It’s best practice to always get software updates from a trusted source like the manufacturer ?
True -You should always validate where you are getting patches and updates
List different types of Patch management processes with examples?
-Notification=> manufacturers email about a fix
-identification=> analyze the update
-Deployment=> Acquiring the patch
-installation => Installing the patch of affected computers
-Verification => certifying the patch that is installed
=>Identity and access control
List the types of authentication types and provide an example?
1- Know (email address)
2-Have (laptop)
3-Are(voice)
Authorization
-permission to access a file or data element ( access control type)
Permissions and access rights are authorization “what your allowed to do or see”
Layering protection
1.3)Provide a description of layering security and any potential recommendations ?
Jill and Roy scenario
A network switch provides a satisfactory layering of security in the form of a firewall.
Cloud services- for many of the applications used and critical data is stored on it too
Windows 10 file server - exposing the business to potentially by-passing the layering and allowing direct access into their work environment
Layering protection
1.2)provide examples of layers as well as layering types
-Applications (Quickbooks)
-operating system (Microsoft windows 10)
-network(Linksys Ethernet switch)
-Mobile(iPhone and android smartphones)
-human (employees)
-data (personally identifiable tax information)
Layering protection
1.1) provide examples of benchmarks according to the center for the internet security benchmark website
-Microsoft office(excel and emails )
-microsoft windows desktop
-print devices
-google chrome
Layering protection pt1
Humans only interact with the application on the data level true or false ?
False- humans will interact with all layers weather they realize it or not
Provide examples of layers with corresponding potential protection methods
-database - access control
-data -encryption
-operating system - credentials
==Each layer has some kind of protection to keep the whole system safe
==both IT and security professionals use the CIS benchmarks as standards for applications ,operating systems and technologies
Introduction to threats ,attacks and exploits
Att & ck and mitre
Allows you to explore threat information found on the mitre and att & ck website.
Once choosing an attack or threat on the mitre /att & ck website either by selecting examples under the drive by compromise heading or not list some of the details found after selecting a cve (critical vulnerability exploit)
-attack name: drive by compromise
-ID : T1189
-Platform : windows ,linux , macOS ,saas
-permissions required :user
-brief description of the attack: application access tokens like oautho,to gain access to protected applications and information.These malicious apps have been delivered through pop ups on legitimate websites
Identifying software vulnerabilities:
Threats,attacks and exploits…
Name the type of action according to the scenario given
Consider a scenario where a malicious attacker may try to crack a password database and then use the results to gain unauthorized access into computer systems ?
Exploitation=> this is an attack or exploit in action
Which of the following can be considered cybersecurity threat
-disgruntled employer
-hackers
-user error
A fictitious company recently got breached and upon investigation they found that an employee clicked an advertisement link sent to his working email.This email was sent by a group of hackers to steal account ID and passwords ?
Which statements are true regarding threat vectors and threat sources…
-The method of using fake emails to steal passwords and Id’s is a threat source.
———-the fake advertisement link is a threat source ———-
-the hacker is a threat vector
The link is the source of the client information breach
Vulnerability management
Analysis
The phase of the vulnerability management process,we decide what to do about a vulnerability (a course of action to take)…
Cve entries contain all of the following except ?
Severity rating…
Cve entries contain(cve-Id ; description ; references ; data entry created )
Which of the following is true about the cve list
-one identifier for one vulnerability or exposure
-one standardized description for each vulnerability or exposure
-allows tools to speak the same language
- free for public download and use
===Cve is a great resource for investigation vulnerabilities on most types of software ..
Note that a database rather than a dictionary is not a part of the true regarding the cve list
Steps in vulnerability management used in the following scenario
Jane performs the monthly vulnerability assessment for her organization.Matching her actions to the steps in vulnerability management
Identification - Jane found that several employees stored their account passwords in .txt and saved them on the desktop
Take action - Jane asked these employees to delete the .txt files that contain their passwords
Analysis - Jane got access to the .txt files with the passwords and assessed how important those accounts are and how sensitive the information is.
Performing threat intelligence
Network ownership-each IP address and domain on the internet has an owner.This is the organization or person who register it.
Whois- part of the domain tools which show information related to registered domains and ip addresses
Hacking lifecycle
Reconnaissance
To understand the networks ,devices and systems and applications under review
Device reconnaissance
List the hardware manufacturer make and model
Apple -MacBook Pro 13inch mid 2010
List the operating system(include the edition version and OS if available )
-Macintosh operating system mid2010
-macOS high sierra version 13.6.2
List two or three applications used on your device.For each include the version information if available.
Brave browser v1 .47 .171 (Jan 12,2023)
System information version 10.13(915)
Hacking lifecycle
You’ve taken the first step in the hacking lifecycle by capturing device,operating system and application information.Your answers may vary based on the device you use and applications selected …
Break it (“we learn how things can break by understanding or weaknesses “)
Which stage of the hacking lifecycle tries to understand system or application vulnerabilities
When ethical hackers see a problem,they keep it secret to protect the owner getting exploited
False -the ethical disclosure -when you see something ,say something
You should always have explicit or written permission before you test ,attack or try to break anything that doesn’t belong to you as a part of the hacking process
True …you need a “get jail free” card from the arrest owner to stay out of trouble if something should go wrong when your testing
Which controls fit into the basic controls (implementational group)?
-Hardware and software inventory
- vulnerability management
-controlling the use of administrator accounts
Which controls fit into the basic controls (implementation group)
-Hardware and software inventory
-vulnerability management
-controlling the use of administrator accounts
Which controls fit into the foundational controls (implementation group)
-malware defenses and data protection
Which controls fit into the organizational controls (implementation group)
