Final Exam 2 Flashcards
What is a vulnerability
A flaw in a system that can be taken advantage of to impact the confidentiality, integrity, or availability of the system
What is an exploit
An attack taking advantage of a vulnerability
What is a zero-day
An exploit for a vulnerability that has no fix
What is a virus vs a worm
Virus - malware that replicates locally, often infecting files
Worm - malware that spreads from system to system automatically
What is adware
Malware making money through advertising manipulation
What is spyware
Malware collecting private info
What is scareware
Malware scaring users with threats to coerce actions
How does a credential stealer steal credentials?
Accesses memory, temporary internet files, keylogging
What is a rootkit?
Malware with admin privileges allowing persistent access to a compromised system
What is RAT?
Remote Admin Tool, allows remote access to a system
Biggest email threat and how it propagates
Virus (or worm) sets up a backdoor; propagates via sending spam e-mails that turn systems into “spambots”
What is phishing?
An attempt to gather sensitive info by masquerading a trustworthy entity
Ways of identifying phishing threats/protecting yourself from malware
- incorrect grammar
- email links
- email attachments
- asking for credentials
What is spearphishing
Phishing aimed at specific individuals or companies
What is SMShing
Act of sending fraudulent URL or phone # via SMS
What is OWASP
Open Web Application Security Project
What is an SQL injection
An attack manipulating input and server-side scripts to send malicious SQL commands
What is XSS and two types?
A cyber attack utilizing web vulnerabilities to send malicious code to a diff end user
Stored and reflected XSS
What is social engineering?
the science of manipulating human beings to take an action or divulge info
What are the types of info processing
“Top down - knowledge driven, based on prev exp, goals/expectations drive perception
Bottom up - used when knowledge is lacking, recognition by components, info driven”
Basic Human Tendencies
Reciprocity, social proof, consistency, scarcity, liking, authority
Telltale signs of social engineering
- pretending to know publicly available info
- warnings or inducements of fear/concern
- unrealistic promises
- time urgency
- unverified but “official” info
Steps of a social engineering attack
Research, hook, play, exit
Research - gather info
Hook - contact victim
Play - build trust
Exit
What are rings of trust
Security architecture in which outer rings possess a lower level of security and systems requiring a higher level of security are found in the inner ring
What are ACLs
Access Control Lists controlling intercommunication btwn lvls of trust
What are the key principles of Zero Trust
- Assume breach of other components
- Explicit validation of trust
- Least privilege access
- Constant and comprehensive monitoring and defense
Describe the typical secure topology
- Perimeter firewall (lies between the public internet and the organization, allows hosts outside to access public facing services such as web, email, and DNS)
- Perimeter network (also called DMZ – the area between the perimeter firewall and the internal firewall, hosts providing external services such as web, email, and DNS)
- Internal firewall (limits access to internal network)
- Internal network (rest of info assets)
What is PAM
Priviliged Access Management; emphasis on managing and monitoring user access when they request access
What is PIM
Privileged Identity Management; emphasis on the access a user or application (the “identity”) is granted and what they’re authorized to request
What is JIT
Just-in-Time Access (Part of a PAM/PIM solution, emphasis on requesting access only when needed, only for the duration of the business need)
What might we secure in a business environment
- Disable USB/CD devices and/or booting
- Enforce password policies
- Set up server and network device logging
- Content filter
- App whitelist
- BYOD
What is DLP
Data loss prevention software; detects potential data breaches and prevents unauthorized attempts to copy or send sensitive data, intentionally or unintentionally, even if the person is authorized to access the information
How are companies and users worried about BYOD
Companies:
- insecure devices on their network hold sensitive data
- controlling and monitoring data on the device
- securing data if device lost
Users:
- personal data loss
- privacy
Corporate BYOD Recommendations
- clear, comprehensive policy
- don’t assume one policy fits all users
- deploy the right IT infrastructure
What is digital forensics?
Using court approved methods to acquire, investigate, and present evidence which allows decision makers to act on knowledge
What is best evidence
An exact copy made of the original digital media
What are the Federal Rules of Evidence
Government regulations for the admission or exclusion of evidence in most US court proceedings
What is the Lockheed Martin Kill Chain
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command & Control
- Actions on Objectives
What is intentional evidence and its limitations?
Sets of evidence (usually logs) designed to record data for later review
Limitations: log rollover, log configurations, timezones
What is unintential evidence and its limitations?
Program functionality or behavior designed for another purpose, but from which we can infer or derive relevant data (e.g. jumplists)
Limitations: absence of data not always significant, info can be incomplete
What are jump lists?
A view of recently accessed or used files and programs
What is a breach and how long does it take to detect and contain?
A security incident in which unauthorized parties gained access to confidential info; 207 days to detect, 70 days to contain
Reasons Info Sec Management is formed later on by companies
- Gov’t req
- Audit team rec
- Management thought necessary
What is Info Sec Management?
Activities relating to protection of info/info assets against risk of loss, misuse, disclosure, or damage and describes controls that org needs to implement to ensure risks are managed
Explain why spending more on securing an asset than the intrinsic value of the asset is a waste of resources
Security is not concerned with eliminating all threats, but
with eliminating known threats and minimizing losses if an attacker succeeds.
What are the 3 stages of an attack?
Before, during, after
Before: discover, enforce
During: Detect, defend
After: scope, contain
Why implement risk management?
Eliminate known threats and minimize losses in case of a successful attack
What are some protection mechanisms to secure a network
- Firewalls
- IDS/IPS
- Secure passwords
- MFA
What are the types of contingency planning
“Incident response - procedure for when infosec incident occurs
Disaster recovery - procedure for when natural/manmade disaster occurs”
What is policy
Rules setting boundaries of acceptability and consequences in an org
NOT procedure
What is Common Law and who uses it
legal system developed through decisions of courts and tribunals (case law), rather than through legislative or executive action; used by US, Canada, UK, etc
What is US Criminal Code
Gov’t is the plaintiff filing a litigious action against a company or individual
What is US civil code
Wrongs against individuals or companies that result in damages or loss
What are the 3 potential roles of computers in an investigation
- Assisted
- Targeted
- Incidental
What are ethics and their importance
Standards of right/wrong behavior; helps distinguish good from harmful, respect, guiding decision making