, an attacker quickly swaps it with a different file.
3๏ธโฃ The program grants access, assuming itโs still the same file (Time of Use ๐).
4๏ธโฃ Now, an unauthorized user gains access to sensitive data!
๐น This happens because the system checked permissions first but didnโt re-verify before using the file.
๐น How to Prevent TOCTOU Issues?
โ Use atomic operations โ Combine the check and execution into one step.
โ Lock files/resources โ Prevent changes between check and execution.
โ Re-validate before execution โ Always check again before acting.
