Confidentiality: encryption. Ensures that data is not disclosed to unintended people

Integrity: hashing. Ensures data not messed with

Availability: uptime of system to make data available. 

Non-repudiation: digital signature enforced. Validation of a message’s origin.

Security: protection against danger, damage, loss and criminal activity

Asset: value to individual/organization

Threat: Anything that has the potential to cause the loss of an asset.

Threat Agent: person/entity that attempts to carry out a threat

Vulnerability:weakness in system

Exploit: act/procedure/piece of software that takes advantage of vulnerability to carry out attack.

Seven layers of Security:

1. Policies, procedures, and awareness: user ed. Manage network plans, employee onboarding/off-bourding

2. Physical: Locks, cameras, motion detectors, environ controls

3. Perimeter: Firewalls using ACLs and securing wireless network

4. Network: installation/configuration OS switches/routers, usings VLANs, penetration testing, and virtualization use

5. Host: log management, OS hardening(using security measures and patching for operating systems) auditing, anti-malware, password attack prevention on everything.

6. Application: authentication/authorization, user management, group policies, web application

7. Data:proper data storage, destroying and classifying data, cryptography, and data transmission security.

2.1

Threat Actor Types: 

• Targeted attack: threat actors actively pursue and compromise a target entities infrastructure while remaining anonymous

• Opportunistic attack: as fast as possible with minimal effort

• Insider: threat agent who has authorized access to an organization and either on purpose or not, carries out an attack

• Competitor: carries out attack on behalf of organization and targets competing companies

• Hacker: threat agent who uses technical knowledge to bypass security, exploit a vulnerability and  gain access to protected information

• Cybercriminal: subcategories of hacker threat agents. Willing to take more risk and use more extreme tactics for financial gain.

• National state: sovereign state threat agent that could wage all-out war on a target and have significant resources for the attack.

• Internal threat: threat from individuals (insiders) who exploit assigned privileges and inside info to carry out attack

• External threat: threat from individuals/groups not associated with organization. Seek unauthorized access to data.

• Persistent threat: seeks access to network + remain there undetected

• Non-persistent threat: focusses on getting into the system and stealing info. Usually one-time event, atter not concerned with detection

• Open-Source intelligence (OSINT): info that is available to public and doesn't require malicious activity to obtain

• White hat: uses skills/knowledge for defensive purposes only. Interacts with systems when permission is given

• Black hat: uses skills/knowledge for illegal/malicious purposes

• Grey hat: middle of black and white hat hacker. Usually has good intentions.

• Script kiddie: uses scripts/programs made by more skilled hackers

• Hacktavist: politically motivated. Seek information or to cripple an organization/gov. usually work alone

• Organized crime: group of cybercriminals whose main goal is financial gain.

• Nation state: most organized, well-funded, and dangerous type of threat actor. Two types, obtaining info and crippling systems. 

The steps in a general attack strategy are reconnaissance, breaching, escalating privileges, staging, and exploiting.

2.2

Vocab: 

• Malware: software designed to take over/damage a computer without user knowledge/consent

• Virus: program which attempts to damage computer systems and replicate itself to other computers

• Worm: self-replicating malware program

• Trojan horse: malicious program that’s disguised as legitimate/desirable software

• Zombie: computer that’s infected with malware and controlled by command/control center called zombie master

• Botnet: group of zombie computers that are commanded from central control infrastructure

• Rootkit: set of programs that allow attackers to maintain hidden, admin level access

• Logic Bomb: malware designed to execute only under predefined conditions. Dominant until predefined conditions met

• Spyware: software installed without users consent/knowledge. Designed to intercept or take particle control of user’s computer

• Adware: Malware that monitors user’s person preferences and sends pop-up ads that match preferences

• Ransomware: malware that denies access to computer system until user pays ransom

• Scareware: scam to fool user into thinking there is some form of malware on the system

• Crimeware: malware designed to perpetuate id theft. Allows hacker access to online accounts at financial services, such as banks and online retailers

• Crypto-Malware/Cryptojacking: malicious software that uses a computer’s resources to mine cryptocurrency in the background undetected. 

• Remote-Access Trojan (RAT): malware that includes a back door to allow a hacker admin control over target computer

• Potentially Unwanted Program (PUP): software inadvertently installed that contains adware, installs toolbars/has other objectives

• Fileless virus: uses legit programs to infect computer

Historic Malware Events 

2.3

Vocab: 

• Social engineering: an attack involving human interaction to get info or access

• Footprinting: uses social engineering to obtain as much info as possible about an organization

• Pretexting: fake scenario to persuade someone to perform an action or give info

• Elicitation: technique to extract info from a target without arousing suspicion

• Preloading: influencing target’s thoughts opinions and emotions before something happens

• SMiShing/SMS phishing: phishing through SMS message. Ergo, tricking user to download virus/trojan horse/malware onto cell phone

• Impersonation: pretending to be someone else and approaching target to extract info

• SPIM: like spam, but link is sent over instant messaging instead of email

• Hoax:type of malicious email with some type of urgent or alarming message to deceive target

Manipulation Types:

• Moral Obligation: an attacker uses moral obligation {ROLL CREDITS} and sense of responsibility to exploit target’s willingness to help

• Innate Human Trust: exploit target’s tendency to trust others. EX: right clothes, demeanor, uses words/terms the target knows so target will comply with requests out of trust

• Threatening: try to intimidate the target with threats to make the target comply with a request. Usually happens after moral obligation and innate huma trust fail

• Offering something for little to nothing (Bartering): attacker promising big reward for small favor EX: sharing what target thinks is small piece of info for something attacker offers

Social Engineering Process: Research>Development>Exploitation

Social Engineering Attacks:

• Shoulder surfing: looking over someone’s shoulder while they work on a computer or review documents. Purpose is to obtain usernames, passwords, account numbers, or other sensitive info

• Eavesdropping: unauthorized person listening to private conversation between authorized people when topics are being discussed.

• USB and Keyloggers: On site, social engineers also can steal data through USB flash drive or keystroke loggers. Employs keystroke logger to capture usernames and passwords. As target logs in, username and password are saved and later attacker uses username and password to conduct exploit.

• Spam and Spim: Spam uses email/banner ad embedded with compromised URL that entices users to click. Spim uses malicious link through IM

• Hoax: often bad spelling/bad grammar. Hoax emails use a variety of tactics to convince the target they’re real.

• Pharming (phishing without a lure): attacker executing malicious programs on target’s computer so URL traffic redirects to attacker’s website. Attackers now have access to the user's data. EX: IDs, passwords, banking details. Pharming usually comes in the form of malware EX: Trojan horse/worms. Pharming commonly used during DNS cache poisoning or host file modifying

• Social Media: attackers use social applications EX: Facebook/Twitter/IG. To steal Identities and info. Also used to scam users, entices user to click link. Site usually requests personal info and sensitive data.

• Typosquatting(URL hijacking): relies on mistakes, when user enters incorrect website address, squatter can lead them to any URL

• Hybrid warfare: political warfare and blends conventional warfare with cyberwarfare. Goal is to influence others with fake news/diplomacy/lawfare/foreign electoral intervention

• Watering Hole Attack: passive computer attack technique where attacker anticipates the websites and organization often and infect them with malware. Hacker could look for specific info to narrow attack from users that come from specific IP address (5 main steps The attacker identifies the sites visited by a victim and then infects the sites with malicious code.>The attacker identifies the vulnerabilities with the sites and injects it with malicious code. This could be JavaScript or code into the ads and banners used on the website.>The malicious code redirects the victims to a phishing site where there is malware.>When the victims visit these websites, the script containing malware is automatically downloaded to the victim’s machines without their knowledge.>The malware then collects personal information from the victims and sends it back to the server operated by the attacker.)

• Credential/password harvesting: process of gathering usernames/passwords/email addresses/etc through breaches. Hackers can then sell personal and financial data on the dark web, use info to gain access to company networks for illegal purposes. Could use cloned websites or phishing emails.  

Phishing types:

• Spear phishing: attacker gathers info about victim, then sends email to victim that appears to be from the place of info gathered. Email usually contains a link that sent user to site to look legit, intended to capture victims personal info

• Whaling: targets senior executives and high-profile victims

• Vishing: attacker uses Voice Over IP (VoIP) to gain sensitive info. Combo of voice and phishing

• SMS phishing (Smishing): text message to trick victim into taking immediate action, usually contains link that may install malware on victims phone or extracts persona; info

Types of Attackers:

• Insider

• Hacker

• Nation State

Attack Types:

• Opportunistic

• Targeted

Types of Motivation Techniques:

• Authority and fear

• Social proof

• Scarcity

• Likeability

• Urgency

• Common ground and shared interest 

Elicitation:

• Compliments

• Misinformation

• Feigning Ignorance

• Being a good listener

2.4

Vocab:

• Zero-day vulnerability: software vulnerability that is unknown to vendor

• Data loss: loss of files/documents either by accident or through malicious acts

• Data breach: exposure of confidential/protected data  either by accident or through malicious acts

• Data exfiltration: unauthorized transfer of info/files from a computer

• ID theft: attacker commits fraud by using someone else’s name/existing account to obtain money or purchase things

• Availability loss: loss of access to computer resources due to network being overwhelmed/crashing

Network Vulnerabilities:

• Default accounts/passwords

• Weak passwords

• Privilege escalation (taking advantage of software bug/flaw to gain higher access)

• Backdoor

• Cloud-based and third-party systems (org don’t own the system if cloud-based> not legal for penetration testing. If systems interconnected, penetration tester needs to ensure they don’t access third party systems)

• Inherent vulnerabilities

• Application flaws

• Misconfiguration

• Root account

Adversarial Artificial Intelligence (AI)

• Weak Artificial Intelligence/Narrow AI:designed to perform one job EX: smart speakers, spam/web filtering, search engine, automated chats, image/facial recognition

• Strong Artificial intelligence/Full AI: systems that carry out human-like tasks, typically complex. Include ability to reason, make judgements, solve puzzles, learn, plan and communicate. EX: advanced video games, software to assist docs in surgery, self-driving cars, disease diagnosis

AI Risks: 

• Data

• Tech

• Interaction with humans

• Security

• models

3.1

Vocab:

• Physical security: protection of corporate assets from threats such as unauthorized entry/theft/damage

• Prevention: taking necessary steps to avoid unauthorized access/theft/damage/etc

• Detection: Identifying that a breach has happened/is happening

• Recovery: process of returning a system to a functioning state/repairing any damage

• Mantrap: specialized entrance with two locking doors that create a security buffer zone between two areas

• Turnstile: barrier that permits entry in one direction (Cuz I want it That > way)

• Double-entry door: 2 doors that are locked from the outside but have crash bars on the inside for easy exit

• Bollard: short sturdy posts used to prevent a vehicle from crashing into a secure area

• Smart card: access cards that have encrypted access info. Smart cards can be contactless/require contact

• Proximity card/radio frequency identification/RFID: subset of smart cards that use the 125 kHz frequency to communicate with proximity readers

• Biometric lock: increase security by using fingerprints/iris scanners. Reduce the threat from lost keys/cards

3.2

Vocab:

• Air gap: security method that physically isolates a portion of the network(computer/server/small network of computers) from the internet/other unsecured networks

• Faraday cage: designed to block all electromagnetic emissions

3.3

Vocab:

• Infrastructure: systems that support the site. EX: AC, Power, water

• Cold Aisle: created by having the front of the equipment face towards the centre of the aisle. Usually, face air conditioner output ducts.

• Hot Aisle: created by having the back of the equipment face the aisle. Usually, hot aisles face air conditioner return ducts.

• Electro-Magnetic Interference/EMI:

4.2

Vocab: 

• Hardening: process of securing devices and software by reducing the security exposure and tightening security controls

• Hotfix: quick fix for a specific software problem

• Patch: fix that is more thoroughly tested than a hotfix and designed for a wider deployment

• Service pack: collection of patches, hotfixes, and system enhancements that have been tested by the manufacturer for wide deployment. 

• Trusted Operating System/TOS: comes hardened and validated to s specific security level. Several TOS provide sufficient support for multilevel security, a system where many levels of classified data reside within the same system, Users are not permitted to access data at different classification levels. Additionally, all personnel must have access approval on a need-to-know basis

• Config baseline: set of consistent requirements for a workstation/server. 

• Security baseline: component of config baseline that ensures all workstations and servers comply with security goals of the organization.

• Standard Operating Environment/SOE: implemented as a standard disk image/master image. Disk image is used when dep;loying new computers to the network. AUtomation is used when deploying the master image and when running config scripts. Gives the computer a name, joins the domain and during any other customization. Master image is to be based on TOS and be fully patched.

Manage software:

• Check all software has up-to-date licenses. 

• Install security software EX: anti-virus, anti-spyware, anti-rootkit, and firewall

• Install only needed software

• Avoid installing freeware/software from untrusted publishers

• Reduce the attack surface of the device by limiting applications and services running on the device/removing unnecessary software/features/non-essential services.

5.1

Vocab:

• Security zone: portion of the network/system that have specific security concerns/requirements

• Wireless network: network that doesn’t require physical connection

• Guest network: grants internet access to only guest users; has a firewall to regulate access

• Honeynet: special zone/network created to trap potential attackers

• Ad hoc: decentralized network that allows connections without traditional base station/router. Allows users to connect two+ devices directly to each other for a specific purpose

• Intranet zone: private network that employs internet info services for internal use only

• Internet: public network that includes all publicly available web servers/FTP servers/etc

• Extranet: privately controlled network distinct from however located between the internet and a private LAN

• Demilitarized zone: network that contains publicly accessible resources and is located between the private network and an untrusted network. Protected by firewall. EX: internet

• Proxy server: type of firewall that stands as an intermediary between clients requesting sources from other servers

• Internet content filter: software used to monitor and restrict content delivered across the web to an end user

• Network access control: software that controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements

• All-in-one security appliance: combines many security functions into a single device

• Application-aware device: has the ability to analyze/manage network traffic based on the application-layer protocol.

5.6

Vocab: 

• Web filter: content filter that prevents users from visiting restricted websites

• Web threat filter: prevents users from visiting websites with known malicious content

5.8

Vocab:

• Active attack: attack in which perpetrators attempt to compromise or affect the operations of a system in some way

• Passive attack: attack in which perpetrators  gather info without affecting target network flow of info

• External attack: attack in which unauthorized individuals try to breach a network from outside the network

• Inside attack: attack initiated by authorized individuals inside the network's security perimeter who attempt to access systems or resources to which they're not authorized

• Entry point: entry point is a location or device that allows network access and is vulnerable to attacks

• Network baseline: normal network activity including typical traffic patterns, data usage, and server loads. Activity that deviates from the baseline can indicate an attack

• Network segmentation: division of a network into smaller networks or pieces for performance or security reasons

5.9

Vocab:

• Backdoor: unprotected and usually lesser known access method/pathway that could allow attackers access to system resources. Backdoors include hard-coded passwords and hidden service accounts, often added during development 

• MITRE: Massachusetts Institute of Technology Research and Engineering

• Common Vulnerabilities and Exposures (CVEs): repository of vulnerabilities hosted by MITRE Corporation

• National Institution of Science and Technology/NIST: Maintains national database, CVSS scoring. 

8.2

Vocab:

• Rogue access points/AP: any authorized access point added to a network

• Initialization vector/IV: Seed value used in encryption. Seed value and key are used in an encryption algorithm to generate additional keys or encrypt data

• Radio frequency identification/RFID: Nfc allows two-way communication between two devices. Devices must be within a few centimeters of each other. NFC is a newer tech that is build on RFID

• Interference: signal that corrupts/destroys wireless signal. Interference can affect communication of access points and other wireless devices 

Wifi Attacks:

• Rogue Access Points: unauthorized AP added to a network. can allow the unauthorized capture of credentials and other sensitive information. Attackers also use this type of attack to conduct phishing and man-in-the-middle attacks.

• Evil Twin Attack: Rogue APs placed by an attacker can be used to run an evil twin attack.To protect against this attack, conduct an radio frequency (RF) noise analysis to detect a malicious rogue AP that uses jamming to force wireless clients to connect to it, instead of legitimate APs.

• IV Attack: seed value used in encryption. seed value and the key are used in an encryption algorithm to generate additional keys or to encrypt data.

• Jamming attack: wireless networks, interference is a signal that corrupts or destroys the wireless signal sent by APs and other wireless devices. Non-malicious interference

• Disassociation/deauthentication attack: Wireless devices are vulnerable

9.2

Vocab:

• Virtual network: computer network consisting of virtual and physical devices

• Virtual Area Network/VAN: Virtual LAN running on top of a physical LAN

• Virtual Private Network/VPN: secure tunnel to another network that connects multiple remote end-points

• Virtual Machine/VM: virtual computer that functions like a physical computer

• Virtual Switch/VSwitch: software that facilitates communication between VMs by checking data packets before moving them to a destination

• Virtual router/VRouter: software that replicates how a physical router works

• Virtual Firewall Appliance/VFA: software that functions as a network firewall device. VFA provides packet filtering and monitoring functionality.

• Virtual Machine Monitor/VMM/Hypervisor: software/firmware/hardware that creates/runs VMs

• Software-defined networking: architecture that allows network/security professionals to manage/control/make changes to a network

9.4

Vocab: 

• Cloud: a metaphor for the internet.

• Cloud computing: software, data access, computation, storage services provided to clients through the internet 

• Public cloud: Platforms, applications, or other resources that are made available to the general public by a cloud service provider

• Private cloud: Platforms, applications, storage, or other resources that are made available to a single organization 

• Community cloud: platforms, applications, storage or other resources that are shared by several organizations

• Hybrid cloud: A combo of public, private, and community cloud resources from different service providers

9.5

Vocab: 

• Cloud access security broker/CASB: on-premises cloud-based software tool or service that sits between an organization and a cloud service provider

• Virtual networks: Vms connected through software

• Segmentation: division of a network into smaller networks through a virtual local area network (VLAN) and firewalls

• Security group: works like a firewall to control traffic to and from network resources

• Virtual private cloud endpoint/VPC: provides a private connection between virtual private clouds and a cloud provider's services. A VPC endpoint keeps traffic secure with a private link resource

• Container: standard unit of software that holds the complete runtime environment including an application, all application dependencies, libraries, binaries, and configuration files

• Cloud-based firewall: deployed in the cloud that protects against unwanted access to a private network

9.9

Vocab:

• Supervisory control and data acquisition/SCADA: industrial computer system that monitors and controls a process

• Arduino: open source hardware and software platform for building electronic projects

• Raspberry Pi: low-cost device the size of a credit card that is powered by Python. Manufactured into single system on a chip (SoC)

• Field Programmable Gate Array/FPGA: integrated circuit that the customer configures

• Subscriber Identity Module/SIM card: encrypts data transmission/stores info

• Zigbee: ratio protocol that creates low-rate private area network.

10.3

Vocab: 

• Dereference: obtain from (a pointer) the address of a data item held in another location.

• Pointer/object dereferencing: attack that retrieves a value stored in memory that can be exploited through a NULL pointer dereference 

• Buffer overflow: attack that exploits an operating system/application that doesn’t enforce boundaries for inputting data EX: amount of data/type of data

• Resource exhaustion: attack that focuses on depleting the resources of a network to create a denial of service to legit users

• Memory leaks: happens when dynamic memory is allocated in a program, but no pointers are connected to it causing it to never return even when requested

• Race conditions: sequence of events with dependencies that a system is programmed to run in a certain order which can lead to a time-of-check to time-of-use bug vulnerabilities

• Error handling: procedure in program that responds to irregular input/conditions

• Improper input handling: lack of validation, sanitation, filtering, decoding, or encoding of input data

• Replay attack: happens when network traffic is intercepted by an unauthorized person who delays/replays communication to its og receiver, acting as og sender. Og sender unaware of it

• Pass the hash: attack in which an attacker obtains a hashed password and uses it to gain unauthorized access

• API attack: bad use of API (Application Programming Interface)

• SSL stripping: attack that focuses on stripping the security from HTTPS-enabled website

• Driver manipulation: attack focuses on device drivers, uses refactoring/shimming

Privilege Escalation

• Horizontal: when attacker gains data that belongs to another user with the same privilege level as themselves

• Vertical: when attacker uses system vulnerabilities to escalate privileges to gain admin access

10.4

Vocab:

• Normalization: Data re-organized in a relational database to eliminate redundancy by having all data stored in one place and storing all related items together

• Stored procedures: One or more database to eliminate redundancy by having all data stored in one place and storing all related items together

• Code obfuscation: deliberate act of creating source/machine code that is difficult for humans to understand. To remember: CamoCode :)

• Dead code x-x: non-executable at run-time/source code in a program that is executed but is not used in any other computation

• Memory management: resource management process applied to computer memory. Allows computer system to assign portions of memory (blocks) to various running programs to optimize overall system performance

• Third-party libraries: code is not maintained in-house

• Software Development Kits/SDKs: set of software dev tools that can be installed as one unit

• Data exposure: unintended exposure of personal/confidential data

• Fuzz testing: software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application

• Code signing: process of digitally signing (encrypting) executables and scripts to confirm the software author and guarantee that the code has not been altered/corrupted since it was signed.

11.1

Vocab:

• Bottleneck: condition that occurs when a system is unable to keep up with the demands placed on it

• Latency: the speed that data packets travel from source to destination and back. All packets experience some level of latency. When packets are sent together; arrive at different times and out of order. Called a jitter.

• Bandwidth: The amount of data that could be transferred from one place to another in a specific amount of time

• Bandwidth Utilization: percent of available bandwidth that is being used. Network should not regularly utilize all its available bandwidth. Systems perform best when additional bandwidth is available for usage spikes

• Error rate: calculation of how often bits are damaged in transit due to electromagnetic interference or any other interference. If a packet is damaged too much, it is dropped.

• Throughput: amount of data that is transferred from one place to another in a specific amount of time

11.2

• Simple Network Management Protocol/SNMP:protocal designed for managing complex networks. SNMP lets networks hosts exchange configuration and stat info, info is gathered by management software to monitor and manage the network and network events

• Manager: computer used to perform management tasks, queries agents and gathers response by sending messages

• Agent: runs on managed network devices, communicated info to the manager and can send dynamic messages to it as well

• Trap: event config on agent, when event occurs, agent logs details regarding the event

• Management Information base/MIB: database of host config info. Agents report data to the MIB. Manager can view info by requesting data from the MIB

• Packet sniffing: process of capturing data packets that are flowing across the network and analyzing them for important info. Modern networks should have good protection against network sniffing attacks, however occasional circumstances allow an attacker to gather sensitive info from data packet

11.3

Vocab:

• Intrusion detection system/IDS: Device/software that monitors/logs/detects security breaches, takes no action to stop/prevent the attack

• Intrusion prevention system: Device monitors/logs/detects/reacts to stop/prevent security breaches 

• Sensor: IDS component that passes data from the source to the analyzer

• Engine: IDS component analysis sensor data and events/generates alerts/logs all 

• Signature-based detection/pattern matching/dictionary recognition/misuse-detection (MD-IDS): looks for patterns in network traffic and compares them to known attack patterns/signatures   

• Heuristic-based detection/behavior/anomaly/statistical-based detection:  defines baseline of normal network traffic and then monitor traffic looking for anything that falls outside baseline

11.4

Vocab: 

• Threat hunting: human-based, methodical search and monitoring of the network, systems, and software in order to detect any malicious activity that’s evaded automated tools

• Threat Feed: service that tracks cyber threats across the world and provides real-time updates with IP addresses, URLs, and other relevant info regarding the threats

• Advisories/Bulletins: detailed updates on cyber threats. Usually updated weekly

• Intelligence fusion: sharing info between many gov agency and private security firms

• Vulnerability scan: process of capturing/analyzing packets to ID any security weaknesses in a network/computersystem/local applications/web applications

• Common Vulnerability Scoring System(CVSS): system that ranks vulnerabilities based on severity

• Security info and event management (SIEM): tool that gathers network info and groups it into a central place. SIEM  systems can actively read network info and determine if threat

• Security Orchestration, Automation and Response (SOAR): solution stack of compatible software programs that collect data about security threats from many sources and respond to low-level security events without human assistance. 

11.6

Vocab:

• Man-In-The-Middle (MITM) attack: hacker intercepts communication between 2 devices

• ARP poisoning: targets ARP protocol, attacker changes ARP cache by spoofing the IP address of a target

• MAC spoofing: hacker spoofs MAC address of the gateway, results in spoofed address overwriting the gateway’s MAC address in the switch’s CAM table

• MAC flooding: network switch where attacker sends large number of ethernet frames with various MAC addresses, overwhelming the switch. Overloaded and sends traffic to all ports

• DNS attack: attack that targets DNS service

• Distributed denial of service (DDoS): attack designed to bombard target with more data than it can handle, causing shut down

• Macros: code used to perform a series of steps or functions inside application. 

11.7

Vocab: 

• Brute Force Attack: password attack where cracking tool submits every possible letter, number and symbol combination in short amount of time

• Password Spraying: brute force attack that uses same password with multiple user accounts instead of different passwords for the same account

• Dictionary attack: brute force attack where hacker uses list of words/phrases to try to guess the password

• Rainbow attack: uses special tables that have common passwords and generated hashes of each password

• Dumperster diving: social engineering attack where attacker goes through trash to find important docs or info that was thrown out

Social Engineering: 

• Password guessing

• User manipulation

• Physical access

• Dumpster diving

• Shoulder surfing 

Brute Force Attacks

• Online attack 

• Offline attack

• Password spraying

• Dictionary attack

12.6

Vocab:

• Packet capture: process of collecting Layer3 (Network) info over the wire (like IP address)

• TCPDUMP: Linux tool that collects packet data which can be stored for later analysis

• Wireshark: network protocol analyzer

• TCPReplay: a tool to repeatedly simulate an attack

• Secure Shell (SSH): remote admin protocol that allows admins to securely connect to remote systems

• PuTTY: open source software that supports many protocols, including SSh and Telnet

• Secure Sockets Layer (SSL): encryption protocol that allows secure connections to remote systems

• Public Key Infrastructure (PKI): provides system secure data transmission. Uses a key pair, one public one private, and can be used to encrypt data. Uses certificates to verify ID

12.7

Vocab:

• Fault tolerance: ability to respond to an unexpected hardware/software failure without loss of data or operation

• Redundancy: method for providing fault tolerance by using duplicate/multiple components that perform the same function

• Geo dispersion: Multiple locations to store data to mitigate downtime due to loss of availability at a location

• Multipath: fault-tolerance technique that gives multiple physical paths between a CPU and a mass-storage device

• Load balancers: process that distributed processing among multiple nodes

• Uninterrupted power supply/UPS: stand-alone power supply that allows servers to be gracefully shutdown during a power outage

• Active/Active: two load balancers working in tandem to distribute network traffic

• Active/Passive: Two load balancers with one actively working and the second in listening mode to take over if the active machine fails

• Virtual IP: IP address that can be used by multiple endpoints. Commonly used in failover systems and for load balancing

• Storage Area Network/SAN: high speed network of storage devices, usually used for file shares

12.8

Vocab:

• Full backup: captures all data on a machine. Always the first backup that should be ran

• Incremental backup: contains all changes since the last incremental backup

• Differential backup: contains all changes since the last full backup

• Snapshot: instant copy of an individual computer. Normally used on virtual Machines when changes may need to be reverted

• Network Storage Appliance/NAS: often used to store backups or other files

• SAN: network of fast storage appliances. Stores file shares and other data is created. Offline storage is part of 3-2-1 rule

• Scalability: ability to increase/decrease data storage space

• Restoration order: pre-planned order in which servers will be restored following a disastrous event. Order is determined by the server’s importance to the company’s operation.

• 3-2-1 rule: Always have 3 copies of each complete back up. 2 are kept on site on two different appliances. One is kept off site