MODULE 13 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards
Who is Attacking Our Network?
Threat, Vulnerability, and Risk
We are under attack and attackers want access to our assets.
Assets are anything of value to an organization, such as data and other intellectual property, servers, computers, smart phones, tablets, and more.
To better understand any discussion of network security, it is important to know the following terms: :
– Threat
– Vulnerability
– Attack surface
– Exploit
– Risk
To better understand any discussion of network security, it is important to know the following terms: :
– Threat
– Vulnerability
– Attack surface
– Exploit
– Risk
Threat :
A potential danger to an asset such as data or the network itself.
To better understand any discussion of network security, it is important to know the following terms: :
– Threat
– Vulnerability
– Attack surface
– Exploit
– Risk
Vulnerability :
A weakness in a system or its design that could be exploited by a threat.
To better understand any discussion of network security, it is important to know the following terms: :
– Threat
– Vulnerability
– Attack surface
– Exploit
– Risk
Attack surface :
An attack surface is the total sum of the vulnerabilities in a given system that are accessible to an attacker.
The attack surface describes different points where an attacker could get into a system, and where they could get data out of the system.
For example, your operating system and web browser could both need security patches.
They are each vulnerable to attacks and are exposed on the network or the internet. Together, they create an attack surface that the threat actor can exploit.
To better understand any discussion of network security, it is important to know the following terms: :
– Threat
– Vulnerability
– Attack surface
– Exploit
– Risk
Exploit :
The mechanism that is used to leverage a vulnerability to compromise an asset. Exploits may be remote or local. A remote exploit is one that works over the network without any prior access to the target system.
The attacker does not need an account in the end system to exploit the vulnerability.
In a local exploit, the threat actor has some type of user or administrative access to the end system. A local exploit does not necessarily mean that the attacker has physical access to the end system.
To better understand any discussion of network security, it is important to know the following terms: :
– Threat
– Vulnerability
– Attack surface
– Exploit
– Risk
Risk :
The likelihood that a particular threat will exploit a particular vulnerability of an asset and result in an undesirable consequence.
Risk management is the process that balances the operational costs of providing protective measures with the gains achieved by protecting the asset.
There are four common ways to manage risk, as shown in the table:
– Risk acceptance
– Risk avoidance
– Risk reduction
– Risk transfer
Risk acceptance :
This is when the cost of risk management options outweighs the cost of the risk itself.
The risk is accepted, and no action is taken.
Risk management is the process that balances the operational costs of providing protective measures with the gains achieved by protecting the asset.
There are four common ways to manage risk, as shown in the table:
– Risk acceptance
– Risk avoidance
– Risk reduction
– Risk transfer
Risk avoidance :
This means avoiding any exposure to the risk by eliminating the activity or device that presents the risk.
By eliminating an activity to avoid risk, any benefits that are possible from the activity are also lost.
Risk management is the process that balances the operational costs of providing protective measures with the gains achieved by protecting the asset.
There are four common ways to manage risk, as shown in the table:
– Risk acceptance
– Risk avoidance
– Risk reduction
– Risk transfer
Risk reduction :
This reduces exposure to risk or reducing the impact of risk by taking action to decrease the risk. It is the most commonly used risk mitigation strategy.
This strategy requires careful evaluation of the costs of loss, the mitigation strategy, and the benefits gained from the operation or activity that is at risk.
Risk management is the process that balances the operational costs of providing protective measures with the gains achieved by protecting the asset.
There are four common ways to manage risk, as shown in the table:
– Risk acceptance
– Risk avoidance
– Risk reduction
– Risk transfer
Risk transfer :
Some or all of the risk is transferred to a willing third party such as an insurance company.
Other commonly used network security terms include: :
– Countermeasure
– Impact
Countermeasure :
The actions that are taken to protect assets by mitigating a threat or reducing risk.
Other commonly used network security terms include: :
– Countermeasure
– Impact
Impact :
The potential damage to the organization that is caused by the threat.
Note: A local exploit requires inside network access such as a user with an account on the network.
A remote exploit does not require an account on the network to exploit that network’s vulnerability.
Hacker vs. Threat Actor As we know, “hacker” is a common term used to describe a threat actor.
However, the term “hacker” has a variety of meanings, as follows: A clever programmer capable of developing new programs and coding changes to existing programs to make them more efficient.
A network professional that uses sophisticated programming skills to ensure that networks are not vulnerable to attack. A person who tries to gain unauthorized access to devices on the internet.
An individual who run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers.
https://snipboard.io/AOGko8.jpg https://snipboard.io/YmUgrc.jpg
As we know, “hacker” is a common term used to describe a threat actor. However, the term “hacker” has a variety of meanings, as follows:
A clever programmer capable of developing new programs and coding changes to existing programs to make them more efficient. A network professional that uses sophisticated programming skills to ensure that networks are not vulnerable to attack.
A person who tries to gain unauthorized access to devices on the internet. An individual who run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers.
https://snipboard.io/AOGko8.jpg https://snipboard.io/YmUgrc.jpg
Good or bad, hacking is an important aspect of network security.
In this course, the term threat actor is used when referring to those individuals or groups that could be classified as gray or black hat hackers.
Good or bad, hacking is an important aspect of network security.
In this course, the term threat actor is used when referring to those individuals or groups that could be classified as gray or black hat hackers.
Evolution of Threat Actors :
Hacking started in the 1960s with phone freaking, or phreaking, which refers to using various audio frequencies to manipulate phone systems.
At that time, telephone switches used various tones, or tone dialing, to indicate different functions.
Early threat actors realized that by mimicking a tone using a whistle, they could exploit the phone switches to make free long-distance calls.
In the mid-1980s, computer dial-up modems were used to connect computers to networks.
Threat actors wrote “war dialing” programs which dialed each telephone number in a given area in search of computers, bulletin board systems, and fax machines.
When a phone number was found, password-cracking programs were used to gain access. Since then, general threat actor profiles and motives have changed quite a bit. There are many different types of threat actors.
– Script Kiddies
– Vulnerability Brokers
– Hacktivists
– Cybercriminals
– State-sponsored
In the mid-1980s, computer dial-up modems were used to connect computers to networks.
Threat actors wrote “war dialing” programs which dialed each telephone number in a given area in search of computers, bulletin board systems, and fax machines.
When a phone number was found, password-cracking programs were used to gain access. Since then, general threat actor profiles and motives have changed quite a bit. There are many different types of threat actors.
– Script Kiddies
– Vulnerability Brokers
– Hacktivists
– Cybercriminals
– State-sponsored
Script Kiddies :
Script kiddies emerged in the 1990s and refers to teenagers or inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically not for profit.
In the mid-1980s, computer dial-up modems were used to connect computers to networks.
Threat actors wrote “war dialing” programs which dialed each telephone number in a given area in search of computers, bulletin board systems, and fax machines.
When a phone number was found, password-cracking programs were used to gain access. Since then, general threat actor profiles and motives have changed quite a bit. There are many different types of threat actors.
– Script Kiddies
– Vulnerability Brokers
– Hacktivists
– Cybercriminals
– State-sponsored
Vulnerability Brokers :
Vulnerability brokers typically refers to grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.
In the mid-1980s, computer dial-up modems were used to connect computers to networks.
Threat actors wrote “war dialing” programs which dialed each telephone number in a given area in search of computers, bulletin board systems, and fax machines.
When a phone number was found, password-cracking programs were used to gain access. Since then, general threat actor profiles and motives have changed quite a bit. There are many different types of threat actors.
– Script Kiddies
– Vulnerability Brokers
– Hacktivists
– Cybercriminals
– State-sponsored
Hacktivists :
Hacktivists is a term that refers to grey hat hackers who rally and protest against different political and social ideas.
Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks.
In the mid-1980s, computer dial-up modems were used to connect computers to networks.
Threat actors wrote “war dialing” programs which dialed each telephone number in a given area in search of computers, bulletin board systems, and fax machines.
When a phone number was found, password-cracking programs were used to gain access. Since then, general threat actor profiles and motives have changed quite a bit. There are many different types of threat actors.
– Script Kiddies
– Vulnerability Brokers
– Hacktivists
– Cybercriminals
– State-sponsored
Cybercriminals :
Cybercriminal is a term for black hat hackers who are either self-employed or working for large cybercrime organizations.
Each year, cyber criminals are responsible for stealing billions of dollars from consumers and businesses.
In the mid-1980s, computer dial-up modems were used to connect computers to networks.
Threat actors wrote “war dialing” programs which dialed each telephone number in a given area in search of computers, bulletin board systems, and fax machines.
When a phone number was found, password-cracking programs were used to gain access. Since then, general threat actor profiles and motives have changed quite a bit. There are many different types of threat actors.
– Script Kiddies
– Vulnerability Brokers
– Hacktivists
– Cybercriminals
– State-sponsored
State-sponsored :
State-Sponsored hackers are threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations.
Most countries in the world participate to some degree in state-sponsored hacking.
Depending on a person’s perspective, these are either white hat or black hat hackers.