Cybrary: Security+ : M2 - Pt. 2

SRTP (Secure Real-Time Transport Protocol)

A security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. Initiated via SIP (session initiation protocol) Secures video & audio transmissions Has minimal effect on the IP quality of the VoIP service.

MCM (mobile content management)

Controlling access to data and file storage, such as cloud-based services

SSL (Secure Sockets Layer)

Depreciated! Provides integrity and confidentiality via authentication and encryption; Replaced by TLS.

POP3S and IMAPS

External email securing Uses SSL to secure emails in transit bt a POP or an IMAP server & the client

Configuration Compliance (examples)

MBSA, CIS, Nessus

FTPS (Explicit)

Port 21; adds confidentiality (encryption) & integrity (hashing) to FTP

SFTP

Secure FTP. An extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using port 22.

Storage Segmentation (Device Mgmt)

Segregating business and personal storage

NFC (Near Field Communication)

Standards for contactless comms. bt devices; chips generate electromagnetic fields; often used for payment systems such as Google or Apple pay

Bluetooth

Utilizes PAN (personal area network, 2+ devices, short range) through spread spectrum, freq. hopping, and full-duplex signal.

Connection Methods of Mobile Devices

Wi-Fi, Bluetooth, NFC (near-field comms.), SATCOM (satellite comms. - old fashioned), ANT (wireless, <30m), Infrared, USB/Fireware (physical cxn) \

Logs & event anomalies (& areas for problems & solutions)

collecting data for monitoring and audit purposes. Potential problems involve: Must be read & monitored (not too much or too little), Centralized logging systems, Logging standards Solutions: Centralized logging, SIEM, SOCC

forward secrecy

component of TLS; ensures that if one key is compromised, subsequent keys (from the past) will not also be compromised

Web Security Protocols

- SSL - TLS - HTTPS Use Cases: User credentials, Session cookies

SNMPv3 Use Cases

- Validating that a packet has not been modified in transit - Eliminating plain text SNMP data on network - Securely monitoring interface encounters, bandwidth usage, cpu load, and traps

Device Deployment Models

1. BYOD - bring your own device (highest risk) 2. CYOD - must meet approved list 3. COPE - company-owned provided equip. (allows co. control over device) 4.VDI - virtual desktop infrastructure (no storage locally, all centralized)

Cellular Comms Components

1. Cellular layout (towers) 2. Base station (connects to the towers) 3. Mobile switching office (centerpiece of ops) 4. PSTN

Network Address Allocation

- Allocating IP Addresses - DHCP to assign internal IP addresses - Network Subnets, so segregate multiple hosts & control network traffic

SSH (Secure Shell)

- Encrypted console communication - Used often for remote administration - Includes secure file transfer (SFTP) and secure file copy (SCP)

Device Security Concepts

1. Full device encryption 2. Screenlocks/lockout 3. Passwords & Pins 4. Biometrics 5. Context-aware authentication

LDAP (Lightweight Directory Access Protocol)

A communications protocol that defines how a client can access information, perform operations, and share directory data on a server. Contains sensitive info about org. & its users - often a point for attackers. LDAPS (LDAP Security) uses SSL/TLS TCP Port 636

MDM (mobile device management)

A formalized structure that enables an org. to account for all the different types of devices used to process, store, transmit, and receive organizational data; includes config. mgmt, managing apps, and enforcing policies

Banner Grabbing (& example)

A method used to gain information about a remote system. It identifies the operating system and other details on the remote system. ex: Netcat

S/MIME (Secure/Multipurpose Internet Mail Extensions)

A standard for encryption (confidentiality) and signing (authentication) of MIME (email) data Requires PKI & User Certs. Internal Email Securing

Steganography (approaches & examples)

A technology that makes it possible to embed hidden information in other media, often pictures. Approaches: least significant bit insertion, masking and filtering, algorithms and transformations. Ex: OpenPuff, Camouflage, Steghide, rSteg

host firewall

A type of software firewall installed on a host and used to protect the host from network-based attacks.

UTM & NGFW

An all-in-one firewall appliance. Includes Network IDS/IPS, URL filtering, Content inspection, Application inspection

Application Whitelisting

An inventory of applications and associated components (libraries, configuration files, etc.) that have been pre-approved and authorized to be active and present on the device.

Asset Management

Asset Inventory Step #1 for NIST & CIS controls Use automated tools to maintain asset list involves ability to track if lost/stolen and wipe data remotely Mobile computers and removable storage Includes software mgmt (preventing install of unapproved apps)

Baseline Deviation

Baseline by establishing normalization, system or network activity. Issues: Baseline not est., baseline corrupted, out of date (patches)

File Integrity Checker (& Ex)

Calculates hashes on system files as a baseline (Periodically recalculates the hashes on the files and compares them with the hashes in the baseline). When alerted, determine what has changed & why (could be update, could be Malware). Ex: TripWire

Unencrypted credentials/clear text

Credentials that are sent in clear text can be easily captured. Once an attacker captures credentials, they try to elevate privileges, establish a foothold, and maintain persistence.Pivot and potentially jump networks. Mistakes involved: System Configuration issue, Passwords shouldn't be stored online in clear text, accidentally typing pass in userid field

Certificate issues causes

Date/time not set correctly on cert. server, expired certs., revoked certs., use of SSL v TLS on web server

Wireless Scanners (& examples)

Ensures safety & security of Wi-Fi network - gathers info about Wi-Fi networks, detect rogue and valid access points, break weak encryption keys. Ex: Aerodump, Kismet/KisMAC, Netstumbler, Vistumber, inSSIDer

Baselines (for security configurations)

Established by govt. mandate, regulatory bodies, or industry req. Ex: PCI, HIPAA

subscription service, use case

In SaaS - Software as a Service (ie. cloud email - gmail, office 365, etc) In Network Defenses services; Firewall/IDS/IPS , web & app filtering, anti-virus/malware detection, patching

Containerization (Device Mgmt)

Isolate apps and control fx's as to sep. sensitive corporate info from personal use of a device

Anti-Virus/Anti-Malware Issues & Solutions

Issues: Pop-up Warning (hosts often ignore, end-user should be taken out of equation, Quarantine vs Removal, AV not updated (allows for zero-day attacks), False positives, Malware may only 'appear' to be quarantined to the software Solutions: Auto-update, Detach systems from Network, use multiple AV products, Manual removal of malware, Re-image system

Permissions Issues (software ex's)

Least Privilege violation. Privilege creep, inherited permissions, read-only vs write+execute privileges, insufficient permissions (results in other violations as employees get what they need). Solution: auditing, reporting, response ex: GPResult (group policy), AccessChk (Sysinternals)

Security configuration problems, causes of

Misconfigured/weak security config., not enabling security features, old firewall, disordered firewall rules, default passwords, missing updates/patches

exploitation framework (& examples)

Platforms for Pentesting & Risk Assessment. A structure of exploits and monitoring tools used to replicate attacks during a vulnerability assessment. Ex: Metasploit (simulator of known vulnerabilities), Canvas, Core, Kalie Linux, SET (Social Engineering Toolkit)

FTPS (Implicit)

Port 990 ; adds confidentiality (encryption) & integrity (hashing) to FTP

DEP (Data Execution Prevention)

Prevents malware from executing in memory space that is reserved for OS processes. Hardware or Software.

HIDS/HIPS (& Issues)

Provides sensors on each host that relay to a centralized management console (which compiles data to identify trends). Catches network-wide trends. issues: false positives, false negatives

TLS (Transport Layer Security)

Provides: Privacy - by symmetric encryption Msg Integrity - by msg authentication code Authentication - by PKI digit. certs. > Also, utilizes Forward Secrecy

Sanitization (Device Mgmt)

Remote Wipe; useful when devices are lost, stole, or employee is terminated.

SNMPv3

Simple Network Management Protocol version 3. A protocol used to monitor and manage network devices such as routers and switches. Ea. device has a software agent reporting config. settings & alerts (traps) to a central SNM server. >> v.3 Encrypts data

MAM (mobile application management)

Software enabling a company's IT department to manage mobile APPS on employees' mobile devices.

Password Crackers (& examples)

Software programs used to identify an unknown or forgotten password and assess password strength. Tools can enable you to type in hash and get password return in plain text. Ex: Brutus, Cain and Abel, John the Ripper (Unix, Linux, MacOs), THC Hydra

Anti-Virus/Anti-Malware

Software that runs on the computer to detect and eliminate malicious software. On-going real-time protection.

Vulnerability Scanner (& examples)

Software to scan a system (or range of IP addresses) for the presence of known vulnerabilities. Ex: Nessus, OpenVAS, Nexpose, Qualys, OWAS ZAP (web apps)

MBSA (Microsoft Baseline Security Analyzer)

Software used to determine whether windows is fully patched and configured securely.

DNSSEC (Domain Name Service Security)

Suite of IETF specs; provides a validation path for records (YES, provides - authentication, data integrity) (NOT, provides - confidentiality or availability)

Honeypots/Honeynets

Systems or networks exposed to capture malicious activity. Allows gathering of evidence, techniques, and ability to study attack strategies. Should NOT be on business network (bc vulnerable).

DLP (Data Loss Prevention)

Systems that monitor the contents of systems (workstations, servers, and networks) to make sure that confidential content is not deleted or removed.

Piconet

The pairing of 2+ mobile devices

Patch Management

The process of applying code supplied by a vendor to fix a problem in that vendor's software. Automate as much as possible. Process: Vendor notification, Testing, Staged Deployment, Reporting. Ex: SCCM ( Microsoft System Center Manager)

Time synchronization

The process of obtaining the exact same time on multiple hosts. Network Time Protocol (NTP) is a time synchronization protocol (of UDP) based on the official atomic clock. NTP servers must be: Redundant & Secure

Data sanitization tools (& examples)

The process of removing contents from a device or media so it is not recoverable. Ex: DBan, BCWipe, Cryptographic Erase (CE)

Data Exfiltration (& Solution)

The unauthorized transfer of data outside an organization; malicious or unintentional. Solution: DLP

Removable Media Control

Tools that can be used to restrict which removable media, such as USB flash drives, can be attached to a system. Can be applied locally on a system or throughout a network. Involves: Corporate policy, exception handling, maybe only using encrypted corporate owned devices, Scanning each media after use

Application (security) Issues

Unauthorized software, License compliance violation (checked by BSA, may involve fines).

Command Line Tools ( & examples)

Using Unix or Windows command prompt and running commands that pull info about security or health of system. Ex: native command line, SysInternals Suite (outruns & process explorer) A

Custom Firmware - Valid vs. Invalid uses

Valid - Forensics acquisition Invalid - Bypass policy

WAF

Web application firewall. A firewall specifically designed to protect a web application, such as a web server. Inspects the contents of traffic to a web server, can detect malicious content, and block it. OSI Layer 7

Protocol Analyzer (& examples)

aka Packet Sniffer; gathers packet level info across Network and makes into readable format. ex - Wireshark, TCP dump

Solutions for access violations

auditing (who's accessing what, where, when, how) , reporting (automated) , and response (incident response plan)

Authentication Issues

ex's: incorrect username or password, expired password, disabled or deleted account, poor passwords, avail. of authentication server, TFA/MFA not enabled, etc

Network scanners/mappers (& examples)

identify active hosts on a network; search through a range of IPs for active servers, patches, hosts, etc. systems & hardware; used for network inventory, single points of failure, network enumeration. Ex: Solarwinds, nmap/zenmap , Fing (iOS, android)

Ex of Command Lines

man, ping (communication), netstat (network status), tracert (trace route/path - where network packets are going), nslookup/dig, ipconfig, arp, tcpdump, nmap, netcat

man command

manual for Unix (#1 Command Line to know)

Personnel Security Issues ( & Solutions)

policy violation, insider threats, social engineering (phishing, spamming, etc), social media use, personnel email solutions: policies, security awareness training