Studied by 0 people
Looks like no one added any tags here yet for you.
Virus
A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data
Social Engineering
Tricking/Deceiving Someone into giving you private information or data
Backdoor
Attacker gets access by using an exploit to access the system
Spyware
software that obtains information about another computer's activities without knowledge of the user
Spear Phishing Attack
is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user's computer.
DOS
Denial of Service: an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
DDOS
Distributed Denial of Service: occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.
Botnet
a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, used to send spam messages, ddos attacks, mine for cryptocurrency, and more
Dumpster Diving
looking through trash to obtain sensitive information
Ransomware
malicious software that blocks access to computer until an amount of money is paid
Malware
software intended to harm computers, networks, people, or businesses
Drive-by Download
Downloads installed by just passing through an infected webpage
E-mail flooding
sending many emails to a target to flood the inbox and take down the server
Trojan Horse
a virus disguised as real software, to make it appear harmless so victims download and run it
Worm
a self-replicating virus that does not usually alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.
DNS spoofing
also referred to as DNS cache poisoning, is a form of computer hacking in which corrupt Domain Name System data is introduced into a DNS resolver's cache, causing the name server to return an incorrect IP address, which results in diverting traffic to the attacker's computer (or any other computer).
Scareware
Malware which tricks users into buying fake antivirus protection
White Hat
A hacker who does good. Tests security systems with consent of the owners.
Black Hat
A hacker who uses their abilities for malicious purposes such as breaching and bypassing internet secuirty.
Cyberterrorist
Someone who uses computers to cause severe damage or widespread fear in society.
Hacktivist
a computer hacker whose activity is aimed at promoting a social or political cause.
Cyberespionage
the use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.
Bots
Bots can send spam attacks, dos attacks, and others. Malware ran on a computer can let the attacker place these on computers which once infected are called zombies.
A collection of bots all controlled by one person is called a botnet, commonly used for DDOS attacks
Password Cracker
a program used to guess a users password, using lists of keywords and common passwords.
Adware
Malware that displays ads when the user is on the internet, and can collect marketing data without the user's knowledge. Adware can also redirect a search request.
Sniffing
allows individuals to capture data as it is transmitted over a network and is used by network professionals to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames.
Script Kiddie
a person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own.
Compromised Key Attack
the use of a key that an attacker has stolen to gain access to a secured transmission. The key allows the attacker to decrypt the data that is being sent. The sender and receiver are usually not aware of the attack.
Antivirus
computer systems that block, detect, and remove viruses and other malware
Firewall
a part of a computer system or network that is designed to block unauthorized access while permitting outward communication.
Spam Email
unsolicited emails sent to many addresses
Software Patch
an update to a computer program in order to fix or update the program
Vulnerability
a flaw or weakness that hackers or malware can exploit
Audit Trail
A record showing who has accessed a computer system and what operations he or she has performed during a given period of time. Useful both for maintaining security and for recovering lost transactions.
Blended Threat
A computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods, for example using characteristics of both viruses and worms, while also taking advantage of vulnerabilities in computers, networks, or other physical systems. An attack using a blended approach might send a virus via an e-mail attachment, along with a Trojan horse embedded in an HTML file that will cause damage to the recipient computer. The Nimda, CodeRed, and Bugbear exploits were all examples of blended threats.
Ciphertext
Form of cryptography in which the plaintext is made unintelligible to anyone, who intercepts it by a transformation of the information itself, based on some key.
Encryption
The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
Decryption
the process of converting encrypted data back into its original form, so it can be understood.
What should you do if you receive an email from someone you don't know with an attachment?
Mark it as spam, ignore it, or delete it.
That person I hate
Jessica, seriously, respond to my texts, snapchats, emails, twitter dms, instagram dms, phone calls, whatsapp, kik, mail, megaphone, directv inbox, sky writing, PLEASE I WANT MY BLUE SHIRT BACK.
You have a Mac so you don't have to worry about viruses.
(True/False)
False
Directory Harvest Attack
an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database
IP Spoofing
IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonate another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.
IPSec
IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well.
L2TP
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself.
SSL
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
WEP
Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.
WPA
Wi-Fi Protected Access (WPA) is a security standard for users of computing devices equipped with wireless internet connections, or Wi-Fi. It improved upon and replaced the original Wi-Fi security standard, Wired Equivalent Privacy (WEP). WPA provides more sophisticated data encryption than WEP, and it also provides user authentication -- WEP's user authentication was considered insufficient.
802.1x
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
VPN
A virtual private network (VPN) is a network that is constructed using public wires — usually the Internet — to connect to a private network, such as a company's internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting data.
IEEE 802.**
IEEE 802.11 - Wireless LAN (WLAN) & Mesh (Wi-Fi certification)
IEEE 802.3 - Ethernet
IEEE 802.1 - Higher Layer LAN Protocols (Bridging)
IEEE 802.15 - Wireless PAN
Audit Policy
What you monitor on the network. Establishing audit policy is an important facet of security. Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.
There are nine different kinds of events you can audit. If you audit any of these kinds of events, Windows® records the events in the Security log, which you can find in Event Viewer.
Audit Policy Options
You can choose these to monitor in windows:
•Account logon events.
•Account management
•Directory service access
•Logon events
•Object access
•Policy change
•Privilege use
•Process tracking
•System events
Incident Response
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Incident Response Procedure
According to SANS institute:
1. Preparation: Preparing users and IT staff to handle potential incidents should they should arise
2. Identification: Determining whether an event is indeed a security incident
3. Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage
4. Eradication: Finding the root cause of the incident, removing affected systems from the production environment
5. Recovery: Permitting affected systems back into the production environment, ensuring no threat remains
6. Lessons learned: Completing incident documentation, performing analysis to ultimately learn from incident and potentially improve future response efforts
Dual-homed host/firewall
A dual-homed host is a term used to reference a type of firewall that uses two (or more) network interfaces. One connection is an internal network and the second connection is to the Internet. A dual-homed host works as a simple firewall provided there is no direct IP traffic between the Internet and the internal network.
Triple-homed firewall (Aka screened subnet)
A screened subnet (also known as a "triple-homed firewall") is a network architecture that uses a single firewall with three network interfaces.
Interface 1 is the public interface and connects to the Internet.
Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached.
Interface 3 connects to an intranet for access to and from internal networks.
Even if the firewall itself is compromised, access to the intranet should not be available, as long as the firewall has been properly configured.
DMZ
In computer networks, a DMZ (demilitarized zone) is a physical or logical sub-network that separates an internal local area network (LAN) from other untrusted networks, usually the Internet. External-facing servers, resources and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the Internet.
VLan
Ports on switches can be assigned to one or more VLANs, allowing systems to be divided into logical groups -- e.g., based on which department they are associated with -- and rules to be established about how systems in the separate groups are allowed to communicate with each other. These can range from the simple and practical (computers in one VLAN can see the printer on that VLAN, but computers outside that VLAN cannot), to the complex and legal (e.g., computers in the trading departments cannot interact with computers in the retail banking departments).
Intranet
An intranet is a private network that is contained within an enterprise. It may consist of many interlinked local area networks and also use leased lines in the wide area network. Typically, an intranet includes connections through one or more gateway computers to the outside Internet.
Extranet
an intranet that can be partially accessed by authorized outside users, enabling businesses to exchange information over the Internet securely.
Typically, larger enterprises allow users within their intranet to access the public Internet through firewall servers that have the ability to screen messages in both directions so that company security is maintained. When part of an intranet is made accessible to customers, partners, suppliers, or others outside the company, that part becomes part of an extranet.
Public Key Infrastructure
public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
Hacking
use a computer to gain unauthorized access to data in a system
Cracking
The term "cracking" means trying to get into computer systems in order to steal, corrupt, or illegitimately view data. The popular press refers to such activities as hacking, but hackers see themselves as expert, elite programmers and maintain that such illegitimate activity should be called "cracking."
Intellectual Property
a work or invention that is the result of creativity, such as a manuscript or a design, to which one has rights and for which one may apply for a patent, copyright, trademark, etc. Things your company doesn't want someone stealing basically.
Web of Trust
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner.
Certificate Authority
In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.
Public Key Encryption vs
Digital Signatures
Digital signatures use public key cryptography. That being said, public key encryption by itself cannot be used for non-repudiation, so you'll always want digital signatures, regardless of which one is faster.
Non-repudiation
Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. Example: On the Internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person that purported to sign the document, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature.
CHAP
Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity, such as an ISP.
MS-CHAP
the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP. MS-CHAP is used as one authentication option in Microsoft's implementation of the PPTP protocol for virtual private networks. It is also used as an authentication option with RADIUS[2] servers which are used for WiFi security using the WPA-Enterprise protocol. It is further used as the main authentication option of the Protected Extensible Authentication Protocol (PEAP).
PAP
Password authentication protocol (PAP); PAP and CHAP are both used to authenticate PPP sessions and can be used with many VPNs. Basically, PAP works like a standard login procedure; the remote system authenticates itself to the using a static user name and password combination. The password can be encrypted for additional security, but PAP is subject to numerous attacks. In particular, since the information is static, it is subject to password guessing as well as snooping.
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Easier to track services as well.
Kerberos
Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. Kerberos is built in to all major operating systems, including Microsoft Windows, Apple OS X, FreeBSD and Linux.
EAP
Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.
PPP
PPP (Point-to-Point Protocol) refers to a family of computer networking protocols that provide a standard way to transport multiprotocol data over point-to-point links. PPP has three main components: a way to encapsulate multiprotocol datagrams; a Link Control Protocol to establish, configure and test the data-link connection; and a group of network control protocols that establish and configure different types of network-layer protocols.
RAID
"Redundant Array of Independent Disks." RAID is a method of storing data on multiple hard disks.
Raid 0: It's also known as "disk striping." With RAID 0, data is written across multiple disks. This means the work that the computer is doing is handled by multiple disks rather than just one, increasing performance.
Raid 1: is a fault-tolerance configuration known as "disk mirroring." With RAID 1, data is copied seamlessly and simultaneously, from one disk to another, creating a replica, or mirror. If one disk gets fried, the other can keep working. It's the simplest way to implement fault tolerance and it's relatively low cost.
Raid 5: RAID 5, data and parity (which is additional data used for recovery) are striped across three or more disks. If a disk gets an error or starts to fail, data is recreated from this distributed data and parity block— seamlessly and automatically. Most popular in businesses
Raid 10: a combination of RAID 1 and 0 and is often denoted as RAID 1+0. It combines the mirroring of RAID 1 with the striping of RAID 0. It's the RAID level that gives the best performance, but it is also costly, requiring twice as many disks as other RAID levels, for a minimum of four. This is the RAID level ideal for highly utilized database servers or any server that's performing many write operations.
UPS
Uninterruptible Power Supply, a power supply that includes a battery to maintain power in the event of a power outage
Full backup
Makes a full copy of data and puts it on another media. Takes longer to perform a full backup so this are usually not done as often as the other backup types.
Incremental Backup
Copies only the data that has changed since the last backup operation of any type. Takes less time and is used more often.
Differential Backup
A differential backup operation is similar to an incremental the first time it is performed, in that it will copy all data changed from the previous backup. However, each time it is run afterwards, it will continue to copy all data changed since the previous full backup.
Remote Backup
a method of offsite data storage in which files, folders, or the entire contents of a hard drive are regularly backed up on a remote server or computer with a network connection. Helpful if main servers hardware are destroyed or attacked.
Risk Mitigation Planning
Risk mitigation planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives. Risk mitigation implementation is the process of executing risk mitigation actions. Risk mitigation progress monitoring includes tracking identified risks, identifying new risks, and evaluating risk process effectiveness throughout the project.
Cryptography
Cryptography is a method of storing and transmitting data in a particular obfuscated form so that only those for whom it is intended can read and process it.
Triple DES (Encryption)
Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.
RSA (Encryption)
a public-key encryption algorithm, RSA is considered an asymmetric algorithm due to its use of a pair of keys. You've got your public key, which is what we use to encrypt our message, and a private key to decrypt it. The result of RSA encryption is a huge batch of mumbo jumbo that takes attackers quite a bit of time and processing power to break.
Blowfish (Encryption)
this symmetric cipher splits messages into blocks of 64 bits and encrypts them individually.
Twofish (Encryption)
Keys used in this algorithm may be up to 256 bits in length and as a symmetric technique, only one key is needed.
AES (Encryption)
algorithm trusted as the standard by the U.S. Government and numerous organizations. Although it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy duty encryption purposes.
DES (Encryption)
The Data Encryption Standard (DES) is a symmetric-key block cipher. DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of the key are not used by the encryption algorithm (function as check bits only)
Digital Forensics Framework
forensics of Windows or Linux OS, recovery hidden of deleted files, quick search for files' meta data, and various other things.
Open Computer Forensics Architecture
Open Computer Forensics Architecture (OCFA) is an distributed open-source computer forensics framework used to analyze digital media within a digital forensics laboratory environment. The framework was built by the Dutch national police.
CAINE
CAINE (Computer Aided Investigative Environment) is the Linux distro created for digital forensics. It offers an environment to integrate existing software tools as software modules in a user friendly manner. This tool is open source.
X-Ways Forensics
X-Ways Forensics is an advanced platform for digital forensics examiners. It runs on all available version of Windows. It claims to not be very resource hungry and to work efficiently.
SANS Investigative Forensics Toolkit - SIFT
SANS Investigative Forensics Toolkit or SIFT is a multi-purpose forensic operating system which comes with all the necessary tools used in the digital forensic process. It is built on Ubuntu with many tools related to digital forensics. Earlier this year, SIFT 3.0 was released. It comes for free or charge and contains free open-source forensic tools.
EnCase
EnCase is another popular multi-purpose forensic platform with many nice tools for several areas of the digital forensic process. This tool can rapidly gather data from various devices and unearth potential evidence. It also produces a report based on the evidence.
This tool does not come for free. The license costs $995.
Registry Recon
Registry Recon is a popular registry analysis tool. It extracts the registry information from the evidence and then rebuilds the registry representation. It can rebuild registries from both current and previous Windows installations.
It is not a free tool. It costs $399.
The Sleuth Kit
The Sleuth Kit is a Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.
Llibforensics
Libforensics is a library for developing digital forensics applications. It was developed in Python and comes with various demo tools to extract information from various types of evidence.
Volatility
Volatility is the memory forensics framework. It used for incident response and malware analysis. With this tool, you can extract information from running processes, network sockets, network connection, DLLs and registry hives. It also has support for extracting information from Windows crash dump files and hibernation files. This tool is available for free under GPL license.
