Test 2 Flashcards
What is Operation Security?
Operational Security (OPSEC) is a systematic and iterative process designed to identify, control, and protect sensitive information that could be exploited by adversaries.
Who coined the term operations security?
The United States military during the Vietnam War
What are the 5 steps of the Operation Security Process?
Critical Information
Identifying Threats
Assessing Vulnerabilities
Risk Analysis
Developing Countermeasures
What is Critical Information
To identify our most critical information assets. What data would be particularly harmful to the organization if an adversary obtained it. This includes intellectual property, employees’ or customers’ personally identifiable information, financial statements, credit card data, and product research.
What is Identifying Threats?
To identify who is a threat to the organization’s critical information. There may be numerous adversaries who target different information, and companies must consider any competitors or hackers who might target the data.
What is Assessing Vulnerabilities
The organization examines potential weaknesses among the safeguards in place to protect critical information and identifies which ones leave it vulnerable. This step includes finding any potential lapses in physical and electronic processes designed to protect against the predetermined threats or areas where a lack of security awareness training leaves information open to attack.
What is Risk Analysis?
To determine the threat level associated with each of the identified vulnerabilities. Companies rank the risks according to factors such as the chances a specific attack will occur and how damaging such an attack would be to operations. The higher the risk, the more pressing is the need to implement risk management
What is Developing Countermeasures?
Once we have discovered what risks to our critical information might be present, we would then put measures in place to mitigate them. Such measures are referred to in operations security as countermeasures. In order to do the bare minimum, we need only to mitigate either the threat or the vulnerability.
Haas Law of Operation Security
- If you don’t know the threat, how do you know what to protect?
- If you don’t know what to protect, how do you know you’re protecting it?
- If you are not protecting it, the dragon wins.
What is Human Error?
We can expect people to behave in unexpected or unusual ways, whether innocently, through ignorance, or maliciously. Whatever the case, providing security for this area can be a challenge.
What are Strategies to Tackle Human Errors
Education and Awareness
Principle of Least Privilege
Monitoring
List the 5 Core Components of Security Awareness (d)
Protecting data
Passwords
Social Engineering
Personal Equipment Usage
Clean Desk Policy
What are the six principles of social influence?
Reciprocity
Commitment
Social Proof
Authority
Liking
Scarcity
What is:
1. Reciprocity
2. Commitment
3. Social Proof
4. Authority
5. Liking
6. Scarcity
- Hackers woo their targets with “helpful” advice or information about products and deals, or by sending them small gifts to gain their trust.
- Hackers sometimes will trick victims into thinking they signed up for a service or subscription, and coerce them into making good on their “commitment” with payment and login details.
- People will follow what they see other people are doing whether it’s a trusted figure using the same product, or standing in line with everyone else even if there isn’t a sign to do so.
- People will follow orders from authority figures with less discretion than orders from their peers. This is why hackers will often pose themselves as managers or bosses when gaining access
- Similar to deferring to authority, people will generally follow orders from people they like. Hackers rely on this by spoofing as friends or family members or establishing a rapport with their target before making an attack.
- If something is rare or limited, then it becomes more desirable or urgent. This is why many ransomware attacks and phishing emails will have timers attached to them, disorienting the victims and making them panic.
What are the 5 Social Engineering Techniques (almost malware)
Phishing:
Phishing involves the use of fraudulent emails, messages, or websites that appear to be from a trustworthy source to trick individuals into providing sensitive information, such as login credentials or financial details.
Water holing (reverse honey pot):
In a watering hole attack, attackers compromise websites that the targeted individuals or groups are known to visit regularly. By infecting these legitimate websites with malware, attackers exploit the trust users have in those sites to deliver malicious content to their systems.
Baiting:
Baiting involves offering something enticing, such as a free software download or USB drive, to lure individuals into taking actions that could compromise their security. For example, an attacker might leave infected USB drives in a public place, relying on someone to pick it up and use it on their computer.
Pretexting:
Pretexting involves creating a fabricated scenario or pretext to manipulate individuals into divulging sensitive information. This may include posing as a trusted entity or using a false identity to gain someone’s trust and extract information.
Tailgating:
Also known as piggybacking, tailgating occurs when an unauthorized person follows an authorized individual into a restricted area. This technique exploits the natural tendency of people to hold doors open for others or not to question someone who appears to be entering a secure area legitimately.
What are choke points?
They funnel network traffic through certain points where we can inspect, filter, and control the traffic.
What is Redundancy
Backups
What are the 2 types of Network Attacks?
(like a game abilities)
Active:
An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en-route to the target. There are several different types of active attacks. However, in all cases, the threat actor takes some sort of action on the data in the system or the devices the data resides on. Attackers may attempt to insert data into the system or change or control data that is already in the system.
Passive:
A passive attack is characterized by the interception of messages without modification. There is no change to the network data or systems. The message itself may be read or its occurrence may simply be logged.
DoS VS DDoS
Denial-of-service (DoS): floods a server with traffic, making a website or resource unavailable.
Distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
Both types of attacks overload a server or web application with the goal of interrupting services.
What are some Network Security Devices and Tools
Access control
Antivirus and anti-malware software
Application security
Data loss prevention
Distributed denial of service prevention
Email security
Firewalls.
Mobile device security
Web security
VPNs
List the 3 types of Intrusion detection systems or IDSes
HIDes
NIDSes
Hybrid IDS
Honeypots
A honeypot can detect, monitor, and sometimes tamper with the activities of an attacker. Honeypots are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker. One of the interesting things about honeypots is that the vulnerabilities or data that is left out to bait the attacker is entirely false. In reality, honeypots are configured to display these items so that we can catch the attackers and monitor what they are doing on the system without their knowledge.