CYSE 101 001 Fall 2024 Midterm Study Guide PDF

Summary

This document is a study guide for a midterm exam in cyber security. It includes topics like Linux commands, cyber security basics and concepts, types of cyber-attacks, and access controls.

Full Transcript

CYSE 101 001 Fall 2024 Midterm Study Guide
**DISCLAIMER: This study guide does not guarantee all the topics below will be on the exam. It is a
condensed summary of the lecture slides up until this point in the semester. Topics not on the exam will
be stated explicitly below. Please continue to read through the lecture slides to learn the content
thoroughly.

Please study:

1. Quizzes
2. Lecture Content Below (Linux Commands Presented Below and Theoretical Topics)

Week 1:
Intro to CYSE 101 and Cyber Security Basics
CIA Triad
o Confidentiality
o Integrity
o Availability
▪ Why are these important? What do they stand for? What does each try to
protect?
Linux Commands:

Week 2:
Cyber Security Design Fundamentals:
Be able to differentiate between the different types of cyber-attacks on Slide 3 of lecture slide
deck (just basic definition of what they do)
o APT
o Social Engineering
o Phishing (as a form of social engineering)
o Ransomware
o Unpatched software
Differentiate between threats, vulnerabilities, and risks
o Threat – something a [person, software, nature] does to exploit a vulnerability that
affects one of more portions of the CIA triad.
o Vulnerability – The weakness/flaw in your architecture that has the potential to be
exploited.
o Risk – when a threat has the potential to exploit a vulnerability.
How do we calculate risk for asset(A)?
o Risk(A) = Threat(A) * Vulnerability(A)
 ▪ Repeat this calculation for the sum of all assets.
Countermeasures:
o Things we do to control/mitigate risk.
o Think of the example of using thumb drives that house the companies’ data that need to
go inside a safe
o Physical
▪ Ex – Placing the thumb drives in a safe to prevent theft.
Things we as humans conduct in person.
o Logical/Technical
▪ Make sure thumb drives are encrypted using a stable encryption algorithm.
Digital protocols that be placed/inserted/influence our assets.
o Administrative
▪ Safe can only be accessed from 9am – 5pm via a corporate policy
Policies instantiated that must be followed
What is a virtual machine?
o Understand the layering system of Guest OS, Hypervisor, Host OS, and Hardware

Week 3:
Identification and Authentication
Distinguish between identification, authentication, and authorization (don’t worry about
verification)
o Identification:
▪ Associating an identity with a subject
o Authentication:
▪ Establishing the validity of something, prove you are who you say you are
o Authorization
▪ Associating rights or privileges with a subject (what they are allowed to do in a
system)
Authentication Types:
o Something you:
▪ Are

▪ Know

▪ Have

▪ Somewhere you are
o Try to have 2 or more of these in multi-factor authentication.
 Password Complexity
o Why is it important? How do we build strong passwords?
o Will NOT be asked to do math on how many passwords can be cracked in X seconds
General importance of /etc/passwd and /etc/shadow file, don’t need to memorize the specific
elements of an entry in each file.
What is Social Engineering:
o Exploit humans to reveal private information, access credentials, or secrets.
o Many times, this happens on social media, emails, in person, over the phone, etc.
Shoulder Surfing:
o Someone watching over your shoulder without your permission and seeing important
data you normally would not want them to see.
General understanding of biometrics:
o Something you are (eye color, fingerprints, voice, retinas, etc.)

Week 4:
Authorization and Access Control
Authorization:
o Here’s what you can do.
Access Control
o How the system enforces what you can do (from a policy perspective)

Sandboxing
o Test environment basically to make mistakes and contain bugs
Privilege Separation
o Don’t allow two roles/groups overlap permissions and cause a conflict of interest
Defense-in-depth
o Layered approach to defending access
o Make the attacker go through multiple “hoops” to get what they need and make it hard
for them
 Principle of Least Privilege
o Make controls granular enough and only give people permissions to do what they need
to execute their tasks…. nothing more, nothing less.
Access Control Matrix

o
▪ Be able to interpret this and say what a user can and can’t do in plain English

▪ For object A, Alice can read, for object B, Alice can read/write
Access Control List
o Breaks down a matrix that respects a single object and everyone’s permission to that
single object.
o Object A - Alice and Bob can read using picture above
o Object B - Charlie has no permissions to Object A.
Capabilities:
o Single user and all their permissions to all the objects they have access to
▪ Alice has read access to object A, read/write access to object B, read access to
object C, and no access to D
ACL File Permissions:

o
o Understand how/what this means:
▪ Read = 4

▪ Write = 2

▪ Execute = 1
 o What numeric positions means:
▪ 777
Owner, group, and world have full permissions.
▪ 644
Owner has read/write permissions, group and world have read only
permissions.
▪ 421
Owner has read permissions, group has written permissions, and world
has execute permissions
▪ 000
Owner, group, and world have no permissions.
Access Control Model Types:
o Discretionary Access Control
▪ The owner own’s the file and control who has what permissions to it and can
change permissions.
o Mandatory Access Control
▪ Based on sensitivity labels set by a higher authority (many times classification
levels – ex - Top secret, secret, unclassified, etc.)
▪ User has no authority to distribute or change permissions to the file.

▪ Match groups of people with object labels
o Role Based Access Control
▪ Group users into roles and segregate permissions

▪ Developers can access X

▪ Accounting personnel can access Y

▪ HR can access Z
But one cannot access the other.
o Rule Based Access Control
▪ Used in firewalls and made up a list of many ALLOW/DENY rules.

▪ Many times, use source/destination IP and source/destination port
o Attribute Based Access Control
▪ Evaluate characteristics of an individual and distribute permissions.
Job role = “communications”
Resource “business unit” = customer-interfacing
Linux Commands:
o

o
 o

o

Week 5:
Auditing and Accountability
Accountability
o You are responsible for the system you have the privilege to work on
o EVERYONE is accountable.
o Nonrepudiation – users cannot deny they did something.
o Deterrent – Know someone is watching to influence individuals not to behave.
Auditing
o Log reviews
o Assessments encapsulating user activity in real time to be reviewed at a later time if
needed.
 Vulnerability Testing
o Scan your system looking for bugs, weaknesses, areas of exploitation through an
automated scanner.
o Very little human interaction, usually a passive scan (kick it off, let it finish, and you
review results after)
o Not trying to exploit the vulnerability, just recognize it exists.
Penetration Testing
o Actively searching around a system with the intention of exploiting vulnerabilities
o Hands on approach where you need to do the work to find the vulnerabilities and exploit
them.
o Not a sit-back and watch approach
RACI Model:
o Responsible
▪ Person assigned to do the work.

▪ Usually, multiple people
o Accountable
▪ Person assigning the work that will be answerable for the outcome of the person
conducting the work.
▪ Usually one person (manager) responsible for the downfall/success of the
system
o Consulted
▪ A person informed about the work needing to be done and how to go about it in
this most efficient procedural fashion.
▪ Usually a subject matter expert (SME)
o Informed
▪ A person told about the work’s results.
Linux Commands:

o
o

o
 o

o

Week 6:
Cryptography
What is cryptography?
o Leveraging substitution and transposition to obfuscate a message.
o Substitution – Maintains the sequence of letters but modifies the letters themselves
based off a mapping (but repeating letters always map to the same letter, see ‘l’ below)
 ▪ h -> s

▪ e -> z

▪ l -> a

▪ l -> a

▪ o -> j
Hello -> szaaj
o Transposition
▪ Plaintext is repositioned, but the letters are left unchanged.

▪ hello - > eholl
o What is the Caesar cipher?
▪ Take each letter in a text and shift it 3 letters and create a mapping.

▪

o Asymmetric Key Cryptography
▪ Use of a public key and a private key

▪ If we have Bob and Alice sending messages, Bob will use Alice’s public key to
encrypt the message, and Alice will use her private key to decrypt the message.
o Symmetric Key Cryptography
▪ Same key is used between Alice and Bob to encrypt and decrypt data.
o Hashes
▪ A checksum/fingerprint for a file

▪ Process a file’s contents and through a cryptographic algorithm, a unique value
that is only associated to the original value is outputted.
▪ In an ideal world, no 2 files (with different contents) share the same hash as it is
a 1-way function (cannot take hash value and get original file contents back)
 ▪ Hash value is the same length (depending on the algorithm) regardless of how
big/small the file is
o Digital Signature
▪ Prove the message came from the intended author (like signing a contract in
pen)
▪ Creating a digital signature:
Take a plaintext message, hash the message contents, encrypt the hash
value with a private key and you have a digital signature.
▪ To verify the digital signature:
Part 1 - take the encrypted hash value of the message, and use your
public key to decrypt and get the unencrypted hash value
Part 2 – Hash the plaintext message yourself and get an unencrypted
hash value.
o Do they match? If yes, verification is successful. If not,
verification has failed.
o SHA Suite
▪ SHA1:
takes an input and produces a 160-bit hash value.
This algorithm has been proven to be insecure as collisions have
occurred (2 different messages map to the same hash value)
▪ SHA-256:
Take an input and produce a 256-bit, fixed length hash value.
Still in use today, its always theoretically possible to generate a collision,
but computationally infeasible
▪ SHA-512
Take an input and produce a 512-bit, fixed length hash value
Offers better security but it is not as widely used
Takes longer to execute than SHA-256
o MD5 AND SHA1 ARE INSECURE!
o Other hash algorithms exist such as Bcrypt and MD5-Crypt, but you don’t need to know
how any of these algorithms work in the weeds, just know what a hashing algorithm is
and which ones are secure.
o Understand what a hashing algorithm is meant to do and why we use it. No calculations
will need to be made on the exam.
o Side Channel Attacks:
▪ Leveraging physical data such as CPU cycles and power consumption that give
information about how data is being encrypted or decrypted.
o You do NOT need to worry about bitcoin and blockchain for the midterm exam.
Good Luck!