Vulnerability vs. Threat
A vulnerability is a weakness that can be use to harm us, meanwhile a threat is an entity that seeks to exploit a weakness and
... [Show More] harm us.
Logical Controls
• Passwords
• Encrptions
• Firewalls
• Intrusion Detection Systems
• Logical Access Controls
Utility
usefulness of data
Interception
attack against confidentiality
Concept of defense in depth for layers of confidentiality
Data Layers
Encryption
Access Controls
Vulnerability Analysis
Host Layers
Password Hashing
Logging
Parkerian Hexad
confidentiality
integrity
availability
possession or control
authenticity
utility.
CIA vs Parkerian Hexad
CIA Triad
Advantages: The model is focused on security concepts in terms of data
Disadvantages: The model is very restrictive in evaluating every situation
Parkerian Hexad
Advantages: The model is more extensive than the CIA triad and descriptively detail in specification the nature of the attack or issue
Disadvantages: The Parkerian hexad is less known that the CIA, and discusses the definition of integrity differently.
Verfication vs authentication
Identity verification is a step below identity authentication in security. So while identity verification deals with simple measures like showing your ID to someone, authentication takes more step to ensure that the ID isn't fake or for information security purposes we authenticate a claim of identity.
Mutual Authentication
process in which the client authenticates to the server and the server authenticates to the client?
Permanence
biometric factor describes how well a characteristic resists change over time
Types of multifactor authentication
A Hardware Token
LCD screens
Finger print scanner
Identity Cards Problem
They can be taken
They can by replicated
They can be modified or inaccurate (old/ out of date).
Multifactor authentication scheme
Automated shutdown/log off after 5 minutes of inactivity
Web cam monitor
User specific user name and password
Biometric finger scanner/ retina scanner
Authorization vs Access control
Authorization discusses what you are allowed and permitted to do, while access controls are measures to ensure that authorization isn't exploited by targets.
Brewer and Nash Model
MAC vs DAC
MAC in terms of access control administers sets of levels and each user is linked with a specific access level. So MAC can access all levels that aren't greater than it's own level. DAC has a list of user that can access is, so access is provided by the identity of the user not authorization level.
ABAC
Confused Deputy Problem
Privilege Escalation
Access control lists vs Capabilities
Logging Benefits
Monitoring and logging are beneficial to security because it gives accountability to and liability to users, and keeping that information as a record tells users that misuse resources, help us in detecting and preventing intrusions, and in preparing materials for legal proceedings.
Authentication vs Accountability
Accountability is a security step above authentication, so basically once a user has proper proof that they're who they are (authentication), they then need accountability of what they're doing as a user and it's recorded.
Nonrepudiation
Nonrepudiation is the high possibility that someone cannot deny something they're are accused of. So basically having undeniable proof against someone.
Things to Audit
Software Licensing
Network Data / Internet usage
Accountability
Accountability through monitoring and logging on systems and networks gives us the ability to maintains higher security posture. It also gives us the tools to achieve non-repudiation by helping us deter those that would misuse our resources, detect and prevent intrusions, and assist us in preparing materials for legal proceedings. It gives incentives to users for following proper guidelines in environments.
Vulnerability assessments vs. Penetration Testing
Vulnerability assessments generally involve using vulnerability scanning tools to find vulnerabilities.
Penetration testing is less practical and involves mimicking the actions of an attacker. Testing might bring to light the severity of the vulnerability.
Caesar Cipher
Substitution
Block vs. Stream Cipher
A block cipher takes a predetermined number of bits, known as a block, in the plaintext message and encrypts that block Meanwhile, a
stream cipher encrypts each bit in the plaintext message, 1 bit at a time. Block ciphers can act as stream ciphers by setting 1 bit block sizes.
ECC Classification
ECC is a classification within itself. The name classifies all mathematical problems on which its cryptographic algorithm is based. Asymmetric Key Algorithms are one of its classifications.
Kerckhoffs' principle
The second: The system must not require secrecy and can be stolen by the enemy without causing trouble.
Substitution Cipher
A substitution cipher is a type of encryption that involved the replacement of character's with others in a orderly fashion.
Symmetric key cryptography
Symmetric key cryptography, utilizes a single key for both encryption of the plaintext and decryption of the cipher text.
Asymmetric Key Cryptography
Asymmetric key cryptography, also known as public key cryptography, utilizes two keys: a public key and a private key. The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone
DES vs 3DES
DES is a block cipher based on symmetric key cryptography and uses a 56-bit key; however, when the DES was broken by a project, it was replaced by 3DES who's key length was longer. So it's using the DES but three times.
Public Key Cryptography
The public key is used to encrypt data sent from the
sender to the receiver and is shared with everyone. We see public keys included in e-mail signatures, posted on servers that exist specifically to host public keys, posted on Web pages, and displayed in a number of other ways. Private keys are used to decrypt data that arrives at the receiving end and are very carefully guarded by the receiver.
Kismet as a Tool
Kismet is used as tool to detect wireless access points, and thus has the potential break through networks.
Concept of segmentation
The network concept of segmentation is best explained as the division of network into smaller networks, with each acting as a chain to one another called a subnet. Because we can control the flow of traffic between subnets, allowing or disallowing traffic based on a variety of factors, and even blocking the flow of traffic entirely if necessary this allows promising security and protection for systems. Additionally, network segmentation can prevent unauthorized network traffic or attacks from reaching portions of the network to which we would prefer to prevent access, as well as making the job of monitoring network traffic considerably easier.
Permissive BYOD Policy
Devices violate confidentiality because they will have traces of their connection to the network of the enterprise that can be seen by threats.
3 Main Types of Protocols
Nmap Port Scanner
Tool used to scan for devices on a network, to include fingerprinting the operating system and detecting versions of services on open ports
Honeypot
A honeypot can detect, monitor, and sometimes tamper with the activities of an attacker. Honeypots are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker. To falsely attract an attacker and monitor their malicious activity
Signature vs. Anomaly Detection (IDSes)
Signature detection involves searching network traffic for a series of bytes or packet sequences known to be malicious. A key advantage of this detection method is that signatures are easy to develop and understand if you know what network behavior you're trying to identify. The anomaly detection technique centers on the concept of a baseline for network behavior. This baseline is a description of accepted network behavior, which is learned or specified by the network administrators, or both. Events in an anomaly detection engine are caused by any behaviors that fall outside the predefined or accepted model of behavior.
Virtual Private Networks
Tools used to send sensitive data over an untrusted network?
DMZ
Networks through the use of a firewall.
Stateful vs Deep packet Firewall
Stateful firewalls looks at the contents of each packet in the traffic individually and makes a gross determination, and are able to keep track of the traffic at a granular level. Deep packet inspection firewalls add more layers of intelligence to our firewall capabilities. Deep packet inspection firewalls are capable of analyzing the actual content of the traffic that is flowing through them. Stateful firewalls can only look at the structure of the network traffic itself in order to filter out attacks and undesirable content
Three Priorities for Physical Security
Protecting People
Protecting Data
Protecting Equipment
Categories of Control for Physical Security
Detterent
Detective
Preventive
Why use Raid
Protect important data against media storage failures
Main concern of physical security
Protecting people [Show Less]