Cybersecurity COURSE 3
IPSec
A VPN protocol that may be used to set up VPNs. Most VPN providers use this to encrypt and authenticate data packets in order to establish secure and encrypted connections.
Software as a Service (SaaS)
A category of CSP that refers to software suites operated by a CSP that a company can USE remotely without HOSTING the software.
Infrastructure as a Service (IaaS)
A category of CSP that refers to the use of virtual computer components offered by the CSP. These include virtual containers and storage that are configured remotely through the CSP's API or web console.
DoS attacks
A class of attacks, where the attacker prevents the compromised system from performing legitimate activity or responding to legitimate traffic, is called
Stateful
A class of firewall that keeps track of information passing through it and PROACTIVELY FILTERS out threats.
Stateless
A class of firewall that operates based on PREDEFINED RULES and that does NOT KEEP TRACK of information from data packets.
tcpdump
A command-line protocol analyzer. Administrators use it to capture packets. Popular, lightweight-meaning, uses little memory, and has a low CPU usage. It's text-based, so it's executed in a terminal, and is compatible with Linux/Unix and macOS.
Cloud Service Provider (CSP)
A company that provides cloud computing services. They use large data centers that typically house millions of servers.
Baseline configuration (baseline image)
A documented set of specifications within a system that is used as a basis for future builds, releases, and updates.
World-writable file
A file that can be altered by anyone in the world
port filtering
A firewall function that blocks or allows certain port numbers to limit unwanted communication.
TCP/IP Model
A framework used to visualize how data is organized and transmitted across a network.
reCAPTCHA
A free CAPTCHA service from Google that helps protect websites from bots and malicious software.
WireGuard
A high-speed VPN protocol, with advanced encryption, to protect users when they are accessing the internet.
CIDR (Classless Inter Domain Routing)
A method of assigning subnet masks to IP addresses in order to create a subnet.
IP spoofing
A network attack performed when an attacker changes the source IP of a data packet to IMPERSONATE an authorized system and gain access to a network.
Smurf Attack
A network attack that is performed when an attacker sniffs an authorized user's IP address and floods it with packets.
Hypertext Transfer Protocol Secure (HTTPS)
A network protocol that provides a secure method of communication between clients and servers (Hint: first characters of every secured URL).
Domain Name System (DNS)
A network protocol that translates internet domain names into IP addresses.
Address Resolution Protocol (ARP)
A network protocol used to determine the MAC address of the next router or device on the path.
Virtual Private Network (VPN)
A network security service that CHANGES your public IP address and masks your virtual location — so that you can keep your data — PRIVATE when you are using a public network like the internet. (YouTubers are frequently sponsored by one of these.)
Encapsulation
A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets.
Multi-factor authentication (MFA)
A security measure that requires a user to verify their identity in two or more ways to access a system or network.
proxy server
A server that fulfills the requests of its clients by FORWARDING them to other servers.
Network Protocols
A set of rules used by two or more devices on a network to describe the order of delivery and structure of the data.
Wi-Fi (Wireless Fidelity)
A set of standards that define communication for wireless LANs.
IP (Internet Protocol)
A set of standards used for routing and addressing data packets as they travel between devices on a network. An __ address is the unique identification — a string of characters — of an electronic device (viz computers and phones) and signifies its location on the Internet.
Pen test
A simulated attack that helps identify vulnerabilities.
Patch update
A software and operating system update that addresses security vulnerabilities within a program or product.
Virtual Machines (VMs)
A software version of a physical computer. A type of testing environment that's useful for testing suspicious files before deciding whether to open them on the physical computer's actual desktop.
port
A software-based location that organizes the sending and receiving of data between devices. (Just like a real ____.)
Ping of Death
A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB (the maximum size for a correctly formed ICMP packet).
ICMP flood attack
A type of DoS attack performed by an attacker repeatedly sending ICMP packets to a network server.
SYN (synchronize) flood attack
A type of DoS attack that simulates a TCP connection and floods a server with SYN packets.
Active packet sniffing
A type of attack where data packets are manipulated in transit.
Passive packet sniffing
A type of attack where data packets are read in transit.
Dictionary attacks
A type of brute force attack where attackers use a list of commonly used passwords and stolen credentials from previous breaches to access a system.
DDoS (Distributed Denial of Service)
A type of denial of service attack that uses multiple devices or servers in different locations.
Forward Proxy Server
A type of proxy server. Regulates and restricts a person's access to the internet.
Reverse Proxy Server
A type of proxy server. Regulates and restricts the INTERNET'S ACCESS to an internal server.
sandbox
A type of testing environment that allows you to execute software or programs SEPARATE from your network. Commonly used for testing patches, identifying and addressing bugs, or detecting cybersecurity vulnerabilities. Unlike VMs, this is an actual physical computer that's completely isolated and, again, separate from a network.
MAC (Media Access Control) address
A unique alphanumeric identifier that is assigned to each PHYSICAL device on a NETWORK.
attack surface
All the potential vulnerabilities that a threat actor could exploit
TCP (Transmission Control Protocol)
An Internet communication protocol that allows two devices to form a connection and stream data.
IDS (Intrusion Detection System)
An application that monitors system activity and alerts on possible intrusions.
IPS (Intrusion Prevention System)
An application that monitors system activity for intrusive activity and TAKES ACTION to stop the activity.
DoS attack
An attack that targets a network or server and floods it with network traffic.
on-path attack (aka meddler-in-the-middle or man-in-the-middle)
An attack where a malicious actor places themselves in the MIDDLE of an authorized connection and intercepts or alters the data in transit.
Replay Attack
An attack where the data is captured and replayed. Attackers typically modify data before replaying it (ie send it again to a destination, while impersonating an IP address).
ICMP (Internet Control Message Protocol)
An internet protocol used by devices to tell each other about data transmission errors across the network
Completely Automated Public Turing test to tell Computers and Humans Apart
CAPTCHA stands for ________.
domain names
DNS servers translate website _______ into the IP address of the system that contains the information for the website.
1. Network access layer 2. Internet layer 3. Transport layer 4. Application layer
Four layers of the TCP/IP Model
Application layer (TCP/IP)
It's responsible for MAKING and RESPONDING to network requests. The __________ in the TCP/IP model is similar to the application, presentation, and session layers of the OSI model (another framework and a different way of visualizing data).
Physical layer (OSI)
Layer 1: it relates to the physical hardware involved in network transmission.
Data link layer (OSI)
Layer 2: it organizes sending and receiving data packets within a single network.
Network layer (OSI)
Layer 3: it oversees receiving the frames from the data link layer (layer 2 of the OSI) and delivers them to the intended destination.
Transport layer (OSI)
Layer 4: it's responsible to delivering data between devices.
Session layer (OSI)
Layer 5: it describes when a connection is established between two devices.
Presentation layer (OSI)
Layer 6 that is data format information, data compression information and data encryption information to the application. Involves data translation and encryption for the network.
Application layer (OSI)
Layer 7 of the OSI model where the user interfaces with the computer application. Includes processes that directly involve the everyday use.
1. Application 2. Presentation 3. Session 4. Transport 5. Network 6. Data Link 7. Physical
Layers of the OSI Model
Hardware Operating Systems Applications Computer Networks Databases
Security hardening can be conducted on:
Bits [per] Second
Speed in the Network aspect of Cybersecurity refers to the rate at which a device sends and receives data, measured by ____ per ______.
Internet Control Message Protocol (ICMP)
The ____ shares error information and status updates of data packets. (Useful for troubleshooting network errors.)
User Datagram Protocol (UDP)
The _____ is a connectionless protocol that does not establish a connection between devices before transmissions. (Used for performance sensitive applications that operate in real time, such as video streaming.)
Transport layer (TCP/IP)
The _____ is responsible for delivering data between two systems or networks and INCLUDES protocols to control the flow of traffic across a network.
Internet layer (aka network layer (NOT network access layer)) (TCP/IP)
The _____ is responsible for ensuring the delivery to the destination host which potentially resides on a DIFFERENT network.
Network access layer (aka data link layer) (TCP/IP)
The __________ deals with the creation of data packets and their transmission across a network.
IEEE 802.11 (Institute of Electrical and Electronics Engineers; 802.11 is a suite of protocols used in wireless communications.
The actual term for Wi-Fi is...
Bandwidth
The amount of data a device receives every second.
OS
The interface between the hardware and the user.
Packet Sniffing
The practice of capturing and inspecting data packets across a network.
Network log analysis
The process of examining network logs to identify events of interest
Network log analysis
The process of examining network logs to identify events of interest.
Strength Hardening
The process of strengthening a system to reduce its vulnerability and attack surface
Subnetting
The subdivision of a network into logical groups called subnets (which is a smaller network inside a bigger network).
brute force attack
The trial and error process of discovering private information.
Uniform Resource Locator
URL stands for...
OSI (Open systems interconnection) Model
Visually organizes network protocols into different layers. Network professionals use this model to communicate with each other about potential sources of problems or security threats when they occur.
A firewall is only able to filter packets based on information provided in the HEADER of the packets.
What's a disadvantage of a Firewall?
A SIEM tool only reports on possible security issues. It doesn't take action to stop or prevent suspicious events.
What's a disadvantage of a SIEM tool?
An IDS can only scan for known attacks; new and more sophisticated attacks might not be caught. And it doesn't actually take action like an IPS does.
What's a disadvantage of an IDS?
An IPS is an online appliance. If it fails, the connection between the network and the Internet breaks. It might also detect false positives and block legitimate traffic.
What's a disadvantage of an IPS?
Back Door Attack
When someone creates an alternative way into a system that bypasses its security controls.
Hashing and Salting
______ converts information into a unique value that can be used to determine its "integrity" (this way of encryption is impossible to decrypt and obtain the original text). _____ adds random characters to the converted password(s).
Botnet | Bot-herder
______ is a collection of computers infected by malware that are under control of a single threat actor, known as a ________
Wi-Fi Protected Access (WPA)
a wireless security protocol for devices to connect to the internet and to protect Wi-Fi networks.
Platform as a Service (PaaS)
refers to TOOLS that application developers can use to design custom applications for their company.