Security Overview Flashcards
Information Security
Act of protecting data and info from unauthorized access, unlawful modification, and disruption, disclosure, corruption, and destruction
Information Security Systems
Protecting the systems that hold the data
CIA Triad
confidentiality, integrity, availability
Confidentiality (CIA Triad)
Info has not been disclosed to unauthorized ppl (encryption)
Integrity (CIA triad)
info hasn’t been altered or modified without proper authorization (hashes)
Availability (CIA Triad)
Info is able to be accessed, stored, and protected at all times
AAAs of Security
Authentication, Authorization, Accounting
Authentication (AAA of security)
persons identity is established with proof and confirmed by a system
5 Methods of Authentication
- Something you know (user/pass)
- Something you are (retina scan/fingerprint)
- Something you have (token, drivers license)
- Something you do (speak, signature)
- location
Authorization (AAA of security)
occurs when a user is given access to certain part of something
Accounting (AAA of security)
tracking of data, computer usage, network resource
Non-repudiation
Proof that someone has taken action
Security threats
Malware, unauthorized access, system failure, social engineering
Malware
malicious software (worms, virus, trojan horse, etc)
Unauthorized access
occurs when access to computer resources and data happens without consent of the owner
System Failure
BSOD - blue screen of death
Social engineering
act of manipulating a user into revealing confidential info performing other detrimental actions
Mitigating Threats
Physical Controls
Technical Controls
Admin Controls
Physical Controls
alarm systems, locks, fences, doors, badges/id cards, security guards
Technical Controls
smart cards, encryption, access control lists (ACLs), intrusion detection systems (IDS), network authentication
Admin Controls (Managerial Controls)
policies, procedures, security awareness, contingency, disaster recovery plans (user training is most cost effective)
2 Categories of Admin Controls
User procedural controls - org choses to do on its own
Legal/Regulatory - required by law (HIPAA)
White Hat
non-malicious hackers who attempt to break into a company’s system at their request (internal/contractors) - penetration testers/ethical hackers
Black Hat
People that break into computer systems and networks without authorization or permissions (bad guys)
Blue Hat
People who attempt to hack into a network with the permission of a company but are not employed by the company
Gray Hat
Hacker without affiliation to a company that attempts to break into a company’s network but risks the law. Doesn’t necessarily have bad intention, just wants to break in
Elite Hacker
find and exploit vulnerabilities before anyone else does (1 in 10,000)
Script Kiddie
limited skill and only run other people’s exploits and tools
Hacktivist
Hackers who are driven by a cause like social change, political agendas, terrorism
Organized Crime
hackers who are part of a crime group that is well funded and highly sophisticated
Advanced Persistent Threats (APTs)
highly trained and highly funded groups of hackers, funded by nation states with covert and open source intelligence at their disposal (russia/china)
Threat Intelligence Sources
Timeliness Relevancy Accuracy Confidence Level Open Source Proprietary Open Source Intelligence (OSINT) Threat Hunting
Timeliness
property of intelligence source that ensures it is up to date
relevancy
property of an intelligence source that ensures it matches the use cases intended
Accuracy
property of an intelligence source that ensures it produces effective results
Confidence Levels
property of an intelligence source that ensures it produces qualified statements about reliability
MISP Project
codifies the use of the admirability scale for grading data and estimate langugae
confirmed probably true possibly true doubtfully true improbable cannot be judged
Proprietary
threat intelligence is very widely provided as a commercial service offering, where acess to updates and research is subject to a subscription fee
Closed Source
data derived from the provider’s own research and analysis efforts, such as data from honenets that they operate, plus info mined from it’s customers systems suitably anonymized
honeynet
network setup with intentional vulnerabilities hosted on a decoy server to attract hackers
open source
data that is available to use without subscription, whi may include threat feeds similar to the commercial providers, and may contain reputation lists and malware signature dbs
Open source intelligence (OSINT)
methods of obtaining info about a person or org through public records, websites, social media (talos, virustotal, whois)
Threat hunting
cyber security technique designed to detect presence of threat that have not been discovered by a normal security monitoring
Benefits of Threat Hunting
improves detection capabilities integrate intelligence reduces attack surface block attack vectors identify critical access
Kill Chain
model developed by lockeed martin that describes the stages by which a threat actor progresses a network intrusion
Kill Chain Stages
Reconaissance Weaponization Delivery Exploitation Installation Command and control (C2) Actions on Objectives
Reconaissance
the attacker determines what methods to use to complete the phases of attack (should have a good idea of what software and network looks like when completed)
Weaponization
attacker couples payload code that will enable access with exploit code that will use vulnerability to execute on the target system
Delivery
attacker identifies a vector by which to transmit the weaponized code to target environment
Exploitation
weaponized code is executed on the target system by this mechanism
installation
mechanism enables weaponized code to run a remote access tool and achieve persistence on the target system
Command and Control (C2)
weaponzed code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack
Actions on Objections
use access they’ve achieved to do what they want to. covertly collect info and transfer to remote system (data exfiltration)
MITRE ATT&CK Framework
knowledge base maintained by the MITRE corp for listting and explaining specific adversary tactics, techniques, and common knowledge or procedures
Diamond Model of intrusion analysis
framework for analyzing cybersecurity incidents and intrusion by exploring the relationship between 4 core features
4 core features of Diamond Model of Intrustion Analysis
Adversary
Capability
infrastructure
victim
You are at the doctor’s office and waiting for the physician to enter the room to examine you. You look across the room and see a pile of patient records on the physician’s desk. There is no one in the room and your curiosity has gotten the better of you, so you walk across the room and start reading through the other patient records on the desk. Which tenent of security have you just violated?
- Confidentiality
- Authentication
- Integrity
- Availability
Confidentiality
You have just walked up to the bank teller and requested to withdraw $100 from checking account #7654123 (your account). The teller asks for your name and driver’s license before conducting this transaction. After she looks at your driver’s license, she thanks you for your business, pulls out $100 from the cash drawer, and hands you back the license and the $100 bill. What category best describes what the bank teller just did?
- Accounting
- Authorization
- Authentication
- availability
Authentication
You are in the kitchen cooking dinner while your spouse is in the other room watching the news on the television. The top story is about how hackers have been able to gain access to one of the state’s election systems and tamper with the results. Unfortunately, you only heard a fraction of the story, but your spouse knows that you have been learning about hackers in your Security+ course and asks you, “Which type of hacker do you think would be able to do this?”
- Hackitivists
- Organized crime group
- Apts
- Script kiddies
APTs
