Lernkarten

Karten 61 Karten
Lernende 6 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 31.07.2020 / 08.08.2020
Lizenzierung Keine Angabe
Weblink
Einbinden
0 Exakte Antworten 61 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

How does a DNS zone transfer attack work and why can it be harmfull

A DNS Zone transfer is a process where one DNS server copys parts of its databse to another DNS. This helps to have more than one server which can answer questions about a zone. The slaves ask for a copy by the master.

A DNS Zone transfer attack, is that you pretend to be a slave an get a copy of the DNS zone records. 

Risk: The zone records, show a lot of internal topology information about the network, if someone wants to subvert (untergraben) the DNS with spoofing (falsche Identität verwenden) and poisoning, this is very helpful.

Fenster schliessen

What is Red Team in the context of Cybersecurity

Offensive Cybersecurity, focus on penetration testing, assume the role of a hacker, show organizations what could be backdoors or exploits, common practice is that they are outside of the organization.

Fenster schliessen

What is Blue Team in the context of Cybersecurity

Defensive Cybersecurity, Assessment (Bewertung) of network security, identification of possible vulnerabilities, find ways to defend, change and re-group defence mechanisms to make incidents responses much stronger. They are continuously improving the digital security infrastructure using security audits, log and memory analysis, pcap, risk intelligence data

Fenster schliessen

Whats the idea behind risk management?

Reduce risk and support the mission of the organization.

  • It is impossible to design a risk-free environment
  • Significant risk reduction is possible often with little effort

Process:

  • Identifying factors that could damage or disclose data
  • Evaluating those factors in light of data value and countermeasure (Gegenmassnahme) cost
  • Implementing cost-effective solutions for mitigating(mildern) or reducing risks
Fenster schliessen

Whats part of a risk analysis?

  • Evaluation, assessment, and the assignment of value for all assets of an organization
  • Examining (untersuchen) an environment for risks
  • Evaluating each threat event as to its likelihood of occurring and the cost of damage it would cause if it did occur
  • Assessing (bewerten) the cost of various countermeasures for each risk and creating a cost benefit report for safeguards to present upper management
Fenster schliessen

Whats Risk mitigation?

reducing risk, implementation of safeguards and countermeasures to eliminate vulnerabilities

Fenster schliessen

Whats Risk assignment

moving risk to another entity or organization

Fenster schliessen

Whats Risk acceptance

risk tolerance, cost/benefit analysis shows that countermeasure costs too much