SlideShare a Scribd company logo

Lec 2- Hardening and whitelisting of devices

Download as PPTX, PDF
B
BilalMehmood44

This document discusses various cybersecurity threats including malware attacks, social engineering attacks, software supply chain attacks, advanced persistent threats, distributed denial of service attacks, man-in-the-middle attacks, and password attacks. It also covers methods to help mitigate these threats such as systems hardening, whitelisting, and blacklisting. Hardening aims to reduce vulnerabilities while whitelisting allows only approved applications and blacklisting denies known bad actors.

Education
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Lec 2- Hardening and whitelisting of devices
Cyber Security Lec-2
Malware attack Social engineering attacks Software supply chain attacks Advanced persistent threats (APT) Distributed denial of service (DDoS) Man-in-the-middle attack (MiTM) Password attacks Information SecurityThreats
Attacks use many methods to get malware into a user’s device, most often social engineering Users may be asked to take an action, such as clicking a link or opening an attachment Malware may use vulnerabilities in browsers or operating systems to install themselves without the user’s knowledge or consent Malware attack
Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker, or divulging sensitive information. Social engineering attacks include: • Phishing • Spear phishing • Malvertising • Baiting • Vishing • Whaling • Honey trap • Tailgating or piggybacking Social engineering attacks
A cyber-attack against an organization that targets weak links in its trusted software update and supply chain It exploits the trust that organizations have in their third-party vendors, particularly in updates and patching. Types includes: • Compromise of software build tools or dev/test infrastructure • Compromise of devices or accounts owned by privileged third-party vendors • Malicious apps signed with stolen code signing certificates or developer IDs • Malicious code deployed on hardware or firmware components • Malware pre-installed on devices such as cameras, USBs, and mobile phones Software supply chain attacks
Advanced persistent threats When an individual or group gains unauthorized access to a network and remains undiscovered for an extended period of time, attackers may exfiltrate sensitive data, deliberately avoiding detection by the organization’s security staff APTs require sophisticated attackers and involve major efforts, so they are typically launched against nation states, large corporations, or other highly valuable targets
Common indicators of an APT include: • New account creation: Persistent comes from an attacker creating an identity or credential on the network with elevated privileges • Abnormal activity: Legitimate user accounts typically perform in patterns. Abnormal activity on these accounts can indicate an APT is occurring, including noting a stale account which was created then left unused for a time suddenly being active • Backdoor/ Trojan horse malware: Extensive use of this method enables APTs to maintain long-term access • Odd database activity: A sudden increase in database operations with massive amounts of data • Unusual data files: The presence of these files can indicate data has been bundled into files to assist in an exfiltration process Advanced persistent threats
Distributed denial of service (DDoS) Objective of a denial of service (DoS) attack is to overwhelm the resources of a target system and cause it to stop functioning, denying access to its users Distributed denial of service (DDoS) is a variant of DoS in which attackers compromise a large number of computers or other devices, and use them in a coordinated attack against the target system DDoS attacks are often used in combination with other cyberthreats
Methods of DDoS attacks include: • Botnets: Systems under hacker control that have been infected with malware. Attackers use these bots to carry out DDoS attacks. Large botnets can include millions of devices and can launch attacks at devastating scale • Smurf attack: Sends Internet Control Message Protocol (ICMP) echo requests to the victim’s IP address. The ICMP requests are generated from ‘spoofed’ IP addresses. Attackers automate this process and perform it at scale to overwhelm a target system • TCP SYN flood attack: Attacks flood the target system with connection requests. When the target system attempts to complete the connection, the attacker’s device does not respond, forcing the target system to time out. This quickly fills the connection queue, preventing legitimate users from connecting Distributed denial of service (DDoS)
• Smurf Flood – The attacker sends a spoofed ICMP echo request to an incorrectly configured network device (router) – The network device forwards the echo request to all internal hosts (multiplier effect) 11
TCP/IP Syn Sttack
Man-in-the-middle attack(MitM) When users or devices access a remote system over the internet, they assume they are communicating directly with the server of the target system In a MitM attack, attackers break this assumption, placing themselves in between the user and the target server Once the attacker has intercepted communications, they may be able to compromise a user’s credentials, steal sensitive data, and return different responses to the user
Man-in-the-middle attack(MitM) MitM attacks include: • Session hijacking: An attacker hijacks a session between a network server and a client. The attacking computer substitutes its IP address for the IP address of the client. The server believes it is corresponding with the client and continues the session • Replay attack: A cybercriminal eavesdrops on network communication and replays messages at a later time, pretending to be the user. Replay attacks have been largely mitigated by adding timestamps to network communications • IP spoofing: An attacker convinces a system that it is corresponding with a trusted, known entity. The system thus provides the attacker with access. The attacker forges its packet with the IP source address of a trusted host, rather than its own IP address • Eavesdropping attack: Attackers leverage insecure network communication to access information transmitted between the client and server. These attacks are difficult to detect because network transmissions appear to act normally • Bluetooth attacks: Because Bluetooth is often open, there are many attacks, particularly against phones, that drop contact cards and other malware through open and receiving Bluetooth connections
Passwordattacks A hacker can gain access to the password information of an individual by ‘sniffing’ the connection to the network, using social engineering, guessing, or gaining access to a password database An attacker can ‘guess’ a password in a random or systematic way
Passwordattacks Password attacks include: • Brute-force password guessing: An attacker uses software to try many different passwords, in hopes of guessing the correct one. The software can use some logic to trying passwords related to the name of the individual, their job, their family, etc • Dictionary attack: A dictionary of common passwords is used to gain access to the computer and network of the victim. One method is to copy an encrypted file that has the passwords, apply the same encryption to a dictionary of regularly used passwords, and contrast the findings • Pass-the-hash attack: An attacker exploits the authentication protocol in a session and captures a password hash (as opposed to the password characters directly) and then passes it through for authentication and lateral access to other networked systems. In these attack types, the threat actor doesn’t need to decrypt the hash to obtain a plain text password • Hybrid Attack: It is a combination of Dictionary attack and Brute force attack techniques. This attack firstly tries to crack the password using the dictionary attack. If it is unsuccessful in cracking the password, it will use the brute-force attack
Hardening & Whitelisting
Systems hardening Systems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas The goal is to reduce security risk by eliminating potential attack vectors and condensing the system’s attack surface Although the principles of system hardening are universal, specific tools and techniques do vary depending on the type of hardening you are carrying out
Hardening TYPES • Application hardening • Operating system hardening • Server hardening • Endpoint hardening • Database hardening • Network hardening
Common attack surface vulnerabilities • Use of default passwords • Hardcoded passwords and other credentials stored in plain text files • Unpatched software and firmware vulnerabilities • Lack, or deficiency, of privileged access controls • Poorly configured BIOS, firewalls, ports, servers, switches, routers, or other parts of the infrastructure • Unencrypted, or inadequately encrypted, network traffic or data at rest can make it easy for attackers to access data or eavesdrop
Whitelisting is a security measure that allows only pre-approved or trusted applications, processes, or entities to run or access system resources Involves creating a whitelist of approved items and denying everything else Organizations can prevent unauthorized or malicious software from executing on their systems Whitelisting
Types Application Whitelisting: This approach involves allowing only specific applications or executable files to run on a system. Any other unapproved application or file is blocked from executing This helps prevent the execution of malware or unauthorized software Network Whitelisting: In network whitelisting, access to network resources is restricted to specific IP addresses, ports, or protocols. Only approved network traffic is allowed, while all other traffic is blocked This helps protect against unauthorized access and network- based attacks
Note: Both hardening and whitelisting are important security practices that organizations should consider implementing as part of their overall security strategy They help to mitigate risks, protect against known vulnerabilities, and enhance the overall security posture of systems and networks
• Blacklisting Blacklisting is a method of controlling access to data or networks by identifying users or devices that are not allowed. This is usually done by keeping a list of known bad actors or dangerous IP addresses and blocking any traffic from those addresses • Greylisting Greylisting is similar to blacklisting, but it's not as aggressive. Items on a greylist have not yet been confirmed as either safe or harmful. These items are temporarily blocked from your system until it is further analyzed. Once it has been determined safe or not, it moves to either the blacklist or the whitelist
Whitelistingvs blacklisting Whitelisting - Block by default - Trust-centric (allows communication from selected entries) - Risk of blocking wanted traffic - Complex to implement and maintain - Limit access to tools for task completion - Maximize security - Mostly used for managing access to the network as a whole Blacklisting -Allows access by default - Threat centric (blocks communication from selected entries) - Risk of allowing unwanted entries - Simple to implement and maintain - More access to tools for task completion - Minimize administrative efforts - Mostly used for detecting and blocking malwares
Thank you

More Related Content

PPTX
attack vectors by chimwemwe.pptx
JenetSilence
 
PPTX
Network security and cyber law (1).pptx
arpanjakhmola007
 
PPTX
Lecture2-InforSec-Computer and Internet security.pptx
markhorid1
 
PPTX
23 network security threats pkg
Umang Gupta
 
PPTX
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PPTX
Attack on computer
Rabail khan
 
PPTX
types of cyber attack by taufiqurrahman.pptx
taufiq463421
 
attack vectors by chimwemwe.pptx
JenetSilence
 
Network security and cyber law (1).pptx
arpanjakhmola007
 
Lecture2-InforSec-Computer and Internet security.pptx
markhorid1
 
23 network security threats pkg
Umang Gupta
 
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Attack on computer
Rabail khan
 
types of cyber attack by taufiqurrahman.pptx
taufiq463421
 

Similar to Lec 2- Hardening and whitelisting of devices (20)

PPTX
week2-cybersecurityOverview of social engineering attacks.pptx
christianaolusegun22
 
PPTX
Malware attack Social engineering attack
taufiq463421
 
PDF
Introduction to Ethical Hacking pdf file
debmajumder741249
 
PPTX
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
PDF
Cyber security slideshare_oct_2020
Arun Velayudhan
 
PPTX
Cyber Security
parveen837153
 
PPTX
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PPTX
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
PDF
Computer security
Mahesh Singh Madai
 
PPTX
cybersecurity and Cybersecurity aims to protect individuals’ and organization...
meami2010
 
PPTX
Cyber Security
parveen837153
 
PPTX
Tools and methods used in cybercrime
patelripal99
 
PPTX
Wireless Intrusion Techniques
Cadis1
 
PPTX
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
PPT
Cyber Crime and Security Ch 1 .ppt
waleejhaider1
 
PPTX
Network Attacks - (Information Assurance and Security)BS in Information Techn...
SyvilMaeTapinit
 
PPTX
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Mohammed Abdul Lateef
 
PPTX
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
PPTX
Network security and firewalls
Murali Mohan
 
week2-cybersecurityOverview of social engineering attacks.pptx
christianaolusegun22
 
Malware attack Social engineering attack
taufiq463421
 
Introduction to Ethical Hacking pdf file
debmajumder741249
 
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
Cyber security slideshare_oct_2020
Arun Velayudhan
 
Cyber Security
parveen837153
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
Computer security
Mahesh Singh Madai
 
cybersecurity and Cybersecurity aims to protect individuals’ and organization...
meami2010
 
Cyber Security
parveen837153
 
Tools and methods used in cybercrime
patelripal99
 
Wireless Intrusion Techniques
Cadis1
 
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
Cyber Crime and Security Ch 1 .ppt
waleejhaider1
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
SyvilMaeTapinit
 
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Mohammed Abdul Lateef
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
Network security and firewalls
Murali Mohan
 
Ad

Recently uploaded (20)

PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
PDF
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
PPTX
Unit 4 Skeletal System.ppt.pptxopresentatiom
umair817123
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
Introduction to Building Materials
Mrunali Vasava
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
Unit 4 Skeletal System.ppt.pptxopresentatiom
umair817123
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
RMMM.pdf make it easy to upload and study
sajedul2
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
Trump Administration's workforce development strategy
Mebane Rash
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Introduction to Building Materials
Mrunali Vasava
 
Ad

Lec 2- Hardening and whitelisting of devices

  • 3. Malware attack Social engineering attacks Software supply chain attacks Advanced persistent threats (APT) Distributed denial of service (DDoS) Man-in-the-middle attack (MiTM) Password attacks Information SecurityThreats
  • 4. Attacks use many methods to get malware into a user’s device, most often social engineering Users may be asked to take an action, such as clicking a link or opening an attachment Malware may use vulnerabilities in browsers or operating systems to install themselves without the user’s knowledge or consent Malware attack
  • 5. Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker, or divulging sensitive information. Social engineering attacks include: • Phishing • Spear phishing • Malvertising • Baiting • Vishing • Whaling • Honey trap • Tailgating or piggybacking Social engineering attacks
  • 6. A cyber-attack against an organization that targets weak links in its trusted software update and supply chain It exploits the trust that organizations have in their third-party vendors, particularly in updates and patching. Types includes: • Compromise of software build tools or dev/test infrastructure • Compromise of devices or accounts owned by privileged third-party vendors • Malicious apps signed with stolen code signing certificates or developer IDs • Malicious code deployed on hardware or firmware components • Malware pre-installed on devices such as cameras, USBs, and mobile phones Software supply chain attacks
  • 7. Advanced persistent threats When an individual or group gains unauthorized access to a network and remains undiscovered for an extended period of time, attackers may exfiltrate sensitive data, deliberately avoiding detection by the organization’s security staff APTs require sophisticated attackers and involve major efforts, so they are typically launched against nation states, large corporations, or other highly valuable targets
  • 8. Common indicators of an APT include: • New account creation: Persistent comes from an attacker creating an identity or credential on the network with elevated privileges • Abnormal activity: Legitimate user accounts typically perform in patterns. Abnormal activity on these accounts can indicate an APT is occurring, including noting a stale account which was created then left unused for a time suddenly being active • Backdoor/ Trojan horse malware: Extensive use of this method enables APTs to maintain long-term access • Odd database activity: A sudden increase in database operations with massive amounts of data • Unusual data files: The presence of these files can indicate data has been bundled into files to assist in an exfiltration process Advanced persistent threats
  • 9. Distributed denial of service (DDoS) Objective of a denial of service (DoS) attack is to overwhelm the resources of a target system and cause it to stop functioning, denying access to its users Distributed denial of service (DDoS) is a variant of DoS in which attackers compromise a large number of computers or other devices, and use them in a coordinated attack against the target system DDoS attacks are often used in combination with other cyberthreats
  • 10. Methods of DDoS attacks include: • Botnets: Systems under hacker control that have been infected with malware. Attackers use these bots to carry out DDoS attacks. Large botnets can include millions of devices and can launch attacks at devastating scale • Smurf attack: Sends Internet Control Message Protocol (ICMP) echo requests to the victim’s IP address. The ICMP requests are generated from ‘spoofed’ IP addresses. Attackers automate this process and perform it at scale to overwhelm a target system • TCP SYN flood attack: Attacks flood the target system with connection requests. When the target system attempts to complete the connection, the attacker’s device does not respond, forcing the target system to time out. This quickly fills the connection queue, preventing legitimate users from connecting Distributed denial of service (DDoS)
  • 11. • Smurf Flood – The attacker sends a spoofed ICMP echo request to an incorrectly configured network device (router) – The network device forwards the echo request to all internal hosts (multiplier effect) 11
  • 13. Man-in-the-middle attack(MitM) When users or devices access a remote system over the internet, they assume they are communicating directly with the server of the target system In a MitM attack, attackers break this assumption, placing themselves in between the user and the target server Once the attacker has intercepted communications, they may be able to compromise a user’s credentials, steal sensitive data, and return different responses to the user
  • 14. Man-in-the-middle attack(MitM) MitM attacks include: • Session hijacking: An attacker hijacks a session between a network server and a client. The attacking computer substitutes its IP address for the IP address of the client. The server believes it is corresponding with the client and continues the session • Replay attack: A cybercriminal eavesdrops on network communication and replays messages at a later time, pretending to be the user. Replay attacks have been largely mitigated by adding timestamps to network communications • IP spoofing: An attacker convinces a system that it is corresponding with a trusted, known entity. The system thus provides the attacker with access. The attacker forges its packet with the IP source address of a trusted host, rather than its own IP address • Eavesdropping attack: Attackers leverage insecure network communication to access information transmitted between the client and server. These attacks are difficult to detect because network transmissions appear to act normally • Bluetooth attacks: Because Bluetooth is often open, there are many attacks, particularly against phones, that drop contact cards and other malware through open and receiving Bluetooth connections
  • 15. Passwordattacks A hacker can gain access to the password information of an individual by ‘sniffing’ the connection to the network, using social engineering, guessing, or gaining access to a password database An attacker can ‘guess’ a password in a random or systematic way
  • 16. Passwordattacks Password attacks include: • Brute-force password guessing: An attacker uses software to try many different passwords, in hopes of guessing the correct one. The software can use some logic to trying passwords related to the name of the individual, their job, their family, etc • Dictionary attack: A dictionary of common passwords is used to gain access to the computer and network of the victim. One method is to copy an encrypted file that has the passwords, apply the same encryption to a dictionary of regularly used passwords, and contrast the findings • Pass-the-hash attack: An attacker exploits the authentication protocol in a session and captures a password hash (as opposed to the password characters directly) and then passes it through for authentication and lateral access to other networked systems. In these attack types, the threat actor doesn’t need to decrypt the hash to obtain a plain text password • Hybrid Attack: It is a combination of Dictionary attack and Brute force attack techniques. This attack firstly tries to crack the password using the dictionary attack. If it is unsuccessful in cracking the password, it will use the brute-force attack
  • 18. Systems hardening Systems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas The goal is to reduce security risk by eliminating potential attack vectors and condensing the system’s attack surface Although the principles of system hardening are universal, specific tools and techniques do vary depending on the type of hardening you are carrying out
  • 19. Hardening TYPES • Application hardening • Operating system hardening • Server hardening • Endpoint hardening • Database hardening • Network hardening
  • 20. Common attack surface vulnerabilities • Use of default passwords • Hardcoded passwords and other credentials stored in plain text files • Unpatched software and firmware vulnerabilities • Lack, or deficiency, of privileged access controls • Poorly configured BIOS, firewalls, ports, servers, switches, routers, or other parts of the infrastructure • Unencrypted, or inadequately encrypted, network traffic or data at rest can make it easy for attackers to access data or eavesdrop
  • 21. Whitelisting is a security measure that allows only pre-approved or trusted applications, processes, or entities to run or access system resources Involves creating a whitelist of approved items and denying everything else Organizations can prevent unauthorized or malicious software from executing on their systems Whitelisting
  • 22. Types Application Whitelisting: This approach involves allowing only specific applications or executable files to run on a system. Any other unapproved application or file is blocked from executing This helps prevent the execution of malware or unauthorized software Network Whitelisting: In network whitelisting, access to network resources is restricted to specific IP addresses, ports, or protocols. Only approved network traffic is allowed, while all other traffic is blocked This helps protect against unauthorized access and network- based attacks
  • 23. Note: Both hardening and whitelisting are important security practices that organizations should consider implementing as part of their overall security strategy They help to mitigate risks, protect against known vulnerabilities, and enhance the overall security posture of systems and networks
  • 24. • Blacklisting Blacklisting is a method of controlling access to data or networks by identifying users or devices that are not allowed. This is usually done by keeping a list of known bad actors or dangerous IP addresses and blocking any traffic from those addresses • Greylisting Greylisting is similar to blacklisting, but it's not as aggressive. Items on a greylist have not yet been confirmed as either safe or harmful. These items are temporarily blocked from your system until it is further analyzed. Once it has been determined safe or not, it moves to either the blacklist or the whitelist
  • 25. Whitelistingvs blacklisting Whitelisting - Block by default - Trust-centric (allows communication from selected entries) - Risk of blocking wanted traffic - Complex to implement and maintain - Limit access to tools for task completion - Maximize security - Mostly used for managing access to the network as a whole Blacklisting -Allows access by default - Threat centric (blocks communication from selected entries) - Risk of allowing unwanted entries - Simple to implement and maintain - More access to tools for task completion - Minimize administrative efforts - Mostly used for detecting and blocking malwares

Editor's Notes

  • #6: Phishing: Attackers send fraudulent correspondence that seems to come from legitimate sources, usually via email. The email may urge the user to perform an important action or click on a link to a malicious website, leading them to hand over sensitive information to the attacker, or expose themselves to malicious downloads. Phishing emails may include an email attachment infected with malware. Spear phishing: A variant of phishing in which attackers specifically target individuals with security privileges or influence, such as system administrators or senior executives Malvertising: Online advertising controlled by hackers, which contains malicious code that infects a user’s computer when they click, or even just view the ad Baiting: Occurs when a threat actor tricks a target into using a malicious device, placing a malware-infected physical device, like a USB, where the target can find it. Once the target inserts the device into their computer, they unintentionally install the malware Vishing: Voice phishing (vishing) attacks use social engineering techniques to get targets to divulge financial or personal information over the phone Whaling: This phishing attack targets high-profile employees (whales), such as the chief executive officer (CEO) or chief financial officer (CFO). The threat actor attempts to trick the target into disclosing confidential information Honey trap: A social engineer assumes a fake identity as an attractive person to interact with a target online. The social engineer fakes an online relationship and gathers sensitive information through this relationship Tailgating or piggybacking: Occurs when a threat actor enters a secured building by following authorized personnel. Typically, the staff with legitimate access assumes the person behind is allowed entrance, holding the door open for them
  • #11: What do you mean by botnet? A botnet [short for bot network] is a network of hijacked computers and devices infected with bot malware and remotely controlled by a hacker Bots Updatable attack programs Botmaster can update the software to change the type of attack the bot can do May sell or lease the botnet to other criminals Botmaster can update the bot to fix bugs Botmaster can control bots via a handler Handlers are an additional layer of compromised hosts that are used to manage large groups of bots
  • #17: A dictionary attack is based on trying all the strings in a pre-arranged listing. Such attacks originally used words found in a dictionary  Pass the hash (PtH) is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network. Unlike other credential theft attacks, a pass the hash attack does not require the attacker to know or crack the password to gain access to the system. Rather, it uses a stored version of the password to initiate a new session