Cybersecurity Fundamentals

From Think Outside the Circle
Revision as of 14:48, 14 May 2021 by Dginter (talk | contribs) (update more stuff)
Jump to navigation Jump to search

Fundamentals

What are we trying to protect: It's all about the Data

  • Confidentiality: Only those who should have access can get access.
  • Integrity: The data is what it should be. The data has truth.
  • Availability: Data is available to those with rights, when they need to access it.


Who are we trying to protect the data from? Threat Actors:

  • Cybercriminals: motivated by money
  • Nationstates: motivated by loyalty to country
  • Terrorist Organizations: motivated by destruction
  • Hacktivists: motivated by a moral cause
  • Insiders: motivated by stupidity (i.e perhaps ignorance would be better),

How Tactics, Techniques and procedures

  • Phishing,
  • social engineering,
  • business email compromise (BEC) scams,
  • botnets,
  • password attacks,
  • exploit kits,
  • malware,
  • ransomware
  • Break-ins

Vulnerabilities and Risk

  • Risk Identification
  • Risk Analysis
  • Risk Response
  • Risk Mitigation
  • Risk ReAssessment
  • Goto #1 Risk ID


Common Attacks

https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks

  • Malware
  • Phishing
  • MiTM
  • DoS
  • SQL Inject
  • Zero Day
  • DNS Tunneling


https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/

  • Some of the above and
  • Drive by
  • Password
  • XXS
  • Eavesdropping
  • Birthday (Hash replacement)
  • Malware
    • Macro Virus
    • File Infector
    • boot record infection
    • polymorphic
    • stealth
    • trojan
    • logic bomb
    • dropper
    • ransomware
    • adware
    • spyware

https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/

  • Fileless Malware (n RAM)


https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/

  • Social Engineering
  • Social Media Attach
  • Birthday Hash attack
    • Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair.

https://phoenixnap.com/blog/cyber-security-attack-types

  • AI Attack

https://www.rapid7.com/fundamentals/types-of-attacks/

  • Credential Reuse

References

https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/

inforsec handbook

Retrieved from "https://www.thinkoutsidethecircle.net/mediawiki/index.php?title=Cybersecurity_Fundamentals&oldid=22"