Security and Privacy Chapter 1
What is another way of saying layering security?
"Defense in depth" or "security in depth"
What are the seven layers of security?
1.) Policies, procedures and awareness, 2.) Physical, 3.) Perimeter 4.) Network, 5.) Host, 6.) Application, 7.) Data
What does it mean to breach the system in terms of threat agent attacks?
A breach is the penetration of system defenses. it is often achieved by using information gathered by reconnaissance
What is a zombie?
A computer that is infected with malware and is controlled by a command and control center called a zombie master.
What is the SCALE and VELOCITY of cyber attacks?
A cyber attack can grow to millions of computers in a matter of minutes or days
What is an example of an threat?
A data breach that results in a database being stolen
What is an example of a threat agent?
A disgruntled employee who copies a database to a thumb drive and sells it to a competitor
What is a fileless virus?
A fileless virus uses legitimate programs to infect a computer. Because it doesn't rely on files, it leaves no footprint, making it undetectable by most security solutions.
What is a botnet?
A group of zombie computers that are commanded from a central control infrastructure
What is a hacker in terms of threat agents?
A hacker is a threat agent who uses their technical knowledge to bypass security mechanisms to exploit a vulnerability to access information
What is a trojan horse?
A malicious program that is disguised as legitimate or desirable software
What is a virus?
A program that attempts to damage a computer system and replicate itself to other computer systems.
What is layered security?
A security approach that combines multiple security controls and defenses to create a cummulative effect.
What is Layered security model?
A security approach that defines seven layers of security
What is a worm?
A self-replicating malware program.
What is a rootkit?
A set of programs that allows attackers to maintain hidden, administrator-level access to a computer
What is a gray hat hacker?
A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker.
What is a white hat hacker?
A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission is given.
What is black hat hacker?
A skilled hacker who uses skills and knowledge for illegal or malicious purposes
What is a nation state in terms of threat agents?
A sovereign state threat agent that may wage an all-out war on a target and have significant resources for the attack
What does a corporate spy do?
A spy applies for a job within a competitor and then exploits internal vulnerabilities to steal information and return it to their client.
What is an competitor in terms of threat agents?
A threat agent who carries out attacks on behalf of an organization and targets competing companies
What is an insider in terms of threat agents?
A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack.
What is an internal threat in terms of threat agents?
A threat from authorized individuals (insiders) who exploit assigned privileges and inside information to carry out an attack
What is an external threat in terms of threat agents?
A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data.
What is a threat?
A threat is an entity that can cause the loss of an asset or any potential danger to the confidentiality, integrity, or availability of information or systems.
What is a Non-persistent threat threat in terms of threat agents?
A threat that focuses on getting into a system and stealing information. It is usually a one-time event, so the attacker is not concerned with detection.
What is a persistent threat threat in terms of threat agents?
A threat that seeks to gain access to a network and remain there undetected.
What is a targeted attack?
A type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.
What is vulnerability?
A weakness that allows a threat to be carried out
What are ACLs in networking?
Access Control Lists, it contains rules for who can access and environment
What is an exploit?
An act, procedure, or piece of software that takes advantage of a vulnerability to carry an attack
What is an asset?
An asset is something that has value to the person or organization
What is an opportunistic attack?
An attack in which the threat actor is almost always trying to make money as fast as possible and with minimal effort.
What does it mean to exploit vulnerabilities in terms of threat agent attacks?
An exploitation takes advantage of known vulnerabilities in software and systems
What is an hacker in terms of threat agents?
Any threat agent who uses technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information
List the items that risk management takes into account:
Assets, threats, threat agents, vulnerabilities, exploits
What is the application layer of security?
Authentication and authorization, user management, group policies, and web application security.
What is availability?
Availability ensures the uptime of the system so that data is available when needed.
How can employee's be threat agents?
Become disgruntled with their employer, be bribed by a competitor, be an unintentional participant in an attack, accidentally delete or cause data corruption
What are sophisticated attacks?
Complex, difficult to thwart cyber attacks that use common tools and protocols
What is the "CIA" of Security?
Confidentiality, Integrity, Availability
What does it mean to create a backdoor in terms of threat agent attacks?
Creating a backdoor is an alternative method of accessing an application or operating system for troubleshooting. Hackers often create backdoors to exploit a system without being detected.
List a subcategory of hackers in terms of threat agents
Cybercriminals
What is an cybercriminal in terms of threat agents?
Cybercriminals are willing to take more risks and use more extreme tactics for financial gain
What is a another term for layered security?
Defense in-depth security model
How is non-repudiation enforced?
Digital signatures
List some threat agents:
Employees, spies, hackers
Example of confidentiality:
Encryption, which converts data into a form that makes it less likely to be useable by an unintended recipient
What is confidentiality?
Ensures that data is not disclosed to unintended persons.
What does it mean to escalate privileges in terms of threat agent attacks?
Escalating privileges is a primary objective of an attacker. Once an attacker has breached the system obtaining higher privileges allows the attacker to access more information and gain greater control with the system
What are some examples physical security in terms of cybersecurity?
Firewalls and antivirus software
What is the perimeter layer of security?
Firewalls using ACLs and securing the wireless network.
What are script kiddies?
Hackers that download and run attacks available on the internet, but generally are not technically savvy enough to create their own attacking code or script
What are cyber terrorists?
Hackers who use the Internet to carry out terrorist activities, such as disrupting network-dependent instructions
What are cyber-criminals?
Hackers who usually seek to exploit security vulnerabilities for some kind of financial reward or revenge
What is an example of integrity in cyber-security?
Hashing, the practice of using an algo to map data
What is an example of non-repudiation?
If a user sends a digitally signed email, they cannot claim later that the email was not sent
What is Open-source intelligence (OSINT)?
Information that is readily available to the public and doesn't require any type of malicious activity to obtain
What is integrity?
Integrity ensures that data is not modified or tampered with
When considered a threat agent what are employee's also known as?
Internal threats
What is layering in cybersecurity?
Lasyering involves implementing multiple security strategies to protect the same asset
What are 5 defense methodologies for cybersecurity?
Layering, principle of least privilege, variety, randomness, simplicity
What is LAN?
Local Area Network, a series of computers linked together to form a network in a location
What is the host layer of security?
Log management, OS hardening, patch implementation, patch management, auditing, anti-malware, and password attack prevention on each workstation, laptop, and mobile device.
What does OSINT stand for?
Open-source intelligence
What are administrators?
People who manage the software
What are users?
People who use the software
What are 8 attack strategies that threat agents practice?
Perform reconnaissance, use social engineering, use technical approaches, breach the system, escalate privileges, create a backdoor, stage computers, exploit vulberabilities
What is physical security in terms of cybersecurity?
Physical security includes all hardware and software necessary to secure data
What are policies?
Policies are the rules an organization implements to protect information
What is non-repudiation?
Providing validation of a message's origin?
What does it mean to in terms of threat agent attacks?
Reconnaissance is the process of gathering information about an organization, including system hardware information, network configuration, individual user information
What is the reason for the SCALE and VELOCITY of cyber attacks?
Scale and Velocity grows due to it's ability to proliferate on the internet.
What are the subcategories of hackers?
Script kiddies, cyber criminals and cyber terrorists
What is an example of an asset?
Sensitive information in a database
What does it mean to use social engineering in terms of threat agent attacks?
Social engineering is the process of manipulating others into providing sensitive information. Social engineering tactics include intimidation and sympathy
What is malware?
Software designed to take over or damage a computer without the user's knowledge or approval
What is a threat agent?
Sometimes known as an attacker, an entity that can carry out a threat
What are spies in terms of threat agents?
Spies can be employed in corporate espionage to obtain information about competitors for commercial purposes
What does it mean to stage computers in terms of threat agent attacks?
Staging a computer involves preparing it to preform additional tasks in the attack, such as installing software designed to attack other system. this is an optional step
Once a vulnerability has been exploited an attacker can often?
Steal information, deny services, crash systems, modify information
What is the data layer of security?
Storing data properly, destroying data, classifying data, cryptography, and data transmission security.
What is an example of vulnerability?
Such as a USB port that is enabled on the server hosting the database or a server room door that is frequently left ajar, copies the database to a thumb drive, and then sells it.
What is security?
The degree of protection against danger, damage, loss and criminal activity
What is the network layer of security?
The installation and configuration of switches and routers; implementation of VLANs; penetration testing; and virtualization use.
What is risk management?
The process of identifying security issues and deciding which countermeasures to take in reducing risks to an acceptable level
What makes sophisticated attacks dangerous?
The use of common tools make it difficult to distinguish an attack from legitimate traffic. They also vary their behavior, making the same attack appear different each time.
What is the reason for the VOLUME of cybersecurity threats?
There is a high quantity and a variety of attack tools available to anyone for download on the internet.
Why are employee threat agent's so dangerous?
They are the most overlooked and most dangerous threat agents because they have greater access to information assets than anyone in the outside trying to break in.
What is the policies, procedures and awareness layer of security?
User education; manageable network plans; and employee onboarding and off-boarding procedures.
What is a VLAN?
Virtual Local Area Network, allows network admins to limit access to a specific group of workstations
Can a spy operate externally of a company? How?
Yes, they just exploit external vulnerabilities
