Cyber Security Flashcards
(121 cards)
1
Q
What is the cyber security triad?
A
Confidentiality, integrity, availability
2
Q
What is integrity?
A
Guarding against improper information modification/destruction
3
Q
What are the integrity-related concepts?
A
Authenticity & accountability
4
Q
What 4 steps of cyber attack countermeasures are there?
A
Detection, prevention, mitigation, recovery
5
Q
What is a checksum?
A
A function that maps file contents to a numerical value
6
Q
List the 5 main cyber attackers
A
Cybercriminals, nation states, hacktivists, insider threats, script kiddies/noobs
7
Q
What is the relation between an instigator and a perpetrator?
A
A perpetrator can be hired/bribed by an instigator
8
Q
What are 3 potential motivations of Nation States?
A
Garner high quality intelligence
Sabotage critical infrastructures
Subversion e.g. political elections
9
Q
What are 3 potential attacks hacktivists may perform?
A
Web defacements
Data breaches (to prove beliefs)
DDoS
10
Q
List the stages of the Kill-Chain model
A
Reconnaissance, weaponisation, delivery, exploitation, installation, command & control, actions on objectives
11
Q
What is the difference between exploitation & installation?
A
Exploitation: execution of payload to exploit vulnerability
Installation: ensurance of payload persistence within the target
12
Q
What 8 cyber attacks are there?
A
Cryptojacking
Data breaches
DDoS
Influence campaigns
Money theft
Personal document ransom
Supply chain attacks
Web defacements
13
Q
What 3 types of money theft attacks are there and what do they involve?
A
Banking trojan horse: seemingly legitimate software captures credentials
Cyber banking fraud: attacks launched from compromised machines to transfer stolen funds
BEC (Business Email Compomise)/Whaling: attacker requests large money transfer pretending to be CEO
14
Q
What 4 steps are there in personal document ransom / ransomware?
A
1) Attacker sends email with attachment user is lured to open
2) Attachment either prompts user to execute a macro or lanuches powershell to download & execute final payload
3) Ransomware encrypts specific file types
4) Files can only be decrypted by paying a ransom
15
Q
What is cryptojacking?
A
The practice of hijacking computer resources to mine cryptocurrency
16
Q
What 3 things could happen to stolen data in data breaches?
A
Public disclosure
Private intelligence
Sold on the black market
17
Q
What is a supply chain attack?
A
Where the adversary compromises the weakest link in the supply chain to reach the target from there
18
Q
What is Social Engineering?
A
A technique to either pschologically manipulate people into performing an action or gather information left around by people
19
Q
What 3 ways is information gathered in Social Engineering?
A
Via the web (company website / social media)
Dumpster diving
Shoulder surfing
20
Q
What 4 ways may an adversary interact with the target in Social Engineering?
A
Phishing: sending emails incl. spear phishing (specific individual/organisation) & whaling (high-profile)
Vishing: using video calls
Smishing: using SMS (text)
Physical impersonation
21
Q
What is baiting in Social Engineering?
A
A real-world trojan horse e.g. infected removable media, gift with wiretap
22
Q
What 5 essential defences are there in corporate security?
A
Firewalls
User access control
Malware protection
Patch management
Secure configuration
Ineffective against advanced attacks e.g. SE
23
Q
Firewalls
A
Sit at the edge of a network
Blocks all incoming traffic by default, inspects each packet passing through, accepts packets that satisfy rules
Allows all outbound traffic.
24
Q
The 3 steps of secure configuration
A
Unnecessary software removed
Auto-run features disables
Default password changed
25
User access control
Ensure user accounts are only assigned to authorised individuals
1) Authenticate before granting access
2) Remove accounts when no longer required
3) Use two-factor authentication
26
What are the 2 requirements of malware protection?
Anti-malware software
Application whitelisting
27
(Security update) / (patch) management
Keep everything updated, licensed, and supported
Remove when unsupported
28
What 6 additional defences are there in corporate security?
Data protection, segregation of duties, network fragmentation, network monitoring, honeypots, pentesting
29
What are the 4 ways of protecting data?
Encrypting data
Fragmenting data (split & store in diverse locations)
Backing-up data
Privacy protection (removing PII)
30
What is the benefit of segregating a task?
If N accounts required to execute a task, N accounts must be compromised
31
Give an example of network fragmentation
e.g. Front-end, back-end, office, and Internet split with access between managed with firewalls at bboundaries
32
Network monitoring
Uses intrusion detection systems (signature-based & anomaly-based) and intrusion prevention systems
Observes & records all traffic on network
Alerts on suspicious traffic
33
Honeypots (4 types)
A decoy to lure attackers
Research HPs: gather info about attackers (broader trends)
Production HPs: detect & deflect attackers from CIs
High-Interaction HPs: gain detailed insights into attacker behaviour (specific attacker behaviour)
Low-Interaction HPs: detect & deflect automated attacks
34
Pentesting (6 phases)
An authorised simulated attack to assess the system's security
1) Pre-engagement interactions - goals definition
2) Inteligence gathering - security mechanisms used
3) Threat modelling - how target can be attacked
4) Vulnerability analysis
5) Exploitation - actual attack
6) Post exploitation - what to do once compromised
35
What makes an attack an APT?
If its advanced, persistent, and a threat
If it's targeted and nation-state supported
36
What are Critical Infrastructures?
Facilities, systems, sites, information, people, networks, and processes that are necessary for a country to function and on which daily life depends
37
What is the impact of losing a Critical Infrastructure?
Major detrimental impact on availability, delivery, and integrity of essential services
Severe economic/social consequences
Potential loss to life
38
What are Industrial Control Systems?
Systems that control & monitor CIs
39
What 6 reasons are there for damaging CIs with malware rather than with an air strike?
Lower development costs
No casualties
No loss of employed weapons/equipment
Less chance of severe retaliation
Almost speed of light attacks
Anonymous / no attribution
40
What are the 6 hacktivism ethics?
1) Everyone should have unrestricted access to computers
2) Information should be free
3) Authorities can't be trusted
4) Hackers should solely be judged on ability
5) Hacking is considered an act of art
6) Computers are a positive phenomenon
41
What actors are involved in cyberwarfare?
Nation states
42
What are the 3 objectives of cyberwarfare?
Espionage: steal sensitive information from government to gather intelligence
Sabotage: disrupt/damage CIs
Propaganda: influence public opinion
43
Why is cyberwarfare not considered to be warfare?
There is no use of physical force
44
What is symmetric encryption?
The same key is used to encrypt & decrypt a piece of information
The key is shared between sender & recipient
45
What is asymmetric encryption?
Each user has a private key and a public key
Sender encrypt with recipient's public key
Recipient decrypts with its own private key
46
What is a digital signature?
A form of asymmetric encryption
Sender encrypts with its own private key
Recipient decrypts with sender's public key
47
What is a key ring?
All the public keys a sender/recipient has
48
What does a hash function do?
Converts in input into a fixed size string of bytes
49
What 2 ways are there to initially exchange keys?
Public key encryption
Diffie-Hellman key exchange protocol
50
How does public key encryption work?
Sender sends their public key and identity (PUa, IDa)
Receiver sends sender's public key and a secret key encrypted Enc[PUa, Ks]
51
How is public key encryption vulnerable to man-in-the-middle attacks?
Man in the middle attacks
MITM forwards sender's message to receiver but with their own public key
MITM receives secret key and forwards message to sender, replacing their public key with the senders to avoid detection
52
How does the Diffie-Hellman key exchange protocol work?
1) A & B agreed publically on a prime modulus (e.g. 3) and a generator (e.g. 17)
2) A selects a private random number (e.g. 15) and calculates (3^15)mod17 = 6 and sends result publically
3) B selects a private random number (e.g. 13) and calculates (3^13)mod17 = 12 and sends result publically
4) A takes B's public result, 12, and own private number, 15, and calculates (12^15)mod17 = 10 to obtain shared secret
5) B takes A's public result, 6, and own private number, 13, and calculates (6^13)mod17 = 10 to obtain shared secret
53
How is the Diffie-Hellman key exchange protocol vulnerable to man-in-the-middle attacks?
1) MITM generates 2 private keys PUx & PUy and calculates 2 public keys PRx = (a^PUx)modq and PRy = (a^PUy)modq
2) MITM intercepts A's public key PUa before it reaches B and creates a secret key for A, Ka = (PUa^PRy)modq
3) MITM transmits public key PUx to B in place of PUa
4) B calculates secret key K1 = (PUx^PRb)modq
5) MITM intercepts B's public key PUb before it reaches A and creates a secret key for B, Kb = (PUb^PRx)modq
6) MITM transmits public key PUy to A in place of PUb
7) A calculates secret key K2 = (PUy^PRa)modq
8) Now MITM can decrypt messages using Ka and encrypt with Kb
54
How can Diffie-Hellman man-in-the-middle attacks be prevented?
With a digital certificate: users/companies are bound to their public key
55
What is the function of a Public Key Infrastructure?
To create, manage, store, distribute, and revoke digital certificates
Enables secure, convenient, efficient acquisition of public keys
56
What are the 4 key players in PKIs?
Certification authorities
Registration authorities
PKI repositories
PKI users
57
What do Certification Authorities (PKI) do?
Issues, revokes, and distributes certificates
Certificates signed with CA's private key so authenticity can be checked using CA's public key
58
What do Registration Authorities (PKI) do?
Approves/rejects certificate applications
Renews (re-keys), revokes, and suspends certificates
59
What to PKI repositories do?
Store & distribute certificates and certificate revocation lists
60
What 4 reasons might there be for a certificate to be revoked?
Compromised private key
Certificate expiration
Human resources reason
Name/address/DNS change
61
What 3 issues are there with Certificate Revocation Lists?
Issued too infrequently to be effective against attackers
Expensive to distribute
Vulnerable to DoS attacks
62
Secure sockets layer vs transport layer security
Cyptographic protocols
TLS improves upon SSL by providing privacy & data integrity between communication applications
63
What 4 steps are there in a handshake protocol?
1) Client hello (protocol version, supported cryptographic algorithms)
2) Server hello (highest protocol version, strongest cryptographic algorithm)
3) Server key exchange: client receives server's certificate and verifies the CA private key with the CA public key
4) Client key exchange
64
What is Kerberos?
A network authentication protocol that relies on symmetric encryption
65
What are the 4 aims of Kerberos?
User password shouldn't have to travel over network
User password shouldn't be stored on client's machine
User is only asked to enter password once per work session
Authentication information management is centralised and resides on authentication server
66
What are Kerberos tickets?
Issued by authentication server
Encypted witht the secret key of the service it's intended for
Used as proof presented by a user to an application server to demonstrate their identity and gain access to that service on the network
67
What is the key distribution centre in Kerberos?
A centralised model containing the database, authentication server, and ticket granting server
68
What are the 6 steps in accessing a service in Kerberos?
1) User requests a ticket-granting-ticket from the authentication server
2) AS sends the session key and the TGT to the user
3) User requests access to a particular server from the ticket granting server using the TGT
4) TGS sends a session key and the ticket-for-service
5) User requests the service from the application server using the TfS
6) Application server grants the service
69
What 4 limitations does Kerberos have?
Single point of failure as if KDC server is down, no-one can log in
Vulnerable to password guessing attacks
Requires clocks to be synchronised
Has to assume user's workstation is secure
70
What 5 attacks is password-based authentication vulnerable to?
Password cracking (brute force attack, dictionary attack)
Electronic monitoring (network sniffing, keyloggers)
Workstation hijacking
Shoulder-surfing
Dumpster-diving
71
What are the 3 drawbacks of token-based authentication?
Requires a special read - added cost
Token loss - loss of access, added cost, stealing
User dissatisfaction
72
What are the 2 types of biometric authentication?
Static: fingerprints, hands, face, retina/iris
Dynamic: voice, signature
73
What are the 3 drawbacks of multi-factor authentication?
User must carry physical token at all times
Risk of loss or theft --> replacement cost
Unscalable: new token required for each new account/system
74
What 5 measures are there for preventing online password cracking?
Password policies
Password blacklists
Machine-generated passwords
Force regular password changes
Throttling - time delay between consecutive failed login attempts
75
What's the issue with hash dictionaries?
The size - good dictionaries can be 100s of TBs
76
What is a rainbow table?
A precomputed table used to crack password hashes
Has a good trade-off between time and space
77
What is password salting?
A way to avoid reverse password attacks
78
What are the 3 steps of password salting?
1) Append/prepend a random salt to the password
2) Compute the hash of the password and the salt
3) Store the hash of the salted password and the salt
79
What are the 2 benefits of password salting?
Prevents duplicate password visibility
Increase difficulty of offline dictionary attacks by factor 2^b for salt of b bits
80
What are the 4 group of harmful activities in Solove's Taxonomy of Privacy
Information Collection
Informaiton Processing
Information Dissemination (distribution)
Invasions
81
What are the 2 harmful types of information collection (Solove)?
Surveillance: surveilling an individual's activies
Interrogation: probing for information
82
What are the 4 harmful types of information processing (Solove)?
Aggregation: combining pieces of data about a person
Identification: linking information to individuals
Insecurity: carelesseness in protection stored information
Secondary use: use of data for a different purpose without subject's consent
83
What are the 7 harmful types of information dissemination?
Appropriation (use of one's information for purpose of another)
Breach to confidentiality
Blackmail
Distortion
Disclosure
Exposure (of physical/emotional attributes)
Increased accessibility
84
What are the 3 research paradigms in Privacy Enhancing Technologies?
Privacy as confidentiality
Privacy as control
Privacy as practice
85
What are quasi-identifiers?
Attributes that, when combined with other quasi-identifiers, create unique identifiers
86
What are the 4 techniques for data anonymisation?
K-anonymity
L-diversity
T-closeness
Differential privacy
87
What is K-anonymity?
Attributes are generalised into broader categories (e.g. age as >40) and/or suppressed (e.g. age as 2* for 28)
At least K records have the same values for quasi-identifiers
88
What 2 attacks is K-anonymity vulnerable to?
Homogeneity attack: if values in a QI group lack diversity e.g. all age 5* people at postcode 476*** have heart disease
Background knowledge attack
89
What is L-diversity?
Each QI group must contain at least L different sensitive attributes e.g. in a group with 3 attributes, its sufficient to have flu, shingles, or acne as the sensitive data
90
What 2 attacks is L-diversity vulnerable to?
Skewness attack: doesn't consider overall distribution of sensitive values e.g. instead of 1/1000 chance of heart disease, now 1/3
Similarity attack: if sensitive attributes in a 3-diverse are lung cancer, liver cancer, and stomach cancer, attack can infer patient has cancer
91
What is T-closeness?
The distance between the distribution of a sensitive attribute in all QI groups and the distribution of the sensitive attribute in the whole table is at most T
92
Proxy vs VPN
Similarities: both hide IP addresses, connection between proxy/VPN and end points aren't encrypted
Differences: VPN encrypts connection with VPN node, proxy doesn't encrypt connection
93
What is onion routing?
Where (TCP) traffic is protected with multiple layers of encryption
94
What is traffic mixing?
Mixes messages with other traffic
To allow responses, the sender places keys at each mix along the path when established
95
What is dummy traffic?
Meaningless traffic inserted alongside genuine data to obscure the real communication
96
What is Perfect Forward Secrecy?
Minimises risk to PI in event of encryption key breach
Each session's key is unique and not re-usable
97
What is access control and its 3 components?
The process of regulating system resources according to a security protocol
Authentication: verify user credentials are valid
Authorisation: grant permission to an entity to access a system resource
Audit: review & examine system activities
98
What are the 3 foundations of access control?
Object: the resource to which access is controlled
Subject: an entity that can access objects
Access right: the way a subject may access an object (read, write, execute, delete, create, search)
99
What are the three subject classes (access control)?
Owner: full control over object
Group: multiple users with similar access permissions to objects
World: all subjects that aren't the owner or part of a group
100
What 3 things are Access Control Models used for?
Defining a set of authorisation rights
Defining a set of policies to enforce the authorisation rights
Protecting systems against violations of confidentiality, integrity, and availability
101
What are the 4 main Access Control Models?
Discretionary Access Control
Mandatory Access Control
Role-Based Access Control
Attribute-Based Access Control
102
What are blockchains?
Systems that keep track of transactions securely across a network of computers without the need of a central authority e.g. cryptocurrency doesn't require a bank
103
What is double spending in blockchains?
When 2+ transactions use the same input
104
What is proof of work (briefly)?
A way to mitigate double spending in blockchains
105
What is a block of transactions?
A batch of submitted & confirmed transactions stored as a list
Each block also references the previous block so any changes require updating all following blocks
Each block also includes a random number
106
What are miners?
Nodes that create new blocks
107
What are the 4 steps a miner takes?
1) Chooses the transactions to include in a block
2) Chooses the previous block
3) Competes with other miners to solve a puzzle based on the data in the block and the previous block's hash
4) Once solved, broadcasts proposed block for solution verification and block addition
108
What puzzle are miners trying to solve?
Finding a number such that the hash of the whole block has at least a certain number of zeros as most significant digits
The more zeros, the harder the mining
109
What 3 reasons are there for miners to mine over the longest chain/branch?
There is a network consensus so more cumulative work
There are higher rewards
There is more security
110
What is branch resolution?
Where a generated block can be rolled back and transactions are cancelled
To avoid risk of double spending, wait for other six blocks before confirming txn
111
What is hashpower?
The number of hash computed per second
The probability of a miner generating a new block is proportional to its hashpower
112
What are mining pools?
Organised groups of miners
Have a collectively larger hashpower so a higher probability to mine blocks
113
What are the 3 advantages of blockchains?
Trustless network
Immutable transaction history
No single point of failure
114
What are the 3 disadvantages of blockchains?
High transaction fees
Slow transaction confirmation
Not yet stabilised currency
115
What is a smart contract?
A computerised transaction protocol that executes the terms of a contract
116
Node joining in permissionless/permissioned blockchains
Permissionless: any node can join the network
Permissioned: nodes need to be authorised to join the network
117
Security in permissionless/permissioned blockchains
Permissionless: need to target thousands of miners to make unavailable
Permissioned: need to traget fraction of peers
118
Stability in permissionless/permissioned blockchains
Permissioned blockchains aren't based on cryptocurrencies so are more stable
119
Transaction fees in permissionless/permissioned blockchains
Permissioned blockchains don't require any transaction fees
120
Decentralisation in permissionless/permissioned blockchains
Permissioned blockchains are inherently less decentralised
121
Setup & maintenance in permissionless/permissioned blockchains
Permissionless: convenient, contained cost
Permissioned: costly
