1.0l

1.1 Compare and contrast various types of security controls.

Categories of Security Controls:

• Technical

Technical Controls are hardware or software systems specifically designed to monitor and control security (Network IDS, biometric security devices)

• Managerial

Managerial controls, oversee the information system and aid in selecting and implementing other security controls. (Risk identification tools)

• Operational

Operational controls are human centric, focusing on procedures and responsibilities to maintain the security and operations of a organization (Cybersecurity training, password policy)

• Physical

Physical controls, manage access to premises and hardware, usually more expensive compared to Technical controls. (Building access control systems, security cameras)

Control Types:

• Preventive

A preventive control physically or logically restricts unauthorized access. A system password and physical door lock are examples of preventive controls.

• Deterrent

A deterrent control may not physically or logically prevent access, but psychologically, it discourages an attacker from attempting an intrusion. A warning sign is an example of a deterrent control.

• Detective

detective control may not prevent or deter access, but it will identify and record any attempted or successful intrusion. A security camera system is an example of a detective control.

• Corrective

A corrective control responds to and fixes an incident. It may also prevent the recurrence of the incident. Antivirus software is an example of a corrective control.

• Compensating.

Compensating controls, Using other means when current ones aren't sufficient to deal with that particular security event

• Directive

Directive Control: Directive controls are designed to guide and manage the behavior of individuals within an organization. They are primarily focused on establishing policies, procedures, and guidelines that dictate the expected behaviors and measures for security. Examples of directive controls include security policies, training programs, and compliance regulations that outline acceptable use of information systems and the responsibilities of users in maintaining security.

1.2 Summarize Fundamental Security Concepts

Core Principles:

• Confidentiality, Integrity, and Availability (CIA)

  • CIA triad, ensures that data is accessible only to authorized personnel. Integrity ensures that data remains unaltered during storage and transfer. Availability guarantees that the data is always accessible.

• Non-repudiation

• Authentication, Authorization, and Accounting (AAA):

  • Authenticating people, (Contributes to the confidentiality aspect of the CIA triad by allowing only verified users to access data.)

  • Authenticating systems, refers to the process of confirming the identity of a system to ensure it's trustworthy, not dynamic.

  • Authorization models

Analysis and Trust Models:

• Gap Analysis

• Zero Trust:

  • Control Plane:

  • The control plane refers to the part of a network that carries signaling traffic and is responsible for routing. Securing the control plane is important but does not reduce the threat scope.

     

    • Adaptive identity

      • Adaptive identity relates to dynamically adjusting user access rights based on various factors, such as user behavior, to maintain security and mitigate risk.

    • Threat scope reduction

      • Threat scope reduction involves minimizing the possible attack vectors and surfaces. This process reduces the company's exposure to potential threats.

    • Policy-driven access control

      • Policy-driven access control uses policies to control access to resources. It is crucial for maintaining security but does not directly address the dynamic adjustment of access rights.

    • Policy Administrator

      • is responsible for establishing and managing access policies within an organization's IT infrastructure. This role involves defining who is granted access to specific resources and under what conditions, ensuring that security policies align with organizational objectives and compliance requirements.

    • Policy Engine

      • , includes subject and host identities and credentials, access control policies, up-to-date threat intelligence, behavioral analytics, and other results of host and network security scanning and monitoring.

    • Policy enforcement points

      • enforce decisions about whether to grant access to a requested resource or not. It is instrumental in enforcing authorization models.

  • Data Plane:

  • also known as the user plane, involves the part of a network that carries user traffic. While it is responsible for forwarding the data to its destination, the control plane decides how to route the data..

    • Implicit trust zones

    • Subject/System

    • Policy Enforcement Point

  • Control Plane, uses router tables to determine which path the data packets should take through the network, ensuring that they reach their destination efficiently and securely.

Physical Security Measures:

• Bollards

  • Can be nonobvious, seemed to be part of design

  • fixed or retraceable

  • usually short vertical posts of steel

• Access control vestibule

  • also known as a mantrap, is a small, enclosed space with two interlocking doors that regulate entry into secure areas.

• Fencing

  • Establishes a physical barrier to deter unauthorized entry and define property boundaries.

• Video surveillance

  • Utilizes cameras to monitor and record activities within and around a facility. Closed-Circuit Television (CCTV)

• Security guard

  • Trained personnel responsible for monitoring premises, verifying identities, and responding to security incidents.

• Access badge

  • Identification cards issued to authorized individuals, often embedded with magnetic stripes or RFID technology.

• Lighting

  • Strategically placed illumination enhances visibility, deterring unauthorized access and reducing the risk of accidents.

• Sensors:

  • Infrared, can detect changes in heat patterns caused by moving objects, such as a human intruder.

  • Pressure, detect unauthorized footfalls or weight changes when someone steps in a restricted area, installed under carpets or tiles in critical areas like server racks, they alert security if tampered with.

  • Microwave, emit microwave pulses and measure the reflection of a moving object.

  • Ultrasonic, sensors emit sound waves at frequencies above the range of human hearing and measure the time it takes for the waves to return after hitting an object.

Deception and Disruption Technology:

• Honeypot

  • A honeypot mimics real systems or applications as a decoy system. It allows security teams to monitor attacker activity and gather information about their tactics and tools.

     

• Honeynet

  • A network of interconnected honeypots that simulate an entire network, providing a more extensive and realistic environment for attackers to engage with.

• Honeyfile

  • fake files that appear to contain sensitive information, to bait attackers, allowing detection of attempts of access and threats of stolen data.

     

• Honeytoken

  • a honeytoken contains false credentials, login credentials, or other data types to distract attackers, trigger alerts, and provide insight into attacker activity.

  1.2 misc.

• Non-repudiation, ensures that neither party can deny the authenticity of the data

1.3 Explain the Importance of Change Management Processes and the Impact on Security

Business Processes Impacting Security Operations:

• Approval process

  • formal procedure involves evaluating and authorizing proposed changes before implementation. It ensures that changes align with organizational goals and security policies, minimizing potential risks

• Ownership

  • Refers to assigning a responsible individual or team to oversee the change process. This entity ensures all standard operating procedures (SOPs) are followed and that the change is executed as planned.

• Stakeholders

  • Individuals or groups affected by or having an interest in the change. Identifying and involving stakeholders is crucial for assessing the change's impact and ensuring successful implementation.

• Scope

  • A change control document that defines exactly what is important or covered, it can be expanded since its impossible to prepare for all outcomes.

• Impact analysis

  • assesses the potential implications of a proposed change but does not test the changes.

• Test results

  • Outcomes from testing the proposed change in a controlled environment. These results help determine the change's effectiveness and identify potential issues before full-scale implementation.

• Backout plan

  • a structured and well-documented strategy for reverting to the previous system state following updates, upgrades, or modifications

• Maintenance window

  • A scheduled period designated for implementing changes or performing system maintenance.

• Standard operating procedure (SOP)

  • define routine operations or changes and provide detailed instructions for their implementation. It aims to guarantee consistent and effective implementation of changes.

Technical Implications:

• Allow lists/deny lists

  • a list to allow certain or deny apps. A allow lists runs if its approved, restricting everything else while Deny is denys apps that are on the bad list, like a antivirus or antimalware.

• Restricted activities

  • Specific actions or operations limited or prohibited during the change process to maintain security and stability

• Downtime

  • A period of time that services become unavailable, to apply changes or update services, it scheduled during non production hours due to its disruptive nature. To combat this, some organizations have a secondary system and switches to it when theres a downtime and then upgrades the main system, then switches back, allowing users to continue operations.

• Service restart

  • Stops are restarts a service, takes seconds or minutes

• Application restart

  • Closes the application completely, and launches a new instance, in order to restart or update

• Legacy applications

  • Apps that are installed on the computer, they can be no longer supported and may be dependent on you.

• Dependencies

  • a relationship where one element relies on another for its function or completion, such a service requires another active service to run

    • Modifying may require changing or restarting other components, and can occur across systems

      • By knowing the dependencies, we can avoid unintended outages and disruptions during service restarts or downtime events and ensure that changes do not negatively impact interconnected services or applications.

      • When we understand the dependencies, we can guide the development of effective backout plans and downtime contingencies, thus preparing the organization to handle potential complications during changes.

      • By understanding the dependencies, we support the development of post-change performance monitoring to validate system functionality and promptly detect any issues that may arise after the change.

         

Documentation:

• Updating diagrams

  • updates a form of documentation to adjust to new configurations like a network or address

• Updating policies/procedures

  • updating and documenting the adjustments to polciies and procedures, like adding a new system

• Information security policy

  • A set of rules and guidelines established by an organization to protect its information assets.

• Acceptable use policy (AUP)

  • focuses on defining acceptable behavior by users regarding network and computer systems; it may not specifically address data privacy.

• Data privacy policy

  • A policy outlining customer data handling to maintain compliance with relevant laws and data privacy protection.

• Version control

  • track changes in critical documents and code, network diagrams, and configuration files, track changes in network diagrams and configuration files.

    • easily revertible to a previous setting

    • provides many opportunities to manage versions, like router configurations, os patches and registry entries

    • not always straight up, might require a additional management software

1.4 Explain the Importance of Using Appropriate Cryptographic Solutions

Cryptographic Components:

• Public Key Infrastructure (PKI):

  • Refers to policies, procedures, hardware, software and people that are responsible to creating distributing managing and storing digital certificates, it is the framework that establishes trust in using public key cryptography to sign and encrypt messages via digital signatures.

    • Public key

      • A key that encrypts information, and can be seen by anyone, it cannot be used to reverse engineer the other key.

    • Private key

      • paired with a public key; the private key must remain secret to maintain security, as it enables access to encrypted information and the ability to sign digital transactions.

    • Key escrow

      • A third party holds the decryption key, making decryption convenient in a large scale organization or project, to maintain uptime and availability of the organizations data.

• Encryption Levels:

  • Protecting data at rest or on data on storage devices

    • Full-disk

      • Like Bit locker (Windows) or Fail Evault (Mac)

    • Partition

      • a division of a computer's storage space into isolated sections. Each partition can function as a separate disk drive, allowing for organized data management, improved performance, and the ability to run multiple operating systems on the same hardware.

    • File

      • EFS (built in windows, NFTS)

    • Volume

    • Database

      • protecting stored data and transmission data

      • Can have transparent encryption, using a symetric data

      • Record Level Encryption,

    • Record

      • A collection of related data fields treated as a single unit. In databases, a record represents a complete set of information, such as a customer's details, and is composed of individual fields like name, address, and contact number.

• Encryption Types:

  • Transport/communication

    • Protecting Data traversing the network, like HTTPS to browse the network, or VPN to encrypt all data over network

  • Asymmetric

    • Encrypting an Decrypting with two or more mathematically related keys (made at the same time), there is a private key and the public key. private keys is the only key that can decrypt data encrypted with the public key (You cant reverse engineer a private key from a public, the public key encrypts the information, but cant be deciphered unless it uses a private key)

  • Symmetric

    • a Single shared ley that encrypts and decrypts with the same key, if it gets out, you need another key. It doesn’t scale very well and its challenging to distribute but its fast to use and can be combined with asymmetric encryption

  • Key exchange

    • enables two parties to securely share cryptographic keys over an untrusted network, ensuring that only they can access the encrypted information., Like Diffie-Hellman Key Exchange or RSA (Rivest–Shamir–Adleman): An asymmetric algorithm that enables secure data transmission

  • Key generation

    • Builds both the public and private key, with randomization and large numbers, uses a lot of math.

  • Hybrid Encryption

    • combines the benefits of both symmetric and asymmetric encryption, but it may introduce additional complexity without offering significant advantages for large data transmission.

• Key Attributes:

  • Encryption Algorithms

    • A specific way to Encrypt and decrypt information, from AES to DES, there are different algorithms to hide data and different wats. Both sides need compatible methods to communicate withe ach other

  • Cryptographic keys

    • There is very little that ISNT known about cryptographic processes, it is a known entity and the only thing that’s unknown is a users private key. The key also determines the output, like the data, hash value or digital signature.

  • Key length

    • Larger keys tend to be more secure, the longer the key the more resistant to brute forces, for an example, symmetric keys are resistant when its 128 bit or larger. OR asymmetric keys, can be resistant above 3072 bits or larger.

Cryptographic Tools:

• Trusted Platform Module (TPM)

  • a cryptoprocessor implemented as a module within the CPU on a computer or mobile device.

• Hardware Security Module (HSM)

  • a cryptoproccessor that implements hardware through a removable or dedicated form factor, such as plug-in peripheral component interconnect express (PCIe) adaptor cards

• Key management system

  • is crucial for managing cryptographic keys, but it does not offer the same level of security as a secure enclave for executing sensitive operations and protecting critical data.

• Secure enclave

  • enhances security by providing an isolated environment for executing sensitive operations and protecting critical data, t achieves trusted code isolation and prevention of unauthorized access through hardware or software mechanisms

Obfuscation Techniques:

• Steganography

  • a user embeds information, such as a document, within an unexpected source, such as a message hidden in a picture, to guise its true appearance.

• Tokenization

  • replacing all or part of the value of a database field with a randomly generated token, to hide the original, however, the original is maintained on a separate server

• Data masking

  • redacts all or part of the contents of a database field by substituting the string, such as using "x" in its place.

Security Practices:

• Hashing

  • The process of converting input data of any size into a fixed-size string of characters, typically a hash code. Hashing ensures data integrity by producing a unique hash for unique data; even a slight change in the input alters the hash significantly.

• Salting

  • adds random data to a password before hashing, enhancing password security. a cryptography hash method where the user hashes data used for something like a password, and the system cannot decrypt it back to the plaintext password that generated it.

• Digital signatures

  • Cryptographic mechanisms that verify the authenticity and integrity of a message, document, or software. A digital signature uses the sender's private key to create a unique signature on the hashed message, which can be verified by others using the sender's public key.

• Key stretching

  • A technique used to enhance the security of weak or short cryptographic keys, such as passwords. Key stretching algorithms, like PBKDF2 or bcrypt, apply computationally intensive processes to the original key, producing a more secure, extended key that is harder for attackers to crack.

Emerging Technologies:

• Blockchain

  • A decentralized, distributed ledger technology that records transactions across multiple computers. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data, forming a chain.

• Open public ledger

  • A transparent and accessible digital record of transactions, often associated with blockchain technology. It allows anyone to view all transactions, promoting transparency and trust.

Certificates:

• Certificate authorities

  • actively verify the authenticity and integrity of the certificates they issue, ensuring trust in secure communication. they concentrate on the tasks of certificate issuance and verification.

     

• Certificate revocation lists (CRLs)

  • provides a summation of all revoked and suspended certificates and must be accessible to anyone relying on the validity of the certificate authority's certificates.

• Online Certificate Status Protocol (OCSP)

  • a protocol that verifies the validity of these certificates.

• Self-signed certificates

  • they can provide encryption, but they lack the trust and validation provided by reputable certificate authorities. authenticated by a individual with no involvement of a third party

• Third-party certificates

  • are created, signed, and issued by a certificate authority

• Certificate signing request (CSR) generation

  • s a block of encoded text submitted to a Certificate Authority (CA) when applying for a digital certificate. It contains information that the CA uses to create your certificate, including your public key and identifying details such as your organization's name and domai\

• Root of trust

  • establishes trust in digital certificate

• Wildcard certificates

  • A wildcard SSL certificate is a single SSL/TLS certificate that can provide significant time and cost savings, particularly for small businesses. The certificate includes a wildcard character (*) in the domain name field, and can secure multiple subdomains of the primary domain. the company can secure all subdomains under a single certificate, ensuring efficient management and reducing administrative overhead. Wildcard certificates streamline the certificate deployment process and simplify ongoing maintenance tasks, leading to improved operational efficiency