Intro to Cybersecurity (2) Flashcards
What are the four types of Computer Security?
Cybersecurity, Information Security, Application Security, Network Security
These categories help structure the approaches to securing different aspects of computer systems.
What are considered assets in the context of security?
Hardware, Software, Data, People
Identifying and valuing these assets is crucial for effective protection.
Define vulnerability in cybersecurity.
A weakness that can be exploited
Examples include flaws in design or implementation that threat actors can take advantage of.
What is the C-I-A triad?
Confidentiality, Integrity, Availability
These are the three pillars of information security that govern practices for security.
What does confidentiality mean in the C-I-A triad?
Assets are viewed by authorized people only.
What does integrity mean in the C-I-A triad?
The system ensures that assets can be modified only by authorized people.
What does availability mean in the C-I-A triad?
Data is accessible for authorized users.
What is authentication in cybersecurity?
The process of verifying that an identity matches the person.
What is accountability in cybersecurity?
The ability of the system to confirm that a sender cannot deny an action.
List the four acts that can harm the CIA of computer assets.
- Interception
- Modification
- Fabrication
- Availability loss
Each act represents a potential threat to the confidentiality, integrity, and availability of data.
What are the three basic actions a person or system can perform?
- Viewing
- Modifying
- Using
What type of threat is an Advanced Persistent Threat (APT)?
A threat from wealthy, organized, sophisticated hackers.
What is risk management in cybersecurity?
Controlling threats and using resources to minimize damages.
What three elements do malicious hackers need to succeed?
- Method
- Opportunity
- Motive
What is the method in the context of a successful cyber attack?
The skills and tools that hackers use.
What does opportunity refer to in a cyber attack?
The time and access available to attack.
What are controls and countermeasures?
Ways to counter threats and protect against them.
What is the difference between identification and authentication?
Identification is recognizing a person, while authentication is proving who they are.
List three methods of authentication.
- Knowledge (e.g., passwords)
- Biometric (e.g., fingerprints)
- Possession (e.g., identity badges)
Each method has its own strengths and weaknesses.
What is a dictionary attack?
An attack using commonly used words or phrases to crack passwords.
What is a brute force attack?
An attack that guesses the password until the correct one is found.
What is credential stuffing?
An attack where stolen information from one website is used to access other websites.
What are some advantages of using biometrics for authentication?
- Less likely to be stolen
- More convenient
- Cannot be forgotten
- Difficult to replicate
Biometrics offer a higher level of security compared to traditional methods.
What are some problems associated with biometrics?
- False positives
- False negatives
- Privacy concerns
- Expensive to implement
These issues can hinder the widespread adoption of biometric systems.
What is access control?
The process of giving or denying access to data or computer resources.
What are the four parts of access control?
- Policy definition phase
- Policy enforcement phase
- Identification
- Authentication
What are the two types of access control?
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
What is Discretionary Access Control (DAC)?
User sets control to block or allow access to an object.
What is Mandatory Access Control (MAC)?
System admin controls access to objects, with no user changes allowed.
What is a digital certificate?
An authentication method that verifies a user based on location, device status, or user.
What is cryptography?
The method of encrypting data to hide it and only allow certain people to access it.
What is encryption?
The process of encoding a message.
What is decryption?
The reverse process of encryption.
What is symmetric key encryption?
A method where only one key is used to encrypt and decrypt data.
What is asymmetric key encryption?
A method using a public key for encryption and a private key for decryption.
What is malware?
Malicious code or programs meant to harm a system.
What is a virus in the context of malware?
A program that infects other programs by modifying them.
What is a worm in malware terms?
A type of malware that replicates itself to spread.
What is a trojan horse?
A type of malware that appears safe but hides malicious code.
What is a keylogger?
Software or hardware that records every keystroke made by a user.
What is the purpose of testing software for security?
To ensure the software functions correctly and securely.
What is the least privilege principle?
Users should have only the rights they need for their job.
What does ‘separation of privilege’ mean?
Access should require two conditions to be approved.
What is a man-in-the-middle attack?
An attack that secretly intercepts communication between two parties.
What is a drive-by download?
An attack that automatically downloads malicious software without user consent.
What is the man-in-the-middle attack?
An attack that allows an unauthorized party to intercept and potentially alter communication between two parties.
What can malware do with authentication data?
Malware can reuse previously used authentication data.
What is a one-time password?
A password that is valid for only one login session or transaction.
Why is continuous authentication beneficial?
It allows ongoing verification of a user’s identity but requires proper setup.
What is the importance of HTTPS?
It ensures secure communication over a computer network.
What is a digital certificate?
An electronic file used to verify the identity of a party online.
What information does a digital certificate contain?
It contains the name of the entity, the issuer, and the expiration date.
What does a fake website aim to achieve?
To deceive users by appearing legitimate while conducting malicious activities.
What can attackers do to legitimate websites?
Attackers can change or modify a legitimate website.
What are common motivations for attacks?
- Prove a point
- Embarrass the victim
- Make a political or ideological statement
- Gain attention or respect
- Simplicity of execution
What is phishing?
An email-based attack aimed at tricking individuals into providing sensitive data.
What is a MAC address?
A unique identifier assigned to a network interface for communication on a network.
What is a packet sniffer?
A tool that captures and analyzes packets of data on a network.
What is the OSI model?
A conceptual framework used to understand and implement network communication.
What is the role of the application layer in the OSI model?
It interacts with end-user software and provides network services.
What is the function of the presentation layer?
It prepares data for the application layer and manages encoding, encryption, and compression.
What does the session layer do?
It manages sessions between applications.
What is the purpose of the transport layer?
To maintain data transfer between two networks.
What does the network layer do?
It routes data and determines the best path for it to travel.
What is the role of the data link layer?
It facilitates data transfer between devices on the same network.
What does the physical layer manage?
It manages the physical connection between devices and transmits raw data.
What are the three key principles of information security?
- Confidentiality
- Integrity
- Availability
What is a DoS attack?
An attack that aims to make a network resource unavailable by overwhelming it with requests.
What is wiretapping?
The interception of communication, usually for malicious purposes.
What is DNS spoofing?
An attack where fake DNS records are created to redirect users to malicious sites.
What is a DDoS attack?
A distributed denial-of-service attack that uses multiple compromised systems to flood a target.
What is a bot in the context of network security?
A compromised computer that is controlled remotely to perform malicious tasks.
What is the function of a firewall?
To filter incoming and outgoing network traffic based on predetermined security rules.
What are common types of firewalls?
- Packet-filtering firewalls
- Stateful inspection firewalls
- Proxy firewalls
What does a VPN do?
Provides a secure communication tunnel for data transmission between networks.
What is Tor onion routing?
A technique for anonymous communication that encapsulates messages in layers of encryption.
What is blacklisting?
A method of blocking access to specific IP addresses or domains.
What is an IDS?
An Intrusion Detection System that monitors network traffic for suspicious activity.
What are the two types of IDS?
- Signature-based
- Anomaly-based
What does an IPS do?
An Intrusion Prevention System that actively blocks or prevents attacks.
What is the purpose of encryption in data security?
To protect data being transferred from unauthorized access.
What is the importance of updating security software?
To protect against new vulnerabilities and threats.
Fill in the blank: A malicious program is installed without the user knowing, known as _______.
malware
True or False: HTTPS is less secure than HTTP.
False
