Cybersecurity Basics Quiz

Questions and Answers

What is the primary focus of cybersecurity?

Protecting digital assets from unauthorized access and misuse

Ensuring the availability of computer systems

Maintaining the confidentiality of sensitive information

All of the above (correct)

Which of the following is NOT a common type of cybersecurity threat?

Natural disasters (correct)

DDoS attacks

Malware infections

Phishing attacks

What is the purpose of a firewall in cybersecurity?

To prevent unauthorized access to a network (correct)

To encrypt sensitive data in transit

To detect and block malicious software

To authenticate users and control access to resources

What is the role of a security audit in cybersecurity?

To assess the effectiveness of security controls (B)

Which of the following is NOT a fundamental principle of cybersecurity?

Transparency (C)

Study Notes

Cybersecurity Essentials - Module 2

• Learning Objectives: Explore password management, identify strong/weak passwords, create password policies, understand password cracking methods (brute force, dictionary, rainbow), learn about hashing, manage passwords effectively, understand password policies, learn how to create better passwords, and grasp password confidentiality. Discuss password reuse, expiration, and MFA (Multi-factor authentication). Also, explore differences between SFA (Single-factor authentication), 2FA (Two-factor authentication), and MFA.

Password Cracking

• Definition: Password cracking is gaining a valid password through unauthorized means.
• Methods:
  • Brute-force: Tries many passwords.
  • Dictionary: Uses words from dictionaries or common lists.
  • Rainbow: Uses pre-calculated hashes of common passwords to accelerate the process.

Hashing

• Definition: Transforming an input (like a password) into a shorter, fixed-length output string (a hash). It's a one-way process, meaning you can't reliably determine the original input from the hash.
• Purpose: Hashes are used to store passwords securely without saving the actual passwords. 

Managing Passwords

• Importance: Strong passwords are essential for online security.
• Statistics: 80% of company data breaches are caused by weak or stolen passwords.
• Strategies:
  • Each online account needs a unique password.
  • Employees require training on password management and data security.

Password Policies

• Definition: A set of rules to guide the use of strong passwords.
• Components:
  • Minimum length (e.g., 12 characters).
  • Mixture of upper/lower case letters, numbers, and special characters.
  • Unique password for each account/device.
  • Mandatory password changes (every 6-12 months).
  • Employee training on cyberattacks.
• Employee Responsibilities:
  • Never reuse or recycle passwords.
  • Never share passwords (not even with the CEO).
  • Never write passwords down.
  • Never store passwords in a digital file.

Creating Better Passwords

• Password Strength: Use 12 characters minimum; avoid using names, places, dictionary words, or PII; use upper/lower-case letters, numbers, and special characters; use random characters; and utilize passphrases.
• Hacker Tactics: Hackers have access to databases of common passwords, movie/song quotes, dictionary words, and encyclopedia entries.

Password Confidentiality

• Company Policy: Companies should never ask employees or customers for their passwords.
• Employee Awareness: Employees are less likely to fall victims of phishing scams when they understand their company will never ask for passwords.
• Data Sharing: Avoid sharing passwords with anyone, including superiors or IT departments.
• Admin Rights: IT staff should exercise administrative rights carefully; they can conduct work using their own login IDs.

Password Reuse

• Risks: Using the same username and password for multiple accounts makes hacking attempts easier.
• Examples of Common Passwords: '12345', 'password', etc.

Password Expiration

• Frequency:  Historically, some companies required password changes every 90 days.
• Risk Mitigation: Longer password intervals can reduce risky behavior.
• Security Considerations: Password expiration is helpful, up to a point, as excessively frequent password changes can become counterproductive, leading to frustration and security risks.

Single-Factor Authentication (SFA)

• Definition: Logging in with a single credential.
• Vulnerabilities: SFA exposes the user to attacks like keystroke logging and phishing.

Two-Factor Authentication (2FA)

• Definition: Logging in with two credentials such as a password combined with a physical device.

Multi-Factor Authentication (MFA)

• Definition: A more secure approach of authentication using multiple  authentication factors that requires more than one credential to gain access, which significantly reduces risks for breaches and phishing attacks.
• Methods: Something you know (PIN, password); something you have (token, device); something you are (biometrics); somewhere you are (geolocation).

Identification Factors

• Components: Something one knows, something one has, something one is.

Single Sign-On (SSO)

• Purpose: Verifying users for connected accounts/apps requiring only one-time login.
• Benefits: Simplifies and speeds up access to company resources, employees only need to log in once.

Logs

• Purpose: Documenting user actions and system responses.
• Usages: Troubleshooting, security analysis, forensics, hacking, and user activity tracking.

Tracking

• Software: Operating Systems, Browsers, Extensions, Resolution, Fonts, Time Zone, Language, and Browsing Activity.

Cookies

• Purpose: Tracking browsing activity and personal information.

Browsing History

• Purpose: Documenting recent and commonly visited sites.

Non-repudiation

• Definition: Certainty that a message between two parties is genuine. 
• Methods: Video, biometrics, signatures, and receipts.

Device Hardening

• Process: Securing hardware and software to minimize vulnerabilities.
• Steps: Disabling unnecessary features, updating firmware, OS, and software, using firewalls, VPNs, and anti-malware.

Apps and OSes

• Protection: Auto-updates for PCs, phones, tablets, and routers are crucial for security. Outdated systems are prime targets for hackers.
• Security Actions: Secure apps, OSes, and drivers using trusted sources, checking digital signatures, and updating regularly.

Patches/Updates

• Definition: Patches and updates resolve security flaws in apps and OSes.

Firmware Updates

• Definition: Software instructions to hardware.
• Components: BIOS passwords, firmware passwords, BIOS, secure boot, TPM, and drive encryption. These elements aid in safeguarding the system from unauthorized alterations.
• TPM: A chip that manages encryption keys, acts as protection from tampering.

Encryption

• Definition: Transforming readable data into an unreadable format.
• Types: Symmetric (same key for encryption and decryption), Asymmetric (separate keys for encryption and decryption).
• Use cases: Hard drives, phones, thumb drives, and network layers.

Disabling Features and Ports

• Purpose: Preventing unauthorized access to data and systems based on function and port use. 

Zero-Day Attacks

• Definition: New attacks that don't have patches.
• Mitigation: Use VPNs, IDS/IPS, and follow general security hygiene standards.

Apps that Harden

• Software Categories: Antivirus, anti-malware, anti-spyware, software firewalls, and VPNs (Virtual Private Networks).

Firewalls and VPNs

• Protection: Keep unauthorized access out of the system and off the network; monitor, block, and secure network connections.

Open Wifi vs Secure Wifi

• Open Wifi: Unencrypted, vulnerable to attacks.
• Secure Wifi: Encrypted and safer.
• Security Tips (for open wifi): VPN to encrypt your traffic. Avoid using open wifi for sensitive activities like banking.

Default Passwords

• Risk:  Hackers frequently use default login credentials.
• Prevention: Change all default login credentials and use strong passwords.

Email Management

• Purpose: Classify and triage emails.
• Methods: Keep inbox organized; use folders; filter with rules; unsubscribe; and turn off notifications.

Spam

• Definition: Unsolicited bulk digital communication (e.g., email, text, social media).
• Content: Emails, text messages, instant messages, robocalls, social media posts. Can contain malicious content, steal personal information, or join systems to botnets. 
• Mitigation: Use email settings to block spam; use alternative email addresses if necessary.

Phishing

• Definition: Fraudulent communication designed to trick users into sharing sensitive information. 
• Tactics: Hackers exploit fear, greed, or urgency to coerce users into hasty decisions. 
• Spotting Phishing Tactics: Examine the text, logos, and URLs in suspicious emails carefully for errors.

Cryptographic Hashes

• Purpose: Create short strings of numbers and letters through algorithms designed to transform passwords and files; useful in data security, but not used to recover passwords.

Description

Test your knowledge about the fundamentals of cybersecurity with this engaging quiz. Explore key concepts including threats, security measures, and principles essential for protecting information systems. Perfect for students and professionals alike!