Cybersecurity and Network Security Key Concepts for Students

Firewall

These enforce a series of rules defining what kind of network traffic is allowed and what is not allowed

Authentication

The act of verifying the identity of a particular person

What is the difference between a threat and an attack?

Threat is potential - does not need to have occurred

What are the three goals of security?

Prevention, Detection, Recovery

Why is anti-virus not perfect?

Zero-day attacks; Based on signatures for KNOWN malware - lots of variants, etc.

XSS

This occurs when a malicious user utilizes a vulnerable web application to send malicious code to a different end user

File system

This part of the operating system creates and manages files and directories

What is the standard of proof in a criminal case vs a civil case?

Criminal: beyond a reasonable doubt; Civil: preponderance of the evidence AKA more likely than not

What are 4 ways malware can get onto a system?

flashdrives, spam email, emails from infected friends/contacts, malicious websites, infected websites, infected computers on a network, and more

Passwords are stored on a system as these, which vary based on operating system (bonus: how does a system auth a user password attempt?)

Hashes; Bonus: the system will hash the attempt and compare the calculated hash to the stored hash

What is the California Security Breach Act and why is it important?

Requires organizations that maintain PII to inform customers about data breaches - important if you work in the security industry because there are notification requirements and guidelines - STATE GOVERNED

Servers

Systems on a network that include files and/or programs in use by multiple people on or outside a network

Network

Set of devices, software, and cables that enables the exchange of information

Describe two network topologies

Star, Ring, Bus, Mesh

IDS

This device inspects the data of a packet to see if it is malicious in nature

What was the first operating system & service pack to include a firewall enabled by default?

Windows XP SP2

Trojan

Any program that is hidden within another

What is CIA and why is it important?

Confidentiality; Integrity; Availability

What happens when there is not enough RAM for memory?

Virtual memory - AKA pagefile or swapfile

Code Injection

Inserting code into a web application when it should be processing data

OSI or TCP/IP

This model is a set of guidelines used to standardize network processes

What are some examples of layer 6 - presentation?

.doc; .jpg

Thread

The smallest unit of processing that can be scheduled

Phishing

The act of luring a victim to divulge his/her personal or financial information

Program

An executable set of code

Ping

This command is used to test the reachability of a host and measure round-trip time for messages sent from a host to a destination machine

Explain the three way handshake

Hi, I'm here. Are you there. SYN; Yes, I see you're there, I'm here and listening. SYN,ACK; Great! Got your response. Ready to start sending. ACK

What is the purpose of PAR?

Allows receiver to reassemble message and for sender to know which packets may have gotten dropped

What type of user account has complete power over a system?

Super User

Operating System

This part of any computer system is responsible for managing hardware and software resources

Computer Viruses/Worm

Self-replicating computer programs

What does the TCP sliding window do?

Indicates how many segments can be sent before ACK - smaller when the computer is busier and bigger when the computer is idle

What are the 3 three pieces of hardware where data resides on a computer and how long do each of them store it? Bonus: Rank them in order of speed.

CPU - fastest- only holds data for immediate use; RAM - fast - holds data for currently running processes; Hard Drive - slowest - holds data for permanent storage

What is the difference between dynamic and static IP addresses?

Dynamic is assigned via DHCP server/router on the network automatically as hosts connect. Static are assigned by a person to a network interface/system

What are ports?

Like PO boxes - allow the network to direct traffic at a specific program or service

Gateway

A single system in a network that connects to the internet

What are the four layers of the TCP/IP model?

Network, Internet, Transport, Application

What is the different between public and private IP addresses and what is the purpose of each?

Public - purchased from an ISP and paid for - how you connect to the rest of the internet; Private - created by your router within your home network in order to share one public IP address amongst many devices.

What type of encryption uses the same key for encryption and decryption?

Symmetric, DES, AES

What was the first version of Windows designed from a security standpoint? Bonus: What did they do wrong?

Vista; Bonus: went too far to the security side to the point it impacted usability

Name and describe 4 types of malware

spyware, adware, scareware, ransomware, keyloggers, credential stealer, downloader, backdoor, rootlet, remote administration tool

Spearphishing

This is a type of phishing attack aimed at specific inviduals or companies

According to OWASP, this type of web attack is the most common security risk to web applications

Code Injection

Describe the difference between stored and reflected cross site scripting

Stored: code is injected permanently on target servers (databases), victim retrieves malicious script when they request the stored info; Reflected: injected code reflected off of web server. Response includes some or all of input sent to server as part of the request. Delivered to user via email message/other web server, user is Tricked into clicking on malicious link

Social engineering

The science of manipulating human beings to divulge confidential information or take a certain action

What is the difference between top down and bottom up information processing?

Top down: knowledge driven, based on previous experience, goals/expectations drive perception; Bottom up: used when knowledge is lacking, recognition by components, information driven

What are the four steps of a social Engineering attack?

Research, hook, play, exit

Name and describe 4 basic human tendencies

Reciprocity, social proof, consistency, scarcity, liking, authority

Describe the lollipop model vs onion model

Lollipop: perimeter, hard crunchy shell on outside and soft chewy center on inside -> once attacker breaches perimeter, the valuables are exposed; Onion: defense in depth! Layered security architecture that must be peeled away one layer at a time

Access Control Lists (ACLs)

These can be used to control intercommunication between levels of trust

Name and Describe the 4 main components of a secure network topology

Perimeter firewall (between internet and organization); Perimeter network (DMZ- area between perimeter firewall and internal firewall); Internal Firewall (Limits all access to internal network); Internal Network (location of rest of information assets)

Name and describe 6 basic ways to defend your system (both personal and enterprise)

Remove unnecessary hardware, rename admin account and change password, remove unused user accounts, use antivirus and keep it up to date, use software/hardware firewalls, keep OS and applications patched and up to date, use encryption, perform backups routinely, disable USB devices, enforce password policies, set up logging on servers and network, content filtering, application whitelisting, restrict BYOD

Data loss prevention software

This type of software is designed to detect and prevent unauthorized attempts to copy/send sensitive data, intentionally or unintentionally, even if the person is authorized to access the information

Digital Forensics

Using court approved methods to acquire, investigate, and present evidence which allows decision makers to act on knowledge.

Name and describe the difference between the 3 types of investigations

Internal: internal to organization(employee possesses unauthorized documents); Civil: 2 parties in a civil suit(employee sues for wrongful termination); Criminal: criminal lawsuit (employee possesses child porn)

What are the 2 golden rules of forensics?

1.Protect and preserve evidence; 2.Always assume case will go to court

Give a few examples of what are considered "original evidence media"

hard disk, cd rom, SSD, cell phone, tablet, USB flash drive, portable hard drive, email accounts, server

Name one of the items that are required for court admissibility of a hard drive

Bitstream copy (forensic image) of drive; Imaging log recording cryptographic hashes of source drive and image file; Chain of custody document

Info Sec Management

This describes activities relating to protection of information/information assets against risk of loss, misuse, disclosure, or damage and describes controls that organization needs to implement to ensure that risks are being managed

What are some benefits of Risk assessments

Proactive rather than reactive; Help identify vulnerabilities; Help identify threats; Will provide information to form cohesive strategy

What are 2 procedures used for contingency planning

Incident Response (procedure for when infosec incident occurs); Disaster recovery - procedure for when natural/manmade disaster occurs

What are the 3 things that are needed to adequately secure a system? Bonus: What is the weakest link out of the 3?

People, Process, technology; People = Weakest link

Name some characteristics of common law legal systems

Uncodified; Everything is based on precedent; Contest between 2 opposing parties before a judge who moderates; Divided into criminal, civil, and administrative codes; Everyone is innocent until proven guilty

What are the 3 roles of computers in a lawsuit

Computer assisted crime; Computer targeted crime; Computer was incidental