General Concepts

• Vulnerability: Weakness in a device/system/network.
• Attack Vector: Pathway to illegally access a system.
• Defense in Depth: Multiple overlapping layers of security.
• Authentication: Verifying identification.

Malware Types

• Rootkit: Malware tools for remote access/control.
• Adware: Redirects browsers to malicious sites.
• Cryptojacking: Uses device resources to mine cryptocurrency.
• Ransomware: Encrypts hard drive for ransom.
• Spyware: Secretly gathers and sends data.
• Worm: Self-propagating malicious code causing DoS.
• Virus: Replicates and spreads with harmful payloads.
• Trojan Horse: Appears harmless but is malicious.

Cybersecurity Tools

• SNMP: Monitors/manages network performance.
• Packet Capture: Intercepts/stores network data.
• SOAR: Automates incident investigations.
• SIEM: Collects and analyzes security data.
• Netstat -o: Audits applications and TCP connections.
• Metasploit: Exploits vulnerabilities during pen testing.

Security Practices

• Patch Management: Automatically updates software.
• Virtual Machines: Test patches safely.
• Quarantine: Isolates infected files.
• Disable System Restore: Prevents malware re-infection.
• Host-based Firewall: Protects devices beyond the main firewall.

Linux Basics

• Default Permissions: rw-rw-rw
• Change Permissions: chmod og-wx filename
• Change Root Directory: sudo

Policies

• Password Policy: Rules for password security.
• Acceptable Use Policy: Rules for computing resources.
• Remote Access Policy: Access permissions remotely.
• Network Access Policy: Rules for using network resources.
• Network Maintenance Policy: Update procedures.
• Identification and Authentication Policy: Access verification.

Threats & Attacks

• Fileless Malware (via PowerShell): Trusted by applications.
• Sweep Scan: Scans all hosts for an open port.
• IP Spoofing: Fake source IP to impersonate systems.
• ARP Spoofing: Fake MAC address mapping.
• Ping Flood: Overwhelms target system with requests.
• TCP Sequence Prediction: Imitates a sender by predicting sequences.
• Port Scanning: Finds open/closed ports.

Social Engineering

• Whaling: Targets high-ranking individuals.
• Tailgating: Unauthorized physical access to buildings.
• Compromised Insider: Credentials given to attackers.
• Malicious Insider: Steals sensitive info intentionally.
• Negligent Insider: Accidental data loss/theft.

Risk Management

• Risk Transfer: Insurance against disasters.
• Mitigation: Prevents vulnerabilities from being exploited.

Cloud Computing

• Community Cloud: Shared by organizations in the same sector.
• Private Cloud: Used by one organization, often behind a firewall.
• Hybrid Cloud: Mix of private and public cloud.

Incident Response (NIST)

• Preparation: Assemble jump kits.
• Detection & Analysis: Investigate alerts (e.g., failed logins).
• Containment, Eradication, Recovery: Malware removal steps.
• Post-Incident: Lessons learned and documentation.

Compliance & Organizations

• HIPAA: Protects medical data.
• FISMA: Framework for protecting federal data.
• SANS Institute: Provides training/certifications.
• DHS: Offers Automated Indicator Sharing (AIS).