Introduction to Cybersecurity
Traffic interception
If you store a password in clear, readable text, anyone who has access to your account or device, whether authorized or unauthorized, can read it.
Cisco's Advanced Malware Protection (AMP)
installed in next generation Cisco routers, firewalls, IPS devices and web and email security appliances. It can also be installed as software in host computers.
host-based firewall
installed on a single computer with the purpose of protecting that one computer. Filters ports and system service calls on a single computer operating system.
On-path attackers
intercept or modify communications between two devices, such as a web browser and a web server, either to collect information from or to impersonate one of the devices.
Technology
refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents.
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are...
security measures deployed on a network to detect and prevent malicious activities.
Overwhelming quantity of traffic
when a network, host or application is sent an enormous amount of data at a rate which it cannot handle. This causes a slowdown in transmission or response, or the device or service to crash.
Pretexting
when an attacker calls an individual and lies to them in an attempt to gain access to privileged data.
Tailgating
when an attacker quickly follows an authorized person into a secure, physical location.
Something for something (quid pro quo)
when an attacker requests personal information from a person in exchange for something, like a free gift.
Data Use Policy
Outlines how the service provider will collect, use and share your data.
Security Policy
Outlines what the company is doing to secure the data it obtains from you.
Other security devices
Web and email security appliances, decryption devices, client access control servers, and security management systems.
Actions organizations should take when a security breach is identified:
1. Communicate the issue. 2. Be sincere and accountable. 3. Provide the details. 4. Find the cause. 5. Apply lessons learned. 6. Check, and check again 7. Educate!
5 Step Pen Test Process
1. Planning - Footprint through the network to find ways to intrude. 2. Scanning - Identify potential exploitable vulnerabilities. 3. Gaining Access - Exploit any vulnerabilities identified in the network by simulating an attack. 4. Maintaining Access - Gather as much information as you can without being detected. 5. Analysis & Reporting - Report your findings to the team.
3 Dimensions of the McCumber security model
1. The foundational principles for protecting information systems. 2. The protection of information in each of its possible states. 3. The security measures used to protect data.
Security Playbook
A collection of repeatable queries or reports that outline a standardized process for incident detection and response. Ideally, a security playbook should: 1. highlight how to identify and automate the response to common threats such as the detection of malware-infected machines, suspicious network activity or irregular authentication attempts 2. describe and clearly define inbound and outbound traffic 3. provide summary information including trends, statistics and counts 4. provide usable and quick access to key statistics and metrics 5. correlate events across all relevant data sources
Network based firewall
A firewall generally hardware based that protects a network of computers as opposed to one computer.
Dictionary attacks
A hacker systematically tries every word in a dictionary or a list of commonly used words as a password in an attempt to break into a password-protected account.
IoT (Internet of Things)
A large network of physical objects, such as sensors, software and other equipment. All of these things are connected to the internet, with the ability to collect and share data.
Terms of Service
A legally binding contract that governs the rules of the relationship between you, the service provider and others who use the service.
Service Set Identifier (SSID)
A network name that wireless routers use to identify themselves.
miner
A person that solves complex mathematical puzzles to verify a transaction
exploit
A program written to take advantage of a known vulnerability
Virus
A type of computer program that, when executed, replicates and attaches itself to other executable files, such as a document, by inserting its own code.
One way of defending against zero-day attacks and advanced persistent threats (APTs) is to use an enterprise-level advanced malware detection solution, like Cisco's...
Advanced Malware Protection (AMP) Threat Grid.
Setting up password protection
All of your computing devices, including PCs, laptops, tablets and smartphones, should be password protected to prevent unauthorized access. Any stored information, especially sensitive or confidential data, should be encrypted. You should only store necessary information on your mobile device, in case it is stolen or lost.
Privacy Settings
Allows you to control who sees information about you and who can access your profile or account data.
How does an IDS work?
An IDS can either be a dedicated network device or one of several tools in a server, firewall or even a host computer operating system, such as Windows or Linux, that scans data against a database of rules or attack signatures, looking for malicious traffic. If a match is detected, the IDS will log the detection and create an alert for a network administrator. It will not take action and therefore it will not prevent attacks from happening. The job of the IDS is to detect, log and report. The scanning performed by the IDS slows down the network (known as latency). To prevent network delay, an IDS is usually placed offline, separate from regular network traffic. Data is copied or mirrored by a switch and then forwarded to the IDS for offline detection.
IPS vs IDS vs DLP vs SIEM
An IPS can block or deny traffic based on a positive rule or signature match. An IDS scans data against a database of rules or attack signatures, looking for malicious traffic. A DLP system is designed to stop sensitive data from being stolen from or escaping a network. A SIEM system collects and analyzes security alerts, logs and other real-time and historical data from security devices on the network.
How does an IPS work?
An IPS can block or deny traffic based on a positive rule or signature match. One of the most well-known IPS/IDS systems is Snort. The commercial version of Snort is Cisco's Sourcefire. Sourcefire can perform real-time traffic and port analysis, logging, content searching and matching, as well as detect probes, attacks and execute port scans. It also integrates with other third-party tools for reporting, performance and log analysis.
Open authorization (OAuth)
An open standard protocol that allows you to use your credentials to access third-party applications without exposing your password.
Which type of technology can prevent malicious software from monitoring user activities, collecting personal information and producing unwanted pop-up ads on a user computer?
Antispyware
Malware
Any code that can be used to steal data, bypass access controls, or cause harm to or compromise a system.
Personal Data
Any information that can be used to identify you, and it can exist both offline and online.
Government Protection
As more digital information is being gathered and shared, it's protection becomes even more vital at the government level, where national security, economic stability and the safety and the wellbeing of citizens are at stake.
Personal legal issues
At work or home, you may have the opportunity and skills to hack another person's computer or network. But there is an old saying, 'Just because you can does not mean you should.' Most hacks leave tracks, which can be traced back to you. Cybersecurity professionals develop many skills, which can be used positively or illegally. There is always a huge demand for those who choose to put their cyber skills to good use within legal bounds.
3 security measures used to protect data
Awareness, training and education Technology Policy and procedure
Buffer overflow
Buffers are memory areas allocated to an application. A vulnerability occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application can access memory allocated to other processes
Firewalls
Can look deeper into network traffic and identify malicious behavior that has to be blocked.
Trojan Horse
Carries out malicious operations by masking its true intent. It might appear legitimate but is, in fact, very dangerous. Trojans exploit your user privileges and are most often found in image files, audio files or games.
A tool used to detect and prevent security incidents: Security Information and Event Management (SIEM) system
Collects and analyzes security alerts, logs and other real-time and historical data from security devices on the network to facilitate early detection of cyber attacks.
Rainbow attacks
Compares the hash of a password with those stored in the rainbow table. When an attacker finds a match, they identify the password used to create the hash.
The 3 foundational principles for protecting information
Confidentiality, Integrity, Availability
Monitor the Risk
Continuously review any risk reduced through elimination, mitigation or transfer actions. Remember, not all risks can be eliminated, so you will need to closely monitor any threats that have been accepted.
What can the skills developed by cybersecurity professionals be used for?
Cybersecurity professionals develop many skills that can be used for good or evil
What is the difference between a hacker and a cybersecurity professional?
Cybersecurity professionals must work within legal boundaries
Which of the following methods can be used to ensure confidentiality of information?
Data encryption, username ID and password, and two factor authentication
The objectives for data integrity include...
Data not being altered during transit and not being changed by unauthorized entities.
Personal Data
Describes any information about you, including your name, social security number, driver's license number, date and place of birth, your mothers maiden name, and even pictures or messages that you exchange with family and friends.
Ransomware
Designed to hold a computer system or the data it contains captive until a payment is made. Ransomware usually works by encrypting your data so that you can't access it. Often spread through phishing emails that encourage you to download a malicious attachment or through a software vulnerability.
A tool used to detect and prevent security incidents: A Data Loss Prevention (DLP) system
Designed to stop sensitive data from being stolen from or escaping a network. It monitors and protects data in three different states: data in use (data being accessed by a user), data in motion (data traveling through the network) and data at rest (data stored in a computer network or device).
Transactional Data
Details relating to buying and selling, production activities and basic organizational operations such as any information used to make employment decisions.
Assess the Risk
Determine the severity that each threat poses. For example, some threats may have the potential to bring an entire organization to a standstill, while other threats may be only minor inconveniences. Risk can be prioritized by assessing financial impact (a quantitative analysis) or scaled impact on an organization's operation (a qualitative analysis).
Respond to the Risk
Develop an action plan to reduce overall organization risk exposure, detailing where risk can be eliminated, mitigated, transferred or accepted.
Weaknesses in security practices
Developers should stick to using security techniques and libraries that have already been created, tested and verified and should not attempt to create their own security algorithms.
DDoS
Distributed Denial of Service, occurs when multiple devices infected with malware flood the recourses of a targeted system.
'Today, there are single security appliances that will solve all the network security needs of an organization.' Is this statement true or false?
False
'With careful planning and consideration, some risks can be completely eliminated.' Is this statement true or false?
False
network address translation (NAT) firewall
Filters communications based on source and destination IP addresses.
Passphrase
Generally takes the form of a sentence ('Acat th@tlov3sd0gs.'), making it easier for you to remember.
What tool is used to lure an attacker so that an administrator can capture, log and analyze the behavior of the attack?
Honeypot - a tool set up by an administrator to lure an attacker so that the behavior of the attacker can be analyzed. This information can help the administrator identify weaknesses and build a stronger defense.
Intrusion prevention systems
IPS systems use a set of traffic signatures that match and block malicious traffic and attacks.
Frame the risk
Identify the threats that increase risk. Threats may include processes, products, attacks, potential failure or disruption of services, negative perception of an organization's reputation, potential legal liability or loss of intellectual property.
Network Sniffing
Identifying unencrypted passwords by listening in and capturing packets sent on the network.
You are surfing the Internet using a laptop at a public Wi-Fi café. What should you check first before you connect to the public network?
If the laptop requires user authentication for file and media sharing.
Security infrastructure engineering team
Overall, the Security Infrastructure Engineering team is able to consume and act on threat information faster, often in an automated way.
2 ways to delete your data permanently
Overwrite it with one's and zero's, or destroy it physically.
Financial data
Income statements, balance sheets and cash flow statements, which provide insight into the health of the company.
Why might internal security threats cause greater damage to an organization than external security threats?
Internal users have direct access to the infrastructure devices
International law and cybersecurity
International cybersecurity law is a constantly evolving field. Cyber attacks take place in cyberspace, an electronic space created, maintained and owned by both the public and private entities. There are no traditional geographic boundaries in cyberspace. To further complicate issues, it is much easier to mask the source of a attack in cyberwarfare than in conventional warfare.
ISP
Internet Service Provider
Organizational Protection
It's everyone's responsibility to protect the organization's reputation, data and customers.
KRACKs
Key reinstallation attacks: attackers break the encryption between a wireless router and a wireless device, giving them access to network data.
virtual private networks (VPN)
Let remote employees use a secure encrypted tunnel from their mobile computer and securely connect back to the organizations network. Can also securely interconnect branch offices with central office network.
3 Main Types of Personal Data Cybercriminals use
Medical records, education records, employment and financial records.
2 Examples of a Identity Theft
Medical theft and banking.
Netflow
NetFlow technology is used to gather information about data flowing through a network, including who and what devices are in the network, and when and how users and devices access the network. Switches, routers and firewalls equipped with NetFlow can report information about data entering, leaving and traveling through the network. This information is sent to NetFlow collectors that collect, store and analyze NetFlow data, which can be used to establish baseline behaviors on more than 90 attributes, such as source and destination IP address.
NIC
Network Interface Card
The McCumber Cube
Model framework to help organizations establish and evaluate information security initiatives by considering all of the related factors that impact them.
Spyware
Monitors your online activity and can log every key you press on your keyboard, as well as capture almost any of your data, including sensitive personal information
Why do IoT devices pose a greater security risk than other computing devices on a network?
Most IoT devices do not receive frequent software updates.
Corporate legal issues
Most countries have cybersecurity laws in place, which businesses and organizations must abide by. In some cases, if you break cybersecurity laws while doing your job, the organization may be punished and you could lose your job. In other cases, you could be prosecuted, fined and possibly sentenced. In general, if you are unsure whether an action or behavior might be illegal, assume that it is illegal and do not do it. Always check with the legal or HR department in the organization.
NIST
National Institute of Standards and Technology
What protocol is used to collect information about traffic traversing a network?
NetFlow
Online Identity
Not just a name, it's who you are and how you present yourself to others online, including the username or alias you use for your online accounts, as well as the social identity you establish and portray on online communities and websites.
Adware
Often installed with some versions of software and is designed to automatically deliver advertisements to a user, most often on a web browser
Intellectual property
Patents, trademarks and new product plans, which allows an organization to gain economic advantage over its competitors.
Security best practices
Perform a risk assessment, create a security policy, physical security measures, human resources security measures, perform and test backups, maintain security patches and updates, employ access controls, regularly test incident response, implement network monitoring - analytics - and management tools, implement network security devices, implement a comprehensive endpoint security solution, educate users, encrypt data.
3 types of protection in each state
Processing, storage, transmission
Non-validated input
Programs often require data input, but this incoming data could have malicious content, designed to force the program to behave in an unintended way.
What of the following are examples of cracking an encrypted password?
Rainbow tables Brute force attack Dictionary attack _______?
Computer Security Incident Response Team (CSIRT)
Receives, review and respond to computer security incident reports. Cisco CSIRT goes a step further and provides proactive threat assessment, mitigation planning, incident trend analysis and security architecture review in an effort to prevent security incidents from happening.
Worms
Replicates itself in order to spread from one computer to another. Unlike a virus, which requires a host program to run, worms can run by themselves. Other than the initial infection of the host, they do not require user participation and can spread very quickly over the network. They exploit system vulnerabilities, they have a way to propagate themselves, and they all contain malicious code (payload) to cause damage to computer systems or networks.
Consequences of a Security Breach
Reputational damage, vandalism, theft, loss of revenue, damaged intellectual property.
Two-Factor Authentication (2FA)
Requires a second token to verify your identity.
Organized hackers
include organizations of cyber criminals, hacktivists, terrorists and state-sponsored hackers. They are usually highly sophisticated and organized, and may even provide cybercrime as a service to other criminals.
Home network storage
Storing your data locally means that you have total control of it.
Cybersecurity
The ongoing effort to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm.
Incidence response team
The Incidence Response team therefore has access to forensically sound information from which it can more quickly analyze and understand suspicious behaviors.
Secure operations center team
The Threat Grid allows the Cisco Secure Operations Center team to gather more accurate, actionable data.
Cisco Integrated Services Router (ISR) 4000
These routers have many capabilities, including traffic filtering, the ability to run an intrusion prevention system (IPS), encryption and VPN capabilities for secure encrypted tunneling.
You are looking to print photos that you have saved on a cloud storage account using a third-party online printing service. After successfully logging into the cloud account, you are automatically given access to the third-party online printing service. What allowed this automatic authentication to occur?
The cloud storage service is an approved application for the online printing service. Open Authorization is an open standard protocol that allows end users to access third party applications without exposing the user password.
Attackers
individuals or groups who attempt to exploit vulnerability for personal or financial gain
Encryption
The process of converting information into a form in which unauthorized parties cannot read it. Only a trusted, authorized person with the secret key or password can decrypt the data and access it in its original form.
Offline Identity
The real-life persona that you represent on a daily basis at home, at school or at work.
Microsoft Technology Associate (MTA) Security Fundamentals
This certification is aimed at high school and early college students as well as those interested in a career change.
ISACA CSX Cybersecurity Fundamentals Certificate
This certification is geared toward recent post-secondary graduates and those interested in a career change. This certificate does not expire or require periodic recertification.
EC Council Certified Ethical Hacker (CEH)
This certification tests your understanding and knowledge of how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker but in a lawful and legitimate manner.
Cisco Certified CyberOps Associate
This certification validates the skills required of associate-level cybersecurity analysts within security operations centers.
Palo Alto Networks Certified Cybersecurity Associate
This is an entry-level certification for newcomers who are preparing to start their career in the cybersecurity field.
CompTIA Security+
This is an entry-level security certification that meets the U.S. Department of Defense Directive 8570.01-M requirements, which is an important item for anyone looking to work in IT security for the federal government.
Advanced Malware Protection (AMP) Threat Grid.
This is client/server software that can be deployed on host endpoints, as a standalone server or on other network security devices. It analyzes millions of files and correlates them against hundreds of millions of other analyzed malware artifacts for behaviors that reveal an APT. This approach provides a global view of malware attacks, campaigns and their distribution.
ISC2 Certified Information Systems Security Professional (CISSP)
This is the most recognizable and popular security certification. In order to take the exam, you need to have at least five years of relevant industry experience.
Encrypted VPN Service
This service gives you secure access to the Internet, by encrypting the connection between your device and the VPN server. Even if hackers intercept a data transmission in an encrypted VPN tunnel, they will not be able to decipher it.
Race conditions
This vulnerability describes a situation where the output of an event depends on ordered or timed outputs. A race condition becomes a source of vulnerability when the required ordered or timed events do not occur in the correct order or at the proper time.
Stuxnet malware was designed for which primary purpose?
To cause physical damage to equipment controlled by computers
What is the purpose of a rootkit?
To gain privileged access to a device while concealing itself
2 ways cyberwarfare is used
To gather comprised information and/or defense secrets To impact another nations infrastructure
What is the primary goal of a DoS attack?
To prevent the target server from being able to handle additional requests
Managing your operating system and browser
To protect your computer and your data, you should set the security settings on your computer and browser to medium level or higher. You should also regularly update your computer's operating system, including your web browser, and download and install the latest software patches and security updates from the vendors.
side-channel attacks
information is gained from the implementation of a computer system
Traditional Data (Organizational Data)
Typically generated and maintained by all organizations, big and small. Including transactional data, intellectual property, and financial data.
Anti malware or antivirus
Use signatures or behavioral analysis of applications to identify and block malicious code from being executed.
Backdoor
Used to gain unauthorized access by bypassing the normal authentication procedures to access a system. As a result, hackers can gain remote access to resources within an application and issue remote system commands.
Routers
Used to interconnect various network segments together, can also provide basic traffic filtering capabilities. Helps define which computers come from a given network segment can communicate with which network segments.
Scareware
Uses 'scare' tactics to trick you into taking a specific action. Scareware mainly consists of operating system style windows that pop up to warn you that your system is at risk and needs to run a specific program for it to return to normal operation.
What is the only way of ensuring that deleted files on your computer are irrecoverable?
Using a software program such as SDelete or Secure Empty Trash
Threat intelligence team
Using this analysis, the Threat Intelligence team can proactively improve the organization's security infrastructure.
VPN
Virtual Private Network
SEO Poisoning (Search Engine Optimization)
When attackers take advantage of popular search terms and use SEO to push malicious sites higher up the ranks of search results. This technique is called SEO poisoning. The most common goal of SEO poisoning is to increase traffic to malicious sites that may host malware or attempt social engineering.
Secondary location
You could copy all of your data to a network attached storage device (NAS), a simple external hard drive or maybe even back up important folders on thumb drives, CDs, DVDs or tapes.
The cloud
You could subscribe to a cloud storage service, like Amazon Web Services (AWS). The cost of this service will depend on the amount of storage space you need, so you may need to be more selective about what data you back up. You will have access to your backup data as long as you have access to your account.
Personal Protection
You need to safeguard your identity, your data, and your computing devices.
Installing Antivirus and Antispyware
You should only ever download software from trusted websites. However, you should always use antivirus software to provide another layer of protection. This software, which often includes antispyware, is designed to scan your computer and incoming email for viruses and delete them. Keeping your software up to date will protect your computer from any new malicious software that emerges.
Firewall Protection
You should use at least one type of firewall (either a software firewall or a hardware firewall on a router) to protect your device from unauthorized access. The firewall should be turned on and constantly updated to prevent hackers from accessing your personal or organization data.
hash value
a numeric value of a fixed length that uniquely identifies data. A rainbow table is a large dictionary of precomputed hashes and the passwords from which they were calculated.
Confidentiality
a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure confidentiality include data encryption, identity proofing and two factor authentication.
Cryptocurrency
digital money that can be used to buy goods and services, using strong encryption techniques to secure online transactions.
Cisco's AnyConnect Secure Mobility Client
a VPN system that lets remote workers use a secure encrypted tunnel from their mobile computer to securely connect back to the organization's network.
Encrypting File System (EFS)
a Windows feature that can encrypt data. It is directly linked to a specific user account and only the user that encrypts the data will be able to access it after it has been encrypted using EFS.
Honeypots
a behavior-based detection tool that lures the attacker in by appealing to their predicted pattern of malicious behavior. Once the attacker is inside the honeypot, the network administrator can capture, log and analyze their behavior so that they can build a better defense.
Maliciously formatted packets
a collection of data that flows between a source and a receiver computer or application over a network, such as the Internet. When a maliciously formatted packet is sent, the receiver will be unable to handle it.
Behavior-based security
a form of threat detection that involves capturing and analyzing the flow of communication between a user on the local network and a local or remote destination. Any changes in normal patterns of behavior are regarded as anomalies, and may indicate an attack.
Botnet
a group of bots, connected through the Internet, that can be controlled by a malicious individual or group. It can have tens of thousands, or even hundreds of thousands, of bots that are typically controlled through a command and control server.
advanced persistent threats (APTs)
a multi-phase, long term, stealthy and advanced operation against a specific target.
Botnet
a network of hijacked computers used to carry out cyberattacks.
Cisco's Firepower 4100 Series
a next generation firewall that has all the capabilities of an ISR router, as well as advanced network management and analytics. It can help you to see what's happening on the network so that you can detect attacks earlier.
Man-in-the-mobile (MITMO) attack
a type of attack used to take control over a user's mobile device. When infected, the mobile device is instructed to exfiltrate user-sensitive information and send it to the attackers. ZeuS is one example of a malware package with MitMo capabilities. It allows attackers to quietly capture two-step verification SMS messages that are sent to users.
cryptojacking
a type of cyber attack used to mine cryptocurrency
Denial-of-Service (DoS) attacks
a type of network attack that is relatively simple to carry out, even by an unskilled attacker. A DoS attack results in some sort of interruption of network service to users, devices or applications.
'Open' or 'Accepted' means that the port or service running on the computer can be....
accessed by other network devices.
SYNful Knock vulnerability
allowed attackers to gain control of enterprise-grade routers, such as the legacy Cisco ISR routers, from which they could monitor all network communication and infect other network devices.
Amateur attackers
amateur or inexperienced hackers who use existing tools or instructions found on the Internet to launch attacks.
Brute force attacks
an attacker using all possible combinations of letters, numbers and symbols in the password space until they get it right.
Security Breach
an incident that results in unauthorized access to data, applications, services or devices, exposing private information that attackers can use for financial gain or other advantages.
Security vulnerabilities
any kind of software or hardware defect.
Password spraying
attempts to gain access to a system by 'spraying' a few commonly used passwords across a large number of accounts
'Filtered,' 'Dropped' or 'Blocked' means that access to the port or service is...
blocked by a firewall and therefore it cannot be exploited.
White hat attackers
break into networks or computer systems to identify any weaknesses so that the security of a system or network can be improved. These break-ins are done with prior permission and any results are reported back to the owner.
Private Mode (Incognito)
cookies — files saved to your device to indicate what websites you've visited — are disabled. Therefore, any temporary internet files are removed and your browsing history is deleted when you close the window or program
Processing
data that is being used to perform an operation such as updating a database record (data in process).
Rootkit
designed to modify the operating system to create a backdoor, which attackers can then use to access your computer remotely. Most rootkits take advantage of software vulnerabilities to gain access to resources that normally shouldn't be accessible (privilege escalation) and modify system files.
Cisco Identity Services Engine (ISE) and TrustSec
enforce user access to network resources by creating role-based access control policies.TT
Integrity
ensures that system information or processes are protected from intentional or accidental modification. One way to ensure integrity is to use a hash function or checksum.
application layer firewall
filtering based on application, program or service
network layer firewall
filtering based on source and destination IP addresses
transport layer firewall
filters based on source and destination data ports, as well as connection states
context aware layer firewall
filters based on the user, device, role, application type, and threat profile.
proxy server
filters web content requests like URLs, domain names, and media types.
Man-in-the-middle (MITM) attack
happens when a cybercriminal takes control of a device without the user's knowledge. With this level of access, an attacker can intercept and capture user information before it is sent to its intended destination.
Gray hat attackers
may set out to find vulnerabilities in a system but they will only report their findings to the owners of a system if doing so coincides with their agenda. Or they might even publish details about the vulnerability on the internet so that other attackers can exploit it.
Availability
means that authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. This can be achieved by maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups.
'Closed,' 'Denied' or 'Not Listening' means that the port or service is...
not running on the computer and therefore cannot be exploited
reverse proxy servers
placed in front of web servers, reverse proxy servers protect, hide, offload, and distribute access to web servers
Storage
refers to data stored in memory or on a permanent storage device such as a hard drive, solid-state drive or USB drive (data at rest).
Transmission
refers to data traveling between information systems (data in transit).
Policy and procedure
refers to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines.
Distributed DoS (DDoS)
similar to a DoS attack but originates from multiple, coordinated sources.
Black hat attackers
take advantage of any vulnerability for illegal personal, financial or political gain.
Penetration Testing (Pen Testing)
the act of assessing a computer system, network or organization for security vulnerabilities. A pen test seeks to breach systems, people, processes and code to uncover vulnerabilities which could be exploited. This information is then used to improve the system's defenses to ensure that it is better able to withstand cyber attacks in the future.
Risk management
the formal process of continuously identifying and assessing risk in an effort to reduce the impact of threats and vulnerabilities. You cannot eliminate risk completely but you can determine acceptable levels by weighing up the impact of a threat with the cost of implementing controls to mitigate it. The cost of a control should never be more than the value of the asset you are protecting.
Social Engineering
the manipulation of people into performing actions or divulging confidential information.
Awareness, training and education
the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems.
Access control problems
the process of controlling who does what and ranges from managing physical access to equipment to dictating who has access to a resource, such as a file, and what they can do with it, such as read or change the file. Many security vulnerabilities are created by the improper use of access controls.
Port scanning
the process of probing a computer, server, or other network host for open ports. It can be used maliciously as a reconnaissance tool to identify the operating system and services running on a computer or hose. Or it can be used harmlessly by a network administrator to verify network security policies
Cyberwarfare
the use of technology to penetrate and attack another nation's computer systems and networks in an effort to cause damage or disrupt services, such as shutting down a power grid.
Meltdown and Spectre
two hardware vulnerabilities that affect almost all central processing units (CPUs) released since 1995 within desktops, laptops, servers, smartphones, smart devices and cloud services. Attackers exploiting these vulnerabilities can read all memory from a given system (Meltdown), as well as data handled by other applications (Spectre)
Nmap
used to provide a list of open ports on network devices
Cisco's Cyber Threat Defense Solution Architecture
uses behavior-based detection and indicators to provide greater visibility, context and control. The aim is to know who is carrying out the attack, what type of attack they are performing and where, when and how the attack is taking place.