More on this book
Community
Kindle Notes & Highlights
Remember this A supervisory control and data acquisition (SCADA) system has embedded systems that control an industrial control system (ICS), such as one used in a power plant or water treatment facility. Embedded systems are also used for many special purposes, such as medical devices, automotive vehicles, aircraft, and unmanned aerial vehicles (UAVs).
Remember this The primary methods of protecting the confidentiality of data are with encryption and strong access controls. Database column encryption protects individual fields within a database.
Microsoft NTFS includes the Encrypting File System (EFS), available in most Windows operating systems.
Remember this File- and folder-level protection protects individual files. Full disk encryption protects entire disks, including USB flash drives and drives on mobile devices. The chmod command changes permissions on Linux systems.
Organizations often use data loss prevention (DLP) techniques and technologies to prevent data loss.
Removable media refers to any storage system that you can attach to a computer and easily copy data. It primarily refers to USB hard drives and USB flash drives, but many personal music devices, such as MP3 players, use the same type of flash drive memory as a USB flash drive.
Data exfiltration is the unauthorized transfer of data outside an organization and is a significant concern.
Remember this Data exfiltration is the unauthorized transfer of data out of a network. Data loss prevention (DLP) techniques and technologies can block the use of USB devices to prevent data loss and monitor outgoing email traffic for unauthorized data transfers. A cloud- based DLP can enforce security policies for data stored in the cloud, such as ensuring that Personally Identifiable Information (PII) is encrypted.
A.
D.
C.
B.
C.
C.
C.
D.
C.
C.
A.
D.
A.
C.
D.
One common method that attackers often use before launching an attack is to gather information from open-source intelligence.
A script kiddie is an attacker who uses existing computer scripts or code to launch attacks. Script kiddies typically have very little expertise or sophistication, and very little funding.
A hacktivist launches attacks as part of an activist movement or to further a cause.
An insider is anyone who has legitimate access to an organization’s internal resources.
Remember this A script kiddie is an attacker who uses existing computer scripts or code to launch attacks. Script kiddies typically have very little expertise, sophistication, and funding. A hacktivist launches attacks as part of an activist movement or to further a cause. An insider is anyone who has legitimate access to an organization’s internal resources, such as an employee of a company.
Some attackers are organized and sponsored by a nation-state or government. An advanced persistent threat (APT) is a targeted attack against a network.
Remember this Organized crime elements are typically motivated by greed and money but often use sophisticated techniques. Advanced persistent threats (APTs) are sponsored by governments and they launch sophisticated, targeted attacks.
detail. Two generic types of attacks are denial-of-service (DoS) attacks and distributed denial- of-service (DDoS) attacks.
These requests overload the resources (such as the processor and memory) and lead to resource exhaustion.
Remember this A denial-of-service (DoS) attack is an attack from a single source that attempts to disrupt the services provided by another system. A distributed denial-of-service (DDoS) attack includes multiple computers attacking a single target. DDoS attacks typically include sustained, abnormally high network traffic.
A virus is malicious code that attaches itself to a host application.
A worm is self-replicating malware that travels throughout a network without the assistance of a host application or user interaction.
Remember this Malware includes a wide variety of malicious code, including viruses, worms, Trojans, ransomware, and more. A virus is malicious code that attaches itself to an application and runs when the application is started. A worm is self-replicating and doesn’t need user interaction to run.
A logic bomb is a string of code embedded into an application or script that will execute in response to an event.
Remember this A logic bomb executes in response to an event, such as when a specific application is executed or a specific time arrives.
A backdoor provides another way of accessing a system, similar to how a backdoor in a house provides another method of entry.
Remember this A backdoor provides another way to access a system. Many types of malware create backdoors, allowing attackers to access systems from remote locations. Employees have also created backdoors in applications and systems.
A Trojan, also called a Trojan horse, looks like something beneficial, but it’s actually something malicious.
Remember this A Trojan appears to be something useful but includes a malicious component, such as installing a backdoor on a user’s system. Many Trojans are delivered via drive-by downloads. They can also infect systems from fake antivirus software, pirated software, games, or infected USB drives.
Remember this Ransomware is a type of malware that takes control of a user’s system or data. Criminals then attempt to extort payment from the victim. Ransomware often includes threats of damaging a user’s system or data if the victim does not pay the ransom. Ransomware that encrypts the user’s data is sometimes called crypto-malware.
A keylogger attempts to capture a user’s keystrokes.
Spyware is software installed on users’ systems without their awareness or consent. Its purpose is often to monitor the user’s computer and the user’s activity.
Remember this Keyloggers capture a user’s keystrokes and store them in a file. This file can be automatically sent to an attacker or manually retrieved depending on the keylogger. Spyware monitors a user’s computer and often includes a keylogger.
A rootkit is a group of programs (or, in rare instances, a single program) that hides the fact that the system has been infected or compromised by malicious code.
Remember this Rootkits have system-level or kernel access and can modify system files and system access. Rootkits hide their running processes to avoid detection with hooking techniques. Tools that can inspect RAM can discover these hidden hooked processes.
Social engineering is the practice of using social tactics to gain information.
Remember this Social engineering uses social tactics to trick users into giving up information or performing actions they wouldn’t normally take. Social engineering attacks can occur in person, over the phone, while surfing the Internet, and via email.
