Skripte gesamt Flashcards
(25 cards)
What are the Elements of cybersecurity?
Application Security, Information Security, Network Security, Disaster Recovery / Business Continuity Planning, Operationsal Security, End-user Education
What are cybercrime accessories?
Spam, Cookies, Adware, Spyware, Virus, Logical Bomb, Time Bomb, Worms, Botnet, Trojan horse, Ransomeware, Rootkit,
What are cybercrime tools?
Proxy Server, Steganography, dycrypter, metasploit, Nmap, wireshark, aircrack-ng, john the ripper, nessus, burp suite,
What are the 10 steps / what is the playbook of 10 steps of cybercrime technique?
- Staging your Attack, 2.Specialize and Outsource
- Scale your attacks
- Play the player, not the game
- Get social for better recon
- Probe for every weakness
- Reivent Old web and email attackts
- Think sideways
- Hide in Plain sight
- Take data quietly
Cybercrm techniques can broken down into the following
- Intrusion for Monetary or Other Benefit
- Interception for Espionage
- Manipulation of Information or Networks
- Data Destruction
- Misuse of Processing Power
- Counterfeit Items
- Evasion Tools and Techniques
Cybercrime techniques
Hacking, hacktivism, data breach, cyber-terrorism, Frauf, Identity theft, Clickjacking, Malicious script cams, suspicious emails and notifications, phishing, pharming, harassment, Fraud as as Service (FaaS), Malware as a Service (MaaS), Ransomware as as Serice (RaaS), Attacks as as Service (AaaS)
Best practises and safety 6 focuses
-Governance framework
—Insider threat
Physical environment
Cybersecurity awareness/training
-Assessment of threats/vulnerabilities
-Network security
Governance framework - Companies should create an accurate inventory of:
- Physical devices and systems
- Software platforms and applications
- Maps of network resources, connections, and data flows
- Connections to the company’s networks
- Prioritized list of resources, based on sensitivity and business value
- Logging capabilities and practices, assessed for adequacy, appropriate retention, and secure maintenance
Governance Fundamental Security Goals: protecting your organization’s assets and:
-Confidentiality: Any important information you have that should be kept confidential. This information
should only be accessed by people (or systems) that you have given permission to do so.
-Integrity: Maintain the integrity of information assets to keep everything complete, intact, and
uncorrupted.
-Availability: Maintain the availability of systems, services, and information when required by the
business or its clients
Insider Threat: some of the risks posed from insider threats in the financial sector are outlined below.
- Undesired disclosure of confidential customer and account data
- Fraud & Loss of intellectual property
- Disruption to critical infrastructure
- Monetary loss
- Regulatory repercussions
- Destabilization, disruption, and destruction of financial institutions’ cyber assets
- Embarrassment, and public relations/reputational risk issues
Physical Environment: physical security encompasses defensive mechanisms to the following threats:
-Human threats: Intentional or unintentional damage caused by people, for example, an intruder
accessing a restricted area or an employee error.
- Environmental threats: Damage caused by the weather such as rain, fires, floods, etc.
-Supply system threats: Damage caused by an interruption in energy supply that negatively impacts an
information system
Cybersecurity Awareness & Training
Employees take risks online and this greatly increases cyber-related risks to their organization. Risky
activities by employees include opening suspicious emails and not protecting sensitive information
stored on, or transmitted from, their computers.
Assessing Threats & Vulnerabilities
Cyber criminals continue to take advantage of basic
security vulnerabilities in computer systems. These
include unpatched Windows Operating Systems, weak
passwords, and a lack of end-user education.
Organizations that do not scan for vulnerabilities and
proactively address information system weaknesses face
an increased likelihood of having their systems
compromised
Network Security It refers to any activities designed to protect the confidentiality, integrity, and availability of the network,
as well as the information assets that rely upon it. In general, network security has three fundamental
objective
To protect the network itself;
To reduce the susceptibility of computer systems and applications to threats originating from the
network; and,
To protect data during transmission across the network
What do we Need to Protect?
Data
-Information we keep on computers (product design, financial records, personnel data)
-Lost time, lost sales, lost confidence
Resources
-Unauthorized use of computer time & space
Reputation
-Misrepresentation, forgery, negative publicity
Fundamental objectives of Info Security:
Goal: Data confidentiality, Data integrity, System availibility
Threat: exposure of data, Tampering with data, denial of services
What are Basic Security Attacks?
Introsion, Information theft, denial of services.
Technical Safeguards
what security services should you have?
Security Services
Authentication (entity, data origin)
Access control (prevent unauthorized access)
Confidentiality (disclosure, encryption)
Data integrity (value of data item)
Non-repudiation (falsely denying a transaction)
Security approaches?
No Security - not an option
Security thru Obscurity - don’t tell anyone where your site is
Host Security - enforced security on each host; progressively difficult to manage as number of hosts
increase.
Network Security - control network access to hosts and services; firewalls, strong authentication, and
encryption
Which Cryptographic Techniques exists?
Secret Key Cryptography (SKC): Here only one key is used for both encryption and decryption. This type
of encryption is also referred to as symmetric encryption.
Public Key Cryptography (PKC): Here two keys are used. This type of encryption is also called
asymmetric encryption. One key is the public key that anyone can access. The other key is the private
key, and only the owner can access it. The sender encrypts the information using the receiver’s public
key. The receiver decrypts the message using his/her private key. For nonrepudiation, the sender
encrypts plain text using a private key, while the receiver uses the sender’s public key to decrypt it. Thus,
the receiver knows who sent it.
Hash Functions (HF): These functions are different from SKC and PKC. HF can be used to map data of
arbitrary size to fixed-size values. HF returns values called hash values, has codes, digests, or hashes.
What are symptoms that a Security compromises was detected
Symptoms:
Antivirus software detects a problem.
Disk space disappears unexpectedly.
Pop-ups suddenly appear, sometimes selling security software.
Files or transactions appear that should not be there.
The computer slows down to a crawl.
Unusual messages, sounds, or displays on your monitor.
The mouse pointer moves by itself.
The computer spontaneously shuts down or reboots.
Other Security Methods:
Authentication Protocols built into communications protocol
Transformed password (one-way function)
Challenge-response (random value recorded/sent)
Time-stamp (synchronized clocks)
One-time password (different variant each login)
Zero-knowledge technique (interactive proof)
Address-based Authentication (network address)
Personal Tokens (hardware & pw/ smart cards)
Biometrics (fingerprint, voiceprint, handwriting)
Kerberos: a computer-network authentication protocol that works on the basis of tickets to allow nodes
communicating over a non-secure network to prove their identity to one another in a secure manner. Examples:
Complete authentication system - MIT
DES symmetric cryptography
Online authentication servers
Host server & clients share symmetric keys
Client requests a ‘ticket’ / sends to server
Ticket interpreted only by correct server
Session key is generated by authentication server after successful exchange
Authentication service (AS) / Ticket-granting Service (TGS) / Client/Server (CS) authentication exchange
Common Web security vulnerabilities:
Injection flaws,Broken Authentication
, Cross Site Scripting (XSS), Insecure Direct Object References, Security misconfiguration, : Sensitive data exposure, Missing function level access control, , Cross Site Request Forgery
