Cyber Security 2 - Study Guide Notes

1. Common Cybersecurity Attacks
  • Phishing: Fraudulent communications (e.g., emails) aimed to deceive users into revealing sensitive information.
  • Spear Phishing: A more targeted form of phishing specific to individuals or organizations, often using personalized information.
  • Malware: Malicious software designed to harm or exploit devices. Includes:
    • Viruses: Self-replicating programs that attach to clean files.
    • Worms: Malware that spreads across networks without user interaction.
    • Trojans: Malicious software disguised as beneficial applications.
  • Ransomware: Software that encrypts data, demanding payment for decryption.
  • Denial of Service (DoS): Attacks that flood services to make them unavailable.
  • Distributed DoS (DDoS): Similar to DoS but uses multiple systems.
  • Man-in-the-Middle (MitM): Intercepting and possibly altering communication between two parties.
  • SQL Injection: Inserting malicious SQL queries to manipulate databases.
  • Cross-Site Scripting (XSS): Injecting harmful scripts into trusted web applications.
  • Credential Stuffing: Using stolen credentials from one service to access other accounts.
  • Zero-Day Exploit: Attacking a software vulnerability before a fix is available.
2. Additional Cybersecurity Attacks
  • Brute Force Attack: Trying all possible password combinations.
  • Session Hijacking: Taking over a web session by stealing session tokens.
  • Drive-by Download: Malware downloaded automatically from infected websites.
  • Insider Threat: Misuse of access by trusted employees.
  • Password Attack: Techniques like brute force and dictionary attacks to crack passwords.
  • Keylogging: Capturing keystrokes to steal sensitive information.
  • DNS Spoofing: Redirecting users to malicious sites by corrupting DNS records.
  • Privilege Escalation: Gaining unauthorized elevated access rights.
  • Watering Hole Attack: Infecting websites frequented by targets.
3. DNS Poisoning
  • Definition: Inserting false information into a DNS resolver’s cache.
  • How It Works:
    • Exploiting DNS vulnerabilities to replace legitimate IP addresses with fake ones.
    • When users attempt to visit a site, the compromised DNS gives them the attacker’s fake IP.
  • Consequences:
    • Phishing attacks, malware installation, credential theft, traffic redirection.
  • Defenses:
    • Use of DNSSEC to verify DNS data integrity.
    • Regularly flush DNS caches to remove old entries.
    • Configure DNS servers for secure query responses.
    • Monitor DNS activity for anomalies.
4. MAC Spoofing
  • Definition: Changing the MAC address of a device to impersonate another device.
  • How It Works:
    • Attackers change their MAC address to match another device.
  • Consequences:
    • Unauthorized network access, data interception, session hijacking.
  • Defenses:
    • Enable Port Security.
    • Implement 802.1X authentication.
    • Monitor for duplicate MAC addresses.
5. ARP Poisoning
  • Definition: Associating an attacker’s MAC address with the IP address of another host.
  • How It Works:
    • Sending forged ARP replies to a target device.
  • Consequences:
    • Eavesdropping, session hijacking, traffic manipulation.
  • Defenses:
    • Use static ARP entries for critical devices.
    • Implement dynamic ARP inspection.
    • Use encrypted protocols for sensitive transmissions.
6. MAC Flooding
  • Definition: Overwhelming a switch’s MAC address table with fake MAC addresses.
  • How It Works:
    • Once the table is full, switches enter fail-open mode, broadcasting traffic.
  • Consequences:
    • Network slowdowns, loss of confidentiality.
  • Defenses:
    • Enable Port Security and monitor traffic volumes.
7. Threat Model Development
  • Definition: Process to identify and manage security threats.
  • Steps:
    • Identify assets, potential threat actors, and vulnerabilities.
    • Determine entry points and countermeasures.
8. Risk Assessments
  • Definition: Evaluating threats to prioritize security actions.
  • Key Components:
    • Identify assets, threats, and vulnerabilities.
    • Assess impact and likelihood ratings.
9. Defense in Depth
  • Definition: A layered approach to cybersecurity.
  • Layers Include:
    • Physical: Security guards and locks.
    • Network: Firewalls and segmentation.
    • Host: Antivirus and endpoint protection.
    • Application: Secure coding and updates.
    • Data: Encryption and backups.
10. Access Control Types
  • DAC: Data owner manages access.
  • MAC: Access based on classification.
  • RBAC: Roles determine access.
  • ABAC: Based on user-related policies.
  • Key Principles:
    • Least privilege access.
    • Separation of duties.
    • Need to know basis.
11. Types of Adversaries
  • Script Kiddies: Inexperienced attackers.
  • Hacktivists: Motivated by political causes.
  • Insiders: Employees exploiting access.
  • Cyber Criminals: Financially motivated.
  • Nation-State Actors: Politically motivated, skilled attackers.
  • APTs: Prolonged stealthy attacks.
  • Competitors: Corporate espionage.
12. Physical and Administrative Controls
  • Physical Controls Purpose: Prevent unauthorized physical access.
  • Administrative Controls Purpose: Guide and manage people under policies.
13. Technical Controls for Network Security
  • Firewalls: Control traffic flow.
  • IDS/IPS: Detect and prevent threats.
  • VPNs: Secure remote access.
  • NAC: Device compliance checks.
  • Segmentation: Network division for security.
14. Computer Security and Access Controls
  • Antivirus/Anti-malware: Protect systems from attacks.
  • OS Hardening: Strengthen operating systems.
  • Patch Management: Regular updates to resolve vulnerabilities.