Difference between revisions of "Cybersecurity Fundamentals"
Jump to navigation
Jump to search
(Initial edit.) |
(Added much new material) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | == Fundamentals == | |
| − | |||
| − | |||
| − | |||
| + | ==='''What''' are we trying to protect: It's all about the Data === | ||
* Confidentiality: Only those who should have access can get access. | * Confidentiality: Only those who should have access can get access. | ||
* Integrity: The data is what it should be. The data has truth. | * Integrity: The data is what it should be. The data has truth. | ||
* Availability: Data is available to those with rights, when they need to access it. | * Availability: Data is available to those with rights, when they need to access it. | ||
| − | + | ==='''Who''' are we trying to protect the data from? Threat Actors: === | |
| − | |||
| − | '''Who''' are we trying to protect the data from? Threat Actors: | ||
| − | |||
* Cybercriminals: motivated by money | * Cybercriminals: motivated by money | ||
* Nationstates: motivated by loyalty to country | * Nationstates: motivated by loyalty to country | ||
| Line 17: | Line 12: | ||
* Hacktivists: motivated by a moral cause | * Hacktivists: motivated by a moral cause | ||
* Insiders: motivated by stupidity (i.e perhaps ignorance would be better), | * Insiders: motivated by stupidity (i.e perhaps ignorance would be better), | ||
| − | + | ==='''How''' Tactics, Techniques and procedures === | |
| − | '''How''' Tactics, Techniques and procedures | ||
| − | |||
* Phishing, | * Phishing, | ||
* social engineering, | * social engineering, | ||
| Line 29: | Line 22: | ||
* ransomware | * ransomware | ||
* Break-ins | * Break-ins | ||
| + | === Vulnerabilities and Risk === | ||
| + | * Risk Identification | ||
| + | * Risk Analysis | ||
| + | * Risk Response | ||
| + | * Risk Mitigation | ||
| + | * Risk ReAssessment | ||
| + | * Goto #1 Risk ID | ||
| + | === Common Attacks === | ||
| + | https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks | ||
| + | * Malware | ||
| + | * Phishing | ||
| + | * MiTM | ||
| + | * DoS | ||
| + | * SQL Inject | ||
| + | * Zero Day | ||
| + | * DNS Tunneling | ||
| + | |||
| + | |||
| + | https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/ | ||
| + | * Some of the above and | ||
| + | * Drive by | ||
| + | * Password | ||
| + | * XXS | ||
| + | * Eavesdropping | ||
| + | * Birthday (Hash replacement) | ||
| + | * Malware | ||
| + | ** Macro Virus | ||
| + | ** File Infector | ||
| + | ** boot record infection | ||
| + | ** polymorphic | ||
| + | ** stealth | ||
| + | ** trojan | ||
| + | ** logic bomb | ||
| + | ** dropper | ||
| + | ** ransomware | ||
| + | ** adware | ||
| + | ** spyware | ||
| + | |||
| + | https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/ | ||
| + | * Fileless Malware (n RAM) | ||
| + | |||
| + | |||
| + | https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/ | ||
| + | * Social Engineering | ||
| + | * Social Media Attach | ||
| + | * Birthday Hash attack | ||
| + | ** Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair. | ||
| + | |||
| + | https://phoenixnap.com/blog/cyber-security-attack-types | ||
| + | * AI Attack | ||
| + | https://www.rapid7.com/fundamentals/types-of-attacks/ | ||
| + | * Credential Reuse | ||
| + | === Basic Risk Assessment === | ||
| + | |||
| + | |||
| + | https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ | ||
| + | |||
| + | https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment | ||
| + | # What is a IT Risk Assessment | ||
| + | # Why is it important | ||
| + | # What is at Risk? | ||
| + | # Formulation of Risk | ||
| + | #* Threat | ||
| + | #* Vulnerability | ||
| + | #* Impact | ||
| + | #* Likelihood | ||
| + | #* Risk = Threat * Vulnerability * Assett | ||
| + | # How to perform an IT Risk Assessment (https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/) | ||
| + | ## ID and prioritize assets (data, servers, contacts...) | ||
| + | ## ID Threats (Natural, H/W S/W failure, Human error, Bad people doing bad things ) | ||
| + | ## Identify Vulnerabilities | ||
| + | ## Analyze Controls: encryption, IDS, authentication, policies. ... | ||
| + | ## Determine Likihood of attack | ||
| + | ## Assess impact | ||
| + | ## Prioritize Risk | ||
| + | ## recommend contros | ||
| + | ## Document the results | ||
| + | ## | ||
| + | === Cryptography and PKI === | ||
| + | |||
| + | * Cryptography is the study of securing information through the use of algorithms and codes. | ||
| + | * Symmetric Encryption: Uses a “secret” key to both encrypt and decrypt message. The problem is sharing the key on untrusted channel | ||
| + | * Asymmetric: Uses two keys. Either can encrypt, but the other must be used to decryp | ||
| + | |||
| + | === Data Security === | ||
| + | |||
| + | * Data at Rest | ||
| + | ** Identify at risk data and use appropriate encryption solutions | ||
| + | ** Consider full storage encryption as well as file encryption. | ||
| + | |||
| + | * Data in Transit | ||
| + | ** Implement secure firewalls and network solutions. | ||
| + | ** Ensure that when data is in transit a secure end-to-end encryption method is being used | ||
| + | ** Implement methods of identifying when at-risk data is being moved and place barriers to ensure the movement is authorized. | ||
| + | |||
| + | * Don’t Ignore Cloud storage | ||
| + | ** Ensure that cloud data is encrypted both at rest and you use a provider that further encrypts in transit. | ||
| + | |||
| + | === Security Mechanisms === | ||
| + | <nowiki>https://www.geeksforgeeks.org/types-of-security-mechanism/</nowiki> | ||
| + | |||
| + | <nowiki>https://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2</nowiki> | ||
| + | |||
| + | <nowiki>https://www.synopsys.com/glossary/what-is-cyber-security.html</nowiki> | ||
| + | |||
| + | •Encryption | ||
| + | |||
| + | •Access Control | ||
| + | |||
| + | •Notarization | ||
| + | |||
| + | •Data Integrity | ||
| + | |||
| + | •Authentication Exchange | ||
| + | |||
| + | •Bit Stuffing | ||
| + | |||
| + | •Digital Signature | ||
| + | |||
| + | •Physical Security | ||
| + | |||
| + | •Authentication | ||
| + | |||
| + | •Authorization | ||
| + | |||
| + | •Accounting/Auditing | ||
| + | |||
| + | •Firewalls/IDS/IPS | ||
| + | |||
| + | •Application Security | ||
| + | |||
| + | •Mobile Security | ||
| + | |||
| + | •Cloud Security | ||
| + | |||
| + | •Disaster Recovery | ||
| + | User Education | ||
| + | === Security Countermeasures === | ||
| − | === | + | ==== Controls to protect CIA ==== |
| + | === References === | ||
| + | https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ <nowiki>https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/</nowiki> | ||
| − | + | inforsec handbook | |
Latest revision as of 21:34, 20 August 2021
Fundamentals
What are we trying to protect: It's all about the Data
- Confidentiality: Only those who should have access can get access.
- Integrity: The data is what it should be. The data has truth.
- Availability: Data is available to those with rights, when they need to access it.
Who are we trying to protect the data from? Threat Actors:
- Cybercriminals: motivated by money
- Nationstates: motivated by loyalty to country
- Terrorist Organizations: motivated by destruction
- Hacktivists: motivated by a moral cause
- Insiders: motivated by stupidity (i.e perhaps ignorance would be better),
How Tactics, Techniques and procedures
- Phishing,
- social engineering,
- business email compromise (BEC) scams,
- botnets,
- password attacks,
- exploit kits,
- malware,
- ransomware
- Break-ins
Vulnerabilities and Risk
- Risk Identification
- Risk Analysis
- Risk Response
- Risk Mitigation
- Risk ReAssessment
- Goto #1 Risk ID
Common Attacks
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks
- Malware
- Phishing
- MiTM
- DoS
- SQL Inject
- Zero Day
- DNS Tunneling
https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/
- Some of the above and
- Drive by
- Password
- XXS
- Eavesdropping
- Birthday (Hash replacement)
- Malware
- Macro Virus
- File Infector
- boot record infection
- polymorphic
- stealth
- trojan
- logic bomb
- dropper
- ransomware
- adware
- spyware
https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/
- Fileless Malware (n RAM)
https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/
- Social Engineering
- Social Media Attach
- Birthday Hash attack
- Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair.
https://phoenixnap.com/blog/cyber-security-attack-types
- AI Attack
https://www.rapid7.com/fundamentals/types-of-attacks/
- Credential Reuse
Basic Risk Assessment
https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/
https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment
- What is a IT Risk Assessment
- Why is it important
- What is at Risk?
- Formulation of Risk
- Threat
- Vulnerability
- Impact
- Likelihood
- Risk = Threat * Vulnerability * Assett
- How to perform an IT Risk Assessment (https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/)
- ID and prioritize assets (data, servers, contacts...)
- ID Threats (Natural, H/W S/W failure, Human error, Bad people doing bad things )
- Identify Vulnerabilities
- Analyze Controls: encryption, IDS, authentication, policies. ...
- Determine Likihood of attack
- Assess impact
- Prioritize Risk
- recommend contros
- Document the results
Cryptography and PKI
- Cryptography is the study of securing information through the use of algorithms and codes.
- Symmetric Encryption: Uses a “secret” key to both encrypt and decrypt message. The problem is sharing the key on untrusted channel
- Asymmetric: Uses two keys. Either can encrypt, but the other must be used to decryp
Data Security
- Data at Rest
- Identify at risk data and use appropriate encryption solutions
- Consider full storage encryption as well as file encryption.
- Data in Transit
- Implement secure firewalls and network solutions.
- Ensure that when data is in transit a secure end-to-end encryption method is being used
- Implement methods of identifying when at-risk data is being moved and place barriers to ensure the movement is authorized.
- Don’t Ignore Cloud storage
- Ensure that cloud data is encrypted both at rest and you use a provider that further encrypts in transit.
Security Mechanisms
https://www.geeksforgeeks.org/types-of-security-mechanism/
https://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2
https://www.synopsys.com/glossary/what-is-cyber-security.html
•Encryption
•Access Control
•Notarization
•Data Integrity
•Authentication Exchange
•Bit Stuffing
•Digital Signature
•Physical Security
•Authentication
•Authorization
•Accounting/Auditing
•Firewalls/IDS/IPS
•Application Security
•Mobile Security
•Cloud Security
•Disaster Recovery User Education
Security Countermeasures
Controls to protect CIA
References
https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/
inforsec handbook