comptia

Authentication

Proving you are who you say you are

Authorization

After proving who you are, you need to get access to your data/services

Accounting

Keeping track on who has been authenticated

Data in transit

data going through a network

data in use

any data being actively used in the process

Non-repudiation

A sender cannot deny having sent a message

operational control

security controls implemented by people

managerial control

“a manager decided to do this”

deterrent

security measure to discourage attackers from violating security policies

preventative

measures to prevent security accidents from happening in the first place (proactiveness)

corrective

mitigates the damage that has been done (data backups)

compensating

recognizing shortcomings by implementing alternative measures

directive

a control type to enforce a rule of behavior

Nation State

(skill level, resources, motivation)

High, high, national interests/war/espionage/disruption

Organized Crime

(skill level, resources, motivation)

high, high, money

Hactivists

(skill level, resources, motivation)

moderate, moderate, political/ethics/disruption

Insider Threat

(skill level, resources, motivation)

moderate, low, revenge/blackmail/disruption

Unskilled attacker

(skill level, resources, motivation)

low, low, disruption/prestige

Shadow IT

(skill level, resources, motivation)

low/moderate, low, prestige

Phishing

Email social engineering attack

spoofing

attacker disguises themselves as a trusted source

whaling

attacker targets high profile individuals like CEO

advanced persistent threat

when an attacker gains access to a network and uses it for a long period of time without being detected

dictionary attack

attackers try a predefined list of common password phrases to gain access to an account

password spraying

trying a known good password to the user’s different accounts

birthday attack (cryptographic)

when attackers find two different pieces of data to try to create the same hash (fingerprint)

finding collision usually probabilities

known plaintext attack

when an attacker has access to the plaintext (unencrypted) and their cipher texts (encrypted) so they can figure out the key

known ciphertext attack

attacker knows ciphertext but no access to the plaintext

rainbow table

A rainbow table is a precomputed table of passwords and their hashes that attackers use to quickly find the original password when they have the hash.

Man in the middle attack (on-path)

When an attacker is between two targets, monitoring and intercepting messages that are being sent between them

DNS Poisoning

DNS poisoning is when attackers corrupt a DNS server or its cache to redirect users from a legitimate website to a fake or malicious one, without the user realizing it.

Domain name server

A DNS server is the server that translates a website name (like www.google.com) into its IP address, which tells your computer where the website’s server is located on the internet.

IP

Internet protocol

Unique set of number identifiers that identifies where a device or server is on a network

MAC

A MAC address (Media Access Control address) is a unique identifier assigned to a device’s physical network hardware

ARP Poisoning

ARP poisoning is when the Address Resolution Protocol (ARP) is manipulated so that your device sends data to the attacker’s MAC address instead of the legitimate device

ARP

Address Resolution Protocol

A protocol that matches an IP address to a MAC address on a network

🧠 Why It’s Needed:

• Devices know IP addresses (like 192.168.1.10),

• But to actually send data, they need the MAC address of the destination device

That’s where ARP comes in.

denial of service

one person overwhelming a server to where it doesn’t work

distributed denial of service attack

a number of different hosts targeting one target with too much information

application attack (application attack)

When an attacker makes a small request and makes the server send a huge amount of data to the victim to overwhelm and crash the victim’s system.

buffer

block of memory that contains information coming in for our user that is hold for processing

buffer overflow

when a program tries to store more data than the memory can handle, causing the data to spill into nearby memory

virus vs worm

• • Virus = Needs a host file + user action (e.g., clicking)

  • Worm = Spreads on its own, no need for you to do anything

trojan

malware that is hidden in software or is pretending to be something else

back door

hidden way to bypass security measures

remote access trojan

type of trojan allows attacker to have secret remote control over your computer

keyloggers

hardware/software that records the keystrokes of a user

spyware

software that collects all the information that a user is doing on their computer

logic bomb

code that is secretly incorporated into a software and is set to execute when a specific condition is met

cross site request forgery (CSRF)

is when an attacker tricks a user’s browser or a website into performing unwanted actions on a trusted site without the user knowing, by taking advantage of the fact that the user is already logged in.

directory traversal

when an attacker tries to access folders or files outside the intended directory by manipulating the file path (../)

pass the hash

when an attacker uses a stolen password hash to login to a user’s account without needing the actual password

replay attack

when an attacker captures a valid request from website (like a login) and then resends it to trick a system into repeating the same action — without needing your login or permission.

skimming

device is attached to an ATM reader to steal card information

cross site scripting (XSS)

XSS (Cross-Site Scripting) is when a hacker injects malicious code (usually JavaScript) into a trusted website, which then runs in the browsers of other users who visit that site.

Reflected XSS

an attacker injects bad script into a link and when a user clicks on it, the site runs that script

Stored XSS

when a hacker puts bad code into a website and it gets stored in the website database. It then harms other users visit the site, as the code automatically runs in their browser.