module 4

Cellular

A communications network which the coverage area is divided into hexagon-shaped cells to optimize frequency reuse and improve capacity. Each cell has its own base station and can connect to mobile devices.

Jailbreaking

Circumventing the installed built-in limitations on Apple IOS devices

Sideloading

Downloading unofficial and unapproved apps

hardening mobile devices

Steps that can be taken to make mobile devices more resilient to attacks.

Mobile device management (MDM)

Tools that allow a device to be managed remotely by an organization.

embedded system

Computer hardware and software contained within a larger system that is designed for a specific function.

real-time operating system (RTOS)

An operating system that is specifically designed for an SoC in an embedded system. It manages hardware resources and ensures timely processing of tasks in real-time applications.

high availability

An RTOS that is tuned to accommodate very high volumes of data that must be immediately processed for critical decision making. Also, making servers always accessible.High availability refers to systems that are consistently operational and accessible, minimizing downtime to ensure continuous service availability.

hardening RTOS

Steps that can be taken to make a real-time operating system more resilient to attacks.

Industrial control systems (ICSs)

Systems that control locally or at remote locations by collecting, monitoring, and processing real-time data to control machines.

supervisory control and data acquisition (SCADA)

A system that controls multiple industrial control systems (ICS).It gathers real-time data from remote locations and provides centralized monitoring and control capabilities.

Resilience

The ability to resist attacks and recover from disruptions, ensuring continuous operation and data integrity.

Endpoint devices

Devices that connect to a network and serve as points of access for users or systems, often including sensors, actuators, and control interfaces.

executable files attack

trick the vulnerable application into modifying or creating executable files on the system to execute malicious code or gain unauthorized access.

System tampering

use the vulnerable application to modify special sensitive areas of the operating system and take advantage of this modifications to gain elevated privileges or alter system behavior.

Process spawning control

Trick the vulnerable appilication into spawning executable files on the system

Application development lifecycle model

A framework that outlines the stages of developing an application, from planning and design to implementation, testing, deployment, and maintenance.

Waterfall model

uses a sequential design process: as each stage is fully completed, the developers move on to the next stage. This means that once a stage is finished, developers cannot go back to a previous stage without starting over again. This model emphasizes thorough planning and documentation, making it easier to manage and predict project outcomes.

Agile model

Was designed to overcome the disadvantages of the waterfall model. instead of following a rigid sequential design process, the agile model takes an incremental approach. Developers might start with a simplistic project design and begin to work on small modules. the work on these modules is done in short “sprints” and at the end of each sprint, the projects priorities are again evaluated as tests are being run this approach allows for software issues to be incrementally discovered so that feedback and changes can be incorporated in to the design before the next sprint is started.This model promotes flexibility and customer collaboration, allowing for changes to be made throughout the development process.

SecDevOps

is the process of intergrating secure development best practices and methodologies into application software development and deployment processes using the agile model. It is a set of best practices designed to help organizations implant secure coding deep in the heart of their applications and to ensure that security is a fundamental aspect of the software development lifecycle.

input validation

Accounting for errors such as incorrect user input (entering a file name for a file that does not exist)

Normalization

Organizing data within a database to minimize redundancy

Code signing

Digitally singing applications

Obfuscation/ Camouflaged code

Writing an application in such a way that its inner functionality is difficult for an outsider to understand This is often achieved through techniques such as renaming variables, removing comments, and using complex coding structures.

Dead code

A section of an application that executes but performs no meaningful function

Server-side execution and validation or client-side execution and validation

Input validation generally uses the server to perform validation but can also have to perform validation but can also have the client perform validation by the user’s web browser

Raspberry pi

can perform almost any task that a standard computer device can, such as browsing the internet, playing high-definition video, creating spreadsheets, and playing games. It can also be used to control a specialized device. A low-cost, compact computer used for programming and electronics projects.

Open-Source Intelligence

can be found in a wide variety of places on the internet, and this data is used by attackers and security professionals alike to further their separate purposes. We won’t concern ourselves with legitimate OSINT usage here; rather we’ll discuss the ways in which this information can be misused to attack systems.

Closed/Proprietary

this information is not public and comes from a specific source. It is typically a commercial solution and costs money to use. It is also high-quality information than the information you would find in open-source intelligence.

Vulnerability Databese

are databases of known vulnerabilities and details on how they have been exploited. These databases produce “feeds” of the most recent cyber incidents and describe current threats and attacks. The purpose of these databases is to maintain, collect, and disseminate information about computer vulnerabilities.Vulnerability Databases are essential resources that catalog known software and hardware vulnerabilities, providing detailed information about their exploitation, mitigation strategies, and the latest threats to enhance cybersecurity awareness and protection.

Public and private information sharing centers

are formed through partnerships that empower members to benefit from the cyber and technological expertise available in the public, private, an academic sectors.

Privacy

An organization that is the victim of an attack must be careful not to share proprietary or sensitive information when providing IOCs and attack details.

Speed

Automated indicator sharing (AIS) enables the exchange of cyberthreat indicators between parties through computer-to-computer communication.

Trusted Automated Exchange of Intelligence Information (TAXII)

is an application protocol for exchanging cyberthreat intelligence over HTTPS that facilitates the sharing of structured threat information.

Dark web

is a hidden network of internet sites that can only be accessed through a specialized web browser. It is used to keep internet activity private and anonymous, which can be useful in both legal and illegal applications. It comprises a part of the deep web that contains content not indexed by traditional search engines.

Key risk indicators (KRIs)

are metrics of the upper and lower bounds of specific indicators of normal network activity. These indicators may include the total network logs per second, number of failed remote logins, network bandwidth, and outbound email traffic. KRIs can be categorized by Indicators of compromise (OIC) and Automated Indicator Sharing (AIS)

Indicators of compromise

is a piece of digital forensic evidence that indicates that an endpoint or network has been compromised. These digital clues, like physical evidence, assist information security professionals in identifying malicious activity or security threats such as data breaches, insider threats, or malware attacks. are specific artifacts observed on a network or in operating system files that indicate potential intrusions. They help in detecting and responding to attacks.

Automated Indicator Sharing (AIS)

Are systems that allow federal and non-federal entities to exchange cyber threat indicators and defensive measure in real time.

Structured threat information

Are systems that standardize the sharing of threat information.data formats and protocols used to facilitate the exchange of cyber threat intelligence.

eXpression (STIX)

Is a community-driven XML structured language for describing cyber threat information in a consistent manner so that it can be shared, stored, and analyzed. It is also the standard terminology for IOCs and indicating relationships between them.

Trusted Automated Exchange of Intelligence Information (TAXII)

defines how cyber threat information can be shared through services and message exchanges. It is specifically designed to support STIX information which it accomplishes by defining an API that is compatible with common sharing models. It is also a protocol for providing threat intelligence between clients and server via HTTPS and REST APIs.

Predictive Analysis

uses statistical algorithms on historical data to predict future cyberattacks in real time. When combined with machine learning, predictive analysis provides organizations with the tools they need to protect their security infrastructure from potential threats before they occur. It can be used in conjunction with threat monitoring to help discover IOCs and tell organizations about incoming threats.

Threat maps

Illustrate cyber threats overlaid on a diagrammatic representation of geographical area. They are also known as cyberattack maps and provide real-time information of computer security attacks that are taking place.

File and Code Repositories

Are tools and services that store source code and automate software builds. They may be hosted internally or privately on third-party sites such as GitHub, GitLab, SourceForge, and Bitbucket. Repositories of information can be used to find threats proactively.

Secure staging and deployment processes

In your development life cycle helps ensure that any software you develop is properly tested and secured before released to consumers.

Development

Where all the initial work is being done. This stage focuses more on creating functionality than testing for flaws. At the development stage, the requirements for the application are established, and it's confirmed that the application meets the intended business needs before the actual coding begins. process includes coding, designing, and unit testing in a controlled environment.

Testing

It is important to put code to the test before deploying to the production environment. This is the stage where developers can perform initial test of code and solutions. The stage thoroughly tests the application for any errors that could result in a security vulnerability.

Staging

Tests to verify that the code functions as intended. Think of this stage as an enhanced version of a testing stage. The test stage be used to discover and fix obvious and damaging vulnerabilities; the staging environment is an extension of this testing that evaluates the code against real-world data to get a better idea of how it will perform in the production environment and make any final tweaks, as needed

Production

The application is released to be used in its actual setting. This goes a bit beyond just “the final

Data Normalization

The process of evaluating and storing incoming data so that it only exists in one form. This eliminates redundant data and ensures the integrity of the data. It helps in organizing data to improve efficiency and consistency, often through predefined rules or structures.

Stored Procedures

Is prepared code that can be saved and reused multiple times. For example, if you have an SQL query that you write repeatedly, you can save it as a stored procedure and simply call it to execute.

Obfuscation and Camouflage

The goal of code is to prevent any unauthorized party from accessing and understanding an application’s logic, which prevents them from extracting data, tampering with code, or exploiting vulnerabilities. Obfuscating data is done by converting it to another form that cannot be easily read by a human or by hiding data within other data. The former of these methods is often used to obfuscate Java Script by removing whitespace and compacting the code into a confusing mess of characters. while these seemingly random characters won’t make much sense to an average person, computers have no problem reading the compact JavaScript codeand can execute it as intended. Camouflage further enhances security by disguising the actual data within an application.

Code Reuse

Is high quality code that has been tested, can be safely reused, and is encouraged. Dead code is code that is no longer used and should be eliminated. When developing a program, you find yourself repeatedly looking to implement the sam, or similar, functionality repeatedly within your code. You may need to develop a tool that does four different things, but you may already have code from a previous project that does one or more of those things, so yo simply reuse your old code rather than writing more.

Dead code

Refers to any chunk of code that never actually gets executed but exists within an application. It can be code that was left behind because you removed some main capability, but forgot to delete all of its supporting code. Logic errors within an application’s code can cause the application to execute or perform differently than you expected.

Server-Side Execution

Refers to code from an application that is run directly on the hosting server, and validation on the server side protects against any attempt by a program/user to bypass validation on the client side. Server-side validation acts as a failsafe in case client-side validation is bypassed.

Client-side execution

Means the code is executing on the client machine which is interacting with an application. Validation on the client side saves time, as it removes the need to communicate back and forth with the application server, but it can be easily bypassed by a malicious user.

User of third-party libraries and software development kits (SDKs)

Code repositories and functions that are utilized in software development to speed creation of an application. Be careful when using third party libraries and software development kits (SDKs). These entities provide modular functionality to your code, but they are essentially a form of code reuse; you are just reusing some else’s code rather than your own.

Data exposure

Is unintentional data los or revealing sensitive data through programming errors. this happens when an application or procedure contains an issue which allows unauthorized parties to access sensitive information (SSN, password, credit card info, login token) Encrypting data can help reduce exposure, providing an extra layer of protection when access control fail.