Duplicate
Export
Register
Tekrar 1-1
1 PDF
1 Flashcard Deck
1 / 1
100%
View
Tekrar00.pdf Flashcards
Study
What does the CIA triangle stand for in cybersecurity?
Confidentiality, Integrity, Availability
What does confidentiality mean in cybersecurity?
Ensuring sensitive data is accessed only by authorized users, using encryption methods for privacy protection and to prevent sniffing attacks
What does integrity mean in cybersecurity?
Ensuring data has not been changed, modified, or corrupted while in transit, using hashing techniques to prevent man-in-the-middle attacks
What does availability mean in cybersecurity?
Ensuring data is available when needed, utilizing backups to maintain availability against DDoS attacks, for example
What is a sniffing attack in cybersecurity?
Attackers capture data using tools like Wireshark to read it in clear text
What is a man-in-the-middle attack in cybersecurity?
An attacker sits between devices to intercept and manipulate data
What is the difference between DoS and DDoS attacks?
DoS disrupts services from a single attacker, while DDoS uses multiple computers to attack a single target, specifically targeting availability of services
What is a DoS attack compared to in real-world terms?
It is like one person blocking the entrance to a store so others can't get in, disrupting the normal operations
What is a DDoS attack compared to in real-world terms?
It is like a large group of people blocking the entrance to a store from different sides, making it impossible for anyone to enter, disrupting the normal operations
What is encoding, encryption, and hashing in cybersecurity?
Encryption is a two-way function used to maintain confidentiality, with algorithms like RSA, AES, and 3DES. Common types of encryption are asymmetric, symmetric, and hybrid; asymmetric uses pair keys, symmetric uses a single key, and authorized users can decrypt data using public or private keys
What is DDoS?
Distributed Denial of Service - like a large group of people blocking the entrance to a store from different sides making it impossible for anyone to enter.
What is encryption?
Encryption is a two-way function used to maintain confidentiality. Some common encryption algorithms are RSA, AES, and 3DES. Common types of encryptions are Asymmetric, Symmetric, and Hybrid.
What is encoding?
Encoding is a simple algorithm that transforms data into another format that can easily be reversed. It can be done by open-source intelligence tools like link sanitizer and cyberchef. Operations include Base64 and hex.
What is hashing used for?
Hashing is a one-way algorithm used to validate the integrity of data. If the data has been compromised, the hashes are different, indicating a change in the data. Common hashing algorithms include MD5, SHA-1, and SHA-2. SHA-2 is preferred for its stronger security and longer hash values compared to MD5 and SHA-1.
What is a digital signature?
A digital signature is a cryptographic technique used to verify the authenticity and integrity of digital documents or messages. It involves using a private key to create a unique digital signature that can be verified using a public key.
What are some common Hashing algorithms mentioned in the text?
MD5, SHA-1, and SHA-2
Why is SHA-2 considered the best choice among hashing algorithms mentioned?
SHA-2 offers stronger security and longer hash values compared to MD5 and SHA-1
What is a hash collision and why is it a concern with MD5 and SHA-1?
A hash collision occurs when two different inputs produce the same output hash value. MD5 and SHA-1 have known vulnerabilities to hash collisions.
What is a digital signature used for in cryptography?
A digital signature is used to verify the authenticity and integrity of digital documents or messages.
Explain the process of a three-way handshake.
A three-way handshake is a process used to create a connection between a client and a server. It involves three steps: 1. The client sends a SYN packet to the server. 2. The server responds with a SYNACK packet. 3. The client sends an ACK packet to the server. Once these steps are completed, the connection is established.
How are Encryption and Hashing different?
Encryption hides data in a non-humanly readable form and provides confidentiality, while hashing verifies data integrity. Encryption is a two-way function, and hashing is a one-way function.
What are the differences between TCP and UDP protocols?
TCP is a connection-oriented protocol that ensures reliable and ordered delivery of data, while UDP is a connectionless protocol that offers faster transmission but does not guarantee delivery.
What is a three-way handshake?
A process used to establish a connection between a client and a server in three steps: SYN, SYNACK, and ACK.
What is the main difference between TCP and UDP protocols?
TCP is a connection-based protocol while UDP is connectionless.
Why is UDP preferred for video conferences and live streams?
Sometimes connection speed is more important than reliability, making UDP ideal for real-time communication.
Name some examples of TCP flags.
SYN, ACK, FIN, RST, PSH, URG.
Why do we use UDP for voice or video calls?
Connection speed is more important than reliability, making UDP preferred for video conferences and live streams.
Give examples of TCP flags
SYN (synchronization for connection establishment), ACK (acknowledgment of packets received), FIN (graceful termination of the connection), RST (suddenly stop the connection), PSH (immediately pushes out data), URG (informs priority data).
What is the three-way handshaking process for terminating a connection?
FIN, FINACK, ACK.
Name some cybersecurity frameworks
MITRE ATT&CK framework, Cyber Kill Chain, NIST, SANS, ISO.
What are some examples of frameworks that help organizations build a strong cybersecurity foundation and reduce Cyber Risk?
NIST, SANS, and ISO
What is the MITRE ATT&CK Framework used for?
To help cybersecurity professionals understand how cyber attackers operate
How many tactics and techniques are there in the MITRE framework (approximately)?
14 tactics and more than 200 techniques
What is the NIST Cybersecurity Framework developed by?
The National Institute of Standards and Technology (NIST)
What are the four steps of the NIST Cybersecurity Framework?
Preparation, detection and monitoring, eradication containment and recovery, post incident activity
In which step of the NIST framework do organizations escalate cases to the Incident Response (IR) team?
Step three: eradication containment and recovery
What are the four steps of the NIST Cybersecurity Framework?
Preparation, Detection and Monitoring, Eradication containment and recovery, Post incident activity.
What is the role of a SOC analyst in the NIST framework?
Managing and reducing cybersecurity risks.
What happens in step two of the NIST framework?
Detection and monitoring.
What is the final step in the NIST framework?
Post incident activity where lessons learned are discussed to prevent similar incidents in the future.
What is the OSI layer?
The OSI model consists of seven layers, each serving a specific function in network communication.
What is the function of the Physical Layer in the OSI model?
Handles the physical connection between devices and infrastructure, vulnerable to attacks like cable cutting and signal interference.
What is the function of the Data Link Layer in the OSI model?
Manages data transfer between connected devices, susceptible to attacks such as MAC address spoofing and VLAN hopping.
What is the function of the Network Layer in the OSI model?
Routes and forwards data between different networks, targeted by attacks like IP spoofing and DNS hijacking.
What is the function of the Transport Layer in the OSI model?
Ensures reliable data transfer between endpoints, vulnerable to attacks like TCP SYN flooding and session hijacking.
What is the function of the Session Layer in the OSI model?
Establishes and maintains communication sessions between devices, prone to attacks such as session hijacking and replay attacks.
What is the function of the Presentation Layer in the OSI model?
Handles data translation and formatting, susceptible to attacks like buffer overflow and code injection.
What is the function of the Application Layer in the OSI model?
Delivers data to end-users through applications, targeted by attacks.
Which layer in the OSI model is susceptible to attacks like MAC address spoofing and VLAN hopping?
Data Link Layer (Layer 2)
Which layer in the OSI model routes and forwards data between different networks and is targeted by attacks like IP spoofing and DNS hijacking?
Network Layer (Layer 3)
Which layer in the OSI model ensures reliable data transfer between endpoints and is vulnerable to attacks like TCP SYN flooding and session hijacking?
Transport Layer (Layer 4)
Which layer in the OSI model establishes and maintains communication sessions between devices and is prone to attacks like session hijacking and replay attacks?
Session Layer (Layer 5)
Which layer in the OSI model handles data translation and formatting and is susceptible to attacks like buffer overflow and code injection?
Presentation Layer (Layer 6)
Which layer in the OSI model delivers data to end users through applications and is targeted by attacks such as phishing, malware, and social engineering?
Application Layer (Layer 7)
What security tool operates at OSI Layer 7 and provides application level filtering and control?
Proxy
What security tools operate across multiple layers typically focusing on Layers 3, 4, 5, and 6 to detect and prevent network-based attacks?
Intrusion Detection/Prevention Systems (IDS/IPS)
What security tool operates at Layers 3 and 4, controlling traffic based on defined security rules?
Firewall
Which device is associated with the Network Layer (Layer 3) and deals with IP-related functions?
Router
Which device is associated with the Data Link Layer (Layer 2) and deals with MAC addresses?
Switch
In which layer of the OSI model can Layer 3 switches be found?
Network Layer (Layer 3)
What does the OSI model provide a structured framework for understanding and addressing in network communication and security?
Various aspects of network communication and security
What layer does a Firewall operate at?
Layers 3 and 4
What layer does a Router operate at according to the OSI model?
Network Layer (Layer 3)
What layer does a Switch operate at according to the OSI model?
Data Link Layer (Layer 2)
What is the purpose of the OSI model?
To provide a structured framework for understanding and addressing various aspects of network communication and security
What are the 7 layers of the OSI model in order from top to bottom?
Application, Presentation, Session, Transport, Network, Data Link, Physical
What is the role of the Application Layer in the OSI model?
User interface or Human Computer interaction layer where applications can access network services like HTTP, FTP, SMTP, and DNS
What activities occur in the Presentation Layer of the OSI model?
Encryption and decryption (SSL, SSH)
What is the function of the Session Layer in the OSI model?
Maintains connections and controls ports and sessions through API calls (NFS, SQL)
What is the responsibility of the Transport Layer in the OSI model?
Handles data transmission using TCP and UDP protocols
What does the Network Layer determine in the OSI model?
Decides the path data will take and how it gets from one host to another, using IP, ICMP, ping, and ARP
What does the Data Link Layer define in the OSI model?
The data format on the network, using MAC addresses, switches, bridges, and Ethernet
What is the role of the Physical Layer in the OSI model?
Involves the physical structure such as wires and cables to transmit data
What is the Cyber Kill Chain framework?
Describes the phases of a cyber attack from early reconnaissance to data exfiltration
What happens during the Reconnaissance phase of the Cyber Kill Chain?
Attacker conducts research, identifies, and selects a target
What does NFS stand for?
Network File System
What is SQL used for in the context of data transmission?
Structured Query Language for interacting with databases
What are the primary transport layer protocols?
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)
What is the role of the network layer in data transmission?
Decides which path the data will take and how data gets from one host to another
What are some examples of network layer protocols?
IP (Internet Protocol), ICMP (Internet Control Message Protocol), ARP (Address Resolution Protocol), Router
What does the data link layer define on the network?
The data format on the network, includes MAC addresses, Switches, Bridges, Ethernet
What is the physical layer responsible for in data transmission?
Physical structure - Wires and cables, actual transmission of data bits
What is the Cyber Kill Chain framework?
Describes the phases of a cyber attack from early reconnaissance to the goal of data exfiltration
What is the first phase of the Cyber Kill Chain framework?
Reconnaissance - attacker does research, identifies target, and vulnerabilities
What is the second phase of the Cyber Kill Chain framework?
Weaponization - attackers create their attacks, can be in the form of documents or emails
What is the third phase of the Cyber Kill Chain framework?
Delivery - attackers transmit their weapons to the target, via attachments, websites, or removable media
What is the fourth phase of the Cyber Kill Chain framework?
Exploitation - weapon's code triggers and exploits vulnerabilities in the system and applications
What is the fifth phase of the Cyber Kill Chain framework?
Installation - backdoor is installed on victim system for maintaining access
What is the sixth phase of the Cyber Kill Chain framework?
Command and Control - compromised host communicates with a controller server to establish control channel
What is the final phase of the Cyber Kill Chain framework?
Actions on Objectives - attacker takes actions to achieve goals like data exfiltration or encryption
What are some common ports used in TCP communication?
FTP (21), SSH
What is a common method of exploitation after a weapon is delivered to the victim?
Installation of a backdoor to maintain persistency on the victim system.
What is the purpose of Command and Control in a cyber attack?
Compromised host beacons outbound to an Internet controller server to establish a C2 channel.
What actions does an attacker take to achieve their goals in a cyber attack?
Actions such as data exfiltration, encrypting and extracting information (e.g., for ransom).
What are some common TCP ports and their associated services?
FTP (21), SSH (22), SFTP (22), Telnet (23), SMTP (25), HTTP (80), HTTPS (443), POP3 (110), SMB (139, 445), IMAP (143), RDP (3389), LDAP (389), LDAPS (636), DNS (53), NTP (123), DHCP (67, 68), TFTP (69), SNMP (161), Kerberos (88).
What is ICMP, and does it have ports like TCP and UDP?
ICMP is Internet Control Message Protocol (IP protocol 1). It has no ports, unlike TCP and UDP which have ports.
What is a firewall and its role in network security?
A firewall is a network security device or software application that monitors and controls incoming and outgoing network traffic based on security rules, acting as a barrier between internal and external networks.
What does DHCP stand for?
Dynamic Host Configuration Protocol
What is the port number for TFTP?
69
What does SNMP stand for?
Simple Network Management Protocol
What is the port number for Kerberos?
88
What does ICMP stand for?
Internet Control Message Protocol
What is the IP protocol number for ICMP?
1 (see RFC792)
What is the IP protocol number for TCP?
6 (described in RFC793)
What is the IP protocol number for UDP?
17 (see RFC768)
What is the main function of a firewall?
To monitor and control incoming and outgoing network traffic based on security rules
What is the purpose of a firewall?
To act as a barrier between internal and external networks, filtering traffic to prevent unauthorized access and protect against cyber threats
What criteria can firewalls use to allow or block traffic?
IP addresses, port numbers, protocols, and application types
What is the role of Packet Filtering Firewalls?
To examine packets of data as they pass through the firewall and filter them based on predefined rules
What is the role of Layer 3 Stateful Inspection Firewalls?
To track the state of active connections and make decisions about whether to allow or block traffic based on the context of the connection
What is the role of Layer 4 TCP UDP Proxy Firewalls?
To act as an intermediary between internal and external networks, intercepting and inspecting traffic before forwarding it to its destination
What are Layer 7 Next Generation Firewalls?
Firewalls that can perform deep packet inspection to analyze the contents of data packets and identify potentially malicious activity
What is a Packet Filtering Firewall?
Examines packets of data as they pass through the firewall and filters them based on predefined rules.
What is a Layer 3 Stateful Inspection Firewall?
Tracks the state of active connections and makes decisions about whether to allow or block traffic based on the context of the connection.
What is a Layer 4 TCP UDP Proxy Firewall?
Acts as an intermediary between internal and external networks, intercepting and inspecting traffic before forwarding it to its destination.
What is a Layer 7 Next Generation Firewall (NGFW)?
Integrates advanced features such as intrusion detection and prevention, application-level filtering, and deep packet inspection to provide enhanced security capabilities.
What role do firewalls play in network security?
Firewalls play a crucial role in protecting networks from unauthorized access, data breaches, and other cyber threats by enforcing security policies and controlling network traffic.
What is the difference between an IPS and a Firewall?
A firewall acts as a barrier between networks and controls traffic based on predefined rules, while an IPS goes beyond firewall functionality by actively monitoring and analyzing network traffic for signs of suspicious or malicious activity.
What do Snort rules refer to?
Snort rules are used in Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect and block threats within the network.
What is the difference between a Firewall and an IPS?
Firewall acts as a barrier between networks controlling traffic based on predefined rules, while an IPS goes beyond firewall functionality by actively monitoring and analyzing network traffic for signs of suspicious or malicious activity and taking real-time action to prevent attacks.
What are Snort rules used for?
Snort rules are used in Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect and prevent network attacks. These rules are written in a specific format and are used to identify and respond to suspicious or malicious network traffic.
What is Ransomware?
Ransomware is malicious software that encrypts files on a computer or network, making them inaccessible. Attackers demand payment, usually in cryptocurrency, in exchange for providing the decryption key needed to unlock the files. It is a form of digital extortion that can have serious consequences for individuals and organizations.
What is the difference between SQL injection and Blind SQL injection?
SQL injection and Blind SQL injection are both types of cyber attacks targeting databases, but they differ in how they exploit vulnerabilities and retrieve data. SQL Injection attacks exploit vulnerabilities in web applications by injecting malicious SQL queries into input fields.
What is ransomware?
Ransomware is a form of malware that encrypts files on a computer or network, making them inaccessible. Attackers demand payment, usually in cryptocurrency, in exchange for providing the decryption key needed to unlock the files.
What is SQL injection?
SQL injection is a type of cyber attack where attackers exploit vulnerabilities in web applications by injecting malicious SQL queries into input fields to manipulate the database and extract sensitive data.
What is Blind SQL injection?
Blind SQL injection attacks are similar to traditional SQL injection attacks but do not return meaningful error messages or results to the attacker. Instead, they rely on time-based techniques to infer information indirectly.
How do SQL injection attacks differ from Blind SQL injection attacks?
SQL injection attacks directly manipulate databases to retrieve data, while Blind SQL injection attacks exploit vulnerabilities in a way that makes them harder to detect by not providing immediate feedback to the attacker.
What is the main difference between SQL injection attacks and blind SQL injection attacks?
SQL injection attacks directly manipulate databases to retrieve data, while blind SQL injection attacks rely on time-based techniques to infer information indirectly.
How do blind SQL injection attacks make it harder for attackers to detect vulnerabilities?
Blind SQL injection attacks do not provide immediate feedback to the attacker and rely on inferred responses to achieve their objectives, making them harder to detect.
What are some examples of application layer attacks mentioned in the text?
OWASP Top 10 attacks, such as SQL injection, Blind SQL Injection, and Webshell attacks.
What are some preventative measures to protect against SQL injection attacks?
Implementing secure coding practices and input validation to block unauthorized database access.
What is the purpose of using private IP addresses within a local network?
Private IP addresses are used within a local network, such as a home or office, and are not accessible from the internet.
What are the common ranges of private IP addresses mentioned in the text?
Common ranges of private IP addresses include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255.
What is the purpose of using public IP addresses?
Public IP addresses are used to communicate over the internet, and every device connected to the internet has a unique public IP address.
What are some examples of SIEM tools mentioned in the text?
SIEM Tools mentioned in the text include Splunk, PaloAlto, and Microsoft Defender EDR.
Name some email security tools mentioned in the text.
Email security tools mentioned include Proofpoint.
What is the purpose of using Nmap in cybersecurity?
Nmap is a hacking tool used for network discovery and security auditing.
Private IP Address
Used within a local network like your home or office. Not accessible from the internet. Common ranges include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, 192.168.0.0 to 192.168.255.255.
Public IP Address
Used to communicate over the internet. Every device connected to the internet has a unique public IP address, which is how devices on the internet find and talk to each other.
SIEM
Security Information and Event Management tool that provides real-time analysis of security alerts generated by network hardware and applications.
Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
EDR
Endpoint Detection and Response, a cybersecurity technology that continuously monitors and responds to advanced threats on endpoints.
Proxy
An intermediary server that acts as a gateway between a user and the internet, enhancing security and privacy.
OSINT
Open Source Intelligence, the collection and analysis of publicly available information for intelligence purposes.
Hacking Tools
Tools used by hackers to exploit vulnerabilities and gain unauthorized access to systems and data.
Email security tools
Tools and protocols designed to protect email communication from malware, phishing, and other threats.
Cloud Security
Security measures and technologies implemented to protect cloud computing environments and data.
Splunk
A platform for operational intelligence that enables organizations to monitor, search, analyze, and visualize machine-generated data.
PaloAlto
A cybersecurity company known for its firewall and security products, offering advanced threat protection.
Microsoft Defender EDR
Microsoft's endpoint security solution that provides advanced threat protection, detection, and response capabilities.
Bluecoat
A cybersecurity company offering web security and WAN optimization solutions.
VirusTotal
A free online service that analyzes files and URLs for viruses, worms, trojans, and other types of malicious content.
Nmap
A free and open-source network scanner used to discover hosts and services on a computer network.
Proofpoint
A cybersecurity company that provides email security, data loss prevention, and threat intelligence solutions.
Azure
Microsoft's cloud computing platform, offering a range of services for computing, analytics, storage, and networking.
IBM QRadar
An enterprise security information and event management (SIEM) solution that helps organizations detect and respond to cybersecurity threats.
SOAR
Security Orchestration, Automation, and Response, a set of technologies that enable organizations to collect security data and respond to threats in a coordinated manner.
Cisco
A multinational technology conglomerate known for its networking hardware, software, and services.
Carbon Black
A cybersecurity company offering endpoint security and threat hunting solutions.
What is Mimikatz?
Mimikatz is a tool created by Benjamin Delpy in 2007, open source and used to retrieve important information like passwords from Windows systems, often used by attackers to break into networks or systems without permission.
Explain DDoS attacks and how to prevent them.
A DDoS (Distributed Denial of Service) attack occurs when multiple computers overwhelm a single target to prevent real users from accessing a website or service. Prevention methods include setting up firewalls and IPS to block bad traffic, limiting requests from certain IPs, and using load balancing.
What is a man-in-the-middle attack?
A man-in-the-middle attack occurs when a malicious actor intercepts communication between two parties, such as a user and a server. This interception can allow the attacker to eavesdrop on or manipulate the communication, leading to the theft of sensitive information or alteration of messages. Examples include IP spoofing and DNS spoofing.
What is a man-in-the-middle attack?
A man-in-the-middle attack happens when a bad actor intercepts communication between two parties, like a user and a server, to steal sensitive information or tamper with messages.
What can a bad actor do during a man-in-the-middle attack?
During a man-in-the-middle attack, a bad actor can listen in on the communication, tamper with messages, steal sensitive information, or even change the messages.
What are some examples of man-in-the-middle attacks?
Examples of man-in-the-middle attacks include IP spoofing and DNS spoofing.
Scholarly Assistant's Insights
A summary of cybersecurity concepts including CIA triangle, confidentiality, integrity, and availability. Flashcards included.
Cybersecurity
Network Security
Encryption
Hashing
Ddos Attacks
+9 more
Ask Scholarly Assistant
Similar Pages
Login to Leave a Comment
Give your feedback, or leave a comment on a page to share your thoughts with the community.
Login