Lernkarten

Karten 61 Karten
Lernende 7 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 31.07.2020 / 18.04.2021
Lizenzierung Keine Angabe
Weblink
Einbinden
0 Exakte Antworten 61 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

How does a DNS zone transfer attack work and why can it be harmfull

A DNS Zone transfer is a process where one DNS server copys parts of its databse to another DNS. This helps to have more than one server which can answer questions about a zone. The slaves ask for a copy by the master.

A DNS Zone transfer attack, is that you pretend to be a slave an get a copy of the DNS zone records. 

Risk: The zone records, show a lot of internal topology information about the network, if someone wants to subvert (untergraben) the DNS with spoofing (falsche Identität verwenden) and poisoning, this is very helpful.

Fenster schliessen

What is Red Team in the context of Cybersecurity

Offensive Cybersecurity, focus on penetration testing, assume the role of a hacker, show organizations what could be backdoors or exploits, common practice is that they are outside of the organization.

Fenster schliessen

What is Blue Team in the context of Cybersecurity

Defensive Cybersecurity, Assessment (Bewertung) of network security, identification of possible vulnerabilities, find ways to defend, change and re-group defence mechanisms to make incidents responses much stronger. They are continuously improving the digital security infrastructure using security audits, log and memory analysis, pcap, risk intelligence data

Fenster schliessen

Whats the idea behind risk management?

Reduce risk and support the mission of the organization.

  • It is impossible to design a risk-free environment
  • Significant risk reduction is possible often with little effort

Process:

  • Identifying factors that could damage or disclose data
  • Evaluating those factors in light of data value and countermeasure (Gegenmassnahme) cost
  • Implementing cost-effective solutions for mitigating(mildern) or reducing risks
Fenster schliessen

Whats part of a risk analysis?

  • Evaluation, assessment, and the assignment of value for all assets of an organization
  • Examining (untersuchen) an environment for risks
  • Evaluating each threat event as to its likelihood of occurring and the cost of damage it would cause if it did occur
  • Assessing (bewerten) the cost of various countermeasures for each risk and creating a cost benefit report for safeguards to present upper management
Fenster schliessen

Whats Risk mitigation?

reducing risk, implementation of safeguards and countermeasures to eliminate vulnerabilities

Fenster schliessen

Whats Risk assignment

moving risk to another entity or organization

Fenster schliessen

Whats Risk acceptance

risk tolerance, cost/benefit analysis shows that countermeasure costs too much

Fenster schliessen

Whats Risk Deterrence 

Deterrence: Abschreckung

security cameras, security guards, instructional signage

Fenster schliessen

Whats Risk avoidance

selecting alternate options or activities that have less associated risk than the default e.g.: removing the FTP protocol from a server to avoid FTP attacks.

Fenster schliessen

Whats Risk Rejection

to reject risk or ignore risk. 

Fenster schliessen

Whats Residual risk

  • once a countermeasure is implemented the risk that remains is called a residual risk. 
Fenster schliessen

What is the Patriot act

  • the way government agencies obtain wiretapping authorizations
  • allow authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant.
  • ISPs may have to provide the government with a large range of information.

nicht so wichtig
Fenster schliessen

What is the European Union General Data Protection Regulation

  • The new law applies to all organizations that collect data from EU residents or process that information on behalf of someone who collects it.
  • The law even applies to organizations that are not based in the EU, if they collect information about EU residents.
  • The ability of the EU to enforce this law globally remains an open question
  • A data breach notification requirement that mandates that companies inform authorities of serious data breaches within 24 hours
  • The creation of centralized data protection authorities in each EU member state
  • Provisions that individuals will have access to their own data
  • Data portability provisions that will facilitate the transfer of personal information between service providers at the individual’s request
  • The “right to be forgotten” that allows people to require companies to delete their information if it is no longer needed

nicht so wichtig
Fenster schliessen

What does STRIDE stand for

STRIDE is a model of threats

Spoofing: attack with the goal to gain access and target the system with a falsified identity

Tampering: unauthorized change or manipulation of data whether in transit or storage, to falsify communication or alter  static information

Repudiation: The ability of an attacker to deny having performed an action or activity

Information disclosure: the revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.

Denial of Service (DoS): prevents use of a resource, could reduce throughput or introduce latency in order to hamper productive use of a service

Elevation of privilege:  transform a limited use account into an account with greater privileges, powers and access.

Fenster schliessen

What is a Threat and what does it involve?

Any potential danger to an asset done intentional or accidental

Threat actor: intentionally exploits vulnerabilities, Script kiddies, Organized crime groups, state sponsor and governments, Hacktivists, Terrorist groups,

Threat intelligence: knowledge about an existing or emerging threat  to assets including networks and systems.

Threat event: accidental and intentional exploits of vulnerabilities.

Fenster schliessen

What different ways of data removing/erasing are possible

Erasing: only link to the data is removed, actual data remains on the drive

Clearing: Clearing or Overwriting is a process to preparing media for reuse and make sure that deleted data can not be recovered using traditional tools,

Purging: more intense from of clearing used in less secure environments

Degaussing: erasing data with a strong magnetic field from, does not affect CDs, DVDs and SSDs

Destruction: Destroy it in a way that it cannot be repaired.

Fenster schliessen

How does the CIA triad look like?

a triad of 

             Confidentiality

 

Integrity                  Availability

Fenster schliessen

Describe Integrty in the context of the CIA triad

Protecting the reliability and correctness of data

  • Prevents unauthorized alterations of data
  • Only authorized subjects can modify the data
  • Alternations should not occur while the object is in storage, transit, or process

Data integrity implies information is known to be good, and the information can be trusted as being complete, consistent and accurate

System integrity implies that a system will work as it is intended to.

Examples: intrusion detection systems, hash verification

Fenster schliessen

Describe availability in the context of the CIA triad

Authorized subjects are granted unlimited and uninterrupted access to objects.

Examples: Redundancy, maintain reliable backups, prevent data loss or destruction

Fenster schliessen

Describe Confidentiality in the context of the CIA triad

Prevent or minimize unauthorized access to data. Allow authorized users access to the data and prevent it for everyone else.

Examples: encryption, access control

Fenster schliessen

Describe Nonrepudiation & accountability

Nonrepudiation: records all actions, so that who caused the event cannot deny it was done by him/her

Accountability: Being responsible or obligated for actions and results

Examples: Nonrepudiation can be established using digital certificates, session identifiers, transaction logs.

Fenster schliessen

Describe Copyright and how its used

  • Protection against unauthorized dupliction
  • Eight broad categories of works qualify for copyright protection. (Literary, musical, dramatic choreographic, graphical/sculptural works, audiovisual works, sound recordings, architectural works)
  • Copyright only protects the acutal code but not the idea behind the code, means rewriting is allowed
  • The copyright exists once something is created, it must not be registered, if you can prove in court that you were the creator of a work you will be protected under copyright law.
  • You can mark your work with the copyright symbol (©) to protect it.
  • Works by one or more authors are protected until 70 years after the death of the last surviving author.
  • A work is considered “for hire” when it is made for an employer during the normal course of an employee’s workday.
Fenster schliessen

Describe Trademarks and how they are used

  • Words, slogans and logos identifing a company
  • No need to register them
  • ™ Symbol is used to mark protected words or slogans
  • For official recognition it can be register at the «Eidgenössisches Institut für Geistiges Eigentum»
Fenster schliessen

Describe Trade Secrets and how they are used

  • Patent or copyright could be used for such information, but both of the m provide the protection just for a limited time period
  • Trade Secrets are often used by big software companies to protect their core base of intellectual property.
Fenster schliessen

Whats a Patent and is it usable for software

  • Protect the intellectual property rights of inventors
  • 20 years exclusive usage of the invention
  • After 20 years the invention is public available for everyone to use
  • Must be new, must be useful, must not be obvious
  • Does not provide adequate protection for computer software products
Fenster schliessen

What are assets of an organization

  • Information: All data of an organization
  • Systems: The system includes any services provided for / from the organization (IT)
  • Devices: server, desktop computers, portable laptops, tablets, smartphones, external devices e.g. printers
  • Facilities: all physical location that an organization owns or rents
  • Personnel: Working for an organization 
  • Intellectual Property: Assets which are intangible (immateriel)
    • Brand names
    • Creative output
    • Secret recipes or product techniques
Fenster schliessen

What could happen if an asset is lossed or disclouserd 

  • An overall security compromise (security breach, security leck)
  • Loss of productivity
  • Reduction of profits
  • Additional expenditures (Auslagen / Ausgaben)
  • Discontinuation (Stilllegung / Unterbrechung) of the organization
  • And more …
Fenster schliessen

waht are the military and business data classifications

Military

  • Top secret
  • Secret
  • Confidential
  • Sensitive but unclassified
  • unclassified

The unauthorized disclosure of top-secret data will have drastic effects and cause grave damage to national security. The unauthorized disclosure of data classified as secret will have significant effects and cause critical damage to national security. The unauthorized disclosure of data classified as confidential will have noticeable effects and cause serious damage to national security. Sensitive but unclassified is used for data that is for internal use. 

Business

  • Confidental / Private
  • Sensitive
  • Public
Fenster schliessen

What is SSH, why is it used and what are the advantages compared to older technologies as e.g. ftp, telnet, rlogin ...

Secure Shell replaces unsecure remote configuration operations as e.g.: telnet, ftp, rlogin, rsh, rcp and rexec. Old commands and protocols transmit the content in plain text rather than encrypted format.

Advantages: encrypts data, offers different authentication methods e.g. password authentication, Pubkey Authentication