Principles of Cyber Security Flashcards

1
Q

DAC

A

Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DAC: DACL

A

DAC List
Tracks permissions against each object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DAC: Access Matrix

A

Combined DACLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DAC: Advantages

A

Easily Implementable
Highly Flexible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DAC: Disadvantages

A

Poor Scaling (Matrix Explosion)
Prone to Mistakes (Complex Policy Management)
Frequent Changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

MAC

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

MAC: Object Access Requirements

A

At least the specified clearance level
All need-to-knows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

MAC: Advantages

A

Most Secure
Easily Scalable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

MAC: Disadvantages

A

Not Flexible
Limited User Functionality
High Admin Overhead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RBAC

A

Role-based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RBAC: Role Hierarchies

A

Roles can inherit permissions from other roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RBAC: Constraints

A

Restricts roles:
- Mutually Exclusive Roles (Subject has only one role)
- Cardinality Restrictions (Constrain number of subjects assigned to role)
- Prerequisite Roles (Must hold specified role before assignment of new role)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RBAC: Consolidated

A

Combines Role Hierarchies and Constraints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RBAC: Advantages

A

Scalable
Flexible (Loose coupling of user and perms)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RBAC: Disadvantages

A

Roles need provisioning and maintenance
Possible rule explosion
Cannot accommodate real-time context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ABAC

A

Attribute-based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

ABAC: Subject Attributes

A

Identity and characteristics of a subject e.g. name, job title, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

ABAC: Object Attributes

A

Extracted from object metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

ABAC: Environment Attributes

A

Describe the current environmental context e.g. current malware threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ABAC: Advantages

A

Dynamic
Fine-grained
Considers the Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

ABAC: Disadvantages

A

Attributes need provisioning and maintenance
Possible Attribute Explosion
Complexity to Design and Implement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

CVE

A

Common Vulnerabilities and Exposures (CVE)

A weakness knowledge base that lists common identifiers for publicly known cybersecurity vulnerabilities.

Each entry contains
- CVE ID
- A brief description
- Any pertinent references i.e. vulnerability reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

NVD

A

National Vulnerability Database (NVD)

A weakness knowledge base informed by CVE and run by the U.S. government

NVD analyses CVEs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

CWE

A

Common Weakness Enumeration (CWE)

A weakness knowledge base. Community-developed list of common software weaknesses and vulnerabilities.

Acts as a baseline for weakness identification, prevention, and mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

CAPEC

A

An Attack Technique Knowledge Base

Describes common techniques employed by adversaries

Focuses on application security by enumerating exploits against vulnerable systems (including Social Engineering and Supply Chain Attacks)

CAPECxploits. Lists exploits of vulnerable systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

ATT&CK

A

An Attack Technique Knowledge Base

Describes phases in an adversary’s lifecycle and specific TTPs that APTs use.

Focuses on network defence by providing a contextual understanding of malicious behaviour. Focuses on adversaries interactions with the system, not the tools used

ATT&ACK
P
T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

TTP

A

Tactics, Techniques, and Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Cyber Essentials

A

A UK cybersecurity certification scheme designed to help businesses protect themselves against the most common cyber threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Cyber Essentials: Firewalls

A

Ensure only necessary network services can be accessed from the internet to reduce exposure to attacks

All inbound connections are blocked by default except those towards services meant to be accessed from the internet and every inbound rule that accepts connections must be motivated and documented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Cyber Essentials: Secure Configuration

A

Ensures devices are configured to reduce vulnerabilities and provide only strictly required services

All unnecessary software is removed/disabled, auto-run features are disabled, default/guessable passwords are changed

31
Q

Cyber Essentials: User Access Control

A

Ensures user accounts are only for authorised individuals and only provide access to required resources

Requires
- Setup of a process and approve a new user account
- Always authenticate users before granting access to applications and devices
- Remove/disable accounts when no longer required
- Use 2FA
- Use admin accounts only for admin activities

32
Q

Cyber Essentials: Malware Protection

A

Ensures untrusted software is restricted and known malware is restricted

Requires
- Anti-malware software that is up to date with daily checks. It should automatically scam when files are downloaded, opened, or accessed from a network folder. Web pages should be automatically scanned with blacklisting of malicious and suspicious websites
- Application whitelisting
- Application sandboxing for code of unknown origins

33
Q

Cyber Essentials: Patch Management

A

Ensures devices and software are not vulnerable to known security issues for which fixes are available

All software is updated, licensed and supported

34
Q

Additional Defences: Data Protection

A

Encrypt, fragment, backup, sanitise data to prevent data leaks

35
Q

Additional Defences: Segregation of Duties

A

Have more than one person required to complete a critical task. More accounts need to be compromised to undermine it

36
Q

Additional Defences: Network Fragmentation & Monitoring

A

Split up network infrastructure based on business process, necessary exposure and risk levels.

Firewalls used between boundaries

Use intrusion detection systems to observe network traffic and detect malicious traffic.
Signature or anomaly based
Machine learning helps with accuracy
Can suffer from false positives

37
Q

Additional Defences: Honeypots

A

Decoys to lure in attacks for analysis

High-Interaction Honeypots: Close mimic, extensive interaction & analysis
Low-Interaction Honeypots: Simulate a few services, reduces risk of compromise

38
Q

Additional Defences: Pentesting

A

Authorised attacks aimed at identifying how an attacker can compromise the system

39
Q

Additional Defences: Pentesting: PTES

A

Penetration Testing Execution Standard

Comprehensive framework for effective and consistent pentesting

40
Q

Additional Defences: Standards

A

Guide security principles

Efficient for driving adoption

Compliance-driven security risks shifting focus to meeting regulations rather than tackling security risks, giving a false sense of security

41
Q

APT: Lifecycle

A

Reconnaissance
Initial Compromise
Post-Exploitation (Repeated until goal accomplished)

42
Q

APT: Post-Exploitation: Persistence

A

Achieved through malware (backdoors, rootkits, remote access trojans (RATs), keyloggers) or stolen credentials (allowing maintained access if other vulnerabilities are patched)

43
Q

APT: Post-Exploitation: C&C Communication

A

Encrypt data using non-standard communication protocols or use innocent-looking traffic to hide malicious activity

44
Q

APT: Post-Exploitation: C&C Communication: Push Model

A

Attacker sends commands to C&C control hub which relays them to the compromised system

45
Q

APT: Post-Exploitation: C&C Communication: Pull Model

A

Attacker leaves commands at the hub, the compromised system periodically polls the hub, the machine leaves outputs at the hub and the attacker periodically polls the hub

46
Q

APT: Post-Exploitation: Lateral Spread

A

Seek new systems to compromise within the network via analysis of compromised machines (to gather credentials), network analysis (to find targets), and stealing credentials (using social engineering)

47
Q

APT: Post-Exploitation: Data Exfiltration

A

Exfiltrate sensitive information to an external system. Staging servers can accumulate and transform data to reduce data size and help avoid detection.

Faster transfer speeds risk detection

Data is hidden in other data using steganography, the practice of hiding information in other data

48
Q

Cryptography

A

The practice of secure communication in the presence of an adversarial third party

49
Q

Cryptography: Symmetric Encryption

A

The same key is used to encrypt and decrypt data.

Requires N(N-1)/2 keys

50
Q

Cryptography: Asymmetric Encryption

A

A sender encrypts data using the recipients public key and the recipient decrypts the data using their private key.

Requires N x 2 keys where N is the number of communicating nodes

51
Q

Cryptography: Digital Signature

A

Used to verify the authenticity and integrity of data. Generated by creating a hash of the data and encrypting the hash when transferring the data. The recipient can then decrypt the hash and the data and compare the received data’s hash with the received hash.

52
Q

Cryptography: Distributing Keys: Private Key Distribution: Public Key Encryption

A

To send a private key, asymmetric (public key) encryption. The recipient can send a public key used to encrypt the data.

Vulnerable to Man in the Middle Attacks where the adversary intercepts the public key from the recipient and sends it on their own to the sender.

53
Q

Cryptography: Distributing Keys: Private Key Distribution: Diffie-Hellman Symmetric Key Encryption

A

Two parties agree on public parameters including a large prime number and primitive root modulo.
Uses a property of modulus to send the keys
Susceptible to Man in the Middle Attacks

54
Q

Cryptography: Distributing Keys: Public Key Distribution

A

Recipient needs to know with certainty the sender’s public key to validate a digital signature or to encrypt messages so they can avoid man in the middle attacks

55
Q

Cryptography: Distributing Keys: Public Key Distribution: Digital Certificate

A

Consist of a public key and a user ID both signed by a trusted third party

56
Q

Cryptography: Distributing Keys: Public Key Distribution: Public Key Infrastructure

A

The infrastructure needed to create, manage, distribute and revoke digital certificates to enable secure and efficient acquisition of public keys

57
Q

Cryptography: Distributing Keys: Public Key Distribution: Public Key Infrastructure: CA

A

Certification Authority

Responsible for issuing, distributing, and revoking public key certificates. The CA uses a well-protected private key to add a digital signature to mark it as authentic. User’s have public keys for the CA’s digital signature built into operating systems

58
Q

Cryptography: Distributing Keys: Public Key Distribution: Public Key Infrastructure: RA

A

Registration Authority

The CA uses the RA to authenticate applicants for digital certificates

59
Q

Cryptography: Distributing Keys: Public Key Distribution: Public Key Infrastructure: PKI Repository

A

Stores all certificates

60
Q

Cryptography: Distributing Keys: Public Key Distribution: Public Key Infrastructure: PKI Repository: CRL

A

stores certificates revoked before the scheduled expiration date. It is not issued frequently enough to be effective against attackers. It is expensive to distribute and vulnerable to DoS attacks

Certificates can be revoked because of
- Compromised Private Key
- Expiration
- Human Resources
- Changes to Company Name, Physical Address, DNS

61
Q

Cryptography: Distributing Keys: Public Key Distribution: Public Key Infrastructure: X.509

A

A widely accepted standard format for digital certificates. Instead of CRL, the Online Certificate Status Protocol (OCSP) is used to query if the certificate is still valid

62
Q

Social Engineering

A

Use of psychological manipulation to deceive people into compromising security or divulging sensitive information

63
Q

Social Engineering: Compliance Principles

A

Reasons to comply

  • Friendships
  • Commitments / Consistency
  • Scarcity (Exclusive opportunity)
  • Reciprocity (Obligation to return a favour)
  • Social Validation (Admiration of other’s actions)
  • Authority (Requests from those with power)
64
Q

Social Engineering: Communication Methods

A
  • Direct Communication
  • Bidirectional Communication: Both target and attacker exchange information
  • Unidirectional Communication: Only attack communicates
  • Indirect Communication: Attacker uses third-party channels to communicate such as fake website
65
Q

Social Engineering: Techniques

A

Information Gathering: Gathering of personal information for malicious purposes, gathered from:
* Company Websites
* Social Networks
* Dumpster Diving
* Shoulder Surfing
Prevented by using shredders and educating employees on being aware of their social presence
Interaction with Target: Contacting the target to establish trust or instil fear
* Phishing: Fraudulent emails designed to trick recipients into divulging sensitive data
* Spear Phishing: Targeted phishing
* Whaling: Spear phishing of high-level individuals with access to company funds
* Vishing: Voice Phishing e.g. fraudulent bank call
* Smishing: SMS Phishing
Physical Impersonation: Attacker impersonates maintenance worker, delivery driver, etc.
Prevented by filtering emails by analysing links, spelling, grammar. Not downloading attachments. Not providing personal information. Education, be wary of demanding language
Tailgating: Attacker follows someone with legitimate access into a restricted area
Baiting: Attacker offers incentive such as a USB drive to entice the target into downloading malware

66
Q

Cyberwarfare: Appeal

A
  • Cost-Effective: Cheap, openly available tools instead of expensive troops and weapons
  • Anonymity: Use of false IP addresses, foreign servers, and aliases make tracing attack origins difficult
  • Attribution is Near Impossible: Attacker has plausible deniability, claiming their computer has been hacked
  • Cyber Deterrence: Retaliation against the wrong actor is unjust and could be a crime of war
  • No Casualties
  • Disruption over Destruction
  • Extremely Quick
  • Hard to Detect & Neutralise
  • Exploitable Vulnerabilities Increase as Technology Evolves
67
Q

Bitcoin: Wallet

A

Stores public/private keys required to access and manage funds

68
Q

Bitcoin: Addresses

A
  • Public keys generate addresses used to receive payment
  • One address per payment, so that the amount of information publicly available on a user is reduced
  • Provides pseudo-anonymity
69
Q

Bitcoin: Transaction: Inputs

A

References to previous transactions. Must not already be spent, tracked Unspent Transaction Outputs (UTXOs) against a wallet

70
Q

Bitcoin: Transaction: Outputs

A

Determine where bitcoins will be sent

71
Q

Bitcoin: Transaction: Digital Signature

A
  • Transactions are digitally signed to prove ownership and ensure integrity before being broadcast across the bitcoin network. Nodes then verify the digital signature and the funds required, the transaction is then included in blocks by miners.
  • Transaction blocks have a reference to the hash of the previous block. Changing any block would require updating all subsequent blocks
72
Q

Bitcoin: Advantages

A

Decentralised, trustless, pseudo-anonymity, immutable transaction history

73
Q

Bitcoin: Disadvantages

A

High transaction fees reduce profits and makes it less attractive to customers, slow transaction confirmation, not a stabilised currency, lack of regulations