ICS 3 Flashcards
Goal of Cyber Security Program
manages cybersecurity risks by securing and enhancing confidentiality, data integrity and availablity
Types of data breaches
ransomeware, phising, malware, compromised passwords
Causes of service disruptions
malware, distributed denial of service attacks, SQL injections, password attacks
adversary
actors w/ interest in conflict with organization- incentivized to perform malicious actions against org.
Gov’t sponsored/state-sponsord actor
funded , directed or sponsored by nations- steal/exfiltrate intellectual property, sensative info, funds
Hacktivist
act to promote social causes or are moral based and stay away from things like churches/hospitals, etc.
Network based attacks
targe infrastructure of a network, including switches, routers, servers, and cabling, with intent to gain unauthorized access or disrupt operations for users.
Backdoor and Trapdoors
Network based attack
- methods to bypass security procedures by creating an entry/exit point that is undocumented.Trapdoors - intential, backdoors - intential or product defect
Covert Channels
used to transmit data using methods not intended- voilate security policy but don’t exceed access auth, they can communicate data in small parts based on hiding info somwhere. - storage channel - put it somehwere to access by lower level, timring channel - gap/delay is used to hide.
Buffer overflows
overload temp storage - may cause program to overwrite the memoy of an application or crash to allow injection of malicious code or taking control of system.
Denial of Service
Floods network by congesting with large volumes of traffic greater than bandwidth, making the network unable to respond to service requests, leaving it vulnerable.
Distributed denial of service
mulitple are working in unison- more powerful than traditional
Man in the Middle Attacks
attacker acts as intermediary between two parties intercepting communications, acting as litgitimage entity. Attacker can read or redirect traffic.
Port scanning
scan network for open ports to gain access - logical ports used for protocols (TCP), common vulnerabilities include unsecured protocols, unpatched protools, poor login, poorly configured firewalls
Ransomeware
in the form of malware that locks systems
Reverse Shell
akak connect back shells - vicitm initiates communication w/ attacker behind firewall
Replay attacks
man in th emiddle attack - eavesdrop on network communication, intercept it, and replaysat a later timeto gain access
Return Oriented attacks
sophisticated techniues that utiilize pieces of ligitame original system code in a sequence to perform operations useful to the attacker. Each gadget ends with return instructions, causing next gadget to execte
spoofing
impersonating someone/thing to get access
address resolution spoofing
falsfying mapping of media access control addresses on a network to IP addresses- channel messages to other destinations
DNS spoofing
modify the domain name to IP address mapping (DNS) - redirect to another IP leads to mimiced website
Application based attacks
target specific software/apps such as databaess or website to gain access or disrupt functionality
SQL Injection
Attacker injects malicious sql code into exisitng code on website to gain access to data
Cross-Site Scraping
Inject code website attcks visitors of website
race condition
exploits system/app that relies on specific sequence of operations - but forcing to perform 2 or more out of order or at the same time
mobile code
software program designed to move from compter to computer to infect other applications by altering to icnlude code- VIRUS
Host based attacks
attack single host - laptop, mobile device or server to disrupt fucntionaity or obtain access.
Brute force
password hacking
malware
software or firmware intended to perform an unauthroized process that has adverse impact on confidentilality integrity or availability of info systems. - virus, worm, trojan horse adware, spyware
rouge mobile apps
use of malicious apps that appear legititate
Phising
digital social engineering uses email that requests users or direct them to fake websites
Spear Phising
poses as employee - HR/IT to try and get username/passwords or personal datahat can used for explotation