Active mode security system in Wireless Communications.

Passive mode security system in Wireless Communications.

MitM

Ethical hackers who use their programming skills for good, ethical, and legal purposes. – White hat hackers

Unethical criminals who violate computer and network security for personal gain or for malicious reasons, such as attacking
networks. – Black hat hackers

Individuals who commit crimes and do arguably unethical things, but not for personal gain or to cause damage. – grey hat
hackers

A potential danger to an asset such as data or the network itself. – Threat

A weakness in a system or its design that a threat could exploit. – Vulnerability

The total sum of the vulnerabilities in a given system that is accessible to an attacker and describes different points where an
attacker could get into a plan and where they could get data out of the system. - Attack surface

A path by which a threat actor can access a server, host, or network. – attack vector

The mechanism that is used to leverage a vulnerability to compromise an asset. – exploit

The likelihood that a particular threat will exploit a specific vulnerability of an asset and result in an undesirable consequence.
– risk

Some or all of the risk is transferred to a willing third party, such as an insurance company. – risk transfer

This is when the cost of risk management options outweighs the cost of the risk itself. The risk is accepted, and no action is
taken. – risk acceptance

This reduces exposure to risk or the impact of risk by taking action to decrease the risk and mitigation strategy – risk reduction

Also effective for mitigating packet sniffer attacks – Encryption

A critical component of any modern secure network. The more that traffic is encrypted, the fewer opportunities hackers have
for intercepting data with man-in-the-middle attacks. – Cryptography

This occurs when an individual lies to gain access to confidential data. – Pretexting

The process of going through a target's trash to see discarded information. - Dumpster Diving

An act intended to deceive or trick someone can cause just as much disruption as an actual security breach – hoax

A security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members
of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's
workplace. - Watering hole attack

A form of cybercrime that involves hackers registering domains with deliberately misspelled names of well-known websites.
Hackers do this to lure unsuspecting visitors to alternative websites, typically for malicious purposes – Typosquatting

The attacker impersonates the vendor and creates a fake invoice that looks identical to a real invoice, and sends it to the target
client - Invoice scam

Refers to when an attacker prepends, or attaches, a trustworthy value like “RE:” or “MAILSAFE: PASSED” to a message in order
to make the message appear more trustworthy. Values like that are usually automatically added by a user's email client. –
Prepending

A malicious program that waits for a trigger, such as a specified date or database entry, to set off the malicious code. – logic
bomb

It refers to recording or logging every key struck on a computer’s keyboard. – keyboard logging

Any unwanted application that behaves in an annoying or undesirable manner. – grayware

Rogue access point – evil twin

Occurs when an attacker copies information, such as emails and contact lists, from a target’s device using a Bluetooth
connection – Bluesnarfing

A clever programmer capable of developing new programs and coding changes to existing programs to make them more
efficient. -hacker

Typically refer to grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or
rewards – vulnerability brokers

Threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist
groups, and corporations. - State-sponsored

A term for black hat hackers who are self-employed or working for large cybercrime organizations. – Cybercriminals

Leading efforts to automate cybersecurity information sharing with public and private organizations at no cost. – CISA

Relates directly to an organization's business continuity - Network security

The process that balances the operational costs of providing protective measures with the gains achieved by protecting the
asset. – risk management

Many network attacks can be prevented by sharing information about indicators of compromise

It contains a 4-bit binary value set to 0100 that identifies this as an IPv4 packet. – version

A 4-bit field containing 20 bytes is the minimum length of the IP header. - Internet Header length

An 8-bit field used to determine the priority of each packet. – DiffServ

Specify the IP packet's length (IP header + user data) - Total length

An 8-bit binary limits the lifetime of a packet. - Time-to-Live

An IPv4 header field that identifies the next-level protocol. – protocol

A calculated value based on the contents of the IP header determines any transmission-introduced errors - Header checksum

It contains a 32-bit binary value that represents the source IPv4 address of the packet. - Source IPv4 Address A

It contains a 32-bit binary value that represents the destination IPv4 address of the packet.- Destination IPv4 Address B
This field that varies in length from 0 to a multiple of 32 bits and If the values are not a multiple of 32 bits, 0s are added or
padded to ensure that this field contains a multiple of 32 bits- Options and Padding

This 16-bit field indicates the length of the data portion or payload of the IPv6 packet. - Payload Length

This 20-bit field suggests that all packets with the same flow label receive the same type of handling by routers. - Flow Label

In IPv6 header field, this value decrements by a value of 1 by each router that forwards the packet - Hop Limit

In IPv6 header field this 8-bit field is equivalent to the IPv4 Differentiated Services (DS) field. - Traffic Class

This 128-bit field identifies the IPv6 address of the sending host. - Source IPv6 Address

This 128-bit field identifies the IPv6 address of the receiving host. - Destination IPv6 Address

Threat actors spoof the source IP address to perform blind spoofing or non-blind spoofing. - Address spoofing attacks

Threat actors attempt to prevent legitimate users from accessing information or services.- Denial-of-Service (DoS) attacks

Threat actors use ICMP echo packets (pings) to discover subnets and hosts on a protected network, to generate DoS flood
attacks, and to alter host routing tables. - ICMP attacks

Threat actors gain access to the physical network, and then use an MiTM attack to hijack a session. - Session hijacking

This is a provisional response, consisting only of the Status-Line and optional headers. It is terminated by an empty line. There
are no required headers for this class of status code. Servers MUST NOT send this response to an HTTP/1.0 client except under
experimental conditions. - Informational 1xx

This is for cases in which the client seems to have erred - Client Error 4xx

The client’s request was successfully received, understood, and accepted.- Successful 2xx

This is for cases where the server is aware that it has erred or cannot perform the request - Server Error 5xx

Further action must be taken by the user agent to fulfill the request. A client SHOULD detect infinite redirection loops, because
these loops generate network traffic for each action.- Redirection 3xx

This involves limiting the spread of a worm infection to areas of the network that are already affected. – containment

Involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing
them – Quarantine

All uninfected systems are patched with the appropriate vendor patch – Inoculation

Involves actively disinfecting infected systems – Treatment

Detect changes in the response time of hosts to determine whether the hosts are processing more traffic than their own traffic
loads would indicate - Anti-sniffer software and hardware tools

Typically the precursor to other attacks that have the intent of gaining unauthorized access to a network or disrupting network
functionality. - Reconnaissance attacks

It helps prevent hosts from getting infected and spreading malicious code by detecting and eliminating viruses. - Antivirus
software

Occurs when web pages that are executed on the client-side, within their own web browser, are injected with malicious
scripts. - Cross-Site Scripting

This is permanently stored on the infected server and is received by all visitors to the infected page.- Stored (persistent)

Types of Cyber Threats

• Software Attacks
-A computer virus
-A successful denial-of-service (DoS attack).

• Software Error
-An application going offline
-A software bug
-A cross-site script or illegal file server share
• Natural Disasters
-Floods.
--Severe storms such as hurricanes or tornados.
-Earthquakes
-Fires

• Utility Interruption
-Electrical power outages
-Water damage resulting from sprinkler failure

• Sabotage
-An authorized user compromising an organization’s primary database
-The defacement of an organization’s website

Threats to Devices
Devices left powered on and unattended
Downloading files, photos, music or videos from unreliable sources
Insertion of unauthorized USB drives, CDs or DVDs on networking devices.
New viruses, worms and other type of malware.
No policies in place to protect an organization’s IT infrastructure.
Software with vulnerabilities installed on an organization’s devices
Use of outdated hardware or software

Threats to LAN
Exploits of data in transit
LAN servers with different hardware or operating systems
Misconfigured firewalls
Network operating system or software vulnerabilities and updates.
Rogue users gain unauthorized access to wireless networks.
Unauthorized access to systems, applications, and data
Unauthorized access to wiring closets, data centers, and computer rooms.
Unauthorized network probing and port scanning

Threats to Application
Client-server or web application development vulnerabilities
Data loss
Network operating system software vulnerabilities
Server downtime during maintenance periods
Someone gaining unauthorized access to data centers, computer rooms, wiring closets or systems

Threats to Private Cloud

Remote users access an organization’s infrastructure and download sensitive data.
Router, firewall, or network device configuration errors.
Router, firewall, or network device operating system or software vulnerabilities
Unauthorized access to resources.
Unauthorized network probing and port scanning.