Sec+ 01-03 Identify System Security for Network Vulnerabilities

Security+ 401 Domain Overview

Identify System Security for Network Vulnerabilities

Chapter 1: Introduction to Security

Chapter 2: Malware and Social Engineering Attacks

Chapter 3: Application and Networking-Based Attacks

Objectives of Security Framework

• Define information security and its importance: Ensures confidentiality, integrity, and availability of data. Protects organizations from data breaches and loss of sensitive information.

• Identify common types of attackers: Hackers, cybercriminals, insider threats, etc. Each group employs different methods and tactics based on their objectives.

• List the basic steps of an attack: Includes planning (reconnaissance), execution (delivery, exploitation), and aftermath (installation and command).

• Describe the five basic principles of defense: This includes Layering, Limiting, Diversity, Obscurity, and Simplicity; an integrated approach to create a stronger overall security posture.

Malware and Social Engineering Attacks

Differences between Virus and Worm

• Virus: Malicious code that attaches to files, spreads when infected files are shared. Needs a host program, can be activated by users unknowingly.

• Worm: Self-replicating malware that spreads across networks, does not need a host program. Can spread independently through network vulnerabilities.

Types of Concealing Malware

• Examples:

  • Trojans (pretend to be legitimate software)

  • rootkits (hide the presence of others)

  • logic bombs (triggered by a specific event).

Malware Designed for Profits

• spyware (tracks user activities)

• adware (displays unwanted ads)

• ransomware (holds data hostage)

• backdoors (bypass security measures).

Types of Social Engineering Attacks

• Psychological manipulation to trick users. Includes tactics that exploit human psyche such as flattery, urgency, or fear.

• Physical Social Engineering, involves tactics like impersonation and tailgating (gaining unauthorized access through people).

Application and Networking-Based Attacks

Web Application Attacks

• Client-side attacks: Target vulnerabilities in web applications (e.g., Cross-Site Scripting - XSS).

• Buffer Overflow Attacks: Exploits software's memory limits leading to crashes or unintended code execution.

Types of DoS Attacks

• Flood the victim's resources. Distributed Denial of Service (DDoS) attacks utilize multiple systems to overwhelm a target.

• Interception and Poisoning Attacks: Includes Man-in-the-Middle (MitM) attacks that intercept communications, ARP Poisoning that manipulates network traffic.

Challenges of Securing Information

• Overview of Security in the 21st Century: Complexity and sophistication of attacks increase, with diverse tactics used by attackers.

• Potential Vulnerabilities: Unpatched software represent significant weaknesses in an organization’s security posture.

• The Rise of Smartphones as Targets: As mobile devices proliferate, they become prime targets for malware and phishing attacks.

Importance of Information Security

• Legal Consequences: Laws protecting electronic data include HIPAA (healthcare), Sarbanes-Oxley (financial data), and GLBA (consumer privacy).

• Maintaining Productivity: Cyber attacks result in costly downtime and distract from core business activities.

Preventing Cyberterrorism

• Specific Targets: Focus is placed on vital sectors: Banking, military, municipal services, and critical infrastructure which can have enormous consequences if attacked.

Categories of Attackers

• Types:

  • Hackers: Black hat (criminal) vs. white hat (ethical).

  • Script Kiddies: Unskilled users who use existing tools.

  • Insider Threats: Employees with access who may cause security breaches.

  • Cybercriminals: Organized groups pursuing financial gain.

  • Cyberterrorists: Motivated by ideology, impacting national security.

  • Brokers: Individuals who discover and sell vulnerabilities to the highest bidder.

Steps of an Attack (Cyber Kill Chain)

1. Reconnaissance: Gathering information about the target (surveillance).

2. Weaponization: Creating the exploit (pairing payload with delivery method).

3. Delivery: Sending the exploit via mechanisms like phishing emails or infected USB drives.

4. Exploitation: Executing the attack on the target system (e.g., running malicious code).

5. Installation: Establishing a backdoor for continued access (malware installation).

6. Command and Control: Attacker communicates with the compromised system (server communication).

7. Actions on Objective: Attacker carries out the goal of the attack (data exfiltration, destruction).

Fundamental Security Principles for Defense

• Layering: Use multiple defense mechanisms to create a resilient security posture.

• Limiting: Restrict access to sensitive information and resources to reduce risks.

• Diversity: Vary security measures to particularly complicate an attacker's work.

• Obscurity: Keep system details hidden from potential attackers to reduce the attack surface.

• Simplicity: Design user interfaces that enhance legitimate user experience while complicating attacker interactions.

Types of Malware

Malware Types

• Oligomorphic, polymorphic, and metamorphic malware: Designed to evade detection and analysis.

• Viruses: Self-replicating code. Can propagate by attaching to files.

• Worms: Exploit vulnerabilities or use social engineering for propagation.

• Trojans: Disguised as legitimate software but perform malicious actions.

• Rootkits: Designed to hide their presence and maintain persistent access.

Steps to Mitigate Risk and Protect Information

Risk Management Options

• Strategies to manage cyber risks:

  • Avoidance

  • Acceptance

  • Mitigation

  • Deterrence

  • Transference

• Data Theft Prevention: Focused on protecting personal and business information effectively.

Social Engineering Tactics

Common Techniques

• Flattery: Eliciting trust and compliance through praise.

• Impersonation: Pretending to be someone else to gain access or sensitive information.

• Phishing: Using deceptive emails to steal credentials.

• Dumpster Diving: Searching for sensitive information in discarded materials.

Psychological Tactics

• Exploit victims' trust and emotional responses to gain compliance and extract sensitive information.

Summary of Key Concepts

• Malware Overview: Acts as a means to breach systems and protect against unauthorized access.

• Social Engineering Approach: Relies on human interactions and psychological aspects to exploit.

• Application and Network Attacks: Target vulnerabilities to gain access to sensitive systems and information.

• Emergence of New Threats: Adaptation by cybercriminals and evolution of attack methodologies.