Cybrary: Security+ : M2 - Pt. 2
SRTP (Secure Real-Time Transport Protocol)
A security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. Initiated via SIP (session initiation protocol) Secures video & audio transmissions Has minimal effect on the IP quality of the VoIP service.
MCM (mobile content management)
Controlling access to data and file storage, such as cloud-based services
SSL (Secure Sockets Layer)
Depreciated! Provides integrity and confidentiality via authentication and encryption; Replaced by TLS.
POP3S and IMAPS
External email securing Uses SSL to secure emails in transit bt a POP or an IMAP server & the client
Configuration Compliance (examples)
MBSA, CIS, Nessus
FTPS (Explicit)
Port 21; adds confidentiality (encryption) & integrity (hashing) to FTP
SFTP
Secure FTP. An extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using port 22.
Storage Segmentation (Device Mgmt)
Segregating business and personal storage
NFC (Near Field Communication)
Standards for contactless comms. bt devices; chips generate electromagnetic fields; often used for payment systems such as Google or Apple pay
Bluetooth
Utilizes PAN (personal area network, 2+ devices, short range) through spread spectrum, freq. hopping, and full-duplex signal.
Connection Methods of Mobile Devices
Wi-Fi, Bluetooth, NFC (near-field comms.), SATCOM (satellite comms. - old fashioned), ANT (wireless, <30m), Infrared, USB/Fireware (physical cxn) \
Logs & event anomalies (& areas for problems & solutions)
collecting data for monitoring and audit purposes. Potential problems involve: Must be read & monitored (not too much or too little), Centralized logging systems, Logging standards Solutions: Centralized logging, SIEM, SOCC
forward secrecy
component of TLS; ensures that if one key is compromised, subsequent keys (from the past) will not also be compromised
Web Security Protocols
- SSL - TLS - HTTPS Use Cases: User credentials, Session cookies
SNMPv3 Use Cases
- Validating that a packet has not been modified in transit - Eliminating plain text SNMP data on network - Securely monitoring interface encounters, bandwidth usage, cpu load, and traps
Device Deployment Models
1. BYOD - bring your own device (highest risk) 2. CYOD - must meet approved list 3. COPE - company-owned provided equip. (allows co. control over device) 4.VDI - virtual desktop infrastructure (no storage locally, all centralized)
Cellular Comms Components
1. Cellular layout (towers) 2. Base station (connects to the towers) 3. Mobile switching office (centerpiece of ops) 4. PSTN
Network Address Allocation
- Allocating IP Addresses - DHCP to assign internal IP addresses - Network Subnets, so segregate multiple hosts & control network traffic
SSH (Secure Shell)
- Encrypted console communication - Used often for remote administration - Includes secure file transfer (SFTP) and secure file copy (SCP)
Device Security Concepts
1. Full device encryption 2. Screenlocks/lockout 3. Passwords & Pins 4. Biometrics 5. Context-aware authentication
LDAP (Lightweight Directory Access Protocol)
A communications protocol that defines how a client can access information, perform operations, and share directory data on a server. Contains sensitive info about org. & its users - often a point for attackers. LDAPS (LDAP Security) uses SSL/TLS TCP Port 636
MDM (mobile device management)
A formalized structure that enables an org. to account for all the different types of devices used to process, store, transmit, and receive organizational data; includes config. mgmt, managing apps, and enforcing policies
Banner Grabbing (& example)
A method used to gain information about a remote system. It identifies the operating system and other details on the remote system. ex: Netcat
S/MIME (Secure/Multipurpose Internet Mail Extensions)
A standard for encryption (confidentiality) and signing (authentication) of MIME (email) data Requires PKI & User Certs. Internal Email Securing
Steganography (approaches & examples)
A technology that makes it possible to embed hidden information in other media, often pictures. Approaches: least significant bit insertion, masking and filtering, algorithms and transformations. Ex: OpenPuff, Camouflage, Steghide, rSteg
host firewall
A type of software firewall installed on a host and used to protect the host from network-based attacks.
UTM & NGFW
An all-in-one firewall appliance. Includes Network IDS/IPS, URL filtering, Content inspection, Application inspection
Application Whitelisting
An inventory of applications and associated components (libraries, configuration files, etc.) that have been pre-approved and authorized to be active and present on the device.
Asset Management
Asset Inventory Step #1 for NIST & CIS controls Use automated tools to maintain asset list involves ability to track if lost/stolen and wipe data remotely Mobile computers and removable storage Includes software mgmt (preventing install of unapproved apps)
Baseline Deviation
Baseline by establishing normalization, system or network activity. Issues: Baseline not est., baseline corrupted, out of date (patches)
File Integrity Checker (& Ex)
Calculates hashes on system files as a baseline (Periodically recalculates the hashes on the files and compares them with the hashes in the baseline). When alerted, determine what has changed & why (could be update, could be Malware). Ex: TripWire
Unencrypted credentials/clear text
Credentials that are sent in clear text can be easily captured. Once an attacker captures credentials, they try to elevate privileges, establish a foothold, and maintain persistence.Pivot and potentially jump networks. Mistakes involved: System Configuration issue, Passwords shouldn't be stored online in clear text, accidentally typing pass in userid field
Certificate issues causes
Date/time not set correctly on cert. server, expired certs., revoked certs., use of SSL v TLS on web server
Wireless Scanners (& examples)
Ensures safety & security of Wi-Fi network - gathers info about Wi-Fi networks, detect rogue and valid access points, break weak encryption keys. Ex: Aerodump, Kismet/KisMAC, Netstumbler, Vistumber, inSSIDer
Baselines (for security configurations)
Established by govt. mandate, regulatory bodies, or industry req. Ex: PCI, HIPAA
subscription service, use case
In SaaS - Software as a Service (ie. cloud email - gmail, office 365, etc) In Network Defenses services; Firewall/IDS/IPS , web & app filtering, anti-virus/malware detection, patching
Containerization (Device Mgmt)
Isolate apps and control fx's as to sep. sensitive corporate info from personal use of a device
Anti-Virus/Anti-Malware Issues & Solutions
Issues: Pop-up Warning (hosts often ignore, end-user should be taken out of equation, Quarantine vs Removal, AV not updated (allows for zero-day attacks), False positives, Malware may only 'appear' to be quarantined to the software Solutions: Auto-update, Detach systems from Network, use multiple AV products, Manual removal of malware, Re-image system
Permissions Issues (software ex's)
Least Privilege violation. Privilege creep, inherited permissions, read-only vs write+execute privileges, insufficient permissions (results in other violations as employees get what they need). Solution: auditing, reporting, response ex: GPResult (group policy), AccessChk (Sysinternals)
Security configuration problems, causes of
Misconfigured/weak security config., not enabling security features, old firewall, disordered firewall rules, default passwords, missing updates/patches
exploitation framework (& examples)
Platforms for Pentesting & Risk Assessment. A structure of exploits and monitoring tools used to replicate attacks during a vulnerability assessment. Ex: Metasploit (simulator of known vulnerabilities), Canvas, Core, Kalie Linux, SET (Social Engineering Toolkit)
FTPS (Implicit)
Port 990 ; adds confidentiality (encryption) & integrity (hashing) to FTP
DEP (Data Execution Prevention)
Prevents malware from executing in memory space that is reserved for OS processes. Hardware or Software.
HIDS/HIPS (& Issues)
Provides sensors on each host that relay to a centralized management console (which compiles data to identify trends). Catches network-wide trends. issues: false positives, false negatives
TLS (Transport Layer Security)
Provides: Privacy - by symmetric encryption Msg Integrity - by msg authentication code Authentication - by PKI digit. certs. > Also, utilizes Forward Secrecy
Sanitization (Device Mgmt)
Remote Wipe; useful when devices are lost, stole, or employee is terminated.
SNMPv3
Simple Network Management Protocol version 3. A protocol used to monitor and manage network devices such as routers and switches. Ea. device has a software agent reporting config. settings & alerts (traps) to a central SNM server. >> v.3 Encrypts data
MAM (mobile application management)
Software enabling a company's IT department to manage mobile APPS on employees' mobile devices.
Password Crackers (& examples)
Software programs used to identify an unknown or forgotten password and assess password strength. Tools can enable you to type in hash and get password return in plain text. Ex: Brutus, Cain and Abel, John the Ripper (Unix, Linux, MacOs), THC Hydra
Anti-Virus/Anti-Malware
Software that runs on the computer to detect and eliminate malicious software. On-going real-time protection.
Vulnerability Scanner (& examples)
Software to scan a system (or range of IP addresses) for the presence of known vulnerabilities. Ex: Nessus, OpenVAS, Nexpose, Qualys, OWAS ZAP (web apps)
MBSA (Microsoft Baseline Security Analyzer)
Software used to determine whether windows is fully patched and configured securely.
DNSSEC (Domain Name Service Security)
Suite of IETF specs; provides a validation path for records (YES, provides - authentication, data integrity) (NOT, provides - confidentiality or availability)
Honeypots/Honeynets
Systems or networks exposed to capture malicious activity. Allows gathering of evidence, techniques, and ability to study attack strategies. Should NOT be on business network (bc vulnerable).
DLP (Data Loss Prevention)
Systems that monitor the contents of systems (workstations, servers, and networks) to make sure that confidential content is not deleted or removed.
Piconet
The pairing of 2+ mobile devices
Patch Management
The process of applying code supplied by a vendor to fix a problem in that vendor's software. Automate as much as possible. Process: Vendor notification, Testing, Staged Deployment, Reporting. Ex: SCCM ( Microsoft System Center Manager)
Time synchronization
The process of obtaining the exact same time on multiple hosts. Network Time Protocol (NTP) is a time synchronization protocol (of UDP) based on the official atomic clock. NTP servers must be: Redundant & Secure
Data sanitization tools (& examples)
The process of removing contents from a device or media so it is not recoverable. Ex: DBan, BCWipe, Cryptographic Erase (CE)
Data Exfiltration (& Solution)
The unauthorized transfer of data outside an organization; malicious or unintentional. Solution: DLP
Removable Media Control
Tools that can be used to restrict which removable media, such as USB flash drives, can be attached to a system. Can be applied locally on a system or throughout a network. Involves: Corporate policy, exception handling, maybe only using encrypted corporate owned devices, Scanning each media after use
Application (security) Issues
Unauthorized software, License compliance violation (checked by BSA, may involve fines).
Command Line Tools ( & examples)
Using Unix or Windows command prompt and running commands that pull info about security or health of system. Ex: native command line, SysInternals Suite (outruns & process explorer) A
Custom Firmware - Valid vs. Invalid uses
Valid - Forensics acquisition Invalid - Bypass policy
WAF
Web application firewall. A firewall specifically designed to protect a web application, such as a web server. Inspects the contents of traffic to a web server, can detect malicious content, and block it. OSI Layer 7
Protocol Analyzer (& examples)
aka Packet Sniffer; gathers packet level info across Network and makes into readable format. ex - Wireshark, TCP dump
Solutions for access violations
auditing (who's accessing what, where, when, how) , reporting (automated) , and response (incident response plan)
Authentication Issues
ex's: incorrect username or password, expired password, disabled or deleted account, poor passwords, avail. of authentication server, TFA/MFA not enabled, etc
Network scanners/mappers (& examples)
identify active hosts on a network; search through a range of IPs for active servers, patches, hosts, etc. systems & hardware; used for network inventory, single points of failure, network enumeration. Ex: Solarwinds, nmap/zenmap , Fing (iOS, android)
Ex of Command Lines
man, ping (communication), netstat (network status), tracert (trace route/path - where network packets are going), nslookup/dig, ipconfig, arp, tcpdump, nmap, netcat
man command
manual for Unix (#1 Command Line to know)
Personnel Security Issues ( & Solutions)
policy violation, insider threats, social engineering (phishing, spamming, etc), social media use, personnel email solutions: policies, security awareness training