Difference Between Threat- Vulnerability – Attacks?
A threat is something capable of destroying or stealing data and disrupting operations or causing general harm example- phishing, breach of data, malware etc.Effective mitigation and informed decisions could be taken only if we understand these threats. Threat intelligence provides required information regarding these threats.Vulnerability denotes a flaw in the software, procedure, or hardware which can be used by the threat actors to achieve their objectives. Physical vulnerabilities include Public exposure to network equipment, vulnerabilities of software, and human vulnerabilities. Identifying, reporting, and repairing the vulnerabilities are a part of the process of vulnerability management. No remedy has yet been arranged for a zero-day vulnerability.Risk is formed with the combination of the possibility of a threat and the consequence of vulnerability.
Define VPN
VPN stands for the virtual private network. You get the facility to establish an encrypted connection to connect your computer to a private network without displaying your IP address. You can share data safely and use the web services with a secure online identity.
What is a Firewall and how can it be implemented?
A firewall is a security system used to control and monitor network traffic. It is used for protecting the system/network from malware, viruses, worms, etc., and secures unauthorized access from a private network.
The steps required to set up and configure the firewall are listed below:
Change the default password for a firewall device.
Disable the remote administration feature.
Configure port forwarding for specific applications to function correctly, such as an FTP server or a web server.
Firewall installation on a network with an existing DHCP server can cause errors unless its firewall’s DHCP is disabled.
Make sure the firewall is configured to robust security policies.
Explain SSLEncryption
SSL (Secure Socket Layer) allows for safe and private communications between two computers or other devices over the internet. It was originally created to let participants double-check who they were communicating with, allowing them to verify that the other party was indeed who they said they were before proceeding with the conversation.
The real value of SSL that most people are familiar with is when it is used with HTTPS on port 443. This is seen one of the most secure ways of traversing the internet, as it allows your communications to be encrypted and made inaccessible to other parties.
What does ARP (Address Resolution Protocol) do?
ARP -Address Resolution Protocol is a protocol for mapping IP network addresses to physical addresses, such as Ethernet addresses. ARP is significant since today's most prevalent level of internet protocol (IP) is 32 bits long and MAC addresses are 48 bits long.
What is meant by Chain of Custody?
The chance of data being supplied as it was initially acquired and not being modified before being admitted into evidence is referred to as chain of custody.In legal words, it's a chronological documentation/paper trail that documents the right sequence of electronic or physical evidence custody, control, analysis, and disposition.
Give some examples of Packet Sniffing Tools
The following are some packet sniffing tools.Tcpdump Kismet Wireshark NetworkMiner Dsniff
Can you explain ARP and its functionality
The ARP also known as Address Resolution Protocol, is a mechanism that maps an Internet Protocol address to a physical machine address to a local network. When an incoming packet from a specific local area network's host machine arrives at a gateway, it tells the ARP program to hunt for a physical host or MAC address that matches the IP address. The ARP software looks for the address in the ARP cache and returns it if it is found, so the packet can be changed to the proper length and format before being sent to the machine. Whether no record for the IP address is found, ARP sends a request packet to all the machines on the LAN in a specific format to see if any of them are aware that they have that IP address.
What is meant by Botnet?
Collection of devices ex- servers, PCs, mobile phones connected by internet which are infected with malware and are in their control are termed as Botnet. It helps steal data, send spam attacks such as the launch of distributed denial of service (DDoS) attacks and the user gets access to the device and its connection.
How can you differentiate between Vulnerability Assessment and PenetrationTesting
Vulnerability assessment and penetration testing are the methods used to serve the purpose of security of the network environment. In the process of vulnerability assessment, the vulnerabilities are defined, detected and prioritized and the organizations are provided with the necessary information to correct the flaws. Penetration Testing is also termed ethical hacking or pen-testing. It identifies vulnerabilities in a network, in any system, in an application or in any other system which prevents attackers and save them from exploitation. Generally, it supplements a web application firewall about web application security (WAF).
What is Null Session?
A null session denotes when a user is not able to get access due to a wrong user name or password. It provides security to the apps as it does not give access to users not having access to it.
What is Brute Force in the context of cyber security?
Brute force stands for a cryptographic assault that guessed the potential combinations through a trial and error approach which gives you a proper result after all the searches. Cybercriminals are fond of this exploit through which they get access to passwords, login details, keys and Pins. The hackers can implement it very easily without much trouble.
What is Phishing?
Phishing is now treated as a cyber-crime where the senders bear a legitimate identity ( ex- PayPal, eBay, friends or co-workers)they target you with an e-mail or phone call or a text message and convince you to click on the link. This artificial link carries you to a fake website and you provide your personal information there thinking it to be an original website. This way they get access to your accounts.
What is two factor authentication?
Two step verification' is a method in which the users use two independent authentication factors to validate their identity. This is helpful in protecting the user’s credentials and the resources accessible to the user. A user gives only one authentication (a password or a passcode) in Single factor authentication (SFA) which provides lower level of security when compared to the Two Factor Verification (TFA). The TFA adds an additional layer to the authentication process and the attacker is not able to do anything even if he is aware of the password of the device or online accounts.
What is the difference between VPN and VLAN?
VLAN’s are used to consolidate the dispersed remote sites into a single broadcast domain? On the other hand VPN’s transmit secure data between the same organization or different companies. It is also used by individuals to full fill their needs. A VLAN is a subtype of VPN (Virtual private network) which creates a virtual tunnel to secure data transfer over the internet.It is more advanced in features due to encryption and anonymization due to which it is a bit more expensive. It segments a network, network into logical sections for easier management but does not have the security characteristics of a VPN.A virtual local area network reduces the requirement of numerous routers and the cost of their deployment. IT focuses on the improvement of the overall efficiency of the network.
What is the difference between IDS and IPS?
An intrusion detection system (IDS) keeps an eye on the traffic signal and alerts when the attackers make attempts to infiltrate the network or try to steal data using a ‘cyber threat’. IDS maintains vigil for security policy violations, malware, and port scanners. It compares the current network to the threat database which occurred to its knowledge.IPS on the other hand find their place between the outside world and the internal network as a firewall. If it encounters a security hazard, IPS prohibits a known security hazard based on a security profileAn IDS is denoted as a monitoring system, on the other hand, an IPS is denoted as a control system. IDS keeps the network packets unchanged but IPS block the delivery of the packet depending on the contents of the packet. This process is similar to blocking the firewall blocks based on IP address.
What is CIA Triad?
CIA (confidentiality, integrity, and availability) triad is a model designed to handle policies for information security within an organization.
Confidentiality - A collection of rules that limits access to information.
Integrity - It assures the information is trustworthy and reliable.
Availability - It provides reliable access to data for authorized people.
What are HTTP response codes?
HTTP response codes display whether a particular HTTP request has been completed.
1xx (Informational) - The request has been received, and the process is continuing.
2xx (Success) - The request was successfully received and accepted.
3xx (Redirection) - Further action must be taken to complete it.
4xx (Client Error) - Request cannot be fulfilled or has incorrect syntax.
5xx (Server Error) - The server fails to fulfill the request.
Name some common types of cybersecurity attacks
The following are the most common types of cybersecurity attacks:
Malware
SQL Injection Attack
Cross-Site Scripting (XSS)
Denial-of-Service (DoS)
Man-in-the-Middle Attacks
Credential Reuse
Phishing
Session Hijacking
What is the use of Traceroute?
A Traceroute is a network diagnostic tool, used for tracking the pathway of an IP network from source to destination. It records the period of each hop the packet makes while its route to its destination.
Why do you need DNS Monitoring?
DNS (Domain Name System) is a service that is used for converting user-friendly domain names into a computer-friendly IP address. It allows websites under a particular domain name that is easy to remember.
DNS monitoring is nothing but monitoring DNS records to ensure does it route traffic properly to your website, electronic communication, services, and more.
What are some common methods of authentication for network security?
Biometrics - It is a known and registered physical attribute of a user specifically used for verifying their identity.
Token - A token is used for accessing systems. It makes it more difficult for hackers to access accounts as they have long credentials.
Transaction Authentication - A one-time pin or password is used in processing online transactions through which they verify their identity.
Multi-Factor Authentication - It’s a security system that needs more than one method of authentication.
Out-of-Band Authentication - This authentication needs two different signals from two different channels or networks. It prevents most of the attacks from hacking and identity thefts in online banking.
Which is more secure? SSL or HTTPS?
SSL (Secure Sockets Layer) is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security.
HTTPS (Hypertext Transfer Protocol Secure) is a combination of HTTP and SSL to provide a safer browsing experience with encryption.
In terms of security, SSL is more secure than HTTPS.
What is the difference between Red Team and Blue Team?
The red team and blue team refer to cyberwarfare. Many organizations split the security team into two groups as red team and blue team.
The red team refers to an attacker who exploits weaknesses in an organization's security.
The blue team refers to a defender who identifies and patches vulnerabilities into successful breaches.
What is a cybersecurity risk assessment?
A cybersecurity risk assessment refers to detecting the information assets that are prone to cyber-attacks(including customer data, hardware, laptop, etc.) and also evaluates various risks that could affect those assets.
It is mostly performed to identify, evaluate, and prioritize risks across organizations.
The best way to perform cybersecurity risk assessment is to detect:
Relevant threats in your organization
Internal and external vulnerabilities
Evaluate vulnerabilities impact if they are exploited
What are the seven layers of OSI Model?
The main objective of the OSI model is to process the communication between two endpoints in a network.
The seven open systems interconnection layers are listed below:
Application layer (layer 7) - It allows users to communicate with network/application whenever required to perform network-related operations.
Presentation layer (layer 6) - It manages encryption and decryption of data required for the application layer. It translates or formats data for the application layer based on the syntax of the application that accepts.
Session layer (layer 5) - It determines the period of a system that waits for other applications to respond.
Transport layer (layer 4) - It is used for sending data across a network and also offers error checking practices and data flow controls.
Network layer (layer 3) - It is used to transfer data to and fro through another network.
Data-link layer (layer 2) - It handles the flow of data to and fro in a network. It also controls problems that occur due to bit transmission errors.
Physical layer (layer 1) - It transfers the computer bits from one device to another through the network. It also controls how physical connections are set up to the network and also bits represented into signals while transmitting either optically, electrically, or radio waves.
How do you reset or remove as BIOS password?
There are many ways to reset or remove the BIOS password:
By removing the CMOS battery
By using software
By using the MS-DOS command
By using motherboard jumper
By using Backdoor BIOS password
What are some indicators of IOC (indicator of compromise) that organizations should monitor?
The key indicators of compromise that organizations should monitor are listed below:
Unusual Outbound Network Traffic
HTML Response Sizes
Geographical Irregularities
Increases in Database Read Volume
Log-In Red Flags
Unexpected Patching of Systems
Large Numbers of Requests for the Same File
Web Traffic with Unhuman Behavior
Suspicious Registry or System File Changes
Unusual DNS Requests
Mobile Device Profile Changes
Bundles of Data in the Wrong Place
Mismatched Port-Application Traffic
Signs of DDoS Activity
Anomalies in Privileged User Account Activity
What is the difference between information protection and. information assurance?
Information protection: It protects the data using encryption, security software, etc., from unauthorized access.
Information Assurance: It keeps the data reliable by ensuring availability, authentication, confidentiality, etc.
What is cyber security?
Cybersecurity refers to the protection of hardware, software, and data from attackers. The primary purpose of cyber security is to protect against
cyberattacks like accessing, changing, or destroying sensitive information.
What are black hat hackers?
Black hat hackers are people who have a good knowledge of breaching network security. These hackers can generate malware for personal financial
gain or other malicious reasons. They break into a secure network to modify, steal, or destroy data so that the network can not be used by authorized
network users.
what is. a remote desktop protocal?
Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect two devices over a network.
The user uses RDP client software to serve this purpose while other device must run RDP server software. This protocol is specifically designed for
remote management and to access virtual PCs, applications, and terminal server.
Explain steps to secure a web server
Follow the following steps to secure your web server:
Update ownership of file.
Keep your webserver updated.
Disable extra modules in the webserver.
Delete default scripts.
What is a worm?
A Worm is a type of malware which replicates from one computer to another.
What is distributed denial of service attack? (DDoS)
It is an attack in which multiple computers attack website, server, or any network resource.
Name some common encryption tools
Tools available for encryptions are as follows:
RSA
Twofish
AES
Triple DES
Name some common encryption tools
Tools available for encryptions are as follows:
RSA
Twofish
AES
Triple DES
Name some common encryption tools
Tools available for encryptions are as follows:
RSA
Twofish
AES
Triple DES
What is security auditing?
Security auditing is an internal inspection of applications and operating systems for security flaws. An audit can also be done via line by line
inspection of code.
define security testing
Security Testing is defined as a type of Software Testing that ensures software systems and applications are free from any vulnerabilities, threats,
risks that may cause a big loss.
What is an access token?
An access token is a credential which is used by the system to check whether the API should be granted to a particular object or not.
What is an access token?
An access token is a credential which is used by the system to check whether the API should be granted to a particular object or not.
What is NMap?
Nmap is a tool which is used for finding networks and in security auditing.
What is NMap?
Nmap is a tool which is used for finding networks and in security auditing.