Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Enterprise Cyber Security > Week 5 > Flashcards

Week 5 Flashcards

1
Q

What is the motivation for Common Attack Pattern Enumeration and Classification?

A

To better understand adversaries. Attackers versus enterprises: attackers are better at sharing information and identifying problems in the systems. Enterprises don’t reveal their security problems because of legal, protect themselves from competitors.

CAPEC aims to standardise the language and improve communication between enterprises. CAPEC is not a modelling technique. It is a catalogue and does not prioritise attacks. It is largely technically focused.

(see http://capec.mitre.org)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the MITRE Corporation do?

A

Advocates attack patterns to help organisations. It’s a blueprint to discuss specific types of attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are 3 classifications of attack patterns?

A

1) architecture - protocols and processes
2) artefact - specifics of the system
3) external

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is STRIDE?

A
  • It’s a framework for thinking, discussing and classifying threats.
  • Designed to get software developers to consider common threats when designing and implementing software.
  • It supports software development.
  • Not a modelling technique.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does STRIDE stand for?

A

1) Spoofing : when an attacked masquerades as something it’s not itself.
2) Tampering: attack that modifies some data
3) Repudiation: refers to rejection of responsibility of actions. e.g. purchasing a movie on Sky box movies. It’s important for the enterprise that the individual accepts responsibility that they purchased the movie.
4) Information disclosure: information has been disclosed to some party it shouldn’t be disclosed to.
5) Denial of Service: consuming resources to the detriment of others, e.g. hit the system with zombies.
6) Elevation of privileges: an entity executing at a level that it’s not permitted to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are attack trees used for?

A

Modelling adversary behaviour. Can be considered a formal approach of organising and discussing threats to enterprises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the benefits of attack trees?

A

They reveal what is crucial to consider rather than what’s perceived to be important.
Acts as documentation for systems.
You can construct numerous attack trees from different perspectives, eg cost, whether it’s intrusive/not.
You can create a library of attack trees that can be used in various instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the concerns of attack trees?

A

Sometimes can be incomplete around unknown attacks. They should be supported with research, investigation and peer-review.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the root of the attack tree?

A

The base of the attack and the motivation of the attack. We want to consider all of the branches which can achieve the motivation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are sub-goals?

A

We decompose goals (i.e. the root of the attack tree) into subgoals. It’s basically ways that attackers can achieve their motivation. Subgoals can be decomposed further and further.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What logic do attack trees use?

A

Attack trees can be “AND” or “OR” gates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What labels can he give attack trees?

A

Possible/impossible, based on our research. In this case, possible/impossible are just examples of perspectives. Another perspective could be intrusive or non-intrusive attack.
We can use the relevant AND/OR logic in the attack tree to see whether the adversary’s goal can be achieved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a kill chain?

A

It is a military concept to determine the anatomy of the attack and anticipate a future attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the phases of cyber kill chain approach?

A

-Generally from external attacks

1) reconnaissance: attack identifies targets/enterprise vulnerabilities to focus on, e.g via social media.
2) weaponisation - potentially insert malware or deactivate controls within the organisation.
3) delivery - delivering the malicious piece of software into the organisation to exploit the organisation. How are they going to do this?
4) exploitation - exploiting the vulnerability in the system. eg target entry level non-technical staff (HR) and propagate through the network.
5) installation - install more tools and software to gain greater control in the organisation and propagate across the network.
6) command and control (C2) - got control over a system and propagate.
7) action on objectives - get the info out of the organisation and profit on the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are Hutchins et al. 5 defensive steps?

A

1) Detect attackers exploring the network or accessing systems
2) Deny any attempt to tamper with data
3) Disrupt any outbound transfer of data
4) Degrade the impact on the organisation
5) Deceive the attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Course of Action (CoA) matrix?

A

It is the phases of cyber kill chain X Hutchins et al 5 defensive steps.

17
Q

What are ways that an attacker can deliver the malware?

A

Phishing
Spear-phishing
Malvertisement
Traffic disruption system.

18
Q

What is an insider?

A

A trusted individual that exploits/intends to exploit access and/or knowledge of enterprise assets for unauthorised purposes.

19
Q

What are common malicious insider actions?

A

privilege abuse
mishandling of data
use of non-approved hardware
privilege possession

20
Q

What are common non-malicious insider actions?

A 
Phishing
Poor passwords
Devices not properly secured
sharing passwords
networks not properly secured
21
Q

What are the types of insiders?

A

malicious
compromised insiders
careless insiders

22
Q

Where do insiders come from?

A
  • often disgruntled employees
23
Q

What is the Fraud Triangle?

A

3 aspects that motivate insiders

1) Motivation - what’s the motivation for an employee to become an insider?
2) Opportunity
3) Rationalisation - insiders justify their actions.

24
Q

What are the goals of insiders?

A 
fraud
sabotage
theft
mistakes
(the list goes on, but these are the most common)
25
Q

What are some common insider attacks?

A

privilege escalation - either horizontal or vertical
exfiltration attacks - transfer the assets outside the perimeter of the enterprise so you can gain from them
phishing

26
Q

What is the Saxena Cyber Kill Chain Model and what are the phases?

A

Adapts the original cyber kill chain model to focus on insiders.
Phases are:
Tipping: revealing where an insider is formed.
Reconnaissance: the insider will way to identify valuable data or assets to the enterprise. They may also reveal important roles, project names or sensitive relationships to outsiders.
Exploitation: targeting the weaknesses of the organisation. Insiders could potentially use tools.
Acquisition: tools that are used every day can be used to acquire assets
Exfiltration: get info out of the organisation and into the hands of the attacker.

Enterprise Cyber Security (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions