Module 4: Modern Network Security Threats Flashcards
It is term that refers to policies and processes put in place by
companies to help prevent security incidents and data breaches as well as limit the extent of damage when security attacks do happen.
cyber security threat mitigation
Vectors of data loss
Email/Webmail
Unencrypted Devices
Cloud Storage Devices
Removable Media
Hard Copy
Improper Access Control
examples of outside perimeter security
On-premise security officers
Fences and gates
Continuous video surveillance
Security breach alarms
examples of inside perimeter security
Electronic motion detectors
Security traps
Continuous video surveillance
Biometric access and exit sensors
What are the virtual machine threats?
hyperjacking
instant on activation
antivirus storm
It is an is an attack in which a hacker takes malicious control over the hypervisor that creates the virtual environment within a VM host.
hyperjacking
A virtual attack where the attacks happen as soon as you activate them, meaning they have no activation frames.
instant on activation
It is the demand on computing resources that occurs when antivirus software simultaneously scans multiple guest virtual machines on a single physical host.
antivirus storm
What are the different components of a secure data center for cloud and virtual networks?
secure segmentation
threat defense
visibility
what are the critical MDM (mobile device management) functions for BYOD (bring your own device) network?
Data encryption
PIN enforcement
Data wipe
Data loss prevention
Jailbreak/root detection
One of the mobile device management method where it does not produce a certified report which is different to data erasure.
data wipe
One of the mobile device management method where it overwrites data without verification that the software was successful in overwriting to all sectors of the storage device.
data wipe
One of the mobile device management method where it produces an erasure report that the data is rendered unrecoverable and achieves data sanitization.
data erasure
One of the mobile device management method where it overwrites data from any data storage device using zeros and ones onto all sectors of the device and verifying the data has been erased.
data erasure
One of modern hacker title whose motivation is usually for personal or financial gain, but they can also be involved in cyber espionage, protest or perhaps are just addicted to the thrill of cybercrime
black hat hackers
One of modern hacker title who are responsible for writing malware, which is a method used to gain access to these systems.
black hat hackers
One of modern hacker title that works for companies as security specialists that attempt to find security holes via hacking.
White hat hackers
One of the modern hacker titles, also known as ethical hackers, that employs the same methods of hacking as black hats, with one exception—they do it with permission from the owner of the system first, which makes the process completely legal.
White hat hackers
One of modern hacker title that will look for vulnerabilities in a system without the owner’s permission or knowledge.
Grey hat hackers
One of modern hacker title that have little to no coding skills, and rely on available tools or exploit kits to carry out an attack.
script kiddie
One of modern hacker title that is used to describe a person who uses scripts or codes developed by real hackers to attack a network or website.
script kiddie
One of modern hacker title where a person who gains unauthorized access to computer files or networks in order to further social or political ends.
hacktivist
One of modern hacker title that published several leaks containing hacking tools, including several zero-day exploits. These these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products.
shadow brokers / vulnerability broker
Give at least 5 penetration testing tools.
- Password crackers
- Wireless hacking
- Network scanning and hacking
- Packet crafting
- Packet sniffers
- Rootkit detectors
- Fuzzers to search vulnerabilities
- Forensic
- Debuggers
- Hacking operating systems
- Encryption
- Vulnerability exploitation
- Vulnerability Scanners
It is a threat where it allows network administrators to probe firewall rule-sets by manually generating packets to test network devices and behaviour, instead of using existing network traffic.
packet crafting
It is a threat where it examines streams of data packets that flow between computers on a network as well as between networked computers and the larger Internet.
packet sniffer
It is a threat where a piece of hardware or software used to monitor network traffic.
packet sniffer
It is a threat where it is generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.
rootkit
It is a threat where a computer program designed to provide continued privileged access to a computer while actively hiding its presence.
rootkit
Give at least 5 network hacking attacks.
- Eavesdropping
- Data modification
- IP (internet protocol) address spoofing
- Password-based
- Denial-of-service
- Man-in-the-middle
- Compromised-key
- Sniffer
A hacker uses tools to modify the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it.
internet protocol spoofing (ip spoofing)
It is an attack meant to shut down a machine or network by flooding the target with traffic, or sending it information that triggers a crash.
denial-of-service
It is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
denial-of-service attack
It is an attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other.
man-in-the-middle attack
It is an attack that takes advantage of unsecured network communications to access data as it is being sent or received by its user.
eavesdropping attack
It is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device
eavesdropping attack
It is an attack that corresponds to theft or interception of data by capturing the network traffic using a sniffer
sniffing attack /
sniffer attack
Give the Trojan horse classifications.
Security software disabler
Remote-access
Data-sending
Destructive
Proxy
File Transfer Protocol (FTP)
denial-of-service (DOS)
A type of trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing.
security software disabler trojan
A type of trojan horse that is designed to destroy or delete files.
destructive trojan
A type of trojan horse that is a malware program that includes a back door for administrative control over the target computer.
remote-access trojan
A type of trojan horse that is usually downloaded invisibly with a user-requested program – such as a game – or sent as an email attachment.
remote-access trojan
A type of trojan horse that relays sensitive information back to its owner.
Data-sending trojan
This type of Trojan can be used to retrieve sensitive data, including credit card information, email addresses, passwords, instant messaging contact lists, log files and so on.
Data-sending trojan
A type of trojan horse that creates proxy servers out of infected computers for staging anonymous attacks.
proxy trojan
This trojan allows unauthorized parties to use the infected computer as a proxy server to anonymously access the Internet.
proxy trojan
A type of trojan horse that is designed to open port 21 and lets the attacker connect to your computer.
File Transfer Protocol (FTP) trojan
A type of trojan horse that involves sending numerous requests to the victim machine.
denial-of-service (DOS)
A computer worm observed on the Internet on July 15, 2001 and was the first large scale, mixed threat attack to successfully target enterprise networks.
Code Red
What are worm components for propagation?
- enabling vulnerability
- propagation mechanism
- payload
A software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system
Malware
What are the different types of malware?
- virus
- worm
- trojan horse
A type of malware that infects your computer and displays messages demanding a fee to be paid in order for your system to work again.
Ransomware
A type of malware that designed to enter your computer device, gather data about you, and forward it to a third-party without your consent.
spyware
A type of malware that displays unwanted advertisements on your computer.
Adware
A type of malware that tricks computer users into visiting malware-infested websites. These appear as legitimate warnings from antivirus software companies, and they claim your computer’s files have been infected.
Scareware
A form of denial-of-service attack in which an attacker rapidly initiates a connection to a server without finalizing the connection.
SYN flood
A distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.
Smurf attack
These are general knowledge gathering attacks.
Reconnaissance attacks
An attack that typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data.
Social engineering attack
It is an attack that involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file.
Social engineering attack
It is an attack that involves involves a human element, preventing these attacks can be tricky for enterprises.
Social engineering attack
Give Social Engineering attack.
Pretexting
Phishing
Spearphishing
Spam
Tailgating
Something for Something
Baiting
A type of social engineering attack that attempts to steal sensitive information by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online.
Spearphishing
A type of social engineering attack where the attacker promises an item or good used to entice victims.
baiting
A type of social engineering attack where the attacker comes up with a story in order to fool the victim.
Pretexting
A type of social engineering attack that uses physical media and relies on the curiosity or greed of the victim.
baiting
A type of social engineering attack where attackers disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging.
Spearphishing
A type of social engineering attack where it uses messaging systems to send an unsolicited message to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, or for any prohibited purpose.
spam
A type of social engineering attack where a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.
Tailgating
Give some Network Security Professionals
chief information officer (CIO)
chief information security officer (CISO)
Security operations (SecOps) manager
chief security officer (CSO)
Security Manager
Network security engineer
A network security professional which is the company executive responsible for the management, implementation, and usability of information and computer technologies.
chief information officer (CIO)
A network security professional which is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
chief information security officer (CISO)
A network security professional which is responsible for directing the activities of security personnel to ensure protection of an organization’s physical assets, properties, and resources.
Security operations (SecOps) manager
A network security professional which is the organization’s most senior executive accountable for the development and oversight of policies and programs intended for the mitigation and/or reduction of compliance, operational, strategic, financial and reputational security risk strategies relating to the protection of people, intellectual assets and tangible property.
chief security officer (CSO)
A network security professional which is responsible for monitoring the security operations for any organization or company.
Security Manager
A network security professional that implement security policies, regulations, rules, and norms and make sure that the environment in their organization is safe for employers and visitors.
Security Manager
A diverse group of researchers, software engineers, security analysts, and digital intelligence specialists working together to research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to improve the practice of cybersecurity.
CERT (Computer emergency response team)
The most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system - the Internet Storm Center.
SANS (SysAdmin, Audit, Network, and Security)
What are worm components of cryptography?
confidentiality
integrity
availability
A component of cryptography that uses encryption to encrypt and hide data.
confidentiality
A component of cryptography that assures data is accessible.
availability
A component of cryptography that uses hashing algorithms to ensure data is unaltered during operation.
integrity
Give at least four network security domains.
- Risk assessment
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Information systems acquisition, development, and maintenance
- Access control
- Information security incident management
- Business continuity management
- Compliance
A security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities.
Cisco Adaptive Security Appliance (ASA)
A technology that keeps an eye on a network for any malicious activities attempting to exploit a known vulnerability.
Intrusion Prevention System (IPS)
a.k.a. intrusion detection prevention system (IDPS)
It provides proactive threat defense that stops attacks before they spread through the network
Cisco Adaptive Security Appliance (ASA)
SecureX Product Families
- Server Edge and Branch
- Secure Data Center and Virtualization
- Secure Email and Web
- Secure Mobility
- Secure Access
Cisco SecureX Architecture
- Scanning engines
- Delivery mechanisms
- Security intelligence operations (SIO)
- Policy management consoles
- Next-generation endpoint
five parameters that defines security policies
- Type of device being used for access
- Person’s identity
- Application in use
- Location
- Time of access
A framework designed by Cisco to logically group functions that occur on a network.
Network Foundation Protection (NFP)
The framework combines a number of security techniques to secure routers and switches and ensure the availability of the network even when it is under attack.
Network Foundation Protection (NFP)
Three basic sections of Network Foundation Protection (NFP) Framework
control plane
management plane
data plane
A section of Network Foundation Protection (NFP) framework where the protocols and traffic that the network devices send between each other (without interaction from an administrator) for automatic network discovery and configuration are.
Control plane
A section of Network Foundation Protection (NFP) framework where the protocols and traffic that a network administrator uses to configure network devices from his computer are.
management plane
A section of Network Foundation Protection (NFP) framework where the end-user traffic is.
data plane