Security Fundamentals

Done

CIA Triad

It is the mais dogma of Security

Confidentiality

Integrity

Availability

Common Terms

Vulnerability: Potential weakness in a system

Exploit: A way to use the vulnerability

Threat: Actual possibility of someone exploiting a vulnerability

Mitigation Techniques: Methods used to protect against threats

Common Attacks

DoS (Denial of Service)

Threatens: Availability

It is an attack the focuses on making the system unusable. It can be done by a single machine or a bunch of them (botnet making a Distributed DoS)

Example TCP SYN flood

A machine or multiple of them flood the network with Discover messages to cause a DHCP Exhaustion, so new clients can get an IP, by spoofing multiple MAC Addresses.

Spoofing

Threatens: CIA

It is the act of using a fake address (IP/MAC). It can be a collection of attacks. One of them is also the TCP SYN FLOOD as it spoofs the MAC Address.

Reflection/Amplification

Threatens: Availability

This is an indirect attack. The threat spoofs its address as the target’s one and send a request to the reflector, which will reply to the target. The Amplification happens when such small request triggers a huge response to the target.

Man-in-the-Middle

Threatens: Confidentiality & Integrity

A threat places itself between the sender and the destination to view and/or modify a message being transmitted on the same link.

Example ARP Spoofing (poisoning)

Firstly, it is a normal ARP operation, where the HostA sends an ARP Request in broadcast, then the intended HostB replies with an ARP Reply. However, after that, the threat also sends an ARP Reply pretending to be HostB. So any messages that HostA try to send to HostB will first pass by the attacker, it being able to view the content of the frame and/or modify it.

Reconnaissance

It is not a threat, but a way for the attacker to learn information about the future target.

Malware

Threatens: CIA

It is any software with malicious intent. Some examples are:

Virus: It is a piece of software that attaches itself to a legitimate software.

Trojan Horse: It is a whole software that pretends to be a legitimate software.

Worm: It is a standalone software as well, with great replicating capabilities and the ability to run itself.

Social Engineering

Threatens: CIA

This method exploits the most common weakness of a system, the people, and makes them do certain actions or reveal information.

Example Phishing

Phishing is the act of luring someone into doing something malicious with a bait, like a reward. There various types of Phishing, some of them are:

Spear-Phishing: Phishing target toward a specific group of people

Whaling: Targets rich or powerful persons

Vishing: Phishing via Voice

Smishing: Phishing via SMS

Example Watering Hole

It is the act of putting a malicious resource in a previous trusted environment. For example, if someone put a link to download a malware in the amazon.com website.

Example Tailgating

It is the act of entering a restricted area by following someone that is authorized, like opening a door for such person and go with it.

Password-related

This attacks target the account of someone/something, by trying to discover the password. Some of the ways of getting access to such accounts are:

Guessing

Dictionary attack: The attacker iterates a list of common passwords

Brute Force attack: The attacker guess all possible combinations

Multi-Factor Authentication

It is a Mitigation Technique by employing more than one category of authentication. The categories are as follow:

Something you know → Username/Password, PIN…

Something you have → Badge, Key Card, Key…

Something you are → Biometrics, Retina…

Digital Certificates

This are virtual certificates signed by a device and issued by an organization. This can be used to prove the authenticity of something, or if it belongs to someone/something.

One example are the SSL Certificates used by websites.

AAA

AAA stands for Authentication, Authorization and Accounting.

Authentication → Confirms the user`s identity

Authorization → Tells what such user can and can`t do

Accounting → Logs everything such user has done

There are two protocols used for AAA:

Radius

It is an industry standard

TACACS+

It is Cisco property

Security Programs Elements

These are actions (collection of) and procedures done in order to prevent attacks.

User awareness

They are actions that lead an user to realize by itself that he could be a potential victim of a threat.

User Training

They are dedicated lectures to inform the users of best-practice actions and what to avoid doing in order to maintain the environment and themselves safe from threats.

Physical Access Control

These are physical and tangible barriers placed to prevent unauthorized personnel from entering confidential areas.