Cybersecurity and Network Security Key Concepts for Students

Firewall

These enforce a series of rules defining what kind of network traffic is allowed and what is not allowed

Authentication

The act of verifying the identity of a particular person

What is the difference between a threat and an attack?

Threat is potential - does not need to have occurred

What are the three goals of security?

Prevention, Detection, Recovery

Why is anti-virus not perfect?

Zero-day attacks; Based on signatures for KNOWN malware - lots of variants, etc.

XSS

This occurs when a malicious user utilizes a vulnerable web application to send malicious code to a different end user

File system

This part of the operating system creates and manages files and directories

What is the standard of proof in a criminal case vs a civil case?

Criminal: beyond a reasonable doubt; Civil: preponderance of the evidence AKA more likely than not

What are 4 ways malware can get onto a system?

flashdrives, spam email, emails from infected friends/contacts, malicious websites, infected websites, infected computers on a network, and more

Passwords are stored on a system as these, which vary based on operating system (bonus: how does a system auth a user password attempt?)

Hashes; Bonus: the system will hash the attempt and compare the calculated hash to the stored hash

What is the California Security Breach Act and why is it important?

Requires organizations that maintain PII to inform customers about data breaches - important if you work in the security industry because there are notification requirements and guidelines - STATE GOVERNED

Servers

Systems on a network that include files and/or programs in use by multiple people on or outside a network

Network

Set of devices, software, and cables that enables the exchange of information

Describe two network topologies

Star, Ring, Bus, Mesh

IDS

This device inspects the data of a packet to see if it is malicious in nature

What was the first operating system & service pack to include a firewall enabled by default?

Windows XP SP2

Trojan

Any program that is hidden within another

What is CIA and why is it important?

Confidentiality; Integrity; Availability

What happens when there is not enough RAM for memory?

Virtual memory - AKA pagefile or swapfile

Code Injection

Inserting code into a web application when it should be processing data

OSI or TCP/IP

This model is a set of guidelines used to standardize network processes

What are some examples of layer 6 - presentation?

.doc; .jpg

Thread

The smallest unit of processing that can be scheduled

Phishing

The act of luring a victim to divulge his/her personal or financial information

Program

An executable set of code

Ping

This command is used to test the reachability of a host and measure round-trip time for messages sent from a host to a destination machine

Explain the three way handshake

Hi, I'm here. Are you there. SYN; Yes, I see you're there, I'm here and listening. SYN,ACK; Great! Got your response. Ready to start sending. ACK

What is the purpose of PAR?

Allows receiver to reassemble message and for sender to know which packets may have gotten dropped

What type of user account has complete power over a system?

Super User

Operating System

This part of any computer system is responsible for managing hardware and software resources

Computer Viruses/Worm

Self-replicating computer programs

What does the TCP sliding window do?

Indicates how many segments can be sent before ACK - smaller when the computer is busier and bigger when the computer is idle

What are the 3 three pieces of hardware where data resides on a computer and how long do each of them store it? Bonus: Rank them in order of speed.

CPU - fastest- only holds data for immediate use; RAM - fast - holds data for currently running processes; Hard Drive - slowest - holds data for permanent storage

What is the difference between dynamic and static IP addresses?

Dynamic is assigned via DHCP server/router on the network automatically as hosts connect. Static are assigned by a person to a network interface/system

What are ports?

Like PO boxes - allow the network to direct traffic at a specific program or service

Gateway

A single system in a network that connects to the internet

What are the four layers of the TCP/IP model?

Network, Internet, Transport, Application

What is the different between public and private IP addresses and what is the purpose of each?

Public - purchased from an ISP and paid for - how you connect to the rest of the internet; Private - created by your router within your home network in order to share one public IP address amongst many devices.

What type of encryption uses the same key for encryption and decryption?

Symmetric, DES, AES

What was the first version of Windows designed from a security standpoint? Bonus: What did they do wrong?

Vista; Bonus: went too far to the security side to the point it impacted usability

Name and describe 4 types of malware

spyware, adware, scareware, ransomware, keyloggers

Spearphishing

This is a type of phishing attack aimed at specific inviduals or companies

According to OWASP, this type of web attack is the most common security risk to web applications

Code Injection

Describe the difference between stored and reflected cross site scripting

Stored: code is injected permanently on target servers (databases), victim retrieves malicious script when they request the stored info; Reflected: injected code reflected off of web server. Response includes some or all of input sent to server as part of the request. Delivered to user via email message/other web server, user is Tricked into clicking on malicious link

Social engineering

The science of manipulating human beings to divulge confidential information or take a certain action

What is the difference between top down and bottom up information processing?

Top down: knowledge driven, based on previous experience, goals/expectations drive perception; Bottom up: used when knowledge is lacking, recognition by components, information driven

What are the four steps of a social Engineering attack?

Research, hook, play, exit

Name and describe 4 basic human tendencies

Reciprocity, social proof, consistency, scarcity, liking, authority

Describe the lollipop model vs onion model

Lollipop: perimeter, hard crunchy shell on outside and soft chewy center on inside -> once attacker breaches perimeter, the valuables are exposed; Onion: defense in depth! Layered security architecture that must be peeled away one layer at a time

Access Control Lists (ACLs)

These can be used to control intercommunication between levels of trust

Name and Describe the 4 main components of a secure network topology

Perimeter firewall (between internet and organization); Perimeter network (DMZ- area between perimeter firewall and internal firewall); Internal Firewall (Limits all access to internal network); Internal Network (location of rest of information assets)

Name and describe 6 basic ways to defend your system (both personal and enterprise)

Remove unnecessary hardware, rename admin account and change password, remove unused user accounts, use antivirus and keep it up to date, use software/hardware firewalls, keep OS and applications patched and up to date, use encryption, perform backups routinely, disable USB devices, enforce password policies, set up logging on servers and network, content filtering, application whitelisting, restrict BYOD

Data loss prevention software

This type of software is designed to detect and prevent unauthorized attempts to copy/send sensitive data, intentionally or unintentionally, even if the person is authorized to access the information

Digital Forensics

Using court approved methods to acquire, investigate, and present evidence which allows decision makers to act on knowledge.

Name and describe the difference between the 3 types of investigations

Internal: internal to organization(employee possesses unauthorized documents); Civil: 2 parties in a civil suit(employee sues for wrongful termination); Criminal: criminal lawsuit (employee possesses child porn)

What are the 2 golden rules of forensics?

1.Protect and preserve evidence; 2.Always assume case will go to court

Give a few examples of what are considered "original evidence media"

hard disk, cd rom, SSD, cell phone, tablet, USB flash drive, portable hard drive, email accounts, server

Name one of the items that are required for court admissibility of a hard drive

Bitstream copy (forensic image) of drive; Imaging log recording cryptographic hashes of source drive and image file; Chain of custody document

Info Sec Management

This describes activities relating to protection of information/information assets against risk of loss, misuse, disclosure, or damage and describes controls that organization needs to implement to ensure that risks are being managed

What are some benefits of Risk assessments

Proactive rather than reactive; Help identify vulnerabilities; Help identify threats; Will provide information to form cohesive strategy

What are 2 procedures used for contingency planning

Incident Response (procedure for when infosec incident occurs); Disaster recovery - procedure for when natural/manmade disaster occurs

What are the 3 things that are needed to adequately secure a system? Bonus: What is the weakest link out of the 3?

People, Process, technology; People = Weakest link

Name some characteristics of common law legal systems

Uncodified; Everything is based on precedent; Contest between 2 opposing parties before a judge who moderates; Divided into criminal, civil, and administrative codes; Everyone is innocent until proven guilty

What are the 3 roles of computers in a lawsuit

Computer assisted crime; Computer targeted crime; Computer was incidental

Why is anti-virus not perfect?

Because it's largely signature/known-pattern based, malware variants evolve fast, and "zero-day" malware/vulns can bypass detection

What is a zero-day attack?

An attack that exploits a vulnerability that is unknown to the vendor/public or has no patch available yet (attacked on "day zero" of awareness)

What is a virus?

Malware that attaches to a host file/program and replicates when the host runs (often needs user action to spread)

What is a Trojan?

Malware disguised as legitimate software; it tricks users into running it (typically not self-replicating)

What is a worm?

Self-replicating malware that spreads on its own, often across networks, without needing a host program

What is spyware?

Malware that secretly monitors activity and collects/exfiltrates information (browsing, credentials, files, etc.)

What is adware?

Software that displays unwanted ads and may track user behavior; sometimes bundled with "free" apps

What is scareware?

Fake alerts/warnings designed to scare a user into installing software, paying money, or giving access

What is ransomware?

Malware that encrypts/locks files or systems and demands payment (often a "ransom") to restore access

What is a keylogger?

Malware or a tool that records keystrokes to steal passwords, messages, and other typed data

What is a credential stealer?

Malware that harvests login credentials (usernames/passwords) and may also steal cookies/tokens or saved browser creds

What is a downloader?

Malware whose main job is to fetch and install additional malware payloads onto the system

What is a backdoor?

A hidden method of bypassing normal authentication to regain access to a system later

What is a rootkit?

Malware designed to hide itself and maintain privileged (often admin/root) access, commonly by modifying low-level OS components

What is a RAT?

Remote Access Trojan/Tool: malware that gives an attacker remote control of a victim machine (screen, files, commands, webcam, etc.)

What are some ways that malware can get onto a system?

Phishing attachments/links, malicious downloads, drive-by websites, USB/removable media, infected installers, exploiting unpatched software, compromised network shares, and "trusted" accounts being abused

What is one of the biggest e-mail threats and how does it propagate?

Phishing/social-engineering emails; propagates by tricking users into clicking links, opening attachments, or giving credentials (sometimes spreading to contacts)

What is phishing?

Social engineering that lures a victim into revealing sensitive info (passwords, banking info) or running malicious content by pretending to be a trusted source

What are some ways of identifying phishing threats?

Check sender domain, hover/inspect URLs, look for urgency/threats, poor grammar, unexpected attachments, requests for credentials/payment, mismatched branding, and "too good to be true" offers

What is spearphishing?

Phishing aimed at a specific person/team/company, often using personal details to seem believable

What is SMShing?

Phishing delivered via SMS/text messages (malicious links, fake login pages, etc.)

What are some ways of protecting yourself from malware?

Keep OS/apps patched, use AV/EDR, enable firewalls, avoid unknown links/attachments, disable risky macros, use least privilege, use MFA, back up data, and keep good security awareness habits

What is a SQL injection?

Injecting malicious SQL into an app's input so the database executes unintended commands (read/modify/delete data, bypass logins, etc.)

What is stored XSS?

Cross-site scripting where malicious script is stored on the server (e.g., database/comment field) and served to victims later

What is reflected XSS?

XSS where malicious input is reflected immediately in a web response (often via a crafted link) and runs in the victim's browser

What are rogue access points?

Unauthorized wireless access points connected to a network (or "evil twins") that can bypass controls or intercept traffic

What are Bluetooth attacks?

Attacks abusing Bluetooth pairing/protocol weaknesses to eavesdrop, track devices, inject data, or gain unauthorized access

What are wireless driver attacks?

Attacks exploiting vulnerabilities in Wi-Fi/network drivers or firmware (can lead to crashes, privilege escalation, or remote code execution)

What is Social Engineering?

Manipulating people to divulge confidential info or perform actions they normally shouldn't (e.g., give passwords, run software, transfer money)

What are the types of Information Processing

Top-down (knowledge/expectations-driven perception) vs Bottom-up (data/component-driven recognition when knowledge is limited)

What are the Basic Human Tendencies?

Common "levers" attackers use: reciprocity, social proof, consistency/commitment, scarcity, liking, authority

What are some telltale signs of social engineering?

Urgency, secrecy, bypassing policy, unusual requests, emotional pressure, unexpected contact, requests for credentials, and "verify later" behavior

What are the steps of a Social Engineering attack?

Research (gather info), Hook (initial contact), Play (exploit trust to get action/info), Exit (leave before suspicion; cover tracks)

What are the two security models and which would you recommend?

Lollipop (hard perimeter, soft inside) vs Onion (layered defense/defense-in-depth); recommend Onion because it limits damage after a breach

Rings of Trust

Layered trust zones (inner rings more trusted); access becomes more restricted as you move inward

Perimeter Firewall

Firewall at the edge of the organization network that filters traffic between the internet and the organization