Fortinet Cyber Security fundamentals
The steps in cyber threat intelligence
1. Identify the most critical cyberthreats 2. collect threat information 3. process the information 4. Analyze and look for indicators of compromise 5. disseminate the information 6. Implement the lessons learned
What are the levels of Cyber kill chain?
1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Installation 6. Command & control 7. Exfiltration
What is a attack vector?
A attack vector is a method used by a bad actor to illegally access or inhibit a network, system, or facility.
What is a bad actor in cybersecurity?
A bad actors is a person who try to steal, sabotage, or stop you from using computer systems or accessing information that you are authorized to use
What strategy does a Hacktivist uses?
A common strategy is to build a Botnet. A botnet is a network of computers that are infected with malware and controlled by a single party. which starts by setting up a command and control (C&C) server accessible via the internet. This server acts as the central coordination point for all infected computers, knterm-33own as botnet nodes. Hacktivist then create malware that, once installed on unsuspecting computers, connects these machines to the C&C server. The server then directs thousands of these compromised computers to send a flood of requests to a targeted server, overwhelming it with traffic and causing it to become unresponsive, effectively executing a Distributed Denial-of-Service (DDoS) attack.
What is a cybersecurity threat?
A cybersecurity threat is an action exploiting a vulnerability that results in harm to a network or computer system.
What method is used by an Explorer?
A method used by an Explorer is Phishing. Phishing is a way of tricking people to give up personal information. Example: A fake email from a bank asking you to click a link and verify your account details. Smishing- Text, Vishing- phone call, Spear phishing- direct email
What is Accounting in cybersecurity?
Accounting is the record keeping and tracing of agent activities on computer device and network.
What does ATP stands for in cyber security
Advanced persistent threats
Why is cybersecurity important?
All online communication/activity is at risk without cyber security.
What is Alternation in cybersecurity?
Alternation means the tempering of data cannot be prevented or the authenticity of the data cannot be determined.
What is an Explorer in cybersecurity?
An Explorer isn't that bad, they do not intend to inflict serious damage, but they might change a page on the website to embarrass someone or do something to show how clever they.
how to get past the DAD triad?
An effective security solution such as a network firewall, will help neutralize the DAD triad.
What is application security in cyber security?
Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification.
What is Authentication in cybersecurity?
Authentication is the process of controlling access to resources.
What is triple A in cyber security?
Authentication, Authorization, and accounting
What is Authorization in cybersecurity?
Authorization is the process of controlling access to resources
What is command and control in cybersecurity?
Command and Control is when the attacker establishes a means of communication with the compromised systems. This may involve setting up a command-and-control server or using other methods to communicate with the compromised systems remotely.
What are the 3 principles of information security?
Confidentiality, Integrity, and Availability. Which also means C.I.A in cybersecurity
What is critical infrastructure in cybersecurity?
Critical infrastructure cybersecurity refers to the programs, protocols, and technology used to protect the critical infrastructure of nation states.
What are the five categories of cyber security?
Critical infrastructure, application security, network security, internet of things security, and cloud security
What motivates a cyber criminal?
Cyber criminal wants money plain and simple that's their motivation.
What is cyber security?
Cyber security is the practice of protecting computer networks, devices, information from damage, loss or unauthorized access.
What do cyber security professionals do?
Cyber security professionals act to protect servers, endpoints, databases, and networks by finding security gaps and misconfigurations that create vulnerabilities.
What motivates a cyber warrior?
Cyber warrior is motivated by the national interest of their home country.
What is Integrity in cybersecurity?
Data is authentic, accurate, reliable, and free from tampering. The information must be protected from an unauthorized changed and if it is altered then you must be alerted to this fact.
What is Availability in cybersecurity?
Data is available to those who need it. Technologies, policies, and processes must be in placer to ensure reliable availability.
What is Confidentiality in cybersecurity?
Data is kept confidential and private. You need to know who is trying to access the information and whether or not they are authorized to access it.
What is delivery in cybersecurity?
Delivery is when the attack delivers the payload to the target this man involve sending a malicious attachment, or exploiting a vulnerability in a website to inject the payload into the targets system.
What is Denied in cybersecurity?
Denied means unauthorized agents are prevented from accessing data. Even legitimate and authorized can be denied.
Example of of an attack vector
Diego gets a email from a coworker, asking to review something, he saves to his hard drive and open it, The sender was not his coworker and the doc installed malware. The vulnerability is the user, the mechanism is the malware, and the pathway is the email
What is Disclosure in cybersecurity?
Disclosure means exposing confidential data to unauthorized parties.
What is the DAD triad in cybersecurity?
Disclosure, Alteration, and denied
What is a Hacktivist?
Hacktivist are groups of people who unite to carry out cyber attacks in support of political causes. They go after political and social orgs that they feel did something bad.
Understanding cyberattacks using attack framework would consist of
Identifying the situation, classifying problem, analyzing impact, and developing strategies
What motivates cyber terrorists?
Ideology
What does information security include?
Information security include the device, computer networks, and physical locations that store or transmit sensitive information. Information security> information security system> cybersecurity
What is information security?
Information security is the practice of protecting information. Preventing, detecting, and remediating attacks and threats to sensitive information, both digital and physical.
What is information system security?
Information system security is the protection of information systems against unauthorized access, modification, destruction, destruction, denial of access
What is installation in cybersecurity?
Installations is when the attacker establishes a foothold within the target's systems. This may involve installing a rootkit or other malicious software that allows the attacker to maintain access to the target's systems even if the initial payload is detected and removed.
What is internet of things security in cyber security?
Internet of things security is the process of securing these devices and ensuring they do not introduce threats into a network.
What malware in cyber security?
Malware is software that is designed to disrupt, damage, or gain unauthorized access to a computer system.
What is reconnaissance in cybersecurity?
Reconnaissance is when the attackers gathers information about the target and its vulnerabilities. this may involve using tools such as search engines, social media, and other open sources to gather intelligence about the target organization and its system.
What is Rootkit in cybersecurity?
Rootkit is a software used by bad actors to gain control over a target computer or network
What is social engineering in cyber security?
Social engineering is the act of using psychological manipulation to trick people into taking some action that is contrary to their best interests, such as disclosing confidential information. The ingredients of a successful social engineering attack usually involve gaining the trust of the victim and then compelling them to act.
What are the 4 cybersecurity threat categories?
Social engineering, malware, unauthorized access, system design failure
What unauthorized access in cyber security?
Unauthorized physical access could be a bad actor following an authorized person through a door after they have swiped their badge. This is known as tailgating. Unauthorized digital access could be a bad actor looking over someone's shoulder as they type their credentials.
Do cyber warriors have the resources to do what they do?
Yes they do because they have resources of a nation state at their disposal.
What is a distributed denial of service in cyber security?
a DDoS attack is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites.
What is cloud security in cyber security?
a collection of security measures designed to protect cloud-based infrastructure, applications, and data.
what are the threat intelligence three requisite characteristics?
relevant, actionable, and contextual
What is threat intelligence?
threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.
Why is triple A important in Cybersecurity?
triple A constitutes a security framework that controls resources, enforces policies, and audits usage. The security framework plus a major role in network management and cybersecurity by screening users and keeping track of their activities while they are connected.
threat intelligence: actionable
Threat intelligence must be actionable, meaning that the intelligence provides sufficient information for you to take steps to protect your organization. For example, if you learned that the bad actor group Dynamite Panda had just launched a new campaign of attacks against medical facilities, this alone does not provide you with enough information to act upon.
threat intelligence: relevant
Threat intelligence must be relevant to your organization. For example, if you receive information that there is a new computer virus that exploits a vulnerability in macOS, but your organization does not use Apple products, then this information is not relevant to your organization. While it would be relevant to an organization that uses Apple products, it does not qualify as threat intelligence for your organization.
What is threat landscape?
Threat landscape is the collection of threats in a given context or domain and includes information about perpetrators of the threats.
How do cyber terrorists aim to impact society?
By intimidating and destabilizing it through destruction
What is exfiltration in cybersecurity?
Exfiltration is when the attacker extracts the data or other assets that were the goal of the attack. This may involve copying sensitive data to a remote location or using the compromised systems to launch further attacks on other targets.
What is exploitation in cybersecurity?
Exploitation is when the attacker uses the payload to gain access to the target's systems or data. This may involve executing the payload to exploit a vulnerability in the target's software or operating system, or using the payload to gain access to the target's network.
What is network security in cyber security?
Network security is the protection of the underlying networking infrastructure from unauthorized access, misuse, or theft. It involves creating a secure infrastructure for devices, applications, users, and applications to work in a secure manner.
Do Cyber terrorist have the resources to do what they do?
No cyber terrorist do not have the resources to do what they do. They must beg, borrow, and steal technology to mount effective attacks.
What are some examples of online infrastructure targeted by cyber terrorists?
Nuclear power plants, natural gas pipelines, and electrical power grids
What is payload in cybersecurity?
Payload is a malicious code.
What is ransomware?
Ransomware is a type of malware that prevents you from accessing your computer information or systems until a ransom is paid.
What are the three attack vectors are typically used during the pre exploit stage
Spearphishing, phishing, and whale phishing
What system design failure in cyber security?
System design failure is a security flaw in a computer system or application that the bad actor exploits to gain access to a computer system. There are many examples of cyberattacks that fall into one or more of these categories.
What are the 3 components that comprise an attack vector?
The vulnerability, the mechanism or object that exploits the vulnerability, the pathway to the vulnerability.
What method do cyber warriors use?
Their method are vast and secret. Cyber warriors use zero day exploits, which are secret methods leveraging unpatched vulnerabilities in common systems to attack computers, giving vendors zero days to fix once exploited. They intensive research on these common operating systems and application, finding weakness, bugs, and other behaviors that they can use to attack computer systems. The weakness must remain a secret until they can be used because once the vendor know, the vendor will issue a patch immediately.
What method does cyber criminal uses?
Their method is phishing, theft of identities, or credit card fraud. Which they use or sell on the black market or ransomware.
What are the types of bad actors?
There are 5 different types of bad actors. Explorer, Hacktivist, Cyberterrorist, Cybercriminal, and Cyberwarrior.
why is what phishing a thing?
These individuals are targets because they have access privileges to servers and databases, which the bad actor wants access to.
What are cyber terrorist method of attacking?
They can deploy tactics such as DDOS to attack targets. Their favorite method is spear phishing once they identified a person with extensive network privileges, they target them with a carefully planned social engineering campaign.
What is weaponization in cybersecurity?
Weaponization is when the attackers creates a payload or exploit that can be delivered the target. This may involve Malware or other malicious code, such as a virus or trojan horse, and packaging it In a way that is difficult to detect. for example: Infected Microsoft word document that is intended to be delivered by way of a phishing email.
what is whale phishing in cybersecurity?
Whale phishing is a phishing attack aimed at a high-value target, such as a CEO or CFO of an organization.
