Module 1 - Introduction to Security

Question 1

What is Security?

Answer 1

To be free from danger & the process that achieves that freedom

Question 2

As security is increased, what happens to convenience?

Answer 2

Decreases

Question 3

How is digital information secured?

Answer 3

1) Manipulated by a microprocessor
2) Preserved on a storage device
3) Transmitted over a network

Question 4

What are the 3 types of information protecting, & what is the acronym?

Answer 4

CIA Triad:

1) Confidentiality
2) Integrity
3) Availability

Question 5

Define Confidentiality

Answer 5

Only approved individuals may access information

Question 6

Define Integrity

Answer 6

Ensures information is correct & unaltered

Question 7

Define Availability

Answer 7

Ensures information is accessible to authorized users

Question 8

What is a Threat Actor?

Answer 8

An individual or entity responsible for cyber incidents against the technology equipment of enterprises & users; aka “attacker” or “hacker”

Question 9

What 3 categories is Financial Crime divided into based on targets?

Answer 9

1) Individual Users
2) Enterprises
3) Governments

Question 10

What are the 3 types of hackers?

Answer 10

1) Black hat hackers
2) White hat hackers
3) Gray hat hackers

Question 11

What are Black Hat Hackers?

Answer 11

Threat actors who violate computer security for personal gain or to inflict malicious damage (ex: corrupt a hard drive)

Question 12

What do White Hat Hackers do?

Answer 12

Attempt to probe a system (with an organization’s permission) for weaknesses & then privately provide that information; aka “ethical hackers”

Question 13

What are Gray Hat Hackers?

Answer 13

Attackers’ who attempt to break into a computer system without the organization’s permission (illegal) but not for their own advantage; instead, they publicly disclose the attack in order to shame the organization into taking action

Question 14

What are the 5 distinct categories of hackers?

Answer 14

1) Script kiddies
2) Hacktivists
3) State actors
4) Insiders
5) Others (Competitors, Criminal Syndicates, Shadow IT, Brokers, Cyberterrorists)

Question 15

What are Script Kiddies?

Answer 15

Individuals who want to perform attacks, yet lack technical knowledge to carry them out. They download freely available automated attack software & use it to attack

Question 16

What are Hacktivists?

Answer 16

Individuals strongly motivated by ideology (for the sake of their principles or beliefs);
Often involved breaking into a website & changing its contents as means of a political statement

Question 17

What are State Actors?

Answer 17

Launches cyberattacks on their foes (instead of an army walking in); directed towards businesses in foreign countries with the goal of causing financial harm or damage to the enterprise’s reputation;deadliest of any threat actors

Question 18

Which type of threat actor is the deadliest?

Answer 18

State Actors

Question 19

What is APT, what does it stand for, & who does it?

Answer 19

A class of attacks that use innovative attack tools to infect & silently extract data over an extended period of time;

Advanced Persistent Threat (APT)

Most commonly associated w/ state actors

Question 20

What are Insiders?

Answer 20

Employers, contractors, & business partners can pose an insider threat of manipulating data from the position of a trusted employee; harder to recognize because they come from within the enterprise

Question 21

What are the “Other” threat actors?

Answer 21

1) Competitors
2) Criminal Syndicates
3) Shadow IT
4) Brokers
5) Cyberterrorists

Question 22

What are Competitors?

Answer 22

Launch attacks against an opponent’s system to steal classified information; may steal new product research or a list of current customers to gain a competitive advantage

Question 23

What are Criminal Syndicates?

Answer 23

Move from traditional criminal activities to more rewarding and less risky online attacks

Question 24

What are Shadow ITs?

Answer 24

Employees become frustrated with the slow pace of acquiring technology, so they purchase and install their own equipment or resources in violation of company policies;

Question 25

What are the 3 focuses of Insiders?

Answer 25

1) Intellectual Property (IP)
2) Sabotage
3) Espionage

Question 26

What are Brokers?

Answer 26

Sell their knowledge of a weakness to other attackers or governments; sell weaknesses to the highest bidder

Question 27

What are Cyberterrorists?

Answer 27

Attack a nation’s network & computer infrastructure to cause disruption & panic among citizens

Question 28

Define Vulnerability

Answer 28

The state of being exposed to the possibility of being attacked or harmed

Question 29

What are the 5 categories of Vulnerabilities?

Answer 29

1) Platforms
2) Configurations
3) Third parties
4) Patches
5) Zero-day vulnerability

Question 30

What is a Legacy platform?

Answer 30

For a variety of reasons (limited hardware capacity, an application that only operates on a specific OS version, or neglect), an OS may not be updated, thus depriving it of these security fixes; just asking to be attacked; think Windows XP

Question 31

What is an On-premises platform?

Answer 31

Software & technology located within the physical confines of an enterprise

Question 32

What are Cloud platforms?

Answer 32

Servers, storage, & the supporting networking infrastructure are shared by multiple enterprises over a remote network connection that has been contracted for a specific period of time

Question 33

What are the 3 types of platforms?

Answer 33

1) Legacy platform
2) On-premises platform
3) Cloud platform

Question 34

What is a Weak Configuration?

Answer 34

Features & security settings that are not properly configured to repel attacks

Question 35

What are 7 types of weak configurations?

Answer 35

1) Default setting
2) Open port & services
3) Unsecured root accounts
4) Open permission
5) Unsecured protocols
6) Weak encryption
7) Errors

Question 36

What are Default Settings as a weak configuration?

Answer 36

Predetermined by the vendor for usability & ease of use (not for security) so the user can immediately begin using the product; ex: a router comes with a default password that is widely known

Question 37

What are Open Ports & Services as a weak configuration?

Answer 37

Devices & services are often configured to allow the most access so that the user can close ports that are specific to that organization; ex: a firewall comes with FTP ports 20 & 21 open

Question 38

What are Unsecured Root Accounts?

Answer 38

Can give a user unfettered access to all resources; ex: a misconfigured cloud storage repository cloud give any user access to all data

Question 39

What are Open Permissions as a weak configuration?

Answer 39

User access over files that should be restricted; ex: a user could be given Read, Write, and Execute privileges when she should have only Read privileges

Question 40

What are Unsecured Protocols as a weak configuration?

Answer 40

Aka insecure protocols; this configuration uses protocols for telecommunications that do not provide adequate protections; ex: an employee could use devices that run services with unsecure protocols such as Telnet or SNMPv1

Question 41

What is Weak Encryption as a weak configuration?

Answer 41

Users choosing a known vulnerable encryption mechanism; ex: a user could select an encryption scheme that has a known weakness or a key value that is too short

Question 42

What are Errors as a weak configuration?

Answer 42

Human mistakes in selecting one setting over another without considering the security implications; ex: an employee could use deprecated settings instead of current configurations

Question 43

What are Third Parties?

Answer 43

External entities used by almost all businesses;
One of the major risks of a third-party system integration involves the principle of the “weakest link”

Question 44

What is Outsourced Code Development as it relates to Third Parties?

Answer 44

Contracting with third parties to assist the organization in the development & writing of a software program or app

Question 45

What is Data Storage as it relates to Third Parties?

Answer 45

Third-party facilities used for storing important data

Question 46

What is Vendor Management as it relates to Third Parties?

Answer 46

Process organizations use to monitor & manage the interactions with all of their external third parties

Question 47

What is System Integration as it relates to Third Parties?

Answer 47

Connectivity between the organization & the third party

Question 48

What is Lack of Vendor Support as it related to Third Parties?

Answer 48

A lack of expertise to handle system integration

Question 48

What is a Security Patch?

Answer 48

An officially released software security update intended to repair a vulnerability; important because they can create vulnerabilities

Question 49

What are the 3 vulnerabilities that Patches can create?

Answer 49

1) Difficulty patching firmware
2) Few patches for application software
3) Delays in patching OSs

Question 50

Explain Difficulty Patching Firmware.

Answer 50

Firmware, or software that is embedded into hardware, provides low-level controls & instructions for the hardware; updating firmware to address a vulnerability can often be difficult & requires specialized steps; furthermore, some firmware cannot be patched

Question 51

Explain Few Patches for Application Software?

Answer 51

Outside of the major application software, patches for applications are uncommon; in most cases, no automated process can identify which computers have installed the application, alert users to a patch, or to distribute the patch

Question 52

Explain Delays in Patching OSs.

Answer 52

Modern operation systems – such as Red Hat Linux, Apple macOS, Ubuntu Linux, & Microsoft Windows – frequently distribute patches; however, they can create new problems, such a preventing a custom application from running correctly; many organizations use test patches when they are released to ensure that they do not adversely affect any customized applications  organizational delays installing a patch from the developer’s online update service until the patch is thoroughly tested

Question 53

Define Zero Day vulnerabilities.

Answer 53

A vulnerability that is exploited by attackers before anyone else even knows it exists; this type of vulnerability is called a zero day because it provides zero days of warning; considered extremely serious

Question 54

What are Attack Vectors?

Answer 54

Pathway or avenue used by a threat actor to penetrate a system

Question 55

What are the categories of Attack Vectors?

Answer 55

1) Email
2) Wireless
3) Removeable Media
4) Direct Access
5) Social Media
6) Supply Chain
7) Cloud

Question 56

How is Email an Attack Vector?

Answer 56

Almost 94% of all malware is delivered through email to an unsuspecting user; goal – to trick the user to open an attachment that contains malware or click a hyperlink that takes the user to a fictitious website

Question 57

How is Wireless an Attack Vector?

Answer 57

Because wireless data transmissions “float” through the airwaves, they can be intercepted & read or altered by a threat actor if the transmission is not properly protected

Question 58

How is Removeable Media an Attack Vector?

Answer 58

Common attack vector (ex: USB flash drive); threat actors have been known to infect USB drives with malware & leave them scattered in a parking lot or cafeteria; once inserted, the USB flash drive will infect the computer

Question 59

How is Direct Access an Attack Vector?

Answer 59

Occurs when a threat actor can gain direct physical access to the computer; can insert a USB flash drive with an alternative operating system & reboot the computer under the alternate OS to bypass the security on the computer

Question 60

How is Social Media an Attack Vector?

Answer 60

Ex: an attacker may read social media posts to determine when an employee will be on vacation & then call the organization’s help desk pretending to be that employee to ask for “emergency” access to an account

Question 61

How is Supply Chain an Attack Vector?

Answer 61

Network that moves a product from the supplier to the customer & is made up of vendors that supply raw material, manufacturers who convert the material into products, warehouses that store products, distribution centers that deliver them to the retailers, & retailers who bring the product to the consumer; also serve as third-party vulnerabilities

Question 62

How is Cloud an Attack Vector?

Answer 62

Taking advantage of the complexity of remote cloud servers & storage devices to find security weaknesses

Question 63

What is Social Engineering?

Answer 63

Means of eliciting information (gathering data) by relying on the weaknesses of individuals; also used as influence campaigns to sway attention & sympathy in a particular direction; rely on psychological principles; one of the most successful types of attack; does not even exploit technology vulnerabilities; each successful attack has serious ramifications

Question 64

What is an Influence Campaign? What are the 2 types?

Answer 64

Uses social engineering to sway attention & sympathy in a particular direction

Types:
Social Media Influence Compaign - exclusively used on social media & other sources
Hybrid Warfare Influence Campaign - used on social media & other sources

Question 65

Explain Psychological Principles for Social Engineering Attacks.

Answer 65

To affect others mentally & emotionally rather than physically; factors that make social engineering highly effective; ex: CEO calling organization’s help desk to reset a password; variety of techniques to gain trust – provide a reason, project confidence, use evasion & diversion, make them laugh

Question 66

What are Social Engineering Effectiveness (7) for Psychological Principles?

Answer 66

1) Authority
2) Intimidation
3) Consensus
4) Scarcity
5) Urgency
6) Familiarity
7) Trust

Question 67

What is Authority as a Psychological Principle?

Answer 67

To impersonate an authority figure or falsely cite their authority; ex: “I’m the CEO calling”

Question 68

What is Intimidation as a Psychological Principle?

Answer 68

To frighten & coerce by threat; ex: “if you don’t reset my password, I will call your supervisor”

Question 69

What is Consensus as a Psychological Principle?

Answer 69

To influence by what others do; ex: “I called last week, & your colleage reset by password”

Question 69

What is Scarcity as a Psychological Principle?

Answer 69

To refer to something in short supply; ex: “I can’t waste time here”

Question 70

What is Urgency as a Psychological Principle?

Answer 70

To demand immediatie action; ex: “My meeting with the board starts in five minutes”

Question 70

What is Familiarity as a Psychological Principle?

Answer 70

To give the impression the victim is well known & well received; ex: “I remember reading a good evaluation on you”

Question 70

What is Trust as a Psychological Principle?

Answer 70

To inspire confidence; ex: “You know who I am”

Question 71

What is Prepending related to Psychological Principles?

Answer 71

Influencing the subject before the event occurs; ex: “the best film you will see this year!”; by starting with the desired outcome, the statement influences the listener to think that way

Question 72

What are the 4 techniques Attackers use to gain trust?

Answer 72

1) Provide a reason - adds a reason with their request
2) Project confidence - acts like they belong
3) Use evasion & diversion - evades a question
4) Make them laugh - uses humor

Question 73

Social engineering psychological approaches/techniques involve (7):

Answer 73

1) Impersonation
2) Phishing
3) Redirection
4) Spam
5) Spim
6) Hoaxes
7) Watering Hole Attack

Question 74

What is Redirection as a psychological approach?

Answer 74

User makes a typing error when entering a uniform resource location (URL) address in a web browser, such as typing goggle.com (a misspelling) or google.net (incorrect domain) instead of the correct google.com; in past, error message like HTTP Error 404 Not Found; when an attacker directs a user to a fake lookalike site filled with ads for which the attacker receives money for traffic generated to the site

Question 75

What is Impersonation as a psychological approach?

Answer 75

Aka identity fraud – masquerading as a real or fictitious character & then playing the role of that person with a victim; goal can be to obtain private information (pretexting)

Question 76

What is Phishing as a psychological approach?

Answer 76

Sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action; one of the largest & most consequential cyber treats

Question 77

What is an Invoice Scam?

Answer 77

Fictitious overdue invoice that demands immediate payment; type of Phishing

Question 78

What are 4 types of Phishing?

Answer 78

1) Spear Phishing
2) Whaling
3) Vishing
4) Smishing

Question 79

What is Spear Phishing?

Answer 79

Targets specific users; emails are customized to the recipients, including their names & personal information

Question 80

What is Whaling?

Answer 80

Attacks wealthy individuals or senior executives instead of going after “smaller fish”

Question 81

What is Vishing?

Answer 81

Using phone calls instead of emails; attack calls victim, who upon answering, hears a recorded message that pretends to be from the user’s bank stating that her credit card has experience fraudulent activity or that her bank account has had unusual activity

Question 82

What is Smishing?

Answer 82

Variation of vishing using SMS text messages & callback recorded phone messages; pretends to be from their bank

Question 83

What is Typo Squatting as a form of Redirection?

Answer 83

Today’s user is often directed to a fake lookalike site filled w/ ads for which the attacker receives money for traffic generated to the site;purchasing the domain names of sites that are spelled similarly to actual sites

Question 84

What is Pharming as a form of Redirection?

Answer 84

Attempts to exploit how a URL such as www.cengage.com is converted into its corresponding IP address

Question 85

What is Spam as a psychological approach?

Answer 85

Unsolicited email that is sent to a large # of recipients; users receive so many spam messages because sending spam is lucrative (costs spammers very little to send millions of spam email messages); botnets; spammers make a large profit; image spam – uses graphical images of text in order to circumvent text-based filters; image spam cannot be filtered based on the textual content of the message because it appears as an image instead of text; nonsense text

Question 86

What is Spim as a psychological approach?

Answer 86

Spam delivered through instant messaging (IM) instead of email; for threat actors, spim can have even more impact than spam; immediacy of instant messages makes users more likely to reflexively click embedded links in a spim; may bypass some antimalware defenses

Question 87

What are Hoaxes as a psychological approach?

Answer 87

False warning, often contained in an email message claiming to come from the IT department; ex: “deadly virus” – erase specific files or change security configurations & then forward the message to others

Question 88

What is a Watering Hole Attack as a psychological approach?

Answer 88

Directed toward a smaller group of specific individuals, such as the major executives working for a manufacturing company – they tend to visit a common website; attacker targets the common website that’s frequented & infects it with malware that will make its way onto the group’s computers

Question 89

Explain Physical Procedures for Social Engineering Attacks.

Answer 89

Attacks that rely on physical acts; these attacks take advantage of user actions that can result in compromised security

Question 90

What are the 3 most common Physical Procedures for Social Engineering Attacks?

Answer 90

1) Dumpster Diving
2) Tailgating
3) Shoulder Surfing

Question 91

What is Dumpster Diving as a physical procedure?

Answer 91

Involves digging through trash receptables to find information that can be useful in an attack

Ex: calendars, inexpensive computer hardware, memos, organizational charts, phone directories, policy manuals, system manuals, electronic variations

Question 92

What is Tailgating as a physical procedure?

Answer 92

Cannot control how many people enter the building when access is allowed; once an authorized person opens the door, one or more individuals can follow behind & also enter

Question 93

What is Shoulder Surfing as a physical procedure?

Answer 93

To watch an individual entering the security code on a keypad; can be used in any setting that allows an attacker to casually observe someone entering secret information, such as the security codes on a door keypad; attackers are also using webcams & smartphone cameras to “shoulder surf” users of ATM machines to record keypad entries

Question 94

What are 2 classifications of negative impacts form a successful attack?

Answer 94

1) Data impacts
2) Effects on the organization

Question 95

What are Data Impacts as a successful attack?

Answer 95

Goal of attack focuses on data as the primary target

Question 96

What are Effects on the Enterprise as a successful attack?

Answer 96

Successful attack can also have grave consequences for an enterprise; attack may make systems inaccessible (availability loss); results in lost productivity, which can affect the normal tasks for general income (financial loss)

Question 97

What are the 4 consequences of a data attack?

Answer 97

1) Data loss
2) Data exfiltration
3) Data breach
4) Identity theft

Question 98

What is Data Loss as a consequence of a data attack?

Answer 98

Destroying data so that it cannot be recovered; ex: maliciously erasing patient data used for cancer research

Question 99

What is Data Exfiltration as a consequence of a data attack?

Answer 99

Stealing data to distribute it to other parties; ex: taking a list of current customers & selling it to a competitor

Question 100

What is Data Breach as a consequence of a data attack?

Answer 100

Stealing data to disclose it in an unauthorized fashion; ex: stealing credit card numbers to sell to other threat actors

Question 101

What is Identity Theft as a consequence of a data attack?

Answer 101

Taking personally identifiable information to impersonate someone; ex: stealing a SSN to secure a bank loan in the victim’s name

Question 102

Define Attributes of Threat Actors (blue).

Answer 102

Characteristic features of the different groups of threat actors can vary widely

Question 103

Define Level of Capability/Sophistication of Threat Actors (blue).

Answer 103

High level of power & complexity by threat actors

Question 104

Define Resources & Funding of Threat Actors (blue).

Answer 104

Financial capabilities of threat actors

Question 105

Define Internal of Threat Actors (blue).

Answer 105

Threat actors that work within the enterprise

Question 106

Define External of Threat Actors (blue).

Answer 106

Threat actors that work outside of the enterprise

Question 107

Define Intent/Motivation of Threat Actors (blue).

Answer 107

Reason for the attacks by threat actors

Question 108

Define Hacker of Threat Actors (blue).

Answer 108

A person who uses advanced computer skills to attack computers

Question 109

Define Firmware related to Patches (blue).

Answer 109

Software that is embedded into hardware

Question 110

Define Pretexting r/t Impersonation.

Answer 110

Using impersonation to obtain private information

Question 111

Define Invoice Scam r/t Phishing.

Answer 111

Fictitious overdue invoice that demands immediate payment