Chapter 1: Intro to Security Flashcards
Universally Connected Devices
Almost all devices are now connected up to the internet. This allows people from anywhere to have the ability to attack any connected device.
Increased Speed of Attacks
More tools allows for quicker scans. Many attacks can be automated
Greater sophistication of attacks
Attacks use common protocols or tools to send malicious packets. Hard to distinguish from legitimate traffic.
Availability/Simplicity of attack tools
Attackers use to have to know an extensive knowledge of networks, computers and programming capabilities. Now they need an internet connection. (Backtrack, Kali)
Faster Detection of Vulnerabilities
Software weaknesses can be uncovered and exploited with new software tools and techniques.
Delays in Patching
Hardware and software vendors can have trouble trying to constantly fix exploits.
Weak Patch Distribution
Some software vendors lack ability to distribute security patches in a timely fashion. No notification for users that updates are available.
Distributed Attacks
Make it impossible to stop an attack since it’s not coming from a single source. (Botnets)
User Confusion
Users are sometimes tasked with making decisions regarding computer security with little or no information to guide them.
Ex. “Do you want to view only content that was delivered securely?
“Is it safe to quarantine this attachment?”
CIA Triad
Confidentiality,Integrity,Availability
AAA
Authentication,Authorization,Accounting
HIPAA
Health Insurance Portability and Accountability Act
HIPAA Title II
The Privacy Rule Transactions and Code Sets Rule Security Rule Unique Identifiers Rule Enforcement Rule
Sarbox
A reaction to a rash of corporate fraud, the (Sarbox) is an attempt to fight corporate corruption.
Covers the corporate officers, auditors, and attorneys of publicly traded companies.
Requires stringent reporting requirements and internal controls on electronic financial reporting systems.
Consequences for willfully and knowingly certify false financial reports can be fined up to $5 million and serve 20 years in prison.
Attacker Methodology
Probe for Info: The first step of an attack
This reconnaissance is essential to provide information, such as the type of hardware used, version of software or firmware and personal info about users.
Ping sweeps: determine if a system responds
Port scanning: determining which ports may be accessible
Attacker Methodology II
Penetrate any defenses:
Once a potential system has been identified and information about it has been gathered, the next step is to launch the attack to penetrate the defenses.
Exploiting the print spooler service
Attacker Methodology III
Modify security settings:
Modifying the security settings is the next step after the system has been penetrated. This allows the attacker to reenter the compromised system more easily.
Creating a backdoor
Attacker Methodology IIII
Circulate to other systems: Once the network or system has been compromised, the attacker then uses it as a base of attack toward other networks and computers. The same tools that are used to probe for information are then directed toward other systems.
Pivoting:
Uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines.
Attacker Methodology V
Paralyze networks and devices:
If the attacker chooses, she may also work to maliciously damage the infected computer or network. This may include deleting or modifying critical operating system files or injecting software that will prevent the computer from properly functioning.
Defenses Against Attacks
Layering: The more layers of defense the harder it is for an attacker to circumvent them.
Limiting: Act of limiting access to information reduces the threat against it. Meaning that only those personnel who must use the data should have access to it.
Also includes what type of access they should have
Defenses Against Attacks II
Diversity: Closely related to layering. Each layer of defense needs to be different so they can’t use the same techniques to break through every layer.
Obscurity: The technique of obscuring the vision to the outside world about what is on the inside.
Not revealing the type or version of the OS you are using.
Defenses Against Attacks III
Simplicity: The more complex a system becomes, the more difficult it is to understand.
Complex systems allow many opportunities for something to go wrong and can sometimes be a boon to the attacker.
Sometimes they are compromised to make them easier for trusted users to work with, yet this can also make it easier for the attackers.