SecPlusP3 Flashcards
What are Industrial Control Systems (ICS)?
Monitor and control industrial processes
What are the two types of ICS?
Distributed Control Systems (DCS) and Programmable Logic Controllers (PLCs)
What are SCADA systems?
ICS designed for monitoring and controlling geographically dispersed industrial processes
What industries commonly use SCADA systems?
Electric power, water treatment, oil and gas
What is unauthorized access?
Manipulating system operations
What is a risk of malware attacks?
Disruptive attacks
Why is lack of updates a vulnerability?
Unpatched vulnerabilities
What are physical threats?
Damage to hardware or infrastructure
What are some ways to implement strong access controls?
Strong passwords, Two-factor authentication, Limited access to authorized personnel only
Why is it important to regularly update and patch systems?
To protect against known vulnerabilities
What are some measures to detect and prevent unauthorized access?
Use Firewall and Intrusion Detection Systems
Why is conducting regular security audits important?
To identify and address potential vulnerabilities through routine assessments
What is the purpose of employee training?
To train employees on security awareness and response to potential threats
What are embedded systems?
Specialized computing components designed for dedicated functions within larger devices
What is a Real-Time Operating System (RTOS)?
A system designed for real-time applications that process data without significant delays
What are some risks and vulnerabilities in embedded systems?
Hardware Failure
Software Bugs
Security Vulnerabilities
Outdated Systems
What are some key security strategies for embedded systems?
Network Segmentation
Wrappers (e.g., IPSec)
Firmware Code Control
Challenges in Patching
What are OTA updates?
Patches delivered and installed remotely
What are the objectives of the Security Infrastructure section?
3.2 - Apply security principles to secure enterprise architecture, 4.5 - Modify enterprise capabilities to enhance security
What does the Security Infrastructure encompass?
Hardware, software, networks, data, and policies
What are the different types of firewalls?
Web Application, Unified Threat Management, Next-generation
What are the functions of network appliances?
Load Balancing, Proxying
What is the purpose of Port Security?
Restricting and controlling network access
What is the basis of Port Security?
Media Access Control (MAC) addresses
What are the concepts related to Port Security?
802.1x and EAP
What technologies are used to secure network communications?
VPNs, IPSec, TLS
What is the objective of creating a secure backbone for communication?
To ensure secure communication
What is SD-WAN?
Software-Defined Wide Area Networks
What is SASE?
Secure Access Service Edge
What does SD-WAN optimize?
WAN connections with software-defined principles
What does SASE integrate?
Security and wide area networking
What are the infrastructure considerations for security?
Device placement, security zones, screen subnets, attack surfaces
What concerns and considerations are there for connectivity?
205
What are the different types of device attributes?
Active vs. passive, inline vs. taps or monitors
What are the two failure mode options for security devices?
Fail-open or fail-closed
How should infrastructure controls be selected?
Choosing controls aligned with network needs
What should be ensured for a robust security architecture?
Ensuring robust security architecture
What are ports?
Logical communication endpoints on a computer or server
What are the two classifications of ports?
Inbound and outbound
What are well-known ports and their range?
Assigned by IANA, range: 0-1023
What are registered ports and their range?
Vendor-specific, registered with IANA, range: 1024-49151
What is the range of dynamic and private ports?
49152-65535
What are temporary outbound connections typically used for?
Data exchange
Give an example of a protocol that uses port 443.
HTTPS
What should you memorize for each port?
Port number, default protocol, TCP or UDP support, basic description
Which protocol is typically associated with port 21?
FTP
Which protocols are typically associated with port 22?
SSH, SCP, SFTP
Which protocol is typically associated with port 23?
Telnet
Which protocol is typically associated with port 25?
SMTP
Which protocol is typically associated with port 53?
DNS
Which protocol is typically associated with port 69?
TFTP
What is the protocol used for port 80?
HTTP
What is the specific service associated with port 88?
Kerberos
Which protocol uses port 110?
POP3
Which protocol uses port 119?
NNTP
What is the abbreviation for Remote Procedure Call?
RPC
Which protocols use ports 137, 138, and 139?
NetBIOS
Which protocol uses port 143?
IMAP
What is a firewall?
Network security device or software that monitors and controls network traffic based on security rules
Why are firewalls important in cybersecurity?
Protects networks from unauthorized access and potential threats
What are some study tips for learning about firewalls?
Create flashcards with protocol, port, and connection details
Regularly test yourself to memorize ports and protocols
What is an advantage of Kernel Proxy Firewalls?
Minimal impact on network performance
Where are Kernel Proxy Firewalls typically placed?
Close to the system they protect
What is a characteristic of Next Generation Firewalls (NGFW)?
Application-aware
What is a capability of Next Generation Firewalls (NGFW)?
Conduct deep packet inspection
What method do Next Generation Firewalls (NGFW) use for intrusion detection?
Signature-based
What are the benefits of using a UTM Firewall?
Operate fast, full-stack traffic visibility, can integrate with other security products
What are the potential drawbacks of relying on a single vendor for firewall configurations?
Dependency and limitations on one product line
What functions does a UTM Firewall combine?
Firewall, intrusion prevention, antivirus, and more
What is a potential drawback of relying on a UTM Firewall?
UTMs are a single point of failure
What is the main focus of a Web Application Firewall (WAF)?
Inspecting HTTP traffic and preventing web application attacks
What are two common web application attacks that a WAF can prevent?
Cross-site scripting and SQL injections
What are the two possible placements for a WAF?
In-line (live attack prevention) and out of band (detection)
What layer does a Layer 4 Firewall operate at?
Transport layer
What is the purpose of a layer 7 firewall?
Inspect, filter, and control traffic based on content and data characteristics
What are access control lists (ACLs) used for?
Securing networks from unwanted traffic
Where are rule sets placed?
On firewalls, routers, and network infrastructure devices
What can be used to configure ACLs?
Web-based interface or text-based command line interface
What does the order of ACL rules specify?
Order of actions taken on traffic (top-down)
What happens when a matching rule is found in ACLs?
First matching rule is executed and no other ACLs are checked
Where should the most specific rules be placed in ACLs?
At the top
What should be done for devices that require a ‘deny all’ rule at the end?
Add a ‘deny all’ rule at the end
What actions taken by network devices should be logged?
Deny actions
What are ACL rules made up of?
Type of traffic, Source of traffic, Destination of traffic, Action to be taken against the traffic
What is a hardware-based firewall?
Dedicated network security device that filters and controls network traffic at the hardware level
What is a software-based firewall?
Firewall that runs as a software application on individual devices, such as workstations
How do firewalls ensure security?
By specifying permitted and denied actions through ACLs
What is the key difference between IDS and IPS?
IDS - Logs and alerts
IPS - Logs, alerts, and takes action
What are the three types of Intrusion Detection Systems (IDS)?
Network-based IDS (NIDS), Host-based IDS (HIDS), Wireless IDS (WIDS)
What does a Network-based IDS (NIDS) monitor?
Traffic coming in and out of a network
What does a Host-based IDS (HIDS) look at?
Suspicious network traffic going to or from a single endpoint
What does a Wireless IDS (WIDS) detect?
Attempts to cause a denial of service on a wireless network
What are the two types of detection algorithms used in IDS?
Signature-based and anomaly-based
What is the purpose of analyzing traffic based on defined signatures?
To recognize attacks based on previously identified attacks
What is pattern-matching used for in traffic analysis?
To identify specific patterns of steps
What are some examples of systems that use pattern-matching?
NIDS, WIDS
What is stateful-matching used for in traffic analysis?
To compare against a known system baseline
What is an Anomaly-based IDS?
Analyzes traffic and compares it to a normal baseline of traffic to determine whether a threat is occurring
What are the five types of Anomaly-based Detection Systems?
Statistical, Protocol, Traffic, Rule or Heuristic, Application-based
What is an Intrusion Prevention System (IPS)?
Logs, alerts, and takes action when it finds something suspicious or malicious
What does a Network Appliance refer to?
A dedicated hardware device with pre-installed software for specific networking services
What is the purpose of load balancers?
Distribute network/application traffic
Why are load balancers important?
Enhance server efficiency and prevent overload
What do load balancers ensure?
Redundancy and reliability
What do application delivery controllers offer?
Advanced functionality
Where are load balancers essential?
High-demand environments and high-traffic websites
What are the main functions of proxy servers?
Content caching, request filtering, login management, enhancing speed and reducing bandwidth usage, adding a security layer and enforcing policies
How do proxy servers protect against DDoS attacks?
By filtering and controlling incoming traffic
What are the main functions of sensors?
Monitoring, detecting, analyzing network traffic and data flow
What is the role of jump servers/jump box?
Secure gateways for system administrators to access devices in different security zones
How do jump servers help in incident response during cyber-attacks?
By speeding up the incident response process
What is port security?
Restricts device access based on MAC addresses
How does port security enhance network security?
Prevents unauthorized devices from connecting
What is a network switch?
Networking device that operates at Layer 2 of the OSI model
How do network switches make traffic switching decisions?
Using MAC addresses through transparent bridging
What is the purpose of a CAM table?
To remember connected devices based on MAC addresses
How does a network switch increase security?
By broadcasting traffic only to intended receivers
What is the purpose of Port Security Implementation?
Associate specific MAC addresses with interfaces to prevent unauthorized devices
What is a potential vulnerability of Port Security Implementation?
Susceptible to MAC spoofing attacks
What is the purpose of 802.1x Authentication?
Provides port-based authentication for wired and wireless networks
What are the three roles involved in 802.1x Authentication?
Supplicant, Authenticator, Authentication server
What protocols are utilized for actual authentication in 802.1x Authentication?
RADIUS or TACACS+
What is the difference between RADIUS and TACACS+?
RADIUS is cross-platform, while TACACS+ is Cisco proprietary
What are the advantages of using TACACS+?
Offers additional security and independently handles authentication, authorization, and accounting
What is the difference in protocol support between RADIUS and TACACS+?
TACACS+ supports all network protocols, whereas RADIUS lacks support for some
What is EAP?
A framework for various authentication methods
What is the authentication process used in EAP-MD5?
Challenge handshake authentication process
What is the one-way authentication process?
Doesn’t provide mutual authentication
What is EAP-TLS?
Uses public key infrastructure with a digital certificate installed on both client and server
What is EAP-TTLS?
Requires a digital certificate on the server, but not on the client
What is EAP-FAST?
Uses protected access credential for mutual authentication
What is PEAP?
Supports mutual authentication using server certificates
What are Active Directory databases used for?
To authenticate a password from the client
What is EAP-LEAP?
Cisco proprietary and limited to Cisco devices
What does integrating EAP with port security and 802.1X enhance?
Network security
What do VPNs do?
Extend private networks across public networks
What are the different types of VPN configurations?
Site-to-site, client-to-site, and clientless
What is a site-to-site VPN?
Connects two sites cost-effectively
What are the benefits of using a site-to-site VPN?
Replaces expensive leased lines
How does a site-to-site VPN work?
Utilizes a VPN tunnel over the public internet
What is the main advantage of a site-to-site VPN?
Encrypts and secures data between sites
What are the characteristics of a client-to-site VPN?
Connects a single host (e.g., laptop) to the central office
What is a common use case for a client-to-site VPN?
Ideal for remote user access to the central network
What are the configuration options for a client-to-site VPN?
Full tunnel and split tunnel configurations
What is a clientless VPN?
Uses a web browser to establish secure, remote-access VPN
How does a clientless VPN differ from other VPN types?
No need for dedicated software or hardware client
What protocols does CompTIA Security+ use for secure connections to websites?
HTTPS and TLS
What are the differences between a full tunnel VPN and a split tunnel VPN?
Full tunnel encrypts all network requests, split tunnel only encrypts specific requests
What are the advantages of using a full tunnel VPN?
Provides high security, limits access to local resources
When is a split tunnel VPN configuration suitable?
Remote access to central resources
What does split tunneling do?
Divides traffic, routing some through the VPN, some directly to the internet
Why is split tunneling recommended for better performance?
Enhances performance by bypassing VPN for non-central traffic
What is one drawback of using split tunneling?
Less secure; potential exposure to attackers
When should caution be exercised when using split tunneling?
Requires caution on untrusted networks
What is TLS?
Provides encryption and security for data in transit
What is TLS commonly used for in web browsers?
Secure connections (HTTPS)
What protocol does TLS use for secure connections between a client and a server?
Transmission Control Protocol (TCP)
What is DTLS?
A faster UDP-based alternative for secure connections
What does DTLS protect against in clientless VPN connections?
Eavesdropping
What is IPSec used for?
Provides confidentiality, integrity, authentication, and anti-replay protection
What are the five key steps in establishing an IPSec VPN?
Request to start IKE, Authentication (IKE Phase 1), Negotiation (IKE Phase 2), Data transfer, Tunnel termination
What are the two IPSec tunneling modes?
Transport Mode, Tunnel Mode
What is the purpose of tunneling mode in VPNs?
Encapsulates the entire packet
What are the benefits of using tunneling mode in VPNs?
Confidentiality for payload and header, authentication, integrity, encryption
What is the difference between AH and ESP in IPSec?
AH provides connectionless data integrity and data origin authentication, while ESP provides confidentiality, integrity, encryption, and replay protection
What are the considerations when choosing a VPN tunnel type?
Balance between security and performance, full tunnel for higher security but reduced local access, split tunnel for better performance but potentially lower security
What is the purpose of SD-WAN?
Efficiently routes traffic between remote sites, data centers, and cloud environments
What are the benefits of SD-WAN?
Increased agility, security, and efficiency for geographically distributed workforces
What type of architecture does SD-WAN have?
Software-based architecture with control extracted from underlying hardware
What transport services can be used with SD-WAN?
MPLS, Cellular, Microwave links, Broadband internet
How does SD-WAN handle traffic routing?
Utilizes centralized control function for intelligent traffic routing
What are the differences between traditional WANs and SD-WAN?
Traditional WANs vs. SD-WAN
Which enterprises can benefit from SD-WAN?
Enterprises with multiple branch offices moving towards cloud-based services
What does SASE stand for?
Secure Access Service Edge
What is the purpose of SASE?
Addresses challenges of securing and connecting users and data across distributed locations
What key technology does SASE utilize?
Software-defined networking (SDN)
What are some components of SASE?
Firewalls, VPNs, Zero-trust network access, Cloud Access Security Brokers (CASBs)
How is policy and management delivered in SASE?
Through a common set of policy and management platforms
Which cloud providers offer services aligned with SASE?
AWS, Azure, Google Cloud
What are some cloud services that offer secure, flexible, and global networking capabilities?
Google Cloud VPN
Why is understanding and implementing SD-WAN and SASE important for organizations?
Enhanced security and successful migration to cloud-based environments
What are some considerations for infrastructure when it comes to device placement?
Proper placement of routers, switches, and access points
What are security zones?
Isolate devices with similar security requirements
What are screened subnets?
Act as buffer zones between internal and external networks
What is the purpose of a screened subnet?
Hosts public-facing services, protecting core internal networks
What term is used for modern DMZ?
Screened subnet
What does the term ‘attack surface’ refer to?
Points where unauthorized access or data extraction can occur
How does a larger attack surface affect vulnerability risk?
Increases the risk of vulnerabilities
What can be done to reduce the attack surface?
Identify and mitigate vulnerabilities
What should be done regularly for network security?
Assess and minimize the attack surface
What factors should be considered when choosing connectivity methods?
Scalability, speed, security, and budget constraints
What are active devices?
Monitor and act on network traffic
What are passive devices?
Observe and report without altering traffic
What are inline devices?
Devices that are in the path of network traffic
What is the key principle of Least Privilege?
Users and systems should have only necessary access rights
What is the key principle of Defense in Depth?
Utilize multiple layers of security
What is the key principle of Risk-based Approach?
Prioritize controls based on potential risks and vulnerabilities
What is the key principle of Lifecycle Management?
Regularly review, update, and retire controls
What is the open design principle?
Ensure transparency and accountability through rigorous testing and scrutiny of controls.
What is the purpose of a gap analysis?
Identify discrepancies between current and desired security postures.
Why is benchmarking important in security?
Compare your organization’s processes and security metrics with industry best practices.
What is the purpose of conducting a cost-benefit analysis in security?
Evaluate the balance between desired security level and required resources.
Why is stakeholder involvement important in control selection?
Ensure controls align with business operations.
What is the importance of monitoring and feedback loops in control selection?
Continuously adapt to evolving threats.
Why should organizations regularly conduct risk assessments?
To assess threats and vulnerabilities specific to their organization.
What are some established frameworks for security?
NIST, ISO
Why is it important to customize framework controls?
To match your organization’s risk profile and business operations
Why is stakeholder engagement important?
To include all relevant decision-makers
Why is regular training important?
To keep the workforce updated on security controls and threats
What is the objective of Identity and Access Management (IAM) Solutions?
To ensure that the right individuals have the right access to the right resources for the right reasons.
What are the components of Identity and Access Management (IAM) Solutions?
Password Management, Network Access Control, Digital Identity Management.
What are the processes involved in IAM?
Identification, Authentication, Authorization, and Accounting (IAAA).
What is the purpose of Identification in IAM?
To claim identity, e.g., username, email address.
What is the purpose of Authentication in IAM?
To verify user, device, or system identity.
What is the purpose of Authorization in IAM?
To determine user permissions after authentication.
What is the purpose of Accounting in IAM?
To track and record user activities.
What are the IAM processes?
Provisioning, Deprovisioning, Identity Proofing, Interoperability, Attestation
What are the factors of multi-factor authentication (MFA)?
Something you know, Something you have, Something you are, Something you do, Somewhere you are
What are some implementations of MFA?
Biometrics, Hard tokens, Soft tokens, Security keys, Passkeys
What are some best practices for password security?
Password policies, Password managers, Passwordless authentication
What are the types of password attacks?
Spraying, Brute Force, Dictionary, Hybrid
What is Single Sign-On (SSO)?
User authentication service for multiple apps
What technologies are used in SSO?
LDAP, OAuth, SAML
What is Federation?
Sharing identities across systems or organizations
What is Privileged Access Management (PAM)?
JIT Permissions, Password Vaulting, Temporal Accounts
What are the access control models?
MAC, DAC, RBAC, RABC, ABAC
What is Identity and Access Management (IAM)?
Critical component of enterprise security for managing access to information
What does IAM ensure?
Right individuals have access to the right resources at the right times for the right reasons
What are the four main IAM processes?
Identification, Authentication, Authorization, and Accountability
What is authentication?
Verifying user identity
What are some methods of authentication?
Passwords, biometrics, multi-factor authentication
What is authorization?
Determining user permissions
What does role-based access control do?
Ensures users have appropriate access
What is the purpose of accounting/auditing?
Tracks and records user activities
What does accounting/auditing help detect?
Security incidents, vulnerabilities
What does accounting/auditing provide in case of breaches?
Evidence
What is provisioning in IAM?
Creating new user accounts, assigning permissions, providing system access
What is deprovisioning in IAM?
Removing access rights when no longer needed
What is identity proofing?
Verifying a user’s identity before creating their account
What is interoperability?
Systems working together and sharing information
What are examples of standards for interoperability in IAM?
SAML and OpenID Connect
What is attestation?
Validating user accounts and access rights
What is Multi-factor Authentication?
Security system requiring multiple methods of authentication
How does Multi-factor Authentication enhance security?
Creates a layered defense against unauthorized access
What are the five categories of authentication for MFA?
Something You Know, Something You Have, Something You Are, Somewhere You Are, Something You Do
What is a smart card?
Hardware token
What is a key fob?
Hardware token
What is meant by ‘something you are’ in authentication?
Inherence-Based Factor
What are examples of biometric characteristics used for authentication?
Fingerprints, Facial recognition, Voice recognition
What is meant by ‘somewhere you are’ in authentication?
Location-Based Factor
How is the user’s location determined for location-based authentication?
IP address, GPS, or network connection
What are geographical location restrictions?
Restrictions based on user’s location
What is behavior-based factor authentication?
Authenticating based on user behavior patterns
What are some examples of behavior-based factors?
Keystroke patterns, device interaction
What is single factor authentication?
Using one authentication factor
What is two-factor authentication?
Requiring two different authentication factors
What is multi-factor authentication?
Using two or more authentication factors
How many factors can be involved in MFA?
2, 3, 4, or 5 depending on configuration
What are knowledge-based factors?
Passwords and PINs
What is an alternative to traditional passwords for authentication?
Passkeys
How can password managers improve security?
Generate long, strong, and complex passwords
What are the benefits of fingerprint or facial recognition for authentication?
Secure and user-friendly
What is the purpose of passkeys?
Utilize public key cryptography
What does password security measure?
Effectiveness in resisting attacks
What does the Group Policy Editor in Windows allow you to do?
Create password policies
What is the importance of password length in password policies?
1
What does password complexity refer to?
1
Why should we avoid password reuse?
1
What is password expiration?
Users changing passwords after a specific period
What is password age?
Time a password has been in use
What are the features of password managers?
Password generation, auto-fill, secure sharing
What do password managers provide?
Secure methods to share passwords
What is a benefit of password managers?
Cross-platform access
What do password managers promote?
Password complexity, prevention of reuse, easy access to strong, unique passwords
What do passwordless authentication methods provide?
Higher security and better user experience
What is a brute force attack?
Tries every possible character combination until the correct password is found
What are some types of password attacks?
Brute force, Dictionary, Password spraying, Hybrid
How can brute force attacks be mitigated?
Increasing password complexity and length, Limiting login attempts
What is a dictionary attack?
Cracking passwords using a list of common passwords
How can dictionary attacks be mitigated?
Increase password complexity, limit login attempts, use multi-factor authentication
What is password spraying?
Trying a few common passwords against multiple usernames or accounts
How can password spraying be mitigated?
Use unique passwords, implement multi-factor authentication
What is a hybrid attack?
Combines brute force and dictionary attacks
What variations can be used in a hybrid attack?
Numbers or special characters added to passwords
What is the advantage of a hybrid attack over other methods?
Effective for discovering passwords following specific patterns
What is SSO?
Single Sign-On simplifies the user experience and enhances productivity.
How does SSO work?
User logs into primary Identity Provider (IdP) and accesses secondary application configured for SSO.
What are the benefits of SSO?
Improved user experience, increased productivity, reduced IT support costs, enhanced security.
What is the LDAP protocol used for?
Accessing and maintaining distributed directory information, central repository for authentication and authorization.
What is OAuth used for?
Token-based authentication and authorization without exposing passwords.
What is the purpose of using JSON Web Tokens (JWT) for data transfer?
Enhancing security and flexibility
What is the main benefit of using SAML?
Eliminates the need for services to authenticate users directly
What is federation in the context of identity management systems?
Links electronic identities and attributes across multiple systems
What does federation enable users to do across systems managed by different organizations?
Use the same credentials for login
What is the key component that ensures security in federation?
Trust relationships between networks
What is the purpose of redirection to the Identity Provider?
Authenticate the user
How does the Identity Provider validate the user’s identity?
Using stored credentials
What does the Identity Provider create after validating the user’s identity?
An assertion (token) in a standardized format
What does the Service Provider do after receiving the assertion from the Identity Provider?
Verifies the assertion and grants access
What are the benefits of using federated authentication?
Simplified user experience, reduced administrative overhead, increased security
What is the purpose of Privileged Access Management?
Preventing data breaches and ensuring least privileged access
What is Just-In-Time Permissions (JIT Permissions)?
Security model that grants administrative access only when needed
What is the purpose of password vaulting?
Securely storing and managing passwords
What is required for accessing stored passwords?
Multi-factor authentication
What does the system track for privileged credentials?
Access
What are temporal accounts?
Temporary accounts for time-limited access
What happens to temporal accounts after a predefined period?
Automatically disabled or deleted
What is mandatory access control (MAC)?
Uses security labels to authorize resource access
What does MAC require?
Assigning security labels to both users and resources
What is Discretionary Access Control (DAC)?
Resource owners specify which users can access their resources
What is Role-Based Access Control (RBAC)?
Assigns users to roles and assigns permissions to roles
What is Rule-Based Access Control?
Uses security rules or access control lists
What is Attribute-Based Access Control (ABAC)?
Considers various attributes like user’s name, role, organization ID, or security clearance
What are the environment attributes that affect access decisions?
Time of access, data location, and current organization’s threat level
What are the resource attributes that affect access decisions?
File creation date, resource owner, file name, and data sensitivity
What is the purpose of time-of-day restrictions?
Limits access based on specific time periods.
What is the Principle of Least Privilege?
Users are granted the minimum access required to perform their job functions.
What is the role of a Local Administration Account?
High level of access, allows administrator to change system settings, install softwares, and perform managerial tasks.
What is the role of a Standard User Account?
Can’t change system settings, can store files in their designated area only.
What is the principle of least privilege?
A user should only have the minimum access rights needed to perform their job.
What is a Microsoft Account?
Free online account to sign in to Microsoft services
What is User Account Control (UAC)?
Mechanism to authorize administrative actions
What is the purpose of UAC?
Minimize risk of users gaining administrative privileges
Can access control and permissions apply to groups of users?
Yes
How do you access file and folder permissions in Windows?
Right-click on a file or folder, select ‘Properties’, navigate to the ‘Security’ tab
What happens when you set permissions at the folder level?
The permissions are applied to all files within that folder
What is the importance of only giving out necessary permissions?
Ensure security and minimize risks
What are vulnerabilities?
Weaknesses or flaws in hardware, software, configurations, or processes
What are the consequences of vulnerabilities?
Unauthorized Access, Data Breaches, System Disruptions
What are attacks?
Deliberate actions by threat actors to exploit vulnerabilities
What forms can attacks take?
Unauthorized Access, Data Theft, Malware Infections, DoS Attacks, Social Engineering
What are some examples of hardware vulnerabilities?
Firmware, end-of-life systems, missing patches, misconfigurations
What is a recommended mitigation for hardware vulnerabilities?
Harden systems, patch, enforce baseline configurations, decommission old assets, isolation
What are some examples of Bluetooth vulnerabilities and attacks?
Bluesnarfing, Bluejacking, Bluebugging, Bluesmark, Blueborne
What are some examples of mobile vulnerabilities and attacks?
Sideload, Jailbreaking, Insecure connections
What is a recommended mitigation for mobile vulnerabilities and attacks?
Patch Management
What is mobile device management?
Managing and securing mobile devices
What is the purpose of preventing sideloading?
To prevent the installation of unauthorized apps
What is rooting?
Gaining administrative access to a mobile device
What are zero-day vulnerabilities?
Newly discovered and exploited vulnerabilities with no known defenses
What are the types of operating system vulnerabilities?
Unpatched systems, zero-days, misconfigurations
How can operating system vulnerabilities be protected?
Patching, configuration management, encryption, endpoint protection, firewalls, IPS, access controls
What are SQL injections?
Exploiting web app or database vulnerabilities
What is XML Injection?
Injects malicious scripts into XML data processing.
What are the targets of XML Injection?
XML data processing.
What are Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Attacks?
Injecting malicious scripts into web pages and triggering actions on different websites without user consent, respectively.
What is a buffer overflow?
Software vulnerability when more data is written to a memory buffer than it can hold.
What are race conditions?
Multiple processes or threads accessing shared resources simultaneously.
What are hardware vulnerabilities?
Security flaws in physical components or design
What are firmware vulnerabilities?
Software on hardware devices that can grant attackers control
What are vulnerabilities due to insecure development, outdated practices, and overlooked updates?
End-of-Life, Legacy, and Unsupported Systems
What is an end-of-life system?
No updates or support from the manufacturer
What is a legacy system?
Outdated and superseded by newer alternatives
What is an unsupported system?
No official support, security updates, or patches
What are the risks associated with unpatched systems?
Exposed to known exploits and attacks
What are hardware misconfigurations?
Incorrect device settings or options
What is hardening?
Tightening security measures
What are some strategies for hardening?
Closing unnecessary ports, disabling services, setting permissions
What is patching?
Regular updates to address vulnerabilities
What does patching address?
Known vulnerabilities in software, firmware, and applications
What is configuration enforcement?
Ensure devices adhere to secure configurations
What is decommissioning?
Retire end-of-life or legacy systems posing security risks
What is isolation?
Isolate vulnerable systems from the enterprise network
What is segmentation?
Divide the network into segments to limit the impact of breaches
What is Bluetooth?
Wireless technology for short-distance data exchange
What are some vulnerabilities of Bluetooth?
Insecure pairing
What is device spoofing?
Impersonating a device to trick a user
What are on-path attacks?
Intercepting and altering Bluetooth communications
What is bluejacking?
Sending unsolicited messages to a Bluetooth device
What is bluesnarfing?
Unauthorized access to a device to steal information
What is bluebugging?
Allows attackers to take control of a device’s Bluetooth functions
What is bluesmack?
Denial-of-service attack by overwhelming a device with data
What is BlueBorne?
Spreads through the air to infect devices without user interaction
What is the first best practice for secure Bluetooth usage?
Turn off Bluetooth when not in use.
What does setting devices to ‘non-discoverable’ mode by default help prevent?
Unsolicited connection attempts.
What should be done regularly to ensure Bluetooth security?
Update firmware.
What precaution should be taken when pairing Bluetooth devices?
Only pair with known and trusted devices.
What is one way to add security during the pairing process?
Use a unique PIN or passkey
Why should you be cautious of unsolicited connection requests?
To avoid accepting requests blindly
What does encryption do for sensitive data transfers?
Scrambles data to prevent unauthorized access
What is sideloading?
Installing apps from unofficial sources
What can sideloading introduce?
Malware
What should you do to mitigate sideloading risks?
Download apps from official sources with strict review processes
What is jailbreaking/rooting?
Giving users escalated privileges
What can jailbreaking/rooting expose devices to?
Potential security breaches
How does using open Wi-Fi networks or pairing with unknown devices over Bluetooth expose devices?
To attacks
How can you mitigate the risks of insecure connection methods?
Use cellular data for more secure connections and connect only to known devices
How can you minimize mobile vulnerabilities?
MDM solutions
What are the methods to secure a network?
Using long passwords, 802.1x authentication
What does MDM stand for?
Mobile Device Management
What does MDM do to minimize vulnerabilities?
Patching, configuration management, best practice enforcement, zero-day vulnerability detection
What are zero-day exploits?
Attacks that target previously unknown vulnerabilities
What is a zero-day?
Refer to the vulnerability, exploit, or malware that exploits the vulnerability
Why are zero-day exploits significant in the cybersecurity world?
They can be lucrative and are sold to government agencies, law enforcement, and criminals
Who can earn money by discovering zero-day vulnerabilities?
Bug bounty hunters
Why do threat actors save zero-days for high-value targets?
To increase the chances of successful attacks
What can an up-to-date antivirus detect?
Known vulnerabilities’ exploitation
Why do attackers exploit unpatched systems?
They have known vulnerabilities
How can unpatched system vulnerabilities be mitigated?
Regular system updates and patches
How can host-based intrusion prevention systems help with zero-day vulnerabilities?
Detect and block suspicious activities
How can misconfigurations occur?
Improperly configured system settings
What can be done to mitigate vulnerabilities due to misconfigurations?
Standardize and automate configuration processes
What is data exfiltration?
Unauthorized data transfers from an organization to an external location
How can data exfiltration be protected against?
Encryption for data at rest and endpoint
What can endpoint protection tools do?
Monitor and restrict unauthorized data transfers
What are malicious updates?
Updates that appear legitimate but contain malware or exploits
How can you verify the authenticity of updates?
By maintaining application allow lists and checking digital signatures and hashes
What is an injection attack?
Sending malicious data to a system for unintended consequences
What is the goal of SQL and XML injections?
To insert code into systems
What is SQL used for?
Interact with databases
What are the four main SQL actions?
Select, Insert, Delete, Update
What is the purpose of the SQL SELECT statement?
Read data from the database
What is the purpose of the SQL INSERT statement?
Write data into the database
What is the purpose of the SQL DELETE statement?
Remove data from the database
What is the purpose of the SQL UPDATE statement?
Overwrite some data in the database
What is an XML Bomb?
Consumes memory exponentially, acting like a denial-of-service attack
What is an XXE Attack?
Attempts to read local resources, like password hashes in the shadow file
How can you prevent XML vulnerabilities?
Implement proper input validation
What is Cross-Site Scripting (XSS)?
Injects a malicious script into a trusted site to compromise the site’s visitors
What is the goal of an XSS attack?
To have visitors run a malicious script bypassing normal security mechanisms
What are the four steps to an XSS attack?
- Identify input validation vulnerability
- Craft a URL for code injection
- Inject malicious code into trusted site
- Run malicious code in client’s browser
What are the functions of an XSS attack?
Defacing the trusted website, stealing user’s data, intercepting data or communications
What is Non-Persistent XSS?
A XSS attack that only occurs when launched and happens once
What is Persistent XSS?
Allows an attacker to insert code into a backend database
What is a server-side scripting attack?
Exploits the server to execute the attack
What is DOM XSS?
Exploits the client’s web browser to modify web page content
What is a client-side scripting attack?
Exploits the client’s device to execute the attack
What can a client-side scripting attack be used for?
To change the DOM environment
How does a client-side scripting attack run?
Using the logged in user’s privileges on the local system
What is session management?
Enables web applications to uniquely identify a user across actions and requests
What is a cookie?
A fundamental security component in modern web applications
What is a non-persistent cookie?
A session cookie that is deleted at the end of the session.
What is a persistent cookie?
A cookie that is stored in the browser cache until deleted or expired.
What is session hijacking?
A type of spoofing attack where the attacker disconnects a host.
What is session prediction?
Type of spoofing attack where the attacker attempts to predict the session token in order to hijack the session
How can session prediction attacks be prevented?
By using a non-predictable algorithm to generate session tokens
What is XSRF?
Malicious script used to exploit a session started on another site within the same web browser
How can XSRF attacks be prevented?
Use user-specific tokens in all form submissions and add randomness and additional information prompts when resetting passwords
Why is two-factor authentication important?
Increases security by adding an additional layer of verification.
What is required when changing a password?
Entering the current password.
How common is buffer overflow as an initial attack vector in data breaches?
85% of data breaches used buffer overflow.
What are buffers used for in programs?
Temporary storage areas for data
What happens when a buffer overflows?
Data spills into adjacent memory locations
What is the purpose of the stack in a program?
To store data during processing
How does an attacker exploit the stack?
By overwriting the return address with malicious code
What is the goal of a stack smashing attack?
Overwrite the return address with malicious code
How does a stack smashing attack work?
By modifying the return address
What can an attacker do once they have successfully modified the return address?
Execute remote code on the victim’s system
What are NOP instructions used for in a stack smashing attack?
To create a slide for the return address
How do NOP instructions help in a stack smashing attack?
Slide the return address down to the attacker’s code
What is Address Space Layout Randomization (ASLR)?
Randomizes memory addresses used by well-known programs to make it harder to predict the location of the attacker’s code.
What is a race condition?
Software vulnerabilities related to the order and timing of events in concurrent processes.
Why are race conditions exploitable?
Allows attackers to disrupt intended program behavior and gain unauthorized access.
What is dereferencing?
Removing the relationship between a pointer and the memory location it was pointing to
What causes vulnerabilities in race conditions?
Unexpected conflicts and synchronization issues
How do attackers exploit race conditions?
Timing their actions with vulnerable code execution
What can exploitation of race conditions lead to?
Unauthorized access, data manipulation, and system crashes
What is a real-world example of race condition exploitation?
Dirty COW Exploit
What types of race conditions exist?
Time-of-Check (TOC), Time-of-Use (TOU), Time-of-Evaluation (TOE)
What can be used to synchronize access to shared resources?
Locks and mutexes
What does a mutex do?
Acts as a gatekeeper to a section of code so that only one thread can be processed at a time
What is the purpose of locks and mutexes?
To ensure only one thread or process can access a specific section of code at a time
What should be done to prevent deadlocks when using locks?
Properly design and test locks
What is a deadlock?
Lock remains in place after process completes
What is the importance of understanding cyber threats?
First step to effective prevention and mitigation
What are the variants of DDoS attacks?
Denial of Service, Amplified DDoS, Reflected DDoS
What are the types of DNS attacks?
DNS Cache Poisoning, DNS Amplification, DNS Tunneling
What is domain hijacking?
Unauthorized takeover of a domain name
What is a DNS zone transfer?
A method of copying DNS records from a primary DNS server to a secondary DNS server
What are directory traversal attacks?
Exploiting insufficient security validation of user-supplied input file names
What is privilege escalation attack?
Exploiting system vulnerability to gain elevated access
What are replay attacks?
Malicious or fraudulent repeat/delay of a valid data transmission
What are malicious code injection attacks?
Introduction of harmful code into a program or system
What are indicators of compromise (IoC)?
Examples include account lockout, concurrent session usage, blocked content, etc.
What is a distributed denial of service (DDoS) attack?
Attack that tries to make resources unavailable
What is a denial of service (DoS) attack?
Attempt to make resources unavailable
What is a ping flood?
Overloading server with ICMP echo requests
What is a SYN flood?
Initiating multiple TCP sessions but not completing handshake
How can a ping flood be countered?
Blocking echo replies
What countermeasure can be used against flood attacks?
Flood guard
What is a Permanent Denial of Service (PDOS) Attack?
Exploits security flaws to break a networking device permanently by re-flashing its firmware
What is a Fork Bomb?
Creates a large number of processes, consuming processing power
What is a Distributed Denial of Service (DDoS) attack?
Malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic
What is a DNS amplification attack?
DDoS attack using DNS requests to flood a website
How do black hole/sinkhole solutions work against DDoS attacks?
Routes attacking IP traffic to a non-existent server
What is the benefit of using specialized cloud service providers for DDoS protection?
Web application filtering, content distribution, robust network defenses
What is the role of DNS in the internet?
Translating human-friendly domain names
What is DNS cache poisoning?
Corrupts cache with false information
How can DNS cache poisoning be mitigated?
Use DNSSEC, secure network configurations and firewalls