Open Ports = Open Doors
This port is used for HTTP web traffic.
What is port 80?
An attacker sends a fake email to trick a user into revealing credentials.
What is phishing?
This device forwards packets between different networks.
What is a router?
This is the first step in incident response, involving preparation and planning.
What is preparation?
This part of AAA is what requires a password or PIN.
What is authentication?
This secure version of HTTP typically runs on this port.
What is port 443?
This type of attack floods a server with traffic to make it unavailable.
What is a DDoS attack?
This protocol is responsible for delivering packets to the correct IP address.
What is IP (Internet Protocol)?
This phase involves identifying whether a security event is actually an incident.
What is detection (or identification)?
This tool filters incoming and outgoing network traffic based on rules.
What is a firewall?
This protocol uses port 22 and allows secure remote login.
What is SSH?
An attacker tries many password combinations quickly to gain access.
What is a brute-force attack?
This protocol ensures reliable delivery of data with error checking.
What is TCP?
This step focuses on limiting the damage of an attack while it is happening.
What is containment?
This security principle gives users only the access they absolutely need.
What is least privilege?
This port is commonly targeted for brute-force attacks due to remote desktop access.
What is port 3389?
This attack tricks users into visiting a fake website that looks legitimate.
What is a watering hole?
This device operates at Layer 2 and uses MAC addresses to forward frames.
What is a switch?
This phase involves removing the threat from the system.
What is eradication?
This method adds an extra verification step beyond a password.
What is multi-factor authentication (MFA)?
This protocol uses port 21 and is considered insecure because it sends data in plaintext.
What is FTP?
An attacker intercepts communication between two parties without them knowing.
What is a Man-in-the-Middle (MITM) attack?
This process breaks data into smaller units for transmission across a network.
What is packet segmentation?
This final phase focuses on restoring systems and reviewing the incident.
What is recovery (or lessons learned)?
This system monitors networks for suspicious activity and alerts administrators.
What is an Intrusion Detection System (IDS)?