Cybersecurity Flashcards
(43 cards)
What is Lateral Movement?
Once within the system, the hacker can access other areas within the system
What is Firmware?
permanent software programmed in read only memory or hardware
What does “DDoS” stand for and what is a DDoS attack?
(Distributed Denial of Service Attack); malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
What is a Zombie Machine?
A machine one can control because they are vulnerable
It is difficult to filter the high amount of data when an attack comes from multiple ______?
Nodes
Three Factors impacting security:
The amount of time it takes, the amount of money (resources) and probability of success.
When designing a system, what is the “KISS” rule?
Keep it Simple, Stupid.
_________ Surface
Attack
What are the three types of entities?
1) Software
2) Hardware
3) Humanware
What is Pseudo Anonymity?
Pseudonymous merely means you are not using your real, legal name to identify yourself
What is a Bug Bounty?
A bug bounty is a reward that is paid out to developers who find critical flaws in software
What is “Kerckhoff’s principle?
Kerckhoff’s principle is the concept that a cryptographic system should be designed to be secure, even if all its details, except for the key, are publicly known
Three fundamental questions you need to ask yourself when designing a system?
1) What assets do we need to protect? Ex. Phone, data, system, etc
2) How are those assets threatened?
3) What can we do to counter those threats?
What are the three components of computer security?
Integrity
Availability
Confidentiality
What is integrity?
Guarding against improper information modification or destruction. Including ensuring information non-repudiation and authenticity
What is dat availability?
Ensuring timely and reliable access to an use of information
What is data confidentiality?
Preserving authorized restrictions on information access and disclosure. Including means for protecting personal privacy and proprietary information
What are 6 Computer Security Challenges?
- Attackers only need to find a single weakness, the developer/admin needs to find ALL the weaknesses.
- The attacker can exploit Multiple weaknesses
- Users and system managers tend to no see the benefits of security until a failure occurs
- Security requires regular and constant monitoring
- It’s often an afterthought + incorporated into a system after the design is completed
- Thought of as an impediment to efficient and user-friendly operations
Three types of System Vulnerabilities (of System Resources)
Corrupted (loss of integrity)
Leaky (loss of confidentiality)
Unavailable or very slow (loss of availability)
3 Types of attacks
Active – Attempt to alter/affect system resources
Passive – does not (directly) affect the system resources
Insider vs Outsider
What is “Legacy Approach”?
Bad guys are outside, good guys are inside your org.
Dealing with a Security Attack (3x)
Prevent
Detect
Recover
What is the Old Encryption Standard - Acronym and meaning) + how many bits ?
Data Encryption Standard (DES) + 56 bits
What is the New Encryption Standard - Acronym and meaning) + how many bits ?
Advanced Encryption Standard (AES) + 64 BITS
