Cybersecurity and Networking Flashcards | Learn Security Protocols and Network Basics
Arrow keys or swipe to navigate cards
Stellar Study Cards offer cybersecurity and networking flashcards to help you master security protocols and network basics efficiently. Study smarter now!
What is cybersecurity? Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks aimed at accessing, changing, or destroying sensitive information.
What is the primary goal of cybersecurity? The primary goal of cybersecurity is to protect the confidentiality, integrity, and availability of information.
What does the acronym 'CIA' stand for in cybersecurity? 'CIA' in cybersecurity stands for Confidentiality, Integrity, and Availability.
What is a firewall? A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.
Define the term 'malware'. Malware, short for malicious software, is any software intentionally designed to cause damage to a computer, server, client, or computer network.
What is phishing? Phishing is a type of cyber attack where attackers disguise themselves as a trustworthy source to steal sensitive information such as usernames, passwords, and credit card details.
What is the purpose of encryption? Encryption is used to protect sensitive information by converting it into a code to prevent unauthorized access.
What is a 'Denial of Service (DoS)' attack? A Denial of Service (DoS) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of traffic.
What is two-factor authentication (2FA)? Two-factor authentication (2FA) is a security process in which the user provides two different authentication factors to verify their identity for enhanced security.
What role does a VPN play in cybersecurity? A Virtual Private Network (VPN) provides privacy, anonymity, and security by creating a private network connection over the public internet.
What is the primary purpose of a router in a network? A router's primary purpose is to forward data packets between computer networks, directing the data along the most efficient routes.
What is a subnet mask, and why is it used in networking? A subnet mask is used to divide an IP address into network and host portions. It determines which part of an IP address belongs to the network and which part belongs to the device.
Describe the difference between TCP and UDP. TCP (Transmission Control Protocol) is a connection-oriented protocol that ensures data is transmitted accurately and in order, while UDP (User Datagram Protocol) is connectionless and does not guarantee delivery or order.
What does DNS stand for, and what is its function in a network? DNS stands for Domain Name System. It translates domain names (like www.example.com) into IP addresses so browsers can load Internet resources.
Explain what an IP address is. An IP address is a unique address assigned to each device connected to a network that uses the Internet Protocol for communication.
What is NAT, and how does it function in a network? NAT (Network Address Translation) is a process where a router or firewall modifies incoming and/or outgoing IP packets as they pass through, translating private addresses to public before sending them over the Internet.
What is the OSI model, and why is it important? The OSI (Open Systems Interconnection) model is a conceptual framework used to understand and implement standard protocols in networking. It divides these processes into seven layers, each with specific functions.
What is a MAC address? A MAC (Media Access Control) address is a hardware identifier that uniquely identifies each device on a network. It is used in the data link layer of the OSI model.
What is the function of a firewall in a network? A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between a trusted and an untrusted network.
Explain the concept of bandwidth in networking. Bandwidth refers to the maximum rate of data transfer across a network path, expressed in bits per second (bps). It determines how much data can be sent and received simultaneously.
What is a VPN, and how is it used? A VPN (Virtual Private Network) is a service that encrypts your Internet traffic and protects your online identity by creating a private network from a public Internet connection.
What is DHCP and why is it important in networking? DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to automate the process of configuring devices on IP networks, allowing them to use network services with dynamic IP addresses.
What are the primary differences between IPv4 and IPv6? IPv4 is a 32-bit address scheme with about 4.3 billion addresses, while IPv6 is a 128-bit address scheme allowing a vastly larger number of unique IP addresses.
Define what a VLAN is and its purpose. A VLAN (Virtual Local Area Network) is a subgroup within a network that combines network devices into one broadcast domain, increasing network security and efficiency by segmenting traffic.
What role does the DNS cache play in networking? The DNS cache stores DNS query results temporarily on a local device, speeding up future requests to the same domain by reducing the need for repeated queries to DNS servers.
What is the main purpose of the HTTPS protocol? HTTPS (HyperText Transfer Protocol Secure) is designed to provide a secure communication channel over a computer network. It primarily ensures the confidentiality and integrity of data between the user's browser and the server.
What is the difference between symmetric and asymmetric encryption? Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a pair of keys: a public key for encryption and a private key for decryption.
Why is the TLS protocol used on the Internet? TLS (Transport Layer Security) is used to secure communications over a network, ensuring the privacy of data by encrypting information and verifying the integrity and authenticity of communications between systems.
What role does the IPsec protocol play in network security? IPsec (Internet Protocol Security) provides secure, encrypted communication over a network by authenticating and encrypting each IP packet in a communication session.
How does a VPN use security protocols to protect data? A VPN (Virtual Private Network) uses security protocols like IPsec or SSL/TLS to create encrypted connections that ensure data sent over public networks remains secure and private.
What is a digital certificate, and why is it used? A digital certificate is an electronic document used to prove the ownership of a public key. It is used in secure communications to authenticate the identity of the certificate holder and facilitate encryption.
Describe the purpose of the SSL protocol. SSL (Secure Sockets Layer) was designed to provide a secure channel over an insecure network, mainly offering data integrity, encryption, and authentication.
What functionality does the WPA protocol provide? WPA (Wi-Fi Protected Access) provides security for wireless networks by encrypting data transmitted over the network, significantly improving upon the older WEP standard.
What is the primary use of the SFTP protocol? SFTP (Secure File Transfer Protocol) is used for securely transferring files over a secure shell (SSH) connection, ensuring data integrity and confidentiality.
How does the SSH protocol enhance security? SSH (Secure Shell) enhances security by providing a secure channel for performing network services over an unsecured network, using encryption to protect the connection and authenticate participants.
What is the function of the Kerberos protocol in a network? Kerberos is a network authentication protocol designed to provide strong authentication using secret-key cryptography, allowing nodes to prove their identity in a secure manner.
Why is MTLS (Mutual TLS) important in secure communications? MTLS (Mutual Transport Layer Security) enhances security by requiring both the client and server to authenticate each other, providing an additional layer of trust and protection against intermediation attacks.
What is the purpose of the PGP protocol? PGP (Pretty Good Privacy) is used to encrypt and decrypt data, providing cryptographic privacy and authentication for email and other forms of digital communication.
How does DNSSEC improve DNS security? DNSSEC (Domain Name System Security Extensions) improves DNS security by providing a way to authenticate responses to DNS queries using digital signatures, thus reducing the risk of DNS spoofing.
What is the role of the OAuth protocol in online security? OAuth is an open standard for access delegation, commonly used to grant websites or applications limited access to users' information without exposing passwords, enhancing security and user privacy.
How does the RADIUS protocol contribute to network security? RADIUS (Remote Authentication Dial-In User Service) contributes to network security by providing central authentication, authorization, and accounting for users who connect and use a network service.
What is Two-Factor Authentication (2FA) and why is it used? Two-Factor Authentication (2FA) enhances security by requiring two different forms of identification before granting access to an account or service, such as a password and a temporary code sent to a phone.
Describe the function of the EAP protocol in networks. EAP (Extensible Authentication Protocol) is a framework used in network access authentication, facilitating the deployment of various authentication methods like certificates, smart cards, and passwords.
What does the term 'end-to-end encryption' mean? End-to-end encryption means data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that intermediaries like network providers cannot access the data.
Why is the DTLS protocol significant? DTLS (Datagram Transport Layer Security) is significant because it provides security for datagram-based applications, ensuring the same level of communication security as TLS but for protocols that use UDP instead of TCP.
What is a firewall and what is its primary function in a network? A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's security policies. Its primary function is to establish a barrier between a trusted internal network and untrusted external networks to block malicious traffic like viruses and hackers.
Explain the difference between stateful and stateless firewalls. Stateless firewalls filter packets based solely on predefined rules without considering the state of the connection, while stateful firewalls track the state of active connections and make decisions based on the context and state of the traffic.
What does VPN stand for and what is its main purpose? VPN stands for Virtual Private Network. Its main purpose is to provide a secure and encrypted connection over a less secure network, such as the Internet, allowing users to safely access a private network and share data remotely through public networks.
How does a VPN improve network security? A VPN encrypts your internet traffic and routes it through a server in a location of your choice, masking your IP address and ensuring that your data is secure from eavesdroppers. It provides privacy and security, especially when using public Wi-Fi networks.
What are the differences between personal and enterprise VPNs? Personal VPNs are typically used by individual users to access the internet safely and anonymously. Enterprise VPNs, on the other hand, are designed to provide secure connections for a company's remote employees, allowing them to access the company’s network as if they were physically on-site.
What is the role of a DMZ in a firewall configuration? A DMZ, or Demilitarized Zone, acts as a buffer zone between a public network and an organization’s internal network. It is used to add an additional layer of security to a local area network (LAN); any service accessible by users on the external network can be placed in the DMZ, while the rest of the internal network remains protected.
Describe how packet-filtering firewalls work. Packet-filtering firewalls operate at the network layer and inspect the header information of each packet such as the source and destination IP addresses, protocol, and port numbers. They use rules to determine whether to allow or block the packet based on this information.
What is meant by VPN tunneling? VPN tunneling refers to the process of transmitting data over a public network (like the Internet) using a protocol that encapsulates the data, ensuring it is protected by additional protocols and encryption. This creates a 'tunnel' that keeps data secure as it travels across public networks.
What are the common protocols used by VPNs? Common protocols used by VPNs include PPTP (Point-to-Point Tunneling Protocol), L2TP/IPsec (Layer 2 Tunneling Protocol with IP Security), OpenVPN, and IKEv2/IPsec (Internet Key Exchange Version 2 with IPsec). Each provides different levels of security and performance characteristics.
How does a firewall protect against unauthorized access? A firewall protects against unauthorized access by filtering incoming and outgoing traffic based on an organization's established security policies. It blocks unauthenticated users and potential threats from accessing the internal network and can also limit which internal users have access to certain external resources.
What is the primary purpose of Wi-Fi Protected Access (WPA) in wireless security? The primary purpose of Wi-Fi Protected Access (WPA) is to enhance data protection and access control on wireless networks by providing stronger data encryption and better user authentication compared to WEP.
What does the acronym WEP stand for, and why is it considered insecure? WEP stands for Wired Equivalent Privacy, and it is considered insecure due to several vulnerabilities in its encryption algorithm, which allows attackers to easily crack the encryption and access network traffic.
Describe the main improvement of WPA2 over WPA. The main improvement of WPA2 over WPA is the introduction of the Advanced Encryption Standard (AES) for encryption, which provides much stronger security compared to the TKIP protocol used in WPA.
What is a rogue access point and why is it a threat to wireless security? A rogue access point is an unauthorized wireless access point set up within a secure network. It poses a threat to wireless security as attackers can use it to intercept or manipulate data transmitted over the network.
Explain the concept of MAC address filtering in wireless security. MAC address filtering is a security technique that allows only devices with specific MAC addresses to connect to the wireless network. It provides an additional layer of security by ensuring only recognized devices can access the network.
How does an attacker perform a deauthentication attack on a wireless network? An attacker performs a deauthentication attack by sending forged deauthentication frames to disconnect users from a wireless network, potentially allowing the attacker to capture the reconnection handshake and crack the network encryption.
Define the term 'SSID' in the context of wireless networking. SSID stands for Service Set Identifier, which is the name of a wireless network. It is used to uniquely identify and connect to a specific wireless network.
What is a wireless intrusion prevention system (WIPS)? A wireless intrusion prevention system (WIPS) is a security solution designed to monitor wireless network traffic for suspicious activity and prevent unauthorized access or attacks by automatically taking action, such as disconnecting rogue devices.
What role does RADIUS play in wireless network security? RADIUS (Remote Authentication Dial-In User Service) plays a critical role in wireless network security by providing centralized authentication, authorization, and accounting (AAA) services for users accessing a network, ensuring only authorized users can connect.
Discuss the importance of using a VPN on public Wi-Fi networks. Using a VPN on public Wi-Fi networks is important because it encrypts your internet traffic, protecting your data from eavesdroppers and hackers who might be monitoring the network to steal sensitive information.
What is cryptography? Cryptography is the practice and study of techniques for securing communication and data, aiming to protect information from third parties and unauthorized users.
What is symmetric key cryptography? Symmetric key cryptography uses the same key for both encryption and decryption, requiring both parties to have access to the secret key.
What is asymmetric key cryptography? Asymmetric key cryptography uses a pair of keys, a public key for encryption and a private key for decryption, enabling secure communication without needing to share the private key.
What is the main advantage of asymmetric encryption over symmetric encryption? The main advantage is that asymmetric encryption allows secure communication without the need to share a secret key beforehand, reducing the risk of key compromise.
What is a hash function in cryptography? A hash function is a mathematical algorithm that transforms input data into a fixed-size string of characters, which is a hash value. It is used to ensure data integrity.
What is the purpose of digital signatures? Digital signatures verify the authenticity and integrity of a message or document, ensuring that it was not altered and confirming the sender's identity.
What is a cipher? A cipher is an algorithm for performing encryption or decryption, a series of well-defined steps to convert plaintext to ciphertext and vice versa.
What is a block cipher? A block cipher encrypts data in fixed-size blocks, typically 64 or 128 bits, using a symmetric key for both encryption and decryption.
What is a stream cipher? A stream cipher encrypts data one bit or byte at a time, typically using a symmetric key, and is suited for applications where the amount of data is unknown or continuous.
What is the RSA algorithm? RSA is an asymmetric cryptographic algorithm relying on the computational difficulty of factoring large numbers. It is widely used for secure data transmission.
What role do prime numbers play in cryptography? Prime numbers are fundamental in cryptographic algorithms like RSA, as they are used to generate keys and provide security due to the difficulty of factorization.
What is a public key infrastructure (PKI)? PKI is a framework for managing digital certificates and public-key encryption, ensuring secure electronic transfer of information.
What is the difference between encryption and hashing? Encryption converts plaintext to ciphertext, reversible with a key, while hashing produces a fixed-size string from data, designed to be irreversible.
What is key exchange and why is it important? Key exchange is the process of sharing cryptographic keys between parties securely, crucial for enabling encryption and ensuring confidentiality over insecure channels.
What is quantum cryptography? Quantum cryptography uses principles of quantum mechanics to design stronger encryption systems, primarily focusing on quantum key distribution to ensure security.
What is the primary role of an Intrusion Detection System (IDS)? An IDS monitors network traffic for suspicious activity and alerts administrators about potential security breaches.
How does an Intrusion Prevention System (IPS) differ from an IDS? While an IDS only alerts about possible intrusions, an IPS can take action to prevent the intrusion by blocking or mitigating the threat.
What are the two main types of IDS? The two main types are Network-based IDS (NIDS) and Host-based IDS (HIDS). NIDS monitors network traffic, while HIDS runs on individual devices monitoring their activities.
Define signature-based detection in IDS. Signature-based detection identifies incidents by comparing network traffic to databases of known threat signatures.
What is anomaly-based detection? Anomaly-based detection compares current network activity to a baseline to identify deviations that may indicate a breach.
List one advantage of using anomaly-based detection. It can detect new, previously unknown threats since it does not rely on known signatures.
Name one challenge associated with anomaly-based detection. It often produces a higher rate of false positives because normal network behavior can vary over time.
What is a false positive in the context of IDS? A false positive occurs when an IDS incorrectly identifies benign activity as malicious.
What measures can be taken to reduce false positives in an IDS? Regularly updating the IDS rules, fine-tuning detection algorithms, and employing machine learning models can help reduce false positives.
Explain how IPS can enhance network security posture. An IPS can block known threats in real-time, preventing potential breaches and reducing the risk of damage to the network.
What is the primary goal of incident response in cybersecurity? The primary goal of incident response is to effectively handle security incidents to minimize damage, recover quickly, and prevent future incidents.
List the four phases of the incident response lifecycle. The four phases of the incident response lifecycle are: Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity.
What is the purpose of the preparation phase in incident response? The preparation phase involves ensuring that an organization can respond effectively to incidents by developing policies, procedures, and communication strategies, and by providing proper training to the response team.
Why is containment important during incident handling? Containment is crucial to prevent the lateral movement of threats, minimize impact, and buy time to develop a more detailed eradication and recovery plan.
Describe the difference between static and dynamic containment strategies. Static containment involves isolation of affected systems to prevent further harm, while dynamic containment allows systems to remain operational in a controlled manner while monitoring for changes or further attacks.
What should be included in a post-incident report? A post-incident report should include a summary of the incident, the impact, steps taken during response, lessons learned, and recommendations for improvement to prevent future incidents.
How does a Security Information and Event Management (SIEM) system assist in incident response? A SIEM system collects and analyzes security data from across an organization, providing real-time insights and alerts to help identify and respond to potential security incidents quickly.
What role does communication play in incident response? Effective communication ensures that all stakeholders are informed of the incident status, helping to coordinate efforts, reduce confusion, and maintain customer and stakeholder trust.
Explain the importance of the eradication and recovery phase in the incident response process. The eradication and recovery phase involves removing the threat from the environment and restoring systems and services to normal operation, ensuring that vulnerabilities are addressed to prevent recurrence.
What is the significance of conducting a post-mortem analysis after a cyber incident? A post-mortem analysis helps organizations understand the root cause of the incident, analyze the effectiveness of the response, and develop strategies to strengthen security posture and response capabilities in the future.
What is the primary objective of cybersecurity compliance? The primary objective of cybersecurity compliance is to ensure that an organization adheres to the regulatory, legal, and policy requirements to protect sensitive data and systems. This involves following established guidelines and standards to minimize security risks and vulnerabilities.
Name three common cybersecurity frameworks organizations can adopt. Three common cybersecurity frameworks organizations can adopt are: ISO/IEC 27001, NIST Cybersecurity Framework, and COBIT.
What best practice involves regularly testing network security controls? The best practice of conducting penetration testing involves regularly testing network security controls. Penetration testing simulates cyberattacks to identify and fix vulnerabilities before they can be exploited.
Why is employee training crucial for cybersecurity compliance? Employee training is crucial for cybersecurity compliance because it raises awareness about security threats and teaches best practices for safeguarding information. Well-educated employees can prevent accidental data breaches and recognize suspicious activities.
What is data encryption and why is it important? Data encryption is the process of converting plaintext into ciphertext to protect it from unauthorized access. It is important because it ensures data confidentiality and integrity, even if the data is intercepted during transmission.
Explain the principle of least privilege. The principle of least privilege involves granting users only the minimum access necessary to perform their job functions. This limits potential damage from insider threats or accidental misuse and improves overall security posture.
What role does patch management play in compliance? Patch management plays a critical role in compliance by ensuring that software and systems are up-to-date with the latest security patches. This reduces vulnerabilities that could be exploited by attackers and helps maintain adherence to compliance standards.
How can organizations monitor compliance adherence effectively? Organizations can effectively monitor compliance adherence by implementing continuous monitoring systems and tools that automate the detection of compliance violations. Regular audits and security assessments are also essential for ongoing compliance verification.
What is multi-factor authentication (MFA) and its significance? Multi-factor authentication (MFA) is a security measure that requires users to verify their identity using two or more different authentication factors. Its significance lies in adding an extra layer of protection against unauthorized access, even if one factor (like a password) is compromised.
Why is maintaining an incident response plan critical for cybersecurity? Maintaining an incident response plan is critical for cybersecurity as it provides a structured approach to identifying, managing, and recovering from security incidents. It minimizes damage, reduces recovery time, and helps maintain compliance by promptly addressing breaches.
What is a zero-day vulnerability? A zero-day vulnerability is a security flaw in software that is unknown to the vendor and has no patch available. Cybercriminals can exploit these vulnerabilities before developers have a chance to fix them.
Explain what 'Advanced Persistent Threats' (APTs) are. Advanced Persistent Threats (APTs) are prolonged and targeted cyberattacks where attackers gain unauthorized access to a network and remain undetected for an extended period, often to steal data.
How does 'Ransomware' differ from other malware? Ransomware is a type of malware that encrypts the victim's data and demands payment for the decryption key. Unlike other malware, its primary goal is financial gain through extortion.
What is the purpose of a 'botnet'? A botnet is a network of compromised computers controlled by a single party, used to launch large-scale cyberattacks such as Distributed Denial of Service (DDoS) or to spread malware.
Describe 'IoT-based attacks' and their impact. IoT-based attacks target the growing number of Internet of Things devices, exploiting their often weak security. These attacks can lead to data breaches, device malfunction, and network compromise.
What is 'phishing' and how can it be prevented? Phishing is a cyberattack technique where attackers impersonate legitimate entities to steal sensitive information, typically via email. Prevention includes user education, email filtering, and anti-phishing software.
Why is 'blockchain' considered secure? Blockchain is considered secure due to its decentralized nature and cryptographic algorithms, which make data tampering difficult and easy to detect. Each block contains a hash of the previous block, forming a secure chain.
How does 'Machine Learning' contribute to cybersecurity? Machine Learning in cybersecurity helps in identifying patterns associated with malicious activities, improving threat detection, automating response actions, and reducing false positives.
What are 'quantum computing' threats? Quantum computing poses security threats by potentially breaking current cryptographic algorithms, like RSA, due to its ability to efficiently solve complex problems that are infeasible for classical computers.
Explain 'Edge Computing's' impact on network security. Edge Computing brings processing closer to data sources, reducing latency and bandwidth use. However, it also introduces security challenges, such as managing a larger attack surface across decentralized nodes.