Course Detail
Cybersecurity and Privacy
Cybersecurity and Privacy: Bridging the Gap, Khajuria, Sorensen & Skouby. ISBN 9788793519664

Objectives

1. Define Information Systems Security, understand it’s key tenants, and describe the risk, threats, and vulnerabilities commonly found within the seven domains of an IT infrastructure.
2. Describe the evolution of the Internet of Things (IOT) from the late 1990’s to the present.
3. Identify common wireless network and web application attacks and threats.
4. Define, manage and mitigate risk as part of ongoing security operations.
5. Define the basic concept of cryptography, understand the challenges of cryptographic uses and explain the various uses of cryptography.
6. Describe the OSI Reference Model while understanding network types, network protocols, and network security.
7. Identify prominent information security standard organizations and understand relevant compliance laws.


Takeaways

- Information Security:
- Protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
- Provides confidentiality, integrity, and availability
- Involves examining threats and vulnerabilities and managing them appropriately

- Cybersecurity:
- Art of protecting networks, devices, and data from unauthorized access or criminal use
- Ensures confidentiality, integrity, and availability of information
- Protects cyberspace from cyber attacks

- Privacy:
- Assurance of confidentiality and restricted access to certain information about an entity
- Freedom from intrusion into private life or affairs resulting from illegal gathering and use of data
- Right to maintain control over and confidentiality of information

- CIA (Confidentiality, Integrity, Availability):
- Confidentiality: Authorized restrictions on information access and disclosure
- Integrity: Protection against information modification or destruction and ensuring non-repudiation and authenticity
- Availability: Timely and reliable access to information

- Security Tools and Practices:
- Policy, awareness, training, education, and technology
- Physical security, personal security, operations security, communications security, network security, information security

- Characteristics of Information:
- Apart from CIA: Accuracy, authenticity, utility, possession

- IT Security Policy:
- Standards: Definition of software and hardware usage
- Processes: Guidelines on policy implementation
- Guidelines: Suggested courses of action

- Foundation of IT Security Policy:
- Acceptable Use Policy (AUP), Security Awareness Policy, Asset Classification Policy, Asset Protection Policy, Asset Management Policy, Vulnerability Assessment and Management, Threat Assessment and Monitoring

- Risk and Vulnerability:
- Risk: Likelihood of something bad happening to an asset
- Threats: Actions that could damage an asset
- Vulnerability: Weakness that allows a threat to be realized or have an effect

- Relevant Acts and Regulations:
- Federal Information Security Management Act (FISMA)
- Sarbanes-Oxley Act (SOX)
- Gramm-Leach-Bliley Act (GBLA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Children's Internet Protection Act (CIPA)
- Family Education Rights and Privacy Act (FERPA)

- 7 Domains of Information Security:
- User Domain, Workstation Domain, Local Area Network (LAN) Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, System/Application Domain

- Classification of Information:
- Private, confidential, internal use only, public domain

- IoT and Security:
- Challenges in updating devices with patches and timely security measures
- Types of communication, such as VOIP

- IoT and IoE:
- IoT focuses on physical objects, while IoE encompasses things, processes, data, and people

- Types of Security Threats:
- IT sabotage, IP theft, fraud, espionage, workplace abuse

- Advantages of BYOD:
- Boosts employee productivity
- Decreases operating costs
- Higher employee satisfaction
- Access to new devices and technologies
- Easier communication
- Increases trust between employer and employee
- Reduces pressure on support teams
- Helps recruit top talent by simplifying remote work

- Disadvantages of BYOD:
- Security concerns: malware, theft, software issues, lack of effective security software
- Employees working in insecure areas vulnerable to attacks
- Endpoint management without proper tools

- Challenges in IoT:
- Security: vulnerability to attacks, wide reach, unpatched devices, difficult upgrades, lack of user visibility, physical insecurity
- Privacy concerns: privacy policy, data use and rights, acceptance or rejection of policy terms
- Interoperability and standards, legal and regulatory considerations

- Types of Hackers:
- Black-Hat Hackers: Unauthorized access to systems to prove technical prowess
- White-Hat Hackers (Ethical Hackers): Authorized to identify vulnerabilities and perform penetration testing
- Gray-Hat Hackers: Average abilities, potential to become black-hat or white-hat hackers
- Crackers: Hostile intent, seeks financial gains

- Tools Used by Hackers:
- Protocol Analyzers (Packet Sniffers)
- Port Scanners
- OS Fingerprint Scanners
- Vulnerability Scanners
- Exploit Software
- Wardialers
- Password Crackers
- Keystroke Loggers

- Causes of Security Breaches:
- DoS Attacks: Logic attacks and flooding attacks
- DDoS Attacks: Hijacking internet computers to overload sites and block traffic
- Unacceptable Web Browsing
- Wiretapping: Active or passive interception of telephone or communication lines
- Backdoors: Rootkits for hidden access
- Data Modifications: Intentional or inadvertent changes to data
- Spam and Spim: Unwanted email and instant messages with malicious intent
- Hoaxes: Deceptive acts via email
- Cookies: Tracking user history

- Disclosure Threats:
- Sabotage: Unauthorized access or destruction of property
- Espionage: Spying to obtain secret information
- Alteration Threats: Unauthorized changes to data
- Destruction Threats: Rendering assets or resources unavailable

- Categories of Attack:
- Fabrications: Deception to trick users
- Interceptions: Eavesdropping and redirecting transmissions
- Interruptions: Breaking communication channels to block data transmission
- Modifications: Altering data in transmissions or files

- Malicious Attacks:
- Birthday Attacks: Exploiting the birthday problem in probability theory
- Brute-Force Password Attacks
- Dictionary Attacks
- IP Address Spoofing: Disguising as another person or computer
- Hijacking: Taking control of a session or masquerading as one of the parties
- Replay Attacks: Capturing and retransmitting data packets
- Man-in-the-Middle Attacks: Intercepting messages between two parties
- Masquerading: Pretending to be another user or computer
- Eavesdropping (Sniffing): Monitoring and analyzing network packets
- Social Engineering Attacks: Manipulating human psychology
- Malicious Software (Malware):
- Viruses: Attach and replicate within other programs or computers
- Worms: Self-replicating programs across networks
- Trojan Horses: Masquerade as useful programs to deceive users
- Rootkits: Modify or replace existing programs to hide attacks
- Spyware: Gathers user information without their knowledge

- Wireless Attacks:
- Bluejacking: Gaining control of Bluetooth devices
- Bluesnarfing: Sniffing and intercepting Bluetooth communications
- Evil Twin: Creating a fake open wireless network
- IV (Initialization Vector) Attack: Modifying encrypted IP initialization vectors
- Jamming/Interference: Sending disruptive radio frequencies
- Near Field Communication Attack: Intercepting communication data
- Packet Sniffing: Capturing and analyzing IP packets
- Replay Attacks: Replaying captured IP packets
- Rogue Access Points: Using unauthorized network devices
- War Chalking: Mapping physical locations of wireless networks
- Wardiving: Driving around to discover and exploit wireless networks

- Web Attacks:
- Arbitrary/Remote Code Execution: Gaining privileged access and executing code
- Buffer Overflow: Overloading data to exploit vulnerabilities
- Client-Side Attacks: Exploiting vulnerabilities on client-side applications
- Cross-Site Scripting (XSS): Injecting scripts into web applications
- Directory Traversal/Command Injection: Exploiting server vulnerabilities
- Header Manipulation: Stealing cookies through manipulation
- Integer Overflow: Creating mathematical overflows
- LDAP Injection: False authentication through injection
- Local Shared Objects (LSO): Using Flash cookies
- Malicious Add-Ons: Exploiting vulnerabilities in software plug-ins
- SQL Injection: Injecting SQL commands to manipulate databases
- Watering-Hole Attack: Luring targeted users to compromised websites
- XML Injection: Injecting XML tags and data into databases
- Zero-Day: Exploiting newly discovered vulnerabilities

- Disclosure Threats: Unauthorized access to private or confidential information
- Alteration Threats: Violation of information integrity
- Destruction Threats: Rendering assets or resources unavailable
- Sabotage: Destruction of property or obstruction of operations
- Espionage: Spying to obtain secret information
- Security Incident Response Teams (SIRTs): Teams responsible for responding to security incidents

- Countermeasures:
- Education programs for information security awareness
- Regular bulletins about malware issues
- Avoidance of file transfers from unknown or untrusted sources
- Testing new programs or files on isolated computers before introducing them to the network
- Installation of anti-mal


- Business Impact Analysis (BIA): Evaluates potential risks to a company
- Recovery Point Objective (RPO): Maximum acceptable data loss
- Recovery Time Objective (RTO): Maximum tolerable downtime
- Business Recovery Requirements: Sequence of recovery steps
- Technical Recovery Requirements: IT infrastructure needed for recovery

- Business Continuity Plan (BCP): Written plan for structured response
- Disaster Recovery Plan (DRP): Part of BCP, focuses on recovery from interruptions and disasters
- Disaster Recovery Plan Tests:
- Checklist Test: Reviewing recovery procedures against a checklist
- Structured Walk-Through: Step-by-step walkthrough of the recovery process
- Simulation Test: Simulating recovery scenarios without affecting production systems
- Parallel Test: Running recovery systems alongside production systems
- Full-Interruption Test: Fully interrupting production systems to test recovery

- Access Controls:
- Identification: Determining the requester's identity
- Authentication: Verifying the requester's identity
- Authorization: Specifying the requested access privileges
- Accountability: Tracing actions back to individual users

- Types of Access Control Lists (ACL):
- Physical Access: Controls physical access to assets
- Logical Access: Controls logical access to digital resources

- ACL Policies: Manage users, resources, actions, and relationships

- Access Control: Process of determining access privileges to objects for subjects
- ACL helps with integrity incidents

- Types of Authentication:
- Knowledge: Something known (password, passphrase, PIN)
- Ownership: Something possessed (smart card, key, badge, token)
- Characteristic: Unique attribute (fingerprint, retina, signature)
- Action: Behavior or method (typing style)
- Location: Physical location when accessing a resource

- Examples of Multi-Factor Authentication:
- PIN and ATM Card (Types 1 & 2)
- Password and Fingerprint (Types 1 & 3)
- Token and Retina Scan (Types 2 & 3)

- Not Multi-Factor Authentication:
- Password and PIN (Types 1 & 1)
- Token and Smart Card (Types 2 & 2)
- Retina Scan and Voice (Types 3 & 3)

- Access Aggregation: User gaining access to more systems
- Authorization Creep: Users accumulating additional entitlements without shedding old ones

- Discretionary Access Control: User has complete control over owned objects and associated programs
- Mandatory Access Control (MAC): User has no control over privileges or settings
- Non-Discretionary Access Control: Role-based or task-based access control

- Countermeasures:
- Education programs for information security awareness
- Regular bulletins about malware issues
- Avoidance of file transfers from unknown or untrusted sources without anti-malware protection
- Testing new programs or suspicious files on isolated computers before introducing them to the network
- Installation of up-to-date anti-malware software and scheduling regular scans
- Using a secure logon and authentication process


- Decentralized Access Control (Ctl): Multiple locations, lacks unified access control policies and systems. Local sites operate independently with local power.
- Password Managers: Generate and store passwords, reducing the number of passwords users must remember. Multifactor authentication (MFA) required to unlock, and audit logs track activity.
- Three primary models of access controls:
1. Discretionary Access Control (DAC): Allows control over owned objects and linked programs. Privileges can be inherited, leading to potential increases in privileges.
2. Mandatory Access Control (MAC): Does not grant privileges, requires a need-to-know basis and zero-trust with control mechanisms. Provides better protection, granularity, and immunity to Trojan Horse attacks but can interfere with user work and require manual configuration.
3. Non-Discretionary Access Control: Role-Based Access Control (RBAC) or task-based access control. Assigns permissions based on roles, providing a holistic view and implementation across platforms. Offers simple management of permissions in large-scale systems/domains. User-role and role-permission relationships are static without dynamic attributes.

- Task-based access control: Similar to RBAC, allows control over the timing and sequencing of tasks within a role.

- Zero Trust: Never trust, always verify. Adapts to complex environments and does not automatically trust devices connected to the network. Assumes security risks exist both inside and outside the organization.

- Security Administration: Group responsible for planning, designing, implementing, and monitoring an organization's security plan.
- Service Level Agreement (SLA): Contract detailing the services the organization will provide to external parties.
- Blanket Purchase Agreement (BPA): Simplifies recurring purchases for supplies or services.
- Memorandum of Understanding (MOU): Agreement outlining shared actions and areas of interest between parties.
- Interconnection Security Agreement (ISA): Extension of an MOU, documents technical requirements and assets for interconnection.

- Ethics: Leadership role in promoting compliant behavior, adopting guidelines and procedures, and providing security training.
- Personnel Security: Limiting access, segregation of duties (SoD), job rotation, security training, awareness programs, mandatory vacations, and social engineering awareness.

- Change Control: Reviewing and assessing the impact of changes. Processes include request, impact assessment, approval, build/test, implementation, monitoring.

- Application Software Security: Lifecycle includes project initiation, planning, functional requirements, security design specifications, development, acceptance testing, implementation, operations, maintenance, and disposal.

- Security Audit: Evaluating and avoiding data breaches, ensuring systems work as planned. Assessing control effectiveness, policy compliance, and control implementation and updates.
- Manual Audit: Interviews, vulnerability scans, reviewing access controls, analyzing physical access.
- Automated Audit: Audit software creates reports of changes to files or settings, monitors devices, operating systems, or application software.
- Audit and Analysis: Monitoring, auditing, improving security controls, ensuring they protect the organization from threats.
- Controls should be appropriate, effective, and protect the organization from threats. It's acceptable to have multiple controls addressing a single threat.

- Security Review Cycle: Securing, monitoring, auditing, and improving security measures.
- Establishing acceptable standards, communication, and actions permitted by policies.
- Permission Levels: Aligned with the security structure. Types include promiscuous (all allowed), permissive (all not prohibited), prudent (some allowed, some not), and paranoid (few things permitted). Inspecting expected behavior.

- Areas of Security Audits: Firewalls (FW), routers, gateways (GW), wireless access points (WAPs), network devices. Audits can test technologies, rules, configurations, and document changes controlled.

- Audit verifies appropriateness and correct implementation of controls and if they address their

- Risk Management Process steps: Identify risk, assess risk, plan risk response, implement risk response, monitor/control risk
- Risk assessment involves qualitative and quantitative analysis
- Risk responses include reducing, transferring, accepting, and avoiding risks
- Quantifying risk using asset value, exposure factor, single loss expectancy, annualized rate of occurrence, and annual loss expectancy
- Implementing risk responses involves management controls, operational controls, technical controls, detective controls, preventive controls, corrective controls, and deterrent controls
- Countermeasures address risks and reduce vulnerabilities but may have cost, implementation, compatibility, and productivity considerations
- Business Continuity Management involves actions to keep critical business processes running and steps to recover and restore infrastructure to normal
- Steps in disaster recovery include ensuring the safety of people, containing damage, assessing damage and recovery, implementing disaster recovery plans, restoring business operations, and returning operations to the original state
- Cryptography involves writing in secret characters and includes encryption, decryption, ciphers, key establishment, and modern cryptographic applications
- Cryptanalysis is the process of breaking code procedures, and cryptography provides confidentiality, integrity, authentication, and non-repudiation of communications
- Different types of ciphers include stream ciphers, block ciphers, and hash algorithms
- Malicious code and activity include various forms of malware such as viruses, worms, trojan horses, logic bombs, ransomware, spam, and injection attacks
- Attackers have motives such as financial gain, fame, political beliefs, or revenge
- Malware can target systems on the internet or local area networks and can cause harm, modify data, export data, or serve as a launch point for further attacks
- Virus classifications include system infectors, file/program infectors, and macro infectors
- Polymorphic viruses use mutation to vary decryption procedures and avoid signature detection
- Stealth or armored viruses conceal themselves from users or detection software
- Rootkits modify the operating system to hide the compromised state of a computer
- Ransomware limits access to data and often demands payment for access restoration
- Spam is a carrier for viruses and worms and can impact network performance and productivity
- Worms are self-contained programs that propagate through network communications
- Trojan horses masquerade as legitimate programs and can mislead or modify other programs
- Logic bombs are programmed to execute specific actions when certain conditions are met
- Injection attacks provide invalid input to software to cause errors or unauthorized actions
- Botnets are networks of infected machines controlled by a bot-herder for various malicious purposes
- Denial-of-Service (DoS) attacks overwhelm servers or networks to make them unusable
- SYN Flood is a technique used in DoS attacks to overwhelm a server by sending a flood of SYN packets.

Back to Home