CyberNotes 2024
Chapter 6
Authorization-least privilege least amount of access
Logs
Audit-sign-in/sign-out
Entry (room access)
Modifications
Camera /cctv
Two Types of Access Controls
Physical-Controls entry into buildings parking lots and protected areas
Logical-controls access to computer system or network
Access Control identifications
Subject- who/people/groups/individuals
Object-what
Create
Read
Update
Delete
CRUD
DAC- Discretionary: individual gets to choose
MAC-Mandatory: gov’t security clearance
RBAC-Rule/Role Based: rules/roles that are identified
OS and applications can have access controls
Linux and Windows have different options for access controls
Linux has less options while Windows has more
Linux
Owner
Read
Write
Execute
Windows
Modify
Read and execute
Read
Write
Special permissions
Cloud Computing
Private-All components are managed by a single organization
Community-one organization manages it and then there's community of clouds that work together
Public- available for public use
Hybrid-Multiple types of cloud computing in one
Common Cloud services
Infrastructure as a Service IaaS
Hardware Servers, OS
Platform as a Service PaaS
Only has a specific platform where applications can be developed
Software as a Service SaaS
Software used in a cloud
Advantages and Disadvantages of Cloud Computings
Advantages
No data center
No need to maintain a disaster recovery site
Outsourced responsibility for performance and connectivity
On demand provisions
Disadvantages
Chapter 7
Explain how businesses apply cryptography in maintaining information security.
Key Concepts
Basics of cryptography
Business applications of cryptography
Symmetric and asymmetric key cryptography, and hash functions
Encryption mechanisms and techniques
Certificate and key management
What is cryptography??
Plaintext- Unencrypted text/Information that is clear to read
username,pw,file,commands
Ciphertext- Encrypted plaintext
Encryption- The process of scrambling plaintext into ciphertext
Decryptions-The process of unscrambling ciphertext into plaintext
Algorithm- Steps to encrypt plaintext
Cypher-How one is going to encrypt or decrypt (What algorithm will be used)
Hash- Useful for protecting data from unauthorized changes
Encryption cipher categories:
Those that use the same key to encrypt and decrypt are private (symmetric) key ciphers
Those that use different keys to encrypt and decrypt are public (asymmetric) key ciphers
GOAL of Cryptography- To make sure that the decryption process is very long so the decryptor questions the value of the plain text :)
Cryptography’s CIA+N:
Confidentiality
Keeps information secret from unauthorized users
Integrity
Ensures that no one, even the sender, changes information after transmitting it
Authentication
Confirms the identity of an entity
Nonrepudiation
Enables you to prevent a party from denying a previous statement or action
Sub Cipher
11/18/24
Review
Plaintext→Ciphertext=Encryption
Ciphertext→Plaintext=Decryption
How to encrypt→ Cipher is an algorithm
Caesar Cipher→ shift p+3=s
Substitution→ change letter substitute for another (changes letters)
Transposition cipher- Change position of characters (does not change letters)
If a cipher has the same key for the encryption AND decryption it is symmetric
Can be broken into by brute force (using every shift)
If a cipher does not have the same key for encryption and decryption it is asymmetric
Private Key- Key only known by one person
Key Exchange Problem- How to safely share the public key?
Sender uses public key to encrypt message
Receiver uses private key to decrypt message
Key Exchange- The process of sharing a public key
RSA- Uses large prime #s generate public/private keys
Certificate Authority-Group that holds the keys and validates them to ensure they are correct
Chapter 8
Malware targets ALL parts of the CIA triad (Confidentiality, Integrity, Availability)
Types of malware
Virus(Human Spread)
Trojan Horse(Pretends to be good but its bad )
Spam (Email Message)
Worms (Spreads through network)
Active Content Vulnerability (Attacks the active directory/address of website)
Malicious Add-ons (Extensions)
Injection (Adding malicious code)
Botnets (Designed for specific task,whole network of bots)
Phishing (fake email)
Spyware (Spies on you)
Denial of service (Preventing access ex:Flooding server)
Adware ( Website, email advertisements)
Keystroke Loggers (memorizes keystroke software OR hardware)
Hoaxes and myths
Homepage hijacking (Takes over webpage)
Website defacements (Same thing as hp hijacking)
Viruses
System Infectors
Targets device hardware
File Infectors
Targets executable hardware
Data Infectors
Macro Virus
Infected document attachment arrives in email message
Through that someone can put in a virus. Infection spread to other document in the internal document folder
Polymorphic Virus
Cleartext encryption routine may change for each replication of code
Slow Virus
Infects memory makes computer go sssssllllllooooooowwwwwww
Rootkits
Malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised. VERY difficult to detect and get rid of.
Modifies parts of OS to conceal traces of their presence
Rootkit is on another level than a virus
Ransomware
Makes data inaccessible by encrypting it. Won’t be accessible until they pay of the money.
Spam
Consumes computing resources bandwidth and CPU
Diverts IT personal form activities more critical to work security
Worms
Self Containing will propagate from one host to another using network protocols.
SMTP- Simple Mail Transfer Protocol
Trojan Horse
Looks good on the outside bad on the inside
SOCIAL ENGINEERING
Logic Bombs
A program that execute a malicious function of some kind when they detect certain conditions
Conditional, insider threat
Active Content Vulnerabilities
Dynamic
CSS, javascript, java, reactors
Injection
SQL Injections
Executes commands and damages databases
Able to make attackers read all data
add/remove/change data
Drop Table-able to remove tables that have data on it.
XSS- Cross site scripting
Botnets
Robotically controlled networks
DOS
Denial of service attacks
Flooding attack
DDos- distributed
SYN-Sychornized Flood Attack
Smurf attack
KMP-caused by ping command ping IP address
Spyware
Collects user browsing data
Adware
Pop-up ads
Phishing-Tricks users into thinking they are something they are not
Spear phishing-legitimate
Whaling-big fish
Pharming- social engineering username passwords
Keylogger-logs keystrokes
Spam- availability
Key logger -confidentiality
Worm- integrity, confidentiality
Injection- availability
Ransomware- availability,confidentiality
Malicious add on-integrity, confidentiality
Recon and Probing-OSINT
Active passive
Gain Access- Get in
Maintain Access- keep
Cover your tracks- make it seem you weren’t there
Applications defenses
AUP
Outlines acceptable use of networks/devices
Personal Use
Pop up blockers used
Vpn turned off
Implementing Anti-virus
Require scanning of all removable data
Instaling firewall
Scan email attachments
Stuxnet Notes
Worm
US and Israel have not admitted to sending Stuxnet
Used in the 1st cyber attack that caused physical damage
US and Israel built it to slow down Iran from creating weapons
Got loose and spread around computers in contries
Stuxnet sent fake information to make sure the people didn’t know they were hacked
Targeted hardware suppliers which allowed it to make it’s way into the nuclear facility
The facility was cut of from the internet and underground
Everyone is vulnerable to cyber attacks
No consensus on what the cyber laws should be
Countries built up their cyber attacks
2007 natant enrichment
100s of uranium enrichment exploded
US provided for Iran so they could build a nuclear reactor
Ayatollah created a place where they could create nuclear weapons
Russia,china,Pakistan
Join de esclation plan 2015
Olympic Games Stuxnet
Penetrate the networks of Iran
Sabotage the nuclear facilities to disrupt their capabilities and deter potential threats.
Sabotaged the process of using U-235
Stuxnet first was dormant, monitoring the systems then was able to replicate their systems so it would look normal while they were hacked
Designed to never attack the same way twice
US and Israel had two way access
Lasted 4 years
Only was harmful to Iranian nuclear hardware+
Virus-not network replicating infects a file
Worm-network replicating (infects a host NO USER)
spyware-tries to obtain personal information (PII)
adware-advisement
logic bombs-logic condition causes the malware
injection- Puts in malicious code or statements as input (input validation)
HASH
HASH: A function that converts an input (or 'message') into a fixed-size string of bytes, typically for data integrity verification.
An algorithm with a purpose to take an amount of text run it through a function and receive a string of text
used to verify if a text or file has been changed
Digital signature=
Plaintext+hash
+privatekey
802.11
WEP-OLD INSECURE
WPA,WPA2,WPA3 are commonly used today
WPA2 most used
WPA3 most secure
WPA the worst one
Secure Socket Layer-SSL
Key
CVE
Common Vulnerabilities and Exposures (CVE)
CHAPTER 9
Security Operations and Administration
SOC-Security Operations Center
Careers under SOC
Analyst
Engineer
Developers
Compliance
Making sure you’re following all the different laws
Managed SOC-
The security administration team
SOC
MANY TVS
No windows
Outsourcing
Bigger companies that pay smaller companies to be their security team
SLA-Uptime, response time
BPA-Purchase vendor
MOU-Memorandum of understanding (Documented agreement between known groups)
ISA-Co hired for cybersecurity
Ethics
Personnel Security Principles
Limiting Access
Separation of duties
Job rotation
Making sure everyone knows what each job does by rotating them.
mandatory vacations
Burn out happens
security training
security awareness
social engineering
Secure Software Development Live Cycle
SSDLC
A process for planning and maintaining systems that have already been around for a while since security threats are common in today’s society