1.2 Summarize fundamental security concepts Flashcards
Confidentiality
Information is accessible only to authorized personnel
Integrity
data remains accurate and unaltered
availability
data and resources are accessible when needed (e.g redundancy measure
How do we achieve Availability
Redundancy : back up options of critical components or functions of system with the intention of enhancing its reliability
Various type of redundancy
Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy
Non Repudiation
provides proof of the origin, authenticity and integrity of data.
can’t deny having performed an action
How do we achieve Non Repudiation
Digital Signature : hashing then, encrypting the hash digest with the user private key.
Why Non Repudiation is important
- Confirming the authenticity of Digital Signature
- Ensuring Integrity
- Providing Accountability
Authentication
Verifying the identity of individuals or entities in digital interactions
Five commonly used authentication methods
Something you know : knowledge factor ( username, password
Something you have : possession factor, physical item ( ID, phone)
Something you are : Inherence factor :unique physical or behavioral characteristics ( biometric authentication )
Something you do : Action factor, user conducting a unique action
Somewhere you are : location factor user being in certain geographic location
2FA and MFA
Two authentication method
Two or more authentication methods
Why authentication is critical
- Prevent unauthorized access
- protect user data and privacy
- Ensure resources validity
Authorization
Determining actions or resources an authenticated user can access (permission: who can access what)
Set of rules and policies to dictate who can access, or modify what.
Authorization mechanisms
role-based
rule- based
attribute - based controls
Why authorization is important
- protect sensitive data
- maintain system integrity
- create more streamline the user experience
serve as gatekeeper
Accounting
all user activities are properly tracked and recorded ( monitoring and logging)
why we need accounting
to achieve
- transparency
- Security
- Accountability
What are we accounting in the system
logging and accessing files
modifying configurations
downloading or installing software
attempting unauthorized actions
what are some of accounting systems
Audit Trail ( chronological record of all user activities)
Regulatory Compliance : maintain a comprhensive record of all the users’ activities.
Forensic Analysis: detail accounting and event logs
Resource Optimization : tracking resource utilization and allocation decision
User Accountability
Technologies used for accounting
Syslog servers : aggregate logs from various network devices and systems
Network analysis tools : like wireshark capture and analyze network traffic
SIEMs : Security Information and Event Management : real-time analysis of security alerts.
6 Types of Security Control
- Preventative control
- Deterrent Controls : warning
- Detective Controls : detect and alert
- Corrective Controls : address issue after they arise
5/ Compensating Controls : alternative - Directive Controls : dictate specific action
Methods to achieve integrity
checksums: method to verify integrity of data during transmission.
Access Control: only authorized individuals can modify data.
Regular Audits: review logs and operations.
Hashing: process of converting data into fixed size values.
Digital Signature: uses encryption to ensure integrity and authenticity
Integrity is important for three main reasons
■ To ensure data accuracy
■ To maintain trust
■ To ensure system operability
How to achieve Confidentiality
Encryption: convert data to code
Access Control: authorized personnel only access certain data
Data masking: obscuring data with in database
Physical Security
Training and awareness
CIA triad
Basis for the development of Security
confidentiality : making sure data is kept secret or private.
Integrity : making sure data is trustworthy and free from tempering.
Availability: make sure system is functioning and accessible
CIANA
Confidentiality: safeguard
Integrity : not altered
Authentication : verification
Non -repudiation : proof
Authorization : access
CIA triad
Basis for the development of Security
confidentiality : making sure data is kept secret or private.
Integrity : making sure data is trustworthy and free from tempering.
Availability: make sure system is functioning and accessible
The Integrity of your data is maintained only if
the data is authentic, accurate, and reliable.
Authentication Authorization, and Accounting (AAA)
security framework that controls access to resources, enforces policies, and audits usage
screening and keeping track of users activity while they are connected.
login -> privileges to access -> keep track
Gap Analysis
process of evaluating the differences between an organization’s current performance and its desired performance
Steps to conduct gap analysis
- define the scope of analysis( desired outcome)
- gather data on the current state of the organization (done through gather survey, interviews, forms of data collection)
- Analyze the data to identify the gaps ( where the organization’s current performance falls short)
- Develop a plan to bridge the gaps( change of process or system or other area of the organization).
The plan should also include specific goal, objectives and timeline for achieving them.
Type of Gap analysis
- Technical Gap Analysis : evaluating an organization’s current technical infrastructure and identifying where it falls short of technical capabilities required to fully utilize their security solution.
- Business Gap Analysis :evaluating an organization’s current business process and identifying where it falls short of the capabilities required to fully utilize their security solution.
Zero Trust
Trust nothing and verify everything.
demand continuous verification happens for every transaction within our network regardless of where it came from.
Type of planes to to create zero trust architecture
- Control plane
- Data plane
What is control plane in zero trust architecture
refers to the overarching framework and set of components that are responsible for defining, managing, and enforcing the policies related to user and system access within an organization.
It provides a centralized way to dictate and control how, when, and where access is going to be granted
to ensure that only authenticated and authorized entities can access specific resources.
What is Data plane in zero trust architecture
ensure policies and procedures are being properly executed.
key elements in control plane in zero trust architecture
Adaptive identity: real-time validation that takes into account the user’s behavior, their device, their location, and other factors.
Threat scope reduction: limit our users’ access to only what they need for their work task because this drastically reduces the network’s potential attack surface.
Policy-driven access control: develop, manage, and enforce user access policies based on their roles and responsibilities.
Secured zones. isolated environments within a network that are designed to house sensitive data.
Data Plane is consist of
subject/system: verify the authenticity to the individual or entity attempting to gain access.
policy engine cross-references: the access request with its predefined policies.
policy administrator: is an essential part of the Zero Trust model that’s going to be used to establish and manage the access policies.( dictates who gets access to what)
policy enforcement point: allow or restrict access and it will effectively act as a gatekeeper to the sensitive areas of your systems or networks.
To learn from the different threat actors that are
attacking your network is to set up and utilize
deception and disruption technologies
How to Outsmarting Threat Actors
- deception and disruption technologies
- Tactics, Techniques, and Procedures (TTPs): Specific methods and patterns of activities or behaviors associated with a
particular threat actor or group of threat actors
What Deceptive and Disruption Technologies
Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Deception and disruption
technology
- Honeypot
- Honeynet
- Honeyfile
- Honeytoken
Honeypots
● Decoy system or network set up to attract and deceive attackers
Honeynets
● Network of honeypots to create a more complex system that is designed to mimic an entire network of systems
○ Servers
○ Routers
○ Switches
Honeyfiles
● Decoy files placed within a system to detect unauthorized access or data breaches
■ Honeytokens
● Fake data to alert administrators when accessed or used
Some disruption technologies and strategies
■ Bogus DNS entries : Fake Domain Name System entries introduced into your system’s DNS
server
■ Creating decoy directories : Fake folders and files placed within a system’s storage
■ Dynamic page generation: Effective against automated scraping tools or bots trying to index or steal content from your organization’s website
■ Use of port triggering to hide services
● Port Triggering: Security mechanism where specific services or ports on a network
device remain closed until a specific outbound traffic pattern is
detected
■ Spoofing fake telemetry data: When a system detects a network scan is being attempted by an attacker, it can be configured to respond by sending out fake telemetry or network
data
Physical securities
- Bollards
- Access control vestibule
- Fencing
- Video surveillance
- Security guard
- Access badge
- Lighting
- Sensors
o Infrared
o Pressure
o Microwave
o Ultrasonic
what is a Physical Security ?
■ Measures to protect tangible assets (buildings, equipment, people) from harm or
unauthorized access
Bollards
○ Short, sturdy vertical posts controlling or preventing vehicle access
Fences
○ Barriers made of posts and wire or boards to enclose or separate
areas
what is a Surveillance System and the categories?
● An organized strategy to observe and report activities
● Components
○ Video surveillance
Security guards
○ Lighting
○ Sensors
- Security Guards
Access Control Vestibules
● Double-door system electronically controlled to allow only one door open
at a time
● Prevents piggybacking and tailgating
kind of Door Locks
● Padlocks : Easily defeated and offer minimal protection
● Pin and tumbler locks
● Numeric locks
● Wireless locks
● Biometric locks
● Cipher locks : Mechanical locks with numbered push buttons, requiring a correct combination
to open. commonly used for server rooms
● Electronic access control systems
Modern Electronic Door Locks Authentication Methods
- Identification Numbers
- Wireless Signals: e NFC, Wi-Fi, Bluetooth, or RFID for unlocking
- Biometrics : Biometrics
Biometric Challenges
● False Acceptance Rate (FAR)
○ Occurs when the system erroneously
authenticates an unauthorized user
○ Lower FAR by increasing scanner sensitivity
● False Rejection Rate (FRR)
○ Denies access to an authorized user.
Adjusting sensitivity can increase FRR
● Crossover Error Rate (CER)
○ A balance between FAR and FRR for optimal
authentication effectiveness
Video Surveillance Can include the following.
○ Motion detection
○ Night vision
○ Facial recognition
Sensors
Devices that detect and respond to external stimuli or changes in the
environment
categories of sensors
○ Infrared Sensors:
■ Detect changes in infrared radiation that is often emitted
by warm bodies like humans or animals
Pressure Sensors
■ Activated whenever a specified minimum amount of
weight is detected on the sensor that is embedded into the
floor or a mat
○ Microwave Sensors
■ Detect movement in an area by emitting microwave pulses
and measuring their reflection off moving objects
○ Ultrasonic Sensors
■ Measures the reflection of ultrasonic waves off moving
objects
Access Control Vestibules
■ Double-door system that is designed with two doors that are electronically
controlled to ensure that only one door can be open at a given time
help prevent piggybacking and tailgating.
Piggybacking
● Involves two people working together with one person who has
legitimate access intentionally allows another person who doesn’t have
proper authorization to enter a secure area with them
Tailgating
● Occurs whenever an unauthorized person closely follows someone
through the access control vestibule who has legitimate access into the secure space without their knowledge or consent
Badges contains
● RFID (Radio-Frequency Identification)
● NFC (Near-field Communication)
● Magnetic strips
