Cyber Security at Hochschule Furtwangen | Flashcards & Summaries

Lernmaterialien für Cyber Security an der Hochschule Furtwangen

Greife auf kostenlose Karteikarten, Zusammenfassungen, Übungsaufgaben und Altklausuren für deinen Cyber Security Kurs an der Hochschule Furtwangen zu.

TESTE DEIN WISSEN

The Activist

Lösung anzeigen
TESTE DEIN WISSEN

Whatever their cause, it’s a burning one – and the Activist takes their political, religious or social cause outside the rule of law and on to the Internet

Lösung ausblenden
TESTE DEIN WISSEN

Access Control Tests (Penetration test, Red Team testing, Vulnerability testing):

Please explain what “Penetration Test” means?

Lösung anzeigen
TESTE DEIN WISSEN

Penetration Testers/White Hackers probe for vulnerabilities using open and closed source tools and a range of known attacks to find and identify as many vulnerabilities as possible before black hat hackers do. Penetration testers follow a defined methodology of planning, reconnaissance/observation, scanning, assessing vulnerabilities, exploiting and reporting their results all while maintaining the confidentiality of their work and the integrity of the data and system they are evaluating. 

Their focus is often not on stealth or evasion, instead the organization and security team is typically aware of the testing.


OWASP Top 10 list is often a starting point, as it contains the 10 most common web application security threats.

Lösung ausblenden
TESTE DEIN WISSEN

Three States of Data: In Motion

Lösung anzeigen
TESTE DEIN WISSEN

In Motion: 

Data that is moving or being transferred between locations within or between computer systems across the network. Data in motion may be moving within a computer system, over a wireless connection or along a wired connection. Data in motion should be encrypted in order to protect them.

e.g. email attachments, FTP sites, files being downloaded, synced or transferred

Lösung ausblenden
TESTE DEIN WISSEN

Cloud-Unique Threats and Risks

Lösung anzeigen
TESTE DEIN WISSEN
  • Consumers Have Reduced Visibility and Control
  • On-Demand Self Service Simplifies Unauthorized Use
  • Internet-Accessible Management APIs can be Compromised
  • Separation Among Multiple Tenants Fails
  • Data Deletion is Incomplete
Lösung ausblenden
TESTE DEIN WISSEN

Quantitative data

Lösung anzeigen
TESTE DEIN WISSEN

Quantitative data: information about quantities, and therefore numbers, and qualitative data is descriptive, and regards phenomenon which can be observed but not measured.

e.g. language.


It's easier and faster to use qualitative methods for assets value and risk: 

  • None tangible assets 
  • Complicated setup or constellations


Mid- and long-term goal

Use quantitative methods because they are exacter, so you can make better forecasts

Lösung ausblenden
TESTE DEIN WISSEN

IoT Devices Attack power

Lösung anzeigen
TESTE DEIN WISSEN
  • Breach of privacy can be used by the attacker
  • Can be used to gain control over equipment
  • Could be taken over by the attacker.

• To use it in a DDoS attack (Attack a server with modified IP
packages to produce load on the attacked server)
• Farm Bitcoins or other blockchain currencies
• Relay and distribute Spam emails
• Be part of a control and command attack (BOT Network)

Lösung ausblenden
TESTE DEIN WISSEN

IoT Devices Issues

Lösung anzeigen
TESTE DEIN WISSEN
  • No security Standards and Certification available
  • Production cost and functions are the key for success
  • The base / core design of most IoT devices are similar and attack patters can be used on a variety of similar devices
  • IoT Devices are often connected to the Cloud.
  • Setup must be easy and doable for none technical users
Lösung ausblenden
TESTE DEIN WISSEN

Risk

Lösung anzeigen
TESTE DEIN WISSEN

Risk: An uncertain event or set of events which, should it occur, will have it a negative effect on the achievement of objectives


"Risk is the possibility of something bad happening" - Cambridge Dictionary

Lösung ausblenden
TESTE DEIN WISSEN

Threat Source (or Threat Agent)

Lösung anzeigen
TESTE DEIN WISSEN

Threat Source/Threat Agent: Someone who exploits a vulnerability (which is a weakness without sufficient countermeasure)

Lösung ausblenden
TESTE DEIN WISSEN

SECURITY ENGINEERING FOR MACHINERY: 

Operation System (Key Terms)

Lösung anzeigen
TESTE DEIN WISSEN

Multi-Processing: The scheduler distributes CPU time fairly to all processes. Only one process per core is running at any time. Processes are isolated (none interference)
Multi-Threading: Application creates Threads which can run in parralel and can share the same memory
Kernel: The core of an operation system; it manages the local hardware resources and controls the access
Microkernel Architecture: The kernel is able to load modules (e.g. Device driver or not commonly used functionality) to make the kernel smaller.
Firmware: Specialized OS for a device or CPU

Lösung ausblenden
TESTE DEIN WISSEN

The Insider

Lösung anzeigen
TESTE DEIN WISSEN

The most difficult Suspect to counteract, the Insider might be a
disgruntled or negligent employee, a commercial spy, victim of
coercion or even a well-meaning innocent.

Lösung ausblenden
TESTE DEIN WISSEN

The triad of information security

Lösung anzeigen
TESTE DEIN WISSEN
  • Confidentiality
  • Integrity
  • Availability
Lösung ausblenden
  • 36384 Karteikarten
  • 855 Studierende
  • 58 Lernmaterialien

Beispielhafte Karteikarten für deinen Cyber Security Kurs an der Hochschule Furtwangen - von Kommilitonen auf StudySmarter erstellt!

Q:

The Activist

A:

Whatever their cause, it’s a burning one – and the Activist takes their political, religious or social cause outside the rule of law and on to the Internet

Q:

Access Control Tests (Penetration test, Red Team testing, Vulnerability testing):

Please explain what “Penetration Test” means?

A:

Penetration Testers/White Hackers probe for vulnerabilities using open and closed source tools and a range of known attacks to find and identify as many vulnerabilities as possible before black hat hackers do. Penetration testers follow a defined methodology of planning, reconnaissance/observation, scanning, assessing vulnerabilities, exploiting and reporting their results all while maintaining the confidentiality of their work and the integrity of the data and system they are evaluating. 

Their focus is often not on stealth or evasion, instead the organization and security team is typically aware of the testing.


OWASP Top 10 list is often a starting point, as it contains the 10 most common web application security threats.

Q:

Three States of Data: In Motion

A:

In Motion: 

Data that is moving or being transferred between locations within or between computer systems across the network. Data in motion may be moving within a computer system, over a wireless connection or along a wired connection. Data in motion should be encrypted in order to protect them.

e.g. email attachments, FTP sites, files being downloaded, synced or transferred

Q:

Cloud-Unique Threats and Risks

A:
  • Consumers Have Reduced Visibility and Control
  • On-Demand Self Service Simplifies Unauthorized Use
  • Internet-Accessible Management APIs can be Compromised
  • Separation Among Multiple Tenants Fails
  • Data Deletion is Incomplete
Q:

Quantitative data

A:

Quantitative data: information about quantities, and therefore numbers, and qualitative data is descriptive, and regards phenomenon which can be observed but not measured.

e.g. language.


It's easier and faster to use qualitative methods for assets value and risk: 

  • None tangible assets 
  • Complicated setup or constellations


Mid- and long-term goal

Use quantitative methods because they are exacter, so you can make better forecasts

Mehr Karteikarten anzeigen
Q:

IoT Devices Attack power

A:
  • Breach of privacy can be used by the attacker
  • Can be used to gain control over equipment
  • Could be taken over by the attacker.

• To use it in a DDoS attack (Attack a server with modified IP
packages to produce load on the attacked server)
• Farm Bitcoins or other blockchain currencies
• Relay and distribute Spam emails
• Be part of a control and command attack (BOT Network)

Q:

IoT Devices Issues

A:
  • No security Standards and Certification available
  • Production cost and functions are the key for success
  • The base / core design of most IoT devices are similar and attack patters can be used on a variety of similar devices
  • IoT Devices are often connected to the Cloud.
  • Setup must be easy and doable for none technical users
Q:

Risk

A:

Risk: An uncertain event or set of events which, should it occur, will have it a negative effect on the achievement of objectives


"Risk is the possibility of something bad happening" - Cambridge Dictionary

Q:

Threat Source (or Threat Agent)

A:

Threat Source/Threat Agent: Someone who exploits a vulnerability (which is a weakness without sufficient countermeasure)

Q:

SECURITY ENGINEERING FOR MACHINERY: 

Operation System (Key Terms)

A:

Multi-Processing: The scheduler distributes CPU time fairly to all processes. Only one process per core is running at any time. Processes are isolated (none interference)
Multi-Threading: Application creates Threads which can run in parralel and can share the same memory
Kernel: The core of an operation system; it manages the local hardware resources and controls the access
Microkernel Architecture: The kernel is able to load modules (e.g. Device driver or not commonly used functionality) to make the kernel smaller.
Firmware: Specialized OS for a device or CPU

Q:

The Insider

A:

The most difficult Suspect to counteract, the Insider might be a
disgruntled or negligent employee, a commercial spy, victim of
coercion or even a well-meaning innocent.

Q:

The triad of information security

A:
  • Confidentiality
  • Integrity
  • Availability
Cyber Security

Erstelle und finde Lernmaterialien auf StudySmarter.

Greife kostenlos auf tausende geteilte Karteikarten, Zusammenfassungen, Altklausuren und mehr zu.

Jetzt loslegen

Das sind die beliebtesten Cyber Security Kurse im gesamten StudySmarter Universum

Security

LMU München

Zum Kurs

Die all-in-one Lernapp für Studierende

Greife auf Millionen geteilter Lernmaterialien der StudySmarter Community zu
Kostenlos anmelden Cyber Security
Erstelle Karteikarten und Zusammenfassungen mit den StudySmarter Tools
Kostenlos loslegen Cyber Security