Section 3: Introduction to Network Security Flashcards
Define ‘asset’
A person, device, location, or information that SecOps aims to protect from attack
Define ‘attack’
An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset
Define ‘risk’
The potential of a threat to exploit a vulnerability via an attack
Define ‘SecOps’
The abbreviation for IT security operations; a discipline within IT responsible for protecting assets by reducing the risk of an attack.
Define ‘threat’
Something or someone that can exploit a vulnerability to attack an asset
Define ‘vulnerability’
A weakness in software, hardware, facilities, or humans that can be exploited by a threat
What are some common security vulnerabilities?
Zero-day, personal devices on a network, weak or default passwords, poor physical security measures, and advanced persistent threats
Describe the vulnerability ‘advanced persistent threats’
Malware that lays dormant for long enough to infect as many devices as possible.
Describe ‘zero-day’ threats
threats that may have been discovered but patches against them have not been released to the public
What are some examples of attacker types?
Script kiddies, nation states, insider threats, hackers; black, white, and gray hats, teams; blue, red, purple, and white, vulnerability testers
What is an example of an ‘ethical’ hacker?
- blue, red, and purple teams
- White hat
- vulnerability testers
Describe some types of security threats
Wire tapping, buffer overflow, DOS and DDOS (smurfing), Social engineering, spoofing, SQL injections, port scanning
What’s easier than hacking a computer?
hacking a human
Describe the sequence of events in denial-of-service attack
Attacker floods a computer with ICMP’s of packets forged with false addresses, which then forces the victims computer to respond to these pings to made up addresses, crashing the victims computer.
What is the difference between DOS and DDOS?
DDOS marks the victims computer as a sender, and employs multiple computers in a network to flood the victims computer with ICMP packets
Describe spoofing
Spoofing is when a hacker inserts themselves in a network and pretends to be a sender and receiver. The victim send info to the the hacker pretending to be the receiver, which the hacker forwards to the legit receiver. Then the hacker pretends to be the sender, and receives the info from the legit sender
Describe an SQL injection
the hacker adds an sql query to an input designed for a user to search a database. The query then return sensitive information normally outside of an everyday users access
Describe port scanning
Hacker scans a computer for open ports. After identifying the open ports, the hacker can then look for exploits to the connecting site or application
Describe wire-tapping
a hacker uses a packet sniffer to monitor network traffic
What is one of the largest jobs in SecOps?
managing the risks of attacks and acting both proactively to prevent or mitigate the damage and reactively to stop the attack
What is an aspect of in-depth security?
Using multiple layers of security in an overlapping manner to create rings of protection
Define CIA in InfoSec
Confidentiality, Integrity, and Availability. A model used to balance protecting sensitive data while granting access to authorized users.
Explain confidentiality in the CIA model
Privacy of data. Characteristics include; ensuring only the intended recipient of the information can access it, following a need-to-know policy, reducing exposure by destroying copies of information that is no longer needed.
Explain integrity in CIA
Identifies the trustworthiness of the information. “Is it possible to identify where the information has come from, and if the data has changed since it was originally sent”.
Explain availability in CIA
Ensures data is accessible to authorized users.
