In-Depth Cybersecurity Notes

General Concepts in Cybersecurity

  • DES Block Size

    • The size of the blocks used in DES (Data Encryption Standard) is 64 bits.

  • Symmetric Cryptography Considerations

    • A key consideration in choosing symmetric cryptography algorithms is key distribution efficiency.

  • Purpose of Firewalls

    • Firewalls monitor incoming and outgoing traffic and control transmissions according to predetermined security rules.

  • DNSSEC Purpose

    • The primary purpose of DNS Security Extensions (DNSSEC) is to ensure the authenticity and integrity of DNS data.

  • Redundancy Objectives

    • The objectives of redundancy in cyberspace include enhancing system resilience against failures.

  • Key Management Tasks in Symmetric Cryptography

    • Essential tasks include key distribution and storage, which are crucial for maintaining security.

  • Social Engineering Example

    • Spear-phishing is an example of a social engineering attack that manipulates emotions to gain trust.

  • DES Encryption Mode

    • DES uses Cipher Block Chaining (CBC) mode for encryption.

  • Succession Planning in Business Continuity

    • Focuses on ensuring smooth transitions during personnel changes to maintain stability in operations.

  • Forensics Process Analysis Phase

    • The purpose of the Analysis phase in forensics is to examine and interpret evidence.

  • DNS Spoofing Impact

    • DNS spoofing can redirect users to malicious websites, compromising security.

  • Feistel Function in DES

    • The Feistel function is used for non-linear transformation in DES algorithms.

  • XXE Attacks

    • XXE stands for XML External Entities, which involves parsing external entities in XML documents.

  • Security Design Principle

    • Complete mediation is the principle that advocates designing systems with the assumption that all interactions should be explicit.

  • Cross-Site Scripting (XSS)

    • A manifestation of XSS is the execution of malicious scripts in the user’s browser.

  • Fear-Based Social Engineering Attack

    • Vishing involves creating fear or panic to manipulate individuals through voice communications.

  • Email Authentication Protocol

    • DMARC (Domain-based Message Authentication, Reporting & Conformance) is used to prevent email spoofing.

  • HTTPS Handshake

    • The "Finished" message confirms the completion of the handshake in HTTPS communication.

  • SSL/TLS vs. IPSec

    • SSL/TLS VPNs offer application-level integration, while IPSec VPNs provide network-layer integration.

  • Secure Email Communication Protocols

    • IMAP with SSL (IMAPS) is commonly used for secure communication between email clients and servers.

  • Business Resilience through Succession Planning

    • Contributes by maintaining essential functions with backup personnel during unforeseen events.

  • Insufficient Logging/Monitoring

    • Refers to the failure to adequately log and monitor security events and incidents in web app security contexts.

  • Role of Encryption in Confidentiality

    • Encryption transforms data into a secure, unreadable format to ensure privacy.

  • Man-in-the-Middle (MitM) Attacks

    • These attacks occur when an unauthorized third party intercepts and alters communications between two parties.

  • DNSSEC Signing Algorithm

    • RSA (Rivest-Shamir-Adleman) is commonly used for signing zone signing keys in DNSSEC.

  • Least Common Mechanism Principle

    • In security design, minimizing the use of shared resources reduces the potential impact of attacks.

  • Cryptography for Digital Signatures

    • RSA is widely used in the creation of digital signatures.

  • Key Exchange in HTTPS

    • The Diffie-Hellman Key Exchange algorithm is used during the key exchange phase of the HTTPS handshake.

  • Registration Authority (RA) in PKI

    • The RA verifies the identity of users requesting digital certificates.

  • Output Formats for Vulnerability Assessment Tools

    • Common formats include HTML, XML, TXT, JSON, and CSV for reporting findings.

  • Firewall Function in Security Context

    • Firewalls control and filter network traffic based on predetermined security rules.

  • Brute Force Attack

    • A method often utilized in attempts to gain unauthorized access by systematically checking all possible keys.

  • ClientHello Role in HTTPS Handshake

    • It initiates the connection from the client to establish secure communication.

  • Desirable Hash Function Property

    • Collision resistance is a crucial property of a good hash function.

  • Common Hash Function for Integrity Verification

    • SHA-256 is frequently used for integrity verification in cryptographic applications.

  • Substitution Ciphers

    • They work by replacing one letter with another according to a fixed system.

  • Authentication Definition in Security

    • It refers to verifying the identity of users, systems, and applications.

  • Drawback of Symmetric Key Usage

    • Using the same key for encryption and decryption poses a key distribution challenge.

  • Characteristics of SRTP

    • Secure Real-Time Transport Protocol (SRTP) is used to secure real-time communications such as VoIP.

  • False Positives in Vulnerability Scanning

    • Identifying a non-existent vulnerability can lead to wasted resources and misinformation.

  • Patch Management Purpose

    • It is crucial for keeping software and systems up to date with the latest security patches.

  • Risk Management Strategy: Transference

    • This involves sharing the potential impact of a risk with external parties to mitigate effects.

  • Smurf Attack Symptom

    • It causes a large amount of ICMP traffic on a network, indicating a potential denial of service attack.

  • Accountability in AAA Framework

    • In the AAA framework (Authentication, Authorization, Accounting), accounting tracks and monitors user activities for auditing purposes.

  • Common Hash Function for Checksum

    • MD5 (Message Digest Algorithm 5) is widely used for checksums in data integrity verification.

  • Incident Response Life Cycle Containment Phase

    • The primary objective is to prevent further damage during a security incident.

  • Single Point of Failure Removal

    • Enhances system reliability, contributing to business continuity during operational challenges.

  • ARP Spoofing Attack Goal

    • The goal is to manipulate MAC address mappings within a network.

  • Key Principle of Confidentiality

    • Controlling access to information is essential for upholding confidentiality in security.