Threat management integrates different approaches to threats to mitigate risk and protect assets
Confidentiality ensures unauthorized individuals cannot access sensitive information
Integrity ensures no unauthorized modifications to information or systems
Availability ensures information and systems are ready to meet the needs of legitimate users
CIA Triad refers to Confidentiality, Integrity, and Availability as key cybersecurity goals
Risk is the potential for loss, damage, or destruction of an asset due to a threat exploiting a vulnerability
Vulnerabilities are weaknesses in a device, system, application, or process that may allow an attack
Threats are outside forces in cybersecurity that may exploit vulnerabilities
Risks are the combination of threats and corresponding vulnerabilities
Risk = Threat × Vulnerability represents the relationship between risks, threats, and vulnerabilities
Risk assessments measure current risk levels based on threats, vulnerabilities, and mitigations
NIST SP 800-30 risk assessment process involves identifying threats and vulnerabilities to determine risk levels
Threats can be adversarial, accidental, structural, or environmental
Identifying vulnerabilities involves focusing on external factors likely to impact security efforts
Likelihood is the chance a risk will be realized, while impact is the severity of damage if it occurs
Quantitative techniques numerically assess likelihood and impact of risks in risk assessments
Cybersecurity professionals use controls to minimize risk through risk management
Ways to handle risk include acceptance, avoidance, mitigation, and transference
Network perimeter security often involves firewalls at network boundaries
Major types of network perimeter security threats include Packet Filtering, Stateful Inspection, Next-Generation Firewalls, and Web Application Firewalls
Network Access Control solutions limit network access to authorized individuals and ensure system security
NAC Approval Criteria include time of day, role of the user, location of the user, and system health status
Defense deception methods like Honeypots and DNS Sinkholes help in identifying and deterring attacks
Secure endpoint management involves securing devices like laptops, smartphones, and tablets
Endpoint security considerations include hardening system configuration, patch management, and group policies
Penetration testing simulates cyber-attacks to identify vulnerabilities and report findings
Planning a penetration test involves timing, scope, authorization, conducting discovery, executing the test, and communicating results
Reconnaissance and intelligence gathering are essential for understanding an organization's security environment
Foot printing the network involves creating a map of an organization's networks and systems
Active reconnaissance uses host scanning tools to gather information about systems, services, and vulnerabilities
Network mapping tools like Zenmap and Nmap help in approximating the network during active reconnaissance
Zenmap and nmap are useful for conducting network mapping
Zenmap is a graphical version of Nmap and uses Nmap as its scanning engine
Nmap is the most popular network scanning program globally
Port scanning tools are designed to send traffic to remote systems and gather responses to provide information about the systems and services they offer
Port scanning features include host discovery, port scanning and service identification, service version identification, and operating system identification
Other port scanners include Angry IP Scanner, Metasplot Built-in scanner, Qualys Vulnerability Management, Tenable's Nessus Vulnerability Scanner, and Python coding for custom port scanners
Nmap, short for Network Mapper, is a network discovery and security auditing tool with powerful scanning options
Nmap is widely used to scan for open ports and services, discover service versions, guess the operating system, and monitor hosts
Passive reconnaissance relies on logs, data, and packet captures to gather information for network mapping