Catalog / Cybersecurity & Networking Cheatsheet
Cybersecurity & Networking Cheatsheet
A comprehensive cheat sheet covering essential Cybersecurity and Networking concepts, tools, and best practices.
Networking Fundamentals
OSI Model Layers
Layer 7: Application |
Provides network services to applications (e.g., HTTP, SMTP, FTP). |
Layer 6: Presentation |
Handles data representation, encryption, and decryption. |
Layer 5: Session |
Manages connections between applications. |
Layer 4: Transport |
Provides reliable data transfer (TCP) or best-effort delivery (UDP). |
Layer 3: Network |
Handles routing of data packets (IP). |
Layer 2: Data Link |
Provides error-free transmission between adjacent nodes (Ethernet). |
Layer 1: Physical |
Defines physical characteristics of the network (cables, signals). |
Common Network Protocols
TCP |
Transmission Control Protocol: Connection-oriented, reliable data transfer. |
UDP |
User Datagram Protocol: Connectionless, fast, but unreliable data transfer. |
IP |
Internet Protocol: Handles addressing and routing of data packets. |
HTTP |
Hypertext Transfer Protocol: Used for web browsing. |
HTTPS |
HTTP Secure: Secure web browsing with encryption (SSL/TLS). |
DNS |
Domain Name System: Translates domain names to IP addresses. |
DHCP |
Dynamic Host Configuration Protocol: Automatically assigns IP addresses to devices. |
Networking Devices
Router |
Forwards data packets between networks. |
Switch |
Connects devices within a network. |
Firewall |
Controls network traffic based on security rules. |
Load Balancer |
Distributes network traffic across multiple servers. |
Cybersecurity Essentials
Common Security Threats
Malware: Malicious software (viruses, worms, trojans). |
SQL Injection: Exploiting vulnerabilities in database queries. |
Security Principles
Principle of Least Privilege |
Grant users only the minimum necessary access rights. |
Defense in Depth |
Implement multiple layers of security controls. |
Zero Trust |
Trust no one, verify everything. |
Separation of Duties |
Divide critical tasks among multiple individuals. |
Authentication Methods
Password |
A secret word or phrase used for verification. |
Multi-Factor Authentication (MFA) |
Requires multiple verification factors (e.g., password + code from phone). |
Biometrics |
Uses unique biological traits for verification (e.g., fingerprint, facial recognition). |
Certificates |
Digital documents used to verify identity. |
Security Tools & Techniques
Network Security Tools
Wireshark |
Network protocol analyzer for capturing and analyzing network traffic. |
Nmap |
Network scanner for discovering hosts and services on a network. |
Snort |
Intrusion detection and prevention system (IDS/IPS). |
Metasploit |
Penetration testing framework for exploiting vulnerabilities. |
Cryptography Basics
Symmetric Encryption |
Uses the same key for encryption and decryption (e.g., AES). |
Asymmetric Encryption |
Uses a public key for encryption and a private key for decryption (e.g., RSA). |
Hashing |
Creates a fixed-size string (hash) from an input (e.g., SHA-256). |
Digital Signatures |
Uses asymmetric encryption to verify the authenticity and integrity of data. |
Vulnerability Scanning
Vulnerability scanning involves identifying and assessing security weaknesses in systems and applications. Tools like Nessus, OpenVAS, and Qualys can automate the process of scanning for known vulnerabilities. Regular vulnerability scans help organizations proactively address security risks and prevent exploitation. |
Examples of vulnerability scanning include:
|
Incident Response & Forensics
Incident Response Lifecycle
The Incident Response Lifecycle typically includes these phases:
|
Digital Forensics Principles
Chain of Custody |
Maintaining a documented record of the handling of evidence. |
Data Preservation |
Protecting the integrity and availability of digital evidence. |
Forensic Imaging |
Creating a bit-by-bit copy of a storage device. |
Analysis |
Examining digital evidence to identify relevant information. |
Log Analysis
Log analysis involves reviewing system and application logs to identify security incidents, performance issues, and other anomalies. Tools like Splunk, ELK Stack (Elasticsearch, Logstash, Kibana), and Graylog can be used to collect, analyze, and visualize log data. |
Common log sources include:
|