Cyber exam two

What is Access Control

determines who can access resources and how

What is Mandatory Access control (MAC)

access based on classification levels, strict,

What is Discretionary access control (DAC)

Owner decides access

what is Role based access control (RBAC)

access based on job roles

what is task-based access control (TBAC)

access based on tasks

what is attribute based access control (ABAC)

access based on attributes(user/system/enviroment)

what is lattice based access control (LBAC)

uses a matrix of permissions

what are the 4 functions of access control?

identification, authentication, authorization, accountability

What is identification

claiming identitiy (username)

what is authentication

something you know(password), something you have(token), something you are (biometric)

what is authorization

what you're allowed to do

What is accountability

tracking actions (logs/audits)

what are biometrics

unique identifiers: fingerprint, retina, iris, dna

what is the false reject rate (FRR)

rejects valid user

what is false accept rate (FAR)

accepts invalid user

what is crossover error rate (CER)

Where FRR and FAR meet

what is a firewall

hardware/software that filters network traffic based on rules

what is a hybrid firewall

combines multiple firewall types

what is a NGFW( Next gen firewall)

advanced filtering + threat detection

What is Unified Threat Managment

All in one security device

what is a Bastion host

single exposed defence system

what is a dual homed host

two network interfaces

what is a screened host

router +firewall combo

what is a screened subnet (DMZ)

most secure, separates public/internal networks

what are the best firewall practices?

allow outbound traffic, block direct public access, block ICMP (ping), use DMZ for web services, deny unverified traffic, block Telnet from outside

what is content filters

restrict access to certain websites/content and use to block non-business or harmful sites

what is a war dialer

finds dial up connections

what is RADIUS

central authentication server

what is TACACS

Centralized authentication system

what is kerberos

uses encryption and tickets for authentication

What is a VPN

secure connection over public network

what is a trusted VPN

has dedicated lines

what is a secure VPN

internet and encryption

what is a hybrid VPN

combination

what is Transport mode for VPN

encrypts data only

what is tunnel mode for a VPN

encrypts entire packet

what is plaintext

original data

what is ciphertext

encrypted data

what is algortihm

encryption method

what is cryptology/cryptography

ology- study of encryption, ography- creating codes

block cipher

encrypts data in blocks

stream cipher

encrypts bit by bit

monoalphabetic vs polyalphabetic

1 alphabet vs multiple alphabets

What is a Vigenère cipher?

advanced polyalphabetic

what is a transposition cipher

rearranges data

what is the System development life cycle

method for building systems. phases: invesitagtion, analysis, logical design, physical design, implementation

security design principles

least privilege, separation of privilege, fail-safe defaults, economy of mechanism, open design

what is the work breakdown structure

breaks project into tasks: tasks, people, timeline, cost, dependencies

what is a direct conversion strategy

immediate switch

what is a phased conversion strategy

gradual change

what is the pilot conversion strategy

test version first

what is the parallel convesrion strategy

old and new together

what is the bulls eye model

1. policies, 2. networks, 3. systems, 4. applications

what is the Lewin model

unfreezing, moving, refreezing

what is security maintenance

continuous monitoring and updates: adjust for new threats, employees, systems

what is a vulnerability assessment

find weaknesses

what is pen testing

simulate attacks

what are risk responses

accept, transfer mititgate

what is physcial secutiy

protects physical assets from unauthrotized access

what is intrusion

unauthorized access attempt

what is detection

identifying attack

what is prevention

stopping attack

What is a reaction?

responding

what is correction

fixing damage

what is NIDPS

Network based IDPS

What is IDPS process model

Information Sources, Analysis, Response

What is a HIDPS?

host based IDPS

What is a network behavior analysis

Network Behavior Analysis (NBA) is a cybersecurity technique that monitors and analyzes network traffic to detect anomalies and potential security threats.

what is signature based detection methods

looks for known attack patterns, fast but cant detect new threats

what is anomaly based detection methods

detects unusual behavior, can catch new attacks, more false positives

what is stateful protocol analysis

understands how protocols should behave, detects abnormal usage, deep packet inspection

what is SIEM (Security Information and Event Management)

collects and analyzes security data, helps detect and respond to threats, the central brain of security monitoring, (example: login failed 50 times + unusal IP = alert)

what is cryptanalysis

breaking codes

XOR encryption

same bits -> 0 different bits ->1

Hashing

Process of converting data into a fixed-size value, used for passwords and integrity checks

Symmetric Encryption

An encryption method whereby the same key is used to encode and to decode the message, fast but risky, private key

Asymmetric Encryption

two keys are used; one key encodes the message, and the other key decodes the message, one public one private, slower but more secure

what replaced the data encryption standard

advances encryption standard

bigger key = ____ security

stronger

security is ongoing not one time, it must adapts to what three things

new threats

new systems

organizational changes

security maintenance model

External monitoring

Internal monitoring

Planning and risk assessment

Vulnerability assessment and remediation

Readiness and review

what are all the access control approaches

MAC, DAC, RBAC, TBAC, ABAC, LBAC

what are the 4 functions of access control

identification, authentication, authorization, accountability

what are the firewall processing modes

packet filtering, application proxy, circuit gateway, MAC layer, Hybrid

what are the firewall selection factors

1. (protection)

2. cost

security level, ease of configuration, scalability, staff expertise

packet-filtering firewall

examines each part of a message and determines whether to let that part pass

Application Proxy Firewall

An advanced firewall that processes all traffic between two systems. Instead of allowing a direct connection between two systems, the proxy connects to each system separately and passes filtered traffic to the destination based on filtering rules.

Circuit gateway firewall

Creates tunnels connecting specific processes or systems on each side of the firewall, and allow only authorized traffic in the tunnel.

MAC Layer Firewalls

Designed to operate at media access control sublayer of network's data link layer

Hybrid Firewalls

Combine elements of other types of firewalls, that is, elements of packet filtering and proxy services, or of packet filtering and circuit gateways

What is the most important firewall architecture

screened subnet(DMZ)

What is Kerberos?

authentication system using tickets and encryption and uses third party authentication server

What is the purpose of IDPS, intrusion Detection and Prevention System

detect attacks, prevent attacks, respond to attacks, restore systems. (think: detect,stop,fix)

IDPS Components

detection, prevention,reaction, correction, response

why should you use idps

detect attacks early, prevent damage, provide logs/evidence, improve security

advantages of HIDPS

sees encrypted traffic, detects local attacks

Disadvantages of HIDPS

uses resources, hard to manage, slows system

what does public key infrastucture provide

authentication, integrity, confidentiality, nonrepudiation

what are the differences in digital signature and digital certificate

signature- proves sender, certificate- verifies identitiy

what are the sdlc phases in order

1. investigation 2. analysis 3. logical design 4. physical design 5. Implementation 6. Maintenance