vocab Flashcards
(196 cards)
1
Q
confindentitality
A
ensures that only approved individuals may access information
2
Q
Integrity
A
ensures that information is correct and unaltered
3
Q
Availability
A
Ensures that information is accessible to authorized users
4
Q
Authentication
A
The act of ensuring a users credentials as authentic
5
Q
Authroization
A
grants a permission for a user to take a particular action
6
Q
Accounting
A
creates a record that is preserved of who accessed the network, what resources they accessed, and when they disconnected from the network
7
Q
Cybersecurity
A
involves a range of practices, process and technologies intended to protect devices, networks, and programs that process and store data in an electronic form
8
Q
Information Security
A
Protects “processed data” that is essential in an enterprise
environment
9
Q
Threat Actor
A
Individual or entity responsible for attacks
10
Q
Financial crime three target categories
A
Individual Users
Enterprises
Governments
11
Q
Threat actor categories
A
Unskilled actors, shadow IT, organized crime, insiders, hacktivists, state actors
12
Q
Unskilled Actors
A
Want to perform attacks yet lack technical knowledge to carry them out.
Data exfiltration or service disruption
13
Q
Shadow IT
A
Bypassing corporate approval for technology purchases.
Motivation often ethical, but weakens security
14
Q
Organized crime
A
Close-knit group of highly-centralized enterprises engaging in illegal activities
Motivation is financial gain
15
Q
Insider threats
A
A company’s own employees, contractors, and business partners. Hard to recognize
Motivation revenge or blackmail
16
Q
Hacktivists
A
Strongly motivated by ideology and want to make a political statement
Motivation is to cause chaos/disruption
17
Q
Nation-State Actors
A
Own state-sponsored attacks on foes. Multiyear intrusion campaigns targeting sensitive economic, proprietary, or national security information
18
Q
Advanced Persistent Threat (APT)
A
Use innovative attack tools that silently extract data over an extended period of time
19
Q
Competitors
A
Launch attacks against opponents systems to steal classified information
Motivation steal new product research or current customers
20
Q
Brokers
A
Sell their knowledge of weakness to other attacks or governments
Motivation financial gain sell to highest bidder
21
Q
Cyberterrorists
A
Attacks a nations network and computer infrastructure to cause disruption and panic
motivation terror and control and target computers or electrical grids
22
Q
Attack surface (threat vector)
A
digital platform that threat actors target for their exploit
23
Q
Supply chain
A
a network that moves product from its creation to the end-user (causes supply chain infections)
24
Q
Supply chain infection
A
Malware can be injected into a product during its manufacturing, storage, and distribution
25
Open-source software
Software where the source code is available for anyone to freely use without restriction
26
Vulnerability
State of being exposed to the possibility of being attacked or harmed
27
Vulnerability caegories
software, hardware, misconfigurations, and zero-day
28
Availability loss
systems inaccessible
29
Financial loss
Loss of productivity
30
Reputation
Public perception of enterprise
31
Data loss
Destruction of data so that it cannot be recovered
32
Data exfiltration
Stealing data to distribute it to other parties
33
Data breach
Staling data to disclose it to an unauthorized fashion
34
Identity theft
Taking personally identifiable information to impersonate someone
35
Information Security Resources
Framework
Regulations
Legislation
Standards
Benchmarks/Secure configuration guides
Information Sources
36
Information Security Framework
Series of documented processes to define polices and procedures for implementation and management of security controls in an enterprise
37
National Insititute of Standards and Technology (NIST) framework three parts
Framework Core
Implementation tiers
Profile
38
Regulations
process of adhering is regulatory compliance
categories
Broadly applicable
Industry specific
U.S. State
International
39
Benchmark / Secure Configuration Guides
Distributed by hardware manufactures and software developers
40
41
Social engineering
means of eliciting information or convincing a user to take action that weakens security
42
Human manipulation through
provide reason
project confidence
use evasion and diversion
make them laugh
43
phishing
sending an email message or displaying a web announcement that falsely claims to be from a legitimate source
44
variations of phishing
spear phishing
whaling
vishing
smishing
45
impersonation
masquarading as a real or fictitious charactar
46
brand impersonation
threat actor pretends in order to build immediate trust and recognition
47
Redirection
Usses fake lookalike site filled with ads for the attacker to received money from generated traffic
two type s
squatting
pharming
48
misinformation
false or inaccurate
49
disinformation
comes from malicious intent
50
hoax (false warning)
type of cyber disinformation
51
watering hole attack
directed toward a small group of specific individuals
52
Dumpster diving
involves digging through trash receptacles to find info that can be useful in an attack
53
Google dorking
Uses advanced google search techniques to look for information that unsuspecting victims carelessly posted
54
Shoulder Surfing
Occurs when a user casually observes someone entering secret information without drawing attention to themselves
55
Perimeter defenses
industrial camo, barriers, security guards, sensors, security buffers, locks
56
Infrared (IR)
electronic device that can measure and detect IR in surrounding area
57
microwave sensor
high-frequency waves functions similarly to radar
58
ultrasonic sensors
measures how far away a target is located
59
Mantrap
buffer where a user has to show credentials to open the first door where their credentials can be checked before entering second
60
Medium Security buffer
reception area
61
low security buffer
waiting room
62
Faraday Cage
Physical means prevents entry or escape of EMI also comes in bags
63
Protected Distribution System (PDS)
Physical Means
Cables used for Classified Info
Two types
Hardend carrier: installed in a conduit that is constructed of special electrical metal tubing
Alarmed carrier: deployed with specialized optical fibers in conduit that can sense acoustic vibrations that will trigger an alarm
64
Cable Lock
inserted into security slot of portable device
65
Data classifations
Confidential
Private
Sensitive
Critical
Public
Restrictive
66
Regulated data
external stipulations are placed on regard who can see and use and in what context
67
Intellectual Property IP data
invention or work that is the result of creativity
68
Trade secret data
enterprise data that is undisclosed
69
Legal information
General factual information about law and legal process
70
Financial information
data about monetary transaction of the enterprise
71
Human-readable data
person can read and interpret
72
Non-human-readable data
data that a device can interpret
73
Data breach consequences
Reputation Damage
IP theft
FInes
74
Data state
First consideration when protecting data
75
Three thats in which data reside
processing
transit
rest
76
Geolocation
Another consideration in protection of data
77
Data sovereignty
country-specific requirements that apply to data (laws)
78
metadata
data used to describe the content or structure of the actual data
79
steganography
hides the existence of data
-dividing data and hiding in unused portions
80
cryptography
practice of transforming "scrambling" information so that its meaning cannot be understood by unauthorized parties
81
cryptography methods
transportation: each letter of the message is rearranged
substitution: one letter is substituted for another letter
82
encryption
changing the original text into a scrambled into a scrambled message
83
plaintext
unencrypted data that is input for encryption or is output of decryption
84
ciphertext
scrambled and unreadable output of encryption
85
cleartext
unencrypted data that is not intended to be encrypted
86
cipher
plaintext data is input into a cryptographic algorithm
87
key
mathematical value entered into the algorithm to produce ciphertext
reverse to decrypt
88
key factor of cryptography
one or more elements must be kept secret at all costs
-key for algorithm must always be kept secret
89
nonrepudiation
proves that a user performed an action
90
obfuscation
making something obscure or unclear
91
security through obscurity
approach in security where virtually any system can be made secure as long as outsiders are unaware of it or how it functions
92
one-time pad OTP
secure cryptographic algorithm that is hand-calculated
93
pad
a long sequence of random letters
94
stream cipher
takes one character and replaces with another
95
block cipher
manipulates an entire block of plaintext at one time
96
sponge function
takes an input of any length and returns a string of any requested variable length
97
hash algorithm
creates a unique digital fingerprint of a set of data and is commonly called hosting
98
secure hashing algortihms
Secure Hash Algorithm (SHA)
RipeMD
Whirlpool
99
Symmetric Cryptographic Algorithms
Use the same key to encrypt and decrypt also called private key cryptography
100
private key cryptography
key is kept private between the sender and receiver
101
Asymmetric Cryptographic algorithm
uses two mathematically related keys known as the public key and the private key
also known as public key cryptography
102
public key cryptography
available to everyone and freely distributed
only known to individual to whom it belongs
103
principles of asymmetric cryptographic algorithms
key pairs
public keys
private keys
both directions: work in both directions
104
RSA
asymmetric algo published 1977
105
elliptic curve cryptography ECC
Users share one elliptic curve and one point on the curve
106
Digital Signature Algorithm DSA
creates a digital signature to verify sender, prevent sender from disowning message, prove message integrity
107
Key Exchange
Diffie-Hellman (DH), Diffie-Hellmen Ephemeral (DHE), Elliptic Curve Diffie-Hellman (ECDH), Perfect forward secrecy
108
File and File systems Cyrptography
encryption software can be used to encrypt or decrypt files one-by-one (files-level encryption)
109
Full disk encryption FDE
protects all data on a hard drive
110
volume-level encryption
protects a volume, which is a section of a drive that is accessible by a user and has a file system associated with it
111
Database-level encryption
plug in method: attaching an encryption module onto the DBMS
Transparent Data Encryption TDE: executes encryption and decrption within the database engine itself
112
Hardware encryption
crpytography can be imbedded into hardware
113
self encrypting droves (SEDs)
drives that can protect all data written to them
114
hardware security model (HSM)
removeable external cryptographic device that includes an onboard key generator and key storage facility
115
trusted execution environment (TEE)
secure crytoprocessor that is internal to the computer itself
116
Trusted Platform Module (TPM)
an international standard for cryptoprocessors that provides crptographic services
117
bockchain
shared immutable ledger that facilitates the process of recording transactions and tracking assets
118
public blockchain
network that anyone can join and become a part of
119
private blockchain
operates in a closed network
120
federated blockchain
used when an organization need both public and private blockchain
121
Two most common attacks on cryptography
algorithm attacks and collision
122
downgrade attack
attacker forces system to abandon current higher security mode of operation and fall back to implementing an older and less secure mode
123
ciphertext attacks
statistical tools can be used to attempt to discover a pattern to reveal the plaintext or key
124
collision attack
attempt to find two input strings of a hash function that produce the same has result
125
birthday attack
50% chance that someone in a 253 room has the same birthday. birthday paradox
126
Digital Signature
Used to prove a document originated from a valid sender
127
Digital Certificate
technology used to associate a users identity to a public key that has been digitally signed
128
Certificate Authorities CA
tools for managing authorities
129
registration authority
responsible for verifying that the authenticity of the user
130
certificate signing request (CSR) generation
process where a user is transferred to an intermediate certificate authority where the request is processed and a digital certificate is issued
131
certificate repository (CR)
a publicly accessible centralized directory of digital certificate used to view certificates status
132
Certificate Revocation List (CRL)
a list of digital certs that have been revoked
133
Online Certificate Status Protocol (OCSP)
performs real-time look up of a certificates status
134
OCSP stapling
variation of OCSP where web servers send queries to the OCSP responder server at regular intervals to receive a signed time-stamped response
135
certificate chaining
process of verifying a digital certificate is genuine
136
root digital certificate
beginning of cert chainning
self -signed
137
user digital certificate
endpoint of chain
138
hardware and software digital certs
machine/computer digital certs
code signing digital certs
email digital certs
139
Public key infrastructure (PKI)
Framework for all entities involved in digital certificates
140
Trust
confidence in or reliance to person or entitiy
141
trust model
type of trust that can exist between individuals and entities
142
direct trust
trust model where one person knows the other person
143
third party trust
refers to a situation where two individuals trust each other because each person trust a third party
144
web of trust
model based on a direct trust where each user signs a digital cert then exchanges certs with all other users
145
hierarchial trust model
assigns a single hierachy with one master CA called root
146
distributed trust model
has multiple CAs that sign digital certs
147
bridge trust
One CA acts a facilitator to interconnect all other CAs
allows different models to be linkerd
148
Certificate policy (CP
published set of rules that govern operation of a PKI
149
Certificate Practice Statement
technical documents that describe in detail how the CA uses and manages certs
150
Like cycle of crt
creation
Suspension
revocation
Expiration
151
Procedures for how public keys are managed
escrow, expiration, renewal, revocation, recovery, suspension, destruction
152
Transport Layer Security (TLS)
replacement for secure sockets layer SSL and provides a higher degree of protection
153
cipher suite
authentication and message authentication code MAC algorithms that is used with TLS
154
IPSec
protocol suite for securing ip communications
155
HTTPS
port 443
156
Secure Shell SSH
encrypted alternative to telnet protocol to access remote computers
157
Secure/Multipurpose Internet Mail Extensions S/MIME
protocol for securing email messages
158
Secure Real-TIme Transport Protocol
secure extension protcting transmission using Real-Time Transport Protocol
159
Characterisitcs of Key strength
Randomness
Cryptoperiod-length which a key is authorized for a user
Length of key
160
block cipher mode operation
specifies how block ciphers should handle these blocks
161
Malware
describes software designed to interfere with a computers normal functions and can be used to commit an unwanted and harmful action
162
Classyfing types of malware based off primary action such as
kidnap, eavesdrop, masquarade, launch
163
ransomware
malicious software designed to extort money from victims in exchange for their endpoint t be restored to its normal working state
164
blocking ransomware
blocks the user from using their computer in a normal fashion
165
locking ransomware
encrypts some or all of the files on the device so that they cannot be opened
166
ransomware most serios malware threat due to
low barrier entry
pervasive attacks
high impact
167
two type of eavesdropping
keylogger
spyware
168
keylogger
silently capture and stores each keystroke that a user types on the computers keyboard
169
spyware
tracking software that is deployed without the consent or control of the user
170
trojan
executable program that masquarades as performing a benign activity but also does something malicious
171
remote access trojan RAT
basic functionality of a trojan but also gives the threat agent unauthorized remote access to the victims computer by using specially configured communication protocols
172
two types of viruses
file-based
fileless
173
file-based
malicious code that is attached to a file that reproduces itself on the same computer without any human intervervention
174
fileless virus
takes advantage of native services and processes that are part of the OS to avoid detection and carry out attack. code directly loaded in RAM
Advantages of fileless over filebased: easy to infect, extensive control, persistent, hard to detect, hard to defend
175
worm
malicious program that uses a computer network to replicate (sometimes called virus network)
176
bloatware
software that is installed on a device without a user requesting it
177
bot / zombie
malware allows the infected computer to be placed under remote control of an attacker for the purpose of launching attacks
178
botnet
hundreds/ thousands/ millions of bot computer in a logical network
179
bot herder
one who controls the botnet and bot computers. controls through command and control (C&C)
180
logic bomb
computer code that is typically added to a legitmate program but lies dormant and evades detection until a specific logical event triggers it
181
rootkit
malware that can its presence and the presence of other malware on the device
182
backdoor
gives access to a computer program or service that circumvents any normal security protections
183
buffer overflow attack
when a proccess attempts to store data in a RAM beyond the boundaries of a fixed length storage buffer
184
race condition
when two concurrent threads of execution access a shared resource simultaneously,
185
web-based attacks
attack directed at programs running on internet web services
186
directory traversal
result of webbased attack
187
cross site scripting XSS
attack of a website that accepts a user input without validating it and uses that input in a response can be exploited
188
SQL injection
inserts statements to manipulate the server
189
cross site request forgery CSRF
takes advantage of an authentication token that a website sends to a users web browser
190
server site request forgery SSRF
takes advantage of a trusting relationship between web servers
191
replay attacks
commonly used against digital identities
192
antivirus AV
software that examines a computerfor filebase virus infections and monitor computer activt\ity and scan new documents that might contain a virus
193
secure cookies
sent to a web server with an encrypted request over the secure https protocol
194
http response headers
headers that tell the browser how to behave while communicating with the website
195
end point detection and response (EDR)
cn aggregate data from multiple endpoint computers to a centralized database / sophisticated analytics
196
