Cybersecurity Flashcards
(13 cards)
Explain different types of cyber attacks.
Malware: Viruses, trojans, ransomware, spyware
Phishing: Fraudulent emails to steal credentials
SQL Injection: Exploiting database vulnerabilities
Cross-Site Scripting (XSS): Injecting malicious scripts
DDoS: Overwhelming systems with traffic
Man-in-the-Middle: Intercepting communications
Social Engineering: Manipulating humans for information
What is encryption and how does it work?
Encryption converts plaintext to ciphertext using algorithms and keys.
Symmetric: Same key (AES, DES), fast, key distribution challenge
Asymmetric: Public-private keys (RSA, ECC), solves key distribution, slower
Hash Functions: One-way, ensure data integrity (SHA-256, MD5)
Explain authentication, authorization, and accounting (AAA).
Authentication: Verifies user identity (passwords, biometrics)
Authorization: Grants access to resources
Accounting: Logs and monitors user activities
Includes MFA, role-based access control, audit trails.
Explain different types of cyber attacks.
Phishing: Social engineering attack to trick users into revealing sensitive information (e.g., passwords, credit card numbers) by masquerading as a trustworthy entity.
Malware: Malicious software designed to harm or exploit any programmable device or network. Includes viruses, worms, ransomware, and spyware.
Denial-of-Service (DoS/DDoS): An attack that aims to make a machine or network resource unavailable to its intended users by overwhelming it with a flood of internet traffic.
SQL Injection (SQLi): A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g., to dump database contents).
Man-in-the-Middle (MitM): An attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
What is encryption and how does it work?
Encryption is the process of converting plaintext (readable data) into ciphertext (unreadable data) to protect it from unauthorized access.
Two main types:
1. Symmetric Encryption:
- Uses a single, shared secret key for both encryption and decryption.
- Fast and efficient.
- Example: AES (Advanced Encryption Standard).
- Challenge: Securely distributing the shared key.
- Asymmetric Encryption (Public-Key Cryptography):
- Uses a pair of keys: a public key (for encryption) and a private key (for decryption).
- Slower but solves the key distribution problem.
- Example: RSA.
What is the difference between encryption and hashing?
Encryption:
- A two-way process; what is encrypted can be decrypted with the correct key.
- Goal: Confidentiality (to keep data secret).
Hashing:
- A one-way process; you cannot reverse a hash to get the original input.
- Goal: Integrity (to verify that data has not been changed).
- Use Case: Storing passwords securely. You store the hash of the password, not the password itself.
Explain authentication, authorization, and accounting (AAA).
A security framework for controlling access to resources.
1. Authentication: ‘Who are you?’
- The process of verifying a user’s identity. Factors include something you know (password), something you have (token/phone), or something you are (biometrics).
- Authorization: ‘What are you allowed to do?’
- The process of granting or denying permissions to a user to access specific resources or perform actions based on their identity. - Accounting: ‘What did you do?’
- The process of logging user activity to create an audit trail for security, billing, or analysis.
What is Multi-Factor Authentication (MFA) and why is it important?
Definition: A security process that requires users to provide two or more different authentication factors to verify their identity.
Factors: Knowledge (password), Possession (phone/token), and Inherence (fingerprint).
Importance: It provides layered security, making it much more difficult for an attacker to gain access because they would need to compromise multiple, independent factors, not just a single password.
What is the CIA Triad in cybersecurity?
A foundational model that guides information security policies.
Confidentiality: Ensuring that information is not disclosed to unauthorized individuals or systems. (Achieved via encryption and access control).
Integrity: Maintaining the consistency, accuracy, and trustworthiness of data over its entire lifecycle. (Achieved via hashing and digital signatures).
Availability: Ensuring that systems and data are accessible to authorized users when needed. (Protected against by DDoS mitigation, backups, and redundancy).
Explain the Principle of Least Privilege.
A security concept where a user or entity is given only the minimum levels of access—or permissions—needed to perform its job functions.
Importance: It limits the potential damage from a compromised account or a malicious insider, as the compromised entity has very restricted access.
What is a firewall and how does it work?
A network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Function: It acts as a barrier between a trusted internal network and an untrusted external network (like the Internet).
What is the difference between an IDS and an IPS?
IDS (Intrusion Detection System):
- A passive system that monitors network traffic for suspicious activity and issues alerts when it is discovered.
- It only detects and reports; it does not take action.
IPS (Intrusion Prevention System):
- An active system that sits in-line with traffic.
- It not only detects malicious activity but also takes automated action to block or prevent it (e.g., dropping malicious packets, blocking traffic from an IP address).
What is a digital signature and what guarantees does it provide?
A cryptographic mechanism used to verify the authenticity and integrity of digital messages or documents.
How it works: A hash of the message is created and then encrypted using the sender’s private key.
Guarantees:
1. Authenticity: Proves the identity of the sender.
2. Integrity: Ensures the message has not been altered since it was signed.
3. Non-repudiation: The sender cannot deny having sent the message.
