MOD 10 Questions

2 Types of Vulnerability Assessments:

1. Authenticated 2. Unauthenticated

The process of properly managing and applying security patches includes the following 7 steps:

1. Discovery 2. Standardization 3. Defense in depth 4. Vulnerability reporting 5. Implementation 6. Assessment 7. Risk mitigation

Scanning tools can be used to discover crucial information about your network, such as: (6 things)

1. Every available host 2. Each host's running services and software, including operating systems, applications, and their versions 3. Software configurations 4. Open, closed, and filtered ports on every host 5. Existence, type, placement, and configuration of firewalls 6. Unencrypted or poorly encrypted sensitive data

6 access control technologies

1. Keypad, or cipher lock 2. Access badge (smart cards, badge readers) 3. Biometrics 4. Access control vestibule 5. Locking rack and locking cabinet 6. Smart locker

4 Detection Methods

1. Motion detection 2. Cameras 3. Tamper detection 4. Asset tags

4 Measures an organization can take to reduce insider threat risks?

1. Perform background checks for new hires and, where relevant, for contractors. 2. Enforce the principle of least privilege, meaning employees are given minimal access to do their job. 3. Design checks and balances on employee behavior, such as scheduled access, mandatory vacations, and job rotations. 4. Deploy a DLP (data loss prevention) solution that identifies sensitive data and prevents it from being copied or transmitted off the network.

3 Types of attack simulations.

1. Vulnerability Assessment -Authenticated -Unauthenticated 2. Pen (penetration) testing 3. Red Team-Blue Team exercise

A security card that identifies a person by name and perhaps includes a photo, title, and other information. can be programmed to allow their owner access to some, but not all, rooms in a building

Access badge

A confined space between two locking doors where one door must lock closed before the other can open. Formerly called a mantrap.

Access control vestibule

An attack that can be amplified when conducted using small, simple requests that trigger very large responses from the target. Several protocols lend themselves to being used in these kinds of attacks, including DNS, NTP, ICMP, SNMP, and LDAP.

Amplified DRDoS attack

A barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people. Today, these systems often use Bluetooth, RFID (such as NFC), cellular, and GPS wireless technologies.

Asset tags

In this case, the attacker is given the same access to the network as a trusted user would have, such as an employee or an intruder who has somehow hacked into a user's account. Which type of Vulnerability Assessment is this?

Authenticated

Security flaws that allow unauthorized users to gain access to the system.

Back doors

A malware-infected file, such as a free music download, or a malware-infested device, such as a USB flash drive, is seemingly left unguarded for someone to take and attempt to use on their own computer.

Baiting

Involves biorecognition access in which a device scans an individual's unique physical characteristics such as the color patterns in their iris or the geometry of their hand.

Biometrics

Groups or individuals use their skills to bypass security systems with the intent to cause damage, steal data, or compromise privacy.

Black hat hacker

A process/program that runs automatically, without requiring a person to start or stop it. Can be used to damage or destroy a computer's data or system files, issue objectionable content, launch DoS attacks, or open back doors for further infestation.

Bot

A collection of infected systems used in coordinated attacks against targets.

Botnet

A central server commanding infected devices that have been recruited into a botnet.

C&C (command-and-control) server

A video surveillance system that monitors activity in secured areas.

CCTV (closed-circuit TV)

A ___________________ attack in which multiple hosts simultaneously flood a target host with traffic, rendering the target unable to function. Most of these machines are _____________, which means the owners are unaware that their computers are being used in the coordinated attack.

DDoS (distributed DoS) zombies

A security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied (such as downloading to a flash drive) or transmitted off the network (such as emailing or posting to cloud storage).

DLP (data loss prevention)

An attack that alters DNS records on a DNS server, thereby redirecting traffic from a legitimate server to a malicious server, such as a phishing website.

DNS poisoning or DNS spoofing

A ______________ attack is a type of DDoS attack that is bounced off uninfected computers, called _____________, before being directed at the target.

DRDoS (distributed reflection DoS) reflectors

Unauthorized access or use of sensitive data.

Data Breach

An __________________ attack on a wireless network in which the attacker sends faked ____________________ frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the _______________________ process and knock one or more clients off the wireless network.

Deauth (deauthentication) deauthentication deauthentication

An attack in which a legitimate user is unable to access normal network resources, such as a web server, because of an attacker's intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can't respond to any of them.

DoS (denial-of-service) attack

4 Characteristics of malware which makes it harder to detect and eliminate include:

Encryption Stealth - disguises itself as legitimate programs or replaces part of a legitimate program's code with destructive code. Polymorphism - changes its characteristics (such as the arrangement of bytes, size, and internal instructions) every time it's transferred to a new system. Time Dependence - programmed to activate on a particular date. Can remain dormant and harmless until its activation date arrives. Such as a Logical Bomb.

4 Insecure protocols and their secure alternatives.

FTP (use SFTP instead) HTTP (use HTTPS with SSL/TLS instead) Telnet (use along with IPsec) SNMP, SNMPv1, and SNMPv2 (use SNMPv3 instead)

An attack in which an FTP client specifies a different host's IP address and port for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code.

FTP bounce

An unintentional DoS attack that is not done with malicious intent. An example might be when a website is flooded with an unexpectedly high amount of shopping traffic during a flash sale, or when a significant event is reported on the news and people flood to certain, related websites, especially if a specific website was mentioned in news reports.

Friendly DoS attack

Hackers who abide by a code of ethics all their own. They might engage in illegal activity, their intent is to educate and assist.

Gray hat hacker

Traditionally, a person who masters the inner workings of computer hardware and software in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent.

Hacker

A network of honeypots.

Honeynet

A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits and filled with what appears to be sensitive (though false) content for the purposes of learning more about hacking techniques or nabbing a hacker in the act.

Honeypot

Certain TCP/IP protocols are inherently insecure. For example, IP addresses can be falsified, checksums can be thwarted, UDP requires no authentication, and TCP requires only weak authentication.

Insecure protocols and services

Physical or electronic locks requiring a code for entry and can be used to log who comes and goes, enable or disable unescorted entry, schedule open access times, and even respond to access made under duress

Keypad, or cipher lock

A secured panel or door that restricts physical access to servers, routers, switches, and firewalls installed on a rack to prevent an intruder from making configuration changes to these devices.

Locking Rack

Code or a bug in code that will start when certain conditions are met and are not always malicious.

Logic Bomb

__________________ can exhibit more than one characteristic such as encryption, stealth, polymorphism and time dependence.

Malware

Any program or piece of code designed to intrude upon or harm a system or its resources.

Malware (malicious software)

This popular penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes.

Metasploit

Technology that triggers an alarm when it detects movement within its field of view.

Motion detection

3 Types of Scanning Tools

NMAP, Nessus, and Metasploit

Can identify unencrypted, sensitive data (such as credit card numbers) saved on your network's hosts. Performs even more sophisticated vulnerability scans than Nmap.

Nessus

The scanning tool _________ and its GUI version, __________, are designed to scan large networks quickly and provide information about a network and its hosts.

Nmap Zenmap

An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic (transmissions) while in transit.

On-path attack previously called a MitM (man-in-the-middle) attack

A ___________ attack damages a device's firmware beyond repair. This is called "_____________" the device because it effectively turns the device into a brick. Usually targets routers or switches.

PDoS (permanent DoS) bricking

A process of scanning a network for vulnerabilities and investigating potential security flaws. Begins with a vulnerability assessment using various tools and then attempts to exploit those vulnerabilities.

Pen (penetration) testing

SimplyEmail to gather information posted online related to an email address Hashcat or John the Ripper to crack passwords Aircrack-ng to monitor and manipulate wireless transmissions Metasploit for vulnerability scanning PowerShell scripts to perform multiple tasks at a time Wireshark and Nmap These tools are used for

Pen (penetration) tools

4 phases of social engineering attack cycle?

Phase 1, research Phase 2, building trust Phase 3, exploit Phase 4, exit

A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information. Communication that appears to come from a legitimate source and requests access or authentication information.

Phishing

An attack type in which a person uses deception to follow an authorized employee into a restricted area.

Piggybacking

A free gift or service is offered in exchange for private information or "temporary" access to the user's computer system.

Quid pro quo

A program that locks a user's data or computer system until a ransom is paid. In most cases, the infection encrypts data on the computer and can also encrypt data on backup devices, removable storage devices, and even cloud storage accounts connected to the computer, such as Dropbox or OneDrive.

Ransomware

A red team is involved in offensive security, vulnerability assessment, social engineering, and penetration testing. A blue team is involved in defensive security, implementing controls, security monitoring, and incident response. A purple team is involved in improving the overall security posture and collaborative security.

Red Team-Blue Team Exercise

An attack simulation in which the red team conducts an attack and the blue team attempts to defend the network. Usually, the red team is a hired attacker, such as a consultant or security organization, and the blue team is the company's own IT, security, and other staff.

Red Team-Blue Team Exercise

Over long-distance connections, using __________________ is more secure than using ________________ because a securely encrypted key is more difficult to crack than a password.

SSH keys passwords

An assessment of an organization's security vulnerabilities performed by an accredited network security firm.

Security Audit aka IT Audit

An attack type in which a person secretly observes an authorized person entering their credentials to access a secure area and then uses that information later.

Shoulder surfing

An access-controlled locker that requires authentication, such as by providing a bar code from an email or a PIN, so specific users are logged as having accessed the locker and when.

Smart locker

An attack type in which an unauthorized person follows an authorized person into a secure area without the authorized person's knowledge or cooperation.

Tailgating

Sensors that can detect physical penetration, temperature extremes, input voltage variations, input frequency variations, or certain kinds of radiation.

Tamper detection

A program that disguises itself as something useful but actually harms your system. Does not replicate themselves, they are not considered viruses. An executable file that someone sends you over the Internet, promising that the executable will install a great new game, when in fact it erases data on your hard disk or mails spam to all the users in your email app's address book.

Trojan horse (or Trojan)

Malware is a generalized term that refers to many kinds of malicious software such as _____________, ___________, ______________, ______________, and ________________.

Trojan horses, viruses, worms, bots, and ransomware.

In this case, the attacker begins on the perimeter of the network, looking for vulnerabilities that do not require trusted user privileges. Which type of Vulnerability Assessment is this?

Unauthenticated

A program that replicates itself with the intent to infect more computers, either through network connections when it piggybacks on other files or through the exchange of external storage devices.

Virus

An evaluation of security weaknesses in a network. Often performed by a company's own employees and does not attempt to exploit any vulnerabilities.

Vulnerability Assessment

An IT security expert hired by organizations to identify security vulnerabilities. They're sometimes called ethical hackers

White hat hacker

A program that runs independently of other software and travels between computers and across networks. They may be transmitted by any type of file transfer, including email attachments. They do not alter other programs in the same way that viruses do, but they can carry and hide viruses.

Worm

Keep in mind that malicious and determined intruders may use one technique, which then allows them to use _________________________, which then supports _______________________________, and _________.

a second technique a third technique so on

2 layers effective risk management happens at

a security risk assessment and a business risk assessment.

Updates to _________________, ___________________, and ___________________ address several issues, including fixing bugs, adding new features, and closing security gaps also known as ____________.

applications operating systems device firmware patches

A device that detects information embedded on a smart card.

badge reader

A type of malware called a _________ is installed on each machine and gives the ______________, or central controller, remote control of the computer.

bot bot herder

Computers can be requisitioned as part of a _____________, also called a _______________, in coordinated DDoS attacks without the owners' knowledge or consent. They are sometimes made available for hire on the black market.

botnet zombie army

A series of steps that accomplish a defined goal in a business context.

business process

An evaluation of the potential impact of various security threats on business processes.

business risk assessment

Preventive measures that can be taken to secure a device from network or software supported attacks.

device hardening

The most important defense against social engineering is ____________ ______________.

employee training

In the context of network security, the act of taking advantage of a vulnerability.

exploit

Effective _____________ can greatly reduce the chances of a computer being drafted into illegal botnets.

firewalls

More than half of all security breaches sustained by networks are caused by _______________, ______________, and _______________.

human error, ignorance, and omission

A security risk associated with someone who is or was trusted by an organization, such as an employee, former employee, contractor, or other associate who may have malicious intent.

insider threat

A storage container secured by a locked panel or door that might be used to store documents or hardware not in use.

locking cabinet

The most reliable defense against Ransomware is to........and......

make manual backups of data on a regular basis and disconnect the backup media from the computer between backups.

Software (an application) that searches a server, switch, router, or other device for open ports that might be vulnerable to attack.

port scanner

An evaluation of an organization's security vulnerabilities.

posture assessment

A security measure that ensures employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.

principle of least privilege

An evaluation of all business processes that might be impacted by various cybersecurity threats.

process assessment

Access badges that do not require direct contact with a proximity reader to be detected.

proximity cards (also called prox cards)

An evaluation of threats to and vulnerabilities of a network.

security risk assessment

An electronic access badge.

smart cards

The act of manipulating social relationships to circumvent network security measures and gain access to a system.

social engineering

An evaluation of specific security threats to a network and related risk factors.

threat assessment

An evaluation of security and compliance risks related to suppliers and vendors a company does business with.

vendor risk assessment (also called a third-party risk assessment)

A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access to a network.

vulnerability

Other technology risks are related to ________________ of wireless transmissions, authentication ___________________, lack of ______________, or _________ in software design.

weaknesses vulnerabilities encryption flaws

An attack that takes advantage of a software vulnerability that hasn't yet or has only very recently become public. Exploits are particularly dangerous because the vulnerability is exploited before the software developer can provide a solution for it or before the user applies the published solution.

zero-day exploit, or zero-day attack