Cybersecurity Fundamentals

From Think Outside the Circle
Revision as of 15:30, 14 May 2021 by Dginter (talk | contribs) (added content)
Jump to navigation Jump to search

Fundamentals

What are we trying to protect: It's all about the Data

  • Confidentiality: Only those who should have access can get access.
  • Integrity: The data is what it should be. The data has truth.
  • Availability: Data is available to those with rights, when they need to access it.

Who are we trying to protect the data from? Threat Actors:

  • Cybercriminals: motivated by money
  • Nationstates: motivated by loyalty to country
  • Terrorist Organizations: motivated by destruction
  • Hacktivists: motivated by a moral cause
  • Insiders: motivated by stupidity (i.e perhaps ignorance would be better),

How Tactics, Techniques and procedures

  • Phishing,
  • social engineering,
  • business email compromise (BEC) scams,
  • botnets,
  • password attacks,
  • exploit kits,
  • malware,
  • ransomware
  • Break-ins

Vulnerabilities and Risk

  • Risk Identification
  • Risk Analysis
  • Risk Response
  • Risk Mitigation
  • Risk ReAssessment
  • Goto #1 Risk ID

Common Attacks

https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks

  • Malware
  • Phishing
  • MiTM
  • DoS
  • SQL Inject
  • Zero Day
  • DNS Tunneling


https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/

  • Some of the above and
  • Drive by
  • Password
  • XXS
  • Eavesdropping
  • Birthday (Hash replacement)
  • Malware
    • Macro Virus
    • File Infector
    • boot record infection
    • polymorphic
    • stealth
    • trojan
    • logic bomb
    • dropper
    • ransomware
    • adware
    • spyware

https://cybersecuritykings.com/2020/04/17/the-8-most-common-cyber-attacks/

  • Fileless Malware (n RAM)


https://alpinesecurity.com/blog/the-8-most-common-cyber-attacks-and-how-to-stop-them/

  • Social Engineering
  • Social Media Attach
  • Birthday Hash attack
    • Think of it this way. If you wanted a 50% chance of that someone in a group would share a birthday with you , you would need 253 people in your group (not the 183 you would expect https://en.wikipedia.org/wiki/Birthday_problem) while you would only need 23 in the group for there to be a chance > 50% of their being a birthday pair.

https://phoenixnap.com/blog/cyber-security-attack-types

  • AI Attack

https://www.rapid7.com/fundamentals/types-of-attacks/

  • Credential Reuse

Basic Risk Assessment

https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/

https://www.tylercybersecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment

  1. What is a IT Risk Assessment
  2. Why is it important
  3. What is at Risk?
  4. Formulation of Risk
    • Threat
    • Vulnerability
    • Impact
    • Likelihood
    • Risk = Threat * Vulnerability * Assett
  5. How to perform an IT Risk Assessment
    1. ID and prioritize assets (data, servers, contacts...)
    2. ID Threats (Natural, H/W S/W failure, Human error, Bad people doing bad things )

References

https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threat-actors/

inforsec handbook

Retrieved from "https://www.thinkoutsidethecircle.net/mediawiki/index.php?title=Cybersecurity_Fundamentals&oldid=23"