Computer security Study Guide

📖 Core Concepts Computer Security – Protects software, systems, and networks from unauthorized disclosure, alteration, or disruption. CIA Triad – Confidentiality, Integrity, Availability – the three foundational security goals. Vulnerability – A flaw that can be exploited; must have a working attack to be considered exploitable. Threat Actor – Person or group searching for vulnerabilities to launch attacks. Security by Design – Build security controls (least‑privilege, defense‑in‑depth, secure defaults) into a system from the start. Defense in Depth – Layered controls so an attacker must compromise multiple subsystems before succeeding. Incident Response Lifecycle – Preparation → Detection & Analysis → Containment → Eradication → Recovery → Post‑Incident Review. Zero‑Trust Model – No implicit trust; every access request is authenticated, authorized, and logged. 📌 Must Remember Least Privilege – Grant only the permissions required for a task. Three Core Processes – Threat prevention, detection, and response. Two‑Factor Authentication (2FA) = something you know + something you have. Backdoor – Secret method bypassing normal authentication; hard to detect. Distributed DoS (DDoS) – Uses a botnet to amplify traffic; reflective DDoS adds an amplification factor. Privilege Escalation – Horizontal (lateral move) vs. Vertical (gain higher rights). Social Engineering – Exploits human trust; >90 % of incidents involve human error. Patch Management – Regularly apply vendor patches; reduces exploitable surface. Audit Trails – Must be stored remotely & immutable to prevent log manipulation. Gordon‑Loeb Model – Spend only a small fraction of expected loss on security controls. 🔄 Key Processes Vulnerability Management Cycle Identify → Assess risk → Prioritize → Remediate (patch/mitigate) → Verify → Monitor. Incident Response Workflow Preparation: training, policies, tools. Detection & Analysis: alert triage, confirm incident, assess impact. Containment: isolate affected assets (network segmentation, account disable). Eradication: remove malware, close exploited vector. Recovery: restore from clean backups, verify system integrity. Post‑Incident: root‑cause analysis, update IR plan. Secure Development (Security by Design) Threat modeling → design with least privilege/defense‑in‑depth → code reviews & unit tests → static/dynamic analysis → pen‑testing → formal verification (if feasible). Access Control Decision (ACL vs. RBAC vs. Capability) Define object → assign permissions (ACL) or assign roles (RBAC) or issue unforgeable tokens (Capability). 🔍 Key Comparisons Backdoor vs. Trojan Backdoor: hidden auth bypass, often installed silently. Trojan: appears legitimate, may create a backdoor as part of its payload. DoS vs. DDoS DoS: single source overloads target. DDoS: many compromised hosts (botnet) generate traffic; can be reflective. Horizontal vs. Vertical Privilege Escalation Horizontal: moves laterally to another low‑privilege account. Vertical: climbs to higher‑privilege (admin) account. Firewall vs. IDS vs. IPS Firewall: enforces policy on traffic flow (allow/deny). IDS: monitors & alerts on suspicious activity. IPS: actively blocks identified threats in real time. Symmetric vs. Asymmetric Encryption Symmetric: same key for encrypt/decrypt; fast, used for bulk data. Asymmetric: public‑key encrypts, private‑key decrypts; enables key exchange & digital signatures. ⚠️ Common Misunderstandings “Security through obscurity is sufficient.” – Obscurity can be reverse‑engineered; must be paired with robust controls (encryption, auth). “Antivirus alone protects endpoints.” – Modern malware evades signatures; layered defenses (EDR, sandboxing, 2FA) are needed. “All encryption is the same.” – Weak algorithms (e.g., DES) are insecure; prefer AES‑256 or RSA‑2048+. “Patch once, safe forever.” – New vulnerabilities appear constantly; continuous patching is required. “Physical locks replace digital security.” – Physical access can bypass logical controls; combine both (disk encryption, TPM). 🧠 Mental Models / Intuition Attack Surface = Doorways – Every open port, service, or physical entry is a door; close doors you don’t need. Layers = Onion – Peel away layers (network, host, app, data); an attacker must get through each layer. Least Privilege = Minimal Keyring – Give users only the keys they need; fewer keys = smaller impact if one is lost. Zero‑Trust = Guard at Every Door – No “inside” network; verify identity, device health, and context each time. 🚩 Exceptions & Edge Cases Backdoors intentionally placed by vendors (e.g., for remote maintenance) require strict audit and limited use. Air‑gapped systems can still be compromised (e.g., Stuxnet) via removable media – enforce strict media controls. Fast‑Flux DNS hides malicious servers; standard DNS logging may miss the real source. Hardware‑based security (TPM, PUFs) can be bypassed if physical tampering is possible; combine with encryption. 📍 When to Use Which Choose a firewall when you need to enforce perimeter policies; add IDS/IPS when you must detect or block ongoing attacks. Use symmetric encryption for bulk data at rest or in transit; use asymmetric for key exchange, digital signatures, or when parties haven’t shared a secret. Select RBAC for organizations with clear job functions; Capability tokens for micro‑service architectures needing fine‑grained, unforgeable rights. Deploy 2FA on any privileged account; full disk encryption on laptops and removable drives that could be lost or stolen. 👀 Patterns to Recognize Repeated failed logins → brute‑force / account lockout attack. Large outbound traffic spikes → possible data exfiltration or botnet. Unexpected new services listening on ports → backdoor or rogue daemon. Phishing email cues: mismatched URLs, urgent language, generic greetings. DNS queries to high‑entropy domains → fast‑flux or C2 communication. 🗂️ Exam Traps “All malware is a virus.” – Distinguish viruses, worms, Trojans, ransomware, spyware, etc. Confusing “privilege escalation” with “privilege abuse.” – Escalation gains higher rights; abuse misuses already‑granted rights. Assuming “firewall = complete protection.” – Firewalls filter traffic but cannot stop insider threats or encrypted malicious payloads. Selecting “security through obscurity” as a primary control. – It’s a supplemental measure, not a primary defense. Misidentifying “horizontal escalation” as “vertical.” – Horizontal moves laterally; vertical climbs upward. --- Use this guide for rapid review—focus on the bolded keywords, the concise processes, and the comparison tables to lock in high‑yield material before the exam.