One Pager Cheat Sheet

• Common network protocols include TCP/IP used for connection oriented communication, UDP used for connectionless communication, HTTP for web traffic, and FTP for file transfers.
• A firewall is a network security system that monitors and controls network traffic based on security rules, acting as a barrier between internal trusted networks and external untrusted networks, and works to filter traffic and block malicious attacks and intrusions.
• Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a pair of public and private keys.
• A man-in-the-middle attack involves intercepting communications between two entities, and prevention typically involves using SSL/TLS certificates from trusted sources.
• A denial of service attack aims to render a resource inaccessible by overloading it or exploiting vulnerabilities, with common types such as buffer overflow, ping flood, and SYN flood attacks.
• Ransomware operates by encrypting a system's files and demanding a ransom for their decryption, often spreading via phishing emails or malicious website downloads.
• Social engineering is the manipulation of individuals to reveal confidential information, using tactics such as phishing, pretexting, baiting, quid pro quo, and tailgating.
• The purpose of a vulnerability assessment is to scan networks and applications for security weaknesses, helping organizations to identify and prioritize vulnerabilities for remediation.
• The Advanced Encryption Standard (AES) encrypts data in 128-bit blocks using symmetric keys, employing multiple rounds of data transformations to convert plaintext into ciphertext.
• A firewall monitors and controls traffic based on predefined security rules, effectively preventing unauthorized access and potential threats from malware.
• Multifactor authentication (MFA) is important because it enhances security by requiring multiple verification methods, thus reducing the utility of stolen credentials.
• The CIA triad in cybersecurity stands for Confidentiality, Integrity, and Availability, representing the three pillars that guard against unauthorized access, modification, and service disruptions.
• Risk management is vital in cybersecurity as it involves the recognition, assessment, and mitigation of cyber risks, ensuring efficient defense against threats and optimized resource allocation.
• A DDoS attack works by overburdening systems with excessive traffic from multiple sources, often utilizing botnets to intensify the impact.
• Encryption transforms data into an unreadable format to ensure data confidentiality using popular algorithms like AES, Blowfish, RSA, and SHA.
• Multi-factor authentication (MFA) is important as it requires multiple credentials during login, providing a stronger defense by making stolen credentials less valuable to attackers.
• A honeypot in cybersecurity is a decoy system designed to attract cyber attackers, divert their attention away from real assets, and provide insights into their tactics, techniques, and procedures.
• Firewalls ensure network security by regulating traffic between networks based on security rules, blocking unauthorized access and malware to allow only legitimate communication.
• A DDoS attack overwhelms systems by flooding them with traffic from many sources, often leveraging botnets of compromised devices to magnify the assault, with defenses including upstream filtering and anti-DDoS services.
• Penetration testing is a proactive measure where security experts emulate cyberattacks to assess an organization's defenses and identify vulnerabilities before they're exploited by malicious actors.
• A honeypot in cybersecurity is a decoy system used to attract, monitor cyber attacks, and improve defenses by gaining insights into the attackers' tactics, techniques, and procedures (TTPs).
• To mitigate ransomware threats, it's crucial to train users, keep systems up-to-date, secure backups, use anti-malware software, and restrict file execution.
• You should use a virtual private network (VPN) to conceal your internet traffic and location—particularly when on public Wi-Fi or transmitting sensitive data—to protect against eavesdropping.
• SSL/TLS combats man-in-the-middle attacks by mandating trusted certificates for establishing encrypted connections, ensuring secure communications between parties.
• Firewalls control traffic between internal and external networks, preventing unauthorized access and malware while allowing legitimate communication.
• IP spoofing is a technique used by cyber attackers to disguise the actual source IP of network packets, enabling DDoS attacks, firewall evasion, and concealment of identity.
• A zero-day exploit targets unknown vulnerabilities, posing a danger due to the possibility of widespread exploitation before patches are available, thus making swift responses crucial.
• IPsec is a protocol that ensures secure networking by providing encryption, integrity, and authentication at the IP packet level, commonly used in VPNs and for safeguarding internet communications.
• The principle of least privilege is crucial as it minimizes potential damage from errors or malicious actions by granting users only the permissions they need.
• A virus is a specific type of malware that reproduces itself by infecting host files or disks, while malware refers to all malicious software types, including viruses, worms, ransomware, and Trojans.
• Infrastructure as code (IaC) uses code and automation tools for consistent, reproducible infrastructure management and centralized security measures.
• The zero trust model in cybersecurity operates on the assumption that breaches are inevitable, thus it verifies all connections, employs strict access controls, isolation techniques, and encryption to prevent unauthorized movement within systems.
• A web application firewall (WAF) is a tool that monitors and filters web traffic according to specific rules, providing protection against threats like cross-site scripting (XSS), SQL injection, and DDoS attacks.
• OAuth enhances security by delegating authentication to trusted third parties, eliminating the need to store user credentials at multiple sites, and provides better encryption and limited access scopes compared to password-based models.
• A password spray attack involves attackers trying common passwords across multiple accounts, and countermeasures include enforcing strong, unique passwords, using multi-factor authentication, and monitoring repeated login failures.
• Cross-site scripting (XSS) is a security risk that injects malicious scripts into web applications, which can be mitigated through measures like input validation, data escaping, and using CORS headers.
• A brute force attack involves trying all possible password combinations to gain unauthorized access, which can be deterred by using complex passwords, implementing account lockouts, and employing multi-factor authentication.
• Role-based access control (RBAC) bolsters security by limiting system access to necessary privileges, thereby reducing risk.
• A botnet is a network of compromised devices controlled by a remote attacker, often used for large-scale, coordinated attacks like distributed denial of service (DDoS) attacks.
• IPv4 uses 32-bit addresses while IPv6 uses 128-bit addresses, thus providing a significantly larger addressing capacity.
• Two-factor authentication increases security by necessitating a second verification method like a one-time passcode, rendering stolen passwords less useful to attackers.
• Personally identifiable information (PII) is data that can identify an individual, like names or social security numbers, and its protection is paramount to prevent identity theft and other fraudulent activities.
• A logic bomb is a malicious code that activates under specific conditions, which could be maliciously used to delete files when a certain employee's status changes.
• A vulnerability disclosure program allows ethical hackers to report security flaws they find, benefiting both the organization and these hackers, and enhancing overall cybersecurity.
• Software-defined networking (SDN) enhances network security by using software to manage and configure network infrastructure dynamically, improving threat monitoring and allowing for swift configuration changes in response to threats.
• Session hijacking involves gaining unauthorized access to a system by taking over an existing user session, and preventive measures can include requiring re-authentication for sensitive actions.
• Data loss prevention (DLP) solutions monitor and control data transfers to prevent unauthorized data exposure or breaches, by identifying and protecting sensitive information to ensure it doesn't leave the network without proper authorization.
• A Security Information and Event Management (SIEM) system collects and analyzes log data from an organization's infrastructure to detect security incidents, monitor potential threats, and facilitate a rapid response to security breaches.
• Salting a hash enhances security by adding random data to a password prior to hashing it, ensuring varying hashes for identical passwords and thereby preventing rainbow table attacks.
• In a buffer overflow attack, an attacker overloads a buffer with excessive data, potentially causing system crashes or enabling the execution of malicious code, but such attacks can be prevented with proper bounds checking and input validation in software development.
• Credential stuffing is the process of using stolen username-password pairs for unauthorized account access, which can be prevented via enforcement of strong password policies, use of multi-factor authentication, and monitoring for repeated failed login attempts.
• A database firewall contributes to security by monitoring and controlling traffic to and from a database based on specific rules, thereby protecting databases against threats like SQL injection and unauthorized access.
• The AAA framework in cybersecurity involves authentication (verifying a user's identity), authorization (determining their system permissions), and accounting (recording their activities).
• DNSSEC enhances the security of the Domain Name System (DNS) by adding cryptographic signatures to DNS data, ensuring data integrity and source authentication to prevent DNS spoofing.
• The objective of a vulnerability scanner in application security is to proactively identify and rectify potential security flaws like SQL injection or cross-site scripting vulnerabilities before they can be exploited.
• The Public Key Infrastructure (PKI) provides a framework for secure digital transactions and communications by establishing trusted digital identities through certificate authorities and key pairs.
• A proxy server enhances privacy and security by acting as an intermediary between users and websites, filtering and monitoring traffic, blocking access to malicious websites, and masking users' IP addresses.
• Data classification is essential for cybersecurity as it categorizes data based on its sensitivity, aiding organizations in applying appropriate security measures proportional to the data's risk level.
• Anomaly detection in cybersecurity is the identification of unusual patterns or behaviors in data or network traffic, which may signify potential threats or cyberattacks.
• Continuous Integration/Continuous Deployment (CI/CD) automates software development, which aids in security practices such as static and dynamic analysis, infrastructure as code, and quick vulnerability patching.
• OAuth enhances secure delegated access by allowing third-party applications to access user data without storing user credentials, instead using tokens to grant time-limited access rights.
• In the context of disaster recovery, the Recovery Point Objective (RPO) signifies the maximum acceptable data loss, and the Recovery Time Objective (RTO) denotes the maximum acceptable downtime.
• Bidirectional encryption uses a common private key for both encryption and decryption, typically used in scenarios like encrypted communications between IoT devices and chat applications.
• Cryptographic hash functions support cybersecurity by producing a fixed-size hash value from variable-length input, crucial for digital signatures, password storage, data integrity checks, and message authentication, thereby ensuring data security and integrity.
• The blue team in cybersecurity is responsible for actively monitoring, detecting, analyzing, and responding to potential cybersecurity threats and incidents within an organization.
• Endpoint Detection and Response (EDR) solutions continuously monitor endpoint devices for potential threats, offering greater visibility and facilitating early threat detection and automated response mechanisms.
• IPsec provides secure networking by offerinng encryption, authentication, and integrity at the IP packet level, typically used in Virtual Private Networks (VPNs) to ensure secure communications over potentially insecure networks.
• A REST API provides web services using JSON over HTTP, and its security risks, including injection and broken authentication, can be mitigated using input validation, proper authentication mechanisms, rate limiting, and regular vulnerability scanning.
• A storage area network (SAN) is a high-speed, dedicated network that provides access to block-level storage, and its centralized nature enhances data security through easier implementation of encryption and access control.
• A password spray attack is a method where common passwords are quickly tried across multiple accounts, and can be defended against through rate limiting, multifactor authentication, and the use of strong unique passwords per user.
• A Public Key Infrastructure (PKI) uses certificate authorities, public/private keys, and digital signatures to establish trusted digital identities and secure connections and documents.
• A proxy is an intermediary for client requests to servers that can filter traffic, block access to malicious sites, and conceal internal IP addresses.