Cybersecurity Flashcards

Flashcards based on lecture notes about cybersecurity.

Intrusion Detection System (IDS)

A network monitoring tool that identifies potential threats by analyzing network traffic and system logs; it is passive and logs and alerts administrators.

Network-Based IDS (NIDS)

Monitors entire network traffic in order to detect potential threats.

Host-Based IDS (HIDS)

Monitors specific devices or servers for potential threats.

Intrusion Prevention System (IPS)

A security tool that actively prevents threats by blocking malicious activities; it acts as a gatekeeper inline with network traffic.

Network-Based IPS (NIPS)

Blocks threats within the network.

Host-Based IPS (HIPS)

Protects individual devices from attacks.

Content-Based IPS

Scans data packets for harmful content.

Signature-Based Detection

Compares network traffic against a database of known attack patterns (signatures).

Anomaly-Based Detection

Establishes a baseline of normal network behavior and flags deviations as potential threats.

Behavioral Analysis

Monitors user activity to identify unusual patterns.

Protocol Analysis

Analyzes network protocols to identify unauthorized actions.

Perimeter Security Layer

Protects the network boundary using firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor and control incoming and outgoing traffic.

Firewall

A security device or software that monitors and controls incoming and outgoing network traffic based on predetermined rules and acts as a barrier between a trusted internal network and untrusted external networks.

SIEM (Security Information and Event Management)

A system that collects, analyzes, and correlates log data from multiple sources to identify potential threats and centralizes data for security monitoring and incident response.

Stateful Inspection

Monitors the state of active connections and uses this information to determine which network packets to allow or deny.

Proxy Firewalls

Acts as an intermediary between users and the internet and filters requests based on application-layer protocols.

Next-Generation Firewall (NGFW)

Combines traditional firewall functions with advanced features like deep packet inspection, intrusion prevention, and application control.

Unified Threat Management (UTM)

Combines multiple security functions (firewall, antivirus, intrusion detection) into a single system.

Threat Intelligence Integration

Incorporates external threat data to identify emerging attack patterns.

Automated Incident Response

Executes pre-defined actions in response to specific alerts.

Machine Learning and Behavioral Analysis

Identifies patterns and anomalies that deviate from baseline network activity.

Log Correlation and Data Visualization

Cross-references data from multiple systems to identify complex attack vectors.

Zero-Day Attacks

A cyberattack that exploits a newly discovered vulnerability in software or hardware.

Advanced Persistent Threats (APT)

Sustained attacks where attackers infiltrate a network and remain undetected for extended periods.

Incident response

Refers to the steps taken by an organization to detect, respond to, and recover from security threats or breaches with the objective to minimize damage, reduce recovery time, and prevent future incidents.

Preparation Phase

Establish a strong foundation to handle incidents effectively by developing IRP, assigning roles, implementing security tools and providing regular training.

Detection Phase

Identify and confirm security incidents quickly via Network Monitoring, Log Analysis, User Behavior Analysis or Endpoint Security.

Containment Phase

Isolate the threat to prevent further damage.

Recovery Phase

Restore systems to normal operations securely via Data Restoration, System Reinstallation, Vulnerability Patching, Incident Reporting and Post-Incident Analysis.

Forensic Analysis

Collect and analyze data to trace the origin of the attack using Wireshark or FTK.

Escalation Procedures

Determine when to escalate incidents to senior management or law enforcement.

Communication Plans

Establish guidelines for communicating with stakeholders during and after an incident and include templates for internal notifications and external press releases.

Security training

Helps employees and students learn how to recognize and respond to threats and includes cyberattacks, evacuation plans, safe online behavior, and how to react quickly in an emergency.

Security Drill

A practice run for a real-life emergency or security issue.