Level 5 Cyber
Best Practice Identification / Sharing (Agile Learning)
A method or technique that has shown to work better than others, and that is used as a benchmark. They can evolve to become better over time.
Define Secure Networks
A network designed to include measures that protect the confidentiality, integrity, and availability of data and resources.
Unfunded Requirements
A program need that is not included and funded in the annual program execution plan. If there is not enough funds for a program, requirements will begin to go unfunded based off of their importance in the program. Document specifications pertaining to UFR. Including cost, prioritization, last day a requirement can go unfunded, etc.
TEMPEST Program
A program used to identify vulnerabilities in information systems containing national security information that could lead to information compromise. TEMPEST also identifies countermeasures, that reduces the risk of information compromise and provides the appropriate level of protection against adversaries.
Nuclear Command, Control, and Communications Systems
A set of national level capabilities that must be assured, reliable, and resilient across the range of threat conditions, through all phases of nuclear (and, at times, non-nuclear) conflict.
Base / Unit Roles and Responsibilities
Base Training Managers (BTM)- Ensure programs are in place to manage upgrade, qualification, and ancillary training. Base Functional Manager- Senior leaders who provide day-to-day management responsibility over specific communities. Unit Commanders- Ensuring effective training programs are established and executed. UTMs and ADUTMs- Commander's key staff members responsible for overall management of the training program.
Battlefield Networks
Battlefield Networks (Kill Chain): Detect what is happening on the battlefield Process that data into actionable information Decides on a course of action Communicate decisions among forces Act on those decisions Assess the effectiveness of the actions taken
Network Monitoring
Protocol Analyzers- Devices that capture and analyze traffic between two systems. Network Scanners- Used to scan IP addresses, ports and device locations which provides network monitoring and management capabilities to detect, diagnose, and resolve network issues. Vulnerability Scanner- Automated tools can scan web applications for security vulnerabilities. Configuration Compliance Scanner- Carries out compliance audits, which decides if a system is configured in accordance with government policy or regulation.
LAN Technologies
Protocols and devices that enable the connection of devices within a local area network. Twisted Pair Cabling- The interior wires are twisted together a certain number of times to help resist interference. Category 5 Cables- Fast Ethernet, 100Mbps transmission speed. Category 5e Cables- Fast Ethernet, up to 1000Mbps transmission speed. Category 6 Cables- Supports up to 5Gbps transmission speed. Single Mode Fiber Cable- Smaller core size with a single pathway for light to travel. Multimode Fiber Cable- Larger core size with multiple pathways for light to travel. Console Cable- Has a DB9 connector and a USB end, used for configuration. Rollover Cable- The newer version of the console cable, has a DB9 connector and an ethernet end. A flat cable.
Ports, Protocols, and Services (PPS)
Protocols- Defines the set of rules that allows any given device to communicate with any other device. Like a language for unlike devices. Ports- Associated with a particular service or program, and allows for any given computer to send or receive many different types of traffic. Helps computers understand what to do with data.
Perform Basic Scripting
SCNC, Administrative Files, Admin Tools, PowerShell, Nagy, Client Ping All. SCNC, Administrative Files, Admin Tools, PowerShell, ETOOLS Restart All.
1D7XX and AFS-Specific Learning Programs (Training Resources)
Safety Risk Management Operational Procedures Software Hardware Local and Networked Solutions Cloud Computing
Sanitization (Input Validation)
Sanitization- The process of converting information from a format that may be harmful to one that is not harmful. Input Sanitization- Information is sanitized as it is being inputted, before the information is processed. Output Sanitization- Information is sanitized after it is processed, but before it is presented to users.
Communications Mediums
Satellite Communications- Higher costs, high latency, higher frequencies. Copper Communications- Easy to Install and maintain, limited bandwidth, often combined with fiber. Fiber Communications- High speed data communication, higher installation cost than copper. Wireless Communications- Cellular network, roaming communication, limited coverage and speed.
Space Systems
Space systems are vehicles and infrastructure working together to perform a task while in space. Space systems are used for every day communication, navigation and weather prediction services.
Critical Thinking (Agile Learning)
The ability to think clearly and rationally about what to do. Includes reflective and independent thinking. Someone with critical thinking skills is able to understand the logical connections between ideas.
Infectious and Malicious Software
Can cause pop-ups to appear in browsers or applications. Usually slows the performance of your computer. Losing permissions to files or folders. Running antimalware or antivirus software will remove the infectious and malicious software from your device. Backup critical files and create a snapshot of your system before attempting to remove the malware. Backups and restore points should be created before devices have been infected with malware.
Use Publications / Technical Orders When Performing Work
Follow the guidelines established in publications and TOs. Read instructions and understand them before performing actions.
MAJCOM Functional Management
Determine education and training activities for their specialties. Manage training programs for their specialties. Review CFETPs to ensure they meet mission requirements. Approve or disapprove contracts that provide equipment, training facilities, and instructors for training purposes.
Virtualization (Servers)
Hosts- The server or hardware component that a VM uses to function. Virtual Machines- A virtual representation of a physical computer. Acts as a computer, but the whole computer system is virtual. Made up of VM files and Live State. Hypervisors- A program that runs and manages VMs on a computer. The intermediary between a VM and the physical resources. Hypervisor Types: Type 1 (Bare Metal)- Installed directly on the physical server. Type 2 (Hosted)- Does not have direct access to hardware. It runs on top of a computer's OS. VM Necessary Resources: CPU, Memory, Network, Storage. Benefits of Virtualization: Efficiency- Instead of having individual servers for each workload, you can consolidate them onto a hypervisor and operate with the same workload, but not have to pay for all the servers. Maximize investments made in hardware without wasting money on resources that will not be utilized. Consolidation- Gives the ability to consolidate workloads. Mobility- Has the ability to move VMs between hosts. Can do maintenance without hindering work. Load balancing.
HTTP(S)
Hypertext Transfer Protocol Secure- Used to send secure data between a browser and a website. Uses SSL and TLS to encrypt data HTTP- Unsecure.
Job Data / Configuration Management Documentation {e.g. IMDS, Remedy, CIPS, IAO Express} (Automated Information Systems {AIS})
IMDS: When you open a job you will be given a unique Job Control Number (Event ID). Condition Codes: (From the perspective of the user). Green: Problem does nothing to affect the equipment's ability to support its mission. Amber: Problem only degrades the equipment's ability to support its mission. Red: Problem makes it impossible for the equipment to support its mission in any way. To gain access to IMDS fill out form 2875. Send filled out form to Database Manager (DBM). DBM will send Username and Temporary Password and potentially a Terminal ID. IMDS can be found at https://cdb1.csd.disa.mil Remedy: Use remedy to create tickets. Each ticket is an incident and comes with an incident ID. The customer and contact field must be filled out for each incident. Customer is the person requiring the work, and Contact is the person requesting the work. Using templates will help to ensure the proper information is provided. In the notes field document all required information for the incident, and communicate everything related to the problem. Each ticket is classified by priority. The more people the incident affect. the higher the priority. Work info tab is used to document any work performed on an incident.
IP Addressing Concepts
IP Addresses- A unique identifier assigned to each device on a computer network. IPv4- 32 bit, IPv6 128 bit. Numbers from 0-255 Class A- 1-126 Class B- 128-191 Class C- 192-223 Class D- 224-239 Class E- 240-255 Public IP Addresses need to be entirely unique. Private IP Addresses only need to be unique within its own network, but cannot be used on the internet.
Conditional Primitives
If Statements- If a condition is met, this function is performed. If Else Statements- If this condition is fulfilled, do this, or else, do this. Allows you to execute a sequence of code based on whether a set of given conditions are met or not. Conditional Operators- Evaluates the condition provided, and performs one of two outcomes depending on the condition it examines. Switch Statements- A switch statement is a selection statement that lets you transfer control to different statements within the switch body.
Ipconfig / Ifconfig (Command Line Network Utilities)
Ipconfig- Identify network configuration and display TCP/IP address information.
Joint, DOD, and Combined Units
Joint Information Operations Warfare Center (JIOWC) supports the Joint Chiefs of Staff in improving the ability of the United States Department of Defense to meet combatant command information-related requirements.
Network Security
Know the assets on your network. Implement methods to detect insider threats. Perform regular backups. Keep assets updated. Keep users educated on security awareness. Segregate and segment the network. SIEM. Honeypots and Honeynets. Physical security of network assets. Incident management process. Baseline everything. OS and application hardening. Only keep necessary assets on the network. Principle of least privileges. Avoid unsecure protocols. Implement security policy. MFA. Complex password requirements. Network monitoring.
Explain Qualification
Knowledge of cyber systems. Completed Cyber Fundamentals Course. Completed Job Specific Course. Security Plus Certification.
Network Types
LAN (Local Area Network)- Connects devices to allow for sharing of data and resources. Covers a small geographical area. Would be used in a single building to connect devices. MAN (Metropolitan Area Network)- Larger than LAN smaller than WAN. Covers a regional geographical area. Would connect networks within a city (hospitals, military bases). WAN (Wide Are Network)- Covers a large geographical area. Within a country or globally. Supports high speeds, but not nearly as fast as LAN.
Define Non-Secure Networks
Networks that you can connect to without any kind of password or authorization. They lack cybersecurity measures to prevent hackers and secure information.
Backup and Restore Device Documentation
Onsite- Data back ups that are stored at your location. Offsite- Data backups that are stored somewhere outside your location. Full Backups- Complete copy of data. Differential Backups- Does a full back up, then only stores data that is new since the last full backup. Incremental Backups- Does a full back up, then only stores data that is new either since the last full back up, or the last incremental backup. Blended- A combination of any of the backup types. Cloud- Online storage and recovery of files.
Cyber Tasking Order (CTO)
Operational type orders issued to perform specific actions at specific time frames in support of AF and Joint requirements published daily by 616 OC.
Principles of Project Management
Project Management- Process of guiding a project from its beginning through its performance and closure. Initiate- Define the project and set expectations Plan- Create, and plan with scheduled task resources and budgets Execute- Start implementing the plan Monitoring- Make sure the execution is in line with the project plan Closing- Reach the project goals and compile all the documents and reports.
Communications Security (COMSEC)
Protect the authenticity of telecommunications within the U.S. government, and to prevent unauthorized access to information pertaining to national security. Cryptographic security- Encrypts data. Emission Security- Prevents electrical or electromagnetic emanations from hardware, to defend against interception. Physical Security- Protects equipment, facilities and other infrastructure. Transmission Security- Prevents the interception or disruption of any transmissions.
Perform Basic Scripting (Server)
Windows PowerShell- Using the GUI you can generate Windows PowerShell commands that run in the background to perform the action you chose. Windows PowerShell is not a scripting language, but instead a shell where you can run commands. You can use the command get-command to look at a list of all the commands PowerShell has to offer. You can also add a word in two asterisks, * log * to narrow it down to commands that use that word. You can type in get-help followed by the name of a command to learn more about a command. You can also use Windows PowerShell ISE and it will open up an Integrated Scripting Environment where you can write code and run it as a script.
Wireless Networking (WLAN)
Wireless connectivity for devices. Uses high frequency radio waves. Allows user movement while staying on a network. Uses access points to provide connection to the network.
Air Force Network Operations (AFNetOps)
To provide effective, efficient, secure, and reliable information network services used in critical DOD and Air Force missions.
Troubleshooting Methodology
Top-Down- Layers of the OSI model. Bottom-Up- Layers of the OSI model. Divide and Conquer- When looking at a gigantic problem, move from one problem to the next. Follow the Traffic Path- Follow network traffic to see where it actually stops. Spot the Difference- Knowing what a correct configuration looks like so you can find what is wrong. Replace Components- Make sure no elements are missing.
Tracert / Traceroute (Command Line Network Utilities)
Tracert- Trace route. A command that shows several details about the path a packet takes. Routing diagnostics and testing tool.
Air Force Force Generation {AFFORGEN} (Joint Task Force {JTF} Organizational Structure)
A 24 month cycle divided into 6 month phases. Units train as a whole and deploy as a whole within this cycle. Prepare Phase- Training. Ready Phase- Participate in exercises that prepare them for the fight. Available To Commit Phase- Deploy as a team that is prepared by training and exercises. Reset Phase- Return home and take the necessary time to recover.
LAN Architecture
A Local Area Network- Limited to a small geographical area (a building). Client-Server LAN- One server with multiple client connected. Clients can only communicate within the server. P2P LAN- No centralized server, all connected devices can communicate with each other. Standard LAN technologies are Ethernet, and Power over Ethernet.
Active Directory Concepts
A centralized network directory containing users, groups, computer accounts, app settings, group policy, etc. A place where all of that can be centrally managed.
Agile Combat Employment {ACE} (Joint Task Force {JTF} Organizational Structure)
ACE shifts operations from centralized physical infrastructures to a network of smaller, dispersed locations that can complicate adversary planning and provide more options for joint force commanders. Consists of five elements: Posture- The starting position from which subsequent actions take place. C2 (Command and Control)- Airmen should be able to translate C2 information into action with sufficient speed and scale, regardless of the operational environment. Movement and Maneuver- Movement of forces. Redistributing forces to multiple operating locations or redistributing forces within an established air base. Protection- A combination of active and passive defenses are necessary to counter threats. Sustainment- Infrastructure innovation, operationalized war reserve materiel, and prepositioned equipment.
Financial Management
Accounting- The process that explains how money is spent. Financial transactions that have already happened. Budgeting- The process of predicting and controlling income and expenses. Charging- The process of billing a customer for a good or service. Income Statement- Compares revenue, expenses, and profits over a period of time. Balance Sheet- Summarizes a businesses' financial position at one point in time. Cash Flow- Shows how money is flowing into and out of a business over a period of time.
Services Concepts
Active Directory Services- Core functions in active directory that manage users and computers. File and Storage Services- Technologies that help you set up and manage one or more file servers. Print and Document Services- Enables you to centralize print server and network printer tasks. Remote Desktop Services- Allows users to initiate and control an interactive session on a remote computer. Web Server Services (IIS)- Serve clients requested HTML web pages, or files. Windows Server Update Services- Helps distribute updates, fixes, and other types of releases available from Microsoft Update.
Data Manipulation
Adjusting data to make it organized or easier to read. Putting data in easy to read formats such as tables or charts. Receiving or importing data into storage. Formatting data into something your machine can use. Removing errors in the dataset. Inserting data into the dataset. Modifying data in the dataset. Email (Sub inboxes) Machine Learning: Supervised Learning- Using labeled data to train an algorithm. The computer compares its results to predetermined correct answers and tunes its algorithm to get as close as possible to those answers. Unsupervised Learning- Using unlabeled data to find patterns and group data. Semi-Supervised- Using a small amount of labeled data and a large amount of unlabeled data. Reinforcement Learning- Uses trial and error to arrive at a correct result.
Management Policies (Work Center)
Air Force Education Requirements Board (AFERB)—Provides policy guidance and resource management, develops implementation priorities, and approves resources. Career Field Manager (CFM)— Serves as the primary advocate for the career field. Responsible for the career field policy and guidance. Experienced Managers— Managers for one or more years and have completed the Manager's Supervisory Course. Functional Manager—Senior leaders who provide day-to-day management responsibility over specific communities.
Install (Client Software)
All software must be approved before it can be installed on a government device. USLM will grant approval. Software Center has a collection of pre-approved software you can download on your device. Have to be an admin to install most software.
Publications
All unclassified DISA Publications are available electronically and can be downloaded. Classified DISA Publications are available through the DISA Correspondence and Publications Office (CPO). Publicly released issuances would be Circulars, and Instructions.
Airborne Networks
An Airborne Network is designed to utilize all airborne assets to connect with space and ground networks building a communications platform across all domains (Groups of interconnected devices.) A transportable network, flexible enough to communicate with any air, space, or ground asset in the area.
Change Management (Agile Learning)
Any approach to transitioning individuals, teams, and organizations based on what needs to change. Re-direct the use of resources, processes, budget, etc. to significantly reshape an organization. Organizational Change Management considers the full organization and what needs to change.
Authentication, Authorization, and Accounting (AAA)
Authentication- Determining whether something is true, genuine, or valid. Authorization- Determines what you are allowed to do, what you have access to, where you're allowed to go, etc. Accounting- Accountability, monitoring resources and user activities, and logging it.
Mobile Device Operating System
Comes pre-installed on mobile devices. Mobile OS Examples: Windows iOS Android
Progression within AFSC
Complete tasks to achieve 5,7, and 9 level. Be knowledgeable when it comes to your job and use that knowledge to fulfil duties. Be active when it comes to promotions.
Confidentiality, Integrity, and Availability (CIA)
Confidentiality- Keeping data private. Integrity- Information remains untampered with and unchanged in transit. Availability- When and where is data available.
Rules of Engagement (ROE)
Constrains the actions of forces to ensure their actions are consistent with domestic and international law, national policy, and objectives
Specialized Tools
Crimpers- Multi-purpose tool that can strip, align, and cut cables. Mostly used to attach connectors to cables. Cable Stripper- Strips the jacket of a cable to expose the wire. Multimeter- A tool used to measure volts, amps, and resistance. Tests electrical currents to make sure it's running at the correct values. Tone Generator- Sends a tone from one end of a cable to help locate the other end. Probe- Used with the tone generator to trace the tone through the cable. Cable Tester- Verifies that the cable was set up correctly, was crimped properly, and has proper communication. Loopback Plug- A device used to test ports. Punch Down Tool- Used to connect network cables to patch panels, punch down blocks, keystone modules, and surface mount blocks. Wi-Fi Analyzer- Used to discover problems and optimize performance of Wi-Fi.
Explain Fundamentals of Operations
Defensive Cyber Operations- Detect, analyze, and mitigate security incidents. Learn from previous incidents to implement new procedures. Offensive Cyber Operations- Acting as a real attacker to help an organization improve security. Genuine attacks are only to be directed at military targets.
Dynamic Host Configuration Protocol Concepts
DHCP- A protocol that automatically assigns IP configuration on clients. IP Configuration- Subnet mask, default gateway, DNS servers. Discover- Client asks for available DHCP servers. Offer- Servers respond with an offer for an available address. Request- Client requests one of the offers to use an address. Acknowledgement- The server acknowledges the client's request, and the lease duration begins. DHCP Reservations- Permanent IP address assignments, based on the devices' MAC address.
Domain Name System Concepts
DNS- A database containing the public IP addresses associated with the names of websites on the internet. Translates domain names to IP addresses. Forward DNS Lookups- You supply the name and the IP address is searched up for you. Reverse DNS Lookups- You use the IP address to find the name. DNS Resolver- The client that is asking for the resolution. Local DNS- Will search for the address of the website you provided. Then caches the address for future uses.
Effects on Adversary Decision Makers (Cyber Enclave)
Denying, degrading, disrupting, destroying, and altering the adversary's ability to use cyberspace.
Force Development / Management
Develops foundational and occupational competencies in all Airmen through education, training, and experience opportunities to satisfy mission requirements. Continuum of Learning- A career-long process of individual development. Each State, Territory, and District must have a force development process and a career management process to evaluate and mentor Airmen assigned to their state. The force development program consists of: Centralized Management- Has a centralized body, called the Force Development Council, that identifies education or assignment vectors for Airmen utilizing structured criteria such as career gates, prior education/assignments, and developmental potential. Competency Development- Assesses each member's potential and create a plan to promote and develop competencies to make the member an effective Air National Guard member. Individual Communication- Direct communication between the supervisor/commander and the Airman regarding the member's goals.
Common Cyber Training Sources (Training Resources)
Digital U Percipio 81st TRSS Q-Flight MyTraining
Air Force Units
Each unit is dedicated to fulfilling their mission. Flight- Small unit of Airmen. Squadron- Consists of two or more flights. Commanded by a field grade officer. Group- Consists of two or more squadrons that support a similar function. Commanded by a Colonel. Wing- Consists of two or more groups working towards an objective. Commanded by a Colonel, or Brigadier General.
Concepts of Aerospace Expeditionary Force (AEF) Employment (Joint Task Force {JTF} Organizational Structure)
Effective communication is the key to any command and control situation. Communications and information (C&I) Personnel- For the expeditionary Air Force, our C&I forces are organized, trained, and equipped across the entire career field to supply C&I capabilities when and where needed.
Locate Applicable Publications
Electronic Unclassified information can be found on the Warehouse Management System. Physical copies of publications can be ordered from the Air Force Order Portal.
Work Center Safety Program Management
Employees should be made aware of the potential hazards in their work area and be informed of proper procedures and PPE that should be used. Jewelry should not be worn, unless otherwise stated. Supervisors should be managing potential hazards in the work area and make sure that employees are aware of them and know how to combat them. Areas should be kept clean, the required warning signs should be displayed, and employees should have access to any information they need pertaining to hazards, as well as safety training to prepare them for potential hazards. Receiving and Loading Docks should have fall protection and proper markings of physical hazards.
End User Devices / Components
End-User Devices- Devices that have the ability to connect to a network. Desktop Computers Laptops Tablets Smartphones
Cable Types and Handling
Ethernet Cables- Connect devices to a local network and provide internet connection. Fiber Cables- Transmits data using pulses of light. Has a plastic or glass core that the light passes through. Coaxial Cables- Has an inner conductor surrounded by an insulating layer. Commonly used by cable companies, or as patch cables between devices. Video Cables- (VGA) Analogue signal, uses electrical impulses to represent colors, and transfer video signals. (DVI) Transfers digital visual signals from a device to a display device. (Displayport) Breaks data down into packets and transmits them. (HDMI) Digital video and audio interface, replaces analogue signal. Lightning Cables- Apple product cable. Used to connect apple products, or charge apple devices. Thunderbolt Cables- Developed by Intel and Apple and can be used to transmit data and power. USB Cables- Used to share data between devices, with some having charging capabilities. Peripheral Cables- Transfers data between devices. Serial data transmission transfers data one bit at a time to ensure data arrives in order. Mouse, Keyboard, External Modem, External Storage, UPSs. Hard Drive Cables- Used for storage devices, connects directly to your motherboard.
Air Force and Cyber Inspections
External Inspections Include: Non-Air Force Inspections- Conduct inspections on behalf of other governmental agencies, combatant commands, or special committees. Statutory Inspections- Inspections conducted on behalf of an organization within the Air Force or Space Force who has specific legal or statutory authorization. Certification/Accreditation/Technical Survey- Technical surveys where facilities and equipment are measured or checked No-notice and Minimum-notice Inspections- Inspections that happen spontaneously, or with little heads up. Performance-based Evaluations- Randomly select individuals/teams for executing performance-based evaluations. Inspection Reports- IGs will submit an appropriately classified executive message providing a summary of the inspection activity and any pertinent details.
Characteristics of Personal and Equipment Protection
Foot protection, hearing protection, eye protection, hand protection, respiratory protection, head protection, etc. Grounding- Earth electrode subsystem, fault protection subsystem, lightning protection subsystem, signal reference subsystem. (Directs excess electricity to the ground). Lightning Rods- Intended to take the strike of lightning in place of the structure it's placed on. Directs the excess energy to the ground. Bonding- prevents development of electrical potentials between individual metal surfaces. Shielding- protect the equipment from the effects of interference by electrical and electronic devices.
Concepts of FMA / OCO / DCO /DoDIN Ops
Functional Mission Analysis- Identifies how IT devices are interconnected and what their mission impacts are. Offensive Cyberspace Operations- Missions intended to project power in and through cyberspace. (Attack) Defensive Cyberspace Operations- Missions to preserve cyberspace capabilities and protect data, networks, devices, and other designated systems by defeating malicious cyberspace activity. (Defend) DOD Information Network Operations- Operations to secure, operate, and maintain DOD cyberspace to create and preserve the CIA triad of the DODIN.
Funded Requirements
Funding Types: Military Construction (MILCON)- Covers land acquisition. Acquiring and constructing facilities. Adding to, expanding, converting, altering, or replacing existing facilities. Relocating facilities. Planning and design. Construction overhead, supervision, and inspection. Equipment installed in and made a part of real property structures and improvements. Demolition required to enable construction. Operation and Maintenance (O&M)- Expenses include DoD civilian salaries, supplies and materials, maintenance of equipment, certain equipment items, real property maintenance, rental of equipment and facilities, food, clothing, and fuel. Military Personnel (MILPERS)- Military member salaries and benefits. Research, Development, Test and Evaluation (RDT&E)- Covers the equipment, material or computer application software developed with RDT&E funds. Development Test and Evaluation (DT&E). Operational Test and Evaluation (OT&E). Research and Development (R&D). Installations and activities (finances the operation of certain government research and development (R&D). Installations and activities engaged in the conduct of R&D programs, for example, laboratories and test ranges. Funding Process: Planning- This process results in fiscally constrained guidance and priorities for program development. Programming- Describes proposed programs, and explains any funding issues with current programs. Budgeting- Proposed budgets are submitted to congress then approved or denied. Execution- Occurs at the same time as program and budget reviews. It provides feedback to senior leadership on the effectiveness of resource allocation.
Purpose (Operationalized Knowledge Management)
Goal is to Facilitate shared understanding, and faster, more effective decision-making and execution. Manages what the commander needs to know. Getting the right knowledge to the right person at the right time for the right effect Establishing and maintaining effective, repeatable staff processes, improving knowledge flow within the unit, and executing the mission.
Cross Site Scripting (Input Validation)
Malicious code is injected through a URL, a web form that's not properly validated, or a malicious ad. Common attacks include, defacing a website, hijacking sessions or web browsers, and redirecting users to other sites. Document Object Model (DOM) XSS attack- A client web browser type of attack. Reflected XXS attack (non-persistent)- Not being stored on the web server. A malicious script is reflected off of a vulnerable web app back to the victim's browser. Stored XXS attack (persistent)- Stored on a web server. The code is being injected as part of a URL.
Code Injection (Input Validation)
Malicious input is accepted by a web application. The application does not properly validate or sanitize the input. Can attack client side, or server side.
Software Management Policies
Manage risks associated with software. No software should be installed on devices if not approved. Software Center has a collection of pre-approved software you can download on your device. ISSO- Approves software.
Base Functional Management
Manages system analysis and design, programming, systems operation, maintenance, resource management, and security management. Also directs activities for installing, maintaining, repairing, deploying, and modifying cyberspace systems and equipment platforms. (Voice, data, video client devices, network infrastructure systems, radio, satellite, intrusion detection, space systems, telemetry, microwave, and cryptographic.) Establishes training requirements and training programs to meet local knowledge and certification requirements.
Topologies Fundamentals
Mirrored- Time critical workload is mirrored, so in the event of disruption, it can continue to serve end users. Meshed- Each cloud platform has certain workloads, and they communicate with each other. Gated Egress- The private computing environment is divided into two segments. Application VLAN, and DMZ VLAN. Handover- Transforms private computing environment into cloud environment.
Cyber Operations Roles and Responsibilities
Monitoring for cyber security purposes. Implementing preventative controls. Implementing detective controls. Implement response measures. Assess network devices for vulnerabilities. Maintain government devices. Provide cyber related support to Air and Joint Forces.
Incident Response (Firewalls)
NIST 800-61 Rev 2- Government guidance on how you should set up an incident response plan. Four phases: Preparation- Personnel are assigned to different positions in your incident response team. They defend and prevent incidents. Detection and Analysis- Logging and intrusion detection system. Containment, Eradication, and Recovery- Prevent further damage, removing the issues from the organization, and getting things up and running again. Post-incident activities- Documentation.
Netstat (Command Line Network Utilities)
Netstat- Network status. Used to display and check network connections. See status of routing tables. See protocol and port status.
SSL / TLS
Network security protocols. Secure Sockets Layer- Secure connectivity to applications such as websites. Transport Layer Security- Secure connectivity to applications such as websites. Replaced SSL. Both protocols require PKI certificates.
Operating System (OS)
OS- The link between a user's hardware and software. Performs all the basic tasks like file management, memory management, process management, handling input and output, and controlling peripheral devices such as disk drives and printers. OS Examples: Windows Linux Mac OS UNIX Each OS operates differently. Some are more user friendly than others.
Safety
OSHA and DAF guidance. The US Air Force Mishap Prevention Program, individuals or functions that help commanders manage their safety and health program. Air Force Occupational Safety and Health (AFOSH) publications/standards. Job Hazard Analysis, identify hazards and create proper training, precautions, and preventative measures. Use PPE.
Compare OSI / TCP / IP Models
OSI Model has 7 layers. TCP/IP Model has 5 layers. In the TCP/IP Model the application, presentation, and session layers of the OSI Model get combined into one layer called the application layer. The OSI Model is referenced a lot, but the TCP/IP Model is what is actually applied in the real world.
Negligent Discharge of Classified Information (NDCI)
Occurs when a higher classification level of data is placed on a lower classification level system/device. If an individual in the organization discovers the event, initial notification should be to the organization's security assistant or Wing Information Protection office.
Networks Layers
Physical Layer- Hardware. Transforms data from bits into signals, which are then sent over the network. Data Link Layer- Adds a physical address to the data being transmitted. Frames data. Error control. Establishes and terminates links between nodes. MAC address. Network Layer- Packet addressing, address conversion. IP address. Routing. Transport Layer- End to end message delivery and error checking. Adds a port value to packets. Data transport services. Session Layer- Manages the transfer of data, decides who can transfer data and for how long. Presentation Layer- Translates data into a format the application can understand. Converts the characters that we use into binary. Application Layer- Collection of protocols that applications need to function. Allows users to interact with applications.
Ping (Command Line Network Utilities)
Ping- Packet internet groper. Mostly used to check connectivity between two hosts.
Information Protection (IP) Operations
Policies, security framework, and strategic plans for the management of controlled unclassified information (CUI), and the industrial, information, and personnel security programs. Commanders/directors will ensure all assigned personnel are educated on their roles and requirements in support of security policies, processes, and procedures, and complete all mandatory security training. Chief information officer
Iterative Primitives
Process of repeating a sequence of instructions (loop) until a specific end result is achieved. Count-Controlled Loops- Executed using FOR statements, FOR is the starting point and range is the number of times the process is repeated (iterations). (Foreach statements) Condition-Controlled Loops- Executed using WHILE statements, while is where the iteration starts, and it continuously happens until a certain condition is met. (Do while statements) Recursion- You cause something to call itself. It can then run itself over and over again.
Processes Concepts
Processes- Provides the resources needed to execute a program. Instructions for CPU to do stuff. Processes Are Made Of: Virtual address space Executable code Open handles to system objects A security context A unique process identifier Environment variables A priority class Minimum and maximum working set sizes At least one thread of execution Threads- Instructions given to the CPU. (CPUs and Processors)
Server Types
Proxy Server- Sits between a client program and an external server to filter requests. Mail Server- Move and store mail. Web Server- Processes network requests via HTTP, HTTPS, and sends files which displays a webpage. Application Server- A server that hosts application or software. Real-Time Communication Server- Basically a server for sending messages. Users can exchange information quickly. FTP Server- Move files between computers. Collaboration Server- Allows users to collaborate and work together in a virtual atmosphere. List Server- A way to manage mailing lists. (Like emails you're subscribed to) Telnet Server- Allows users to remote into other computers. Open Source Server- Commercial-grade server that can host multiple websites and provide directories for static and dynamic web content. Virtual Server- A partitioned space within a physical server that acts as its own physical server. Server Platforms- The underlying hardware or software for a system that acts as the engine that drives the server.
Unit Self Assessment Program
Reporting the status of compliance with directives, and using that information to determine whether they can comply or if they should accept risk in coordination with the tiered waiver authority assigned. Develop an assessment plan approved by the commander. Develop and provides guidance for personnel to support the USAP. Notify the commander of non-compliance requiring external assistance. Conduct assessments and brief results to the unit commander. Document self-identified, non-compliant observations with corrective action plans.
Trainee Responsibilities
Responsible for making every effort to become qualified to perform in their DAF Specialty. Actively participate in all opportunities for upgrade and qualification training. Comprehend the applicable CFETP requirements and career path. Budget on and off-duty time to complete assigned training tasks. Request assistance from the supervisor, trainer, and UTM when having difficulty with any part of training.
Routing Fundamentals
Routing Tables- A list of many routes to the packets destination. Packets stop at every router to ask for directions. Hop- Occurs when a packet passes through a router. There is a hop limit that a packet can have before it is discarded.
Secure FTP Versions
Secure File Transfer Protocol- FTP over SSH. Provides security for file transfers over the internet. Shields data during transfer, encrypts communication. Uses TCP port 22. Is not the same as FTPS.
SSH
Secure Shell- Secure remote connectivity protocol. Gives users a secure interface of another system that can be used to execute scripts, invoke processes, transfer files, execute remote commands, or perform standard network management. Basically everything you could control from your own computer can be controlled remotely on another computer. Operates over TCP port 22.
Career Field Functional Management
Serves as the advocate for the people and area they manage. Helps implement career field policies. Provide oversight of career field education and training. Coordinate force structure changes. Develop and maintain career planning guidance.
OSI Model
Seven layer model. Upper three layers are the Application layers (These layers deal with the user interface, formatting data, and access to applications). Lower four layers are the Data Transport layers (These layers define how data travels the physical media, through Internetwork devices, to the destination computer, and to the application on the destination machine). Application- Protocols which programs(apps) rely on to function (SMTP, POP3). Presentation- Uses conversion functions to ensure that info sent by one system is readable by another system. Session- Establishes, manages, and terminates communication sessions (service requests and service responses). Transport- Flow control (not sending more data than a device can handle), multiplexing (multiple data transmissions on a single link), and error checking (using mechanisms to detect errors during transmission of data) are all data transport services. Network- Routing functions. IP addresses. (Layer 3) Data Link- Switches and bridges. Passes all necessary elements onto the physical layer. (Layer 2) Physical- Transports data using electrical, mechanical or procedural interfaces. Hubs and network cabling.
SNMP
Simple Network Management Protocol- Application layer protocol that manages and monitors network devices. SNMPv3- Current version of SNMP. Has security enhancements such as protecting packets during transit through authentication, and encrypting SNMP messages. Uses ports 161 and 162.
Concepts (Firewall)
Stateless- Simple packet filtering. Stateful- Packet filtering, as well as remembering packets from the same source. Application- Protect specific application. A firewall should be placed on the perimeter of your network. A demilitarized zone would be an area between two firewalls, one on the perimeter and one before the internal network. Firewalls on routers. Firewalls on workstations.
SQL Injection (Input Validation)
Structured Query Language Injection- Injecting SQL commands in place of inputs. SQL commands designed to accomplish a specific goal other than what the web developer intended.
Transport Layer Security
TLS encrypts data being transferred. TLS authenticates the identity of the client and the server the data is being sent to. TLS ensures the integrity of the data while in transfer, so no data is lost or tampered with. Uses a TLS handshake to establish secure connections.
Technical Orders (TO)
TOs provides clear and concise instructions for the safe and effective operation and maintenance of centrally-acquired and managed Air Force military systems and end items. (Operators manual) Time Compliance TOs (TCTOs) are the method of directing and providing instructions for modifying military systems and end items or performing one-time inspections. (Directions for like an upgrade, or modification of a military system. Like a one time TO)
Data Validation (Input Validation)
The process of ensuring the accuracy and quality of data before use.
Knowledge Capture (Agile Learning)
The process of gathering, collecting, and organizing an organization's knowledge so that it can be stored, shared, and reused. It is the act of taking knowledge in our heads and making it available for others.
Lessons Learned (Agile Learning)
The process of identifying lessons learned, documenting lessons learned, archive lessons learned, distribute documentation to appropriate personnel, identify actions that will be taken in the future based on lessons learned, and follow-up to ensure that appropriate actions were taken.
Risk Management
The process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.
Acceptable Use / Behavior for Information Technology (Cyber Hygiene)
This is a part of the organization's security policy. Users need to acknowledge this and be trained on this. Might use logon banners for agreements and reminders of AUB. Requires that users only use IT devices for official use, or suffer the consequences.
Risk, Threats, and Vulnerabilities (Cyber Security)
Threats (first part of risk)- Natural disasters, corporate espionage, disgruntled employees, hackers. Vulnerabilities (second part of risk)- Misconfigurations, SQL flaws, Cross-site scripting flaws, Unpatched systems. Risks (result of threats and vulnerabilities)- Financial losses, loss of privacy, reputation damage, legal implications, loss of life.
Supervisor / Trainer Roles and Responsibilities
Trainers: Manage the upgrade training program. Conduct unit in and out-processing of TDY, permanent change of station, and/or permanent change of assignment personnel. Manage applicable training systems to ensure information is accurate. Provide administrative support and guidance to unit for 5- and 7-level school programs. Supervisors: Will use current CFETP and supplemental publications to manage work center and individual training. Develop one work center master task list (MTL) that ensures completion of all duty position requirements. Integrate training with day-to-day work center operations. Maintain approved training records for E1 through E6 or personnel in combat ready duty positions. Schedule and conduct supervised training sessions when a trainee has difficulty with upgrade training. Appoint trainers and certifiers.
Encoding (Transport Security)
Uses sets of zeros and ones to convert any commercially viable language into code a computer can read and transport.
VLAN Fundamentals
Virtual Local Area Networks- A group of devices in the same broadcast domain that are separated logically instead of physically. Breaks a large broadcast domain into smaller broadcast domains. Defines ports on a switch that can share broadcast messages.
Network Devices
VoIP Phones- Connected directly to the network. Multifunction Device- Allows wireless devices to connect to a wire-based network. Also acts like a switch, and a router. Lightweight Access Point- Allows wireless devices to connect to a network, but it's managed by a centralized device, called a wireless LAN controller. Network Switch- Designed to have high speed access to the entire LAN. Has the ability to shut of ports and configure devices. Router- Gets devices access to the internet. WAN communications. Firewall- Adds a layer of security to your network. Blocks external connections.
