hacking penn midterm

Risk Management

The process of identifying, analyzing, and responding to security risks

Risk Management Options

Accept risk, transfer risk, remove risk, or mitigate risk

Accept Risk

Choosing to tolerate a risk because mitigation costs more than the potential loss

Transfer Risk

Shifting risk to another entity such as through insurance or contracts

Remove Risk

Eliminating the system component or feature that introduces the risk

Mitigate Risk

Reducing risk through countermeasures or security controls

Asset Value (AV)

The total value of an asset being protected

Exposure Factor (EF)

Percentage of asset loss caused by a specific threat

Single Loss Expectancy (SLE)

Expected monetary loss from a single occurrence of a threat

SLE Formula

SLE = Asset Value × Exposure Factor

Annualized Rate of Occurrence (ARO)

Estimated frequency that a threat occurs within one year

Annualized Loss Expectancy (ALE)

Expected yearly loss from a threat

ALE Formula

ALE = SLE × ARO

Purpose of ALE

Determine if the cost of a security control is justified

Example ALE Calculation

If SLE = $250,000 and ARO = 0.05 then ALE = $12,500 per year

Threat

A potential event that could exploit a vulnerability

Vulnerability

A weakness in hardware, software, or configuration

Attack

An attempt to exploit a vulnerability

Risk

Probability that a threat will exploit a vulnerability and cause damage

Risk Formula

((Threat × Vulnerability) / Countermeasures) × Value

Countermeasure

A security control used to reduce risk

Reconnaissance

Gathering information about a target before an attack

Purpose of Reconnaissance

Identify technologies, systems, and vulnerabilities

Enumeration

Actively interacting with systems to gather detailed information

Difference Between Reconnaissance and Enumeration

Reconnaissance is passive while enumeration involves active interaction with systems

Footprinting

Collecting publicly available information about a target organization

Footprinting Sources

Websites, job postings, employee information, partner companies

Purpose of Footprinting

Identify technologies and possible attack surfaces

Footprinting Countermeasure

Remove or sanitize sensitive public information

Ethical Hacking

Security testing performed with permission

Penetration Testing

A structured process used to identify vulnerabilities

Purpose of Penetration Testing

Identify weaknesses before attackers exploit them

Penetration Tests Often Part Of

IT security audits

CIA Triad

Confidentiality, Integrity, Availability

Confidentiality

Ensuring information is accessible only to authorized users

Integrity

Ensuring data is accurate and not altered

Availability

Ensuring systems and data are accessible when needed

TCP/IP Port Numbers

Numerical identifiers used to identify application services

HTTP Port

80

Purpose of Port Numbers

Identify which application-layer protocol uses a transport service

IP Address

Unique numerical identifier assigned to a device on a network

IPv4 Address Length

32 bits

Dotted Quad Notation

Standard IPv4 format such as 148.100.100.4

Loopback Address

127.0.0.1 used by a host to refer to itself

DNS (Domain Name System)

System that translates domain names into IP addresses

Purpose of DNS

Allow humans to use readable names instead of IP addresses

DNS Resolution

Process of converting a domain name into an IP address

Domain Name

Human readable name used to identify internet resources

Top-Level Domain (TLD)

Last part of a domain name such as .com .org .edu

Domain Registrar

Company that sells and manages domain registrations

dnslookup

Command used to query DNS records

Purpose of dnslookup

Retrieve IP address and DNS information for a domain

whois

Command used to retrieve domain ownership information

ARIN (American Registry for Internet Numbers)

Organization responsible for allocating IP address blocks in North America

Purpose of Regional Internet Registries

Manage distribution and registration of public IP addresses

Address Resolution Protocol (ARP)

Protocol used to map IP addresses to MAC addresses on a LAN

ARP Broadcast

Broadcast asking which device owns an IP address

ARP Cache

Local table storing previously resolved IP to MAC mappings

arp Command

Command used to display ARP cache

DNS Cache Poisoning

Attack where false DNS information is inserted into a resolver cache

Impact of DNS Cache Poisoning

Users may be redirected to malicious websites

DNS Denial of Service Attack

Flooding DNS servers so they cannot respond to queries

Botnet

Group of compromised computers controlled by an attacker

DNS Amplification Attack

Small DNS queries generate large responses to overwhelm a victim

DNS Security Improvements

Randomized requests, restricted resolvers, replicated servers, DNSSEC

Randomized DNS Requests

Unpredictable port numbers and IDs used to prevent spoofing

Restricted DNS Resolvers

Only authorized users can query the resolver

Replicated DNS Servers

Multiple servers ensure availability if one fails

DNSSEC

Provides authentication and integrity for DNS responses

Split DNS

Separate internal and external DNS records

Purpose of Split DNS

Prevent exposure of internal network information

External DNS Contains

Public server information

Internal DNS Contains

Internal system information

Encryption

Process of converting plaintext into ciphertext

Plaintext

Readable original data

Ciphertext

Encrypted unreadable data

Decryption

Process of converting ciphertext back into plaintext

Cryptography

The practice of securing communication through encryption

Key

A value used in cryptographic algorithms

Kerckhoff’s Principle

Security should rely on secrecy of the key rather than secrecy of the algorithm

Symmetric Encryption

Encryption using a single shared key