Intro to InfoSec - Introduction/Overview

Hack The Box - Introduction to Information Security

Client

The node (PC/laptop/computer/phone) through which one can access resources and services via “The Internet”

Internet

a term for the vast Interconnected Network of servers that offer resources, services, and applications (i.e., your banking website, Hack The Box, Facebook)

Server

a specialized type of computer which manages, stores, and processes data, providing services and applications to other computers or devices (known as clients) over a network

Web Server

A server that hosts websites and serves web pages to clients over the Internet, handling requests via HTTP or HTTPS protocols.

Database Server

A server which manages and provides access to databases, ensuring data integrity and availability of data for applications and users

DNS (Domain Name System) Servers

Servers which translate domain names into IP addresses, which enables a user to access websites and its services (services which are provided by other Server types)

CIA Triad is comprised of:

confidentiality, integrity, availability

Confidentiality

• Ensures that information is accessible only to those authorized to have access to it

• Protects against unauthorized disclosure of information

How is confidentiality implemented?

• encryption

• access controls

• secure communication channels

Integrity

• Maintains and assures the accuracy, trustworthiness, and completeness of data over its entire lifecycle

• Protects against unauthorized modification of information

How is integrity implemented?

Through measures like:

• hashing/checksums and digital signatures

• data validation processes

• regular data audits to check for data accuracy

Availability

• Ensures that information is accessible to authorized users and processes when needed

• Protects against the disruption of access to information

How is availability implemented?

• redundant storage

• backups

• disaster recovery planning

• protective strategies against denial-of-service (DOS) attacks

Network

When multiple servers or computers are connected and communicate with each other, it’s called a Network

Cloud

Refers to data centers (typically owned by an outside company such as AWS, Azure, or Google Cloud) that offer interconnected Servers for companies and individuals to use. Useful because they allow users to quickly scale based on their real-time needs.

Blue Team

The team responsible for the internal security of the company; defends against cyber attacks

Red Team

Made up of Ethical Hackers/Pen Testers; this team simulates an actual attack on the company's systems in order to find its weaknesses.

Purple Team

This team consists of both Blue Team and Red Team members working together to enhance the organization's security.

Digital Transformation

The term used to refer to organizations/businesses bringing more services, systems, and data online

Castle Analogy - The Treasure

Your valuable data and info that needs protection from cyber criminals

Castle Analogy - The Castle Walls

Firewalls, defensive mechanisms, and encryption; anything to keep outsiders from getting in.

Castle Analogy - The Guards

Security protocols and access controls; measures that monitor who enters and leaves the castle.

Castle Analogy - The Knights

Penetration testers who simulate attacks against the "castle" (the system) in order to test the castle's defenses

Castle Analogy - Treasure Expansion

Digital transformation which "expands" the "castle's treasure" (aka expansion of data and info connected to the network, or the addition of new services with more zero-day vulnerabilities) which attracts more theives (i.e., the addition of an AI chatbot to a company's website)

Castle Analogy - The Thieves

Cyber criminals/threats who are constantly looking for ways to breach the castle's defenses.

Just like a castle must strengthen its defenses as it and its treasures grow, businesses/orgs must ___

Enhance their InfoSec measures as they move more services online

In the digital age, information/data is more valuable than ___.

oil

Possible Consequences of a Security Breach (list 4)

Financial Loss, Reputational Damage, Legal Ramifications, and National Security Threats

Generalized List of InfoSec Assets (list 8 assets)

Network Security, Application Security, Operational Security, Disaster Recovery and Business Continuity, Cloud Security, Physical Security, Mobile Security, Internet of Things (IoT) Security

Risk

Refers to the potential for a malicious event to occur and the amount of damage it could cause.

How is risk typically quantified?

In terms of how likely it is to happen and the severity of its impact.

Risk encapsulates both ___ and ____.

threats; vulnerabilities

Threat

A potential cause of an incident that could result in harm to a system or its organization

____ exploit the _____ of a system.

Threats; vulnerabilities

Vulnerability

A weakness in the system that could be exploited by a threat

What two factors must be present in addition to a vulnerability in order for a system to actually be compromised?

1. A threat capable of exploiting the vulnerability

2. The damage that results from the exploited vulnerability is significant enough for an organization to be concerned about it

List three potential forms that vulnerabilities can come in (not comprehensive list)

Possible options:

1. Software bugs

2. Misconfigurations

3. Weak security protocols and processes (i.e. protocols that allow for weak passwords)

4. Physical (i.e., server in a room with an unlocked door, server resides in a building that is within a flood plain)

How are risk, threat, and vulnerability all interconnected?

• A risk represents the potential for damage when both a threat and a vulnerability exist together

• A threat is what could cause that damage if it exploits the vulnerability

• A vulnerability is the weakness in the system that allows the threat to cause damage.

InfoSec Roles - Chief Information Security Officer (CISO)

• Oversees the entire information security program

• Sets overall security strategy that pen testers evaluate

InfoSec Roles - Security Architect

• Designs secure systems and networks

• Creates the systems that pen testers attempt to breach

InfoSec Roles - Penetration Tester

• Identifies vulnerabilities through simulated attacks

• Actively looks for exploits and vulnerabilities within a system, legally and ethically

InfoSec Roles - Incident Response Specialist

• Manages and responds to security incidents

• Often works in tandem with pen testers by responding to their attacks, and sharing/collaborating with them afterwards to discuss lessons learned

InfoSec Roles - Security Analyst

• Monitors systems for threats and analyzes security data

• May use pen test results to improve monitoring

InfoSec Roles - Compliance Specialist

• Ensures adherance to security standards and regulations

  • i.e., Health Insurance Portability and Accountability Act (HIPAA), Anti-Money Laundering (AML), Know Your Customer (KYC), and General Data Protection Regulations (GDPR)

Non-repudiation

• Ensures a party cannot deny the authenticity of their digital signature on a document or the sending of a message that they originated

• Important in e-commerce and legal contexts

How is non-repudiation implemented?

• digital signatures

• audit logs

Authentication

• Verifies the identity of a user, process, or device

• Crucial for ensuring Confidentiality

How is authentication implemented?

• passwords

• biometrics

• multi-factor authentication (MFA)

Privacy

• Focuses on proper handling of sensitive personal information (i.e., personally identifiable information or PII)

• Ensures compliance with data protection regulations (i.e. HIPAA or GDPR)

How do organizations implement privacy measures?

• data minimization (or, only collecting data you absolutely need to for the functionality of your app or service)

• consent management

List the seven Key InfoSec Processes:

1. Risk Assessment

2. Security Planning

3. Implementation of Security Controls

4. Monitoring and Detection

5. Incident Response

6. Disaster Recovery

7. Continuous Improvement

InfoSec Processes - Risk Assessment

• Identifies and evaluates potential threats and vulnerabilities

• Determines the potential impact of security breaches (threats which exploit vulnerabilities)

• Helps prioritize security efforts based on the likelihood of the threat and the impact of it on an organization

InfoSec Processes - Security Planning

• Develops strategies to address identified risks

• Creates policies and procedures to guide security efforts

• Allocates resources for security initiatives

InfoSec Processes - Implementation of Security Controls

• Puts security plans into action

• Involves deploying technical solutions and enforcing policies

• Includes both preventative and detective controls

InfoSec Processes - Monitoring and Detection

• Aims to identify security incidents as quickly as possible

• Continuously watches for security events and anomalies (things outside of the ordinary)

• Uses tools like SIEM (Security Information and Event Management) systems and intrusion detection systems

InfoSec Processes - Incident Response

• Reacts to detected security incidents

• Follows established procedures to contain and mitigate threats

• Includes steps like isolation, eradication, and recovery

InfoSec Processes - Disaster Recovery

• Focuses on restoring systems and data after a major security incident

• Involves implementing backup and redundancy measures

• Aims to minimize downtime and data loss

InfoSec Processes - Continuous Improvement

• Reviews and learns from security incidents and near-misses

• Updates security measures based on new threats and technologies

• Involves regular security assessments and audits

List the primary purposes of InfoSec that HTB describes (name only):

1. Protecting sensitive data from unauthorized access

2. Ensuring business continuity

3. Maintaining regulatory compliance

4. Preserving brand reputation

5. Safeguarding intellectual property

6. Enabling secure digital transformation

List the 8 common categories of InfoSec tools described by HTB:

1. Firewalls

2. Intrusion Detection/Prevention Systems (IDS/IPS)

3. Security Information and Event Management (SIEM) systems

4. Vulnerability scanners

5. Penetration testing tools

6. Encryption tools

7. Access control systems

8. Security awareness training platforms

InfoSec Tools - Firewalls

Control incoming and outgoing network traffic

InfoSec Tools - Intrusion Detection/Prevention Systems (IDS/IPS)

Monitor for and block suspicious activities

InfoSec Tools - Security Information and Event Management (SIEM) systems

Collect and analyze security event data

InfoSec Tools - Vulnerability scanners

Identify potential weaknesses in systems and applications

InfoSec Tools - Penetration testing tools

Tools used to simulate attacks in order to find vulnerabilities (i.e., Metasploit, Burp Suite, John the Ripper)

InfoSec Tools - Encryption tools

• Tools which transform readable data (plaintext) into an unreadable format (ciphertext) to protect it from unauthorized access

• Protects data confidentiality and integrity

InfoSec Tools - Access control systems

Tools to manage user permissions (access levels) and user authentication

InfoSec Tools - Security awareness training platforms

Platforms used to educate users within an organization/business about security best practices as well as the org/business’s specific security protocols and procedures

Technology/Applications all Pen Testers should be familiar with:

• Linux, Windows, MacOS

• Nmap

• Wireshark

• Metasploit

• Burp Suite

• John the Ripper

Nmap

A network scanning and discovery tool used in pen testing

Wireshark

A tool used for network protocol analysis

Metasploit

An exploitation framework used by pen testers

Burp Suite

A suite of tools used by pen testers when testing web application security

John the Ripper

Password cracking tool used by pen testers

As a pen tester, you must always ensure you have ___ _____ before conducting any security tests.

Proper authorization