unit 2 and 3

2.1.1 - SOCIAL ENGINEERING

Social Engineering: threats against human factors in the technology environment

• goal: get an authorized user to give information or access to an unauthorized person

• methods: deception and trickery

• indication humans are targets:

  • recon and gaining access

• techniques of social engineering: baiting, shoulder surfing, piggybacking/tailgating, infor written in workspace, dumpster diving, pretexting, scareware

• protection against social engineering:

  1. Piggybacking → security guards/gates/turnstiles

  2. Shoulder Surfing → shield the screen or keypad

  3. Dumpster Diving→ shred discarded documents

  4. Scareware → use malware scanner

  5. Baiting

  6. Info written in workspace

  7. Pretexting - all types

  8. Phishing - all types

2.2.1 - PHISHING

Phishing: use of bogus emails and websites to trick you into supplying confidential or personal information

• a con used in a majority of cyber attacks

  • receive an email that appears to come from a reputable organization

  • email includes a link to the website

  • following the website connects to a replica of the real website → information entered can then be stolen

• how to spot a phishing email:

  • misspellings or incorrect grammar

  • The sender and email address don’t match

  • The URL doesn’t match the text of link

• types of phishing:

  • spear-phishing: email scam targeted towards a specific individual, organization, or business

  • whaling: describes an email scam targeted to high-value individuals

  • smishing: text message used for phishing (SMS)

  • vishing: phone calls or voice messages for phishing

• difference between phishing and spam: phishing targets for personal information through malicious links and generally states a “deadline” for urgency; spam is a mass email sent for unsolicited advertisements and is not urgent

2.2.2 - OSINT

OSINT tools provide a simple, powerful way to gather publicly available information about people/companies — tied to phishing

OSINT: Open Source Intelligence Tools: multi-methods methodology for collecting, analyzing, and making decisions about data accessible in publicly available sources to be used in an intelligence context

• any information gathered from free, public sources about an individual or organization

• legal access: zillow, social media, etc.

3.1.1 - SYSTEM VULNERABILITIES

Vulnerability: a security flaw, glitch, or weakness found in software code that could be exploited by an attacker

• found in technology products including operating systems, software applications, and hardware devices

CVE Database

Common Vulnerabilities and Exposure (CVE): a database of known vulnerabilities in all types of digital products

• provides: an easy way to share data about product issues, a common baseline for comparing products, and a source for ways to mitigate the impact of the vulnerability

  • mitigate: minimize the risk

• when a vulnerability is found, it is given a CVE identifier number and is added to the CVE

  • includes CVE #, details, how to mitigate, and the score of severity

Vulnerabilities Exploited

Explot: specific code or attack technique that uses a vulnerability to carry out an attack or gain unauthorized access

• vulnerability is the opening, exploit takes advantage of the opening and attacks

• code can be patched to close the vulnerability opening

  • only computers updated with the patch code with be secure

3.1.2 and 3.1.3 - SYSTEM HARDENING

Hardening: the process of limiting potential weaknesses that make systems vulnerable to cyber attacks

• solution: use benchmarks - lists of recommended configuration settings

Steps to Harden a System

• updates - automatic or managed by enterprise

  • update/patch: tweak to the OS code that will fix an issue in how it runs or compatibility with devices and applications

  • hotfix: patch for a very specific issue - not automatic

  • critical: fix bug affecting OS functionality

  • security: fixes a vulnerability in OS code to stop exploits

• Windows Defender security center items

• UAC (user account control)

  • under security and maintenance

  • BEST protection against malware

• set local security policies

  • Password Account Policies

    • Length = how many characters

    • Complexity = what characters are used

    • Age = when it needs to be reset

    • History = no reuse

  • Account Lockout Policies

    • Threshold = how many bad tries

    • Duration = how long locked out

    • Reset counter time = same as duration

  • Audit Policy - what actions you keep track of on the system

    • Who logged into the device and when?

  • User Rights Assignments - what type of user is allowed to take certain actions with the PC

    • Who can log on from Network?

    • Who can shut down the system?

  • Security Options - what restrictions are put on settings or user actions.

    • Prevent users from installing device drivers

• disable unnecessary services

Least Privilege Principle: best practice is to provide each user with the minimum system access needed to perform their necessary tasks

Backup: static snapshot of data

• 3-2-1 rule:

  • 3 copies of the data

  • 2 copies stored on different devices

  • 1 copy offsite or in the cloud

• redundancy: several copies

• system image: backup that includes operating system and configuration settings

3.2.1 - THREAT MODELING AND IOT

Threat Modeling: structured process through which we identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to protect systems or software

Internet of Things (IOT): Physical objects that are embedded with sensors, software, and other technologies, and that connect and exchange data with other devices and systems over the Internet or networks.

• aka smart devices

Four IOT Vulnerabilities:

• Nest Baby Monitor - a man accessed the baby monitor, shouted curse words and threatened parents.

• Jeep Hack - researchers we able to remotely take total control of a Jeep SUV. They could make it speed up, slow down and could steer it off the road.

• Medtronic Insulin pump - researchers proved that the remote access feature on the insulin pump can be hacked to alter the delivery of insulin. Insulin doses could be stopped or overdosed, both potentially lethal to diabetics.

• Mirai Botnet (aka Dyn attack) October 2016 - at the time this was the largest DDoS attack ever launched - almost took down the internet.

Shodan: a search engine that gathers information about all Internet-connected devices.

Securing IOT Devices:

1. Change the default username for the admin account.

2. Create a unique, strong password for the admin account.

3. DON’T connect IOT devices to the Internet unless necessary.

4. Use a firewall on your home router.

5. Try searching your IP address in Shodan.