CSF Practice 2 - Chapters 1 to 3

White, Gray, Black hats (Chapter 1 ppt 18)

White hat attackers break into networks or computer systems to discover weaknesses in order to improve the security of these systems.

Gray hat attackers are somewhere between white and black hat attackers. The gray hat attackers may find a vulnerability and report it to the owners of the system if that action coincides with their agenda.

Black hat attackers are unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks.

packet-sniffing (Chapter 1 ppt 26)

Packet sniffers work by monitoring and recording all information coming across a network.

Operate and Maintain (Chapter 1 ppt 38)

Protect and Defend

Investigate

Collect and Operate

Analyze

Oversight and Development

Securely Provision

(Chapter 1 ppt 19 to 20) As internal users have direct access to the building and its infrastructure devices. Internal attackers typically have knowledge of the corporate network, its resources, and its confidential data. They may also have knowledge of security countermeasures, policies and higher levels of administrative privileges. Employee/Ex-employee, Contract Partners or Trusted Partners.

(Chapter 1 ppt 19 to 20) External threats from amateurs or skilled attackers can exploit vulnerabilities in networked devices, or can use social engineering, such as trickery, to gain access. External attacks exploit weaknesses or vulnerabilities to gain access to internal resources. Organised Attackers, Hackers, Amateurs