P1L1 Flashcards

1
Q

when do we worry about security

A

when there’s something of value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is the threat source?

A

Cyber-criminals who are in it for the money, to profit from the data that they can steal.
Hacktivists have some sort of an agenda.
Nation-states

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If they are able to take control of your account

A

a compromise of your account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

If able to do it more broadly to a system

A

a security breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

an attack

A

a successful exploitation of vulnerability by a threat source, resulting in this system that has been compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerabilities

A

zero day

the threat actor who actually discovers it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An example of vulnerability

A

The lock that we put is actually only protecting the wheel. It’s not protecting the entire bike

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Target store breach

A

an HVAC contractor -> phishing attacks -> access to Target’s network. They are after credit card data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can that be done?

A

Make sure that crime doesn’t pay. Making threats go away is a nice idea, but it hasn’t really been all that effective.
Reduce vulnerabilities, but we’re never going to have zero vulnerabilities
Securing or protecting access to information: data sensitive, integrity, and availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What should we do?

A

Prevention: keeping the bad guys out of our systems. we don’t have good systems to detect malicious activities.
Response: we need to recover from whatever that has happened.
Remediation: make sure that the same attack should not happen again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Economy of mechanism

A

avoid complexity. Keep it simple keep it small.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fail-safe defaults

A

Default should be denied and fail safety fault is that the thing is protected. Access is controlled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

security by obscurity

A

don’t believe that you can get security by obscurity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

least privilege

A

You should only have privileges for resources that you absolutely need, and nothing more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Weak link when it comes to security

A

people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What security weakness of Stuxnet (Iran’s nuclear plant incident)

A

It was an isolated network, so the only way you can breach the air gap is through a humans helping you do that.