Computing Security: Concepts and Tools

Questions and Answers

Which of the following best describes network security?

• A specific type of firewall used in enterprise environments.
• The process of designing secure operating systems.
• A set of guidelines for ethical hacking practices.
• Controls, policies, and practices to prevent unauthorized access. (correct)

A security architect is primarily responsible for the physical security of a company's data centers.

False (B)

What is the main purpose of a penetration test?

• To create and maintain security documentation.
• To evaluate the security of a system by simulating a cyberattack. (correct)
• To conduct a vulnerability assessment.
• To install the latest security patches on a system.

A ______ triad consists of confidentiality, integrity, and availability.

CIA

Match the cyberattack type with its description:

Malware = Software designed to disrupt systems or steal data. Phishing = Deceptive attempts to gain sensitive information via fake emails or messages. DDoS = Overwhelming a target with traffic to make it unavailable. Ransomware = Malware that encrypts data and demands payment for its release.

What is the primary goal of Identity Access Management (IAM)?

Connect users with the correct level of access.

Which of the following describes the function of a Security Operations Center (SOC)?

Monitoring, detecting, analyzing, and responding to cyber threats. (D)

Security information and event management (SIEM) aims to decentralize log data related to security.

False (B)

A ______ is a support provider that monitors and maintains consistent security measures for a fee.

MSSP

What is the purpose of Cloud Access Security Brokers (CASB)?

To manage and enforce security policies for cloud service users. (B)

Match the term with its description:

UEBA = Analysis to identify user behavior that deviates from normal. IOC = Network intrusion signals detected during log data analysis. DDoS = Disrupting a service by flooding it with traffic.

What is the primary function of Wireshark?

Packet analysis.

Metasploit is a tool exclusively used by malicious hackers to exploit system vulnerabilities.

False (B)

What is the main focus when considering network security as akin to building a dam?

The integrity of the entire structure. (C)

The cyber threat landscape is a dynamic environment constantly evolving with new threats and attack ______.

vectors

Match the threat actor with their typical motivation:

Hacktivists = Political or ideological reasons. Cybercriminals = Financial gain. State-Sponsored Actors = Strategic or intelligence-gathering purposes.

What is a common consequence of a Distributed Denial of Service (DDoS) attack?

Unavailability of the target

Why is understanding the cyber threat landscape important for organizations?

To allocate resources effectively and respond to cyber incidents. (A)

Nonrepudiation in cryptography ensures data confidentiality.

False (B)

In symmetric encryption, the ______ key is used for both encryption and decryption.

same

Match each algorithm with its key length.

DES = 56 bits Triple DES = 168 bits Blowfish = 448 bits

What characteristic differentiates asymmetric cryptography from symmetric cryptography?

Use of key pairs

In public key infrastructure (PKI), what role does a Certificate Authority (CA) play?

Issuing, managing, and revoking digital certificates. (D)

A company's risk management framework should remain static and unchanged over time.

False (B)

Risk ______ involves defining the roles of all employees and assigning authority to individuals to manage risks.

governance

Match the risk type with its corresponding example:

Strategic risk = A competitor entering the market. Compliance risk = Introduction of new regulations or legislation. Financial risk = Interest rate increase on a business loan.

What makes remote workers a potential cybersecurity risk?

Less-secure internet connections and human error

Why are IoT (Internet of Things) devices considered a growing cybersecurity concern?

They often have weak security and expose users to cyberattacks. (C)

Multi-factor authentication (MFA) relies on only a single factor for verifying a user's identity.

False (B)

[Blank]-powered cybersecurity is capable of handling large volumes of data and assisting in rapid decisions to remediate threats.

AI

Match the definition to the term

Cyberespionage = Gathering intelligence from a target using computers and the internet Malware = Sophisticated, malicious software designed to harm computer systems Ransomware = Malware that restricts access to a computer system and demands a ransom

What is the primary goal of malware prevention?

Combat ever-changing tactics

What is the primary purpose of a firewall as a service (FWaaS)?

Provide cost-effective and flexible security (B)

Cybercrime investigators work exclusively for law enforcement agencies.

False (B)

One of the most important techniques used in cybercrime investigation is digital ______.

forensics

Match the tools to the function

FTK = Digital Forensics Software Wireshark = Network Analysis Tools IDA Pro = Malware Analysis Tools

What is the purpose of cybercrime investigation tools?

Gather evidence

According to the World Economic Forum (WEF), where does cybercrime rank in terms of global economic size?

Third-largest (B)

Incident management focuses solely on resolving technical issues and does not consider the impact on business services.

False (B)

The first step in the workflow of incident is to ______ the incident.

identify

Flashcards

Network security

Controls, policies, processes, and practices to prevent unauthorized access to network resources.

Security architect

Designs and maintains security for systems, recommends security controls, and identifies security solutions.

Endpoint security

Protecting devices like workstations and servers from malicious threats and cyberattacks.

Security engineer

Designs, develops, and maintains secure systems and networks, ensuring they are secure from attacks.

Penetration test

Authorized simulated cyberattack on a computer system to evaluate its security.

Security Operations Center (SOC)

A centralized function that monitors, detects, analyzes, and responds to cyber threats.

CIA triad

Three key tenets of cybersecurity: Confidentiality, Integrity, and Availability.

Confidentiality

Protecting data from unauthorized viewing or use.

Integrity

Maintaining accurate and complete information by protecting it from unauthorized alterations.

Availability

Ensuring data is accessible to authorized viewers.

Malware

Software created to disrupt a system or bypass security.

Phishing

Attacks to get login information using spam emails or false information.

Advanced Persistent Threats (APT)

Enduring and sophisticated attacks that rely on phishing or socially engineered malware.

Identity access management (IAM)

Policy framework for managing online user identities and access.

Incident response (IR)

Steps a company takes after detecting an intrusion.

Security information and event management (SIEM)

Centralizes all log data related to security for systematic analysis.

Managed security service provider (MSSP)

Support provider that monitors and maintains consistent security measures.

Cloud access security brokers (CASB)

Policy plans cloud service providers have with their users.

User and entity behavior analytics (UEBA)

Analysis to identify user behavior that deviates from normal use.

Indicator of compromise (IOC)

Network intrusion signals.

Distributed denial of service (DDoS)

Using DDoS to divert security measures during an attack.

Wireshark

Free, open-source packet analyzer for network troubleshooting and analysis.

Metasploit

Open-source tool to identify weaknesses in computer systems.

Cyber threat landscape

Dynamic environment of potential cybersecurity risks, vulnerabilities, and actors.

Hacktivists

Individuals motivated by political/ideological reasons.

Cybercriminals

Individuals who engage in cybercrime for financial gain.

State-Sponsored Actors

Nation-states that conduct cyberattacks for strategic purposes.

Insiders

Employees/contractors who intentionally/unintentionally cause harm.

Malware

Software designed to cause harm.

Ransomware

Malware that encrypts data and demands a ransom for its release.

Phishing

Deceptive attempts to obtain sensitive information.

Social Engineering

Manipulating individuals to reveal confidential information.

Distributed Denial of Service (DDoS)

Overwhelming a target with traffic to make it unavailable.

Insider Threats

Actions by employees that compromise security.

Vulnerabilities

Weaknesses in systems exploitable by attackers.

Attack Vectors

Methods attackers use to exploit vulnerabilities.

Cryptography

Protecting information in all its forms.

Confidentiality

Keeping secret information away from disclosure.

Authentication

Authenticating to allow software to be positively identified.

Nonrepudiation

Providing positive identification of the source of an event.

Key

The specific secret code used in a cryptographic function.

Study Notes

Overview

• This course covers computing security branches, cybersecurity concepts, challenges, and tools for problem-solving.
• Topics include network security, threat landscape, authentication, malware, cryptography, risk and incident management, cybercrime, and cybercriminal behavior.

Branches of Computing Security

• Network security involves security controls, policies, and practices to prevent unauthorized access and misuse.
• Security architects design system security, maintain documentation, and recommend security controls.
• Endpoint security protects devices like workstations and servers from cyberattacks.
• Security engineers design, develop, and maintain secure systems and networks, ensuring protection from attacks.
• Penetration testing simulates authorized cyberattacks to evaluate system security and is distinct from vulnerability assessments.
• Security Operations Centers (SOC) monitor, detect, analyze, and respond to cyber threats to protect organizational assets.

Cyber Security Concepts

• The CIA triad: confidentiality, integrity, and availability as key cybersecurity tenets.
• Confidentiality: Protecting data from unauthorized viewing or use to maintain security and customer trust.
• Integrity: Maintaining accurate and complete information by preventing unauthorized alterations.
• Availability: Ensuring data accessibility to authorized viewers for necessary actions.
• Cyberattacks: Understanding and defending against various attacks is crucial for cybersecurity professionals.
• Malware: disrupt systems, bypass authorization, leak data, requiring anti-malware programs and user education.
• Phishing: aims to steal login data using spam or false info, countered by two-factor authentication.
• Social Media: poses security threats via malicious friend requests or downloads.
• Advanced Persistent Threats (APT): relies on phishing or social engineering makes them hard to defend against.
• Software Patches: patching software vulnerabilities reduces chances of cyberattacks.
• Identity Access Management (IAM): is a framework to manage online user identities and access levels for system functions.
• Incident Response (IR): involves protocols for addressing intrusions for personnel and system reaction.
• Security Information and Event Management (SIEM): centralizes security log data for systematic analysis.
• Managed Security Service Provider (MSSP): monitors and maintains security for a monthly fee like endpoint detection software and firewalls.
• Security Operations Center (SOC): manages security with cybersecurity staff.
• Cloud Access Security Brokers (CASB): Policy plans like encryption and authentication ensure cloud service user's trust.
• User and Entity Behavior Analytics (UEBA): identifies unusual user behavior to reduce log session noise.
• Indicators of Compromise (IOC): unfamiliar activity exposes network intrusions during log analysis.
• Distributed Denial of Service (DDoS): disrupting services by overwhelming a site or using multiple IP addresses.

Cyber Security Tools

• Wireshark is a free, open-source packet analyzer for network troubleshooting and protocol development.
• Metasploit identifies system weaknesses.

Basics of Network Security

• Securing a network involves firewalls and intrusion detection/prevention systems (IDS/IPS).
• A layered defense strategy creates multiple defensive roadblocks to thwart potential hackers.

Threat Landscape, Authentication, Malware

• The cyber threat landscape includes risks, vulnerabilities, and actors in the digital world.
• Cyber threat Landscape threat actors
• Hacktivists are motivated by political or ideological reasons.
• Cybercriminals : seek financial gain.
• State-Sponsored Actors: conduct cyberattacks to gather intelligence.
• Insiders: cause intentional or unintentional harm.
• Threats: attacks/vulnerabilities include malware, ransomware, phishing, social engineering, and DDoS attacks.
• Vulnerabilities: are system weaknesses exploited by attackers.
• Attack Vectors are methods that attackers use to exploit vulnerabilities.
• The cyber threat landscape is constantly evolving with new techniques and actors.
• Threat Landscape Proactive Security
• Understanding vulnerabilities is vital for organizations to protect themselves.
• Allocating resources involves allocating resources to address risks.
• Knowledge of threat landscape gives the ability to respond to cyber incidents.
• Keeping up to date is vital for maintaining a cyber security
• Cryptography

Cryptography

• The art of securing information, ensuring confidentiality, integrity, nonrepudiation, and authentication.
• Focus include confidentiality, integrity, authentication, nonrepudiation and key distribution.
• Confidentiality: Encryption keeps data secret and away from prying eyes.
• Integrity is where can see changes
• Authentication in electronic messaging validates message origin from a known, trusted entity.
• Nonrepudiation: Provide source identification
• Key Distribution
• Symmetric Cryptography: encryption of one key both encrypt and decrypt.
• Symmetric Encryption: Preserving confidentiality increased speed over non-symmetric systems and maintaining simplicity
• Data Encryption Standard (DES) algorithm is still in use today.
• Triple DES (3DES): DES algorithm extend three times more powerful.
• Blowfish: fast, is made to be simple
• RC2 : allows algorithm keys between 1 and 2,048 bits
• RC4 is notable for its inclusion in the Wired Equivalent Protection (WEP) protocol used in early
• Wireless network
• RC 5 users can allow key lenght
• RC6 : Key lenght is 128_256 bits
• Rijndael / AES is very fast, is compact and can use Keys that are 128_192_256 bits long
• Two fish key lenghts of 128_256 bits.

Asymmetric (Public Key) Cryptography:

• Relatively new, from 1970's, offering key distribution benefits from a key pair: public and private
• Public key encrypts, only the private key decrypts, ensuring security.
• PKI System
• Uses public information
• Secure in trusted manner
• Hash algorithm created in digital representation form
• CA creates certificates and has control with public keys that the CA is resposible for
• CA need information that gives proves identity. Like name / Licence

Risk Management

• Is the bad that can impact that achieve objectives
• The risk for types are strategic / compliance/ financial / operational
• The framework is a template to identify risk.
• Risk identification
• Risk assesment
• Risk mitigation
• Risk reporting + monitoring is important to report level risk remain optimal levell.
• Risk governance ensures employee act with governance

Current Trends in CyberSecurity

• Remote Workers
• Poses cyber-security risks.
• Wolf-in-sheep clothing attacks increase in sophistication
• IoT Vulnerability
• Provide security threats to users / exposing them to cyber attacks
• Machine Learning
• Improves paterns 89
• Increased focus mobile cybersecurity
• Device becomes appealing avenue of opportunity for cybercriminals
• Multi factor authentication
• MFA adds another layer of security - 2 login
• Artificial intelligence
• Cyberespionage
• Is form of gathering intelligence to a target

Malware Prevention:

• Sophisticated, malicious software desighned by professionals.

Distributed Denial-of-service

• Can desrupt reular traffic

Ransomware Protection

• Restricts acess to computer / encrypts attacks and demands a

Ransom

• Cloud Storages Security important to protect data from cyber attack
• Fire wall a service fwaas protects
• XDR Detect
• Sasse
• SCRM

Investigation Methods and Techniques

• Complex / intimidating / hard for understanding
• Types used are computer science and law to find evidence
• Cyber crime occurs by identity /analyzing and migrating computer by crime attacks
• Investigation
• Gather evidence in order to bring criminals to justice
• Broad category / wide range
• Phishing / scams is a big problem to try scam people
• Types of cyber criminals hackers / individuals access computers networks to steal
• Insider
• Types are social media / digital crimes with tools like IDA Pro

Economies of Cybercrime

• Third-largest economy WEF.
• Cybercrime 8 trillion / revenue revenue stolen money and productivity damages

Incident management

• Aims to keep from affecting operations
• Needs a response team with people that solve it and document