Cyber Security Part 2

Questions and Answers

IoT devices are not susceptible to cyber threats.

False (B)

Access is granted by default in a Zero Trust security model.

False (B)

The OSI model helps standardize communication across networks by dividing it into multiple layers.

True (A)

Application security involves developing features to protect against threats like unauthorized modification.

True (A)

SDN technology enables more hardware layers to be implemented through software.

True (A)

Network security measures are only designed to protect data after it has been transmitted.

False (B)

Cloud security is primarily concerned with protecting physical servers located on-premises.

False (B)

Endpoint security is a strategy used to create micro-segments around data whenever it may be.

True (A)

Mobile security includes strategies to prevent attacks from mobile devices accessing corporate data.

True (A)

Data Loss Prevention (DLP) is a component of endpoint security.

False (B)

Internet security measures are irrelevant when it comes to interconnected networks.

False (B)

The seven main pillars of cybersecurity include Mobile Security and IoT Security.

True (A)

Zero Trust is an outdated security model that does not apply to modern cybersecurity strategies.

False (B)

Flashcards

Computer Security

A collection of tools used to protect data and prevent hacker threats.

Network Security

Measures to protect data during transmission across a network.

Internet Security

Protecting data during transmission across interconnected networks (like the internet).

Network Security Solutions

Tools for identifying and blocking network attacks, including data controls (DLP, IAM, NAC, NGFW) and application controls.

Cloud Security

Protecting data and infrastructure in the cloud.

Endpoint Security

Protecting personal devices (desktops/laptops) with data and network security to prevent attacks.

Mobile Security

Preventing attacks on mobile devices like smartphones and tablets.

Cybersecurity Pillars

Key areas of focus for cybersecurity, including network, cloud, endpoint, mobile and IoT security.

IoT Security

Protecting Internet of Things (IoT) devices from cyber threats. This includes securing data, network connections, and preventing unauthorized access.

Application Security

Building security features into applications to prevent vulnerabilities like unauthorized access or data modification.

Zero Trust Security

A security model where no user or device is trusted by default. All access requests are verified before being granted.

OSI Model

A model that describes the different layers involved in network communication, helping to understand how data travels across a network.

SDN (Software Defined Networking)

A technology that allows network hardware functionality to be controlled through software, making networks more flexible and programmable.

Study Notes

Cyber Security Part 2

• Cyber Security is a general term for tools designed to protect data and identify hacker threats.
• Network Security protects data during transmission.
• Internet Security protects data being transmitted across interconnected networks.
• Types of Cyber Security: Network Security, Cloud Security, Endpoint Security, Mobile Security, IoT Security, Application Security, and Zero Trust.
• Network Security Solutions: Data Loss Prevention (DLP), Identity Access Management (IAM), Network Access Control (NAC), and Next-Generation Firewall (NGFW) application controls.
• Cloud Security is crucial as cloud computing adoption increases. A cloud security strategy protects the entire cloud deployment (applications, data, infrastructure).
• Endpoint Security is used to secure end-user devices (desktops and laptops) with data and network controls, threat prevention (e.g., anti-phishing, anti-ransomware), and forensics (e.g., EDR).
• Mobile Security protects mobile devices (tablets, smartphones) from threats like malicious apps, zero-day attacks, phishing, and IM attacks. Mobile Device Management (MDM) solutions ensure only compliant devices access corporate assets.
• IoT Security protects Internet of Things (IoT) devices. Threat actors can use vulnerable IoT devices as pathways into corporate networks.
• Application Security is the process of developing, adding, and testing security features within applications to prevent vulnerabilities and unauthorized access/modification.
• Zero Trust Security means no one is trusted by default. Verification is required from anyone trying to access network resources. Access is denied by default; administrators must explicitly grant permissions.
• OSI Model: A standardized, intuitive way to understand network communication. The model splits network requirements into layers.
• OSI Model Layers (from top to bottom):
  • Application: Where humans process data.
  • Presentation: Ensures data usability.
  • Session: Maintains connections.
  • Transport: Forwards data to appropriate services.
  • Network: Responsible for path packets travel on.
  • Data Link: Responsible for physical device packet routing.
  • Physical: Physical infrastructure for data transport.
  • Top 3 layers are usually implemented in software (within OS).
  • Bottom 3 layers implemented in hardware within network devices (e.g. switches, routers, firewalls)
• Layer 4 (Transport): Connects software and hardware layers. Software-Defined Networking (SDN) allows more hardware layers to be implemented via software.

Security Attacks

• Security attacks are classified as passive or active.
• Passive Attacks: Attempt to learn or use information, not affect system resources (e.g. eavesdropping, monitoring transmissions; releasing message contents, traffic analysis).
• Active Attacks: Alter system resources or affect their operation.

Caesar Cipher

• A simple encryption cipher. The Caesar cipher shifts each letter a determined number of places down the alphabet.

Description

This quiz covers various aspects of cyber security, focusing on key areas such as network security, cloud security, and endpoint security. Understand the tools and strategies used to protect data across different platforms. Test your knowledge on the latest trends and technologies in the cyber security field.