Ch. 1: Introduction to Information Security
The three core tenants of information security are Confidentiality, info is only available to the authorized, Accessibility, info is available to those authorized to see it, and this, ensuring info is only modified in an authorized way.
What is Integrity?
This training exercise sees two teams, a Red Team which attacks, and a Blue Team which defends, as they fight to steal or protect a file, network, or other piece of fictional intel.
What is Capture The Flag (CTF)?
The difference between these two types of risk assessment are the fact that the first relies on hard facts like dollar amounts whereas the second relies on subjective metrics.
What are Quantitative and Qualitative Risk Assessment?
The end goal of forensics is to understand what happened and format said information into one of these.
What is a forensics report?
VPN stands for this.
What is a Virtual Private Network?
The Attack Surface is where an attack targets whereas this is the path or means by which an attack is realized.
What is the Attack Vector?
Three of the largest organizations in data standards are the National Institute for Science and Technology (NIST), the American Institute of Certified Public Accountants (AICPA), and the CSA, which stands for this.
What is the Cloud Security Alliance?
Technological, Social, and Environmental are the three core types of these, in relation to business.
What is a Disaster?
This is one of the most common pieces of software in digital forensics. And hey, the mascot is a dog. How cute!
What is Autopsy?
This network object acts as a filter, letting legitimate traffic through and blocking illegitimate traffic.
What is a Firewall?
This some social engineering attacks include looking through the trash for info, following the authorized into secure locations, and watching a target to find info on them, known as these.
What are Dumpster Diving, Tailgating, and Shoulder Surfing?
Connected connection points form a Network. Some, called Nodes, can either resources. Others, called Clients, consume said resources. Networks can be joined by decision point central nodes, called Switches, or connected by these.
What are Routers?
There's a 20% chance that the server farm's internal cooling will fail, causing $60,000 in damages if the risk realizes. This is the magnitude of this possibility.
What is $12,000?
These two types of business intelligence are used to plan business actions and analyze those of your adversaries.
What are Strategic Intelligence and Counterintelligence?
This is one of the most frequently used programs in network security, acting as a packet analyzer when connected to a given network.
What is WireShark?
Whereas Phishing and Spear Phishing target a mass of unimportant targets or a small group of targets respectively, this social-based attack targets an individual, often someone of importance like a manager or CEO.
What is Whaling?
The General Data Protection Regulation (GDPR), Federal Information Security Management Act (FISMA), and California Consumer Privacy Act (CCPA) apply in these locations, respectively.
What are the EU, the US, and California?
This role, often shortened to DPO, processes the data of staff while complying with data security standards.
What is a Data Protection Officer (DPO)?
The cache is a system's most volatile component, followed by routing table and kernel, then RAM, then TEMP files, then the hard disk, and then remote logs. These, however, are at the bottom, the least volatile.
What are Backups?
The difference between these two systems is that one is designed to notice intrusions whereas the other intends to stop them.
What is a Network Intrusion Detection System (NIDS) and a Network Intrusion Prevention System (NIPS)?
Whereas a Virus spreads throughout a device's files and a Worm spreads over a network, a Fileless Virus exists in this.
What is Memory?
This style of contract includes a hirer disclosing the standards, metrics of success and failure, and punishments for failure to abide by said standards.
What is a Service-Level Agreement (SLA)?
Data security ranges from not secure at all, or Public, all the way to this, the most secure form of data, even more secure than Confidential.
What is Sensitive?
These are the three components of SOAR.
What are Security Orchestration, Automation, and Response?
This security method queries a device for its hardware ID and allows or denies it based on the response.
What is MAC Filtering?
Larry is a disgruntled employee. He suspects he may get fired soon and does the following:
1. He places a file within the company's database. The file checks if the Boolean "activeEmployee" is 1, meaning he is employed. If it is 0, the file activates.
2. When the file activates, it queries the system for a root password and sends it to Larry, letting him back in the system after his credentials are invalidated.
3. Once Larry is back in, he places a file in the system disguised as a commonly used software. When this file is opened, it allows Larry to remotely control a PC it's opened on.
These three tactics are known as this, respectively.
What are a Logic Bomb, a Backdoor, and a Remote Access Trojan (RAT)?
Garry has been hired to test a server's efficiency. Here are the steps they take.
1. They check this document to locate the central server tower.
2. They use this document to see where the equipment they need is on the rack.
3. To make sure it's running efficiently, they check this document to ensure all of the wiring is required.
4. After removing a few unnecessary connections, they examine which networks the server is connected to by referencing this document.
They used these documents in their process, respectively.
What are a Floor Plan, Rack Diagram, Wiring Diagram, and Logical Network Diagram?
Marry needs to mask some social security numbers at her company. These are the steps she takes to do so.
1. She runs each SSN through a mathematical algorithm to hide the data.
2. She replaces each now encoded SSN with a phrase that links back to it (i.e. 123-45-6789 becomes "Bravo").
3. When these pseudonyms are displayed, they are often replaced with filler characters to prevent shoulder surfing (i.e. "Bravo" becomes "XXXXX").
These are the respective techniques she used.
What are Hashing, Tokenization, and Masking?
Harry is not very good at his job as a data forensics. Here are the mistakes he made today:
1. He spilled his coffee and bricked a hard drive of evidence on a cybercrime syndicate.
2. He forgets to lock down the server of a company accused of fraud, allowing them to go back and modify the incriminating data.
3. He accidentally throws away a few receipts he needed to trace a money launderer.
These are the principles of data forensics which Harry violated.
What are Spoilage of Evidence, Preservation of Electronic Information, and Backing Up of Physical and Digital Files?
A few things are broken on the network that Barry runs. Here are the issues he's having.
1. All of the traffic is being routed to one server, causing slowdowns.
2. The network has numerous viruses coming in from packets being received via the internet.
3. An external user is connecting to a network via an ethernet port that shouldn't work.
These segments of the network are malfunctioning.
What are the Load Balancer, Firewall, and Port Disabler?