CY355 WPR 1

CY355 Comprehensive Study Guide

Fundamentals:

CIA Triad for security:

1. Confidentiality- ensuring that information is provided to only those people who are entitled to access that information. Includes privacy- the right of individuals to control or influence the information related to them.

2. Integrity- Data integrity- ensuring that information only changes in an appropriate way. System integrity- ensuring that a system performs its intended function free from unauthorized manipulation of the system

3. Availability- ensure that information is accessible when it is needed

Intro to Linux:

Linux: operating system that is reliable, free, and open source

The Shell:

· Shell: Exposes operating system to a user or program

· Shell scripts are collections of shell commands

o Allows for automation

· Text-based interface

· Interacts directly with low level components of OS

Parts of the System:

· Daemons à background services, manage different subsystems

· Bootloader à boots the computer

· Kernel à manages CPU, memory, and external devices

· Init system à controls the daemons

· Graphical server à displays graphics

· Desktop environment à built-in apps

· Applications

Filesystem:

· Stores files, processes, audio, etc

· Has a hierarchical filesystem

· Binary file: a file that contains a set of machine instructions

· Processes: machine instructions that are in a state of execution

· Three permission groups in Linux filesystem: User, Group, Other

· Paths are either relative or absolute

Navigation/Commands:

· cd à change directory

· pwd à print working directory

· ~ à home directory shortcut

· mkdir à make folder

· scp à secure copy

· touch à create file

· mv à move file

· cp à copy

· nano à add text

· less à view comments

· rm à delete

· sudo à switch to root user permission

· . à where you currently are

· .. à directory above you

· EX: cd../instructor (relative path)

· Man <command> à bring up manual for a command

· Ls à list the contents for a directory

· Nano <file> à open the nano text editor for a file

· / à root directory

Web Applications:

HTTP: hyper text transfer protocol

· Simple

· Extensive

· Stateless (not sessionless)

Client-server model:

· Clients send a request

o Method

o Path

o Version of HTTP

o Headers

o Body

· Servers give a response

o Version

o Status code

o Status message

o Headers

o Body

Methods:

· Get: requests information

· Post: sends information

Protocol:

o Language you are speaking

o EX: HTTP/1.1

Path:

o URL, file path

Body:

o Sends info about computer, system, network, etc.

Web server architecture:

· Abstracted into layers

· Front-end – visual, user interaction

o Apache

LAMP Stack Architecture: (Linux, Apache, MySQL, PHP)

Apache Web Server

MySQL Database

Front end ----- Linux ------- Back end

Dynamic content

HTML (Hyper Text Markup Language):

· Tagging text so your browser can display it in different formats

· Defines structure of a webpage

· Opening and closing tags

o <html> and </html>

Database Design:

Database – collection of organized information in different bite sized tables

Entity Relationship Diagrams:

· Table = entity (rows)

o Must have PK

· Attributes = traits (columns)

o Data type

o Name

o Constraints (optional)

· Relationship lines (describes min and max quantities for each direction of the relationship)

· Visualizes databases

· Cardinality: defines the type of relationship

o must have min and max

Primary key: attribute that uniquely defines every record

· Unique

· Never-changing

· Never null

Foreign key: primary key located in another place

Bridge table: gets lacking info, breaks up many to many relationships

3 factors	Relational	Non-relational
Structure	Structured data	Lots of data, changing structure
Scale factors	Vertical scaling	Horizontal scaling
Search complexity	Complex queries	Faster retrieval

Many-to-many relationships may not exist

MySQL is relational

Data model – first draft of a database design

Schema – blueprint of a database (one step further)

Intro to SQL:

SQL - Structured Query Language

· Designed for accessing databases

· Create table

· Select

· Update

Commands:

· Create a table: CREATE TABLE groceries ();

· Primary key: PK: (id INTEGER PRIMARY KEY);

· Insert data: INSERT INTO groceries VALUES(1, “bananas”, 4);

· Retrieve rows: SELECT column FROM groceries

· Select all: SELECT * FROM groceries

· Order rows in ascending order: SELECT * FROM groceries ORDER BY aisle

· Filter rows: SELECT * FROM groceries WHERE aisle > 5 ORDER BY aisle

· Delete rows: DELETE FROM

Deep web -> website hosted privately, requires sign ins

Dark web -> onion routing, encrypted network (uses Tor network)

Cyber threat intelligence -> info about threats

Queries:

GROUP BY -> groups rows of some values into summary rows

· used with aggregate functions

o COUNT ()

o MAX ()

o MIN()

o SUM()

o AVG()

o CURDATE()

HAVING -> filters groups

DROP TABLE/DROP DATABASE

Normalization: the process of organizing data in a database

First normal form: No repeating groups

Second normal form: No repeating data in a column that doesn’t depend on a primary key (usually for composite key)

Third normal form: Eliminate fields that don’t depend on a key (does it make sense to be there?)

Auto_increment: increments integer in a column, often used with PK

Relationships:

Inner join: selects records that have matching values in both tables

EX: SELECT column_name FROM table1 INNER JOIN table2 ON table1.column_name = table2.column_name

Left join: returns all records from table 1 and matching records from table 2

EX: SELECT column_name FROM table1 LEFT JOIN table2 ON table1.column_name = table2.column_name

Database Security:

SQL Injections: inject into user input

· #3 vulnerability

· What comes before my input

· What is the query doing

· Comments in MySQL - #

· Still needs to be a valid MySQL statement

1. Use # to comment everything after SELECT

2. Replace the ;

3. OR 1=1;# (into the username)

Preventing a SQL injection:

· Input sanitization: filter input characters like ;#’

· Prepared statements: never directly use user input (use dynamic content layer to only send static queries to the database that have no user supplied input)

View -> virtual table that runs a query on existing tables and creates a temporary table from the results

Cyberspace and Personas:

3 Interrelated layers:

1. Physical network:

· Physical cables and machines that are connected together

2. Logical network:

· Code execution and logic that allowed machines to talk, data to be exchanged, etc.

3. Cyber Personas:

· Digital representations of actual people

· A person could have many personas <-> a persona could be many people

Actors

Motivations

Activities

· Governments

· Criminals

· Terrorists

· Corporations

· Citizens

· NGA

· State agenda

· Business intelligence

· Terrorism

· Profit

· LOL

· Ideologies

· Personal

· Info gathering

· Ransomware

· DDOS

· Defacement

· Destruction

· Influencing

· Resource hijack

Secure Computing:

1. CIA Triad (not to use on the test)

2. Open design

a. Design of a security mechanism should be open rather than secret

b. EX: encryption, keys are secret

3. Economy of Mechanism

a. Smaller and simpler is better

4. Least Privilege

a. Every process and user should have the least set of privileges necessary to perform the task

5. Complete Mediation

a. Every access must be checked against the access control mechanism

6. Fail Safe Defaults

a. Access decisions should be based on permission rather than exclusion

b. Default = lack of access

7. Defense in Depth

a. Use of multiple overlapping protection approaches addressing people

8. Psychological Acceptability

a. Security mechanisms should not interfere unduly with the work of users, and meet the needs of those who authorize access

Build Securely:

· 1-10 bugs per KLOC (1000 lines of code)

Security Models:

Bell-LaPadula Model

· Confidentiality model

· Inflexible, formal, state transition

· Objects are labeled – Top Secret to Public

· Mandatory Access Control

· No read up, write down

Biba Integrity Model

· Ensure data integrity

· Low, Medium, High Integrity level

· Control transfer of data between integrity levels

· No WURD (write up/read down)

· Mandatory access control

Clark & Wilson Integrity Model

· Rules of 3:

o Authentication and authorization are used

o Prevents improper modifications (unauthorized cannot change)

o Internal/external consistency

· Allows validation of integrity

Brewer & Nash Model (Chinese Wall)

· Separates 2 different companies

· Mathematical theory

Graham-Denning Model

· Objects/subjects created, privileges, ownership

· Follow the 8 rules for object/subject creation and assignment of rights

Harrison-Ruzzo-Ullman Model

· Similar to Graham-Denning

· Configuration as a table or matrix

1. State-machine models

a. Describe a system as it moves between states

2. Multi-level lattice models

a. TS – S – U: Read at level and down, Write at level and up

b. Bell-LaPadula model

c. Biba model

3. Matrix-based models

4. Information flow models

a. How to move information between top secret, secret, unclassified

Simple security: no read up

* : no write down

Strong *: w/r at your level only

Risk Management:

Threat: natural or man-made circumstance that could have an adverse impact

Vulnerability: absence or weakness of a safeguard in an asset that makes a threat more likely to occur

Asset: a resource, process, product, or system that has some value to an organization and must be protected

Risk Analysis:

· Quantitative

· Qualitative

Risk assessment matrix:

1. Estimate probability of occurrence

2. Estimate expected severity

3. Determine level of risk

ALE = SLE ARO à (Single loss expectancy Annual rate of occurrence)

SLE = AV EF (asset value exposure factor)

**with a fine: SLE = (AV*EF) + Fine

Control value = ALE (no control) – ALE(with control) – Annual cost of control

Negative control value à don’t buy

Intellectual Property:

Open source licenses:

GNU General Public License – available to everyone

· Copy the software

· Distribution

· Charge a fee

· Change the codebase however

GNU lesser general public license

· Fewer rights to work

BSD License

· Fewer restrictions

MIT license

· Shortest, most used

Creative Commons:

1. Accreditation

2. Shared with CC

3. Non-commercial

4. No derivative works

Apache License:

1. Rights are never ending

2. Worldwide authority of rights

3. Rights for no fee/royalty

4. Rights are irrevocable

· Creator has right to determine how it is used and copied

· Creator can charge

Patents:

· For inventions

· Exclusive rights for 20 years

Trademark: until something becomes genericized

Trade secrets: information that has either actual or potential economic value by virtue of not being known

· Must reasonably attempt to protect it

Software licensing: all software is copyright protected

Public: open to public domain

Permissive:

Protective: never be made proprietary

Some of these licenses may be incompatible with each other

Encryption & Hashing:

Purpose of Encryption: maintain confidentiality

Trust: the confidence one element has in another that the second will behave as expected

Cryptology: collection of foreign communications and non-communications emitters and IA
Cryptanalysis: study of mathematical techniques for defeating cryptographic techniques

Cryptography: discipline that embodies the principles, means, and methods for providing information security

Non-repudiation: assurance that the sender is provided with proof of delivery and the recipient is provided with proof of sender’s identity so neither can later deny having processed the data

Cipher: any cryptographic system with arbitrary symbols or groups of symbols

1. Substitution Cipher

a. Ceasar cipher

2. Transposition Cipher

a. Scytale cipher

3. Mechanical Cipher

a. Enigma

4. Mathematical Cipher

a. Implement complex algorithms

Cryptographic algorithm: procedure for cryptographic processes

Key:

1. A message is combined with a key

2. Fed into algorithm

3. Returns encoded message

Categories of encryption:

Symmetric

Asymmetric

· Fast

· Used for large blocks of data

· Doesn’t scale well

· Both parties have the same key

· Shared key

· Public key cryptography

· Public and private key

· Mathematically linked

· Slower

· Scales to more users

· Confidentiality and non-repudiation

Certificate authorities: add extra layer to public keys

· Prove that someone’s public key actually belongs to them

PKI – public key infrastructure

Hashing algorithms: one-way mathematical functions

· Variable length input à fixed length output

· Given the output, you cannot determine input

Hashing is used to verify integrity

Collisions: two different inputs produce the same hash

Cryptographic hash functions: algorithms that have a very low probability of this happening.

Digital signatures: use asymmetric encryption and hashing to give me guarantees of integrity and non-repudiation in end-to-end data movement

S/MIME: add symmetric encryption and digital signatures to securely send email

1. Attacking the keys:

a. Brute force

i. Key logger (tracks what keys you press)

2. Attacking the algorithm:

a. Cryptanalysis

b. Chosen-plaintext attack

c. Ciphertext only

3. Attack the implementation:

a. Software and code that implements the algorithm

b. Insufficient randomness

No impact on availability

If something is encrypted using my public key, it can only been decrypted using my private key

Cyber Law and Policy:

International Humanitarian Law:

· Applies during armed conflict

· Established by treaty or custom

4 principles:

1. Humanity

2. Necessity

3. Proportionality

4. Distinction (don’t attack non-combatants)

Jus ad Bellum: when can we go to war

Jus in Bello: what to do in war

Tallinn Manual:

· Comprehensive, non-binding document

· Issues for international law as it pertains to cyber

Domestic Law:

US Cyber Authorities –

1. Title 6: Dept of Homestead

2. Title 10: Security, DoD (US forces)

3. Title 50: commands, services, agencies under DoD

a. Intelligence activities (espionage)