MODULE 2 : SECURING NETWORKS

security breaches

Network ___________ can disrupt e-commerce, cause the loss of business data, threaten people’s privacy, and compromise the integrity of information

network security

relates directly to an organization's business continuity

attack vector

is a path by which a threat actor can gain access to a server, host, or network. it originate from inside or outside the corporate network

dos attack

occurs when a network device or application is incapacitated and no longer capable of supporting requests from legitimate users.

internal threat

have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices

data

is likely to be an organization’s most valuable asset

organizational data

can include research and development data, sales data, financial data, human resource and legal data, employee data, contractor data, and customer data.

data exfiltration

is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world

email/social networking

The most common vector for data loss includes instant messaging software and social media sites. For instance, intercepted email or IM messages could be captured and reveal confidential information.

unencrypted devices

A stolen corporate laptop typically contains confidential organizational data. If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data.

cloud storage devices

Saving data to the cloud has many potential benefits. However, sensitive data can be lost if access to the cloud is compromised due to weak security settings.

removable media

One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost.

hard copy

Corporate data should be disposed of thoroughly. For example, confidential data should be shredded when no longer required. Otherwise, a thief could retrieve discarded reports and gain valuable information.

improper access control

Passwords are the first line of defense. Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to corporate data.

threat

A potential danger to an asset such as data or the network itself.

vulnerability

A weakness in a system or its design that could be exploited by a threat.

attack surface

is the total sum of the vulnerabilities in a given system that are accessible to an attacker

exploit

The mechanism that is used to leverage a vulnerability to compromise an asset

remote exploit

is one that works over the network without any prior access to the target system

risk

The likelihood that a particular threat will exploit a particular vulnerability of an asset and result in an undesirable consequence.

risk management

is the process that balances the operational costs of providing protective measures with the gains achieved by protecting the asset

risk acceptance

This is when the cost of risk management options outweighs the cost of the risk itself. The risk is accepted, and no action is taken.

risk avoidance

This means avoiding any exposure to the risk by eliminating the activity or device that presents the risk. By eliminating an activity to avoid risk, any benefits that are possible from the activity are also lost.

risk reduction

This reduces exposure to risk or reducing the impact of risk by taking action to decrease the risk. It is the most commonly used risk mitigation strategy. This strategy requires careful evaluation of the costs of loss, the mitigation strategy, and the benefits gained from the operation or activity that is at risk.

risk transfer

Some or all of the risk is transferred to a willing third party such as an insurance company.

countermeasure

The actions that are taken to protect assets by mitigating a threat or reducing risk.

impact

The potential damage to the organization that is caused by the threat.

hacker

is a common term used to describe a threat actor

hacker

a clever programmer capable of developing new programs and coding changes to existing programs to make them more efficient.

corporate network

Attack vectors originate from inside or outside the _______

white hat hacker

are ethical hackers who use their programming skills for good, ethical, and legal purposes

grey hat hacker

are individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage

black hat hacker

are unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks

phreaking

Hacking started in the 1960s with _____, which refers to using various audio frequencies to manipulate phone systems

war dialing

In the mid-1980s, computer dial-up modems were used to connect computers to networks. Threat actors wrote “_______” programs which dialed each telephone number in a given area in search of computers, bulletin board systems, and fax machines

script kiddies

emerged in the 1990s and refers to teenagers or inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically not for profit.

vulnerability brokers

typically refers to grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.

hacktivists

is a term that refers to grey hat hackers who rally and protest against different political and social ideas

cybercriminal

is a term for black hat hackers who are either self-employed or working for large cybercrime organizations

state-sponsored hackers

are threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations

indicators of attack

focus more on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets