Cyber Security
Cybersecurity is the practice of protecting systems, networks, and data from digital attacks, theft, and damage. It involves a range of measures, including the use of software, hardware, and policies to safeguard information and ensure the integrity, confidentiality, and availability of data. Key components of cybersecurity include risk management, threat detection and response, access control, encryption, and user education. As cyber threats evolve, cybersecurity remains crucial for organizations and individuals to defend against breaches, malware, and other cybercriminal activities.
Cyber Security
Criminal activities involving computers or networks, where systems are targeted or used as tools for illegal actions.
Increasing crime refers to the growing incidence of unlawful activities in a specific area or context, often indicating a rise in criminal behavior or trends over time.
Tactics used by cybercriminals to exploit systems and individuals for financial gain, such as ransomware, fraud, and phishing schemes.
A part of the internet that is not indexed by search engines and requires specific software to access, often associated with illegal activities and anonymous communication.
Networking
The fundamental concepts and principles that underpin the design, implementation, and management of computer networks, including hardware, protocols, and communication methods.
The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to understand and standardize the functions of a networking system across different communication systems.
The structured framework that organizes the various functions and processes of computer networking into distinct levels for better understanding and management.
The Network Layer is responsible for routing packets between devices across different networks and ensuring data is sent from the source to the destination efficiently.
Different networks refer to various types of interconnected systems, including local area networks (LANs), wide area networks (WANs), metropolitan area networks (MANs), and others, each serving distinct purposes and scales.
Network Address Translation (NAT) is a method that modifies IP address information in packet headers while they are in transit, enabling multiple devices on a local network to share a single public IP address for accessing the internet.
IPv6 is the latest version of the Internet Protocol, designed to replace IPv4, featuring a larger address space, improved routing, and enhanced security.
ICMP (Internet Control Message Protocol) is a network layer protocol used for sending error messages and operational information, such as diagnostics and routing issues, between network devices.
CS Network Transport refers to the methods and protocols used to facilitate communication and data transfer between computers in a network, ensuring reliable and efficient delivery of information.
Spoofing traffic is the act of disguising communication from an unknown source as being from a trusted source.
UDP (User Datagram Protocol) is a connectionless transport layer protocol that enables fast, low-overhead transmission of data without the reliability and ordering guarantees provided by TCP.
Firewalls are security devices or software that monitor and control incoming and outgoing network traffic based on predefined security rules.
Firewall administration involves configuring, managing, and monitoring firewall systems to ensure network security and compliance with security policies.
Segmentation is the practice of dividing a network into smaller, isolated sections to enhance security, improve performance, and manage traffic more effectively.
An Intrusion Prevention System (IPS) is a network security technology that monitors network traffic for suspicious activity and can take action to block or mitigate threats in real time.
Content and application filtering is the process of monitoring and controlling access to specific content or applications on a network based on predefined policies to enhance security and productivity.
Applications are software programs designed to perform specific tasks or functions for users, ranging from productivity and communication to entertainment and data management.
Content control is the practice of managing and regulating access to specific types of content on a network to ensure compliance with policies and enhance security.
Decrypting traffic is the process of converting encrypted data back into its original, readable format to allow analysis or use by authorized parties.
Web applications are software programs that run on web servers and are accessed through a web browser, enabling users to interact with them over the internet.
HTTP headers are key-value pairs sent between a client and server in HTTP requests and responses, providing essential information about the request, response, or resource being communicated.
HTTP request headers are key-value pairs sent by a client to a server in an HTTP request, conveying important information about the request and the client's environment.
HTTP response headers are key-value pairs sent by a server back to a client in an HTTP response, providing important information about the response, such as content type, status codes, and caching directives.
HTTP verbs are methods used in HTTP requests to specify the desired action to be performed on a resource, such as GET, POST, PUT, and DELETE.
Sessions track user data across multiple requests, while state refers to the current condition or data of an application at a specific moment.
Cyber Attacks
Mapping is the process of discovering and documenting the structure and services of a network, while port scanning involves probing a network to identify open ports and services running on them.
Port scanning is the process of systematically probing a networked device to identify open ports and the services running on them.
UDP port scanning is the process of sending UDP packets to target ports to determine which ports are open or closed, helping to identify active services on a network.
Nmap timing options allow users to adjust the speed and stealthiness of scans by controlling the timing of packet transmission and response, balancing between speed and the likelihood of detection.
Network attacks are deliberate attempts to disrupt, compromise, or gain unauthorized access to a network's resources or data, often targeting vulnerabilities in network protocols, devices, or configurations.
The Return Pointer is a memory address that tells the CPU where to resume execution after a function call.
A buffer overflow in C occurs when input exceeds the size of a fixed array, overwriting adjacent memory like the Return Pointer, potentially allowing attackers to control the CPU's execution.
Vulnerability scanners are automated tools designed to identify security weaknesses and vulnerabilities in software, systems, and networks.
Network monitoring is the continuous observation and analysis of network traffic and performance to ensure optimal operation and security of networked systems.
Peer-to-peer (P2P) traffic refers to direct data exchange between devices on a network without the need for a centralized server, allowing users to share files and resources directly with each other.
Web application attacks are attempts to exploit vulnerabilities in web applications to gain unauthorized access, manipulate data, or disrupt services.
Eve is a hypothetical attacker in cybersecurity scenarios, often used to illustrate how vulnerabilities can be exploited to access unauthorized data or systems.
Avoiding "Magic Numbers" refers to the practice of not using hard-coded numerical values in programming, which can lead to security vulnerabilities like IDOR; instead, developers should use unique identifiers like GUIDs or UUIDs to enhance security.
SQL Injection is a security vulnerability where an attacker manipulates a query by injecting malicious SQL code into user inputs, allowing unauthorized access to the database.
SQL Injection is a security vulnerability where an attacker manipulates a query by injecting malicious SQL code into user inputs, allowing unauthorized access to the database.
XSS (Cross-Site Scripting) is a web vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users, enabling data theft or session hijacking.
XSS (Cross-Site Scripting) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, enabling unauthorized actions or data theft.
HTML encoding is the process of converting special characters into their corresponding HTML entities to ensure they are displayed correctly in a web browser and to prevent security risks like cross-site scripting (XSS).
Wi-Fi attacks are security breaches that exploit vulnerabilities in wireless networks to gain unauthorized access, intercept data, or disrupt services.
Wi-Fi security refers to the measures and protocols implemented to protect wireless networks from unauthorized access, data breaches, and other cyber threats.
MAC Address Filtering is a security method that restricts network access to devices with specific, pre-approved MAC addresses.
Enterprise Authentication is a secure network access method using centralized authentication servers, such as RADIUS or LDAP, to manage user credentials and permissions for Wi-Fi and other services.
Passwords are secret strings of characters used to authenticate a user and grant access to systems, accounts, or data.
Password managers are tools that securely store and manage user passwords, allowing for the generation of strong, unique passwords for different accounts while simplifying access through a single master password.
Password Guessing is the process of attempting unauthorized access to an account or system by systematically trying different password combinations, often using common passwords, personal information, or automated tools.
Password guessing is a security attack where an attacker attempts to gain unauthorized access to an account by systematically trying various password combinations until the correct one is found.
Credential stuffing is a cyber attack method where attackers use stolen username and password pairs from one breach to gain unauthorized access to accounts on different services, exploiting users' tendency to reuse credentials.
Penetration Testing: A security practice where testers simulate attacks on a system to identify vulnerabilities.Social Engineering: The manipulation of people into divulging sensitive information or performing actions that compromise security.
No-knowledge, Partial-knowledge, and Full-knowledge penetration testing are approaches where the tester has no information, limited information, or complete access to the system, respectively, to identify vulnerabilities and assess security.
Social engineering is a manipulation technique that exploits human psychology to deceive individuals into divulging confidential information or performing actions that compromise security.
A social engineering scenario using fear involves an attacker impersonating an authority figure to manipulate victims into complying with requests under the threat of negative consequences, such as job loss or disciplinary action.
Phishing is a cyber attack where attackers impersonate legitimate entities to trick individuals into providing sensitive information, such as passwords or financial details, typically through fraudulent emails or websites.
Vishing, or voice phishing, is a social engineering attack where attackers use phone calls to trick individuals into revealing sensitive information, such as personal details or financial data.
A common vishing example involves an attacker impersonating an IT manager over the phone, convincing an employee to provide their login credentials for a supposed system update.
Cyber Defence
Security Operations: The continuous monitoring and analysis of an organization’s security posture to detect, respond to, and mitigate security threats and incidents.
SOC staffing refers to the process of recruiting and organizing personnel in a Security Operations Center (SOC) to monitor, detect, and respond to cybersecurity incidents effectively.
SOAR (Security Orchestration, Automation, and Response) is a cybersecurity approach that integrates tools and processes to streamline security operations, automate incident response, and enhance threat management.
Escalation Chains: A structured process that outlines the steps and individuals involved in escalating issues or incidents within an organization, ensuring timely and effective responses to security threats.
What to Monitor?: The critical assets, systems, and activities within an organization that require oversight to detect anomalies, security threats, and ensure compliance with policies and regulations.
CS Incident Response: The systematic approach to managing and mitigating the effects of a cybersecurity incident, involving preparation, detection, analysis, containment, eradication, recovery, and lessons learned to improve future defenses.
PICERL is a cybersecurity methodology that stands for Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned, used to effectively manage and respond to security incidents.
Containment is the process of isolating a security threat to prevent it from spreading further within a system or network during an incident response.