Cybersecurity: Malware and Social Engineering

Study Notes

Malware and Backdoors

Many types of malware create backdoors, allowing attackers to access systems from remote locations.

Types of Attacks

Social Engineering:
- Pharming: installing malicious code on a personal computer or server to misdirect users to fraudulent websites without their knowledge or consent.
- Phishing: emailing users to trick them into revealing personal information or clicking a malicious link.
- Spam: unwanted email.
- Spear Phishing: targeted form of phishing that targets specific users or groups.
- Whaling: form of spear phishing that targets high-level executives.
- Vishing: using phone calls to trick users into revealing personal information.
- Tailgating: following an employee through the door without showing credentials.
- Impersonation: identity theft, often impersonating others like repair technicians to gain access to the server room.
- Dumpster Diving: searching through trash to gain information from discarded documents.
- Shoulder Surfing: looking over the shoulder of a user to gain sensitive information.
- Hoax: false message, often an email telling users there is a virus and encouraging them to delete files or change system configurations.
- Watering Hole Attack: observing which website a user often uses and infecting it with malware.
Wireless Attacks:
- Replay: capturing data sent between two entities, modifying it, and attempting to impersonate one of the parties by replaying it.
- Evil Twin: a rogue access point using the same SSID as a legitimate AP.
- Rogue AP: a WAP placed within a network to sniff data.
- Jamming: transmitting noise on the same frequency to degrade performance.
- WPS: allows users to configure a wireless network by pressing buttons or by entering a short PIN, but is vulnerable to brute force attacks.
- Bluejacking: sending unsolicited messages to nearby Bluetooth devices.
- Bluesnarfing: unauthorized access to a device via Bluetooth connection.

Network Address Translation and Switching

Network Address Translation (NAT):
- NAT router acts as the interface between a LAN and the internet using one IP address.
Switching:
- Port security: disabling unused ports and limiting the number of MAC addresses per port.
- 802.1x server: providing port-based authentication.
- Layer 2 vs Layer 3: Layer 2 switch routes traffic based on MAC within the same network, while Layer 3 switch routes traffic based on IP between two different networks.
- Loop prevention: using STP or Rapid STP to prevent switching loops.
- Flood guard: monitoring traffic rate and percentage of bandwidth occupied by broadcast, multicast, and unicast traffic to detect and block flooding attacks.

Proxy and Identity and Access Management

Proxy:
- Proxy Server: acts as an Internet gateway, firewall, and internet caching server for a private network.
- Forward proxy: forwards requests for services from clients and provides caching to improve performance and reduce internet bandwidth usage.
- Reverse proxy: receives requests on behalf of clients and hides internal servers.
Access Control Models:
- Mandatory Access Control (MAC): uses security labels to determine access.
- Discretionary Access Control (DAC): specifies that every object has an owner and the owner has full, explicit control of the object.
- Attribute-Based Access Control (ABAC): uses attributes defined in policies to grant access to resources.
- Role-Based Access Control (RBAC): creates a role for users and assigns access to the role instead of users.
- Rule-Based Access Control: based on a set of approved instructions such as an ACL.

Account Management

Account types:
- User accounts: for regular users.
- Shared and generic accounts: should not be used.
- Guest accounts: limited access to computer or network.
- Service accounts: used by the service or application and not an end user.
- Privileged accounts: has additional rights and privileges beyond a regular user.
General concepts:
- Least privilege: technical control where users or processes are granted only those rights and permissions needed to perform their assigned tasks or functions.
- Onboarding/Offboarding: processes for adding and removing users.
- Permission auditing and review: reviewing and updating user permissions.
- Usage auditing and review: reviewing user activity.
- Time-of-day restrictions: specifies when users can log on to a computer.
- Recertification: process of examining a user's permissions and determining if they still need access to what was previously granted.
- Standard naming convention: for servers, emails, etc.
- Account maintenance: running scripts to list users inactive for more than 30 days and disable them.
- Group-based access control: putting user accounts into security groups and assigning privileges to the groups.