Difference between revisions of "Cybersecurity Fundamentals"
Jump to navigation
Jump to search
(Initial edit.) |
m (update more stuff) |
||
| Line 29: | Line 29: | ||
* ransomware | * ransomware | ||
* Break-ins | * Break-ins | ||
| + | Vulnerabilities and Risk | ||
| − | === | + | * Risk Identification |
| + | * Risk Analysis | ||
| + | * Risk Response | ||
| + | * Risk Mitigation | ||
| + | * Risk ReAssessment | ||
| + | * Goto #1 Risk ID | ||
| + | |||
| + | |||
| + | Common Attacks | ||
| + | |||
| + | https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks | ||
| + | |||
| + | * Malware | ||
| + | * Phishing | ||
| + | * MiTM | ||
| + | * DoS | ||
| + | * SQL Inject | ||
| + | * Zero Day | ||
| + | * DNS Tunneling | ||
| + | |||
| + | |||
| + | https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/ | ||
| + | |||
| + | * Some of the above and | ||
| + | * Drive by | ||
| + | * Password | ||
| + | * XXS | ||
| + | * Eavesdropping | ||
| + | * Birthday (Hash replacement) | ||
| + | * Malware | ||
| + | ** Macro Virus | ||
| + | ** File Infector | ||
| + | ** boot record infection | ||
| + | ** polymorphic | ||
| + | ** stealth | ||
| + | ** trojan | ||
| + | ** logic bomb | ||
| + | ** dropper | ||
| + | ** ransomware | ||
| + | ** adware | ||
| + | ** spyware | ||
| + | |||
| + | https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/ | ||
| + | |||
| + | * Fileless Malware (n RAM) | ||
| + | |||
| + | |||
| + | https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/ | ||
| + | |||
| + | * Social Engineering | ||
| + | * Social Media Attach | ||
| + | * Birthday Hash attack | ||
| + | ** Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair. | ||
| + | |||
| + | https://phoenixnap.com/blog/cyber-security-attack-types | ||
| + | |||
| + | * AI Attack | ||
| + | |||
| + | https://www.rapid7.com/fundamentals/types-of-attacks/ | ||
| + | |||
| + | * Credential Reuse | ||
| + | |||
| + | === References === | ||
<nowiki>https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/</nowiki> | <nowiki>https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/</nowiki> | ||
| + | |||
| + | inforsec handbook | ||
Revision as of 14:48, 14 May 2021
Fundamentals
What are we trying to protect: It's all about the Data
- Confidentiality: Only those who should have access can get access.
- Integrity: The data is what it should be. The data has truth.
- Availability: Data is available to those with rights, when they need to access it.
Who are we trying to protect the data from? Threat Actors:
- Cybercriminals: motivated by money
- Nationstates: motivated by loyalty to country
- Terrorist Organizations: motivated by destruction
- Hacktivists: motivated by a moral cause
- Insiders: motivated by stupidity (i.e perhaps ignorance would be better),
How Tactics, Techniques and procedures
- Phishing,
- social engineering,
- business email compromise (BEC) scams,
- botnets,
- password attacks,
- exploit kits,
- malware,
- ransomware
- Break-ins
Vulnerabilities and Risk
- Risk Identification
- Risk Analysis
- Risk Response
- Risk Mitigation
- Risk ReAssessment
- Goto #1 Risk ID
Common Attacks
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks
- Malware
- Phishing
- MiTM
- DoS
- SQL Inject
- Zero Day
- DNS Tunneling
https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/
- Some of the above and
- Drive by
- Password
- XXS
- Eavesdropping
- Birthday (Hash replacement)
- Malware
- Macro Virus
- File Infector
- boot record infection
- polymorphic
- stealth
- trojan
- logic bomb
- dropper
- ransomware
- adware
- spyware
https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/
- Fileless Malware (n RAM)
https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/
- Social Engineering
- Social Media Attach
- Birthday Hash attack
- Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair.
https://phoenixnap.com/blog/cyber-security-attack-types
- AI Attack
https://www.rapid7.com/fundamentals/types-of-attacks/
- Credential Reuse
References
https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/
inforsec handbook