← Back to Home

AECSC Task 6 Cheatsheet

17/05/2026

1. Security Frameworks: CIA Triad & AAA Framework

Security frameworks are structured sets of principles used to protect systems and data from threats.

The CIA Triad

Developed in the 1970s/1980s, this framework focuses on protecting systems and data.

Principle Definition Methods Example of a Breach
Confidentiality Protection of sensitive information from unauthorised access. Passwords, encryption, MFA, biometrics. Stolen login credentials exposing student records.
Integrity Ensures data remains accurate, complete, and unaltered unless modified by an authorised user. Hashing, validation, digital signatures. A student changes exam marks in a database.
Availability Ensures systems, services, and data are accessible to authorised users whenever needed. Backups, redundant servers, disaster recovery. Hospital servers crashing during emergencies.

The AAA Framework

Developed in the 1990s, this framework focuses on controlling and monitoring user access.

Component Definition Examples / Methods
Authentication Verifying a user's identity before granting access. Usernames/passwords, MFA/2FA, biometrics.
Authorisation Determining what an authenticated user is allowed to access or do. Access control lists (ACLs), user roles, permissions.
Accounting Recording and monitoring user activities within a system for auditing. Tracking login times, files accessed, IP addresses.

2. Authentication & Encryption Concepts

  • Strong Passwords: A strong password is difficult to guess, typically 12+ characters long, and includes a mix of uppercase, lowercase, numbers, and special characters.
  • Password Policies: Rules set by organisations (e.g., minimum length, mandatory changes every 60-90 days, account lockouts) to maintain secure passwords. They improve security by reducing the likelihood of weak passwords, though overly strict policies might cause users to write them down.
  • Two-Factor Authentication (2FA): Requires two different forms of identification, usually something you know (password) and something you have (code/device). If a password is stolen, access is still blocked without the second factor.
  • Biometrics: Uses unique physical/behavioural traits (fingerprints, facial recognition) to verify identity.
  • Encryption: The process of converting readable plain text into unreadable cipher text to ensure confidentiality.
    • Symmetric Encryption: Both sender and receiver share a single secret key to encrypt and decrypt. Example: AES (Advanced Encryption Standard).
    • Asymmetric Encryption: Uses a pair of keys: a public key encrypts the data, and a private key decrypts it. Example: RSA.

3. Network Threats & Malware

External Threats

  • Social Engineering: Exploits human trust rather than technology.
    • Phishing: Sending fake emails/websites from “trusted” sources to steal credentials.
  • Denial of Service (DoS) / DDoS: Flooding a network with excessive traffic to make services unavailable. DDoS uses multiple compromised devices.
  • Back door: A hidden method to bypass normal authentication, installed by developers or attackers.
  • IP Spoofing: Disguising a device by changing the source IP address to appear as a trusted system.
  • SQL Injection (SQLi): Inserting malicious SQL code into input fields to manipulate or access unauthorized database info. Prevented via prepared statements and input validation.
  • Man-in-the-Middle (MitM): An attacker secretly intercepts data between two communicating parties. Prevented via strong authentication, VPNs, and HTTPS.
  • Cross-Site Scripting (XSS): Injecting malicious scripts (like JavaScript) into webpages viewed by other users to steal cookies or redirect traffic.
  • Zero-Day Vulnerability: A software bug unknown to the vendor, meaning developers have had “zero days” to fix it, rendering standard security tools useless until patched.

Malware Types

  • Virus: Attaches to legitimate files and requires user interaction to execute and spread.
  • Worm: Self-replicating malware that spreads automatically across networks without user interaction.
  • Trojan Horse: Malware disguised as legitimate software to trick users into installing it.
  • Spyware: Secretly monitors activity to collect sensitive info like passwords.
  • Adware: Automatically displays unwanted ads and can hijack browser settings.
  • Ransomware: Encrypts files or locks a system, demanding payment to restore access.

4. Ethics and Law

  • Ethical Hacking: The legal, authorised process of testing systems to find weaknesses before malicious hackers can.
    • Penetration Testing (Pen Testing): A controlled cyber attack to evaluate security.
    • Red Team acts as the attackers; Blue Team acts as the defenders monitoring and protecting the system.
  • Privacy Act 1988: Regulates how Australian organisations collect, use, and store personal information.
    • APP 11 (Australian Privacy Principle 11): Requires organisations to take “reasonable steps” to secure personal info from misuse, loss, or unauthorised access using technical, physical, and administrative measures.
  • Notifiable Data Breaches Act 2017: Mandates that organisations must report “eligible data breaches” (breaches likely to cause serious harm) to affected individuals and the OAIC.

5. Cryptography

  • Rotation Cipher (Caesar): Shifts letters by a fixed number. Easily broken by brute force since there are only 25 possible shifts.
  • Random Substitution Cipher: Replaces each letter with a randomly chosen different letter. Much harder to brute force (26! keys) but vulnerable to frequency analysis.
  • Polyalphabetic Cipher (Vigenère): Uses multiple shifting alphabets based on a keyword, preventing simple frequency analysis.
  • Cracking Methods:
    • Brute Force: Trying all possible keys until one works. Very slow for long keys.
    • Frequency Analysis: Identifying patterns based on how often letters (like E, T, A) appear in the ciphertext.

6. Revision Booklet Answers (Sections 1-5)

Below are the complete answers to the questions provided in your syllabus revision booklet.

Section 1: State

  • Question 1: State the two primary methods used for cracking substitution ciphers.
    • Answer: Frequency Analysis and Brute Force.
  • Question 2: State the three main types of malware discussed in the syllabus that involve self-replication or deception.
    • Answer: Virus, Worm and Trojan Horse.

Section 2: Outline

  • Question 3: Outline the purpose of encryption in a networked environment.
    • Answer: To transform readable data (plain text) into unreadable data (cipher text), keeping information safe and private while it travels over a network.
  • Question 4: Outline the organisational approach to password policies.
    • Answer: By requiring staff to use complex passwords, regularly change them, and follow consistent security rules to protect the data.

Section 3: Describe

  • Question 5: Describe the characteristics of a strong password.
    • Answer: A strong password is long (at least 12 letters) increasing the number of possible combinations, and includes a variety of characters (letters, numbers, symbols). This makes it harder for attackers to guess, making brute force attacks almost impossible.
  • Question 6: Describe how a Man-in-the-Middle (MitM) attack is executed.
    • Answer: It happens when an unauthorised person secretly steals and changes information between interacting users without them ever knowing.

Section 4: Explain

  • Question 7: Explain the SQL Injection method used in this scenario and how it allows an attacker to compromise the system.
    • Answer: It occurs when attackers put harmful codes in a website’s input, like a search bar. The code tricks the system into running it, letting the attacker get into the database without permission.
  • Question 8: Explain how IP Spoofing or SSL Stripping could have been used here and the role two-factor authentication (2FA) would have played in preventing the breach.
    • Answer: IP spoofing involves the attacker disguising their device by altering the source IP to appear trusted, intercepting the victim’s session on the public network. If the user had 2FA enabled, the attacker’s stolen password would be useless, as 2FA requires a second form of identification (something the user has, like a mobile device code) which the attacker wouldn’t possess.
  • Question 9: Explain the process of a Vigenère Cipher and why it is more secure than a simple Rotation Cipher.
    • Answer: The Vigenère Cipher uses a keyword to create multiple shifting alphabets (polyalphabetic shift). It is more secure than a simple rotation cipher because the shifting changes throughout the message, meaning standard frequency analysis is much harder to use against it.

Section 5: Compare

  • Question 10: Compare Symmetric Encryption and Public Key (Asymmetric) Encryption.
    • Answer: In symmetric encryption, both the sender and receiver share a single secret key to encrypt and decrypt data. In contrast, asymmetric encryption uses two different keys: a public key for encryption and a private key for decryption. Asymmetric encryption is better for open networks like the internet because it eliminates the risk associated with securely sharing a single secret key between parties.

Yes, the cheatsheet consolidates the core concepts and revision booklet answers found across all five of your uploaded documents.

To make it completely bulletproof for an A-grade, let’s add the remaining niche deep-dives, specific historical examples, and case studies mentioned in your slides that might pop up as extended response questions.

7. Historical Cyber Attack Case Studies

Examiners love asking you to apply security theories to real-world incidents mentioned in the syllabus.

Phishing / Social Engineering — DNC Email Leak (2016): Attackers sent John Podesta a fake Google security alert. He entered his credentials into a fraudulent login page, leading to leaked campaign emails.

DDoS — Dyn DNS Attack (2016): The Mirai botnet infected thousands of unsecured Internet of Things (IoT) devices (cameras, routers). It flooded Dyn’s servers, knocking Twitter, Netflix, and Reddit offline.

Backdoor — Juniper Networks (2015): A secret backdoor was discovered inside ScreenOS firewall software, allowing attackers to bypass authentication and decrypt secure VPN traffic.

IP Spoofing — Smurf Attack on CERT (1998): Attackers spoofed the target’s IP address and sent broadcast ping requests to a network. Every device on that network replied to the victim’s spoofed address, amplifying the traffic 100x and crashing systems.

SQL Injection — Heartland Payment Systems (2008): Hackers injected malicious SQL code into web inputs to plant malware on payment processors, stealing over 100 million credit/debit card numbers.

Man-in-the-Middle — Lenovo Superfish (2015): Factory-installed software injected its own self-signed Root Certificate Authority (CA) on users’ laptops. It intercepted and decrypted all secure HTTPS traffic (like banking) on the fly. Because the same private key was reused on all machines, any hacker who extracted it could intercept any affected laptop.

XSS — Samy Worm on MySpace (2005): Samy Kamkar uploaded malicious JavaScript into his “About Me” section. When users viewed his profile, the script ran in their browsers, forcing them to add him as a friend and copying the malicious script into their profiles, creating an exponential, self-replicating browser worm.

Zero-Day — Microsoft Exchange Server (2021): State-sponsored hackers exploited four previously unknown vulnerabilities before patches existed. They bypassed authentication via Server-Side Request Forgery (SSRF), dropping web shell backdoors to exfiltrate emails from tens of thousands of organizations.

Worm/Ransomware — WannaCry (2017): A global ransomware strain that spread automatically using the EternalBlue exploit in Microsoft Windows. Once it infected one computer, it scanned the local network for other unpatched machines to infect without human intervention.

Adware — Fireball (2017): Browser-hijacking malware bundled with legitimate software that infected over 250 million computers worldwide, hijacking default homepages to forcefully direct ad traffic.

Ransomware — CryptoLocker (2013): Distributed via a Trojan horse document, it encrypted Windows systems and successfully extorted an estimated US$3 million in Bitcoin before being taken down.

8. Step-by-Step Scenario Applications

These match the extended application slides in your notes exactly.

PowerPoint Scenario 1: The Junior Intern File Deletion

The Situation: A shared network drive allows an intern to use valid credentials to access and delete highly sensitive project contracts. There were no folder restrictions inside the network, and the server logs only track logins, not file modifications.

  • AAA Framework Failure Analysis:

Authorisation Failed: The intern was given excessive permissions. Implementing Role-Based Access Control (RBAC) or Access Control Lists (ACLs) would restrict an intern’s account to view-only access or completely block sensitive folders.

Accounting Failed: The system failed to monitor user operations. Proper accounting should record all file accesses, modifications, and deletions so management can explicitly track who performed malicious actions.

PowerPoint Scenario 2: Remote Developer Brute Force

The Situation: An attacker uses a brute-force attack to guess a remote developer’s VPN password, alters administrative database settings, and the company only notices when it crashes three days later.

  • Analysis:

Compromised Component: Authentication was bypassed using weak credentials.

Preventative Policy: Enforce an organizational password policy requiring a 12+ character minimum length with complexity requirements, account lockouts after 5 failed attempts, and mandatory Two-Factor Authentication (2FA/MFA) for all remote VPN connections.

Accounting Recovery Role: In the “three days later” recovery phase, accounting logs allow administrators to look back at the audit trail to pinpoint exactly which IP address logged in, what administrative changes were made, and which database tables were tampered with.

PowerPoint Extended Case Study: Secondary School Phishing Breach

The Situation: Staff share passwords; attackers steal a password via phishing and download sensitive student records, medical files, and payroll details. Passwords were weak, MFA was off, old student records were kept indefinitely, and no pen testing had ever been done.

  • Legal & Ethical Application:

Ethical Hackers vs. Attackers: Ethical hackers are fully authorized, legal, use tools to safely discover vulnerabilities, and report them to improve security. Attackers operate illegally without consent to exploit flaws for malicious intent or data exfiltration.

Unethical Actions: Staff sharing credentials (violates individual accountability/confidentiality) and the school keeping old student records unnecessarily.

Privacy Act 1988 & APP 11 Violation: The school failed to take “reasonable steps” to protect personal information. They lacked basic technical defenses (MFA), administrative oversight (password rules and training), and data retention practices (retaining legacy records).

Eligible Data Breach Status: This strictly qualifies as an eligible data breach under the Notifiable Data Breaches Act 2017 because sensitive personal, medical, and financial records were accessed without authorization, and serious harm (identity theft/privacy violation) is highly likely.

Mandatory Legal Requirements: Under the law, the school is legally required to immediately contain the breach, notify all affected students, parents, and staff detailing exactly what data was leaked, provide recommendations to mitigate risk, and submit a formal report to the Office of the Australian Information Commissioner (OAIC).

9. Cryptography Math Quick-Reference

To decode any manual cipher questions instantly:

Substitution vs. Vigenère Mechanics

  • Rotation (Caesar) Cipher Formula: Each letter is shifted by a constant key value kk along the standard alphabet (00 to 2525).

Ciphertext Character=(Plaintext Position+k)(mod26)\text{Ciphertext Character} = (\text{Plaintext Position} + k) \pmod{26}

  • Vigenère Polyalphabetic Cipher Formula: The shift sequence changes dynamically using a repeating keyword. If the keyword letter at that position has a value KiK_i:

Ciphertext Character=(Plaintext Position+Ki)(mod26)\text{Ciphertext Character} = (\text{Plaintext Position} + K_i) \pmod{26}

  • Cracking Substitution Ciphers (Why Brute Force Fails): A simple Caesar cipher only has 2525 possible keys, making brute force instantaneous. A Random Substitution cipher has 26!4×102626! \approx 4 \times 10^{26} possible combinations, meaning brute force is completely impossible. Attackers bypass this by using Frequency Analysis—matching the most common characters in the ciphertext directly to statistically common English language patterns (e.g., E,T,AE, T, A).