Security+ 701

security control categories

technical controls, managerial controls, operational controls, physical controls

technical controls

the tech, hardware and software mechanisms that are implemented to manage and reduce risks

Managerial controls

involve strategic planning and governance of security

Operational Controls

procedures and measures that are designed to protect data on a day to day basis and are mainly governed by internal processes and human actions

Physical controls

tangible, real world measures taken to protect assets

6 basic types of security controls

preventive controls, deterrent controls, detective controls, corrective controls, compensating controls

preventive controls

proactive measures implemented to thwart potential security threats or breaches

deterrent controls

discourage potential attackers by making the effort seem less appealing or more challenging

detective controls

monitor and alert organizations to malicious activities as they occur or shortly after.

corrective controls

mitigate any potential damage and restore systems to their normal state

compensating controls

alternative measures that are implemented when primary security controls are not feasible or effective

directive controls

often rooted in policy or documentation and set the standards for behavior within an organization

gap analysis

process of evaluating the difference between an organizations current performance and its desired performance

steps in conducting gap analysis

define scope of the analysis, gather data on the current state of the organization, analyze the data to identify any areas where the organizations current performance falls short of its desired performance, develop a plan to bridge the gap

2 types of gap analysis

technical gap analysis, business gap analysis

technical gap analysis

involves evaluating an organizations tech infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions

business gap analysis

involves evaluating an organizations current business processes and identifying any areas where they fall short of the capabilities required to fully utilize cloud based solutions

plan of action and milestones (POA&M)

outlines specific measures to address each vulnerability, allocated resources, and set up timelines for each remediation task that is needed.

zero trust

demands verification for every device, user, and transaction within the network, regardless of its origin

two planes of zero trust

control plane, data plane

Control plane

refers to the overarching framework and set components responsible for defining, managing, and enforcing the policies related to user and system access within an organization.

adaptive identity

use adaptive identities that rely on real time validation that takes into account the users behavior, device, location, and more

threat scope reduction

limits users access to only what they need for their work tasks because this reduces the networks potential attack surface and is focused on minimizing the "blast radius" that could occur in the event of a breach.

policy driven access control

entails developing, managing, and enforcing user access

data plane

ensures that policies and procedures are properly executed

subject/system

refers to the individual or entity attempting to gain access

policy engine

cross references the access request with its pre defined policies

policy administrator

used to establish and manage access to policies

policy enforcement point

allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks

threat actor

individual or entity responsible for incidents that impact security and data protection

threat actor attributes

specific characteristics or properties that define and differentiate various threat actors from one another

types of threat actors

unskilled attackers, hacktivists, organized crime, nation-state actors, insider threats

unskilled attackers

individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks

Hacktivists

cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause

Organized crime

well structured groups that execute cyber attacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud

Nation-State actors

Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries

insider threats

security threats that originate from within the organization

Shadow IT

it systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval

threat vectors and attack surfaces

message-based, image-based, file-based, voice calls, removable devices, use of unsecured networks

Honepots

decoy systems or servers designed to attract and deceive potential attackers, simulating real world it assets to study their techniques

Honeynets

creates and entire network of decoy systems to observe complex, multi-stage attacks

Honey files

decoy files placed within systems to detect unauthorized access or data breaches

honey tokens

fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used

Threat actors intent

specific goal or objective that a threat actor is aiming to acheive through their attack

threat actors motivation

underlying reasons or driving forces that pushes a threat actor to carry out their attack

types of threat actor motivations

data exfil, philosophical or political beliefs, blackmail, ethical reasons, espionage, revenge, service disruption, disruption or chaos, financial gain, war

Data exfiltration

unauthorized transfer of data from a computer

financial gain

achieved through various means, such as ransomware attacks, or through banking trojans that allow them to steal financial information in order to gain unauthorized access into victims bank accounts

Blackmail

attacker obtains sensitive or compromising info about an individual or an organization and threatens to release to the public unless demands are met

Service disruption

to disrupt the services of various organizations, either to cause chaos, make a political statement , or to demand a ransom

philosophical or political beliefs

attacks that are conducted due to the philosophical or political beliefs of the attackers and common motivation for hacktivists

ethical reasons

contrary to malicious threat actors, ethical hackers, also known as authorized hackers, are motivated by a desire to improve security ex: pentesters

Revenge

targeting an entity that they believe has wronged them

Disruption or chaoes

creating and spreading malware to launching sophisticated cyberattacks against the critical infrastructure in a populated city

espionage

spying on individuals, organizations, or nations to gather sensitive or classified information

war

cyber warfare can be used to disrupt a country's infrastructure, compromise its national security, and to cause economic damage

2 basic attributes of a threat actor

internal threat actors, external threat actors

internal threat actors

individuals or entities within an organization who pose a threat to its security

external threat actors

individuals or groups outside an organization who attempt to breach its cybersecurity defenses

script kiddie

individual with limited technical knowledge and use pre made software or scripts to exploit computer systems and networks

false flag attack

attack that is orchestrated in such a way that it appears to originate from a different source or group

Advanced Persistent Threat (APT)

used synonymously with a nation-state actor because of their long term persistence and stealth

stuxnet worm

sophisticated piece of malware that was designed to sabotage the Iranian governments nuclear program

threat vector

the means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out and unwanted action

attack surface

Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment

BlueBorne

set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware

BlueSmack

type of denial of service attack that targets Bluetooth-enabled devices by sending a specially crafted logical link control and adaptation protocol packet to a target device

tactics, techniques, and procedures (TTPs)

specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors

Disruption Technologies and strategies

bogus DNS entries, creating decoy directories, dynamic page generation, use of port triggering to hide services, spoofing fake telemetry data

Bogus DNS

Fake DNS entries introduced into a systems DNS server

Decoy directories

fake folders and files placed within a systems storage

dynamic page generation

used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor

port triggering

security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

fake telemetry data

system can respond to an attackers network scan attempt by sending out fake telemetry or network data

Physical security

measures taken to protect tangible assets, like buildings, equipment, and people, from harm or unauthorized access

Bollards

short, sturdy vertical posts designed to control or prevent access to an area or structure

fences

barriers that are made of posts, wire, or boards that are erected to enclose a space or separate areas

Brute force

trying all the possibilities until you break through

surveillance system

organized strategy or setup designed to observe and report activities in a given area

access control vestibule

double door system that can only open one door at a time

piggybacking

involves two people, with and without access, entering an area

tailgating

following closely to gain information without the victim realizing

forcible entry

act of gaining unauthorized access to a space by physically breaking or bypassing its barriers, such as windows, doors, or fences

tampering with security devices

manipulating security devices to create new vulnerabilities that can be exploited

Confront security personnel

direct attack or confrontation of security staff

Pan-tilt-zoom (ptz)

can move the camera or its angle to better detect issues during an intrusion

Cipher Lock

A physical or electronic lock requiring a code to open the door.

False Acceptance Rate (FAR)

A measurement of the percentage of invalid users that will be falsely accepted by the system.

Equal Error Rate (EER)

also called crossover error rate (CER) which uses a measure of the effectiveness of a given biometrics system to achieve a balance

Social Engineering

Manipulate human psychology to gain unauthorized access to systems, data or physical spaces

impersonation

Pretending to be someone you aren't to gain access to sensitive information

Brand Impersonation

Pretending to represent a legitimate organization to gain access to sensitive information

Typosquatting

Attacker registers a domain name using coming typos to impersonate a website

Watering Hole Attack

Targeted form of cyber attack where attackers compromises specific website or service that their target is known to use

Pretexting

Giving some amount of information that seems true so that the other party will fill in the gaps

Phishing

Fraudulent attack using deceptive emails from a trusted source to trick individuals into disclosing personal information like passwords or credit card numbers.

spear phishing

Used by cyber criminals, who are more tightly focused on a specific group of individuals or organizations

Whaling

Form of spearfishing that involves targeting high profile individuals like CEOs or at CFO's

Business Email Compromise (BEC)

Advanced fishing attack that leverages internal email accounts within a company to manipulate Employees into caring out malicious actions for the attacker

Vishing

Phone based attack in which the attacker deceives victims into divulging, personal or financial information