IT Security: Defense against the digital dark arts

Q: What is the CIA Triad?

A: The CIA Triad consists of Confidentiality and Integrity and Availability.

Q: What is the difference between a vulnerability and an exploit?

A: A vulnerability is a flaw in a system that could be exploited to compromise it and an exploit is software used to take advantage of a security bug or vulnerability.

Q: What are the two types of hackers mentioned?

A: The two types of hackers mentioned are black hat hackers who try to get into systems maliciously and white hat hackers who find weaknesses to fix them before others can do harm.

Q: What is encryption?

A: Encryption is the act of taking plaintext and applying a cipher to it to receive a garbled and unreadable message called ciphertext.

Q: What is the difference between identification and authentication?

A: Identification is the idea of describing an entity uniquely and authentication is the process of proving you are who you claim to be.

Q: What is multi-factor authentication?

A: Multi-factor authentication is a system where users are authenticated by presenting multiple pieces of information or objects such as something you know and something you have and something you are.

Q: What is an access control list (ACL)?

A: An access control list is a way of defining permissions or authorizations for objects and a common example is file system permissions.

Q: What is network hardening?

A: Network hardening is the process of securing a network by reducing its potential vulnerabilities through configuration changes and taking specific steps.

Q: What is implicit deny?

A: Implicit deny is a network security concept where anything not explicitly permitted or allowed should be denied.

Q: What is an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?

A: An IDS system is only a detection system and won't block an attack and an IPS system can adjust firewall rules on the fly to block or drop malicious traffic.

Q: What is an attack vector and an attack surface?

A: An attack vector is a method by which an attacker gains access to a network or system and an attack surface is the sum of all the different attack vectors in a system.

Q: What is defense in depth?

A: Defense in depth is the concept of having multiple and overlapping systems of defense to protect IT systems.

Q: What is a host-based firewall?

A: A host-based firewall protects individual hosts from being compromised when they are used in untrusted and potentially malicious environments.

Q: What is system hardening?

A: System hardening is the practice of securing a system by reducing its attack surface and disabling unnecessary components and disabling all accounts you don't use.

Q: What is a password attack?

A: Password attacks use software like password-crackers that try and guess your password using methods such as a brute force attack or a dictionary attack.

Q: What is a Trojan?

A: A Trojan is a piece of malware that is disguised as something useful but it contains a malicious payload that is released when the software is run.

Q: What is a substitution cipher?

A: A substitution cipher is an encryption technique where characters or units of plaintext are substituted with a fixed system.

Q: What is hashing?

A: Hashing is a one-way encryption method that is not meant to be decrypted and is used to verify the integrity of a message.

Q: What is a public key certificate?

A: A public key certificate is a digital certificate that is used to verify that a public key belongs to a certain entity and is a key component of public key infrastructure.

Q: What is a spoofing attack?

A: A spoofing attack is when a source masquerades around as something else such as an email address or an IP address or a website.

Q: What is a rootkit?

A: A rootkit is software that is designed to allow attackers to access a system and mask their presence.

Q: What is a hardware security module (HSM)?

A: An HSM is an external hardware device that manages and stores digital keys and provides cryptographic acceleration.

Q: What is a Trusted Platform Module (TPM)?

A: A TPM is a hardware device that is integrated into a computer and offers secure generation of keys and random number generation and remote attestation and data binding and sealing.

Q: What is defense in depth?

A: Defense in depth is the concept of having multiple and overlapping systems of defense to protect IT systems.