Engineering
Tell us about some controls that are commonly used to secure a company.
Check some vocab knowledge:
asset - what you are trying to protect
threat - something that can affect the CIA triad
vulnerability - a weakness or flaw in a security program that, if exploited, threatens CIA triad
risk - a potential for damage to the CIA triad as a result of a threat
exploit - program/code designed to take advantage of a vulnerability
Severity = Asset Priority * Threat Impact
Risk = Probability * Severity
How does Anti-Malware work?
Describe Dynamic Analysis vs. Static.
What is the CIA Triad? Explain.
Confidentiality | Integrity | Availability
What is AAA? Explain.
Authentication | Authorization | Accounting
Controlls
Tell us about some controls that are commonly used to secure a company.
Firewall|Anti-Virus|EDR|NDR|Proxy|ESG|IDS/IPS|secret managers|SIEM|App Whitelisting|Script Control|UBA/UEBA|CASB|Vulnerability Scanners|MFA/2FA|SOAR|etc
What is the difference been a SIEM and IDS, and IPS?
SIEM - combines security information management and security event management - collects and aggregates events for alerting, analysis/investigation
NIDS - event generation - uses signatures, pattern matching, reputation scoring, or anomaly detection to generate security events in network traffic
HIDS - event generation - uses signatures, pattern matching, reputation scoring, or anomaly detection to generate security events on a host
What is EDR?
Endpoint Detection and Response (aka endpoint threat detection and response) - endpoint security solution that logs and monitors devices to detect and investigate cyber intrusions
What are some common ways the Cyber Industry uses machine learning?
open-ended
What are some XXS Countermeasures
Encoding the output
Applying filters at the point where input is received
Using appropriate response headers
Enabling content security policy
Escaping untrusted characters
Network
What are the OSI layers?
App
Presentation
Session
Transport
Network
Data Link
Physical
What’s the difference between TCP and UDP?
TCP - creates sessions, slower but reliable (unicast)
UDP - fast but not guaranteed, shout (unicast, multicast, broadcast)
What steps are involved in TCP handshake setup?
SYN
SYN-ACK
ACK
Congrats. You're established.
What are the TCP header flags?
Do you know what they do?
SYN
URG
ACK
PSH
RST
FIN
What is the difference between droping traffic and denying / rejecting traffic on a firewall?
deny - will send an ICMP type 3 (destination unreachable) response
drop - no notification of denial / silently stops traffic
What is the difference between IDS and IPS?
IDS - detects security events
IPS - has the capability to block security events
How would you defend our network from that IP if there was an attack from a specific IP address? What about if those attacks were comming from a whole network?
Block the IP addresses
CIDR / ASN
What is SNMP?
At what layer does this protocol exist network.
Simple Network Management Protocol is the standard/protocol for obtaining and organizing information about managed devices.
What is MAC Spoofing?
MAC addresses are written by hardware manufacturers; however, users can "mask" it on the software side so that the device appears to have a different MAC address.
What is ARP? Describe ARP poisoning/flooding?
Address Resolution Protocol maps IPs to MAC addresses for a LAN. ARP poisoning is where an attacker sends a "spoofed" ARP message on a LAN to associate the attacker's MAC address with the IP of another host.
Cryptographic
What is SSL and how does it work?
Wraps TCP session in the encrypted tunnel to secure data in packets.
What’s the difference between encoding, encrypting, and hashing? What is each used for?
encoding - (AVAILABILITY) reversible transformation of data format to preserve data usability
encrypting - (CONFIDENTIALITY) secure encoding of data to allow only authorized access to decrypt to reveal the original text
hashing - (INTEGRITY) one way unique(ish) summary of data used for integrity
How does encryption work? (Symmetric and Asymmetric)
Symmetric - private key used to encrypt and decrypt
Asymmetric - a public key is used to encrypt, and a separate private key is used to decrypt
What is a salted hash and what does it protect against?
A salt is random data that is applied to a hashed password stored in the password database to protect against known hash attacks.
Open-Ended Questions:
Can you list five common TCP ports and their protocols?
Choose either XSRF, XXS, Phishing, or SQL Injection attack. Describe two attacks and how to detect and prevent them.
What are some steps you would take to secure a server?
What do you know about application security?