Difference between revisions of "Cybersecurity Fundamentals"
Jump to navigation
Jump to search
m (Still filling out the outline) |
(Added much new material) |
||
| Line 6: | Line 6: | ||
* Integrity: The data is what it should be. The data has truth. | * Integrity: The data is what it should be. The data has truth. | ||
* Availability: Data is available to those with rights, when they need to access it. | * Availability: Data is available to those with rights, when they need to access it. | ||
| − | |||
==='''Who''' are we trying to protect the data from? Threat Actors: === | ==='''Who''' are we trying to protect the data from? Threat Actors: === | ||
* Cybercriminals: motivated by money | * Cybercriminals: motivated by money | ||
| Line 13: | Line 12: | ||
* Hacktivists: motivated by a moral cause | * Hacktivists: motivated by a moral cause | ||
* Insiders: motivated by stupidity (i.e perhaps ignorance would be better), | * Insiders: motivated by stupidity (i.e perhaps ignorance would be better), | ||
| − | |||
==='''How''' Tactics, Techniques and procedures === | ==='''How''' Tactics, Techniques and procedures === | ||
* Phishing, | * Phishing, | ||
| Line 24: | Line 22: | ||
* ransomware | * ransomware | ||
* Break-ins | * Break-ins | ||
| − | |||
=== Vulnerabilities and Risk === | === Vulnerabilities and Risk === | ||
* Risk Identification | * Risk Identification | ||
| Line 32: | Line 29: | ||
* Risk ReAssessment | * Risk ReAssessment | ||
* Goto #1 Risk ID | * Goto #1 Risk ID | ||
| − | |||
=== Common Attacks === | === Common Attacks === | ||
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks | https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks | ||
| − | |||
* Malware | * Malware | ||
* Phishing | * Phishing | ||
| Line 46: | Line 41: | ||
https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/ | https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/ | ||
| − | |||
* Some of the above and | * Some of the above and | ||
* Drive by | * Drive by | ||
| Line 52: | Line 46: | ||
* XXS | * XXS | ||
* Eavesdropping | * Eavesdropping | ||
| − | * Birthday (Hash replacement) | + | * Birthday (Hash replacement) |
* Malware | * Malware | ||
** Macro Virus | ** Macro Virus | ||
** File Infector | ** File Infector | ||
| − | ** boot record infection | + | ** boot record infection |
** polymorphic | ** polymorphic | ||
** stealth | ** stealth | ||
| Line 67: | Line 61: | ||
https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/ | https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/ | ||
| − | |||
* Fileless Malware (n RAM) | * Fileless Malware (n RAM) | ||
https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/ | https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/ | ||
| − | |||
* Social Engineering | * Social Engineering | ||
* Social Media Attach | * Social Media Attach | ||
* Birthday Hash attack | * Birthday Hash attack | ||
| − | ** Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair. | + | ** Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair. |
https://phoenixnap.com/blog/cyber-security-attack-types | https://phoenixnap.com/blog/cyber-security-attack-types | ||
| − | |||
* AI Attack | * AI Attack | ||
| − | |||
https://www.rapid7.com/fundamentals/types-of-attacks/ | https://www.rapid7.com/fundamentals/types-of-attacks/ | ||
| − | |||
* Credential Reuse | * Credential Reuse | ||
| − | |||
=== Basic Risk Assessment === | === Basic Risk Assessment === | ||
| Line 92: | Line 80: | ||
https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment | https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment | ||
| − | |||
# What is a IT Risk Assessment | # What is a IT Risk Assessment | ||
# Why is it important | # Why is it important | ||
| Line 113: | Line 100: | ||
## Document the results | ## Document the results | ||
## | ## | ||
| + | === Cryptography and PKI === | ||
| − | + | * Cryptography is the study of securing information through the use of algorithms and codes. | |
| + | * Symmetric Encryption: Uses a “secret” key to both encrypt and decrypt message. The problem is sharing the key on untrusted channel | ||
| + | * Asymmetric: Uses two keys. Either can encrypt, but the other must be used to decryp | ||
=== Data Security === | === Data Security === | ||
| + | |||
| + | * Data at Rest | ||
| + | ** Identify at risk data and use appropriate encryption solutions | ||
| + | ** Consider full storage encryption as well as file encryption. | ||
| + | |||
| + | * Data in Transit | ||
| + | ** Implement secure firewalls and network solutions. | ||
| + | ** Ensure that when data is in transit a secure end-to-end encryption method is being used | ||
| + | ** Implement methods of identifying when at-risk data is being moved and place barriers to ensure the movement is authorized. | ||
| + | |||
| + | * Don’t Ignore Cloud storage | ||
| + | ** Ensure that cloud data is encrypted both at rest and you use a provider that further encrypts in transit. | ||
=== Security Mechanisms === | === Security Mechanisms === | ||
| + | <nowiki>https://www.geeksforgeeks.org/types-of-security-mechanism/</nowiki> | ||
| + | <nowiki>https://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2</nowiki> | ||
| + | |||
| + | <nowiki>https://www.synopsys.com/glossary/what-is-cyber-security.html</nowiki> | ||
| + | |||
| + | •Encryption | ||
| + | |||
| + | •Access Control | ||
| + | |||
| + | •Notarization | ||
| + | |||
| + | •Data Integrity | ||
| + | |||
| + | •Authentication Exchange | ||
| + | |||
| + | •Bit Stuffing | ||
| + | |||
| + | •Digital Signature | ||
| + | |||
| + | •Physical Security | ||
| + | |||
| + | •Authentication | ||
| + | |||
| + | •Authorization | ||
| + | |||
| + | •Accounting/Auditing | ||
| + | |||
| + | •Firewalls/IDS/IPS | ||
| + | |||
| + | •Application Security | ||
| + | |||
| + | •Mobile Security | ||
| + | |||
| + | •Cloud Security | ||
| + | |||
| + | •Disaster Recovery | ||
| + | User Education | ||
=== Security Countermeasures === | === Security Countermeasures === | ||
| + | ==== Controls to protect CIA ==== | ||
=== References === | === References === | ||
| − | + | https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ <nowiki>https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/</nowiki> | |
| − | https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ | ||
| − | <nowiki>https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/</nowiki> | ||
inforsec handbook | inforsec handbook | ||
Latest revision as of 21:34, 20 August 2021
Fundamentals
What are we trying to protect: It's all about the Data
- Confidentiality: Only those who should have access can get access.
- Integrity: The data is what it should be. The data has truth.
- Availability: Data is available to those with rights, when they need to access it.
Who are we trying to protect the data from? Threat Actors:
- Cybercriminals: motivated by money
- Nationstates: motivated by loyalty to country
- Terrorist Organizations: motivated by destruction
- Hacktivists: motivated by a moral cause
- Insiders: motivated by stupidity (i.e perhaps ignorance would be better),
How Tactics, Techniques and procedures
- Phishing,
- social engineering,
- business email compromise (BEC) scams,
- botnets,
- password attacks,
- exploit kits,
- malware,
- ransomware
- Break-ins
Vulnerabilities and Risk
- Risk Identification
- Risk Analysis
- Risk Response
- Risk Mitigation
- Risk ReAssessment
- Goto #1 Risk ID
Common Attacks
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks
- Malware
- Phishing
- MiTM
- DoS
- SQL Inject
- Zero Day
- DNS Tunneling
https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/
- Some of the above and
- Drive by
- Password
- XXS
- Eavesdropping
- Birthday (Hash replacement)
- Malware
- Macro Virus
- File Infector
- boot record infection
- polymorphic
- stealth
- trojan
- logic bomb
- dropper
- ransomware
- adware
- spyware
https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/
- Fileless Malware (n RAM)
https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/
- Social Engineering
- Social Media Attach
- Birthday Hash attack
- Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair.
https://phoenixnap.com/blog/cyber-security-attack-types
- AI Attack
https://www.rapid7.com/fundamentals/types-of-attacks/
- Credential Reuse
Basic Risk Assessment
https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/
https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment
- What is a IT Risk Assessment
- Why is it important
- What is at Risk?
- Formulation of Risk
- Threat
- Vulnerability
- Impact
- Likelihood
- Risk = Threat * Vulnerability * Assett
- How to perform an IT Risk Assessment (https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/)
- ID and prioritize assets (data, servers, contacts...)
- ID Threats (Natural, H/W S/W failure, Human error, Bad people doing bad things )
- Identify Vulnerabilities
- Analyze Controls: encryption, IDS, authentication, policies. ...
- Determine Likihood of attack
- Assess impact
- Prioritize Risk
- recommend contros
- Document the results
Cryptography and PKI
- Cryptography is the study of securing information through the use of algorithms and codes.
- Symmetric Encryption: Uses a “secret” key to both encrypt and decrypt message. The problem is sharing the key on untrusted channel
- Asymmetric: Uses two keys. Either can encrypt, but the other must be used to decryp
Data Security
- Data at Rest
- Identify at risk data and use appropriate encryption solutions
- Consider full storage encryption as well as file encryption.
- Data in Transit
- Implement secure firewalls and network solutions.
- Ensure that when data is in transit a secure end-to-end encryption method is being used
- Implement methods of identifying when at-risk data is being moved and place barriers to ensure the movement is authorized.
- Don’t Ignore Cloud storage
- Ensure that cloud data is encrypted both at rest and you use a provider that further encrypts in transit.
Security Mechanisms
https://www.geeksforgeeks.org/types-of-security-mechanism/
https://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2
https://www.synopsys.com/glossary/what-is-cyber-security.html
•Encryption
•Access Control
•Notarization
•Data Integrity
•Authentication Exchange
•Bit Stuffing
•Digital Signature
•Physical Security
•Authentication
•Authorization
•Accounting/Auditing
•Firewalls/IDS/IPS
•Application Security
•Mobile Security
•Cloud Security
•Disaster Recovery User Education
Security Countermeasures
Controls to protect CIA
References
https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/
inforsec handbook