1/895
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
CIA Triad
Confidentiality, Integrity, Availability
Confidentiality
Keeps information private and protected from unauthorized access.
Social Engineering
Users accidentally disclosing too much information - Greatest threat to Confidentiality
Sniffing
Capturing data on the network using a packet or protocol analyzer
How to stop sniffing
Encrypt data
Media Reuse
If there is sensitive information on a drive and we want to reuse the drive, we need to scrub information
Integrity
The accuracy and consistency of data, ensuring that it remains unaltered during storage and transmission.
Hashe
used to verify data integrity by producing a unique fixed-size output from variable-sized input
MACS (Message Authentication Codes)
Provides reasonable authenticity and integrity
Not strong enough to be non-repudiation
Due to usage of symmetric key
Digital Signatures
Can detect both malicious and accidental modifications
Requires overhead
Provides true non-repudiation
Stronger than MACS due to usage of asymmetric keys
Availability
the assurance that systems and data are accessible when needed, ensuring continuous operation and reducing downtime.
How to provide availability
Redundancy
Content Delivery Networks
Data Dispersion
How to take down systems (aka stop availability)
DoS, DDoS, Disasters
Non-repudiation
Person-Based Authenticity + Integrity
Accomplished through digital signatures
Provides assurance of the origin of a message and the contents have not been modified
What does non-repudiation accomplish
Provides assurance of the origin of a message and the contents have not been modified
Access Control
Identification, Authentication
Authorization
DAC (Discretionary Access Control)
Most windows systems
Security of an object is at the discretion of the objects owner
Access is granted through an ACL (Access Control List)
Commonly implemented in commercial products and all client-based system
Identity Based
How are security labels and categories defined?
By the organization
RBAC (Role-Based Access Control)
Access is granted based on roles within an organization
Users are assigned roles with predefined permissions
Enforces least privilege by restricting access to job-related tasks
Scalable for large organizations
Roles group permissions (For RBAC)
Simplifies management
Security Controls
Implementation or enforcement of the CIA triad for a system or data asset
Controls are divided into four categories
Technical Controls
Control implemented as a system
Hardware, software, firmware
May also be called logical security controls
Executed by computer systems (instead of people)
Implemented with technology
Operational Controls
Implemented by people, rather than system
Focused on the day to day procedures of an organization
Focused on managing risk
Examples of Technical Controls
Firewalls
Encryption
IDS
Examples of operational controls
Configuration management
Systems backups
Patch management
Managerial Controls
Provides oversight of the information system
Examples of managerial controls
Organizational security policy
Risk assessments
Security awareness training
Physical Controls
Deter, detect, and prevent unauthorized access, theft, damage, or destruction of material assets
Examples of physical security controls
Data backups
Firewalls
Asset Management
Preventive Controls
Proactive
Stop attack (even temporarily)
Examples of preventive security controls
Encryption
Firewalls
AV Software
Deterrent controls
Proactive
Discourage attacks
Examples of deterrent controls
Warning signs
Lighting
Fencing/Bollards
Corrective Controls
Reactive
Recovering data from backup copies
Applying software updates and patches to fix vulnerabilities
Developing and implementing IRPs to respond to and recover from security incidents
Activating and executing DRPs to restore operations after a major incident
Detective controls
Reactive
Helps indicate a compromise to the system
Example of detective controls
Log monitoring
Security audits
CCTV
IDS
Vulnerability scanning
Compensating Controls
Primary control is not available or is not providing enough security
Example of compensating controls
Backup power systems
MFA
Application Sandboxing
Network Segmentation
Directive Controls
Managerial controls that come from leadership
Implemented through policies and procedures
Example of directive controlsd
IRP
AUP
Purpose of Functional controls
Gap analysis
Functional Controls
Preventive, detective, corrective, deterrent, compensating, directive
Gap analysis
Where you are
Skills needed to get where you’re going
Where you need to be
Security controls
Technical, operational, managerial, physical
Security Zones
Grouping different security levels into different areas or zones
As you go farther into the system, the less trusted the zone is
Movement between security zones
Interfaces between zones have some type of access control to restrict movement between zones
Like biometric and guard stations
Or firewalls
Median Security Zone
Between the internet and internal network
Called DMZ
Demilitarized Zone
Zones of Trust (Security Zones)
Untrusted - External Firewall - Semi Trusted - Internal Firewall - Trusted
Internet accessible servers
Placed in DMZ
Called bastion hosts
Placed in between the internet and internal network
Zero trust
Assumes there is no inherent trust
Each independent entity must authenticate individually before access is allowed
How to implement zero trust
break down our network into smaller and easier to manage planes (Control and data plane)
Data Plane
Processing of packets, frames and network data
Where actual security function happens
Encryption, NAT, filtering, etc
Control Plane
Where administrative functions are performed
Controls how data is allowed to move through the data plane
How is the control plane set up?
Policies and rules
Routing tables
NAT tables
NAT Tables
Tracks IP addresses and port number reassignments
Helps the router determine what to do with incoming packets
Within a router or NAT-Enabled Device
NAT-Enabled Device
DSL Modem and WIFI Routers
Policy Enforcement Points (PEP)
The guard for trust zones that host one or more enterprise resources
Enables, monitors, and eventually terminates connections between subjects and resources
Examples of Policy Enforcement Points (PEP)
CASB
APs
VPNs
Policy Decision Point (PDP)
Combines with PEP and a policy administrator
Any system where policy created
Adaptive identities
Example of PDP systems where policy is created
RADIUS
Network Policy Servers
Adaptive identities can be used based on (from PDP)
Location
IP addresses
Other criteria to indicate needs for additional security
Policy Information Point (PIP)
Integration with active directory
So RADIUS can forward requests or use the active directory
To determine user rights and permissions
PIP consists of
Identity
Credential and Access Management (ICAM)
Endpoint Detection and Response (EDR)
Security Analytics
Data Security Systems
Site layout and access
Layers of security
Zones with different security controls/access levels
ID badges
Barriers and access points
Fencing
Types of Locks
Conventional
Deadbolt
Electronic
Smart card
Biometric
Multifactor
Turnstiles/Mantraps
Two doors to enter
Can’t have both doors open at the same time
Fail-Secure
will lockdown all data inside
Fail-safe
Changes to a secure state in case of a failure, error, or unexpected conditions
Alarm Systems
Circuit
Motion
Duress
Circuit Alarm System
Open or closed
Detect intrusion through a barrier
Motion Alarm System
Radar infrared
Detect intrusion in a space
Duress Alarm System
Fixed or mobile
Surveillance
Guard dogs
Security guards
Video/CCTV
Lighting
Physical access logs
Staff
Hardware Security
Lockable cabinets
Device locks
Safes
Protected distribution
Environmental Controls
Site location
Accessibility
Utilities
Known hazards
Building control
Building Controls
Dust
Temperature/humidity (HVAC)
HVAC for computer systems
Hot and Cold Aisles
Optimize airflow
Place servers back to back
Hot aisle / cold aisle
Do not allow contamination of cooled air by warmed air
Radio Frequency Interference (RFI)
Power cabling, motors, microwaves
Competing devices (multiple access points, Bluetooth)
Can cause data errors in wireless communications
Electromagnetic Interference (EMI)
Equipment or cabling in close proximity to the noise source
Fiber Optic Cabling best because light is not as susceptible to interference
Fire Prevention
Regular inspection
Control ignition sources and flammable material
Fire doors
Fire Detection
Smoke/flame detectors/alarms
Fire emergency procedures
Escape/Evacuation plan
Escape routes
Drills
Fire Suppression
Personal fire extinguishers
Sprinklers
What type of fire extinguisher do we want (3 types - A, B, C)
Type C
Types of sprinklers
Dry pipe
After the alarm, there is a period of time till water is released
Pre-action
Releases water immediately but will only activate if the plastic tab holding everything back melts
Gives a degree of protection to false positives
Halon
Suppressed fires quickly
Kills people though 💀
Outlawed because of its effect on the environment
Clean Agent
Release CO2 or some other chemical
Baseline Configuration
Minimum acceptable security configuration
Changes should be prevented without
Proper authorization and as a result of the change management process
Change Management
prevents new vulnerabilities from being introduced to a stable environment
Process of Change Management
Owner of system or data submits change request
Request is evaluated by CCB for risk and cost/benefit analysis
Change is approved or denied
If approved change is tested in an environment isolated from product
Change is scheduled
Backout/rollback plans are created
Change is rolled out
Owner manages change and ensures everything is working thereafter
Maintenance is schedule
SOPs are updated
CCB
Change control board
SOPs
Standard operating procedures
Restricted Activities
Authorization for scope change is limited very specifically for items described in the scope document
Changes that are required to implement the change may need to be added to the scope of work
Change control processes should document the next steps
Implications of Change Control
System/service downtime
Restarts of systems or applications
Legacy applications may fail
Dependent services may not be available
Updating Documentation
Make sure that versioning, revisions, updates, upgrades are added to
Network diagrams
Support documentation
Policies and procedures
PAIN
Privacy, Authenticity, Integrity, Non-Repudiation
P in PAIN
Prevents unauthorized disclosure of information
A in PAIN
Verifies the claimed identity
I in PAIN
Detects modification or corruption
N in PAIN
Combines authenticity and Integrity
Sender cannot dispute having sent a message nor its contents
Cipher Text Equation
Plain Text + Initialization Vector + Algorithm (aka Cipher) + Key