• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/48

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

48 Cards in this Set

  • Front
  • Back

Netflow

?

Malware بد افزار

Is a collective noun or shortenes form for some various types of malicious software, e.g. Trojan, spyware, Ransomware,bot,virus

CIA in network security ?

C means confidentiality.


I means integrity.


A means Availability

Security object in, Confidentiality محرمیت

Confidentiality means that only the authorized individuals/systems can view sensitive or classified information.


More: This also implies that unauthorizedindividuals should not have any type of access to the data. Regarding data in motion,the primary way to protect that data is to encrypt it before sending it over the network.Another option you can use with encryption is to use separate networks for the transmission of confidential data

Security object in, Integrity بی نقصی، تمامیت

Integrity for data means that changes made to data are done only by authorized individuals/systems.


More:Corruption of data is a failure to maintain data integrity

Security object in, Availability دسترسی، قابلیت استفاده

This applies to systems and to data. If the network or its data is not available to authorized users—perhaps because of a denial-of-service (DoS) attack or maybebecause of a general network failure

What's asset دارایی

is anything that is valuable to an organization. These could be tangible items (people, computers, and so on) or intangible items (intellectual property, database information, contact lists, accounting info).

Vulnerabilities اسیب پزیری

An exploitableقابل بهره داری weakness in system or its design. Vulnerabilities can be found in protocols, operating systems, applications, and system designs.or comes from malicious attack

What's malicious actor & threat agent

f someone is actively launching an attack against your system and successfully accesses something or compromises your security against an asset, the threat is realized. The entityموجودیت،نهاد that takes advantage of the vulnerability is known as the malicious actor and the path used by this actor to perform the attack is known as the threat agent or threat vector

Threat تهدید,خطر

A threat is anything that attempts to gain unauthorized access to, compromise, destroy, or damage an asset.

countermeasure اقدام متقابل

is a device or process (a safeguard) that is implemented to counteract خنثی کردن a potential threat, which thus reduces risk. For example u unplug a machine which is highly vulnerable & some how u mitigate the risk,


Risk: Risk is the potential for unauthorized access to, compromise, destruction, or damage to an asset

weaknesses and vulnerabilities in a system or network

Policyاداره،تدبیر flawsعیب■ Design errors■ Protocol weaknesses■ Misconfiguration■ Software vulnerabilities■ Human factors■ Malicious software■ Hardware vulnerabilities■ Physical access to network resources

Common control methods used to implement countermeasures

Administrative: These consist of written policies, procedures,guidelines, and standards.An example would be a written acceptable use policy (AUP), agreed to by each user onthe network. 2nd is in the next card

Common control method used to implement countermeasures

Physical: Physical controls are exactly what they sound like, physical security for thenetwork servers, equipment, and infrastructure. An example is providing a locked doorbetween users and the wiring closet on any floor (where the switches and other gearexist). Another example of a physical control is a redundant system (for instance, an uninterruptible power supply. 3rd is in next card

Common control method used to implement countermeasures

Logical: Logical controls include passwords, firewalls, intrusion prevention systems, access lists, VPN tunnels, and so on. Logical controls are often referred to as technical controls

Reconnaissance شناسایی،بازدید مقدماتی (an attack method)

his is the discovery process used to find information about the network. Discover which ip addresses respond & which ports on the device at these ip addresses are open

Social engineering

Malicious actors employ social engineering by relying on the human element of networking to find and create holes


Victims might unknowingly reveal the sensitive information needed to bypass network security. Although attacks on human judgment are immune to even the best network defence systems, companies can mitigate the risk of social engineering with an active security culture, to train users.

Phishing ( social engineering type)

Phishing presents a link that looks like a valid trusted resource to a user. When the user clicks it, the user is prompted to disclose confidential information such as usernames/passwords.

Malvertising ( social engineering attack type or tactic )

This is the act of incorporating malicious ads on trusted websites, which results in users’ browsers being accidentally redirected to sites hosting malware.

Phone scams کلاهبردار( social engineering type attack )

It is not uncommon for someone to call up an employee and attempt to convince employees to get information about themselves or others within the organization.

Pharming social engineering attack type or tactic

Pharming is used to direct a customer’s URL from a valid resource to a malicious one that could be made to appear as the valid site to the user. From there, an attempt is made to extract confidential information from the user.

Code execution ( an attack method )

One of the most devastating خرابگری actions available to an attacker is the ability to execute code within a device. Code execution could result in an adverse impact to the confidentiality (attacker can view information on the device), integrity (attacker can modify the configuration of the device), and availability (attacker can create a denial of service through the modification of code) of a device.

Man-in-the-middle attack

A man-in-the-middle attack results when attackers place themselves in line between two devices that are communicating, with the intent to perform reconnaissance or to manipulate the data as it moves between them. This can happen at Layer 2 or Layer 3. The main purpose is eavesdroppingگوش ایستادن, so the attacker can see all the traffic.

Brute-force (password-guessing)

types of attacks are performed when an attacker’s system attempts thousands of possible passwords looking for the right match. This is best protected against by specifying limits on how many unsuccessful authentication attempts can occur within a specified time frame

Chapter 2 according to university


Threat actor

A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- an organization's security. In threat intelligence, actors are generally categorized as external, internal or partner,find about these categories??

Motivation behind threads :

1.Financial: attackers can make financial gains through their malicious actions. 2.Disruption: to cause disruption to the core business of many organizations and institutions. 3. Geopolitical: use the Internet to engage in cyber warfare

DOS vs DDOD

?

"Direct" a type od DDOS

Direct DDoS attacks occur when the source of the attack generates the packets, regardless of protocol, application, and so on, that are sent directly to the victim of the attack.

"Reflected" A type of DDOS

Reflected DDoS attacks occur when the sources of the attack are sent spoofed (tricked) packets that appear to be from the victim side, and then the sources become unaware participants in the DDoS attacks by sending the response traffic back to the desired victim. UDP is often used as the transport mechanism because it is more easily spoofed due to the lack of a three-way handshake

Amplification DDOS

Amplification attacks are a form of reflected attacks in which the response traffic (sent by the unaware participants) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim). An example of this is when DNS queries are sent and the DNS responses are much larger in packet size than the initial query packets. The end result is that the victim gets flooded by large packets for which it never actually issued queries.

Defense against social engineering

A security-aware culture must include on going training that consistently informs employees about the latest security threats, as well as policies and procedures that reflect the overall vision and mission of corporate information security.

Official security policies and procedures take the guesswork out of operations and help employees make the right security decisions.


Policy 1st, Physical security:

The organization should have effective physical security controls such as visitor logs, escort همراه ،همراهی کردنrequirements, and background checks.

Policy 2, password management

Password management: Guidelines such as the number and type of characters that each password must include how often a password must be changed, and even a simple declaration that employees should not disclose passwords to anyone (even if they believe they are speaking with someone at the corporate help desk) will help secure information assets.

Two-factor authentication


Policy 3

Authentication for high-risk network services such as modem pools and VPNs should use two-factor authentication rather than fixed passwords

Antivirus/anti-phishing defences:


Policy 4

Multiple layers of antivirus defences, such as at mail gateways and end-user desktops, can minimize the threat of phishing and other social engineering attacks.

Policy 5


Change management

Change management: A documented change-management process is more secure than an ad hoc? process, which is more easily exploited by an attacker who claims to be in a crisis.

Policy 6


■ Information classification:

A classification policy should clearly describe what information is considered sensitive and how to label and handle it.

Policy 7


Document handling and destruction:

Sensitive documents and media must be securely disposed of and not simply thrown out with the regular office trash

Data Loss and Exfiltration Methods

?

Several types of data are particularly attractive to the miscreants of the cyber (under) world:


1. Intellectual property (IP):

This consists of any type of data or documentation that is the property of an organization and has been created or produced by employees of the organization. IP often refers to the designs, drawings, and documents that support the development, sale, and support of an organization’s products

2. Personally identifiable information (PII):

This is the type of information that has, unfortunately, been talked about in the press all too often lately when we hear about data breaches. This information includes names, dates of birth, addresses, and Social Security numbers (SSN).

3. Credit/debit cards:

In addition to PII, which is often stolen/compromised during data breaches, credit and debit card information (the information contained on the magnetic stripe or within the embedded chip in chip and pin cards) is extremely desired by the malicious actors.

Recommendation for org security

It is paramount for every organization, no matter what size, vertical or not, or whether they are publicly or privately held, to make every effort to protect their data assets. This involves a combination of clearly communicated and effective security policies, employee education, and the technologies to help ensure that the security policies put in place can be enforced.

Chapter 3


Cryptography Basic Components


Cipher and keys

Cipher: A cipher is a set of rules, which can also be called an algorithm, about how to perform encryption or decryption. Literally hundreds of encryption algorithms are available, and there are likely many more that are proprietary and used for special purposes such as government and national security. Common methods that ciphers use include the following:

Substitution: a method of cipher

This type of cipher substitutes one character for another. The example earlier used a simple cipher that substituted each letter from the alphabet with the previous letter of the alphabet. To make it more challenging, we could have shifted more than just a single character and only chose certain letters to substitute. The exact method of substitution could be referred to as the key. If both parties involved in the VPN understand the key, they can both encrypt and decrypt data.

Polyalphabetic: a method of cipher

This is similar to substitution, but instead of using a single alphabet, it could use multiple alphabets and switch between them by some trigger character in the encoded message.

Transposition: a method of cipher

This uses many different options, including the rearrangement of letters. For example, if we have the message “This is secret,” we could write it out (top to bottom, left to right) its e.g.


T S S R


H I E E


I S C T


We then encrypt it as RETCSIHTSSEI, which is starting at the top right and going around like a clock, spiraling inward. To know how to encrypt/decrypt this correctly, we need the correct key.

N

M