CYSA+ Ch. 1-2

Confidentiality

Ensures that unauthorized individuals are not able to gain access to sensitive information

Integrity

Ensures that there are no unauthorized modifications to information or systems, whether intentionally or unintentionally.

Availability

Ensures that information and systems are ready to meet the needs of legitimate users at the time they request them

Privacy

focuses on the ways an organization can use and share information collected about individuals

Vulnerability

A weakness in a device, system, application, or process that might allow an attack to take place. Vulnerabilities are internal factors that cybersecurity professionals can control (e.g., upgrading outdated software).

Threat

An outside force that may exploit a vulnerability. Threats can be malicious (e.g., a hacker) or nonmalicious (e.g., an earthquake

Risk

The combination of a threat and a corresponding vulnerability

Adversarial Threat

Individuals, groups, or organizations deliberately attempting to undermine security (e.g., nation-states, trusted insiders, competitors).

Accidental Threat

Individuals mistakenly performing an action that undermines security during routine work (e.g., a system administrator accidentally deleting a critical disk volume).

Structural Threat

Equipment, software, or environmental controls failing due to resource exhaustion, exceeding operational capability (extreme heat), or age.

Environmental Threat

Natural or human-made disasters outside organizational control (e.g., fires, severe storms, power failures).

Technical controls

Systems, devices, software, and settings that enforce CIA requirements (e.g., secure network building, endpoint security).

Operational controls

Practices and procedures that bolster cybersecurity (e.g., conducting penetration testing, using reverse engineering).

Network Access Control (NAC)

Limiting network access to authorized individuals & Ensuring that systems accessing the network meet basic security requirements.

Triple-homed Firewalls

connect to three different networks: the Internet, the internal network, and a special network known as the demilitarized zone (DMZ) or screened subnet

DMZ

A network zone designed to house systems that receive outside connections (e.g., web and email servers). Placing these systems here isolates them, so if they are compromised, they pose little threat to the internal network.

Rule Base/ACL

Firewalls evaluate connection requests against a rule base, which is an access control list (ACL).

Default Deny Principle

If there is no rule explicitly allowing a connection, the firewall will deny that connection

Port 20,21

FTP

Port 22

SSH

Port 23

Telnet

Port 25

SMTP

Port 53

DNS

Port 80

HTTP

Port 443

HTTPS

Packet filtering firewalls

checking only packet characteristics against rules; often found in routers.

Stateful inspection firewalls

Maintain information about the state of each connection; the most basic standalone firewall products

Next-generation firewalls (NGFWs)

Incorporate contextual information about users, applications, and business processes; current state-of-the-art.

Web application firewalls (WAFs)

Specialized firewalls designed to protect against web application attacks (e.g., SQL injection, cross-site scripting).

Jump Box

A server placed in a screened subnet to act as a secure transition point between networks, providing a trusted path.

Honeypots

Systems designed by experts to falsely appear vulnerable and lucrative to attackers. They simulate a successful attack and monitor activity to learn attacker intentions

DNS Sinkholes

Feed false information to malicious software.

Hardening

involves making configurations as attack-resistant as possible.

Compensating Controls

Alternate means

Mandatory Access Control (MAC)

administrators set all security permissions, and end users cannot modify them

Discretionary Access Control (DAC)

the file owner controls the permissions

Sandboxing

An approach used to detect malicious software based on its behavior rather than signatures. It is then isolated

Cybersecurity Automation (SOAR)

provide many opportunities to automate tasks that cross multiple systems.

Application Programming Interfaces (APIs)

the primary means of integrating diverse security tools. allow programmatic interaction with services, often performing the same actions as web-based interfaces, but enabling code to automate those actions

Webhooks

send a signal from one application to another using a web request (e.g., triggering a vulnerability scan when a new vulnerability is reported by a threat intelligence platform).

Decompiler

Attempts to recover source code from binary code.

Firewall

Filters network connections based on source, destination, and port.

Serverless computing

Describes cloud computing, often specifically Function as a Service (FaaS), which relies on a system that executes functions only as they are called (AWS, Azure)

Virtualization

Uses software to run virtual computers on underlying real hardware, allowing multiple operating systems to act as if they are on their own separate hardware.

Containerization

Provides application-level virtualization by packaging applications with their own required components (libraries, configuration files, etc.) into a dedicated, lightweight, and portable environment.

Windows Registry

A critical database that contains operating system settings used by programs, services, drivers, and the OS itself

Common Windows Configuration File Location

Directories where configuration information is often stored on Windows systems (C:\ProgramData\ or C:\Program Files\)

Common Linux Configuration File Location

(/etc/ directory)

Intrusion Prevention Systems (IPSs)

Security devices that can detect and actively stop attacks.

Intrusion Detection Systems (IDSs)

Security devices that detect attacks and alarm or notify security staff

Unified Threat Management (UTM) devices

Devices that combine a number of security services into one solution

Virtual Private Cloud (VPC)

An option provided by cloud service providers that builds an on-demand, semi-isolated environment, typically on a private subnet.

Hybrid Network Architecture

Network architecture that combines both on-premises and cloud infrastructure and systems.

Network Segmentation

The separation of networks or systems to provide a layered defense, which can reduce the attack surface and limit the scope of regulatory compliance efforts.

Air Gap

A type of physical segmentation that ensures there is absolutely no connection between infrastructures

Jump Box (Jump Server)

A system that resides in a segmented environment and is used to access and manage the devices in that segment

Virtual Private Network (VPN)

A common means of providing remote access that uses encryption to provide a secure connection between a system/device and a network

Software-Defined Networking (SDN)

Technology that makes networks programmable, allowing network resources and traffic to be controlled centrally with more intelligence than traditional physical networks.

Zero Trust

A modern security architecture concept that removes inherent trust in systems, services, and individuals inside security boundaries, moving security further toward deeply layered models.

Secure Access Service Edge (SASE)

A network architecture design that uses software-defined wide area networking (SD-WAN) combined with security functionality (like CASBs and zero trust) to secure the network at the endpoint and network layer

SAML

An XML-based language used to send authentication and authorization data between IDPs and SPs to enable single sign-on.

Cloud Access Security Broker (CASB)

Policy enforcement points (local or cloud-based) that enforce security policies when cloud resources and services are used

Public Key Infrastructure (PKI)

Used to issue cryptographic certificates for encryption, authentication, and code signing, relying on asymmetric encryption.