Cybersecurity is the protection of internet-connected systems, including hardware, software and data from cyberattacks to prevent unauthorized access to data.
What is the goal of cybersecurity?
The goal of cybersecurity is to limit risk and protect IT assets from attackers with malicious intent. maintain the confidentiality, integrity and availability (CIA) of data
What is the difference between Threat, Vulnerability, and Risk?
• Threat: Someone with the potential to cause harm by damaging or destroying the official data to a system or organization. • Vulnerability: It refers to weaknesses in a system that makes threat outcomes more possible and even more dangerous. • Risk: It refers to a combination of threat probability and impact/loss. In simple terms, it is related to potential damage or loss when threat exploits the vulnerability.
What is the firewall?
firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. Firewall Types
• Packet Filtering: Check each packet against rules for IP and port • Stateful Inspection: Maintains information about the state of each connection (basic firewalls sold today) • Next-Generation (NGFWs): Uses contextual information about users, apps, and processes to make decisions Web Application (WAFs): filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is able to filter the content of specific web applications Protects against web application attacks like SQL injection and Cross-site Scripting (SQL/XSS)
What is VPN? A VPN secures the private network, using encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. This type of network is designed to provides a secure, encrypted tunnel in which to transmit the data between the remote user and the company network. IPSEC: Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs). IPsec involves two security services:
• Authentication Header (AH): This authenticates the sender, and it discovers any changes in data during transmission. • Encapsulating Security Payload (ESP): This not only performs authentication for the sender but also encrypts the data being sent
What is the difference between IDS and IPS?
IDS: monitoring system that only detects intrusions but unable to prevent intrusions IPS: control system that detects and prevents intrusions, It needs a regularly updated database with the latest threat data
Security Information and Event Management (SIEM)
SIEM products provide real-time analysis of security alerts that are flagged by network appliances and software applications (aggregation).
What is Network Access Control (NAC)?
NAC is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network NAC is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement What is the Patch Management? The goal of patch management is to keep updating various systems in a network and protect them against malware and hacking attacks.
Steps: 1. Read the description of the patch in question 2. Deploy the patch on a test system that is identical to the systems to which you intend to roll it out 3. roll it out to a small number of live systems
What is Sandboxing? Behavior based software management strategy that isolates applications from critical system resources and other programs It provides an extra layer of security that prevents malware or harmful applications from negatively affecting your system
Define baseline? Network baselining is the act of measuring and rating the performance of a network in realtime situations. Providing a network baseline requires testing and reporting of the physical connectivity, normal network utilization, protocol usage, peak network utilization, and average throughput of the network usage
What is the difference between the Red team and Blue team? The red team refers to an attacker who exploits weaknesses in an organization's security. The blue team refers to a defender who identifies and patches vulnerabilities into successful breaches
What is Authentication and how to implement?
Authentication: Provides the method of identifying users
• Something you know: such as password.
• Something you have: such as smartcard, token. • Something you are: such as your fingerprints. • Something you do: such as an action you must take to complete authentication. • Somewhere you are based on geolocation What is Challenge Handshake Authentication Protocol (CHAP)? CHAP is an authentication scheme used by Point-to-Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake
Kerberos? Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner Kerberos authentication uses a key distribution center (KDC) to orchestrate the process
Risk Management? The process of identifying risks, analyzing them, developing a response strategy for them, and mitigating their future impact.
What is a cybersecurity risk assessment?
A cybersecurity risk assessment refers to detecting the information assets that are prone to cyber- attacks (including customer data, hardware, laptop, etc.) and evaluates various risks that could affect those assets.
The best way to perform cybersecurity risk assessment is to detect:
• Relevant threats in your organization
• Internal and external vulnerabilities • Evaluate vulnerabilities impact if they are exploited
Incident Response Procedures:
Preparation
Identification
Containment Eradication
Recovery Lessons learned What is Disaster recovery? Disaster recovery is the act of recovering data following a disaster in which it has been destroyed the act of recovering data following a disaster in which it has been destroyed Disaster-recovery plan, or scheme, helps an organization to respond effectively when a disaster occurs
Denial-of-service DOS: make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services Distributed denial-of-service DDOS: the incoming traffic flooding the victim originates from many different sources
What is Man-in-the-middle attack (MITM)?
MITM is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other ex: DHCP attack, ARP poisoning.
Define the Zero-day attack.
Zero-day attack is the threat of an unknown security vulnerability in a computer software or application for which either the patch has not been released or the application developers were unaware.
What is the use of Traceroute?
A Traceroute is a network diagnostic tool, used for tracking the pathway of an IP network from source to destination. It records the period of each hop the packet makes while its route to its destination What is a Botnet? A Botnet is a group of internet-connected devices such as servers, PCs, mobile devices, etc., that are affected and controlled by malware. (using in DDOS attack)
What is Cross-Site Scripting and how it can be prevented?
Cross-Site Scripting is also known as a client-side injection attack, which aims at executing malicious scripts on a victim's web browser by injecting malicious code.
What is the difference between stored and reflected XSS?
• Stored XSS Attacks - The attacks where the injected scripts are stored on the target servers permanently. In this, the victim retrieves the malicious script from the server when requests the stored information.
• Reflected XSS Attacks - In this, the user has to send the request first, then it will start running on the victim's browser and reflects results from the browser to the user who sent the request.
What is an active reconnaissance?
Active reconnaissance is a kind of computer attack where intruder engages the target system for collecting the data about vulnerabilities. The attackers mostly use port scanning to identify vulnerable ports and then exploit the vulnerabilities of services that are associated with open ports
What is the difference between vulnerability assessment and penetration testing?
Vulnerability Assessment: It's a process to define, detect, and prioritize the vulnerabilities in computer systems, network infrastructure, applications.... etc and gives the organization with the required information to fix the flaws. Penetration Testing: It is also called as pen testing or ethical hacking. It's a process of testing a network, system, application...... etc.
What is phishing and how it can be prevented?
Phishing is a malicious attempt of pretending oneself as an authorized entity in electronic communication for obtaining sensitive information such as usernames, passwords, etc. through fraudulent messages and emails. What is security misconfiguration? Security misconfiguration is a vulnerability that could happen if an application/network/device is susceptible to attack due to an insecure configuration option. It can be as simple as keeping the default username/password unchanged.
Cryptography Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.
What is a CIA triad?
The CIA Triad is a well-known, venerable model for the development of security policies used in identifying problem areas, along with necessary solutions in the arena of information security.
• Confidentiality: ensuring that only authorized parties can read a message
• Integrity: ensuring that any changes to data will be detected and rejected • Authentication: the sender and receiver can confirm each other's identity and the origin/destination of the information
Encryption can provide Confidentiality at different network layer:
• Sec Application layer (email)
• Session layer (SSL/TLS) • Network layer (IPsec) • Data link layer (MAC sec) Types of cryptography:
symmetric-key or Single-key encryption algorithms: Use the same key to encrypt and decrypt data. EX: AES, 3DES, DES Asymmetric-key encryption algorithms: Use the different key (public & private) to encrypt and decrypt data. EX: RSA, ALGamal
Secure Sockets Layer (SSL)
SSL (Secure Sockets Layer) is a secure protocol which provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security. Hashing: A mechanism that is used for Data integrity assurance, based on one way Function ,EX: MD5,SHA-1 , SHA-2
What is the difference between hashing and salting?
• Hashing is majorly used for authentication and is a one-way function where data is planned to a fixed-length value. • Salting is an extra step for hashing, where it adds additional value to passwords that change the hash value created.
Public key infrastructure (PKI)
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public- key encryption
