ICS 3 Flashcards
Goal of Cyber Security Program
manages cybersecurity risks by securing and enhancing confidentiality, data integrity and availablity
Types of data breaches
ransomeware, phising, malware, compromised passwords
Causes of service disruptions
malware, distributed denial of service attacks, SQL injections, password attacks
adversary
actors w/ interest in conflict with organization- incentivized to perform malicious actions against org.
Gov’t sponsored/state-sponsord actor
funded , directed or sponsored by nations- steal/exfiltrate intellectual property, sensative info, funds
Hacktivist
act to promote social causes or are moral based and stay away from things like churches/hospitals, etc.
Network based attacks
targe infrastructure of a network, including switches, routers, servers, and cabling, with intent to gain unauthorized access or disrupt operations for users.
Backdoor and Trapdoors
Network based attack
- methods to bypass security procedures by creating an entry/exit point that is undocumented.Trapdoors - intential, backdoors - intential or product defect
Covert Channels
used to transmit data using methods not intended- voilate security policy but don’t exceed access auth, they can communicate data in small parts based on hiding info somwhere. - storage channel - put it somehwere to access by lower level, timring channel - gap/delay is used to hide.
Buffer overflows
overload temp storage - may cause program to overwrite the memoy of an application or crash to allow injection of malicious code or taking control of system.
Denial of Service
Floods network by congesting with large volumes of traffic greater than bandwidth, making the network unable to respond to service requests, leaving it vulnerable.
Distributed denial of service
mulitple are working in unison- more powerful than traditional
Man in the Middle Attacks
attacker acts as intermediary between two parties intercepting communications, acting as litgitimage entity. Attacker can read or redirect traffic.
Port scanning
scan network for open ports to gain access - logical ports used for protocols (TCP), common vulnerabilities include unsecured protocols, unpatched protools, poor login, poorly configured firewalls
Ransomeware
in the form of malware that locks systems
Reverse Shell
akak connect back shells - vicitm initiates communication w/ attacker behind firewall
Replay attacks
man in th emiddle attack - eavesdrop on network communication, intercept it, and replaysat a later timeto gain access
Return Oriented attacks
sophisticated techniues that utiilize pieces of ligitame original system code in a sequence to perform operations useful to the attacker. Each gadget ends with return instructions, causing next gadget to execte
spoofing
impersonating someone/thing to get access
address resolution spoofing
falsfying mapping of media access control addresses on a network to IP addresses- channel messages to other destinations
DNS spoofing
modify the domain name to IP address mapping (DNS) - redirect to another IP leads to mimiced website
Application based attacks
target specific software/apps such as databaess or website to gain access or disrupt functionality
SQL Injection
Attacker injects malicious sql code into exisitng code on website to gain access to data
Cross-Site Scraping
Inject code website attcks visitors of website
race condition
exploits system/app that relies on specific sequence of operations - but forcing to perform 2 or more out of order or at the same time
mobile code
software program designed to move from compter to computer to infect other applications by altering to icnlude code- VIRUS
Host based attacks
attack single host - laptop, mobile device or server to disrupt fucntionaity or obtain access.
Brute force
password hacking
malware
software or firmware intended to perform an unauthroized process that has adverse impact on confidentilality integrity or availability of info systems. - virus, worm, trojan horse adware, spyware
rouge mobile apps
use of malicious apps that appear legititate
Phising
digital social engineering uses email that requests users or direct them to fake websites
Spear Phising
poses as employee - HR/IT to try and get username/passwords or personal datahat can used for explotation
Business Email Compromise
targets exec and high ranking- transfer money via wire transfer, pay fake foreign survivors, send sensative data aka whaling
Pretexting
creating fake identity/scenario so there is a sense of urgency to act
Pharming
used in combo w/ phising - entering personal info into website/portal that imitates a legititate site
Vishing
telphonic system voice over internet protocol- spoofed/fraudlent callder ID that is tied to a ligitate business/person
Supply Chain Attack - Embedded Software Code
inserting code into prepackage software/firmware being sold to a companny that later insalls it
Foreign sourced attack
govt use produces to conduct surveillanceor deliver malicious code
pre-intalled malware or hardware
installing malware on devices that will be used by companies in the supply chain (USB,cameras, or phones)
water hole attacks
identify websites of suppliers, customers or regular entitites that are known to be used by several companies - look for weakness
esclated cyberattack
Internet of Things devices used as an attack base to infect more machines or as an entry point for access to connected network
treat modeling
process of identifying, analyzing and mitigating threats to a network, system or application
Perform Reduction Analysis
decomposing asset being protected from threat w/ inten tot gain a greater understanding of how assets interact w/ potential threats. Decomposition process - involves understanding trust and security changes, flow of data, where input can be received, security clearance, and related P&P
Process for Attack Simulation and Threat Analysis
threat model - 7 stages that focus on risks and countermeasures that are prioritized by the value of the asset being protected. :
1. definition of objectives for analysis of risk
2. definition of technical steps
3. application decomposition and analysis
4. threat analsysi
5. weakness/vulnerablity analysis
6. attaching and modeling simulation
7. risk analysis and management.
Visual, Agile, and Simple Threat Analysis
based on agile project mgmt - goal to integrate threat mgmt into programming enviornment on a scalable basis.
STRIDE
developed by microsoft used for assessing threats related to applications and operating systems.
COSO Framework - Operational Objective
Performance measures and safegaurds help increase likehood that IT assets are protected-focus on effectivness and efficiency of business operations
COSO Framework - Reporting Objective
Increaseing likelyhood that cybersecurity controls are in place so that they do not affect the interanl/external financia land non financial reporting. Focus on transparency, reliablity, timeliness, and trustworthyness as determined by standard setting bodies, regulators, policies
COSO Framework - Compliance Objective
adhearnce to laws and regs = NIST, HIPPA, GDPR
Five compenents of COSO framework
Control Env., RA, Control Activities, Infor/Communication, Monitoring
COSO Control Env.
tone at the top, ethical values, - sr. mgmt should raise awareness, guide/develop IT p&P, incident response mgmt, educate workfoce on roles of safegaurding
COSO Risk Assessment
evaluate internal/external factors
Security policies
foundation for security framework - comprehensive guide for implemenation. Clear terms, roles/responsibilties, acceptbale levels of risk.
acceptable use policy
control document to regulate and protect technology resources by assigning various levels of responsiblities to job roles, listing acceptable behavrio, and consequences for violations.
security standards
organizational requirements that are either mandatory by law or adopted by company guidelines for best practices. Serve as course of action to achieve security policies- NIST, GDPR, PCI
security standard operating procedures
lower level of documention that provides detailed instructionson how to perform specific security tasks or controls
access point
wireless connection point to allow users to connect to wired network.
bidge
connects separate networks that use the same protocol - operates as the data link level.
hubs
connection points that link multiple systems and devices using the same protocol within a single network.
proxies
form of gateway that doesn’t translate protocols but acts as a mediator that performs functions on behalf of another network using the same protocol
Service Set Identifier
name assigned to wireless network
zero trsut
assumes always at risk - continusous validation of users interaction with a network, designed to prevent data breaches by implementing a set of system design principals and coordidated cybersecuirty and system management
least privledge
users and systems are graned the minimum authorization and system resources needed to perform function
need to know
employees are only given what theymust know to perofrm their job.
whitlisting
identifying list of appliations that are authorized to run on a system and only allowing those to execute
context aware authentication
idetnify mobile device users by using contextual data poitns such as time, geographic lcoation, point of access, IP address
digital signature
electronic stamp of auth encrypted and attached to a message
NIST recommended password
8 characters
vulneratbilty management
proactive security practice designed to prevent the explotation of IT vulnerabiities that could potentially harm a system or organization. ID, classifying, mitigating, and fixing known vulnerablities.
common vulnerabilities and exposure dictionary
database of security vulnerabilities that provide unique identifiers for different vulnerablities and risk exposures.
layered security
using a diversified set of security tactics so single event does not compromise entire system.
defense in depth
multilayered that does not rely on technology alone, but combines people, policies, technology, and physical/logical access controls.
redudnacy can be administered through
layering, isolating, concealing data, segmenting hardware
layering
add redunancy by breaking up an operation into smaller chunck that can be manage by different people, performed by a machine/computer, or complely isolated.
abstraction
process of hiding the complexity of certain tasks so that only the relevant info to a specific person perforing the function is presented. - primary intention is to simplfy complex tasks but also limits user access to level of detail they need to know
concealment
hiding data - asign users to same security level of data they will access
discreationay access control
decentralized control that allowes data owners, custodians, or creators to manager their own access
access control list
list of rules that outlines which users have permission to access certain resources, administers account restrictions (type of action)
NIST RM Framework
defining or framing the enviornment in which risk based decisions are made - assess, respond and monitor risk
what does the NIST RM Framework require to be identified?
Risk assumptions, contraints, tolerance, prorities and trade-offs
NIST RM FW - Goal of assessing risk?
Identify risks to nations, orgs individuals, assets or operations, vulnerablities internal and external, harm, likehoood of harm