Open in app

Sign in

Write

Sign in

Cybersecurity

Zandra Monteiro
7 min readMay 11, 2024
Lock on keyboard

Cybersecurity is definitely one of my favorites subjects! Every time I have the opportunity to study it, I catch it! So I’ve decided to share some of my notes here and it’s also a way for me to keep everything together and make it easier for me to find the point I want later.

Some of the content may be a little loose and I’m sorry for that. It’s because these are just my understanding about something or parts of the official text from the course. Then I strongly recommend you to join the full course and reach the whole content.

Endpoint Security badge from CISCO

CISCO ENDPOINT SECURITY

Access the course here.

Initial definitions:

  • VIRUSES: a virus is a type of computer program that, when executed, replicates and attaches itself to other files, such as a legitimate program, by inserting its own code into it. Most viruses require end-user interaction to initiate activation, and can be written to act on a specific date or time. Viruses mutate to avoid detection.
  • WORMS: a worm replicates by independently exploiting vulnerabilities in networks. Unlike a virus, which requires a host program to run, worms can run by themselves. Worms share similar patterns: they exploit system vulnerabilities, they have a way to propagate themselves and the all contain malicious code (payload) to cause damage to computer systems or networks.
  • TROJAN HORSE: Trojans exploit the privileges of the user who runs them. Unlike viruses, Trojans do not self-replicate but often bind themselves to non-executable files, such as images, audio or video files, acting as a decoy to harm systems.
  • LOGIC BOMBS: it waits for a trigger, such as a specific date or database entry, to set off the malicious code. It can sabotage database records, erase files and attack operating systems, applications or destroy the hardware components in a device or server.
  • DENIAL OF SERVICE ATTACKS: even operational technologies, hardware or software that controls physical devices or processes in buildings, factories or utility providers, are vulnerable to DoS attacks, which can cause a shutdown, in extreme circumstances.

→Overwhelming quantity of traffic

→Malicious formatted packets

.-.- Distributed denial of service (DDoS) are similar but originated from multiple coordinated sources. When a machine turned into zombie, it gets slow and the applications do not work properly and some ad pop-ups use to appear.

Domain name system (DNS):

  • DOMAIN REPUTATION: the DNS is used by DNS servers to translate a domain name into a numerical IP address so that the computer can understand it. If a DNS server does not know an IP address, it will ask another DNS server. An organization needs to monitor its domain reputation, including its IP address, to help protect against malicious external domains.
  • DNS SPOOFING or DNS CACHE POISONING: it is an attack in which false data is introduced into a DNS resolver cache (records recent visits to websites and other internet domains). Attacks redirect traffic for a specific domain.
  • DOMAIN HIJACKING: when a attacker gains control of target’s DNS information. The most common way is to change the admin’s email through social engineering or by hacking into the admin’s email account. The admin’s email can be easily found via the WHOIS record domain, which is of public record.

→DNS tunneling can frequently be detected by looking for unusual DNS queries, such as those that are too long or query for an unusual domain name.

Layer 2 attacks:

Layer 2 refers to the data link layer, used to move data across a linked physical network. IP addresses are mapped to each physical device address (also known as media access control — MAC address) on the network, using a procedure called address resolution protocol (ARP). In its simplest terms, the MAC address identifies the intended receiver of an IP address sent over the network, and ARP resolves IP addresses to MAC addresses for transmitting data.

  • SPOOFING or POISONING: it is a type of impersonating attack that takes advantage of a trusted relationship between two systems.
  • MAC FLOODING: an attacker floods the network with fake MAC addresses, compromising the security of the network switch.

Application attacks:

  • CROSS-SITE SCRIPTING (XXS): cybercriminals inject scripts containing malicious code into a web page. The page is accessed by the victim, and the scripts pass to their browser.

→XML injection

→SQL injection

→DLL injection: dynamic link library (DLL) is a library that contains a set of code and data for carrying out a particular activity in Windows.

→LDAP injection: lightweight directory access protocol (LDAP) is an open protocol for authenticating user access to directory services.

  • BUFFER OVERFLOW: buffers are memory areas allocated to an application. Buffer overflow can lead to a system crash os data compromise, or provide escalation od privileges.
  • CROSS-SITE REQUEST FORGERY (CRSF): exploit of a website where unauthorized commands are submitted from a user’s browser to a trusted web application, through image tags, hidden forms or JavaScript requests.
  • RACE CONDITION: time of check (TOC) or time of use (TOU), happens when a computer system that is designed to handle tasks in a specific sequence is forced to perform two or more operations simultaneously.
  • IMPROPER INPUT HANDLING: data inputted by a user that is not properly validated can affect the data flow of a program and can cause critical vulnerabilities in systems and applications that result in buffer overflow or SQL injection attacks.
  • ERROR HANDLING: attackers can use error messages to extract specific information such as hostnames of internal systems and directories or files that exist on a given webserver — as well as database, table or field names that can be used to craft SQL injection.
  • REPLAY ATTACK: a valida data transmission is maliciously repeated or delayed by an attacker.
  • DIRECTORY TRANSVERSAL: when the attacker is able to read files on the webserver outside of the directory of the website. An attacker can then use this information to download server configuration files containing sensitive information, potentially expose more server vulnerabilities or even take control of the server.
  • RESOURCE EXHAUSTION: rather than overwhelming network bandwidth like a DoS attack, it overwhelms the hardware resources available on the target’s server.

Common HTTP exploits:

  • MALICIOUS iFRAMES (inline frames): an iFrame is an HTML element that allows the browser to load another web page from another source. They are often used to insert ads from another sources into the page. Because the iFrame is run in the page, it can be used to deliver a malicious exploit.
  • HTTP 302 CUSHIONING: threat actors use the 302 Found HTTP response status code to direct user’s browser to a new location.
  • DOMAIN SHADOWING: must first compromise a domain, then create multiple subdomains to be used for the attacks:
  1. A website becomes compromised
  2. HTTP 302 cushioning is used to send the browser to malicious websites
  3. Domain shadowing is used to direct browser to a compromised server
  4. An exploit kit loading page is accessed

→What to do?

  • Use a web proxy to block malicious sites;
  • Secure all domain owner accounts;
  • Make sure that domain owners validate their registration accounts and look for any subdomains that they have not authorized;
  • Use an IPS (intrusion prevention system) to detect and prevent malicious scripts;
  • Educate end users.

Mitigating common network attacks:

→DEFENDING THE NETWORK:

  • Develop a written security policy for the company.
  • Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email or in person.
  • Control physical access to systems.
  • Use strong passwords and change them often.
  • Encrypt and password-protect sensitive data.
  • Implement security hardware and software such as firewalls, intrusion prevention systems (IPS), virtual private network (VPN) devices, antivirus software, and content filtering.
  • Perform backups and test the backed-up files on a regular basis.
  • Shut down unnecessary services and ports.
  • Keep patches up-to-date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks.
  • Perform security audits to test the network.

→MITIGATING MALWARE:

  • One way of mitigating virus and Trojan horse attacks is antivirus software. Antivirus software helps to prevent hosts from getting infected and spreading malicious code. It requires much more time to clean up infected computers than it does to maintain up-to-date antivirus software and antivirus definitions on the same machine.

→SYSTEM-BASED SANDBOXING:

  • Sandboxing is a technique that allows suspicious files to be executed and analyzed in a safe environment.

Security principles:

  • CONFIDENTIALITY: prevents the disclosure of information to unauthorized people, resources or processes.
  • INTEGRITY: accuracy, consistency, and trustworthiness of data.
  • AVAILABILITY: ensures that information is accessible by authorized users when needed.

→To accomplish confidentiality without using encryption, tokenization is a substitution technique that can isolate data elements from exposure to other data systems. A random value with no mathematical relationship replaces original data. Tokenization can preserve the data format (its type and data length), which makes it useful for databases and card payment processing.

→Rights management covers both Digital Rights Management (DRM) and Information Rights Management (IRM). Both protect data from unauthorized access by using encryption. DRM protects copyrighted material like music, films, or books. IRM is used with email and other files that are relevant to the activities and communications of an organization. When this information is shared with others, IRM allows the document owner to control and manage access to the document.

Source: CISCO

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cybersecurity
Zandra Monteiro
Zandra Monteiro

Written by Zandra Monteiro

27 Followers
41 Following

Passionate about programming and solving problems using code! Enjoying this amazing journey of becoming a dev, I’ll share here some of it.

No responses yet

Write a response

What are your thoughts?

More from Zandra Monteiro

See all from Zandra Monteiro

Recommended from Medium

Lists

Spell AI Automation
An image by the author.
iPhone displaying the new intelligent Siri

Tech & Tools

23 stories409 saves

Medium's Huge List of Publications Accepting Submissions

414 stories4678 saves

Staff picks

826 stories1649 saves
Robot hand touching human hand

Natural Language Processing

1977 stories1619 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams