CIS377MT
True/False: During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
List the main adversaries of the US and describe the type of cyber attacks they are known for.
Russia – Misinformation campaigns
China – Espionage focused on exposing US tech.
Iran – DDoS attacks
North Korea – Attacks focused on generating money.
True/False Malware is a generic term for software that has a malicious purpose.
True/False: Information security can be an absolute.
True/False: Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
When unauthorized individuals or systems can view information, CONFIDENTIALITYis breached.
True/False Blocking ICMP packets may help prevent denial-of-service attacks.
True/False A firewall can be configured to disallow certain types of incoming traffic that may be attacking.
True/FalseIn the U.S. no providers of critical infrastructures have sustained a cyber attack.
True/False: To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.
True/False: Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
True/False Experts consider Romania the country with the strictest cybercrime laws.
When unauthorized individuals or systems can view information, CONFIDENTIALITYis breached.
A technique used to compromise a system is known as a(n) EXPLOIT
True/False In the attack on the US Power grid in 2017, malware was planted, fake resumes with tainted attachments were used.
Information has INTEGRITYwhen it is whole, complete, and uncorrupted
AVALIBILITYenables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format.
A potential weakness in an asset or its defensive control system(s) is known as a(n) VULNERABILITY
Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) THREAT
What is the difference between vulnerability and exposure?
Vulnerability is the point in where an attacker can take advantage of a system. Exposure the actual attacking of that system’s area.
True/False:In the early years of computing, if security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or connections between the computers.
The INTERNETdrastically changed security because information became accessible from external sources.
True/False Power grids are a major target for foreign actors.
What are the three components of the C.I.A. triad? What are they used for?
Confidentiality – Data and Systems are kept private and secure only to be accessed by those intended towards
Integrity – Data its security is consistent accurate and reliable.
Availability – System and data remains available to those who need it
What country implemented a multi-layered attack against the US power system in 2017? RUSSIA
The most valuable organizational asset is PEOPLE.
What is an example of Personal Identifiable Information (PII)
SSN
Why is “think like an adversary” an important security strategy?
If you can understand how an attacker might access your systems & data you’ll be able to form better defenses
Describe defense in depth.
Having multi-layered security within a system in the event of one layer failing the other layers are there
Give examples of Critical Infrastructure systems.
IT systems that are crucial to a functional society like water management systems, political computer systems, power grids.
Why is the Energy Sector a uniquely critical infrastructure?
Energy provides function to all things electrically powered which includes almost everything.
True/False: As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown.
The weakest link in a security chain is: PEOPLE
True/False: A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
True/False:A worm requires that another program is running before it can begin functioning.
True/False: When electronic information is stolen, the crime is readily apparent.
SURFINGis used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance.
Software code known as a(n) SPYWAREcan allow an attacker to track a victim’s activity on Web sites.
A(n) POLYMORPHICthreat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures
The MACROvirus infects the key operating system files located in a computer’s start-up sector.
True/False: One form of e-mail attack that is also a DoS attack is called a mail bomb, in which an attacker overwhelms the receiver with excessive quantities of e-mail.
A device (or a software program on a computer) that can monitor data traveling on a network is known as a SOCKETsniffer.
True/False: To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.
CYBERTERROISMis the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.
SPYWAREis any technology that aids in gathering information about a person or organization without their knowledge.
TROJAN HORSEare malware programs that hide their true nature and reveal their designed behavior only when activated.
In a DOSattack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.
A DDOSis an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
In the MAN IN THE MIDDLE attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as PHARMING
A(n) WORM is a malicious program that replicates itself constantly without requiring another program environment.
List 10 (check the slide) general categories of threats to an organization’s people, information, and systems and identify at least one example of those listed.
Compromises to IP, Deviations in service quality, Espionage, Forces of Nature, Human error
Extortion, Software failure, Hardware failure, Obsolescence
Why are employees one of the greatest threats to information security?
Because people can be manipulated and social engineering can lead to information on loss
If you use public WIFI and someone gets your email password and logs into your email. That individual is a ________________________ Hacker
Black Hat Hacker, White Hat Hacker, Grey Hat Hacker
An organization may hire a ________ hacker to find all the vulnerabilities in their system so that it can be patched before someone takes advantage of it
Black Hat Hacker, White Hat Hacker, Grey Hat Hacker
These individuals hack for malicious reasons or personal gain. They do not have permission from the entity.
Black Hat Hacker, White Hat Hacker, Grey Hat Hacker
These individuals hack without permission but not for malicious reasons.
Black Hat Hacker, White Hat Hacker, Grey Hat Hacker
Describer insider threat.
People within an organization that uses insider info to attack the organization.
Describe Advanced Persistent Threat.
A threat that makes a campaign to cement itself within a system or network and remain undetected to a long period of time.
A type of malicious code that takes control of the information on a system and demands payment to release it is called RANSOMWARESome attackers will encrypt the data on the system and demand money to decrypt it.
Describe the steps in the Cyber Kill Chain and give examples in each step.
Recon – researching, identifying the target.
Weaponization – Pairing an exploit with a deliverable method.
Delivery – Transmission of weapon to target
Exploitation – The triggering of the weapon’s code
Installation – The weapon installing itself on a system to allow persistent access.
Command & Control – Gaining outside access to provided hands on keyboard access inside the targets network.
Actions on Objective – The attack works to achieve their goals on a network or system.
List at least three methods to defend against cyberattacks. Encryption, Backups, Routine updates
Describe:
PII, PHI – PII – Any info that can be traced back to an individual. PHI – Is info related to a person’s health which should be confidential
Ethical Hacker, Hacktivist, Nation State Hacker
Ethical Hacker uses their ability to help an organization improve their security systems
Hacktivists hacking systems for politically or socially motivated purposes.
Hackers that make their targets country’s governments usually hired by other governments.
Cross Site Scripting – An attack that injects scripts into a web application server to attack clients
Rootkit – Software used by attackers to mask their malware and attackers
Backdoor – A method in which attacks access a system by getting around its normal security measures
Keylogger – Tool that records what a user types on a device
Logic Bomb – A malicious payload that attacks a system after certain conditions are met
Trojan Horse – malware programs that hide their true nature and reveal their designed behavior only when activated.
How does Multi-factor authentication work? By requesting multiple forms of user information to verify the user for login
Describe Passwords, pros and cons, password attacks
A strong can ensure a user’s account or system is secure however it can also be a single point of failure. There are various methods to access a pass such as social engineering, keylogging, phishing.
Pluses and minuses of Biometrics +Higher security +fast and convenient -Costly – data breaches can cost more
TCP/IP Protocol – Used to set standard rules that allows computers and devices communicate on networks
DoS attack, SYN flood, DDoS
DoS attack is an attack meant to shut down a system preventing users from accessing it
SYN flooding is an attack where the user hopes to make a system inaccessible by attempting to connect but not actually finalizing the connection
DDoS or Distributed Denial of service attack an attack where users are denied access to a or system due to the attacker overloading a system with repeated requests
Link Encryption vs. End-to-End Encryption – Link Encryption is handled at the router of networks before it reaches its users. End-to-end encryption data is encrypted by its users.
IPSec – Protocol meant to be more secure than other versions with more encryption and authentication
VPN – Virtual Private network provides secure communication tunnel for data without outside interference
IDS – Intrusion Detection System – gathers and analyzes system info to detect data breaches
Man in the Middle (MitM) – Designed to intercept data will it is being transmitted.
HTTP, HTTPS – Hypertext Transfer Protocol. A protocol for controlling how Web browsers and servers pass information back and forth over the Internet. HTTPS uses encryption.
Network Sniffing – Process of finding and investigating devices on a network by seeing what packets are being sent