Section 2: Cyber Security and Crimes

Questions and Answers

What best describes the Internet?

• A series of connections between various devices (correct)
• A software application for browsing
• A physical location where data is stored
• A single network run by one organization

Which statement accurately defines an ISP?

• A type of malware that disrupts network traffic
• An organization that establishes connections to the internet (correct)
• A protocol that manages data transmission
• A device that secures internet connections

How should one visualize the Internet based on the content?

• As a vast ocean of data
• As a centralized server control
• As a massive set of highways for data (correct)
• As a cloud storing information

What role does an ISP play in the context of the Internet?

It facilitates the connection to send and receive data (A)

Which is NOT a function of an ISP?

Managing the content that users access online (D)

What is required before any data can be sent or received over the Internet?

An internet service provider connection (A)

Which term best describes the structure that allows devices to communicate over the Internet?

Network (A)

What is the primary purpose of an Indicator of Compromise (IOC)?

To gather evidence that indicates a network's security has been compromised (D)

How does an Indicator of Attack (IOA) differ from an IOC?

IOA focuses on the intent of attackers, while IOC focuses on the evidence of a breach (D)

Which type of threats are primarily difficult to detect using IOC-based detection?

Malware-free intrusions and zero-day exploits (D)

What is a common method for collecting IOCs?

Gathering data after suspicious incidents or unusual network activity (B)

Which of the following best describes the functionality of red teaming tools used by Twitch's internal security teams?

They prepare security teams against potential cyberattacks through simulated scenarios (C)

What is the primary function of a router in a network?

To direct traffic to the correct destination. (B)

Which of the following statements about IP addresses is correct?

IP addresses are used to identify devices across different networks. (A)

What is the main difference between an IP address and a MAC address?

IP addresses enable traffic routing, while MAC addresses are used for local communication. (A)

What format is used for an IP address?

4 sets of numbers ranging from 0-255. (B)

How does a router determine which IP address belongs to which device?

By dynamically providing IP addresses upon connection. (A)

What character set is used for a MAC address?

Numbers from 0-9 and letters from A-F. (A)

Which statement accurately describes a MAC address?

It serves as a unique identifier given by the manufacturer. (C)

Which function does not align with the purpose of IP addresses?

Providing a fixed location for every device. (B)

What is an essential characteristic of MAC addresses?

They are unique to each individual device. (B)

What is the primary function of a DNS server?

Translates domain names to IP addresses (B)

Which statement accurately describes servers?

Servers provide services to client programs. (C)

How does the router identify the specific device to send data to?

By using the device's IP address (C)

Which of the following is a characteristic of a WLAN?

Utilizes wireless mediums for communication (A)

When discussing server types, which phrase is most accurate?

Servers can run on computers alongside client programs (B)

What common misconception might users have regarding accessing the internet?

They may believe servers are hardware-only. (D)

What does the term 'client programs' refer to?

Software that provides services to other software (A)

What would occur if a DNS server was not available?

Websites could be accessed using only IP addresses. (C)

Which function is NOT attributed to a router?

Translating domain names to IP addresses (D)

In the context of the internet, which scenario depicts the role of servers effectively?

A program requesting data from another program running on a different machine. (D)

Which of the following statements is true regarding the range of modern WiFi networks?

WiFi networks are limited to a maximum range of 20 meters. (C)

What distinguishes a WiFi network from others in terms of identification?

The network’s SSID or its displayed name. (A)

Which of the following best describes cyber-crime?

Illegal activities involving a computer or network-connected device. (C)

What is a potential motive behind cyber-crimes?

Commercial espionage. (D)

Who can be affected by cyber-crime?

Individuals, businesses, and public services alike. (D)

Which type of cyber-crime is specifically aimed at inducing fear and panic?

Cyber-terrorism. (B)

What preventive action is suggested against cyber-crimes?

Securing your personal and financial information like a physical home. (B)

Why are computers considered integral to modern life?

They manage both personal and professional aspects of life. (B)

What is a common misconception regarding cyber-crime?

It is less serious than traditional crime. (B)

Which of the following is NOT a factor in identifying WiFi networks?

Device operating system. (A)

Flashcards

The Internet

A vast network connecting devices like computers, phones, and servers. It's like a highway for information traveling from one device to another.

What is an ISP?

An organization that provides access to the internet. They act like the 'gatekeepers' to the online world.

What is a network?

A collection of interconnected devices that can communicate and share information. Like a group of people talking to each other over a network.

Data Transmission

The process of sending data from one device to another over the internet.

What is an IP Address?

A unique address assigned to a device connected to the internet. It's how data knows where to go.

What is a domain name

A unique name that translates to an IP address. It's how we remember websites easily.

What is a web browser

A software program that runs on your computer and allows you to access the internet. It's like the gateway to the online world.

What is a router?

A device that acts as a traffic director in a network, ensuring data packets reach their intended destinations.

What is a MAC address?

A unique identifier for a device that connects to a network, comprised of 12 digits (numbers 0-9 or letters A-F).

Why do devices need 'names' on a network?

Every device on a network has a unique name. These names are used to identify the devices online.

What is the role of an IP address in online communication?

It's the main method used to communicate with devices online. Its numbers are in four parts, each between 0 and 255.

How do MAC and IP addresses differ in their use?

They're internal to a local network (LAN), while IP addresses are used for communication across networks.

How is a MAC Address assigned to a device?

The manufacturer assigns the MAC address to the device during production.It stays with the device throughout its lifespan.

What happens to a device's IP address when it connects to a new network?

A temporary set of numbers given by a router to a device when it joins a network.

How does a router use IP addresses?

It allows the router to correctly identify which computer or email address belongs to your recipient.

What are servers?

A program that provides services to other programs called client programs. Think of them as services that make the internet work.

What is a DNS server?

A system that translates domain names (like google.com) into IP addresses, making it easier for us to access websites.

What is a WLAN?

A wireless network that allows devices to connect without cables, commonly used at home or in workplaces.

What is data transmission?

The process by which data is sent from one device to another, typically over the internet.

What is an Indicator of Compromise (IOC)?

Evidence found on a computer that suggests a network's security has been compromised.

How is an IOC gathered?

Data collected after a suspected security breach, scheduled checks, or unusual network activity.

What's the purpose of IOCs?

Indicators of Compromise (IOCs) are used to detect suspicious files and quarantine them, making the network's security tools 'smarter'.

What is an Indicator of Attack (IOA)?

While IOCs focus on detecting compromised systems, IOAs focus on understanding the attacker's intentions and the goals they are trying to achieve.

How do IOAs differ from IOCs?

IOAs are a proactive approach that analyzes attack patterns and techniques, unlike IOCs that focus on detecting signs of compromise. They are needed to combat evolving malware and zero-day exploits.

What is WiFi?

A technology for connecting electronic devices wirelessly, often using the IEEE 802.11 standard.

What is an SSID?

A unique name that identifies a WiFi network, making it visible to other devices.

What is a cybercrime?

Any illegal activity involving a computer or network, often for financial gain, espionage, or even terror.

Why are cybercrimes committed?

The motives behind cybercrimes vary, with profit, espionage, and politics being common.

What is cyberterrorism?

A type of cybercrime aimed at causing fear and disruption, often through attacks on infrastructure or services.

Who is affected by cybercrime?

Cybercrime is a global threat, impacting individuals, businesses, and even national security.

IEEE 802.11

Modern WLANs (wireless local area networks) are typically based on this protocol.

What is the typical range of WiFi?

A range of up to 20 meters is typical for WiFi connectivity.

How are WiFi networks distinguished?

A parameter like SSID is used to distinguish between different WiFi networks.

Why are computers vulnerable to cybercrime?

Computers have become essential in all aspects of life, making them targets for cyberattacks.

Study Notes

Section 2: Introduction to Cyber Security and Cyber Crimes

• This section introduces cyber security and cyber crimes.
• Topics covered include:
  • Introduction to cyber security and basic terminology
  • Common cyber security threats
  • Cyber criminals
  • Famous attacks

Introduction to Cyber Security and Basic Terminology

• The internet is a network of connections between devices (computers, phones, servers).

• An ISP (Internet Service Provider) establishes connections to the internet.

• Routers direct internet traffic. They route messages to the correct recipient.

• Routers don't know the recipient's email address or computer name.

• Each device on a network is identified by a name, mostly comprised of numbers (IP address).

• IP address is how devices communicate online.

• A MAC address is a unique identifier for a device, given by its manufacturer.

• MAC addresses are used inside a local network (LAN), while IP addresses are used across networks.

• Servers are computer programs that provide services to other programs (clients).

• Websites are examples of services provided by servers.

• DNS servers translate domain names (e.g., google.com) into IP addresses.

WLAN and WiFi

• WLAN stands for Wireless Local Area Network.
• WLANs link devices wirelessly.
• WLANs serve the same function as wired networks (sharing data and internet).
• WiFi is a common WLAN protocol.
• WiFi uses the IEEE 802.11 protocol.
• WiFi networks have a unique name (SSID).

Cyber Crimes

• Cybercrimes are similar to traditional theft (robbery), but involve computers and networks.
• Cybercriminals have various motivations, including profit, espionage, and political goals.
• Anyone is vulnerable to cybercrime.

Cyber Crimes - Subcategories

• Fraud and financial crimes
• Cyber terrorism
• Hacktivism
• Cyber extortion
• Cyber warfare
• Crimes targeting computers
• Crimes using computers to target individuals
• Cyber intrusions
• Cyber criminals can be individuals or organized groups

Cyber Crimes - Unique Characteristics

• Financial profit is a major motivation (easy to execute, hard to trace).
• Cybercrimes can be executed from other countries (legal complexity).
• Hacking tools are readily available online.

Cyber Crime Examples

• Nigerian scams: Pretending to be in need to get money.
• Ransomware: Blocking access to data until a ransom is paid.
• Online shaming: Collecting information and blackmailing.
• Identity theft: Assuming a fake identity to gain money.
• Phishing: Masquerading as a legitimate business to get login credentials.

Famous Attacks

• Data breaches exposing personal data of millions of people (e.g., Facebook, LinkedIn).