Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSEC > MAIN > Flashcards

MAIN Flashcards

1
Q

SOP

A

Same-origin policy: A webbrowser security mechanism that prevents javascripts from accessing data from a different origin. An origin consists of URI scheme, domain and port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CORS

A

Cross-origin resource sharing: Is a browser mechanism that allows exceptions to SOP to access resources across origins. Implemented using response headers. Browser only allows access to response content if headers are set correctly. (Access-Control-Allow-Origin, Access-Control-Allow-Credentials)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

LDAP

A

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network – whether on the public Internet or on a corporate Intranet. The common use is to provide a central place for authentication – meaning it stores usernames and passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PKI

A

Public key infrastructure is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

XSS

A

Cross site scripting: XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user’s data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application’s functionality and data. It allows an attacker to circumvent the same origin policy.

Types
- Reflected XSS: malicious script comes from the current request
- Stored XSS: malicious script comes from the applications database
- DOM-based XSS: vulnerability in client side code instead of server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SSRF

A

Server-side request forgery: Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.

In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization’s infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

OSI Modelle

A

OSI model
Layer Protocol data unit (PDU) Function[21]

Host layers
7 Application Data High-level APIs, including resource sharing, remote file access
6 Presentation Translation of data between a networking service and an application; including character encoding, data compression and encryption/decryption
5 Session Managing communication sessions, i.e., continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes
4 Transport Segment, Datagram Reliable transmission of data segments between points on a network, including segmentation, acknowledgement and multiplexing

Media layers
3 Network Packet Structuring and managing a multi-node network, including addressing, routing and traffic control
2 Data link Frame Reliable transmission of data frames between two nodes connected by a physical layer
1 Physical Bit, Symbol Transmission and reception of raw bit streams over a physical medium

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

OTP

A

A password only valid for a single session or transaction. Often combined with 2FA, where the required extra device shows/generates the otp.
OTP generation algorithms typically make use of pseudorandomness or randomness to generate a shared key or seed, and cryptographic hash functions, which can be used to derive a value but are hard to reverse and therefore difficult for an attacker to obtain the data that was used for the hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

TCP/IP

A

Also known as the internet protocol suite.

  1. Link Layer
    • Arp, MAC, Tunnels…
  2. Internet layer
    • IP, IPsec, ICMP…
  3. Transport layer
    • TCP, UDP…
  4. Application layer
    • FTP, DNS, HTTP, HTTPS, IMAP, LDAP, SMTP, SSH , SSL, TLS, Telnet …
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TCP Handshake

A

Syn -> Syn/Ack -> Ack : To establish a tcp connection. Both client and server set an initial sequence nubmer and send it over with the first request. The other party then increments it when necessarry, this allows to detect missing packages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IPSEC

A

A secure network protocol suite that authenticates and encrypts packages. Includes protocols to establish mutual authentication and negotiate crypto keys.
Can protect data between a pair of hosts, a pair of gateways or a gateway and a host. Operates on OSI layer 3 or the internet layer in the TCP/IP Modell. (pretty low)

Modes of operation
1. Transport mode: (host to host) only the payload of the ip packet is usually encrypted
2. Tunnel mode: (to gateway) entire ip packet is encrypted and authenticated and encapsulated into new ip packet with new ip header [used f.e. for vpns]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

VPN

A

Extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

Benefits: 1) increases in functionality 2) security 3) management of private network

A VPN is created by establishing a virtual point-to-point connection through the use of dedicated circuits or with tunneling protocols(f.e. through ipsec) over existing networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

IDS

A

Intrusion detection system. Software application that monitors a network or system for malicious activity or policy violations. Findings are either reported directly to an admin or gathered in a security information and event management (SIEM) system.

Types
- host based (HIDS) : Monitors f.e. important files related to the operating system
- network (NIDS): Monitors incoming network traffic

Detection methods
- signature-based
- anomaly-based (recognizes deviations from “good”/”normal” traffic, often based on machine learning)
- (reputation-based? : based on score)

IDS which include capabilities to respond the alerts are referred to as IPS. Systems combining both are also sometimes called IDPS - Intrusion detection and prevention system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IAM

A

Identity and access management. Framework of policies and technologies to ensure that the correct users have the appropriate access to technology resources. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilising IT resources but also the hardware and applications employees need to access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SMB

A

Server message blocks. A communication protocol for file sharing, network browsing, printing, and inter-process communication (IPC) between nodes on a network. Mostly used with Windows named “Microsoft Windows Network”.

Implementations : Samba, Netsmb ….

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Common ports

A

20 : ftp (filetransfer)
21 : ftp (cmd and ctrl)
22 : ssh/ftps
23 : telnet
25 : smtp (26)
53 : DNS
80 : http
110 : pop3
123 : NTP
143 : IMAP
161 : SNMP
443 : https
995 : pop ssl
3306 : mysql

17
Q

IMAP

A

Internet Message Access Protocol. Internet standard protocol to access email messages over a TCP/IP connection. Used by email clients to access email servers. Designed to allow complete management of email box by multiple clients.

Port 143 (over TLS 993)

Alternativ to the older POP3.

18
Q

ARP

A

Adress Resolution Protocol. Communication protocol used to discover the link layer address, f.e. MAC address, associated with a given internet layer address, typically IPv4. This is critical in the Internet protocol suite.
In IPv6 Networks the functionality is instead provided by Neighbor Discovery Protocol (NDP).

Functionality
In order to obtain a Mac address for a given IPv4 address a request is sent to every device in the network. The correct device will then send a response identifying itself by sending its MAC address.

19
Q

AD

A

Active Directory. Directory service developed for Windows domain networks(network where all devices are registered to a central domain controller). Now mostly an umbrella title for a broad range of directory-based identity related services. A central domain controller called Active Directory Domain Service (AD DS) authenticates and authorizes all computers and users inside a windows domain network. It assigns and enforces security policies for all devices and installs/uninstalls software.
Uses LDAP and Windows Version of Kerberos and DNS.

Services
- Domain services (AD DS): Domain controller
- Lightweight Directory Services (AD LDS): Implementaiton of LDAP protocol
- Certificate Services (AD CS): On premise public key infrastructure
- Federation Services (AD FS): Single sign-on service.
- Rights management Service (AD RMS) : …

20
Q

SNMP

A

Simple Network Management Protocol. Internet standard protocol for collecting and organising information about managed devices on IP networks and for modifying that information to change device behaviour. Usually supported by devices like modems, routers, switches, servers, workstations, printers …
Widely used in network management for network monotoring. It exposes the system status and configuration as hierarchical organised variables on the managed devices in a managed information base(MIB). This variables can also be remotely changed. SNMP does not define what information is supposed to be exposed.

21
Q

SSO

A

Single sign on. Allows a user to login with a single id to several related but independent software systems. Not the same as Directory Server Authenitcation or “Same sign on”, where the same credentials from a central directory server are used for signing in to different applications. In case of SSO a single authentication provides access to multiple systems through tokens.

Functionality
A trust relationship is required between the service provider and the identity provider. This is often established through the exchange of a certificate between the two.

A user browses to the application or website they want access to, aka, the Service Provider.
The Service Provider sends a token that contains some information about the user, like their email address, to the SSO system, aka, the Identity Provider, as part of a request to authenticate the user.
The Identity Provider first checks to see whether the user has already been authenticated, in which case it will grant the user access to the Service Provider application and skip to step 5.
If the user hasn’t logged in, they will be prompted to do so by providing the credentials required by the Identity Provider. This could simply be a username and password or it might include some other form of authentication like a One-Time Password (OTP).
Once the Identity Provider validates the credentials provided, it will send a token back to the Service Provider confirming a successful authentication.
This token is passed through the user’s browser to the Service Provider.
The token that is received by the Service Provider is validated according to the trust relationship that was set up between the Service Provider and the Identity Provider during the initial configuration.
The user is granted access to the Service Provider.

22
Q

Types of Malware

A
  • Viruses: Malware that inserts itself into an application and executes when the host is running.
  • Worms: Target vulnerabilities in software to install themselves onto systems. Can use backdoors vulnerabilities or usb sticks to access systems.
  • Trojans: Disguises itself as a desirerable software. Once downloaded they can do various malicious activities. They do not spread themselves but instead often rely on social engineering.
  • Ransomware: Encrypts the targets data and aims to force the victim to pay for the key needed for unencrypting it.
  • Rootkits: Deeply embedd themselfs in the affected host machine to give further access to the attacker or hide activities. Rootkits can manipulate the functionality of the os system in order to hiding malicious activity.
  • Spyware
  • Adware
23
Q

OWASP Top 10 - Web

A
  • A01:2021-Broken Access Control : Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user’s limits.
  • A02:2021-Cryptographic Failures : The renewed focus here is on failures related to cryptography which often leads to sensitive data exposure or system compromise.
  • A03:2021-Injection : some form of injection
  • A04:2021-Insecure Design : focuses on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures. (Secure design can still be implemented insecure)
  • A05:2021-Security Misconfiguration : some form of misconfiguration. With more shifts into highly configurable software, it’s not surprising to see this category move up.
  • A06:2021-Vulnerable and Outdated Components : often unknown
  • A07:2021-Identification and Authentication Failures : Failures related to the confirmation of the user’s identity, authentication, and session management.
  • A08:2021-Software and Data Integrity Failures : Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. An example of this is where an application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs). An insecure CI/CD pipeline can introduce the potential for unauthorized access, malicious code, or system compromise. Lastly, many applications now include auto-update functionality, where updates are downloaded without sufficient integrity verification and applied to the previously trusted application.
  • A09:2021-Security Logging and Monitoring Failures
  • A10:2021-Server-Side Request Forgery
24
Q

Session hijacking

A

The server often identifies the user based on a session id. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.

Methods
- Predictable session token;
- Session Sniffing;
- Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);
- Man-in-the-middle attack
- Man-in-the-browser attack

25
Q

Forward secrecy

A

is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. For HTTPS, the long-term secret is typically the private key of the server. Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. This by itself is not sufficient for forward secrecy which additionally requires that a long-term secret compromise does not affect the security of past session keys.

26
Q

SRM

A

Security Risk Management. The management of security risks applies the principles of risk management to the management of security threats. It consists of identifying threats (or risk causes), assessing the effectiveness of existing controls to face those threats, determining the risks’ consequence(s), prioritizing the risks by rating the likelihood and impact, classifying the type of risk, and selecting an appropriate risk option or risk response.

27
Q

CSMS

A

Cyber Security Management System. A systematic risk-based approach defining organisational processes, responsibilities and governance to treat risk associated with cyber threats to vehicles and protect them from cyber-attacks.

28
Q

SSDLC

A

Secure Software Development Lifecycle. Framework that maps the entire development process. It includes all stages—planning, design, build, release, maintenance, and updates, as well as the replacement and retirement of the application when the need arises.

CSEC (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions