Module 2 Flashcards
are anything of value to an organization, such as data and other intellectual property, servers, computers, smart phones, tablets, and more.
Assets
A potential danger to an asset such as data or the network itself.
Threat
A weakness in a system or its design that could be exploited by a threat.
Vulnerability
An attack surface is the total sum of the vulnerabilities in a given system that are accessible to an attacker. The attack surface describes different points where an attacker could get into a system, and where they could get data out of the system. For example, your operating system and web browser could both need security patches. They are each vulnerable to attacks and are exposed on the network or the internet. Together, they create an attack surface that the threat actor can exploit.
Attack surface
The mechanism that is used to leverage a vulnerability to compromise an asset. Exploits may be remote or local. A remote exploit is one that works over the network without any prior access to the target system. The attacker does not need an account in the end system to exploit the vulnerability. In a local exploit, the threat actor has some type of user or administrative access to the end system. A local exploit does not necessarily mean that the attacker has physical access to the end system.
Exploit
The likelihood that a particular threat will exploit a particular vulnerability of an asset and result in an undesirable consequence.
Risk
is the process that balances the operational costs of providing protective measures with the gains achieved by protecting the asset.
Risk management
There are four common ways to manage risk (Risk Management Strategy)
Risk acceptance
Risk avoidance
Risk reduction
Risk transfer
This is when the cost of risk management options outweighs the cost of the risk itself. The risk is accepted, and no action is taken.
Risk acceptance
This means avoiding any exposure to the risk by eliminating the activity or device that presents the risk. By eliminating an activity to avoid risk, any benefits that are possible from the activity are also lost.
Risk avoidance
This reduces exposure to risk or reducing the impact of risk by taking action to decrease the risk. It is the most commonly used risk mitigation strategy. This strategy requires careful evaluation of the costs of loss, the mitigation strategy, and the benefits gained from the operation or activity that is at risk.
Risk reduction
Some or all of the risk is transferred to a willing third party such as an insurance company.
Risk transfer
The actions that are taken to protect assets by mitigating a threat or reducing risk.
Countermeasure -
The potential damage to the organization that is caused by the threat.
Impact -
requires inside network access such as a user with an account on the network.
A local exploit
does not require an account on the network to exploit that network’s vulnerability.
A remote exploit
is a common term used to describe a threat actor.
hacker
A clever programmer capable of developing new programs and coding changes to existing programs to make them more efficient.
A network professional that uses sophisticated programming skills to ensure that networks are not vulnerable to attack.
A person who tries to gain unauthorized access to devices on the internet.
An individual who run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers.
Hacker
are ethical hackers who use their programming skills for good, ethical, and legal purposes. They may perform network penetration tests in an attempt to compromise networks and systems by using their knowledge of computer security systems to discover network vulnerabilities. Security vulnerabilities are reported to developers and security personnel who attempt to fix the vulnerability before it can be exploited. Some organizations award prizes or bounties to ____ when they provide information that helps to identify vulnerabilities.
White hat hackers
are individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage. An example would be someone who compromises a network without permission and then discloses the vulnerability publicly. ___ may disclose a vulnerability to the affected organization after having compromised their network. This allows the organization to fix the problem.
Grey hat hackers
are unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks. __ hackers exploit vulnerabilities to compromise computer and network systems.
Black hat hackers
emerged in the 1990s. They are teenagers or inexperienced threat actors
running existing scripts, tools, and exploits, to cause harm, but typically not for profit.
Script Kiddies
are grey hat hackers who attempt to discover exploits and report them
to vendors, sometimes for prizes or rewards.
Vulnerability Brokers
are grey hat hackers who rally and protest against different political and social
ideas.
Hacktivists
is a term for black hat hackers who are either self‐employed or working for
large cybercrime organizations.
Cybercriminals
are threat actors who steal government secrets, gather intelligence,
and sabotage networks of foreign governments, terrorist groups, and corporations.
State‐ Sponsored hackers
Since hacking started in the 1960s with ____ it has evolved to
include many types of threat actors.
phone freaking, or phreaking,
are threat actors
who are motivated to make money
using any means necessary.
Cybercriminals
Cybersecurity tasks
- Use a trustworthy IT vendor
- Keep security software up-to-date
- Perform regular penetration tests
- Back up to cloud and hard disk
- Periodically change WIFI password
- Keep security policy up-to-date
- Enforce use of strong passwords
- Use two factor authentication
Many network attacks can be prevented by sharing information about ____ Each attack has unique, identifiable attributes.
indicators of compromise
(IOC).
___ are the evidence
that an attack has occurred.
Indicators of compromise
IOCs can be features that identify the following:
- malware files
- IP addresses of servers that are used in attacks
- filenames
- characteristic changes made to end system software
___ focus more on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.
Indicators of attack (IOA)
are concerned with the strategies that are used by attackers.
Indicators of attack (IOA)
Categories of Tools / Evolution of Security Tools
password crackers
wireless hacking tools
network scanning and hacking tools
packet crafting tools
packet sniffers
rootkit detectors
fuzzers to search vulnerabilities
forensic tools
debuggers
hacking operating systems
encryption tools
vulnerability exploitation tools
vulnerability scanners
Passwords are the most vulnerable security threat. ____ are often referred to as password recovery tools and can be used to crack or recover the password. This is accomplished either by removing the original password, after bypassing the data encryption, or by outright discovery of the password. ____ repeatedly make guesses in order to crack the password and access the system.
password crackers
Examples of password cracking tools include John the Ripper, Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, and Medusa.
Wireless networks are more susceptible to network security threats. ____ are used to intentionally hack into a wireless network to detect security vulnerabilities.
wireless hacking tools
Examples of wireless hacking tools include Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, and NetStumbler.
____ are used to probe network devices, servers, and hosts for open TCP or UDP ports.
network scanning and hacking tools
Examples of scanning tools include Nmap, SuperScan, Angry IP Scanner, and NetScanTools.
____ _are used to probe and test a firewall’s robustness using specially crafted forged packets.
packet crafting tools
Examples of such tools include Hping, Scapy, Socat, Yersinia, Netcat, Nping, and Nemesis.
_______ are used to capture and analyze packets within traditional Ethernet LANs or WLANs.
packet sniffers
Tools include Wireshark, Tcpdump, Ettercap, Dsniff, EtherApe, Paros, Fiddler, Ratproxy, and SSLstrip.
_____ is a directory and file integrity checker used by white hats to detect installed root kits.
rootkit detectors
Example tools include AIDE, Netfilter, and PF: OpenBSD Packet Filter.
____are tools used by threat actors when attempting to discover a computer system’s security vulnerabilities.
fuzzers to search vulnerabilities
Examples of fuzzers include Skipfish, Wapiti, and W3af.
White hat hackers use _____ to sniff out any trace of evidence existing in a particular computer system.
forensic tools
Example of tools include Sleuth Kit, Helix, Maltego, and Encase.
_____ are used by black hats to reverse engineer binary files when writing exploits. They are also used by white hats when analyzing malware.
debuggers
Debugging tools include GDB, WinDbg, IDA Pro, and Immunity Debugger.
_____ are specially designed operating systems preloaded with tools and technologies optimized for hacking.
hacking operating systems
Examples of specially designed hacking operating systems include Kali Linux, SELinux, Knoppix, Parrot OS, and BackBox Linux.
These tools safeguard the contents of an organization’s data when it is stored or transmitted. ______use algorithm schemes to encode the data to prevent unauthorized access to the data.
encryption tools
Examples of these tools include VeraCrypt, CipherShed, Open SSH, OpenSSL, OpenVPN, and Stunnel.
These tools identify whether a remote host is vulnerable to a security attack.
vulnerability exploitation tools
Examples of vulnerability exploitation tools include Metasploit, Core Impact, Sqlmap, Social Engineer Tool Kit, and Netsparker.
These tools scan a network or system to identify open ports. They can also be used to scan for known vulnerabilities and scan VMs, BYOD devices, and client databases.
vulnerability scanners
Examples of these tools include Nipper, Securia PSI, Core Impact, Nessus, SAINT, and Open VAS.
Categories of Attacks
eavesdropping attacks
data modification attack
IP address spoofing attack
password-based attacks
denial-of-service (DoS) attack
man-in-the-middle attack (MiTM)
compromised key attack
sniffer attack
is when a threat actor captures and listens to network traffic. This attack is also referred to as sniffing or snooping.
eavesdropping attack
or sniffing or snooping
occur when a threat actor has captured enterprise traffic and has altered the data in the packets without the knowledge of the sender or receiver.
Data modification attacks
is when a threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.
IP address spoofing attack
occur when a threat actor obtains the credentials for a valid user account. Threat actors then use that account to obtain lists of other users and network information. They could also change server and network configurations, and modify, reroute, or delete data.
Password-based attacks
prevents normal use of a computer or network by valid users. After gaining access to a network,
a _____can crash applications or network services.
A ___ _can also flood a computer or the entire network with traffic until a shutdown occurs because of the overload.
A _____can also block traffic, which results in a loss of access to network resources by authorized users.
denial-of-service DoS attack
occurs when threat actors have positioned themselves between a source and destination. They can now actively monitor, capture, and control the communication transparently.
man-in-the-middle attack MiTM attack
occurs when a threat actor obtains a secret key. This is referred to as a compromised key. A compromised key can be used to gain access to a secured communication without the sender or receiver being aware of the attack.
compromised-key attack
is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a ____ provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the threat actor does not have access to the key.
sniffer
can occur when threat actors have gained access to user account information that allows them to access a system like authorized users.
A password-based attack
threat actors alter the contents of legitimate messages without the knowledge of the sender or receiver.
In data modification attacks,
a threat actor causes network traffic to pass through his computer. The traffic is then forwarded on as usual. The threat actor can then access then read and analyze the traffic for valuable information.
In man-in-the-middle (MiTM) attacks,
When encryption keys are stolen and use to decrypt private communications, ____ has occurred.
a compromised-key attack
A threat actor has attached to the network and uses a sniffer to read the contents of network traffic. This is an _____
eavesdropping attack.
A threat actor uses a tool to construct IP packets that appear to come from a valid source within the corporate network. This is an example of
IP address spoofing.
uses fake traffic to prevent legitimate users to access a network or system.
A denial of service (DoS) attack
It is code or software that is specifically
designed to damage, disrupt, steal, or generally inflict some other “bad” or illegitimate action on
data, hosts, or networks.
Malware is short for malicious software or malicious code.
are especially prone to malware attacks.
End devices
Three most common types of malware are:
- virus
- worm
- Trojan horse
is a type of malware that spreads by inserting a copy of itself into another program. After
the program is run, ____ then spread from one computer to another, infecting the computers.
Most ____ require human help to spread.
A simple ___ may install itself at the first line of code in an executable file. When activated, the
___ might check the disk for other executables so that it can infect all the files it has not yet
infected.
___ can also be programmed to mutate to avoid detection.
Most____ are now spread by
USB memory drives,
CDs,
DVDs,
network shares, and
email.
A virus
