domain 1: introduction to security fundamentals

Confidentiality

ensures data is not accessed by unauthorized individuals

Integrity

ensures data is not tampered with

Availability

ensures data is accessible to authorized users when needed

Threats to confidentiality

• Intentional attacks

• Accidental triggers

• Authentication and authorization failures

• Hardware or software failures

• Improper media sanitization: remove data

Countermeasures To confidentiality

• Encryption

• Access control

• Administrative policies

Threats to integrity

• Intentional alteration

• Accidental modifications

• System malfunction

• Environmental factors

Countermeasures to integrity

• Cryptographic hash: figures out if file has been modified

• Checksum: detects basic error

• Database integrity: enforce integrity constraints

Threats to availability

• Malicious attacks

• Supply system failures

• Device or system failures

• Environmental issues

Countermeasures To availability

• Clusters

• Backup procedures

• Security devices

Non-repudiation

it is a service that provides proof that a particular action or event has occurred, ensuring that it cannot be denied by any party involved.

Tools for Non-repudiation

• Audit trails

• Digital signatures

• Secure time-stamping

Access to your private key can allow hackers to create digital signatures in your name.

If private key is compromised

1. Revoke the private key

2. Notify the contacts

3. Generate new key pair

4. Distribute the public key

AAA

Identification: provides identity

Authentication: verified identity

Authorization: grants access to

Accounting: tracks activity

Multi factor authentication

• Something you know: him, password, security question. Least pensive to implement.

• Something you have: RSA, tokens, activity, identity, cards, smartphones.

• Something you are: biometrics, fingerprint, retina scans, speech recognition. Most expensive to implement but most secure.

Remote Authentication Dial-in User Service:

it offered centralized authentication, authorization, and accounting for users accessing network service.

Remote Authentication Dial-in User Service Example

remote user attempts to access switch, using username and password in which the switch sends credential username and password to radius server. The credentials are managed centrally on the radius server using radius protocol In which it verifies the credentials. If credentials are valid or not, it sends an access accept or reject message back to the network switch. Just switch, then grant access to a user to use network.

Characteristics of radius

• Operate as a client server protocol running at the application layer

• Encrypts only the password during transmissions

• Uses UDP traditionally (does not guarantee the data packet will reach it destination, best effort delivery)

• Used as the back and protocol for 802.1X authentication

• Uses TCP with newer implementation

Terminal access controller access control system plus (TACACS+)

It is similar to radius, but it is a Cisco propriety networking pro protocol .

• Clients initiate the connection and send request

• Server response to these request

• Server cannot initiate communication with the client

Characteristics

• It is incompatible with the older versions

• It uses TCP to provide reliable connection

• It encrypts both  username and password

• It separates the task of authentication authorization and accounting offering flexibility

DIAMETER

It is derived from radius, but is not back where compatible

• It supports all forms of network connectivity

• It allows server to initiate communication (peer-to-peer)

• It uses TCP (transmission control protocol) or SCTP(stream control transmission protocol)

• Highly scalable

• It is more robust intecting and correcting errors compared to radius

Decentralized access control (DAC):

it is a cyber security approach where decision-making authority over access permissions is dedicated to individuals or managers closer to the resources.

Decentralized access control (DAC) pros and cons

Pro:

• Managers or resource owners at individual sites or department assign access permissions directly to employees

Con

• Variation in enforcement

Pro:

• Decisions are taken faster

Con:

• Conflict of interest

Pro:

• it improves efficiency for large scale operations

Com:

• security gaps

Gap analysis

it is a systematic process to assess the difference between an organizations, current security posture and its desired state.

Gap analysis steps

Gap analysis:

1. Define the desired state; determined security objectives and goals. Select framework, standards or compliance requirements.

2. Evaluate the current security controls.

       Key areas to assess

• network security

• Endpoint protection

• Access management

• Data security

• Incident response

• Remote access capabilities

• Training and awareness

3. Identifying gaps and vulnerabilities: these are weaknesses in your system, processes, or policies that could be exploited by attackers or result in operational inefficiencies.

4. Assess risk: this involves understanding the impact of a potential issue and the likelihood of it occurring.

5. Develop and action plan

Benefits of security gap analysis

• improved security posture

• Enhanced risk management

• Compliance readiness

• Informed decision making

• Strengthens organizational resilience

Tools and  techniques for security gap analysis

• security questionnaires and checklist: used to systematically, assess an organization, security posture against predefined standards, and best practices.

• Vulnerability scanning tools: identify, vulnerabilities and systems, networks, or applications.

• Security rating platforms: evaluate the security posture of organizations or Internet connected devices and provide a security score that reflects an organization cybersecurity hygiene.

• Penetration testing tools: used to simulate, real-world attacks, identify exploitable vulnerabilities, in systems or applications.

Defense in depth:

multiple defensive mechanisms are implemented at different layers to protect critical data and systems.

Network security architecture sequence

Traffic —> perimeter security —> internal routing layer —> firewall —>intrusion prevention system —> endpoint security —> filtered traffic

Zero trust network

never trust always verify

• treats, external and internal users with the same level of scrutiny and applies consistent security measures

Zero trust network core principles

• least privilege: only the minimum permissions required to complete their task.

• continuous verification:

• Contextual authentication: evaluate beyond username and password including the device environment, IP address etc.

• Multi factor authentication

• Identity, authentication, and authorization management

• Micro-segmentation

• Encryption

Zero trust network core features

• equal security for everyone

• Identify verification

• Device not trusted by default

• Access on a need to know basis

Zero trust control planes

• adaptive identity: it is a dynamic and context aware approach to authentication and authorization that ensures that trust is continuously validated throughout session.

• Beyond validation of usernames and passwords

      -user location, time of access, device, behavior patterns