D430 Flashcards
Fundamentals of Information Security - D430
Software development vulnerabilities
(6)
- Authentication attacks
- Authorization attacks
- Buffer overflows
- Cryptographic attack
- Input validation attacks
- Race conditions
Incident response cycle
1- preparation
2- detection and analysis
3- containment
4- eradication
5- recovery
6- post incident activity
Types of attacks [4]
- Interception: Unauthorized capturing of data, such as eavesdropping on network traffic.
- Interruption: Disruption of services or communication, leading to loss of availability, such as in a Denial of Service (DoS) attack.
- Modification: Unauthorized alteration of data, which can affect data integrity.
- Fabrication: Creation of fictitious data or transactions, leading to unauthorized insertion of data into systems.
Together, they represent a broad spectrum of security threats that can compromise the confidentiality, integrity, and availability of information systems.
Identification of critical information
1st step in the OPSEC process, arguably the most important: to identify the assets that most need protection and will cause us the most harm if exposed
What step is analysis of vulnerabilities?
3rd step in the OPSEC process: to look at the weaknesses that can be used to harm us
DES
(Encryption)
Data Encryption Standard (DES). While DES was once widely used and considered secure, advancements in computing power made its 56-bit key vulnerable to brute-force attacks. As a result, DES is now considered obsolete, and more robust encryption algorithms like AES are recommended for secure communication.
Risk Mamagement Steps
(5)
A constant process as assets are purchased, used and retired. The general steps are
1- identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
Pretexting
a form of social engineering in which one individual lies to obtain confidential data about another individual
exploit framework
A group of tools that can include network mapping tools, sniffers, and exploits
man-in-the-middle attack
a hacker placing himself between a client and a host to intercept communications between them
Executable Space Protection
A hardware and software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code.
Acceptability
A measure of how acceptable the particular characteristic is to the users of the system
uniqueness
In cybersecurity, “uniqueness” refers to the quality of being distinct or one-of-a-kind within a specific context or system.
Cryptographic attacks
a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme
Rule-Based Access Control
A model that is based off of allowing or denying access based on a set of predetermined rules
Packet sniffers
A network or protocol analyzer, is a tool that can intercept traffic on a network, commonly referred to as sniffing. Sniffing basically amounts to listening for any traffic that the network interface of our computer or device can see, whether it was intended to be received by us or not. Some examples might be Wireshark (GUI) or Tcpdump (command-line tool)
Nmap
A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner. (Network mapper)
Clean desk
A policy designed to ensure that all confidential or sensitive materials are removed from a user’s workspace and secured when the items are not in use or an employee leaves her workspace.
VPN (Virtual Private Network)
A private network that is configured within a public network such as the Internet. A secure connection between two systems
packet filtering
a process in which firewalls are configured so that they filter out packets sent to specific logical ports
Operations Security
A process that we use to protect our information (encryption) OPSEC
Performance
A set of metrics that judge how well a given system functions
IPSEC
Internet Protocol security
A set of protocols developed to support the secure exchange of packets between hosts or networks.
sandbox
A set of resources devoted to a program, process, or similar entity, outside of which the entity cannot operate
AES
How many cyphers does it use? endorse by through?
A set of symmetrical block ciphers endorsed by the us government through NIST . Is used by a variety of organizations. It is the replacement for DES as the standard encryption for us government . Uses 3 different ciphers one a 128 bit key one 192-bit key and one 256- bit key
Caesar cipher
A substitution cipher that shifts characters a certain number of positions in the alphabet usually 3 .
ROT13
A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces.
Firewalls
A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use. It naturally creates network segmentation when installed
Host Intrusion Detection System (HIDS)
A system used to analyze the activities on or directed at the network interface of a particular host
hping3
A tool used to test the security of firewalls and map network topology.
- constructs specially crafted ICMP packets to evade measures to hide devices behind firewall
- scripting functionality to test firewall/IDS
Authorization attack
An authorization attack is a cybersecurity threat that exploits vulnerabilities in the application’s authorization processes. This type of attack occurs when an application’s authorization mechanisms are not properly implemented or adhere to best practices, allowing attackers to gain unauthorized access to system functions, data, or resources they should not have access to.
Confused deputy problem
A type of attack that is more common in systems that use ACLs rather than capabilities; when software has greater permissions than user, the user can trick the software into misusing authority
ECC
cyber security
Elliptic Curve Cryptography (ECC) is a method for encrypting data and securing digital communications using the mathematics of elliptic curves. It offers high security with smaller key sizes compared to traditional systems like RSA, making it efficient for use in environments with limited resources.
Race conditions
A type of software development vulnerability that occurs when multiple processes or multiple threads within a process control or share access to a particular resource, and the correct handling of that resource depends on the proper ordering or timing of transactions
Wireshark
A widely used packet analyzer, network protocol analyzer, used for network troubleshooting, analysis, software and protocol development, and education.
Netstumbler
A Windows tool used to detect wireless access points. Does not have as full feature set as kismet
Network ACLs
Network Access Control Lists (ACLs) are a security measure used within a network to control the flow of traffic. Access controlled by the identifiers we use for network transactions such as ip address, MAC address and ports
Brewer and Nash model
aka Chinese Wall; Access control model designed to prevent conflicts of interest. Commonly used in industries such as financial
Confidential
Allowing only those authorized to access the data requested
Read
Allowing us to access the contents of a file or directory
authenticity
Allows us to talk about the proper attribution as to the owner or creator of the data in question
Clickjacking Attack
also calles UI redress attack; typically uses an inline frame, or iframe.
In a clickjacking attack, an attacker wraps a trusted page in an iframe that places transparent image over legitimate links, graphics or form fields. Causes client to execute a command differing from what they think they are performing
Symmetric Cryptography
Also known as private key. Utilizes a single key for both encryption of plain text and decryption of the cipher text
Discretionary Access Control (DAC)
[access control model]
an access control model in which the subject has total control over any object that the subject owns along with the programs that are associated with those objects
Role-Based Access Control (RBAC)
An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization
Privilege Escalation
An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.
Phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
Clickjacking
An attack that tricks users into clicking something other than what they think they’re clicking.
XSRF
cross-site request forgery (XSRF)
An attack that uses the user’s Web browser settings to impersonate the user.
Dual-factor authentication
An authentication method that includes multiple methods for a single authentication transaction. Often referred to as “something you have and something you know,” when the factors include a device such as a smart card and a secret such as a password or PIN.
Digital signature
an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender
Stream Cipher
An encryption method that encrypts data as a stream of bits or bytes. One bit at a time.
Block Cipher
specify size
An encryption method that encrypts data in fixed-side blocks. Block size is 64 bits .
Anomaly-based detection
Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average
Mobile devices
Any device that communicate via a wireless network
Threat
Any event being man-made, natural or environmental that could damage the assets
The * property
Purpose: The Star Property is designed to maintain the confidentiality of information within the system.
Function: It restricts the ability of a subject to write information to a higher security level than the subject’s own level. This is known as “no write up.”
Objective: The primary aim is to prevent the flow of information from lower to higher security levels, ensuring that sensitive information is not inadvertently or maliciously leaked to levels that should not have access to it.
Simple Integrity Axiom (no write down, or “integrity property”)
Anti-malware tools
applications detect threats in the same way as an IDS either by matching against a signature or by detecting anomalous activities taking place.
Software tokens
Applications that generate OTP
Deep Packet Inspection Firewall
Are capable of analyzing the actual content of the traffic that is flowing through them. Can resemble the contents of the traffic to look at what will be delivered to the application that it is destined for.
Multilevel Access Control
Multilevel Access Control (MAC) is a security mechanism that classifies users and data into different levels of security. It restricts access to information based on the clearance level of users and the classification of the information, ensuring that users can access only the data for which they have authorization, thereby enhancing data security. They are used where the simpler access control models that we just discussed are considered to not be robust enough to protect the information to which we are controlling access. Such access controls are used extensively by military and government organizations, or those that often handle data of a very sensitive nature. We might see multilevel security models used to protect a variety of data, from nuclear secrets to protected health information (PHI).
RAID
RAID (Redundant Array of Inexpensive Disks) is a technology used to protect against data loss due to hardware failures in individual disks. It involves configuring multiple disks in various setups to provide redundancy and improve data reliability. Additionally, data can be replicated from one machine to another over a network or backed up onto media such as DVDs or magnetic tapes for added security.
Cross-Site Scripting (XSS)
Attack by placing code in the form of scripting language into a webpage, other media that is interpreted by a client browser including adobe flash and types of video files. When another person views the webpage or media they execute the code automatically and the attack is carried out
Interception
Attacks allows unauthorized users to access our data, applications, or environments. Are primarily an attack against confidentiality
Interruption
Attacks cause our assets to become unstable or unavailable for our use, on a temporary or permanent basis. This attack affects availability but can also attack integrity
Fabrication
Attacks involve generating data, processes, communications, or other similar activities with a system. Attacks primarily affect integrity but can be considered an availability attack.
Modification
Attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack, but could also be an availability attack.
Server-side attacks
attacks that exploit vulnerabilities on the server.
Biometrics
Authentication factors that use physical features ( something that you are )
Network Segmentation
Breaking a network into pieces and putting various levels of security between those pieces. We can control the flow of traffic allowing or disallowing traffic
Honeypots
can detect, monitor, and sometimes tamper with the activities of an attacker. are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker.
Proxy servers
Can serve as a choke point in order to allow us to filter traffic for attacks or undesirable content such as malware or traffic to Web sites hosting adult content.
Intrusion Prevention System (IPS)
Can take action based on what is happening in the environment. In response to an attack over the network an ips might refuse traffic from the source of the attack
Portscanners
check to see what ports are open
Nmap
Zenmap
Masscan
Netcat
Advanced IP Scanner
Angry IP Scanner
Most common Wireless network security families
Chief method of protecting traffic is encryption. The encryption is used by 802.11 wireless devices. The most common wireless families are - wired equivalent privacy (wep) - Wi-Fi protected access ( wpa) - Wi-Fi protected access v2 (wpa2)
COPPA
Children’s Online Privacy Protection Act: a law that intends to keep children under the age of 13 protected from the collection of private information and safety risks online.
TCPDump
Command line packet sniffing tool . Runs on Linux and unx operating systems
kismet
Commonly used to detect wireless access points and can find them even when attempts have been made to make doing so difficult
CFAA
Computer fraud and abuse act of 1986. A law to reduce the hacking and cracking of government or other sensitive institutions computer systems
Parkerian hexad model
Confidentiality, integrity, availability, possession/control, authenticity, utility
compliance
Conforming to a rule, policy or law
CAN-SPAM Act
Controlling the Assault of Non-Solicited Pornography and Marketing Act; protects consumers against unwanted email solicitations
Attribute-based access control (ABAC)
Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions
Technical/ logical controls
Controls are devices and software that protect assets. Think of firewalls, av, ids, and ips
Physical controls
Controls are physical items that protect assets. Think of locks, doors, guards and fences
Administrative controls
Controls are the policies that organizations create for governance. Ex: email policies
Detective
Controls serve to detect and report undesirable events that are taking place (ex. Bulgar alarms)
preventitive
Controls used to physically prevent unauthorized entities from breaching our physical security
CSRF
Cross-Site Request Forgery is an attack that causes an end user to execute unwanted actions on a web application in which he or she is currently authenticated. Unlike with XSS, in CSRF, the attacker exploits the website’s trust of the browser rather than the other way around. The website thinks that the request came from the user’s browser and was actually made by the user. However, the request was planted in the user’s browser
Protecting data at rest
Data is at ready when it is on a storage device of some kind and is not moving over a network, or a protocol
DMZ
Demilitarized zone. Combo of network design feature and a protective device such as a firewall.
Placing a server in the DMZ (Demilitarized Zone) means positioning it in a separate network segment that acts as a buffer zone between the public internet and the organization’s internal network. The DMZ is exposed to the public internet, making it more accessible from the outside but also more vulnerable to attacks.
Physical concerns for data
Depending on the type of physical media on which our data is stored, any number of adverse physical conditions may be problematic or harmful to their integrity. Such media are often sensitive to temperature, humidity, magnetic fields, electricity, impact, and more, with each type of media having its particular strong and weak points.
circumvention
Describes the ease with which a system can be tricked by a falsified biometric identifier
Certificates
Digitally signed electronic documents that bind a public key with a user identity.
Deterrence
discouraging criminal acts by threatening punishment
Secure Protocols
Easiest way we can protect our data
E-FOIA
Electronic Freedom of Information Act. Requires agencies to provide the public with electronic access to any of their reading room records that have been created by them since November 1996
Auditing
Ensuring that we have accurate records of who did what and when. Primarily focused on compliance with relevant laws and policies, and access to and from systems and sometimes physical security
Execute
Execute the contents of the file
Cryptographic
Existed before the modern computer . Used to simplify the use of encryption and made more computer encryption possible.
FERPA
Family Educational Rights and Privacy Act. Protects the privacy of students and parents
FISMA
Federal Information Security Management Act provides a framework for ensuring the effectiveness of information security controls in government
Identify assets
First and most important part or risk management. Identifying and categorizing the assets we are protecting
GLBA
Gramm-Leach-Bliley Act. Protects the customers of financial institutions, any company offering financial products or services
Protecting data in use
Hardest to protect. Data is in use when a user is accessing the data.
HITECH
Health Information Technology for Economic and Clinical Health Act. Created to promote and expand the adoption of health information technology specifically the use of electronic health records.
HIPAA
Health Insurance Portability and Accountability Act. Purpose is to improve the efficiency and effectiveness of the health care system. Requires privacy protections for individuals health information
Utility
How useful the data is to us
Input validation attacks
If we are not careful to validate the input to our applications, we may find ourselves on the bad side of a number of issues, depending on the particular environment and language being used. A good example of an input validation problem is the format string attack. Could be used to crash an application or cause the operating system to run a command and potentially compromise the system.
Bell-LaPadula Model
implements a combination of DAC and MAC and is primarily concerned with the confidentiality of the resource in question. Generally, in cases where we see DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the accesses allowed by the MAC permissions.
Personally Identifiable Information (PII)
information about an individual that identifies, links, relates, or describes them.
single-factor authentication
Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested
integrity
Keeping data unaltered by accidental or malicious intent
Information security
Keeping data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction.
hash function
Keyless cryptography. Do not use a key but instead create a unique and fixed length hash value based on the original message. (Like a fingerprint) a slight change to the message will change the hash
Defense in depth
Layering of security controls is more effective and secure than relying on a single control
Allowing access
Let’s us give a particular party or parties access to a given resource
Assess Vulnerabilities
Look at potential threats. any given asset may have thousand or millions of threats that could impact it, but only a small fraction of the threats will be relevant
Collectibility
Measures how easy it is to acquire a characteristic with which we can use later to authenticate a user
Tools we need to defend our network
Network segmentation, firewalls, IDS/IPS , wireless secure protocols, VPNs, secure protocols, MDM, port scanners , packet sniffers, honeypots
Buffer overflow
Occur when we do not properly account for the size of the data input into our applications
arbitrary code execution
Occurs when an attacker is able to execute or run commands on a victim computer
Vulnerability assessment tools
Often include some portion of the feature set we might find in a tool such as Nmap, are aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilities.
Application of countermeasures
Once we have discovered what risks to our critical information might be present, we would then put measures in place to mitigate them. Such measures are referred to in operations security as countermeasures.
Assess risks
Once we have identified the threats and vulnerabilities for a given asset we can access the overall risk
Identify threats
Once we have our critical assets we can identify the threats that might effect them
one time password
OTP passwords that expire after a time frame of after one time usage
Improper or Inadequate Permissions
Particularly with Web applications and pages, there are often sensitive files and directories that will cause security issues if they are exposed to general users. One area that might cause us trouble is the exposure of configuration files due to improper or inadequate permissions.
PCI DSS
Payment Card Industry Data Security Standard. Security standards designed to ensure all companies that accept , process, or transmit credit card information maintains a secure environment(not a law)
Intrusion Detection System (IDS)
Performs strictly as a monitoring and alert tool, only notifying us that an attack or undesirable activity is taking place
Hardware tokens
Physical devices that generate a one time password ( something you have )
Intrusion Detection System (IDS)
Preforms strictly as a monitoring and alert toll. Only notifying us that an attack or undesirable activity is taking place
The Biba model of access control
Primarily concerned with protecting the integrity of the data, even at the expense of confidentiality
Password manager
Programs that store all of the users passwords with a master password
Accountability
Provides us with the means to trace activists in our environment back to their source. Depends on identification, authentication, and access control being present so that we know who a given transaction is associated with, and what permissions were used to allow them to carry it out
Asymmetrical Cryptography
Public key utilizes 2 keys. A public key and a private key. The public key is used to encrypt data sent from sender to receiver and is shared with everyone
US Patriot Act
Purpose is to deter and punish terroists acts in the United States and around the world
Mitigating risks
Putting measures in place to help ensure that a given type of threat is accounted for
Stream cipher programs
RC4, ORXY, and SEAL
A stream cipher is a method of encrypting data where the plaintext is combined with a pseudorandom cipher digit stream (keystream), one bit or byte at a time. Unlike block ciphers, which encrypt data in fixed-size blocks, stream ciphers work with continuous streams of data, making them suitable for environments where data arrives in an unpredictable manner or where it’s impractical to implement block ciphers. Stream ciphers are known for their speed and simplicity in hardware or software implementations but require careful management of the keystream to maintain security.
Recovery phase
Recover to a better state that we were prior to the incident or perhaps prior to when the issue started if we did not detect it immediately
Nonrepudiation
Refers to a situation in which sufficient evidence exists to prevent an individual from denying that he or she has made a statement or taken action
Limiting access
Refers to allowing some access to out resource, but only up to a certain point
Possession/ control
Refers to the physical disposition of the media on which the data is stored
Regulatory Compliance
Regulations mandated by law usually requiring regular audits and assessments
Industry Compliance
Regulations or standards usually not mandated by law, it is designed for specific industries (e.g. PCI DSS)
Residual Data
Rendering the data as inaccessible when it’s no longer required
Incident response
Response to when risk management practices have failed and have cause an inconvenience to a disastrous event
Our first concern when we plan physical security
Safety of people is our first concern when we plan physical security
SOX
Sarbanes-Oxley Act. Regulates financial practices and governance corporations. Designed to protect investors and the general public by establishing requirements reporting and disclosure practices
Gamification
Selective use of game design and game mechanics to drive employee engagement in non-gaming business scenarios.
Denying access
Simply the opposite of granting access
Protecting data itself
SLL&TLS are used to protect info sent over the network and over internet. The operate in conjunction with other protocols like internet message access protocol (IMAP) , post office protocol (POP) for email
Malware
software that is intended to damage or disable computers and computer systems.
Universality
Stipulates that we should be able to find our chosen biometric characteristics in the majority of people we expect to enroll in the system
Lack of input validation
Structured Query Language (SQL) injection gives us a strong example of what might happen if we do not properly validate the input of our Web applications. SQL is the language we use to communicate with many of the common databases on the market today.
Client side attacks
Take advantage of weaknesses in the software loaded on our clients , or those attacks that use social engineering to trick us into going along with the attack
Revoking access
Takes access that was once allowed away from the user.
Impact
taking into account the assets cost
Containment phase
Taking steps to ensure that the situation does not cause any more damage than it already has, or to at least lessen any ongoing harm.
Authentication attacks
Targets and attempts to exploit the authentication process a web site uses to verify the identity of a user, service, or application.
Social Engineering
techniques that trick a person into disclosing confidential information
Permanence
Tests show how well a particular characteristic resists change over time and with advancing age
Availability
The ability to access data when needed
Authentication
The act of proving who or what we claim to be (password)
Cryptanalysis
The breaking and finding a weakness in the algorithm and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.
CIA
The core model of all information security. Confidential, integrity and availability
Identity verification
The half step between identity and authentication (showing two forms of Id)
Security awareness
the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization.
privacy rights
The legal and ethical sources of protection for privacy in personal data.
Simple Security Property
The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it
Simple integrity axiom
Purpose: Ensures integrity.
Principle: A subject at a certain security level cannot write data to a lower security level. This is known as “no write down.”
Objective: Prevents the corruption of data at lower integrity levels by ensuring that users can only write information at their own level of integrity or higher. This helps in maintaining the accuracy and trustworthiness of the data by preventing the insertion of false or misleading information from higher levels.
Bell-LaPadula Model
Risk
The likelihood that a threat will occur. There must be a threat and vulnerability
Principle of Least Privilege
The lowest level of authorization allowed to a user to preform duties
ACLs (access control lists)
The means by which we implement authorization and deny or allow access to parties based on what resources we have determined they should be allowed access to .
Mandatory Access Control (MAC)
Mandatory Access Control (MAC) is a security model that restricts the ability of subjects (like users or processes) to access objects (like files or system resources) based on the policies defined by a central authority. Unlike Discretionary Access Control (DAC), where the access control policies are set by the object’s owner, MAC policies are enforced by the operating system or security kernel, ensuring a higher level of control over access permissions.
brute force attack
the password cracker tries every possible combination of characters to guess the password
Preparation phase
The preparation phase consists of all of the activities that we can preform in advance of the incident itself in order to better enable us to handle it
Protecting Data in Motion
The primary method of securing data from exposure on network media is encryption, and we may choose to apply it in one of two main ways: by encrypting the data itself to protect it or by protecting the entire connection.
Data security
The process of keeping data, both in transit and at rest, safe from unauthorized access, alteration, or destruction
mutual authentication
prevents what?
The process where the session is authenticated on both ends and just one end . Prevents man in the middle attacks
Compliance
The requirements that are set forth by laws and industry regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government agencies
privacy
the state or condition of being free from being observed or disturbed by other people.
Cryptology
The study of deciphering secret messages. Cryptographic algorithms
Substitution
The substitution of one letter for another in a consistent fashion
Capability-based security
The use of a token that controls our access. A capability is a communicable, unforgeable token of authority which provides the holder with the right to access a specific object in certain ways.
Controls
The ways we protect assets. Physical, technical/ logical, and administrative
Software firewall
This type of firewall generally contains a subset of the features on a large firewall appliance but is often capable of similar packet filtering and stateful packet inspection activities.
Unlike hardware firewalls, which are physical devices placed between a network and the gateway, software firewalls run on individual computers or servers to protect each device by filtering traffic and blocking unauthorized access from external threats.
Vulnerability Assessment
Tool for
Tools such as Nessus . They work by scanning the target systems to discover which ports are open on them and then interrogating each open port to find out exactly which service is listening on the port in question
3DES
Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn’t support AES.
Symmetric block cipher programs
Two fish, serpent, blowfish , cat5, IDEA
Extraneous files
unnecessary files that aren’t cleaned up when the application moves from development to production. Leaving extraneous files may be handing attackers materials they need to compromise the system.
personal equipment
Use of personal equipment brings cost savings to a corporation but can open up certain risks like data leakage, malware, intellectual property viruses
Multi-factor authentication
Use of several authentication techniques together, such as passwords and security tokens.
stateful firewall
Uses a state table to keep track of the connection state and will only allow traffic through that is part of a new or already established connection. Unlike stateless firewalls, which only examine packet headers and enforce rules based on static criteria such as source and destination IP addresses, ports, and protocols, stateful firewalls keep track of the state of active connections and make decisions about packet flow based on the context of the traffic.
VPN
Virtual Private Network. Can provide us with a solution for sending sensitive traffic over unsecured networks. VPN connection is often referred to as a tunnel. Is encrypted connection between two points
Assessments
Vulnerability and penetration testing
What underlying issues in protocol implementation commonly lead to vulnerabilities?
Vulnerabilities in protocol implementations frequently stem from pervasive software development oversights, including but not limited to buffer overflows. These issues arise when data exceeds the allocated storage capacity, potentially allowing attackers to execute arbitrary code or disrupt service operations.
Post incident activity phase
We attempt to determine specifically what happened, why it happened, and what we can do to keep it from happening again.
Scanners
We can look for ports and versions of service that are running, examine banners displayed by services for information. Examine the info our systems display over the network and similar tasks.
Nmap
Wireshark
Metasploit
Nessus
Netcat
OpenVAS
Masscan
Penetration Testing
We conduct a test where we mimic as closely as possible the techniques an actual attacker would us
Eradication phase
We will attempt to remove the effects of the issue from our environment
Vulnerabilities
Weakness that a threat event or the threat can take advantage of.
Threat.
A threat is any potential cause of an unwanted impact to a system or organization.
Risk refers to the potential for loss, damage, or any other negative occurrence that is caused by external or internal vulnerabilities.
A vulnerability is a weakness in a system that can be exploited by a threat to gain unauthorized access or cause harm to the system.
Authorization
What the user can access, modify, and delete
Manual Password Synchronization
When a user synced passwords from different systems without a software application
Unauthenticated access
When we give a user or process the opportunity to interact with our database without supplying a set of credentials.
Admissibility of records
When we seek to introduce records in legal settings, it is often much easier to do so and have them accepted when they are produced from a regulated and consistent tracking system.
Detection and analysis phase
Where the action begins to happen. We will detect the occurrence of an issue and decide whether or not it is actually an incident so that we can respond
Identity
Who or what we claim to be ( username)
WPA2
Wireless Protected Access 2. Wireless network encryption system. Offers the strongest security
Signature-based detection
Works in a similar way to host antivirus systems
Write
Write to a file or directory
Phishing and Pretexting
While both phishing and pretexting aim to deceive and obtain confidential information, phishing typically occurs through electronic communication and relies on urgency, while pretexting involves creating a fabricated story to manipulate individuals in various contexts, including offline interactions.
Compare Simple security property vs simple integrity axiom
Direction of Restriction: The Simple Security Property restricts read actions to prevent confidential information from moving to subjects with lower clearance, while the Simple Integrity Axiom restricts write actions to prevent the corruption or lowering of data integrity.
Security Objective: The Simple Security Property focuses on confidentiality, ensuring that sensitive information is not disclosed improperly. In contrast, the Simple Integrity Axiom is concerned with integrity, ensuring that information remains accurate and uncorrupted.
