Fundamental of Sec Flashcards
CIA
Confidentiality - Information is only available for the people who have appropriate authorization
Integrity - data is not modified or altered (checksum use for checking)
Availability - Information or data available when needed with proper authorization.
Later add two more letters for this: N & A
N - Non-repudiation - When any action occurs, the people involved in that incident cannot deny that they are not involved.
A- Authentication
What is AAA?
A- Authentication - Verifying the identity of the user who tries to logon
A - Authorization - what are the resources and actions that can be performed by authenticated users.
A - Accounting - tracing of activities and usage of the users for billing and auditing purposes.
What are the mentioned for data confidentiality?
Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness
How to maintain Integrity of the data?
Hashing - When any data get alter in small amount, hash will change in vastly.
Hash Digest work as a digital finger print and any data integrity change will indicate it.
Digital Signature - When the hash digest encrypt using users private key.
Regular Audits - Will help to identify any issue related to data
Checksum - Need to compare Origination checksum and Destination checksum. If the values are same then data did not alter when it transmitting.
ACL - Only authorized users can access the file or data.
What are the Authentication factors?
Knowledge Factors
Possession Factors
Inherence Factors
Action Factors
Location Factors
What is the meaning of accounting in Cyber Sec:
Keep the track of the all the actions of users and monitor them.
What we can use to check the accounting on the system?
Audit Trail
Regulatory compliance
Forensic Analysis
Resource Optimization - Monitor the resources and regulate accordingly to have more availability for the resources.
User Accountability - Monitor every individual actions.
What are the tools which we can use for accountability?
Syslog Servers
Network Analyzers
SIEM - Security Information and event Management - Provide Realtime insight of the network and hardware using different tool about the network.
Security Control Categories
Technical
Managerial
Operational
Physical
Security Control Types
Preventative
Deterrent - Make it seem to be difficult to attack or appeal
Detective
Corrective - After detecting the treat we can use corrective controls the mitigate the action. Jumping the emergency
Compensating - This tools use to protect the system if the other protecting tools not capable of doing it with modern tech. Offer backup and mitigation
Directive - Policies or documents that used to set the rule
Threat Actors
Unskilled Attackers
Hacktivists
Organized Crimes
Nation-State Actors
Insider Threats
Threat actors attributes
Internal vs External
Resources and Finding
Level of Sophistication and capability
APT
Advance Persistent Threat - Mostly this kind of attack can be launch by State-Sponsored Hackers. Because they have the capability of waiting and launching.
Threat Vector
Pathway or the source that attacker gain the access for deploying the attack.
Attack Surface
Every point where attacker try to enter the network and launch the attack.
Threat Actor
The person who attack the launch
Motivational Triggers for Social engineering attack?
Authority
Urgency
Social Proof
Scarcity
Likability
Fear
Type of Impersonations?
Impersonation
Brand Impersonation
Typo squatting
Watering Hole Attack
boot sector
Stored in the first sector of the hard drive and when it boot it will load in t main memory.
macro viruses
A form of a code that embedded in to a document and when the document open inside the computer virus start to spread. which we use in spread sheets.
Program Viruses
These type pf viruses try to to find executable program or application to run the virus. When every time you open that program malicious code start to run.
Multipart viruses
Boot time viruses + Programable viruses. These viruses reside in the boot sector and when the computer start it transfer the viruses to a program which run on the main memory. Even if the virus removed from the pc it start to load again from the boot.
Polymorphic Virus
It is also type of encrypted virus but it change the code each time it executed by change the decryption algorithm.
Metamorphic
Change the whole code each time it get execute.
Stealth Viruses
This is a technique that use on top of the viruses to avoid been identified by any anti-virus software.
Root Kit
It get administrative privilege and do the harm. It start from the low-level of access rings and gradually get the full control of all the admin level. Root KIT monitor the calls between windows OS and DLL. It use SHRIM to intercept those two calls. SHRIM can redirect the calls to whenever it need.
The way to detect this is to do external scan.
Backdoor
This is use in a software by the programmers who can have the access to the program by-passing firewall and authentications which organization has provided. Logic bomb also come with the program and when it execute when the proper criteria meet.
Data Ownership
MedHealth is the data owner as they are the entity that has collected the data and has legal rights and complete control over the data. CloudSafe is the data controller because it determines how and why the patient data is processed (stored and managed in this case). The data scientists are the data processors as they are analyzing the data on behalf of MedHealth, following the instructions of the data controller. CloudSafe is also the data custodian because it is responsible for the safe custody, transport, storage of the data and the implementation of business rules.
Question 2:
A healthcare company, MedHealth, collects patient data for treatment purposes. They use a third-party cloud service called CloudSafe to store and manage this data. The data is then analyzed by an in-house team of data scientists to improve patient care. In this context, identify the roles of data owner, data controller, data processor, and data custodian.
Stream Cipher
Utilize a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext.
Online transferring data like streaming data
Block Cipher
Divided the input in to blocks and encrypt each blocks.
DES
DES Encryption and Decryption:
Encryption:
Key: Let’s assume a 64-bit key is used for DES encryption.
Plain text: “HELLO123” (This text will be converted into binary and divided into 64-bit blocks.)
The DES algorithm performs multiple rounds of permutation and substitution, manipulating the bits based on the key. The result after encryption becomes the ciphertext.
Decryption:
Key: Same 64-bit key used for encryption.
Ciphertext: Resulting encrypted text from the encryption process.
The DES decryption algorithm uses the same key to reverse the encryption process and retrieve the original plaintext.
3DES
3DES Encryption and Decryption:
Encryption:
Keys: Three different keys (Key1, Key2, Key3) are used sequentially for each step of encryption.
Plain text: “HELLO123”
Encrypt with Key1
Decrypt with Key2
Encrypt with Key3
This process involves encrypting, decrypting, and encrypting the text using three different keys, which enhances security compared to DES.
Decryption:
Keys: Same three keys (Key1, Key2, Key3) used in reverse order for decryption.
Ciphertext: The text obtained after the 3DES encryption process.
Decrypt with Key3
Encrypt with Key2
Decrypt with Key1
Reversing the encryption involves decrypting, encrypting, and decrypting again with the three keys used in the encryption process.
SAN - Subject Name Alternative
If you have different domains inside the digital certificate you have to use SAN
Wild Card Domain
But if you have one domain but different subdomain you have to use WCD.
Self Signed Certificate
Unlike certificates issued by recognized CAs, a self-signed certificate is generated and signed by the entity itself without involving a CA. Since there is no third-party validation, these certificates aren’t inherently trusted by other systems or entities. As a result, they are more prone to security risks because they lack the external verification provided by a trusted CA. Mostly use for testing purposes.
CSR
CSR stands for Certificate Signing Request. It’s a message sent from an applicant to a Certificate Authority (CA) when requesting a digital certificate. The CSR contains information that the applicant wants to include in the certificate, such as the public key and identifying information (like the domain name or organization name).
Here are the key components typically found in a CSR:
Public Key: The cryptographic key pair, including the public key, which will be included in the digital certificate. This public key is used for encryption and verifying signatures.
Identification Information: Details about the entity requesting the certificate, such as the Common Name (CN) for SSL/TLS certificates (often a domain name), organization information, locality, country, etc.
Signature: The CSR is digitally signed using the private key corresponding to the public key included in the request. This signature helps validate the authenticity of the information provided in the CSR.
AES
AES (Advanced Encryption Standard) is a widely used symmetric encryption algorithm that encrypts and decrypts data using a single secret key.
Diffie-Hellman
Diffie-Hellman is an asymmetric cryptographic technique specifically designed for securely exchanging cryptographic keys over public channels, allowing two parties to generate a shared secret without having previously met.
Steganography
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The primary objective of steganography is to hide the existence of the message from unauthorized parties. In the context of embedding a message within an image, steganography is the most appropriate choice.
MD5
MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. It’s designed to take an input of arbitrary length and produce a fixed-size output, which is typically represented as a 32-character hexadecimal number.
RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
RIPEMD is a family of cryptographic hash functions (RIPEMD-160, RIPEMD-128, RIPEMD-256) developed in the early 1990s in Europe. They were designed as an alternative to the then-commonly used MD4 and MD5 algorithms. RIPEMD-160, for example, produces a 160-bit hash value. While RIPEMD is not as widely used as some other hash functions, it’s considered more secure than MD5 but has also seen some theoretical vulnerabilities
RTO
Recovery Time Objective (RTO), which is the maximum acceptable length of time that can elapse before the lack of a business function severely impacts the organization. In this case, the company’s RTO for their production line is 3 hours. This means they aim to restore the production line within this timeframe following a disruption to avoid unacceptable consequences.
RPO
RPO stands for “Recovery Point Objective.” It refers to the maximum acceptable amount of data loss that an organization is willing to experience during a disruption or incident.
MTTR
MTTR stands for Mean Time To Recovery or Mean Time To Repair. It’s a metric used to measure the average time taken to repair or recover from a system failure, an incident, or a disruption.
MTBF
MTBF stands for Mean Time Between Failures. It’s a metric used to measure the average time elapsed between one failure of a system, component, or equipment and the next occurrence of a failure.
Port 22
TCP methode
Used for SSH,SCP and SFTP
secure remote access
secure copy function
secure file transfer
