Essential Security Concepts

Questions and Answers

What is the primary goal of information security?

• Protecting information and information systems from unauthorized use, access, disclosure, disruption, modification, or destruction. (correct)
• Preventing any access to information and information systems.
• Ensuring all information is publicly accessible for transparency.
• Maximizing the speed and efficiency of information dissemination, regardless of risks.

In the context of information security, what does 'confidentiality' primarily aim to protect?

• The availability of systems and data when needed.
• Information from unauthorized disclosure. (correct)
• The integrity of data against unauthorized modifications.
• Systems from physical damage.

Which of the following best describes the concept of 'integrity' in information security?

• Ensuring that information is accessible to anyone who needs it.
• Protecting information from unauthorized destruction.
• Guaranteeing the accuracy and completeness of information. (correct)
• Concealing information to prevent unauthorized access.

What aspect of information security does 'availability' primarily address?

Maintaining authorized users' access to information and resources when required. (C)

Which action exemplifies a threat to data confidentiality?

A disgruntled employee leaks sensitive company emails to a competitor. (C)

Which scenario illustrates a threat to data integrity?

An unauthorized user gains access to a system and deletes important records. (B)

What kind of attack is a Distributed Denial of Service (DDoS) primarily targeting?

System availability (B)

How does 'secrecy' contribute to confidentiality in information security?

By keeping information hidden or preventing its disclosure. (A)

Which concept involves storing sensitive data in an obscure or inaccessible location to enhance confidentiality?

Seclusion (B)

What is the purpose of 'isolation' in maintaining confidentiality?

To prevent the mixing of different types of information that could lead to unauthorized disclosure. (D)

What does the concept of 'accuracy' ensure within the domain of data integrity?

That the data is correct and precise. (D)

In the context of data integrity, what does 'non-repudiation' ensure?

That the origin of a communication or action cannot be denied. (D)

What does 'usability' ensure within the scope of data availability?

The system is easy to use, learn, and control by a subject. (B)

Apart from usability, what other concept directly supports data availability?

Timeliness (B)

What is meant by the term 'cybersecurity'?

The ability to protect or defend the use of cyberspace from cyber attacks. (A)

Which of these options best explains what 'data privacy' refers to?

How data is being handled, processed, stored, and used, especially personal information. (A)

What type of threat involves tricking individuals into divulging sensitive information?

Phishing (C)

What is the primary goal of ransomware attacks?

To encrypt files and demand payment for the decryption key. (B)

What is the primary objective of 'hacktivists' as threat actors?

Advancing their political or social causes. (D)

Which threat actor is most likely to sabotage military and critical infrastructure to gain an advantage in a conflict?

Nation-State Actors (A)

What is 'sensitivity' in the context of confidentiality?

The quality of information that could cause harm if disclosed. (D)

What does 'discretion' refer to in the context of confidentiality?

An operator's ability to influence or control disclosure to minimize harm. (D)

In the context of integrity, what signifies 'truthfulness'?

Being a true reflection of reality. (B)

What does 'accessibility' mean in the context of availability?

The assurance that the widest range of subjects can interact with a resource. (A)

Which traditional IT role is primarily concerned with the maintenance and operation of network infrastructure?

Network Administrator (B)

Which of the following IT disciplines focuses on the design, creation, and maintenance of databases?

Database Administration (B)

What foundational concept related to cybersecurity involves limiting who or what can view or use resources in a computing environment?

Access control (D)

In system security, which process answers 'WHO ARE YOU?'

Authentication (B)

Which activity falls under the 'enforcement' aspect of system security?

Applying or implementing security rules. (B)

What does 'logging' primarily facilitate in system security?

Activity recording (B)

In the context of access control, providing security guards, locks and doors into facilities are examples of:

Physical Access Control (A)

Which of the following is the most common form of physical identification and authorization?

Identification Badges (B)

What is the main function of the AAA services?

Authentication, Authorization, and Auditing (B)

Which of the following provides a way of uniquely identifying a user amongst all the users of that system?

User ID (D)

What does the acronym MAC stand for, as used in network hardware identification?

Media Access Control (C)

What is the main utility of a Radio Frequency Identification (RFID) system?

Automatic identification and tracking (D)

What do account management systems primarily aim to streamline the administration of?

User Identity across multi-systems (A)

What is the main objective of enabling Single Sign-On (SSO) systems?

Providing a unified login experience for users when accessing one or more systems. (C)

What is a primary function of Kerberos in network security?

To guard a network through authentication, authorization, and auditing. (A)

What is the primary advantage of Multi-Factor Authentication over Single Factor Authentication?

Increased trustworthiness through multiple authenticating factors. (B)

Flashcards

Sensitive Information

Information that needs protection, like passwords.

Personal Information

Information that describes you, such as name or age.

Data Privacy

Proper handling, processing, and storage of personal information.

Cybersecurity

Protecting cyberspace from cyber attacks.

Information Security

Protecting information and systems from unauthorized access.

Ransomware

Malicious software that locks files and demands payment.

Phishing

Tricking someone to reveal personal information.

Social Engineering

Manipulative techniques to divulge confidential info.

Denial of Service (DoS)

Flooding a network to make it inaccessible.

Data Leakage

Unauthorized exposure of confidential data.

Hacktivism

Hackers advancing political or social causes.

Cyber Crime

Criminals stealing data for financial gain.

Insider Threat

Insiders stealing for personal or ideological reasons.

Espionage

Nation-states stealing sensitive state secrets.

Cyber Terrorism

Terrorists sabotaging critical infrastructure systems.

Confidentiality

CIA Triad principle ensuring only authorized access.

Integrity

CIA Triad principle ensuring data is accurate and unaltered.

Availability

CIA Triad principle ensuring information is available when needed.

Prevent Disclosure

Prevents information disclosure to unauthorized entities.

Prevent Alteration

Prevents unauthorized modification of information.

Prevent Denial

Ensuring information is available by preventing denial.

Usability

Ability to understand the concept of a topic and control with a subject.

Accessibility

Range of subjects can interact, regardless of their capabilities or limitations.

Timeliness

Prompt, within a reasonable time frame or providing low latency.

Access Control

Limits who can use resources in computing.

Authentication

Verifying identity with passwords or biometrics.

Authorization

Defining what actions are allowed.

Logging

Recording security-related events.

Physical Access Control

Limits access to physical IT assets.

Logical Access Control

Limits access to networks, devices, and data.

Identification

Claiming an identity to access a system.

Authentication

Proving that you are that identity.

Authorization

Defining permissions for resource access.

Auditing

Recording events related to a system.

Accounting

Reviewing logs for compliance.

User ID

Way of identifying a user in a system.

Personal Identification Number

A number that provides authentication information.

Role-Based Access Control (RBAC)

Limits resources based on roles.

Rule-Based Access Control

Access is based on predefined rules.

Mandatory Access Control (MAC)

System manages access controls based on security policies.

Study Notes

Essential Security Concepts

• Cyber security involves protection, information systems, internet, computer and mobile devices.
• Abet Dela Cruz is assigned to the Philippine Computer Emergency Response Team Coordinating Center (PHCERT/CC).
• All definitions need to be clear from the beginning to understand the topics.

Definitions

• Sensitive information includes passwords or things that others should not know.
• Company trade secrets are examples of sensitive information.
• Personal information includes name, age or birthday which all refers to ourselves.
• Sensitive data is stored on the internet or in the cloud, and on-premise data is stored in an organization or local setting.

Data Privacy

• Data privacy covers how data is handled.
• This includes proper handling, processing, storage, and usage of personal information.

Protecting personal information

• Information security: Protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction, provides confidentiality, integrity, and availability.
• Cybersecurity: The ability to protect cyberspace from cyber attacks.

InfoSec

• InfoSec encompasses other realms like data privacy and cyber, which is internet-based.

Forms of Cyber Attack

• Phishing is tricking a person to give their personal information.
• Whale-ing, vishing and smishing are types of phishing.
• Ransomware is malicious software locks files, demands payment for access, and recovers the file.
• Insider abuse refers to actions from within that are illegal.
• Social engineering is a manipulation technique to trick individuals to give or divulge confidential information.
• Defacement is the action of of hacking the system then replacing it with what you want.
• DDOS is flooding website or network which causes traffic and makes site inaccessible.
• Worm infections are like DDOS.
• Malware makes computers unaccessible.
• Data Leakage happens when information is being exposed to unauthorized entities.

Threat Actors

• Hacktivists use computer networks to advance political or social causes.
• Criminal enterprises steal personal information for financial gain.
• Trusted insiders steal proprietary information for personal, financial, or ideological reasons.
• Nation-state actors intrude on computers to steal sensitive information from private companies.
• Terrorist groups sabotage critical infrastructure computer systems.
• Nation-state actors target military and critical infrastructure systems for conflict advantage.

FBI Cyber Criminals

• APT 10 Group are hackers from China who stole various data from at least 45 commercial and defense technology companies.
• APT 40 Cyber Espionage Activities is a group of four Chinese hackers who targeted aerospace, biomedical, healthcare, manufacturing, and virus sectors.
• APT 41 was a Chinese hacking group that uses many different methods to gain illegal access to systems.
• Yevgenly Igoryevich Polyanin (Russian national), is wanted for involvement in ransomware attacks and money laundering.
• In 2020, Kaspersky reported that 7,000 Philippine companies encountered ransomware attacks.
• In 2021, Sophos noted Philippine organizations spent an average of $820,000 (₱40 million) to recover from attacks.
• Susceptibility to attacks is trending upward, while willingness to pay ransoms is decreasing, more likely to be able to restore from back up is trending upward.

Data Breach

• Data breach is inevitable.
• It is not if, but when and how severe the breach will be.
• There are two types of companies - those who have been hacked, and those who don't know they have been hacked.

C.I.A. Triad

• C.I.A. refers to Confidentiality, Integrity and Accessibility.
• Confidentiality allows authorized entities to access information.
• Integrity ensures data is accurate and not altered.
• Accessibility ensures authorized entities can access information when needed.

D.A.D. Triad

• D.A.D. refers to Disclosure, Alteration, Denial.

Prevent Cyber Attacks

• Prevent disclosure of information to unauthorized entities.
• Prevent alteration so information is not modified by unauthorized entities.
• Prevent denial (inaccessibility) so information is available when needed.

CIA Threat Analysis

Threat to CONFIDENTIALITY

• Any form of data leakage is harmful to the organization and its clients.
• This includes confidential information, trade secrets, and PII.
• Potential consequences include compromise of databases or file servers, wireless network sniffing, trojans, theft, damages, penalties, and legal action.

Threat to INTEGRITY

• Integrity, trust and confidence are all invaluable, and keep clients coming back.
• Website defacement, email spoofing/phishing, or identitiy theft can diminish it.
• This can result in reduced trust, non-compliance, and leakage of personal information.

Threat to AVAILABILITY

• Attacks on information systems can affect operational efficiency.
• It can potentially hurt the productivity of employees, effecting the organization as a whole.
• Trojans, denial-of-service attacks, scanning reconnaissance, and man-made incidents can lead to these type of attacks.

Confidentiality Concepts

• Sensitivity refers to harm that can be caused if information is disclosed.
• Discretion is an act of decision where an operator can influence or control disclosure.
• Criticality is level to which information is mission critical.
• Concealment is the act of hiding or preventing disclosure.
• Secrecy is the act of keeping something a secret or preventing its disclosure.
• Privacy refers to keeping personally identifiable information confidential.
• Seclusion involves storing something in an out-of-the-way location.
• Isolation is the act of keeping something separated from others.

Integrity Concepts

• Accuracy: correct & precise.
• Truthfulness: a true reflection of reality.
• Authenticity: genuine.
• Validity: factually/logically sound.
• Nonrepudiation: unable to deny action or verify origin of communication.
• Accountability: responsible/obligated for actions and results.
• Responsibility: in charge or having control.
• Completeness: having all needed components.
• Comprehensiveness: complete in scope or inclusion.

Availability Concepts

• Usability refers to easy to use or learn for the subject.
• Accessibility refers to the widest range is able to interact with resource.
• Timeliness: be prompt, on time, within a reasonable time frame, or providing low latency response.

IT Disciplines

• Traditional IT roles include Network Administrator, System Administrator, DataBase Administrator and Software Developer.
• Security cuts across all IT disciplines, and are broken down into different types of specializations.

Intro to Access Control

• Access control limits what resources can be viewed or used in an environment.
• Access control is a basic Infosec concept that reduces risk to organizations and companies.
• System Security is Authentication, Authorization, Enforcements, Logging

Nightclub Security Example

• Authentication done by Identification check via IDs.
• Access Control includes Over 18 - Allowed In and Over 21 - Allowed to Drink, and VIP List Access.
• Enforcement done by Doors, Walls, Locks, Security Guards, and Bouncers.
• Security measures logged by Log Book and CCTV.

Access Control Types

• Physical limits access to buildings, offices, rooms, cabinets, other physical IT assets.
• Logical limits connection to networks, devices, files, and / or data.

Securing Facilities

• Barriers, Locks, Doors are examples of securing physical location.
• Electronic Access Control Systems involve user credentials, card readers and biometrics.
• There data reports track personnel.

Securing IT Resources

• AAA Services abbreviation refers to Authentication, Authorization, Accounting (Auditing).
• AAA Services cover 5 elements: Identification, Authentication, Authorization, Auditing, and Accounting.

Review of Access Control Technologies

• Identification is provided to confirm uniqueness.
• Authentication is provided to confirm validity.
• Authorization is provided to confirm control.

Identification Methods

• Methods include Usernames, User IDs, Account Numbers, Personal Identification Numbers, and Digital Identification.
• Identification badges are the most common physical identification and authorization, show name, logo, and holder photo. Access Badges to enter secure areas and read stored information.

Types of Addresses

• User ID provide the system a way to uniquely identify a user.
• Account numbers and Pins provide authetication.
• The MAC address is a supposed uniquely generated 48-bit number for network devices.
• IP address gives the logical location of a device on the IP network and are organized into logical groups that get caled subnetworks.
• Radio Frequency Identification (RFID) is Non-contact, automatic identification technology that uses radio signals to identify and track people, vehicles, goods, and assets.

RFID Tag Components

• The RFID Basic System includes, Computer Database,RFID Tag,RFID Reader and Antenna.
• RFID Tags are Chipless.
• Key Components of RFID tech are the Tags, Reader and Back-end Database.

Identity Management

• Password Management, Account Management, Profile Management,Directory Management, Single Sign-on are Identity Management Implementations.
• The policies and standards managed for password use need to be implemented consistently,
• Collection of info associated with a identity or group.
• A login experience for the end users when access system.

Lightweight Directory Access Protocol (LDAP)

• LDAP use is a hierarchical tree structure, support DN and RDN concepts, use DN/CN/DC/OU attributes.
• ADDS provides central authenticatoin and authorization capabilities , and enforce organizational policies on a company level.

Perimeter-based Web Portal Access

• Organization can leverage the directory data to manage,User identity Authentication Authorization data on multiple web-based application using a web portal.

SSO (Single Sign On) Systems

• SSO Server Authenticates the user, application authentication is back end, applications receive user and password data from SSO.
• After initial login subsequent logins are fully automatic.

Kerberos

• Kerberos is a network security system with three key elements: Authentication, Authorization, Auditing
• The system includes the interaction between client and server.

Authentication

• Single-factor authentication involves one factor.
• Multi-factor authentication is higher-trust with multiple authenticating factors; it ensures accurate validation of the user.

Tokens

• Tokens identify and authenticate to applications using software or hardware.
• Soft tokens stored on computer and require second factor for activation.
• Hard tokens dedicated devices.

Biometrics

• Biometrics use data that is unique, and difficult to counterfeit.
• Selected individual characteristics stored and compared with presented template.

Access Control Models

• Role-based Access Control (RBAC) is access control authorizations and roles/functions assigned to a user.
• The owner defines what roles can access a resource, the system being based on policy.
• RBAC systems are easily modeled for organizations of functional struture, and simplify accounting regarding personnel information adjustments. Rule-based, is based on predefined list of rules that determine access.
• The rules specify the privileges granted to users when condition and rules are met.
• Mandatory Access Control (MAC) requires system to manage access controls in accordance to policy, is typically used for systems and for high sensitive.
• This approach is based on a mutual interaction with the information and the system.

Access Capabilities

• System settings are set to: no access, read, write, execute, delete, and full control.
• Types of access listed are: public, group owner, admins, and system.

Discretionary Access Control

• Non-discretionary Access Control is based on the assignment of permission to read, write and execute files on a system
• The administrator to define and tightly control the access rules for files in the system

Types of Access Control

• Discretionary access is the user who has access to data as determined by the owner.
• owner determines who has access and what privileges.

Attacker Profiles

Hacker

• Hackers are intensely interested in the arcane and recondite workings of any computer operating system..
• Highly skilled with coding knowledge, have zero intension on causing damage.

Cracker

• Those break machines with malicious intent, cause a lot of damage by stealing or causing many issues,
• Malicious and easily identified.

The Hats

• Black Hats are Cybercriminals, intentionally illegal, and out for exploitation, malicious for personal gain.
• Gray Hats sometimes have good intensions, have their own perceptions of what is Right and Wrong.
• White Hats are Infosec Professionals, follow ethical practices and laws, and usually work with people's consent.

Hacking Objectives

• Hacktivists seek to advance political or social causes through computer network exploitation.
• Criminals steal personal data and extort money.
• Insiders can be trusted, and leak important data for their own needs.
• Spies gain sensitive state secrets and proprietary data from private companies.
• Terrorist groups aim to disrupt computer systems that operate critical infrastructure
• Warfare aims to sabotage military and infrastructure to gain the advantage in conflict.

Hacking Personas

• Script kiddle are unskilled, use tools developed by other hackers and cause many issues. Hacktivists aim to promote politics, to shed light on injustice.
• State sponsored hackers try finding information for goverments and are directly paid.
• Cyber Terrorist individuals who are motivated by large disruption of computers.