General Knowledge

Confidentiality

Information is accessible only to those authorised to see it. Threats: eavesdropping, credential theft, insecure storage. Controls: encryption, access control, classification.

Integrity

Data has not been altered without authorisation and can be trusted. Threats: MitM modification, SQL injection, insider sabotage. Controls: hashing, digital signatures, audit trails.

Availability

Systems and data are accessible when needed by authorised users. Threats: DDoS, ransomware, hardware failure. Controls: redundancy, backups, rate limiting, CDN.

20 / 21 – FTP

File Transfer Protocol. Unencrypted. Use SFTP (port 22) or FTPS instead.

22 – SSH

Secure Shell. Encrypted remote access, tunnelling, and file transfer (SCP/SFTP).

25 / 587 / 465 – SMTP

Email sending. Port 25 is server-to-server. 587 (STARTTLS) and 465 (SMTPS) for clients.

53 – DNS

Domain Name System. UDP by default; TCP for zone transfers or large responses. A common exfiltration channel.

80 / 443 – HTTP / HTTPS

Web traffic. Port 80 is plaintext. Port 443 uses TLS. Always redirect 80 → 443.

3306 – MySQL

Should never be exposed to the internet. Bind to 127.0.0.1 and use SSH tunnelling for remote access.

3389 – RDP

Windows Remote Desktop. Frequently targeted for brute force and exploitation. Restrict to VPN or bastion host.

443 – HTTPS / TLS

Also used by many modern protocols (HTTP/2, gRPC, QUIC). Certificate validity and cipher suites matter.

Virus

Self-replicating code that attaches to legitimate files and spreads when those files are executed.

Worm

Self-propagating malware that spreads across networks without user interaction. WannaCry leveraged EternalBlue to worm across SMB.

Trojan

Disguised as legitimate software. Does not self-replicate but opens a backdoor, exfiltrates data, or drops further payloads.

Ransomware

Encrypts victim files and demands payment for the decryption key. Modern variants also exfiltrate data for double extortion.

Rootkit

Hides its presence and other malware from the OS, antivirus, and administrators. Operates at kernel or hypervisor level.

Keylogger

Captures keystrokes to steal credentials. Can be hardware (physical device) or software.

Spyware

Silently surveys the victim — screen capture, microphone access, browser history — without disrupting normal operation.

Botnet agent

Turns the infected host into a bot controlled by a C2 server. Used for DDoS, spam, credential stuffing, or mining.

OWASP Top 10

The most critical web application security risks, updated periodically by the Open Worldwide Application Security Project. Covers Broken Access Control, Cryptographic Failures, Injection, and seven more.

NIST Cybersecurity Framework (CSF)

Five functions: Identify, Protect, Detect, Respond, Recover. A risk-management framework used widely in US government and critical infrastructure.

MITRE ATT&CK

A knowledge base of adversary tactics, techniques, and procedures (TTPs) observed in real attacks. Invaluable for threat modelling, red team planning, and detection engineering.

ISO/IEC 27001

International standard for Information Security Management Systems (ISMS). Provides a risk-based approach to managing information security controls.

CIS Controls

18 prioritised security practices from the Center for Internet Security. Designed to block the most common attack vectors in order of impact.

Symmetric Encryption

Same key for encryption and decryption. Fast and efficient for bulk data. Examples: AES-256-GCM. Problem: key distribution — both parties must share the secret key securely.

Asymmetric Encryption

Key pair: public key encrypts, private key decrypts (or private signs, public verifies). Solves key distribution. Examples: RSA, ECC. Slower than symmetric, used for key exchange.

Hashing

One-way deterministic function mapping arbitrary input to fixed-length output. Used for integrity checks and password storage. SHA-256 and SHA-3 are current standards. MD5/SHA-1 are broken.

TLS (Transport Layer Security)

Protocol layered over TCP that provides authentication (certificates), key exchange (ECDHE), and encrypted data transport (AES). TLS 1.3 removed weak cipher suites and obsoleted 1.0/1.1.

Perfect Forward Secrecy (PFS)

Each session uses an ephemeral key. Even if the server's private key is later compromised, past recorded sessions cannot be decrypted. Achieved with DHE or ECDHE key exchange.