Wähle die Ordner aus, zu welchen Du "Cybersecurity Foundations" hinzufügen oder entfernen möchtest
0 Exakte Antworten
61 Text Antworten
0 Multiple Choice Antworten
Karte wurde gelöscht
How does a DNS zone transfer attack work and why can it be harmfull
A DNS Zone transfer is a process where one DNS server copys parts of its databse to another DNS. This helps to have more than one server which can answer questions about a zone. The slaves ask for a copy by the master.
A DNS Zone transfer attack, is that you pretend to be a slave an get a copy of the DNS zone records.
Risk: The zone records, show a lot of internal topology information about the network, if someone wants to subvert (untergraben) the DNS with spoofing (falsche Identität verwenden) and poisoning, this is very helpful.
What is Red Team in the context of Cybersecurity
Offensive Cybersecurity, focus on penetration testing, assume the role of a hacker, show organizations what could be backdoors or exploits, common practice is that they are outside of the organization.
What is Blue Team in the context of Cybersecurity
Defensive Cybersecurity, Assessment (Bewertung) of network security, identification of possible vulnerabilities, find ways to defend, change and re-group defence mechanisms to make incidents responses much stronger. They are continuously improving the digital security infrastructure using security audits, log and memory analysis, pcap, risk intelligence data
Whats the idea behind risk management?
Reduce risk and support the mission of the organization.
It is impossible to design a risk-free environment
Significant risk reduction is possible often with little effort
Identifying factors that could damage or disclose data
Evaluating those factors in light of data value and countermeasure (Gegenmassnahme) cost
Implementing cost-effective solutions for mitigating(mildern) or reducing risks
Whats part of a risk analysis?
Evaluation, assessment, and the assignment of value for all assets of an organization
Examining (untersuchen) an environment for risks
Evaluating each threat event as to its likelihood of occurring and the cost of damage it would cause if it did occur
Assessing (bewerten) the cost of various countermeasures for each risk and creating a cost benefit report for safeguards to present upper management
Whats Risk mitigation?
reducing risk, implementation of safeguards and countermeasures to eliminate vulnerabilities
Whats Risk assignment
moving risk to another entity or organization
Whats Risk acceptance
risk tolerance, cost/benefit analysis shows that countermeasure costs too much
Facilities: all physical location that an organization owns or rents
Personnel: Working for an organization
Intellectual Property: Assets which are intangible (immateriel)
Secret recipes or product techniques
What could happen if an asset is lossed or disclouserd
An overall security compromise (security breach, security leck)
Loss of productivity
Reduction of profits
Additional expenditures (Auslagen / Ausgaben)
Discontinuation (Stilllegung / Unterbrechung) of the organization
And more …
waht are the military and business data classifications
Sensitive but unclassified
The unauthorized disclosure of top-secret data will have drastic effects and cause grave damage to national security. The unauthorized disclosure of data classified as secret will have significant effects and cause critical damage to national security. The unauthorized disclosure of data classified as confidential will have noticeable effects and cause serious damage to national security. Sensitive but unclassified is used for data that is for internal use.
Confidental / Private
What is SSH, why is it used and what are the advantages compared to older technologies as e.g. ftp, telnet, rlogin ...
Secure Shell replaces unsecure remote configuration operations as e.g.: telnet, ftp, rlogin, rsh, rcp and rexec. Old commands and protocols transmit the content in plain text rather than encrypted format.
Advantages: encrypts data, offers different authentication methods e.g. password authentication, Pubkey Authentication