Cybersecurity: Types of Attacks

Questions and Answers

PDF Questions PDF Answers

Information security is the support structure that prevents unauthorized access, modification, destruction or disclosure of information during its creation, transmission, processing, maintenance or ______.

storage

Network Security is used for protecting data during their transmission from one computer to ______.

another

The main three objectives in any security plan are: Confidentiality, ______, Availability.

Integrity

Confidentiality requires that the information in the computer system only be accessible for reading by authorized ______.

parties

Integrity requires that computer system assets (Hardware, Software, and Data) can be modified by authorized ______.

parties

Good integrity includes the assurance that data leaving point A and arriving at point B arrives without ______.

modification

An Attack: An action of malicious intruder that exploits vulnerabilities of the system to cause a threat to occur. Types of attacks: - ______ and Internal attacks

External

External attacks come from outside the trusted network. If an attack occurs from any untrusted point, it can be categorized as an ______ based attack

external

Internal attacks come from within the trusted network. If an attack occurs from within any trusted point, security categorizes it as an ______ attack

internal

A structured attack is an attack that is carried out by an individual who has discernible characteristics. Those characteristics are means, determination, knowledge, funds, and time. The job of the information security specialist is to make the attacker’s job as difficult as possible and provide countermeasures to identity attacks and attackers before they complete their ______

quest

An unstructured attack is one carried out by an individual who does not have sufficient knowledge and experience to carry out an attack. Because the Internet contains such a vast repository of hacker tools and utilities, a simple Google search will provide anyone with pre-built tools that can be executed with a simple click of the ______

mouse

Structured attack: A structured attack is an attack that is carried out by an individual who has discernible characteristics. Those characteristics are means, determination, knowledge, funds, and ______

time

A defense-in-depth security model uses multiple layers of defense so that, if one layer is compromised, it does not necessarily mean that the ______ will be able to access all the resources on your network.

attacker

A defense-in-depth model increases an ______ risk of detection and reduces an attacker’s chance of success.

attacker's

The base layers of the defense-in-depth model are: - Policies, procedures, and awareness layer. This foundational layer affects every other defense-in-depth layer. Components in this layer include security policies, security procedures, and security education programs for ______.

users

Physical security layer. This layer wraps around the remaining five core layers. Components in this layer include security guards, ______, and monitoring devices.

locks

Examples include: - Perimeter layer. Hardware or software firewalls, or both. - Internal network layer. Network segmentation, Internet Protocol security (IPSec), and network intrusion-detection systems ______.

(NIDS)

A security strategy for an organization is most effective when data is protected by more than one layer of security. A defense-in-depth security model uses multiple layers of defense so that, if one layer is compromised, it does not necessarily mean that the attacker will be able to access all the ______ on your network.

resources

Good integrity assures that point A and point B are indeed who they claim to be. Modification includes writing, changing, deleting, and creating. Availability requires that computer assets (Hardware, Software, and Data) are available to authorized parities. Availability is the attribute that ensures the reliable and timely access of resources to authorized individuals. A security professional needs to understand the meaning of security related words. These words are: vulnerability, threat, countermeasure, subject, ________.

object

Object - An entity containing or receiving information; Access to an object usually implies access to the information that it contains. Subject - Generally a person, process, or device that causes information to flow among objects. Vulnerability - A point of weakness within a system that can be exploited by attackers to make a successful attack. Threat - Something that is a source of danger; that can be exploited or cause harm to a system. Countermeasure - Reducing the impact of an attack, detecting the occurrence of an attack, and/or assisting in the recovery from an attack. Achieving Security To achieve security we need the followings: Policy What to protect? Mechanism How to protect? Assurance How good is the protection?

mechanism

Good integrity assures that point A and point B are indeed who they claim to be. Modification includes writing, changing, deleting, and creating. Availability requires that computer assets (Hardware, Software, and Data) are available to authorized parities. Availability is the attribute that ensures the reliable and timely access of resources to authorized individuals. A security professional needs to understand the meaning of security related words. These words are: vulnerability, threat, countermeasure, subject, ________.

object

Object - An entity containing or receiving information; Access to an object usually implies access to the information that it contains. Subject - Generally a person, process, or device that causes information to flow among objects. Vulnerability - A point of weakness within a system that can be exploited by attackers to make a successful attack. Threat - Something that is a source of danger; that can be exploited or cause harm to a system. Countermeasure - Reducing the impact of an attack, detecting the occurrence of an attack, and/or assisting in the recovery from an attack. Achieving Security To achieve security we need the followings: Policy What to protect? Mechanism How to protect? Assurance How good is the protection?

mechanism

Good integrity assures that point A and point B are indeed who they claim to be. Modification includes writing, changing, deleting, and creating. Availability requires that computer assets (Hardware, Software, and Data) are available to authorized parities. Availability is the attribute that ensures the reliable and timely access of resources to authorized individuals. A security professional needs to understand the meaning of security related words. These words are: vulnerability, threat, countermeasure, subject, ________.

object

Object - An entity containing or receiving information; Access to an object usually implies access to the information that it contains. Subject - Generally a person, process, or device that causes information to flow among objects. Vulnerability - A point of weakness within a system that can be exploited by attackers to make a successful attack. Threat - Something that is a source of danger; that can be exploited or cause harm to a system. Countermeasure - Reducing the impact of an attack, detecting the occurrence of an attack, and/or assisting in the recovery from an attack. Achieving Security To achieve security we need the followings: Policy What to protect? Mechanism How to protect? Assurance How good is the protection?

mechanism

Study Notes

Information Security

• Security is the support structure that prevents unauthorized access, modification, destruction, or disclosure of information during its creation, transmission, processing, maintenance, or storage.

Security Types

• Information Security: protects information and its elements, including systems, hardware that use, store, and transmit information.
• Computer Security: protects data in the computer.
• Network Security: protects data during transmission from one computer to another.

Security Objectives

• The three main objectives in any security plan are: Confidentiality, Integrity, and Availability (CIA triad).

Confidentiality

• Ensures that information in the computer system is only accessible for reading by authorized parties.
• Includes printing, displaying, and other forms of disclosure.

Integrity

• Ensures that computer system assets (Hardware, Software, and Data) can be modified by authorized parties.
• Includes writing, changing, deleting, and creating.
• Ensures data transmission without modification.

Availability

• Ensures that computer assets (Hardware, Software, and Data) are available to authorized parties.
• Ensures reliable and timely access of resources to authorized individuals.

Security Terminology

• Object: an entity containing or receiving information; access to an object implies access to the information it contains.
• Subject: a person, process, or device that causes information to flow among objects.
• Vulnerability: a point of weakness within a system that can be exploited by attackers.
• Threat: something that is a source of danger; can be exploited or cause harm to a system.
• Countermeasure: reduces the impact of an attack, detects the occurrence of an attack, and/or assists in the recovery from an attack.

Achieving Security

• Policy: determines what to protect.
• Mechanism: determines how to protect.
• Assurance: determines how good the protection is.

Attack

• An action of a malicious intruder that exploits vulnerabilities of the system to cause a threat.
• Types of attacks: External and Internal attacks, Structured and Unstructured attacks.

External and Internal Attacks

• External Attacks: come from outside the trusted network.
• Internal Attacks: come from within the trusted network.

Structured and Unstructured Attacks

• Structured Attack: an attack carried out by an individual who has discernible characteristics (means, determination, knowledge, funds, and time).
• Unstructured Attack: an attack carried out by an individual who lacks sufficient knowledge and experience.

Defense-in-Depth Model

• A security strategy that uses multiple layers of defense to protect data.
• Layers include: Policies, procedures, and awareness layer, Physical security layer, Perimeter layer, Internal network layer, and others.
• Increases an attacker's risk of detection and reduces their chance of success.

Description

Learn about different types of cyber attacks in the field of cybersecurity. Explore external attacks that originate outside the trusted network and internal attacks that come from within the trusted network.