Understanding Cyber Security Basics

Questions and Answers

Which of the following best describes security in the context of cybersecurity?

• A software that automatically removes all computer viruses.
• Protection against potential harm, unwanted coercion, and assurance of information wellbeing. (correct)
• The use of complex algorithms to encrypt data.
• A state of complete invulnerability to all threats.

Cybersecurity primarily focuses on protecting physical assets rather than digital information.

False (B)

What are two key factors that make computer administration and management more complex from a security perspective?

Increased complexity and attack avenues

Protecting the ______, integrity, and availability of computer systems and their resources is important.

confidentiality

Match the following security terms with their descriptions:

Confidentiality = Ensuring information is accessible only to authorized individuals. Integrity = Ensuring information is accurate and complete. Availability = Ensuring information is accessible when required without delay. Non-repudiation = Ensuring authenticity of signature on a document.

An organization focuses on implementing access controls, firewalls, and intrusion detection systems. These efforts primarily fall under which layer of security?

Network Security (A)

A 'threat' in cybersecurity is simply a potential weakness in a system's design.

False (B)

Define the term 'exploit' within the context of cybersecurity.

A way to breach the security of an IT system through vulnerability

An individual who breaks into computer systems with malicious intent is known as a ______, attacker, or intruder.

cracker

Match the following attacker types with their descriptions:

Misfeasors = Authorized users who misuse their access permissions. Masqueraders = Attackers posing as authorized users to attack the system. Clandestine Users = Insiders or Outsiders who obtain their own, distinct unauthorized access to a system

An attacker modifies financial records stored on a company's server. What is the MOST likely primary goal of this attacker?

Tempering (D)

A primary motive for cybercrime is simply to test the limits of one's technical abilities.

False (B)

Name two ways cyber security experts help organizations maintain and improve cyber security

Identify threats and protect data

______ and risk management involves identifying potential risks to computer systems and implementing appropriate security controls to minimize those risks.

security

Match the following areas with appropriate security practices:

Using two-way authentication = Protecting user access Installing regular updates = Maintaining system security Avoiding Phishing Scams = Improving User Practices

Which type of cybersecurity focuses on protecting devices like desktops and laptops, especially with advanced threat prevention technologies?

Endpoint Security (B)

Application security primarily focuses on the physical security of servers hosting those applications.

False (B)

Define ethical hacking.

to identify and resolve securities

Ethical hackers, also known as '______', are security experts who use their skills to improve an organizations security posture.

white hats

Match the concepts of ethical hacking with their descriptions:

Stay legal = Obtain proper approval for security assessment. Define the scope = Determine the extent of assessment. Respect data sensitivity = Adhere to non-disclosure agreements.

Which of the following BEST describes the key difference between an ethical hacker and malicious hacker?

Ethical hackers have permission to probe for vulnerabilities. (A)

Expertise in scripting languages is not a requirement for ethical hacking.

False (B)

What is the initial goal of ethical hacking?

Reconnaissance

After reconnaissance, ethical hackers look for ______ against the asset.

vulnerabilities

Match the vulnerability with their description:

SQL Injection = An attack that exploits vulnerabilities in a database system Sensitive Data Exposure = Data at risk Weak Passwords = Passwords that are difficult to remember

Kevin Mitnick is primarily known for what?

Being a highly sought after hacker (B)

Albert Gonzalez is notorious for orchestrating one of the largest retail store thefts in US history.

True (A)

Name the malware used in the US and Israel cyber attack on Iran.

Stuxnet

According to research, ______ in ten URLS are malicious.

one

Match the security accident with the descriptions

Malware attacks = Malicious software attempting to infiltrate a system Identity Theft = Fraudulent actions using personal data Packet Sniffing = Intercepting data transmitted over a network

Why are home computers easy targets for cyber attacks?

low level of security awareness (C)

Computer secure is not needed if PC's are disconnected from external networks.

False (B)

Name the three types of data security controls.

Preventative, Detective and Corrective

Controls that protect the physical environment where information systems and assets are housed are called ______ controls.

physical

Match the terms in ethical control

technical controls = firewalls logical controls = user authentication Operational controls = incident response procedures

A penetration is an approach to:

authorized simulated attack (B)

Penetration testers use different tools and techniques in comparison to attackers.

False (B)

Name four reasons for penetration testing

Weakness in systems, determine the robustness, data privacy, and security regulations

After reconnaissance, the next step is ______, where pentesters use tools to examine the system for weaknesses.

scanning

Match the phases of the testing with:

Reconnaissance = Gather as much information about the target Scanning = Pen testers use tools to examine the target website or system for weaknesses Gaining Access = Use the best tools and techniques to gain access to the system

Which type of pentesting allows you to see how attack patterns affect webapps and their security controls?

web apps (A)

Flashcards

What is security?

Protection against potential harm caused by others, achieved by limiting their freedom to act.

IT Security

Refers to methods, tools, and personnel used to protect an organization's digital assets.

Cyber Security

Designed to protect networks and devices from external threats.

Computer Security

Protecting the confidentiality, integrity, and availability of computer systems and their resources.

Confidentiality

Ensuring information is accessible only to authorized individuals.

Integrity

Ensuring information is accurate, complete, reliable, and in its original form.

Non-repudiation

Ensuring that a party cannot deny the authenticity of their signature on a document.

Availability

Ensuring information is accessible to authorized persons when required without delay.

Threat

An action or event that has the potential to compromise and/or violate security.

Vulnerability

Existence of a weakness that can lead to an undesirable event compromising the security of the system.

Exploit

A defined way to breach the security of an IT system through a vulnerability.

Data Theft

Any action of stealing information from the users' system.

Attack

Any action derived from intelligent threats to violate the security of the system.

Cracker/Attacker

An individual who breaks into computer systems in order to steal, change, or destroy information.

Misfeasors

Authorized users gaining unauthorized access to resources or misusing their authorization.

Masqueraders

Using authorized user's access to enter a system and then, posing as that user.

Clandestine Users

Insiders or outsiders who obtain their own, distinct unauthorized access to a system.

Identity theft

Gaining unauthorized access to someone's personal information.

Tempering

Unauthorized editing of data.

Trophy Grabbing

Stealing valuable information or files.

Service theft

Unauthorized use of service.

Information theft

Theft of confidential or sensitive information.

Denial of Service

Making a service unavailable.

Cyber Security Experts

Finding and fixing weaknesses within a company's infrastructure.

Asset security

Analyzing networks, computers, routers, and wireless access points.

Security architecture

Standardizing security policies and procedures

Communication security

Regulating cloud storage and data transfer

Identity and access

Tracking user authentication and accountability.

Security operations

Monitoring security to identify attacks.

Security assessment

Testing security policies to ensure compliance with industry standards.

Development security

Creating and repeatedly testing code.

Risk management

Identifying potential risks and implementing appropriate security controls.

Authentication

Using two-way authentication

Firewalls

Using firewalls to disable unwanted services

Cybersecurity practice

A practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.

Endpoint Security

Endpoint security secures end-user devices with data and network controls and forensics.

Cloud Security

Cloud security solutions, controls, policies, and services that protect an organization's cloud deployment.

Mobile Security

Securing mobile devices and preventing threats from malicious apps, phishing, and rooting/jailbreaking.

Application Security

Preventing attacks and interaction with applications and APIs.

Purpose of Pentest

Finding weaknesses in systems

Study Notes

What is security

• Security protects against potential harm or unwanted coercion
• Security is a state of wellbeing of information and infrastructure.
• Security for IT involves methods, tools, and personnel to defend digital assets.

Why Security?

• Computer security protects the confidentiality, integrity, and availability of computer systems.
• Management is complex, producing more attack avenues since computer admin has become more complex.
• Network environments and applications provide more attack paths.
• The skills needed for exploits has decreased, coinciding with technology focusing on ease of use.

Cyber Security

• Cyber Security is a process to protect networks and devices from outside threats
• Cyber security defends computers, servers, mobile devices, systems, networks, and data from attacks.
• Businesses use Cyber Security professionals to protect data, maintain productivity, and enhance customer confidence.

Are our Information Assets SECURE?

• It's a misconception that security isn't needed because nobody knows about you or a firewall is installed.
• IT isn't the only responsibility for implementing security; it is a business responsibility.

Computer Security

• Security is the wellbeing of information and infrastructure.
• Computer security protects computer systems and the information a user stores or processes.
• End users need to focus on various security threats and countermeasures to protect their assets.

Potential Losses

• Security attacks can result in misuse of computer resources, data loss/theft, and trust loss.
• Attacks can result in financial loss, unavailability of resources and identity theft.

Elements of Security

• Confidentiality ensures authorized access to information (ISO-17799).
• Integrity ensures accurate, complete, and reliable information in its original form.
• Non-repudiation ensures a party cannot deny the authenticity of their signature on a document.
• Authenticity identifies and assures the origin of information.
• Availability ensures information access for authorized persons without delay.

Layers of Security

• Physical Security safeguards personnel, hardware, networks, and data from physical threats
• Network Security protects networks and their services from unauthorized modification, destruction, or disclosure.
• System Security protects the system and its information from theft, corruption, unauthorized access, or misuse.
• Application Security protects applications from external threats.
• User Security ensures a valid user is logged in and can use an application/program.

Common Terms

• A threat is an action that can compromise security.
• Vulnerability is a weakness that can lead to an undesirable event, compromising security.
• Exploit is breaching an IT system's security through vulnerability.
• Data theft is stealing information from users' systems.
• An attack violates system security.
• An intruder breaks into computer systems to steal, change, or destroy information.

Attacker Types

• Misfeasors are authorized users misusing their authorization and gaining access to resources.
• Masqueraders pose as authorized users to attack the system.
• Clandestine users, whether insiders or outsiders, infiltrate the system without permission.

Common Goals of Attackers

• Identity Theft
• Tempering
• Trophy Grabbing
• Service Theft
• Information Theft
• Denial of Service (DoS)

Cyber Criminal Motive

• The main motivation behind cybercrime is to disrupt business activity and critical infrastructure
• Cybercriminals manipulate stolen data to impact finances, reputations, military objectives, and beliefs.

Cyber Experts

• Cyber Security experts identify threats and protect data in response to data breaches
• They assess weaknesses in a company's infrastructure
• Cyber security experts monitor systems for malicious content.
• These experts identify network breaches
• Cyber Security experts install software updates, firewalls and antivirus software.
• They also strengthen areas where attacks may have occurred.

Common Cyber Security Domains

• Asset security analyzes networks, computers, routers, and wireless access points.
• Communication and network security regulates cloud storage and data transfer.
• Security operations monitor security to identify attacks.
• Software development security creates and repeatedly tests code.
• Cyber Security architecture and engineering standardizes security procedures.
• Identity and access management tracks user authentication and accountability.
• Security assessment and testing tests security policies to ensure compliance with industry standards.
• Security and risk management identify potential risks and implement security controls.

Best Practices by Experts

• Implementing two-way authentication and securing passwords enhances security.
• Also enhancing security includes installing regular updates and running antivirus software.
• Using firewalls is important to disable unwanted services as well as avoiding phishing scams.
• Employing cryptography/encryption, securing domain name servers/DNS, and being aware are important for security.

Types of Cybersecurity

• Network Security identifies/blocks attacks over the network.
• The types of network security includes Data Loss Prevention (DLP) and Identity Access Management (IAM).
• More types of network security include NAC (Network Access Control) and NGFW (Next-Generation Firewall).
• More types of network security includes IPS (Intrusion Prevention System) and NGAV (Next-Gen Antivirus).
• Network analytics and threat hunting are also important with automated SOAR (Security Orchestration and Response).
• IDS (Intrusion Detection System)

Types of Cybersecurity

• End-user devices can be secured with endpoint security as they contain data and network security data.
• Advanced Threat prevention like anti-phishing, anti-ransomware with endpoint detection and response provide technology.

Types of Cybersecurity

• Cloud Security includes cyber solutions, controls, policies, and services that help protect against cloud deployment
• An organizations entire applications, data, infrastructure, etc are protected.
• These protections are against attack and also offers security solutions but can be lacking.

Types of Cybersecurity

• Mobile Security can prevent attacks and secures devices from rooting and jailbreaking.
• Mobile Security is important because tablets and smartphones have access to corporate data.
• Mobile security protects against threats from malicious apps, zero-day, phishing, and IM (Instant Messaging).

Types of Cybersecurity

• Application Security secures web applications against threat actors aimed at internet connected devices.
• Application security prevents bot attacks as well as malicious interactions with applications and APIs.

Ethical Hacking

• Ethical hacking is about unauthorized attempts to gain access to systems, applications, or data to resolve vulnerabilities.

Who Is a Hacker?

• Hackers have computer skills used to explore into the computer’s hardware and software
• Some hackers aim to find computers or networks that they can compromise, viewing it as a hobby.
• Some hackers can have malicious intent for their escapades (stealing credit/identity info)
• Others use the gain knowledge so they can do illegal things.

Hacker Classes

• Black hat Hackers use computes skills to destroy systems (also known as crackers).
• White hat Hackers use computes skills for defensive purposes and also known as security analysts.
• Gray Hat hackers work in both defensively and offensively.
• Suicide hackers are not concerned about facing jail time for breaking systems.
• Script Kiddies are unskilled hackers who use scripts, tools, and software by real hackers.
• Spy hackers are employed by organizations.
• Cyber terrorists cause disruption of computer networks.
• State sponsored hackers penetrate and damage information systems of other governments.

Ethical Hacker

• Ethical hackers perform security assessments to improve an organizations security posture, they are also known as white hats.

Key Concepts of Ethical Hacking

• To be legal, ethical hackers must obtain proper approval before assessment.
• The ethical hackers should define a scope and be within approved compliance.
• Report found vulnerabilities and must also provides fix advice.
• Respect data, ethical hackers and the assesed org must agree to Non-Disclosure

Ethical Hacker vs Malicious Hacker

• Ethical hackers help the technology of organization and report vulnerabilities to provide remediation advice.
• Malicious hacker intend to gain access either for financial gain or recognization.
• Some deface websites for reputation damage or financial loss.

Skills Required

• Expertise in scripting languages and operating systems is required of ethical hackers.
• A thorough knowledge of networking as well as a solid foundation of information security is required.

What Hacking Identify

• Hackers gain information about targets and perform reconnaissance and look for attack vectors.
• Vulnerabilities against assets are looked at manually & automatically by ethical hackers
• Use exploits against the vulnerabilities to prove a malicious attacker could exploit

Common Vulnerabilities

• Some common Vulnerabilities include, SQL Injection attacks, broken authentication and Security misconfigurations.
• Use of components with known vulnerabilities, Sensitive data exposure, Coding bugs and weak passwords are all vulnerabilities.

Famous Hackers

• Kevin Mitnick served a five-year sentence as one of the most wanted hackers.
• He was the subject of a Hollywood movie released in 2000 and a documentary released in 2001 also.
• Gary McKinnon is the biggest, hacked 97 NASA and Unitid States military computer in NASA.
• Albert Gonzalez stole 130 million card numbers, its also the largest retail store theft in US history

Major Cyber Security Incidents

• The US and Israel launched a cyberattack on Iran using malware named Stuxnet in 2010.
• Reportedly, 1/5 of Iranian nuclear centrifuges were damaged.
• The largest Cyber Attack on the internets backbone happened in 2016.
• Targets included Amazon, BBC, CNN, Netflix, and Twitter.
• It achieved disruption via hackers.
• Edward Snowden defected the US in 2013.
• Snowden released information of many attacks.

Other Cyber Security Incidents

• Cambridge Analytica was working on Pakistan to recuse politicians during a campaign to smear.
• The report was over the collection of data from young Pakistani students to tweak the Operating system
• Allegedly hired Cambridge Analytica to influence Pakistan voters with proven results on Trump in the USA
• Cambridge Analytica also accused to Play a role in Brexit.
• Cambridge Analytica also linked with NATO and involved Islamic state and al-Qaeda terrorist on behalf of American States

US Elections Hacked

• 2016 US Presidential elections was impacted by server Cyber attacks
• 1 month after 2018 Midterms election, the Email systems was affected on republican committee
• Reportedly hacked by government agents and gained NRCC

Examples of Security Threats

• 500 Chrome Extensions were stealing of Private users data of 1.7 million users (google had malware injector ads)
• Symantec reports one in then malicious

Security Risks

• Home User are prone and easy targets (cyber attacks , lower lever of security)
• The home cause accidents (physical and Damages , computer attacks, accidental)
• The hacker might user your computer to continue other attacks while steal information

What to Secure ?

• Hardware - Laptops, CPU, hard disk, storage devices, Cables.
• Software - Applications and Systems.
• Information - Credit card numbers, password and social Security Numbers.
• Communications - Browsing activities, instant messengers, and emails.

What Makes A Home Computer Vulnerable?

• Home PC are Vulnerable to low level of security awareness, the defaul computer & Applications
• Home PC are none to little in security system and not always following security policies & guidelines

What Makes a System Secure?

• Systems help protection over loss, malicious and not autorhized access - Data/System, user and security admin controls
• Systems use measures secure such as system settings, policy implement and monitoring system State with Legal/Auth to follow.

Benefits of Computer Security Awareness

• Minimizing Chances of Attacks, prevention of los information, preventing cyber criminals from other launching and more.
• Allows user Protection of resources/Sensitive Data.

Types of Information Security Controls

• There are three types of security controls
  • Preventive controls are intended to help prevent cyber incidents
  • Detective controls are designed to recognize attacks while they are in progress and provide alerts to security teams
  • Corrective controls come into play after a security incident and are intended to help minimize damage from an attack or to restore business systems

Classification of Information Security Controls

• Administrative Controls. include policies, procedures, and guidelines to manage an organs program
• Technical Controls. protect information systems and data. (encryption, firewalls, intrusion systems)
• Physical Controls. Protect the system via Locks - guards - surveillances
• Logical Controls. To provide data protection through user auth, autorization mechanisms and monitoring
• Operational Controls: Security on day- to day basis.
• Compliance Controls: Compliance ensure regular laws with documentation.

Penetration Testing

• Pen Testing: its like an authorized Simulators. Test security for the computer.
• Business will understand the impact
• The tests are simulated to find attacks in a business and have insights on the current state that pen testing has the ability to help .

Purpose of Pentest

• To test the weaknesses and determine the system controls for data privacy compliance.
• Also provide the example on security as well as the budget for managers.

Phases of Pen Testing

• Penetration testing's phases includes Reconnaissance and information gathering to inform about attacks
• Penetration testing phases included scanning examine for weakness - includes services and vulns
• Penetration testing helps to gain access to system tool such as SQL / Mal and Eng.
• Penetration testing needs to maintain access as well to accomplish the goals of exfiltrating data, modifying it, or abusing functionality.

Types of Pen Testing

• Web Apps pen testing includes security test to find hidden vulnerabilites through attacks pattern.
• Mobile app test both manual (codes) and automatice to find vull through a device to test its server functions.
• Mobile device Pen Testers test binaries for vulnerabilities
• Networks. Experts employ a checklist that includes test cases for encrypted transport protocols SSL to use external tools.
• Cloud. Security is a share role there for its required specialize with skill of Encryption API, Database Security with cloud storage.