Cybersecurity: Malware and Social Engineering

Malware and Backdoors

• Many types of malware create backdoors, allowing attackers to access systems from remote locations.

Types of Attacks

• Social Engineering:
  • Pharming: installing malicious code on a personal computer or server to misdirect users to fraudulent websites without their knowledge or consent.
  • Phishing: emailing users to trick them into revealing personal information or clicking a malicious link.
  • Spam: unwanted email.
  • Spear Phishing: targeted form of phishing that targets specific users or groups.
  • Whaling: form of spear phishing that targets high-level executives.
  • Vishing: using phone calls to trick users into revealing personal information.
  • Tailgating: following an employee through the door without showing credentials.
  • Impersonation: identity theft, often impersonating others like repair technicians to gain access to the server room.
  • Dumpster Diving: searching through trash to gain information from discarded documents.
  • Shoulder Surfing: looking over the shoulder of a user to gain sensitive information.
  • Hoax: false message, often an email telling users there is a virus and encouraging them to delete files or change system configurations.
  • Watering Hole Attack: observing which website a user often uses and infecting it with malware.
• Wireless Attacks:
  • Replay: capturing data sent between two entities, modifying it, and attempting to impersonate one of the parties by replaying it.
  • Evil Twin: a rogue access point using the same SSID as a legitimate AP.
  • Rogue AP: a WAP placed within a network to sniff data.
  • Jamming: transmitting noise on the same frequency to degrade performance.
  • WPS: allows users to configure a wireless network by pressing buttons or by entering a short PIN, but is vulnerable to brute force attacks.
  • Bluejacking: sending unsolicited messages to nearby Bluetooth devices.
  • Bluesnarfing: unauthorized access to a device via Bluetooth connection.

Network Address Translation and Switching

• Network Address Translation (NAT):
  • NAT router acts as the interface between a LAN and the internet using one IP address.
• Switching:
  • Port security: disabling unused ports and limiting the number of MAC addresses per port.
  • 802.1x server: providing port-based authentication.
  • Layer 2 vs Layer 3: Layer 2 switch routes traffic based on MAC within the same network, while Layer 3 switch routes traffic based on IP between two different networks.
  • Loop prevention: using STP or Rapid STP to prevent switching loops.
  • Flood guard: monitoring traffic rate and percentage of bandwidth occupied by broadcast, multicast, and unicast traffic to detect and block flooding attacks.

Proxy and Identity and Access Management

• Proxy:
  • Proxy Server: acts as an Internet gateway, firewall, and internet caching server for a private network.
  • Forward proxy: forwards requests for services from clients and provides caching to improve performance and reduce internet bandwidth usage.
  • Reverse proxy: receives requests on behalf of clients and hides internal servers.
• Access Control Models:
  • Mandatory Access Control (MAC): uses security labels to determine access.
  • Discretionary Access Control (DAC): specifies that every object has an owner and the owner has full, explicit control of the object.
  • Attribute-Based Access Control (ABAC): uses attributes defined in policies to grant access to resources.
  • Role-Based Access Control (RBAC): creates a role for users and assigns access to the role instead of users.
  • Rule-Based Access Control: based on a set of approved instructions such as an ACL.

Account Management

• Account types:
  • User accounts: for regular users.
  • Shared and generic accounts: should not be used.
  • Guest accounts: limited access to computer or network.
  • Service accounts: used by the service or application and not an end user.
  • Privileged accounts: has additional rights and privileges beyond a regular user.
• General concepts:
  • Least privilege: technical control where users or processes are granted only those rights and permissions needed to perform their assigned tasks or functions.
  • Onboarding/Offboarding: processes for adding and removing users.
  • Permission auditing and review: reviewing and updating user permissions.
  • Usage auditing and review: reviewing user activity.
  • Time-of-day restrictions: specifies when users can log on to a computer.
  • Recertification: process of examining a user's permissions and determining if they still need access to what was previously granted.
  • Standard naming convention: for servers, emails, etc.
  • Account maintenance: running scripts to list users inactive for more than 30 days and disable them.
  • Group-based access control: putting user accounts into security groups and assigning privileges to the groups.