Introduction to Cybersecurity Flashcards
Assets
An asset is any object(tangible or intangible) that is considered valuable to an individual or group of individuals.
Critical Infrastructure
Blue Team
Will constantly perform tests and analysis using security monitoring programs, such as SIEM, and methods such as threat hunting, to identify security flaws and verify that the most effective security measures have been deployed.
Critical Infrastructure
Red Team
Will constantly evaluate security levels of the infrastructure by trying to exploit the many security measures that are implemented in the organization, including using Social Engineering.
Incidence Response
Also known as the Blue Team, will create a playbook that contains many scenarios, each scenario will have the best way to approach the situation with the attempt to limit damages to an infrastructure.
What is SOC
Security Operation Center is a facility responsible for monitoring, preventing, detecting, investigating, and responding to cyber threats 24/7 to maintain safety.
Security Operation Center goals
> Detect the signs of a cyberattack
prevent before it happens
isolate an attack
Once isolated perform the Incident Response.
Security Operation Centers within an Organization
Organizations need SOC teams to prevent, identify, and remedy attacks as quickly as possible and limit damages.
Security Operation Center:
Blue Team Aspects
Cybersecurity experts that aim to safeguard an organization against cyberattack.
Security Operations Center:
Red Team Aspects
Responsible for performing penetration testing in an organization. Tests try to avoid Security Operations Center detection and perform stealthy maneuvers that simulate how actual cybercriminals launch attacks.
Security Operations Center:
Purple Team
When Red and Blue teams in an organization are integrated, their cybersecurity experts can more efficiently test and improve an organizations defenses.
What are Viruses?
A computer virus is a type of malware designed to perform damaging and illegal operations on a host computer, primarily by deleting critical systems files.
How do viruses spread?
Viruses spread from file to file, it attempts to achieve higher privilege along the way.
How do viruses impact a computer?
Performance issues- OS frequently freezes or crashes, or there is prolonged boot-up, a drop in performance, or an unusual amount of resource usage.
File System Changes- Missing or corrupt computer files.
Abnormal Behavior- Applications and programs are executed without user interaction.
Program Changes- Unusual program activities and changes to the machine, such as the appearance of new files or a changed default homepage.
Significance in Cybersecurity:
IT Aspect
An important IT team task is the Installation and maintenance of updated protection and identification measures. Usually includes antiviruses on all endpoints and network components of the organization, to detect and prevent the presence of the viruses in organization computers.
What is Cybersecurity
Cybersecurity refers to any activity that aims to protect devices and systems from both internal and external threats.
Red Team
Tests software, system, websites, tools, vulnerabilities, and more from the attacker’s perspective.
Blue Team
Defends against potential threats by monitoring systems, implementing patches, closing security holes, providing real-time protection against attacks.
Purple Team
Combines some aspects of Blue Team and Red Team, purple team will test and attack a system, resolve any issues that are discovered on their own.
Yellow Team
A rarely employed team that consists of the developers who are also knowledgeable in the areas of cybersecurity, and are able to design code that can thwart software related attacks.
Anti Virus
An endpoint protection application that inspects and detects viruses and malware. If a program is determined to be malicious, the anti-virus will handle the threat by, for example, removing it, deactivating it, or isolating it.
Two Elements of antivirus
Database are lists of strings and actions that may indicate malware activity,
Rules are sets of definition that together can be used to profile various types of malware.
File Signature
A type of AV that identifies malware based on raw data, name, size, has, bits, address, author, and magic bytes.
Heuristics
A type of AV that analyzes malware behavior, including the memory it uses and communication with the kernel, system, and network via DDLs.
Penetration Testing
An authorized simulated cyberattack on a computer system or network designed to check for exploitable vulnerabilities.
Penetration Testing Types
Internal- a penetration tester will assume the role of an intruder in an internal network.
External- the pen tester will examine publicly available information about the organization or any publicly facing assets, such as cloud-based application, mails servers, and websites, and attempt to breach them remotely.
Web application- the pentester will gather information about the target web application, find exploits, and exploit them.
Mobile Application- the pen tester will use various techniques to understand the application’s logic and methods of an operation via tools used for static and dynamic analysis.
Penetration Testing Types
Internal- a penetration tester will assume the role of an intruder in an internal network.
External- the pen tester will examine publicly available information about the organization or any publicly facing assets, such as cloud-based application, mails servers, and websites, and attempt to breach them remotely.
Web application- the pentester will gather information about the target web application, find exploits, and exploit them.
Mobile Application- the pen tester will use various techniques to understand the application’s logic and methods of an operation via tools used for static and dynamic analysis.
Significance in Cybersecurity:
Red Team Aspects
Red Team Aspects- the cybersecurity firm performs penetration tests. From start to finish, the red team will use a wide array of real-time techniques in response to their findings, including the use of automatic testing tools, to save time often spent on tedious tasks and common vulnerabilities.
Significance in Cybersecurity:
Blue Team Aspects
Two roles are performed by the blue team during penetration testing. The first role is to act as part of the organization’s defenses and negate any attempt to breach it. The second role is to apply mitigations and recommendations passed on by the red team during their evaluation of the organization’s security level.
Red Team
The Red Team is a group of security professionals who are hired by an organization to perform Penetration Testing on it’s systems, including software applications, websites, and operating systems.
Threats
In cybersecurity, threats refer to malicious actions that can damage the cyber systems of individuals or corporations.
Threat assessment and risk analysis are methods used to measure threat levels within an organization.
Risk Evaluation Matrix
A risk matrix is a table that categorizes threats according to their likelihood and security levels. The table helps organizations formulate risk management plans, policies, rules, services, and lessons.
Threats in Cybersecurity
Cyberthreats are key elements in most security platforms, including antivirus programs, payment systems, and anti-injection and anti-crack protection software.
The following threats are classified as “extreme” risks that frequently impact organizations:
Ransomware- Malware designed to capture or encrypt data stored on the victim’s computer. The data can be encrypted only in exchange for a given cryptocurrency payment.
Phishing- Hackers commonly employ various phishing techniques since they are relatively easy to use and simple to perform.
Denial-of-Services- classified as an extreme threat to company operations. It targets corporate servers and prevents legitimate users from accessing critical network resources, information systems, and devices.
