Book 1

privacy

These are rules and tools that protect personal information — like your name, address, or credit card number — from being seen, shared, or used without your permission.

security controls

These are measures that protect systems and data from threats like hackers, viruses, or unauthorized access. They keep your devices and networks safe from attacks.

nist sp 800-30

A special publication that provides guidelines for conducting risk assessments in information systems. It outlines a systematic approach to evaluating risks and recommending suitable security controls.

Adversarial threats (nist)

are potential dangers posed by malicious actors who aim to exploit vulnerabilities in information systems. These threats include hackers, insider threats, and cybercriminals.

accidental threats (nist)

occur when unintended actions lead to security incidents, such as human errors, system failures, or natural disasters. These threats can compromise the integrity and availability of information systems.

structural threats (nist)

represent risks that arise from flaws in system design, architecture, or implementation. These can lead to vulnerabilities that malicious actors may exploit to breach systems.

environmental threats (nist)

refer to risks caused by external factors such as natural disasters, climate change, or other environmental conditions that can impact the security and functionality of information systems.

during the threat identification phase do cs analsysts focus on internal or external factors

external factors then afterwards they focus the assessment inwards

what factors should analysts consider when determining the likelihood of a risk occurring

the likelihood that the adversary will execute an attack against the organization and if the risk occurs the potential impact of that attack

what do NAC help with

limiting network access to authorized individuals and ensuring that systems accessing the organizations network meet basic security requirements

802.1x

standard used to control device access to a network, often part of NAC (Network Access Control).

trigger

When a device connects (wired or wireless), the network challenges it to authenticate using 802.1X.

supplicant

a software on the device trying to connect, responsible for handling authentication

authenticator

a network device such as a switch or wireless access point that receives the request from the supplicant

authenticator server

the backend server (usually radius) that validates the user’s credentials

agent based solutions

require that the network device requesting access to the network run special software designed to communicate with the NAC service.

agentless

conducts authentication in the web browser and does not require special software

in band (inline) solutions

utilize network appliances within the data path to enforce security policies and access control as traffic flows through.

out of band

leverage the existing network infrastructure and have network devices communicate with authentication servers and then reconfigure the network to grant or deny network access as needed

where do network firewalls sit

between the boundaries of networks and provide perimeter security.

screened subnet

a network architecture that uses firewalls to separate an internal network from an external network, enhancing security by controlling access.

what are firewall rules based off of

Access control lists that specify allowed or denied traffic based on various criteria such as IP address, port number, and protocol.

packet filtering firewalls

check the characteristics of each packet against the firewall rules without any additional intelligence to determine whether to allow or block it. They are efficient but can be limited in terms of security features.

stateful inspection firewalls

type of network security system that keeps track of active connections (or "states") as data passes through it.

next generation firewalls

incorporate advanced features such as deep packet inspection, intrusion prevention systems, and application awareness to provide enhanced security beyond traditional firewalls.

Web application firewalls

specialized firewalls designed to protect against web application attacks such as SQL and cross site scripting

what do firewalls use to separate networks of different security levels from each other

network segmentation

DNS sinkhole

a security measure that redirects malicious traffic from a domain to a safe IP address, preventing access to harmful sites.

MAC

offers strict, centralized policies ideal for high-security environments like government and military systems

DAC

provides flexibility, allowing resource owners to manage access, making it better for businesses and collaborative environments.

during what phase does the technical work of a penetration test begin

discovery phase

sandboxing

an approach used to detect malicious software based on it’s behavior rather than it’s signatures. They watch systems and the network for unknown pieces of code in a special environment where it does not have access to other systems or applications

code detonation

is a technique used in cybersecurity to analyze potentially malicious code by executing it in a controlled environment, or 'sandbox', to observe its behavior without affecting live systems.

SHA

A tool that creates a unique fixed-length code (called a hash) from any data, used to verify that the data has not been changed or tampered with.

single pane of glass

A dashboard or interface that shows all important information in one place, so you don’t have to check multiple tools or screens.

soar

A tool or platform that helps security teams automate their work, connect different tools, and respond to threats faster.