Section 2: Security

CIA Triad

A fundamental model in information security that describes the three core principles used to protect data and systems

CIA stands for:
1. Confidentiality
2. Integrity
3. Availability

Vulnerability

Flaw or weakness within a system that can be exploited

Non-compliant System

System that is not on the baseline of what is approved by the organization

Zero-day Vulnerability

Vulnerability that is discovered or exploited before the vendor can issue a patch to fix it

Denial of Service (DoS)

Used to describe an attack that attempts to make a computer or servers’s resources unavailable

Distributed Denial of Service (DDoS)

Uses lots of machines to attack a server to create a DoS (Denial of Service)

Blackhole/Sinkhole

Identifies attacking IP addresses and routes them to a non-existent server through the null interface

IP Spoofing

Modifies the source address of an IP packet to hide the identity of the sender or impersonate another client

Mac Spoofing

Changing the MAC address to pretend the use of a different network interface card or device

On-Path Attack

Attacker is able to put their workstation logically between two hosts during the communication

Replay Attack

Occurs when valid data is captured by the attacker and is then repeated immediately, or delayed, and then repeated

Relay Attack

Occurs when the attacker inserts themself in between the two hosts

SQL Injection

Attack consisting of the insertion or injection of an SQL query via input data from the client to a web application

Injection Attack

Attackers insert malicious input into an application, causing it to execute unintended commands or expose data

Cross-Site Scripting (XSS)

A web security vulnerability that lets attackers inject malicious scripts into trusted websites, which then run in unsuspecting users' browsers, allowing attackers to steal data, impersonate users, or deface websites

Cross-Site Request Forgery (XSRF/CSRF)

Occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated

Password Cracker

Uses comparative analysis to break passwords and systematically continues guessing until the password is determined

Dictionary Attack

Method where a program attempts to guess the password by using a list of possible passwords

Brute-Force Attack

Method where a program attempts to try every possible combination until it cracks the password

Cryptanalysis Attack

An attempt to break or bypass a cryptographic system in order to gain access to encrypted information without knowing the secret key

Insider Threat

An employee or other trusted insider who uses their authorized network access in unauthorized ways to harm the company

Supply Chain Attack

Attack that involves targeting a weaker link in the supply chain to gain access to a primary target

Chip Washing

Involves repacking the contents of a microchip with a less expensive one or embedded malware

4 ways to prevent supply chain attack

Vender Due Diligence
Regular Monitoring and Audits

Education and Collaboration

Incorporating Contractual Safeguards

Vendor Due Diligence

Organizations must perform due diligence when onboarding vendors with critical access

Regular Monitoring and Audits

Security practices used to continuously observe systems and periodically review them to ensure they are operating properly and securely

Education and Collaboration

Informing the ecosystem about threats, vulnerabilities, and best practices ensures industry protection

Incorporating Contractual Safeguards

Legal agreements or clauses that define how access, data, and systems must be handled

Virus

Malicious code that runs on a machine without user knowledge and infects the computer when executed

Boot Sector Virus

A type of malware that infects the Master Boot Record (MBR) of hard drives or the boot sector of removable media like USB drives, loading before the operating system to gain control and disrupt the system startup process

Macros

Code that embed a virus in a document, executing it when the document is opened

Program Virus

Seeks out executable or application to infect

Multipartite Virus

Combination of a boot sector type virus and a program virus

Encrypted Virus

A type of malware that encrypts its own code to hide from antivirus detection

Polymorphic Virus

Changes its code with each execution by altering the decryption module to evade detection

Stealth Virus

Uses various techniques to evade antivirus detection

Armored Virus

A specialized form of virus that has a protective layer to confuse programs or individuals analyzing it

Hoax

Not a traditional virus but tricks users into infecting their own machines

Worm

A malicious software like a virus but replicates itself without user interaction

Trojan

A piece of malicious software that is disguised as a piece of harmless or desirable software

Fileless Malware

Used to create a process in the system memory without replying on the local file system of the infected host

Spyware

Malicious software designed to monitor activities and gather information without consent

Keyloggers

Record every keystroke to capture sensitive information like usernames, passwords, and credit card numbers, sending it to the attacker

Stalkerware

Invasive spyware often installed by someone with access to the victim’s device to monitor activity without knowledge or consent

Adware

Type of spyware that serves targeted ads by tracking online activity, including browsing history and search queries

Potentially Unwanted Programs (PUPs)

Software applications unintentionally installed, often bundled with other software

Rootkit

Software designed to gain administrative level control over a system without detection

DLL Injection

Inserts malicious code into a running process on a Windows machine by exploiting DLLs loaded at runtime

Driver Manipulation

An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level

Botnet

A network of compromised, internet-connected devices infected with malware and controlled by a "bot-herder" to perform malicious tasks

Malware

Any program designed to disrupt, damage, or gain unauthorized access to computer systems, networks, and personal data

Endpoint Detection and Response (EDR)

A security solution that continuously monitors devices to detect, investigate, and respond to cyber threats in real time

Managed Detection and Response (MDR)

A service where a third-party provider monitors an organization’s environment for threats and responds to incidents

Extended Detection and Response (XDR)

Expands on Endpoint Detection and Response by integrating security data from endpoints, networks, servers, and email systems into a unified platform

Recovery Console

A diagnostic environment for troubleshooting and recovering from system issues, including malware infections

Operating System Reinstallation

The system is formatted, wiped, reinstalled from a known good source, and user data is restored from a known good backup

Antivirus Software

Scans files, applications, and systems for known threat signatures, providing real-time protection and periodic scans

Anti-malware

Complements antivirus tools by detecting and removing various threats, including spyware, adware, and fileless malware

Email Security Gateways

Filter email traffic to block malicious content, including phishing and malware attachments

Software Firewalls

Monitor and control incoming and outgoing network traffic based on predefined security rules

User Education

One of the most effective methods for reducing malware incidents

Phising

A social engineering attack where malicious actors impersonate entities to steal confidential information

Spear Phising

More targeted form of phishing in which emails are sent to a more specific group of individuals

Whaling

A type of phishing attack that specifically targets high-level executives or important individuals in an organization, such as CEOs, CFOs, or directors

Smishing

Short for SMS phishing, targets users through text messages

Vishing

Short for voice phishing, involves attackers using phone calls to deceive victims

Business Email Compromise (BEC)

A sophisticated email scam where cybercriminals impersonate trusted figures (like CEOs or vendors) to trick employees

QR Code Phishing (Quishing)

Involves attackers distributing malicious QR codes to their victims

Spam

Abuse of electronic messaging systems such as email, texting, social media, broadcast media, and instant messaging

Open Mail Relay

A vulnerability occurs when a mail server is improperly configured, allowing anyone on the internet to send emails through it without authentication

Impersonation

Actor pretending to be someone or something else, such as during a physical penetration test to gain access to a facility

Elicitation

The ability to draw, bring forth, evoke, or induce information from a victim

Social Engineering

Attempt to manipulate users into revealing confidential information or performing actions detrimental to security

Tailgating

Occurs when an attacker follows an authorized person into a secure area without their knowledge or consent

Piggybacking

Similar to tailgating but occurs with the employee’s knowledge or consent

Shoulder Surfing

Occurs when an attacker uses direct observation to obtain authentication information by approaching an employee from behind

Eavesdropping

Involves using listening to gather information, such as overhearing a conversation

Dumpster Diving

Occurs when an attacker scavenges for personal or confidential information in garbage or recycling containers

Evil Twin

A fraudulent Wi-Fi access point that appears legitimate but is set up to eavesdrop on wireless communications

KARMA Attack

A type of wireless network attack where a malicious device pretends to be any Wi-Fi network a victim’s device is trying to connect to

Personal Firewall

Software that protects a single computer or server from unwanted internet traffic

Host-based Firewall

A security system that runs directly on a single device and controls what network traffic is allowed in and out of that machine

iptables

A command-line user-space utility in Linux that configures IPv4 packet filtering rules, acting as a firewall by interfacing with the Netfilter kernel modules

Administrative Controls

Manage personnel and assets through policies, standards, procedures, and guidelines

Lockable Rack Cabinet

Controls access to servers, switches, and routers installed in standard networking racks

Kensington Lock

A physical security device used to prevent laptops and other devices from being stolen

Vestibule

Serves as a way to limit the people that go in or out of an organization

Smart Card Reader

Reads an embedded microchip on a badge containing authentication information

Discretionary Access Control (DAC)

Access control method where access is determined by the owner of the resource

Mandatory Access Control (MAC)

A strict security model where access to resources is controlled by a central authority, not be individual users

Role-Based Access Control (RBAC)

A way of managing who can access what in a system by assigning permissions to roles instead of directly to individual users

Zero-Trust

Security framework that requires the users to be authenticated, authorized, and validated

Identification

Access requests require identity verification

Authentication

Identity verification using a unique identifier and approved credentials

Multifactor Authentication (MFA)

Uses two or more factors to prove a user’s identity

In-Band Authentication

A method where authentication data is sent through the same communication channel as the main data or service you are trying to access.

Out-of-Band Authentication

A security method where authentication happens through a separate communication channel from the one being used to access the system

Enterprise Mobility Management (EMM)

Enables centralized management and control of corporate mobile devices