Cisco - Jumpstart -Security Set 1

Front 1

What is TRAC?

Back 1

T= Threat

R= Research

A= Analysis

C= Communications

Front 2

Why does TRAC dissect threats

Back 2

To Identify and understand needs

Front 3

Why does TRAC eliminate Threats

Back 3

It eliminates them within the context of Cisco products and services.

NOTE:

TRAC will make product improvement and recommendations

Front 4

How does TRAC perform exploratory data analysis

Back 4

Leveraging advanced statistical and computational techniques to illuminate patterns in vast amounts of data.

Front 5

What is a worm?

Back 5

A worm executes arbitrary code and installs copies of itself in the memory of the infected computer, which infects other hosts.

Front 6

What is a virus?

Back 6

A virus is a malicious software that is attached to another program to execute a particular unwanted function on a user workstation.

Front 7

What is a trojan?

Back 7

A Trojan horse is different only in that the entire application is written to look like something else, when in fact it is an attack tool.

Front 8

What is an APT?

Back 8

A = Advanced

P = Persistent

T = Threat

Front 9

What does A in APT Mean?

Back 9

advanced or infiltation

Front 10

What are the two parts of A in APT?

Back 10

1. Reconnaissance

2. Infection

Front 11

What is Reconnaissance in APT?

Back 11

Actors search open sources to identify and assess targets for collections and entities/relationships to exploit in the attack.

Front 12

What is Infection in APT?

Back 12

Typically, well-crafted spear phishing e-mails with linked or embedded files containing malicious code serve as the intrusion vector.

Front 13

What are the 4 parts of persistence in APT?

Back 13

1. Establish Backdoors

2. Enumerate the Network

3. Install Utilities

4. Escalate privileges

Front 14

What does it mean by Establish Backdoors in APT?

Back 14

Attackers maintain network footholds by obtaining domain administrative credentials and moving laterally through a network, establishing multiple backdoors.

Front 15

What does it mean by enumerate the network in APT?

Back 15

Persistent threat intruders laterally enumerate a network gathering valid credentials (user accounts and passwords) for multiple systems.

Front 16

What does it mean by Install Utilities in APT?

Back 16

Attackers install any number of several malicous utilities necessary to maintain persistence and ultimately steal information.

Front 17

What does it mean to escalate privileges in APT?

Back 17

With access and persistence established. intruders escalate their privileges and prepare for exfiltration.

Front 18

What are the 3 phases of exfiltration in APT?

Back 18

1. Harvest Data

2. Exfiltration

3. Conceal Activity

Front 19

What is Harvest Data in APT?

Back 19

Specific documents and e-mails containing targeted data are collected and packaged into a single, encrypted, and password-protected compressed file.

Front 20

What is Exfiltration in APT?

Back 20

The intruders exfiltrate the compressed file to another compromised system in their command and control infrastructure.

Front 21

What is conceal Activity in APT?

Back 21

Finally, Intruders either attempt to clean up their tools, maintaining persistence, or set the attack in a dormant state to evade detection while maintaining access.

Front 22

Name some motives of APT?

Back 22

• Gain Financial Edge
• Intelligence Gathering
• Gain competitive advantage for industries
• Obtain a control foothold for later exploitation
• Embarrass an organization, damage its reputation, and/or take down its systems
• Obtain indirect access to targeted affiliate

Front 23

What percentage of attacks happen on the access layer?

Back 23

75%

Front 24

What is a man in the middle attack?

Back 24

This attack requires that the hacker has access to network packets that come across a network.

Front 25

What are some tools used to implement a man-in-the-middle attack?q

Back 25

• Passive NEtwork Traps
• Port Mirroring (CIsco SPAN port)
• Tool: Cain & ABel, Packet Creator, Ettercap

Front 26

What is the new security model?

Back 26

• Before
• During
• After

Front 27

What is Before in the New Security Model?

Back 27

• Discover
• Enforce
• Harden

Front 28

What is During in the New Security Model?

Back 28

• Detect
• Block
• Defend

Front 29

What is After in the New Security Model?

Back 29

• Scope
• Contain
• Remediate

Front 30

What is Visibility Driven Strategic Imperatives?

Back 30

• Network-Integrated
• Broad Sensor Base
• Context and Automation

Front 31

What is threat focused Strategic Imperative?

Back 31

• Continuous Advanced Threat Protection
• Cloud-Based Security Intelligence

Front 32

What is Platform -Based Strategic Imperative?

Back 32

• Agile and open platforms
• Built for Scale
• Consistent Control
• Management

Front 33

What is Breadth when referring to Security?

Back 33

• Network
• Endpoint
• Mobile
• Virtual
• Cloud

Front 34

What is depth when referring to Security?

Back 34

• Who
• What
• Where
• When
• How

Front 35

When dealing with the before in the New Security Model, what are some things you can implement?

Back 35

• VPN
• Firewall
• NGFW
• UTM
• NAC+IDentity Services

Front 36

When dealing with the during in the New Security Model, what are some things you can implement?

Back 36

• NGIPS
• WEb Security
• Email and Security

Front 37

When dealing with the After in the New Security Model, what are some things you can implement?

Back 37

• Advanced Malware Protection
• Network Behavioral Analysis

Front 38

How to Develop Ecosystems for Cisco Security?

Back 38

• Partner to Deliver Complete Solutions
• Develop SSP Partner EcoSysten
• Embeded Security in Broader IT solutions
• Drive the value of the network