Intro to Cybersecurity

Cryptography key concepts

- confidentiality - integrity - authentication - non-repudiation - cryptoanalysis - cipher - plaintext - ciphertext - encryption - decryption

antivirus/antimalware

- specialized software that can detect, prevent & even destroy a computer virus or malware - uses malware definitions - scans the system & search for matches against the malware definitions - these definitions get constantly updated by vendors

collisions

2 different plaintexts having the same hash

OWASP (Open Web Application Security Project)

An organization that maintains a list of the top 10 errors found in web applications.

XOR

Exclusive Or, is the "secret sauce" behind modern encryption

Technical implementations for availability

RAIDS, Clusters, ISP Redundancy, & Back-Ups

Who created the 1st national policy on cybersecurity?

Ronald Reagan

known ciphertext attack

Statistical tools can be used to attempt to discover a pattern in the ciphertexts, which can then be used to reveal the plaintext or key

Decryption

The process of converting a ciphertext into plaintext.

Cryptoanalysis

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.

threat

an event, natural or man-made, able to cause negative impact to an organization.

Stream Cipher

encrypt or decrypt bit per bit

Authentication concept: identity proof -

on most systems, it will ask you to provide identity & authentication

Payment Card Industry Data Security Standard (PCI DSS)

payment card industry data security standard - credit card, prevent identity theft

Authentication concept: kerberos -

protocol used for implementing co sign on

proxy firewall

- acts as intermediary server - proxies terminate connections & initiate new ones, like a MITM - there are 2 3-way handshakes between 2 devices

Incident Response Process: Phase 1 - prepare

- conduct a criticality assessment - carry out a cyber security threat analysis, supported by realistic scenarios and rehearsals - consider the implementations of people, process, technology & information - create an appropriate control framework - review your state of readiness in cyber security IR

stateful firewall

- have state tables that allow the firewall to compare current packets w/ prev packets - could be slower than packet filters but far more secure - application firewalls can make decisions based on layer 7 info

Incident Response Process: Phase 2 - respond

- identify cyber security incident - define objectives & investigate situation - take appropriate action - recover systems, data, & connectivity

Incident Response Process: Phase 3 - Follow up

- investigate incident more thoroughly - report incident to relevant stakeholders - carry out a post incident review - communicate & build on lessons learned - update key info, controls, & processes - perform trend analysis

stateless firewall

- no concept of "state" - also called packet filter - filter packets based on layer 3 & 4 info (IP & port) - less secure

normative & compliance

- rules to follow for a specific industry - enforcement for the gov., industry or clients - event if the company or org don't want to implement those controls, for compliance

packet-filtering firewall

A firewall that examines each packet and determines whether to let the packet pass. To make this decision, it examines the source address, the destination addresses, and other data.

Substitution Cipher

A method of encryption and decryption in which each letter in the alphabet is replaced by another.

CIA Triad

Confidentiality, Integrity, Availability

Asymmetric Cryptography

In this Cryptography a Key Pair - Private and Public Key is used. Private Key(encryption) is kept secret and the Public Key(decryption) is widely distributed; slower than symmetric encryption

What is the 1st national policy on cybersecurity?

National Policy of Telecommunications and Automated Information Systems Security

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access.

SOX (Sarbanes-Oxley Act)

Requires companies to review internal control and take responsibility for the accuracy and completeness of their financial reports.

data integrity (X.800 Style)

The assurance that data received are exactly as sent by an authorized entity

Known Plaintext Attack (KPA)

The attacker has access to a plaintext message and its corresponding ciphertext and tries to derive the correlation between two to determine the encryption key

BCP & Disaster Recovery

Understand the company in order to prepare the BCP. A BIA it's also good to have a clear understanding of the critical business areas. Also indicates if a security incident will trigger the _______ or _____________________

Symmetric Cryptography

Uses the same secret key to encode and to decode a message

Frameworks/ baselines / best pracices

a basic structure of objectives and goals required to meet the criteria of an individual course

exploit

a defined way to breach the security of an IT system through a vulnerability

vulnerability

a flaw, loophole, oversight, or error that can be exploited to violate a system security policy.

pentesting/ethical hacking

a method of evaluating computer & network security by simulating an attack on a computer system or network from external & internal threats

Application gateway firewalls

a network device or computer that serves as a firewall and an intermediary between internal computers and computers on the internet

Virus

a piece of malicious code that spreads from one computer to another by attaching itself to other files using self replication.

Business Continuity Plan (BCP)

a plan that specifies how to resume not only IT operations but all business processes in the event of a major calamity

Worms

a self-replicating program able to propagate itself across a network, typically having a detrimental effect, such as turning the computer into a zombie.

Governance: Policies

a set of baseline rules

risk

a situation involving exposure to danger; the probability of a vulnerability being exploited.

incident management component: response team -

a team that receives reports of security breaches, conducts analyses of the reports and responds to the senders

Authentication concept: Mutual authentication -

a type of authentication process used to communicate to systems. ex: MS-CHAP v2

Cryptographic attack: Brute force

an attack based on trial & error, & effectively would work through submission of many passwords or fast traces to hope that eventually it will guess correctly.

incident management component: events -

an observed change to the normal behaviour of a system, environment, process, workflow or person.

Malware (Malicious Software)

any undesired or unauthorized piece of software running on a host either to disrupt operations or to use the host resources for its benefit.

two types of firewalls

application-level & packet-filtering

Authentication (X.800 Style)

assurance that communicating entity is the one claimed; have both peer-entity & data origin ________________

SYN flooding attack

attacker establishes many bogus TCP connections, no resources left for "real" connections

encryption, authentication, access controls, & physical security

can force confidentiality

e-discovery

data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention & backup.

tradeoff

degree of communication w/ outside world, level of security

Technical implementations of non-repudiations

digital signatures & logs

Governance: Procedures

each policy may have a _____ associated w/ details regarding the operative process

Block Cipher

encrypts or decrypts in blocks or several sizes, depending on the algorithm

XML Gateway

examines the payload of the ___ message. - uses port 80 on a firewall.

hash cryptography

function provides encryption using an algorithm and no key; provides integrity verification

Access criteria for authorization by:

groups time frame & specific dates physical location transaction type

What are the 2 main types of security threats?

human threats & natural threats

integrity

implemented to verify & validate if the information that we sent or received hasn't been modified by an unauthorized person of the system

The OCTAVE Method

is an InfoSec risk evaluation methodology that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls

incident management component: incident -

is an event that negatively effects the confidentiality, integrity, &/or availability at an organization in a way that impacts the business

Firewalls

isolates organization's internal net from larger internet, allowing some packets to pass, blocking others

availability

makes sure that information & data is always available when needed

1st point to consider during vulnerability assessments:

many systems are shipped with known & unknown security holes and bugs, & insecure default settings

2nd point to consider during vulnerability assessments:

many vulnerabilities occur as a result of misconfigurations by a system admin

SHA-2

newer & recommended hash algorithm

Plaintext

normal text that has not been encrypted

SHA-1 & MD5

older hash algorithms prone to collision

Ciphertext

plaintext that was transformed into unreadable gibberish using encryption

Governance: strategic & tactic plans

plans based on the goals & objectives for the organization

access control (X.800 Style)

prevention of the unauthorized use of a resource

non-repudiation (X.800 Style)

protection against denial by one of the parties in a communication

Data Confidentiality (X.800 Style)

protection of data from unauthorized disclosure

Graham-Leach-Bliley Act (GLBA) (Financial Services Modernization Act of 1999)

repealed a 1933 law that barred the consolidation of financial institutions and insurance companies. Included within ____ are multiple sections relating to the privacy of financial information. Companies must provide written notice to consumers of their privacy rights and explain the company's procedures for safeguarding data.

Availability (X.800 Style)

resource accessible/usable

post incident

root-cause analysis, understand the difference between error, problem and isolated incident. Lessons learned & reports are key

IP spoofing attack

router can't know if data " really" comes from claimed source

Cryptography

secret writing; secure communication that may be understood by the intended recipient only

Authentication concept: SID's vs DACL's -

security ID(active directory): unique ID's givien to objects and subjects discretionary access control list: a type of access control that allows the user to give access to their own data to whomever they want

incident management component: investigation -

seeks to determine the circumstances of the incident; collect evidence; chain of custody

Demilitarized Zone (DMZ)

sometimes referred to as a perimeter network or screened subnet, is a physical or logical subnetwork that contains & exposes an organization's external facing services to an untrusted, usually larger, network such as the internet

there are 3 primary types of cryptography:

symmetric, asymmetric, & hash

hashes or algorithms

technical controls that can be implemented to show integrity

Security Policies

technical policies that are derived from logical business policies

Social Engineering

techniques that trick a person into disclosing confidential information

Confidentiality

the act of holding information in confidence, not to be released to unauthorized individuals

security mechanisms

the combination of hardware, software, and processes that enhance IP security

cipher

the generic term for a technique (or algorithm) that performs encryption

Incident Response

the monitoring & detection of security events on a computer or a computer network & the execution of proper resources to those events

Authorization

the process of allowing somebody to access a specific object.

Governance

the processes that ensure the effective & efficient use of IT in enabling an org to achieve its goals

Public Key Infrastructure (PKI)

the system for issuing pairs of public and private keys and corresponding digital certificates

Information Security Analyst

this position conducts information security assessments for organizations & analyzes the events, alerts, alarms, and any info that could be useful to identify any threats that could compromise the organization.

Information Security Auditor

this position is in charge of testing the effectiveness of computer information systems, including the security of the systems & reports their findings

Rainbow tables (cryptographic attacks)

use a limited amount of info or entity, or files, & they actually contain 3 hash passwords that we can check against hash customers, that makes the attacks a lot faster

automated systems

using SIEM, SOA, UBA, big data analysis, honeypots/honeytokens, AI or other technologies we could enhance the mechanism to detect & control incidents that could compromise the tech environment

Non-repudiation

valid proof of the identity of the data sender or receiver