CompTIA Net+ Chapter 9 - Explaining Network Security Concepts

CompTIA Net+ Chapter 9

CIA Trad

• Confidentiality

• Integrity

• Availability

Confidentiality

Means that certain information should only be known to certain people.

Integrity

Means that the data is stored and transferred as intended and that any modification is authorized.

Availability

Means that information is accessible to those authorized to view or modify it.

Vulnerability

A weakness that could be accidently triggered or intentionally exploited to cause a security breach

Threat

The potential for someone or something to exploit a vulnerability and breach security.

Risk

The likelihood and impact of a threat actor exercising a vulnerability.

Risk Management

Process for identifying, assessing, and mitigating vulnerabilities and threats to the essential function that a business must perform to serve its customers.

Risk Assessment

A subset of risk management where the company’s systems and procedures are audited for risk factors.

Business Impact Analysis

Process of assessing what losses might occur for a range of threat scenarios.

Regulatory Compliance

Imposes externally determined requirements on companies in certain industries or when processing certain types of data.

Personally Identifiable Information (PII)

Data that can be used to identify, contact, locate, or describe an individual

General Data Protection Regulation (GDPR)

Europe’s privacy legislation

Data Sovereignty

Refers to a jurisdiction preventing or restricting processing and storage from taking place on systems that do not physically reside within that jurisdiction.

There are two main types of cryptographic cipher or algorithm:

• Encryption Algorithm

• Cryptographic Hash Algorithm

Encryption Algorithm

• Converts a human-readable plaintext into a ciphertext.

• A ciphertext must be decrypted using a key linked to the initial encryption process before it can be read.

• This makes data confidential, so long as the key is only available to authorized persons.

Cryptographic Hash Algorithm

• Converts a variable length string into a fixed-length hash.

• This hash cannot be converted back to a plaintext.

• This can prove the integrity of data (verifying that it has not been modified). It is also used for password storage and in other authentication solutions.

Data can be described as being in one of three states:

• Data at Rest

• Data in Transit (or data in motion)

• Data in Use (or data in processing)

Data at Rest

The state in which data is in some sort of persistent storage media.

Data in Transit

The state in which data is transmitted over a network

Data in Use

The state in which data is present in volatile memory, such as system RAM or CPU registers and cache.

Exploit

Specific code or method of using a vulnerability to gain control of a system or damage it in some way.

Zero-Day Vulnerabilitiy

A vulnerability that is exploited before the developer knows about it or can release a patch

Vulnerability Assessment

Evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system.

Honeypot

A decoy computer system designed to attract attackers.

The outputs from the primary research undertaken by security solutions providers and academics can take three main forms:

• Behavioral Threat Research

• Reputational Threat Intelligence

• Threat Data

Behavioral Threat Research

Narrative commentary describing examples of attacks and TTPs gathered through primary research sources.

Reputational Threat Intelligence

Lists of IP addresses and domains associated with malicious behavior, plus signatures of known file-based malware.

Threat Data

Computer data that can correlate events observed on a customer's own networks and logs with known TTP and threat actor indicators.

Enumeration

Information gathering attacks

Footprinting

Allows a threat actor to discover he topology and general configuration of the network and security systems.

Fingerprinting

Allows a threat actor to identify device and OS types/versions.

Spoofing

Include any type of attack where the threat actor disguises their identity, or in which the source of network information is forged to appear legitimate.

Denial of Service (DoS)

Causes a service at a given host to fail or to become unavailable to legit users.

Distributed DoS (DDoS)

Attack that is launched simultaneously by multiple hosts.

Botnet

Group of compromised hosts that can be used to launch DDoS and DRDoS attacks.

Malware

Software that does something bad

The following categories describe some types of malware according to vector:

• Viruses and worms

• Trojan

• PUPs/PUAs

Viruses and Worms

These represent some of the first types of malware and spread without any authorization from the user by being concealed within the executable code of another process. Viruses infect files, while worms can infect processes running in system memory.

Trojan

Malware concealed within an installer package for software that appears to be legitimate. This type of malware does not seek any type of consent for installation and is actively designed to operate secretly.

PUPs/PUAs

Software installed alongside a package selected by the user or perhaps bundled with a new computer system. Unlike a Trojan, the presence of a PUP is not automatically regarded as malicious. It may have been installed without active consent or consent from a purposefully confusing license agreement. This type of software is sometimes described as grayware rather than malware.

On-Path Attack

Specific type of spoofing attack where a threat actor compromises the connection between two hosts and transparently intercepts and relays all communications between them.

ARP Spoofing

Works by broadcasting unsolicited ARP reply packets, with the source address that spoofs a legitimate host or router interface.

MAC Flooding

• Used to attack the switch

• Intention is that the attacker is to exhaust the memory used to store the switch’s MAC address table

• Overwhelming the table can cause the switch to stop trying to apply MAC-based forwarding and flood unicast traffic out of all ports, working as a hub.

VLAN Hopping

• Designed to send traffic to a VLAN other than the one the host system is in.

• This exploits the default VLAN feature of 802.1Q

• Uses a device placed in the default LAN

• Crafts a frame with two VLAN tag headers

• The first trunk switch to inspect the frame strips the first header, and the frame gets forwarded to the target VLAN.

Rogue Device

A device or service on your network that isn’t under administrative control

DNS Attacks

Exploits vulnerabilities in the DNS to disrupt internet traffic, redirect users to malicious sites, or steal data, often involving techniques like hijacking, poisoning, or DDoS attacks.

DNS Server Cache Poisoning

Aims to corrupt the records held by the DNS server itself

Phishing Attacks

• Combination of social engineering and spoofing

• Persuades or tricks the target into interacting with a malicious resource disguised as a trusted one, traditionally using email as the vector

Should Surfing Attack

Where a threat actor can learn important information by watching the user type it

Tailgating

Is a means of entering a secure area without authorization by following closely behind the person that has been allowed to open the door or checkpoint.

Piggybacking

Where an attacker enters a secure area with an employee’s permission

Dumpster Diving Attack

Refers to combing through an organization’s (or individual’s) garbage to try to find useful documents

Password cracking software uses various methods to work out the plaintext password string from a cryptographic hash:

• Dictionary

• Brute Force

Dictionary

• The software matches the hash to those produced by ordinary words found in a dictionary.

• This could also include information such as user and company names, pet names, or any other data that people might naively use as passwords.

Brute Force

• The software tries to match the hash against one of every possible combination it could be. If the password is short (under eight characters) and non-complex (using only letters, for instance), a password might be cracked in minutes.

• Longer and more complex passwords increase the amount of time the attack takes to run.