Objective 1.2 Flashcards
Summarize fundamentals security concepts
CIA Triad
C - Confidentiality
I - Integrity
A - Availability
Ensures that information is only accessible to those with the appropriate authorization. (Ex: encryption)
Confidentiality
\\\\\\\\\\\\\\\\\\
Ensures the data remains accurate and unaltered unless modification is required. (Ex: checksums, hashing)
Integrity
Ensures that information resources are accessible and functional when needed by authorized users. (ex: website up and running all the time regardless the traffic it’s receiving.)
Availability
2 new elements to CIA triad making it a pentagon
N - Non-repudiation
A - Authentication
CIANA
Guaranteeing that specific action or event has taken place and cannot be denied by the parties involved. (Ex: A digitally signed email. That’s going to ensure that I cannot deny sending you that particular message because my digital signature is attached to it)
Non-repudiation
Process of verifying the identity of a user or system.
Authentication
AAA
Authentication
Authorization
Accounting
Process of verifying the identity of a user or system.
Authentication
Defines what actions or resources a user can access.
Authorization
Act of tracking user activities and resources usage, typically for audit or billing purpose.
Accounting
Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data.
Security Controls
Security Controls Categories
Technical
Managerial
Operational
Physical
Types of Security Controls
Preventative
Deterrent
Detective
Corrective
Compensating
Directive
Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default.
Zero Trust
ZeroTrust: ???
Consists of adaptative identity, threat scope reduction, policy-driven access control, and secured zones.
.ZeroTrust: Control Plane
ZeroTrust: ???
Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points.
ZeroTrust: Data Plane
Confidentiality importance
- Protect personal privacy
- Maintaint a business advantage
- Achieve a regulatory compliance
5 methods to achieve CONFIDENTIALITY
- Encryption
- Access Control
- Data Masking
- Physical Secutiry Measures
- Training and Awareness
Ensure only authorized personnel can access certain types of data
Access Controls
Process of converting data into code to prevent unathorized access
Encryption
Method that involves obscuring data within a database to make it inacessible for unauthorized users while retaining the real data’s authencity and use for authorized users.
Data Masking
Used to ensure confidentiality for physical types of data and for digital information contained on servers and workstations.
Physical Security Measures
Conduct regular training on the security awareness best practices that employees can use to protect the organization’s sesitive data.
Training and Awareness
most important thing linked to Confidentiality
ENCRYPTION
Integrity importance
- Ensure DATA ACCURACY
- Maintain TRUST
- Maintain SYSTEM OPERABILITY
5 methods to achieve INTEGRITY
- Hashing
- Digital Signatures
- Checksums
- Access Controls
- Regular Audits
Process of converting data into fixed-size value.
Hashing
most important thing linked to Integrity
HASHING
[Hashing] The result of hashing function is called…
Hash Digest
[Hashing] The Hash Digest will almost serve like a…
Digital Fingerprint
Use encryption to ensure integrity and authencity.
Digital Signatures
[Digital Sign.] How is the process of digitally sign a file?
- Hash the file (Integrity)
- Hash Digest is Encrypted using users private key (Authencity)
Now this data is digitally signed and any alterations in the file will drastically change the file’s hash, wich in turn, would invalidate that digital signature.
Method to verify the integrity of data during transmission
Checksums
Ensure that only authorized individuals can modify data and reduce the risk of unintentional or malicious alterations.
Access Controls
Involve reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed.
Regular Audits
Availability importance
- Ensure business continuity.
- Maintaining customer trust.
- Upholding an organization’s reputation.
most important thing linked to Availability
REDUNDANCY
4 methods to achieve AVAILABILITY
- Server Redundancy
- Data Redundancy
- Network Redundancy
- Power Redundancy
Involves using multiple servers in a load balancer so that if one is overloaded or fails, the other servers can take over the load to continue supporting end users.
Server Redundancy
Involves storing data in multiple places.
Data Redundancy
Ensures if one network path fails, the data can travel through another route.
Network Redundancy
Involves using backup power sources – like generations and uninterrupted powersupplies – to ensure that an organization’s systems remain operational during periods of power disruption or outages within a local service area.
Power Redundancy
Non-repudiation importance
- Confirming authenticity of digital transactions.
- Ensuring integrity.
- Providing accountability.
most important thing linked to Non-repudiation
DIGITAL SIGNATURES
Authentication methods
- smth you know
- smth you have
- smth you are
- smth yo do
- swh you are
Relies on information that a user can recall.
Smth you know (Knowledge Factor)
Relies on the user presenting a physical item to autheticate themselves.
Smth you have (Possession Factor)
Relies on the user providing a unique physical or behaviorial characteristic of the person to validate that they are who they claim to be.
Smth you are (Inherence Factor)
Relies on the user conducting a unique action to prove who they are.
Smth you do (Action Factor)
Relies on the user being in the certain geographic location before access is granted.
Swh you are (Location Factor)
2 autentication methods.
2FA - Two Factor Authentication
2 or more autentication methods.
MFA - Multi Factor Authentication
Importance of Authentication
- Prevent unauthorized access.
- Protect user data privacy.
- Ensure resource validity.
most important thing linked to Authentication
MFA - Multi Factor Authentication
[Authetication] Knowledge Factor
Smth you know
Ex: login and password.
[Authetication] Possession Factor
Smth you have
Ex: OTP (One Time Password)
[Authetication] Inherence Factor
Smth you are
Ex: Iris or fingerprint.
[Authetication] Action Factor
Smth you do
Ex: handwriten samples.
[Authetication] Location Factor
Swh you are
Ex: Just open the door if you are within 20meters.
Which are the types of Authorization mechanisms controls?
- role-based
- rule-based
- attribute-based
Importance of Authorization
- Protect sesitive data
- Maintain system integrity in organizations
- Create more streamlined user experiences
Importance of ACCOUNTING
- Logging into the system
- Accessing files
- Modifying configuration settings
- Downloading or installing software
- Attempting unauthorized actions on systems and networks
5 things to a robust audit system
- Audit Trail
- Regulatory Compliance
- Forensic Analysis
- Resource Optimization
- User Accountability
[Accounting] Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a specific user or point in time.
Audit Trail
[Accounting] Maintains a comprehensive record of all the users’ activities.
Regulatory Compliance
[Accounting] Uses detailed accounting and event logs that can help cybersecurity experts understand what happened , how it happened, and how to prevent similar incidents from ocurring again in the future.
Forensic Analysis
[Accounting] Organization can ……….. system performance and minimize costs by tracking ……….. utilization and allocation decisions.
Resource Optimization
[Accounting] Thorough accounting system ensures users’ actions are monitored and logged, deterring potential misuse and promoting adherence to the organization’s policies.
User Accountability
Tools related to Accountability
- Syslog servers
- Network analysis tools
- SIEMs (Security Information and Event Management systems)
CIA Triad
C - Confidentiality
I - Integrity
A - Availability
2 new elements to CIA triad making it a pentagon
N - Non-repudiation
A - Authentication
CIANA
most important thing linked to Confidentiality
ENCRYPTION
most important thing linked to Integrity
HASHING
most important thing linked to Availability
REDUNDANCY
most important thing linked to Non-repudiation
DIGITAL SIGNATURES
most important thing linked to Authentication
MFA - Multi Factor Authentication
Deception and Disruption Technologies
- Honeypots
- Honeynets
- Honeyfiles
- Honeytoken
Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques.
Honeypots
Creates an entires network of decoy systems to observe complex, multi-stage attacks.
Honeynets
Decoy files placed within systems to detect unauthoried access or data breaches.
Honeyfiles
Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used.
Honeytoken
How could I learn from the different threat actors that are your network is to set up an utilized DECEPTION and DISRUPTION technologies, like?
- Honeypots
- Honeynets
- Honeyfiles
- Honeytokens
The DECEPTION and DISRUPTION technologies will log, monitor and track threat actors so that we can learn about their…… ?
Tactics, techniques and procedures. (TTPs)
Designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats.
Deceptive and Disruption Technologies
Decoy system or network set up to attract potential hackers. Can also be used against insider threats to detect internal fraud, snooping, and malpractice.
Honeypot
Must be placed within a screened subnet or isolated segment that is easily accessed by potential attackers.
Honeypot
Network of honeypots to create a more complex system that is designed to mimic an entire network of systems, including servers, routers, and switches. Also logs all activities to provide a wealth of data about successful and unsuccessful atacks.
Honeynets
Have risks that the attacker could use to learn how production systems are configured
Honeypots and honeynets
Decoy file placed within a system to lure potential attackers. Are typically embedded with unique identifiers or watermarks to help track if it is stolen or copied, and it is usually placed under loose or less strict defenses that files that contain sensitive data might have.
Honeyfiles
Kind of files that can be used as a honeyfiles:
- Word-processing documents
- Spreadsheets
- Presentation files
- Images
- Database files
- Executables
Piece of data or a resource that has no legitimate value or use but is monitored for access or use. Useful for detecting insider threats.
Honeytokens
An windows systems account deployed as ‘admin’ or ‘root’ just to monitor if a user would log into that account. Considering no legitimate user would ever log into that account, what kind of deception and disruptive technology we are talking about?
Honeytoken
Other Deceptive and Disrution Technologies:
- Using bogus DNS entries
- Creating decoy directories
- Generating dynamic page
- Using port triggering
- Spoofing fake telemetry data
Fake DNS entries introduced into a system’s DNS server
Bogus DNS
Fake folders and files placed within a system’s storage
Decoy Directories
Used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor.
Dynamic Page Generation
Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected
Port Triggering
System can respond to an attacker’s network scan attempt by sending out fake data.
Fake Telemetry Data
Prevent people from accessing your facilities
Fences
Prevent vehicles from getting too close to your facilities
Bollards
