Security Concepts - CyberSecurity Fundamentals Flashcards
- typically found in web applications.
- enable attackers to inject client-side scripts into web pages viewed by other users
Cross-site scripting (XSS)
- also known as one-click attack or session riding
- cause victims to run actions on already authenticated sessions
- is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts.
Cross-site request forgery (CSRF)
- type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid
Ransomware
- is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)
SQL Injection
- is any software intentionally designed to cause damage to a computer, server, client, or computer network
Malware (malicious software)
- is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication
Phishing
- is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other
man-in-the-middle
- is a malicious software that allows an unauthorized user to have privileged access to a computer and to restricted areas of its software. may contain a number of malicious tools such as keyloggers, banking credential stealers, password stealers, antivirus disablers, and bots for DDoS attacks
- design to go undetected
- can be installed in computer kernel
Rootkit
- in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled
denial-of-service attack (DoS attack)
- the incoming traffic flooding the victim originates from many different sources
distributed denial-of-service attack (DDoS attack)
- is a vulnerability that allows attackers to break out of a web server’s root directory and access other locations in the server’s file system
Path Traversal
- occurs when data written to a buffer also corrupts data values in memory addresses adjacent to the destination buffer due to insufficient bounds checking. This can occur when copying data from one buffer to another without first checking that the data fits within the destination buffer
Buffer Overflow
- is a type of malware that propagates by inserting a copy of itself into and becoming part of another program
- will not be active or able to spread until a user runs or opens the malicious host file or program
Virus
- replicate functional copies of themselves and can cause the same type of damage.
- standalone software and do not require a host program or human help to propagate
- attack vulnerability’s of the system
Worms
- It is a harmful piece of software that looks legitimate.
- do not reproduce by infecting other files nor do they self-replicate
- create backdoors to give malicious users access to the system
- cannot replicate itself and must be installed by user
Trojans
- Software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process
Adware
- Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer’s consent, or that asserts control over a device without the consumer’s knowledge.
Spyware
- convincing victims they are trusted authority
- the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Social Engineering
Type of Phishing with no target
Bulk Phishing
Type of Phishing with specific target
Spear Phishing
- Spear Phishing high profile target
- is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization,
Whaling
Type of Phishing the Clone Logos of Legit Service
Clone Phishing
NIST stands for
National Institute of Standards and Technology
- is a collection of industry standards and best practices to help organizations manage cybersecurity risk
NIST CyberSecurity Framework
- a potential danger to asset
Threat
- entity that takes advantage of vulnerability
Malicious Actor
- Path use by Malicious Actor
Threat Agent/Vector
Weakness in the system design, implementation, software or code or lack of a mechanism
Vulnerability
- vulnerabilities identifier
- is a list of publicly disclosed computer security flaws.
CVE - Common Vulnerabilities and Exposures
- refers to a piece of software, tool, technique or a process that takes advantage of a vulnerability
Exploit
- no one may even know vulnerability exist and it is exploited
Zero Day Exploit
- the probability of likelihood of the occurrence or realization of threat
risk
3 Elements of risk
Asset, threats, Vulnerabilities
- any item of economic value owned by individual or corporation
Asset
- non profit charitable organization that leads several industry wide initiatives to promote the security of applications and software
OWASP (Open Web Application Security Project)
- provides a standard set of definitions for different aspect of Cloud computing
NIST Definition of Cloud Computing
- Cloud computing model where you rent the insfrastructure
Infrastructure as a service (IaaS)
- Cloud computing model where you they provide everything except applications
Platform as a Service (PaaS)
- Cloud computing model where they provide the complete package solution
Software as a Service (SaaS)
- Cloud computing attacks occurs when the attacker can sniff traffic and intercept traffic to take over a legitimate connection to cloud
session hijacking
- cloud computing attacks tricks user to visit a phishing site and giving up a valid credential
DNS attack
- cloud computing attacks used to steal cookies that can use to gain access as an authenticated users to a cloud service
cross-site-scripting (xss)
- cloud computing attacks exploits vulnerable cloud-based applications that allow attacker to pass SQL commands
SQL injection
- cloud computing attack use to describe cross-site request forgery
session riding
- cloud computing attack when the attacker place himself in between communication path between two users
man-in-the-middle cryptographic
- cloud computing attack where attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud servr and then lauching side channel attack
side-channel attack
-cloud computing attack where it target weak authentication
authentication attack
- cloud computing attack where attacker can take advantage of API misconfiguration to modify delete append data in application or system in cloud environment
API attack
- One of the most popular IoT protocols supported by many consumer IoT devices. Takes advantage of the underlying security services provided by the IEEE 802.15.4 Mac layer.
Zigbee
-IoT protocols. Bluetooth protocols that is designed for enhanced battery life for IoT Devices
BLE (Bluetooth Low Energy)
IoT Bluetooth protocols. devices default to sleep and wake up only when needed. Support AES encryption
Bluetooth Smart
- IoT protocols. Support multicast, unicast and broadcast communication.
Z-wave
-IoT protocols. Allow IoT devices to communicate wirelessly and over the power lines.
INSTEON
-IoT protocols. A networking protocols designed specifically for IoT implementations.
LoRaWAN (Long-Range-Wide-Area-Network)
-IoT protocols. Still one of the most popular communications methods between IOT
WiFi
-IoT Protocols. Supports the use of IPV6 in the network constrained IoT implementation. Designed to support wireless internet connectivity at lower data rates
6LoWPAN (IPv6 over low power wireless personal area networks) and LRWPAN(Low rate wireless personal area networks)
IoT protocols. also a popular communications method for IoT Devices including connected cards, retail machines, sensors and others. 4G and 5G are used
Cellular Communications
- focuses on ensuring consistent and effective approach to the management of information security incidents including communication on security events and weakness
ISO/IEC 27002:2013 - Information security incident management
- is and adverse event that threatens business security and or disrupt services. Is related to loss of CIA (confidentiality, integrity and availability)
Cybersecurity Incident
- broad terms that describes situation in which security devices triggers alarm but there is no malicious activtiy on an actual attack taking place
False positive
- terms used to described a network intrusion devices inablitiy to detect true security events. in other words a malicious activity that is not detected by the security devices
False negative
- successful identifications of security attack or malicious event
True positive
- when intrusion detection devices identifies an activity acceptable behavior and activity that is actually acceptable
True negative
- when attacker evades the IPS box by sending fragmented packets
fragmentation
- when attacker uses techniques that use low bandwidth or very small number of packets in order to evade the system
low-bandwidth attacks
- using spoofed ip address or sources. as well as using intermediary system such as proxies to evade inspections
address spoofing/proxying
attackers may use polymorphic techniques to create unique attack patters
pattern change evasion
attacker can use encryption to hide their communication and information
Encryption
NIST Major phases of incident response
Preparation
Detection and analysis
Containment, eradication and recovery
Post-incident activity (postmortem)
Computer Security Incident Handling Guide
NIST SP 800-61 Revision 2
Is an industry standard maintained by the forum incident response and security teams (first) that is used by many PSIRT to convey information about the severity of vulnerabilities they disclose to their customers
CVSS (Common vulnerability scoring system)
Designed to protect confidentiality, integrity and availability of data within the confines of an organization
Information Security
The process of protecting information by preventing, detecting and responding to attacks
Cybersecurity
referred to as the knowledge about an existing or emerging threat to assets including networks and system
Threat Intelligence
An express language designed for sharing of cyberattack information
STIX (Structured Threat Information Expression)
An open transport mechanism that standardises the automated exchange of cyber-threat information
TAXII (Trusted Automated Exchange of Indicator Information)
A free standardised schema for specificaiton, capture, characterization and communications of events of stateful properties that are observable in the operational domain
CyBOX(Cyber Observable Expression)
An open framework for sharing threat intelligence in a machine-digestible format.
OpenIOC (Open indicators of compromise)
A language for command and control of cyber-defence technologies
Open Command and Control (OpenC2)
program used to combine two or more executables into single packaged program
wrappers
Similar to Winzip, War and tar programs because they compress file
packers
software designed to install malware payload on the victims system
droppers
a program to encrypt or obscure the code
crypters
an attack where an attackers tries to execute commands that he or she is not supposed to be able to execute on a system via a vulnerable application
command injection
Type of SQL Injection where attacker obtains the data by using the same channel that is used to inject the SQL code
In-Band SQL Injection
Type of SQL Injection where attackers retrieves data using different channel
Out-of Band SQL Injection
type of SQL injection where attackers does not make application display or transfer any data; rather the attacker is able to reconstruct the data
Blind SQL Injection
3 Components of CVSS
Base - Temporal - Environmental Group
