Introduction to the Threat Landscape Flashcards
AAA
Authentication
Authorization
Accounting
What is Authentication ?
The process of identifying and verifying a person or thing. As an identity and access management
(IAM) tool, an AAA server compares a user’s credentials with its database of stored credentials by checking if the username, password, and other authentication tools align with that specific user.
What is Authorization ?
The process of controlling access to resources. During authorization, a user can be granted privileges to access certain areas of a network or system. The areas and sets of permissions granted a user are stored in a database along with the user’s identity. The user’s privileges can be changed by an administrator.
What is Accounting ?
The record-keeping and tracing of agent activities on computer devices and networks. Accounting tracks information such as the length of time a user was logged in, the data they sent or received, their internet protocol (IP) address, the uniform resource identifier (URI) they used, and the different services they accessed. Accounting may be used to analyze user trends, audit user activity, and provide more accurate billing.
Types of bad actors:
Explorer
Hacktivist
Cyberterrorist
Cybercriminal
Cyberwarrior
Triad of principles that constitutes the objectives of information security ?
These principles are confidentiality, integrity, and availability which form the letters C-I-A.
Confidentiality - Data is kept private
Integrity - Data is free from tampering
Availibility - Data is availible to authorized users
Opposite of the CIA triad
Infosec works to prevent the disclosure and alteration of information. In addition, it strives to ensure that authorized parties are not denied information. These characteristics, known as the DAD triad, are the opposite of the CIA triad.
Disclosure - confidential data is exposed to unauthorized parties.
Alteration - The authenticity of the data cannot be validated, or the data has been altered by an unauthorized party.
Denial - prevents legitimate and authorized agents from accessing data.
An effective security solution, such as a network firewall, will help neutralize the DAD triad.
Explorer
The explorer is perhaps the least nefarious of all the bad actor types. Notoriety is the biggest motivator within this group. The explorer is curious about the kinds of weaknesses that exist on computer networks and strives to find and exploit them. They do not intend to inflict serious damage, but they might change a page on a website to embarrass someone or do something to advertise to the world how clever they are.
Hacktivist
Unlike the self-interested explorer, hacktivists are fervent believers in an external cause. They are motivated by ideology or are animated by an emotive force. The hacktivists’ idealism drives them to act collectively in common cause against an enemy.
Cyberterrorist
The cyberterrorist has more in common with the hacktivist than the explorer. Their motivation is also driven by ideology, but their violence is directed more broadly against a society. While hacktivists are content with punishing their enemies, cyber terrorists strive to intimidate and destabilize a society by destroying or disrupting computer or communication networks. They like to target online infrastructure, such as nuclear power plants, natural gas pipelines, and electrical power grids. This type of online infrastructure is called operational technology.
Cybercriminal
The motivation of a cybercriminal is more self-centered: They want money plain and simple. They achieve this goal by a combination of phishing, theft of identities or credit cards, which they use or sell on the black market, or ransomware. Ransomware is a type of malware that blocks access to computer information or systems until a ransom is paid.
Cyberwarrior
Cyberwarriors are the least self-interested, but are nonetheless the most dangerous because they have the resources of a nation-state at their disposal. Cyberwarriors are motivated by the national interests of their home country. Whether cyberwarriors are good, bad or neutral depends on which nation-state they fight for. Their methods are vast and sometimes secret, and their missions include espionage, extortion, and embarrassment on the one hand, to using targeted cyberweapons to disrupt, damage, or destroy critical infrastructure on the other.
What are the 3 components that comprise an attack vector ?
Vulnerability
Mechanism
Pathway
Main Cybersecurity Threat categories:
Social Engineering
Malware
Unautherized Access
System Design Failure
Common Cybersecurity Attack Vectors
Spearphishing - Targeted phishing attack
DoS and DDoS - Service attack on servers and networks
Randsomware - Malware that encrypts data