Security+ Test Study Flashcards
What are the four security control categories?
Technical, Managerial, Operational, and Physical.
What are Technical controls?
Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category.
What are Managerial controls?
A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this.
What are Operational controls?
Controls implemented and/or made by people . Security guards, awareness programs, and posters are all examples of this.
What are Physical controls?
Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this.
What are the six security control types?
Preventive, Deterrent, Detective, Corrective, Compensating, and Directive.
What is a Preventive control type?
A control type that block access to a resource.
What is a Deterrent control type?
A control type that discourages an intrusion, but does not directly prevent access.
What is a Detective control type?
A control type that identifies and logs an intrusion attempt.
What is a Corrective control type?
A control type that applies a control after an event has been detected.
What is a Compensating control type?
A control type that uses other means instead to compensate for what was originally intended (Plan B).
What is a Directive control type?
A control type that directs a subject towards security compliance.
A firewall is an example of what control category and type?
Technical Preventive
Being informed you may receive a demotion for not following policy is an example of what control category and type?
Managerial Deterrent
Guards patrolling a property is an example of what control category and type?
Operational Detective
A fire extinguisher is an example of what control category and type?
Physical Corrective
Requiring multiple security staff is an example of what control category and type?
Operational Compensating
Compliance policies is an example of what control category and type?
Managerial Directive
An on-boarding policy that states what you can and can’t do with company equipment is an example of what control category and type?
Managerial Preventive
A splash screen issuing a warning is an example of what control category and type?
Technical Deterrent
Reviewing printed out login reports is an example of what control category and type?
Managerial Detective
Contacting the authorities after an incident has occurred is an example of what control category and type?
Operational Corrective
Utilizing a power generator is an example of what control category and type?
Physical Compensating
Having staff undergo security policy training is an example of what control category and type?
Operational Directive
A guard shack set up outside of the entrance to a building is an example of what control category and type?
Operational Preventive
A door lock is an example of what control category and type?
Physical Preventive
A reception desk at the entrance of a building is an example of what control category and type?
Operational Deterrent
Warning signs are an example of what control category and type?
Physical Deterrent
Motion detectors an example of what control category and type?
Physical Detective
Writing out policies for how staff are to report issues after an issue has occurred is an example of what control category and type?
Managerial Corrective
A backup recovery on a computer is an example of what control category and type?
Technical Corrective
Having system logs on your computer is an example of what control category and type?
Technical Detective
A sign that reads, “Authorized Personnel Only” is an example of what control category and type?
Physical Directive
Separating duties to multiple staff members is an example of what control category and type?
Managerial Compensating
Blocking an incomplete application on a system instead of patching the application is an example of what control category and type?
Technical Compensating
File storage polices on an OS is an example of what control category and type?
Technical Directive
What is the CIA Triad?
A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability.
In the CIA Triad, what is Confidentiality?
Ensures that information being exchanged is confidential or private. The concept includes the prevention of disclosure of information to unauthorized individuals or systems. This is achieved through encryption, two-factor authentication, and access controls.
In the CIA Triad, what is Integrity?
Ensures that information stored or sent to someone else will stay the same while in transit or while it’s saved. This is achieved by hashing, digital signatures, certificates and non-repudiation.
In the CIA Triad, what is Availability?
Ensures that all of your systems and networks remain up and running. This is achieved through redundancy, fault tolerance, and patching.
How does encryption ensure confidentiality is achieved in the CIA Triad?
Messages are encrypted so that only certain people can read it. If someone receives a message without the means to decode it, they are out of luck.
How does two-factor authentication ensure confidentiality is achieved in the CIA Triad?
Two-factor authentication requires an additional confirmation of who the person receiving the information is before access is allowed. If they cannot provide this, access is not given.
How do access controls ensure confidentiality is achieved in the CIA Triad?
Access controls set limits to who has access to certain types of information. A person will not be able to access information if they have not been allowed access in the access controls.
How does hashing ensure integrity is achieved in the CIA Triad?
The person sending the data will create a hash of the data and send you both the data and the hash at the same time. When you receive the data, you’ll perform the same hashing function, and if your hash matches the sender’s hash, then you’ll know the data you’ve received is exactly the same as the data that was sent.
How do digital signatures ensure integrity is achieved in the CIA Triad?
A digital signature takes a hash and encrypts it. If the receiver can decode the digital signature (encrypted hash) AND the data hash, then they know the data is good.
How do certificates ensure integrity is achieved in the CIA Triad?
Certificates identify devices or people sending data from one device to another.
How does non-repudiation ensure integrity is achieved in the CIA Triad?
Non-repudiation provides proof of integrity that proves data originated from an original party.
How does redundancy and fault tolerance ensure availability is achieved in the CIA Triad?
Redundancy and fault tolerance allows for multiple technologies to be in play at once so that if one fails another can take its place.
How does patching ensure availability is achieved in the CIA Triad?
By making sure your systems don’t go down due to software being out of date and failing, you’ll need to constantly make sure your systems are managed and updated by patching them. Patching closes security holes and makes your systems stable.
What is non-repudiation?
The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing.
What is proof of integrity?
Any data that’s received can be verified that it is the exact same data that was originally sent, and nothing inside of the data has been changed. This can be accomplished by using a hash.
What is a hash?
A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint. It’s impossible to recover the original message with just the hash.
True or False: If data changes, the hash changes.
True
What are the downsides of a hash?
The downside of a hash is that it only tells you if the data has changed, but it doesn’t tell you who changed it. Hashes are not associated with individuals.
What is proof of origin?
An additional level of integrity that verifies the individual who sent you the data by providing a digital signature from the sender. Anybody can see the signature, but only the signer has the private key. The receiver uses a public key that anybody can get to examine the digital signature, decrypt it, and verify that the hash of the plain text has not been altered.
A digital signature is created with a private key that’s shared, and verified with a public key, the opposite of the process of encrypting data.
What are the three A’s in the AAA framework?
Authentication, Authorization, and Accounting
What is Authentication?
The check between your username, your password, and any other authentication factors. It proves we are who we say we are.
What is Authorization?
What type of access one has after they’ve proven who they are through identification and authentication.
What is Accounting?
A log of who has logged in, sent and received data, and logged out.
What is Identification?
Who you claim to be. This is usually a username.
Briefly explain how The AAA Framework works
Here’s how it works: You’re trying to access an internal file server remotely, one that’s on the other side of a VPN concentrator. You try to access the file server, and the VPN concentrator prompts you to authenticate. Now, the VPN concentrator itself doesn’t store your authentication credentials, but it does have access to a AAA server that does, so when you put in your credentials, the VPN concentrator asks the AAA server if what you put in matches info already put into the database. If it does, you’re approved and you can access the file server.
What does someone do if someone is trying to authenticate but there is no end user to physically type in a password?
We do this by putting a digitally signed certificate on the device so that firewalls and VPNs can recognize the device as one that is owned by the organization. Management software can validate the end device.
How do you make device certificates?
You can make device certificates by utilizing a CA (Certificate Authority). Most organizations maintain their own CAs. They’re usually a type of software. The organization creates a certificate on the device and then digitally signs it. The digital signature validates the certificate. It’s like a software version of an asset tag, and allows only certified devices to access certain things.
What is an authorization model?
Also called an abstraction. The model used to give groups of users specific rights and permissions to different data. (Bruh, it’s just OUs).
What is gap analysis?
A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself.
What are the four gap analysis strategies?
-Work towards a known baseline, or internal set of goals
-Get a baseline of employees, their experience, training and knowledge
-Look at what your currently have IT wise, and compare and research better alternatives
-Create a final document that summarizes everything you’ve discovered, how much time, money, and change control it’s going to take, a formal description of the current state, and how to get to the established baseline. This is called a Gap Analysis Report.
What is zero trust?
A holistic approach to network security that covers every device, process and person. You have to authenticate every time you want to gain access to a particular resource.
Explain the concept of planes of operation.
Having your network split into functional planes. A common practice is splitting your network into a data plane (the plane that includes all of your data processing, forwarding, trunking, encrypting, NAT, etc.) and the control plane (the plane that manages how that data is moved and forwarded). Think of it this way: On a switch, you have your ports that process and move data from one place to another, and that’s your data plane, but that switch is also configured to know how that data is supposed to move and has specific network address settings, and those ports are configured to do so. That’s your control plane.
What is adaptive identity?
Where you examine the identity of an individual and apply security controls based on other factors than just what the end user told you, such as the end user’s physical location, their relationship to the organization, their type of connection, and their IP address.
What is threat scope reduction?
Limiting how many places can be used to get into the network, such as only allowing people in the building access, or only allowing access to the network via a specific VPN.
What is policy-driven access control?
Combining adaptive identity with a predefined set of rules to determine if the person trying to log in is really that person.
What are security zones?
Examines where you’re connecting from to where you’re connecting to to determine what devices can be trusted to connect to the network. They will allow devices connecting from a trusted zone and disallow devices connecting from an untrusted zone.
What is PDP?
Policy Decision Point: (PDP) A policy engine and policy administrator working together to determine whether traffic supplied by the PEP can be allowed or disallowed.
What is PEP?
Policy Enforcement Point: (PEP) The gatekeeper that all network traffic goes through. Can be one device or multiple devices working together checking different policies on things.
What is a policy engine?
Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.
What is a policy administrator?
Takes the decision made by the policy engine and provides that information to the PEP.
What are barricades and bollards?
Allow people access by channeling them to a specific point, but prevent vehicles.
What is an access control vestibule?
A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa.
What is fencing?
….It’s a fence, dude. I don’t know what to tell you.
What is video surveillance?
Or CCTV. Security cameras that watch areas to see if unauthorized people are gaining access. Can have motion or object detection.
What are guards?
A person physically protecting something at the reception area of a facility. They also validate the identification of existing employees.
What is two-person integrity/control?
Two guards working together for security. Sometimes jobs are divided between the two so that no one person has access to everything.
What are access badges?
Badge that identifies you. Has your picture, name, and other details printed on it, must be worn at all times, and is sometimes electronically logged.
How does lighting enhance security?
More light means more security. Attackers avoid the light, so keep your entrances well lit for both guards and cameras.
What are infrared sensors?
A common sensor found in motion detectors that detect infrared radiation in both light and dark rooms.
What are pressure sensors?
Detects a change in force in a room.
What are microwave sensors?
Similar to infrared sensors, but utilized in large rooms.
What are ultrasonic sensors?
Detect motion and collision through ultrasonic sound waves reflected off of surfaces.
What is a honeypot?
Setting up a fake system to attract a bad guy, monitoring how they are attempting to override your fake system, and then recording their methods to implement securities on your real system. Tricking evil Winnie the Pooh and trapping him.
What is a honeynet?
A bunch of honeypots networked together. Very sticky.
What is a honeyfile?
A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed.
What are honeytokens?
A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it.
What is change management?
Or Change Approval Process. The formal process an IT administrator goes through to ensure that a change to the systems goes through properly and without messing anything up.
What are the basic best practices of change management?
Have clear policies that include the frequency, duration, installation process, and rollback procedures should they not work, of updates and changes to your systems.
What are the seven steps of the change control process?
-1) Fill out an approval process request form.
-2) Explain what the change is and why it’s being implemented.
-3) Identify the scope of the change, or how big this change will be.
-4) Schedule a date and time for the change to take place.
-5) Determine the affected systems and the impact on those systems.
-6) Analyze the risk associated with the change.
-7) Get approval from the change control board to go ahead with the change.
In terms of change management, what is ownership?
The individual or entity who discovers a change needs to be made. For example, the head of Shipping and Receiving gets a notification on his computer saying all of the departments’ address label printers need to be updated. Shipping and Receiving owns this process, but it’s the IT department that will actually be making this change.
What are stakeholders?
Individuals or departments that will be impacted by the change you’re proposing. They’re going to want input on the change management process, and some type of control over when the change occurs. Take into account who all is going to be impacted by the change. Look beyond the immediate impact and look through the whole process.
What is impact analysis?
Determining what sort of risk is going to be involved when a change is made, i.e., fixes that don’t fix anything, fixes that break something else, OS failures, etc.
Alternatively, it could also mean what risks are going to be involved if a change is NOT made, i.e., security vulnerability, application unavailability, or unexpected downtime. Risks can be high, medium, or low.
What is sandbox testing?
An environment set up to test changes that has no actual connection to the real world or your production systems. A technological safe space. A place to test and confirm before deployment. Also a really good place to test your backout plan.
In terms of change management, what is a backout plan?
A plan to back out of an implemented change should things go wrong and mess up your systems. Always have a way to revert to your original settings before the change was implemented. Always have backups.
What is a maintenance window?
When the best time would be to implement a change, that would have as little impact on production as possible.
In terms of change management, what should be included on your company’s intranet?
Standard operating procedures should be available on your company’s intranet, along with any and all well documented change processes.
What is an allow list?
Nothing runs unless it’s approved. Very restrictive.
What is a deny list?
Everything runs unless it’s denied. Very flexible.
True or False: Anti-Virus programs are basically really big deny lists.
True
In terms of the change control process, what are restricted activities?
In the change control process, this is a specified list of things you can actually do during the change window to implement the change. You can’t do anything outside of this scope unless change management says so. Scope can be expanded and approved as the change progresses.
What is downtime?
The time during a change in the change control process where services are unavailable because of the change, usually scheduled during non-production hours.
What is the best practice to implement if there is no way to prevent downtime during a change control process?
If there’s no way to prevent any downtime in your organization while making a change, try switching users to a secondary system, upgrading their primary systems, and then switch them back.
What are service restarts?
Usually, after a change is made to systems, you’ll need to restart either the service, the application, the OS, or the whole system in order for the change to start working.
What are legacy applications?
Applications that have been running in the organization for a long, long time and are probably no longer supported by the developer. Be careful with deleting or changing these because there may not be a way to bring them back. Document how they’re installed and hang onto it in case a change needs to be made.
What are dependencies?
Applications or services dependent on another in order to run. Changes will need to be made to one application or service before you’re able to install or update another application or service. It’s a pain.
In terms of the change control process, what is documentation?
It’s difficult to keep up with all of the changes that are made in an organization so document EVERYTHING and keep it up to date. Stay organized. It will save you headaches in the future. Update your diagrams and IP addresses. Rewrite your processes and procedures and keep them handy.
What is version control?
Keeping track of changes to a file or configuration of data over time. If a file updates, save the previous version before upgrading to the new so you’ll have a backup of the old on hand in case something goes wrong.
What is PKI?
Policies and procedures that are responsible for creating, distributing, managing, storing, revoking, and performing processes associated with digital certificates.
PKI used as a verb means to associate a certificate to people or devices.
What is symmetric encryption?
A single, shared key. You encrypt data with the key and decrypt data with the key. If the key gets out, you’ll need another key. Also known as a secret key algorithm or a shared secret. It doesn’t really scale very well because it’s only one key shared between a bunch of people. It is very fast, however.
What is asymmetric encryption?
Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source.
True or False: You can derive the private key from the public key.
False
What is key escrow?
Someone else holding onto your decryption keys, either within your organization or with a third party.
What is data at rest?
Data that’s stored on storage devices such as SSDs, hard drives, USB drives, cloud storage, etc.
What are two examples of full-disk and partition/volume encryption software?
BitLocker (Windows OS) and FileVault (Mac OS).
True or False: You can encrypt individual files on Windows using EFS (Encrypting File System), and other OSs using other third party utilities.
True
True or False: Data used online is stored in a database.
True
What is transparent encryption?
Symmetric key encryption for databases. Things have to be unlocked every time data is pulled from the database.
What is record-level encryption?
Data in a database that’s encrypted at the record level while everything else is public. For example, names in the database are decrypted, but SSNs are encrypted.
What is transport encryption?
Protecting data as it crosses the network. This is done by browsers using secure ports such as HTTPS that encrypt data as it crosses the network. VPNs are another example, either site to site VPNs using IPsec, or client based VPNs using SSL/TLS.
What are algorithms?
The formula used to encrypt and decrypt data. Both sides of the data decide on the algorithm being used before data is encrypted. The details are often hidden from the end user, however. You’ve gotta encrypt and decrypt with the same algorithm, or it won’t work.
There’s very little that isn’t known about the cryptographic process. The algorithms being used are usually known entities. The only thing that isn’t known is the key. In other words, just by knowing the mathematical process of how an algorithm creates a key, doesn’t allow you to know how to reverse engineer the key itself.
True or False: Keys are not subject to brute-force attacks.
False. Keys are subject to brute-force attacks, however. This is why key length is important. The longer the key, the harder it is to brute-force guess what it is.
What is key strengthening?
Also known as key hashing or key stretching. The process of making your key stronger by hashing the hashes of your password multiple times. The hash of a hash of a hash of a password is difficult to brute-force.
What is key exchange?
Sharing an encryption key across an insecure medium.
What is out-of-band key exchange?
Using other means than the internet to share an encryption key. Telephone, using a courier, handing it off in person, etc.
What is in-band key exchange?
Sharing an encryption key on the network and protecting the encryption with additional encryption.
What are session keys usually used for?
Session keys are usually used for temporary services.
Briefly explain how to create a symmetric key using public key cryptography.
Bob on his computer has a private and public key. Alice on her computer also has her own private key and public key. Bob shares his public key with Alice, and Alice shares her public key with Bob. Together, combining their own private key with each other’s public key, they’ve created an identical symmetric key that both of them now have.
What is TPM?
Trusted Platform Module. Cryptography hardware on a device. Contains a cryptographic processor, a random number generator, key generators, and both persistent memory with unique keys burned in during manufacturing, and versatile memory for storing all the keys you make with the hardware.
What is HSM?
Hardware Security Module. A standalone device whose sole purpose is to provide cryptographic keys to many devices in large environments. It securely stores thousands of cryptographic keys.
What is a key management system?
A centralized console that keeps track of all of your different keys for all of your different servers, users, and devices. Logs key use and other important events.
What is a secure enclave?
A security processor built into the systems we use.
What is obfuscation?
The process of making something unclear and more difficult to understand.
What is steganography?
Hiding information inside of an image, TCP packets, audio files, video files, and invisible watermarks on printed pages. Security through obscurity. Can be reverse engineered if you figure out how it was hidden.
What is tokenization?
Replacing sensitive data sent across the network with a non-sensitive placeholder. The number is replaced with a nonsense number while being sent and then decrypted to the actual number on the other end. Used during credit card purchases.
True or False: If you use tokenization, you don’t need to encrypt or hash your data because the only thing that will be intercepted is nonsense.
True
What is data masking?
Hiding some of the original data. Where all but the last four digits of your credit card number are replaced with asterisks on receipts and things like that.
What is a hash?
A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint.
True or False: If data changes, the hash changes. It’s possible to recover the original message with just the hash.
False. If data changes, the hash changes. It’s impossible to recover the original message with just the hash.
What is salting?
Random data added to a password when hashing that password, making a different hash for the password when stored. For example, the password ‘dragon’ has its own unique hash, but the password ‘dragon +r4$x’ has a different hash, but is still able to be deciphered when the password is looked at in plain text. The +r4$x is known to the user to be the salt.
True or False: Digital signatures do NOT encrypt any data being sent. They only include a hash as an attachment to the message that can be verified by the receiver that the data hasn’t been altered.
True
What is a blockchain?
A distributed ledger for anyone to be able to see that keeps track of transactions. If you are involved in a blockchain, you are notified of any and all changes. The transaction is then added to a new block of data containing other recently verified transactions. A hash is added to the block of data and the block is completed so that if data is changed, everyone looking at it will know.
What is a digital certificate?
A file that contains both a public key and a digital signature. Think of it as a digital version of an ID card. It’s a way to provide trust and for them to say that the person is who they actually say they are in authentication, and allow them access to things they previously did not have access to.
What is a web of trust?
Rather than a centralized certificate authority verifying digital certificates, multiple individuals are instead signing each other’s certificate. Friends trusting friends.
What is X.509?
Standard web browser certificate format that everyone can read.
What is a root of trust?
A third party vouching for a site or resource that we can always trust. Certificate Authorities (CAs) can be Roots of Trust as well.
What is a certificate authority?
A trusted entity that issues digital certificates. These certificates are used to verify the identities of individuals, organizations, or devices in the context of secure communication over a computer network. When two parties communicate securely using encryption, the recipient can verify the sender’s identity by checking the digital signature on the sender’s certificate. To establish trust, major web browsers and operating systems come preloaded with a list of trusted root certificates from well-known and reputable CAs.
What is CSR?
The process of creating a certificate for your web server, sending that certificate to a certificate authority to be validated, having them digitally sign it, and then sending it back to you. You create a public key, add the identifying information about what server it’s connected to and info about your organization, you send it off to the CA, they validate it with their private key, and then send it back to you complete.
What are CRLs?
A list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date. When a CA issues a digital certificate, it includes an expiration date. However, certain events may lead to the need for revocation before the certificate’s expiration, such as the compromise of the private key associated with the certificate, the compromise of the CA itself, or other security-related concerns.
What is a self-signed CA?
You can have your own in-house Private CA for large organizations all running internal software that needs to be trusted.
What are wildcard CAs?
When you click the lock icon on a web browser and look at the subject alternative names, you’ll see a list of names with an asterisk next to them. These are the lists of domains that are allowed to use that CA. As long as your device is associated with one of the listed domains, it can use that CA.
What is OCSP?
Online Certificate Status Protocol. A protocol that lists the status of its certificate onto the web server itself.
What are threat actors?
What are the three important attributes to nail down when identifying a threat actor?
1) Are they internal or external
2) How much funding/resources do they have
3) What’s their level of sophistication/capability
What is a nation state threat actor?
A threat actor external to your organization associated with a government or national security of that government. They could have many motivations for attacking you, with lots of sophistication, capability, and resources.
What are unskilled attackers?
Basically the opposite of a Nation State. Low skill, resources, and capability. Motivated by causing disruption and general chaos. They usually run pre-made scripts to attack your organization without really knowing how any of it works. Anyone can do this. Can be internal or external.
What is a hacktivist?
A hacker with a purpose. Motivated by an opposing philosophy, revenge, general disruption, etc. Often an external entity, but can sometimes be an insider threat. Can be quite sophisticated, using very specific attacks. They know what they’re doing, however, funding is usually low.
What is an insider threat?
A threat from the inside of your organization. Someone on the outside can squeazel their way in and then betray you. Motivated by revenge and financial gain. In this circumstance, your organization is their funding. They have institutional knowledge, and know what vulnerable systems to hit.
What is organized crime?
Mnyaah, see? Professional criminals motivated by money, almost always an external enemy. Very sophisticated, seeing as their hacking is the best money can buy. They are organized in that one person hacks, another exploits, another person sells data, and another handles customer support.
What is shadow IT?
Someone who works in your IT department and has found a way around your security and policies. Limited resources, they can only afford what you pay them, and medium sophistication. They may know a thing or two, but they don’t know everything.
What is a threat vector?
A method that an attacker uses to gain access to your systems. Also called ‘attack vectors’.
What are message-based vectors?
Using email, SMS, and instant messaging to send you malicious links to get you to download malicious software or gain access to your systems. Basically, phishing.
What are image-based vectors?
Attackers using SVG (Scalable Vector Graphic) image formats that utilize XML files that describe the image and allows the attacker to embed other information within the XML. An attacker can put information within the image description that would then run inside of your browser.
What are file-based vectors?
Files that run on your computer that attackers can use to gain access to your files. The most easily recognizable are exe executable files, but .pdfs, ZIP, RAR compression files, add-ins, file extensions, and Microsoft Office documents are also used to instigate an attack.
What are voice call vectors?
Phishing over the phone. Someone on the other end of a phone trying to get you to give up valuable information. A wide scale version of this is called war dialing. They also attempt to DoS your systems by call tampering, and spam over IP.
What are removable device vectors?
Using a USB drive to get into systems and get or disrupt information. Fun fact: USB drives can be modified into appearing to your computers as keyboards and can automatically begin typing things onto your screen.
What is a client-based vulnerable software vector?
Security issues and vulnerabilities within software that has not been properly updated.
What is an agentless vulnerable software vector?
Security issues and vulnerabilities within software on a server that is distributed to client devices that have not been properly updated.
What are unsupported system vectors?
Systems within your network that are no longer able to receive upgrades or patches to prevent attacks, and are therefore vulnerable within your network. Example, outdated operating systems.
What are unsecure network vectors?
Attackers using outdated, un-upgraded, or rogue wireless, wired, and Bluetooth connections to gain access to systems on your network.
What are open service ports?
An unsecure port that can be utilized by an attacker to gain access to the systems on your network. The more services you install, the more open ports and potentially the less secure a system might be. Use firewalls.
What are default credentials?
The default username and passwords on your network devices when you first get them. Change them so they won’t be utilized by an attacker!
What are supply chain vectors?
Third parties gaining access to your systems through established infrastructure in equipment, using an authorized vendor program to jump to an unauthorized system, and the utilization of counterfeit networking equipment.
What are MSPs?
Managed Service Providers: Third parties that you are paying to manage your equipment and systems
What is phishing?
Communication method used to make you think something is real when it really isn’t in order to steal data or make your infrastructure vulnerable. Example: texts with dubious links, suspicious emails from unknown senders, and fake websites that look like real websites.
What is typosquatting?
A fake URL that’s very similar to the real one that attackers use to trick people into clicking dubious links.
What is pretexting?
The attacker lying to you and creating a dramatic situation to get your information.
What is vishing?
An attacker lying to you over the phone to get your information.
What is smishing?
SMS phishing. An attacker lying to you through text to get your information.
What is impersonation?
An attacker pretending to be someone of importance that you should listen to (a boss, an authority, someone from the help desk, or a third party account holder) in order to get information from you.
What is identity fraud?
An attacker pretending to be you to use and waste assets that are already yours.
What is a watering hole attack?
An attacker, who cannot gain access to your network by conventional means, “poisons” a third party website that all of your employees visit, thus getting a foot in the door, and attacking your network indirectly.
What is defense-in-depth?
Having multiple layered contingencies to protect your systems, employing the use of a firewall AND an IPS AND antivirus software all working at the same time.
What is misinformation/disinformation?
Giving, either deliberately or not, the wrong information. Creates confusion and division. Usually given on a large scale by influence campaigns, nation-state actors, and advertising on social media to sway public opinion.
What are the five steps of the Misinformation Process?
1) Create fake users
2) Create content on the fake user account
3) Content is liked and shared
4) Real users share the message
5) Mass media picks up the story
What is brand impersonation?
Attackers pretending to be a well known brand in order to fool people into visiting their fake site and download malware and exfiltrate your information.
Briefly explain memory injection.
All software runs in memory. Nothing runs on your computer unless it is run through memory and processed on a CPU. By this logic, malware also runs in memory, and has two options to run once it’s inside your PC. It can either run its own processes, or inject itself into a legitimate already running process on your PC. The process of a malware script being inserted into the existing process of other software is called Memory Injection.
What is DLL injection?
Dynamic-Link Library Injection. A type of executable on your system that many different processes and applications use. An attacker can insert his malicious DLL into the legitimate DLL by making a path from a storage device to the legitimate DLL and make it part of the process.
What is DLL?
Ask AI
What is a buffer overflow?
Where an attacker can write more than what’s expected into a particular area of memory and that additional information that they’re writing overflows into another area of memory. It’s a difficult attack to perform, because additional information written onto an application often causes a system to crash.
What is bound checking?
An application developer ensuring that only 8 bytes of data are being written at a time into memory to prevent possible buffer overflow attacks.
What is a race condition?
Where two events happen at nearly the same time with an application, and the application doesn’t take into account that the two events are happening simultaneously.
What is a TOCTOU attack?
Time-of-check to time-of-use attack. An application checks a system to retrieve information that may be stored. After it retrieves that information, it performs a particular function with a particular value. But sometimes something else happens between the time the application checks the system for the value, and the application actually using the value.
