Cybersecurity Principles

Cybersecurity flash cards for final exam

What are the  5 principles to follow --Cybersecurity Architecture

Defense in Depth, Least Privilege, Separation of Duties, Secure by Design and Keep it Simple.

Explain Defense in Depth

1. Defense in depth is focusing on not relying on a single security system to keep the system safe but rather implementing multiple layers of security controls to protect information and resources.

2. For mobile device management, defense in depth would appear as making sure the security policy is followed on the device; ensuring it has enough security patches, sufficient password length or implementing endpoint detection and response capability or antivirus software to detect and mitigate potential threats.

3. Modern techniques use MFA to protect the security of a computers infrastructure and for a network standpoint fire walls may be implemented

Explain Principle of Least Privilege

1. The principle of least privilege means only giving access rights to people that are authorized and only for the intended time it takes to complete the job.

2. It emphasizes restricting user permissions to the minimum necessary to perform their tasks, reducing potential risks associated with excessive access rights.

3. Privilege creep is the gradual accumulation of access rights an employee might receive as they gain a new position that might exceed what an individual needs to perform their job.

Explain Separation of Duties  

1. Separation of Duties is not having a single point of control forcing collusion between two or more bad actors to compromise the system, ensuring no one person can compromise the system.

2. By separating these duties, it can prevent insider threats from having authorized access in case of retaliation.

3. It can also stop outside threats as any hackers will need multiple points of authorization to get sensitive data, potentially deterring them from continuing their attack.

Explain Secure by Design

1. Security by Design ensures security measures are built into a design from start to finish.

2. You look at the security aspects of the requirements, build security into the design, ensure secure coding principles, installations are done on secure systems, tests data is guarded and in production continue testing security.

3. It aims to reduce risks, minimize the attack surface, and prevent vulnerabilities by building security into the foundation

Explain Keep it Simple Stupid

1. A design principle advocating for simplicity in design and implementation, emphasizing that systems should be straightforward and easy to understand to minimize errors and enhance usability.

2. It promotes efficiency by encouraging designers to avoid unnecessary complexity.

3. It makes it difficult enough for attackers to be deterred from getting in; while making it easy enough for security analysts to bypass so they have easy access to information needed.

Explain Security through Obscurity

1. Security through obscurity means relying on secret knowledge in order to make the system safe.

2. it aims to reduce risks, minimize the attack surface, and prevent vulnerabilities by building security into the foundation.

3. When used as part of a systems architecture it can make it harder for unauthorized users to exploit vulnerabilities as it is harder for them to find what their looking for.

Confidentiality

1. Confidentially is accomplished through access control using authentication and authorization.

2. Keeping confidentiality within an organization is important as it protects important system data and ensures security within the organization from outside sources.

3. One form of confidentiality is Role Based access control may also be implemented to limit internal threat actors so that even if they are a part of an organization there’s a buffer on who can view and do within the systems infrastructure.

Access Control

1. Access control is a security technique that regulates who or what can view or use resources in a computing environment.

2. It enforces policies for authentication and authorization, ensuring only authorized users have access to sensitive data and systems.

3. If an authorized user tried to access a system or device with access controls implemented, in order to check that the user is who they say they are, multifactor authentication may be used to ensure any important information is protected.

Encryption

1. Encryption is the other component as it encodes messages between two parties and hides it from any outside party from viewing anything within the message.

2. Encryption keeps confidential information secret from any threat actors or hackers and prevents it from being readable if intercepted.

3. For Encryption messages are encrypted with a cryptographic key and as they are sent between two people the message is unreadable to any person who doesn’t have a key.

Integrity

1. Integrity is the quality that says a message or transaction is true to itself.

2. It ensures data accuracy and reliability throughout its lifecycle, preventing unauthorized modifications.

3. Examples of integrity can include system logs, so if someone makes any changes within a system, the system logs the changes as they occur

Availability

1. Availability means the system and data should be available to authorized users and they can get access to it when needed.

2. Putting protections in place such as role based access and other forms of access control ensures everyone has easy access to the data they need while also ensuring they are authorized to access that data.

3. Something simple as company files that are organized in folders by department or purpose can contribute to availability as it give the employees organized and efficient methods to search and navigate important files or data.

Denial of Service (DoS)

1. Dos is Denial of service which is flooding a systems traffic to the point legitimate users can’t use the service they’re trying to access.

2. It’s a malicious attempt to make a server, network, or application unavailable to legitimate users by overwhelming it with excessive traffic or malicious requests.

3. This could have repercussions on business operations, causing severe downtime, financial losses, and reputational damage by saturating bandwidth or exhausting system resources.

Distributed Denial of service (Distributed Dos)

1. The bad threat actor uses multiple systems to flood a web server with traffic.

2. The user takes over the many consoles and use many different networks.

3. . This can cause company websites to crash and also compromise the availability of information within a system.

SYN Flood

1. SYN flood you have a three-way handshake: Someone sends information or a SYN message to the server and gets an acknowledgement.

2. Then the user is supposed to respond with a SYN act, tthe server reserves resources for that session so if a bad guy sends a SYN it reserves a resource.

3. Then he sends an acknowledge but doesn’t respond with an SYN act and continues this process until the legitimate user isn’t able to send any messages.

IT Architect vs Cybersecurity Architect -- Role  and  mindset   

1. The role and the mindset behind cybersecurity architecture and IT architecture is that IT architecture is framed as building an IT system.

2. Cybersecurity architecture is framed as working within an IT systems security infrastructure.

3. An IT architect will come up with an architecture overview diagram that shows the inner relations of the higher components of the system.