Week 2- assets, vulnerabilities, threats and attacks. Flashcards
What are assets?
things we own that are of value.
What is a critical asset?
an asset that without a person or organisation cannot function.
how many types of assets are there?
2, tangible - something you can touch, see or experience. Software is considered tangible.
intangible - information, intellectual property, personal, corporative or professional reputation.
what are vulnerabilities?
weaknesses in an asset that allow hostile actors to gain unauthorised access.
What are the types of vulnerabilities?
Technological vulnerabilities - weak design, implementation and configuration of tech components. Example, internet facing ports left open.
organisational vulnerabilities - related to people processes and procedures.
Explain the window of vulnerability
vulnerabilities in themselves are not a problem but cause a potential threat. The time between attackers discovering the vulnerability and applying fixes becomes a race between attacker and the time vulnerabilities are eliminated. Thus the window of vulnerability.
What is Common Vulnerabilities and Exposure (CVE)?
A database hosted by MITRE corp which contains identifiers for publicly disclosed vulnerabilities. Each vulnerability has its own unique identifier
Who is MITRE?
founded in 1958 to support the US air forces SAGE project that pioneered everyday computers and networking tech. MITRE manages civil and government projects.
what are threats?
a potential cause of damage to an asset utilising vulnerabilities.
what are attacks?
any form of unauthorised access affecting the confidentiality, integrity or availability (CIA) of an asset.
Passive, active, targeted or untargeted attacks, what are they?
a passive attack is an attempt to learn, understand or make use of information without directly impacting the state of a system resource.
an active attack is an attempt to make changes to a system by stealing or destroying data ot by impacting operations such as DoS attack.
a targeted attack is when an attacker aims at a specific organisation as they have interests.
an untargeted attack is indiscriminate.
What are attack vectors?
a way for an attacker to enter a network or system
What is Phishing?
emails and personal message sent with the intention of eliciting personal information that can be used to gain access to a system.
What is Ransomware?
malicious software that encrypts data and demands a ransom before access is restored (WannaCry is an example)
What are Third-party vendors and business partners?
when a organisation outsources part of their system to other organisation exposing themselves to risk because of the other organisation cyber security policies (Target hack)
What does compromised credentials mean?
Stolen login details and weak passwords or other authenticator.
Whats misconfiguration?
improper set up, such as keeping manufacture username and passwords.
What are unpatched vulnerabilities?
errors in software create vulnerabilities that can be exploited as long as these bugs are not patched. WannaCry took exploited an unpatched vulnerability in a certain version of Microsoft.
No or inadequate encryption means?
data is vulnerable if it is not encrypted or has weak encryption.
What was the WannaCry hack in 2017?
a ransomware program that targeted obsolete versions of microsoft. If it did not impact directly, then it indirectly caused computers to be taken offline. It is an example of an active untargeted attack .
what is an attack surface?
The sum of all the vulnerabilities in a system through which an attack could be made.
digital attack surface?
attacks made possible through technological vulnerabilities such as operating systems, apps and connections
physical attack surface?
when the attacker is within the same location and can attack through physical access to devices or servers.
social engineering attack surface?
attacks made possible through exploiting human behaviour.
what is attack surface analysis?
a cyber security strategy , discover and reduce attack surfaces by identifying vulnerabilities and identifies relevant solution.
What is an Advanced Persistent Threat (APT)?
a form of attack that uses multiple attack vectors over a prolonged. they require a lot of investment in time and money and are usually targeted at high value systems such as government and major corps. Unless targeted at a smaller subcontractor of a larger company.
What is a cyber kill chain?
originally 7 steps, adapted by NCSC into 4 steps, allowing security teams to recognise, intercept or prevent them.
What does MITRE ATT&CK stand for?
adversarial tactics, techniques and common knowledge (2013).
