Security: CIA Triad, CIANA Pentagon, AAA

Questions and Answers

An organization implements a system that duplicates critical components. Which aspect of the CIA triad is MOST directly supported by this strategy?

• Non-repudiation
• Availability (correct)
• Integrity
• Confidentiality

A cybersecurity analyst discovers a threat actor gaining access to a network by impersonating a technician. What security principle has been MOST compromised?

• Authorization
• Availability
• Authentication (correct)
• Accounting

Which of the following BEST describes the function of a 'compensating' security control?

• Providing an alternative when a primary control fails (correct)
• Discouraging potential attackers
• Mitigating potential damage
• Monitoring for malicious activities

An organization wants to minimize the impact of a potential breach. Which security measure BEST achieves this goal?

Threat Scope Reduction (D)

An attacker spoofs a trusted source to gain sensitive information. Which tactic is being employed?

Phishing (A)

In the world of cybersecurity, what level of skill is associated with the term 'script kiddies'?

Limited technical knowledge with readily available tools (D)

What BEST describes a primary motivation behind hacktivism?

Ideological Beliefs (D)

Advanced Persistent Threats (APTs) are MOST often typically associated with which actor?

Nation-state actors (B)

What is a 'false flag' attack?

An attack that appears to originate from a different source (C)

Why should organizations implement a Zero Trust architecture?

To mitigate insider threats (D)

A network administrator discovers unauthorized devices connected to the network. Which threat concept does this scenario represent?

Shadow IT (C)

An attacker embeds malicious code inside an image file. What type of threat vector is this?

Image-based (A)

An attacker leaves a malware-infected USB drive in a public location. What social engineering technique is being used?

Baiting (C)

What is a 'BlueSmack' attack?

A denial-of-service attack targeting Bluetooth-enabled devices (D)

What is the primary purpose of setting up and utilizing deception and disruption technologies?

To learn from the threat actors launching attacks (A)

A security analyst implements a system that sends fake telemetry data in response to a network scan. What strategy is being employed?

Spoofing fake telemetry data (D)

In physical security, what is the main purpose of bollards?

To prevent vehicular threats (D)

What's the main goal of 'tampering with security devices' as a brute force strategy?

Exploiting vulnerabilities (A)

Why is it important for security personnel to undergo rigorous conflict resolution and self-defense training?

To mitigate risks associated with confronting security personnel (C)

Which of the following is the MOST effective way to bypass surveillance systems?

Attacking the physical environment (A)

What is the primary function of Access Control Vestibules?

Preventing piggybacking and tailgating (C)

What differentiates piggybacking from tailgating?

Piggybacking involves social engineering to gain consent (D)

Why are security guards often placed at access control vestibules?

To provide a visual deterrent and assistance (C)

Which authentication factor is MOST affected by False Rejection Rate (FRR)?

Biometrics (C)

Which security measure is effective against automated scraping tools trying to index the webpage?

Dynamic page generation (C)

Which of the following is TRUE of digital signatures?

Ensure both integrity and authenticity (C)

An organization implements a system that ensures actions cannot be denied by involved parties. Which security concept is being applied?

Non-Repudiation (B)

A recent audit reveals that several employees have permissions beyond what is required for their job roles. Which security principle is MOST directly violated?

Least Privilege (D)

A technician updates the access control lists (ACLs) on a firewall based on a new threat advisory. Which type of security control is being implemented?

Preventative (C)

Which plane in a Zero Trust architecture defines policies related to user and system access?

Control Plane (C)

An organization wants to assess the effectiveness of its current security measures against industry best practices. What type of analysis should they conduct?

Gap Analysis (B)

Which of the threat actors is financially motivated?

Organized Crime (A)

What type of actor is motivated by political, social, or environmental ideologies?

Hacktivists (A)

What makes whailing one of the most dangerous types of phishing?

It comprimises executives with greater system access (A)

A security analyst investigates an incident where an employee inadvertently disclosed sensitive company data through a social media post. Which motivational trigger was likely exploited?

Likability (D)

An attacker sends a series of text messages to trick individuals into providing their personal information. What type of attack is this?

Smishing (A)

Which social engineering technique involves creating a fabricated scenario to manipulate targets into divulging information?

Pretexting (D)

Which of the following is MOST likely to contribute to insider attacks?

Disgruntled Employees (C)

A company implements a double-door system electronically controlled to allow only one door to open at a time. What is this physical security control called?

Access Control Vestibules (C)

A system admin uses a backup power source, like generators and UPS systems, to design network systems. What type of redundancy are they considering?

Power Redundancy (A)

Flashcards

Information Security

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

Information Systems Security

Protects the systems that hold and process critical data (e.g., computers, servers, network devices).

Confidentiality

Ensures information is accessible only to authorized personnel.

Integrity

Ensures data remains accurate and unaltered.

Availability

Ensures information and resources are accessible when needed.

Non-Repudiation

Guarantees that an action or event cannot be denied by the involved parties.

Authentication

Verifying the identity of a user or system (e.g., password checks).

Authorization

Determining actions or resources an authenticated user can access (e.g., permissions).

Accounting

Tracking user activities and resource usage for audit or billing purposes.

Technical Controls

Technologies, hardware, and software mechanisms implemented to manage and reduce risks.

Managerial Controls

Involves strategic planning and governance side of security.

Operational Controls

Procedures designed to protect data on a day-to-day basis, governed by internal processes and human actions.

Physical Controls

Tangible, real-world measures taken to protect assets.

Preventative Controls

Proactive measures implemented to thwart potential security threats or breaches.

Deterrent Controls

Discourage potential attackers by making the effort seem less appealing or more challenging.

Detective Controls

Monitor and alert organizations to malicious activities as they occur.

Corrective Controls

Mitigate any potential damage and restore systems to their normal state.

Compensating Controls

Alternative measures implemented when primary security controls are not feasible or effective.

Directive Controls

Guide, inform, or mandate actions; often rooted in policy or documentation setting the standards for behavior within an organization.

Zero Trust Model

Operates on the principle that no one should be trusted by default

Control Plane

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones.

Data Plane

Subject/system, policy engine, policy administrator, and establishing policy enforcement points.

Threat

Anything that could cause harm, loss, damage, or compromise to information technology systems.

Vulnerability

Any weakness in the system design or implementation.

Risk Management

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

Confidentiality

Refers to the protection of information from unauthorized access and disclosure.

Encryption

Process of converting data into a code to prevent unauthorized access

Access Controls

Sets up strong user permissions, you ensure that only authorized personnel can access certain types data

Data Masking

Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users

Physical Security Measures

Ensures confidentiality for both physical types of data, such as paper records stored in a filing cabinet

Training and Awareness

Conduct regular training on the security awareness best practices that employees can use to protect their organization's sensitive data

Integrity

Helps ensure that information and data remain accurate and unchanged from its original state.

Hashing

Process of converting data into a fixed-size value

Checksums

Method to verify the integrity of data during transmission

Availability

Ensure that information, systems, and resources are accessible and operational when needed

Redundancy

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Non-repudiation

Focused on providing undeniable proof in the world of digital transactions

Authentication

Security measure that ensures individuals or entities are who they claim to be during a communication or transaction

Multi-Factor Authentication (MFA)

Security process that requires users to provide multiple methods of identification to verify their identity

Accounting

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded

Unskilled Attacker (Script Kiddie)

Individual who lacks the technical knowledge to develop their own hacking tools or exploits

Study Notes

Fundamentals of Security

• Information security protects data from unauthorized access, modification, disruption, disclosure, and destruction.
• Information systems security protects the systems, like computers and servers, that hold and process critical data.

CIA Triad

• Confidentiality ensures information access is limited to authorized personnel, using methods such as encryption.
• Integrity ensures data remains accurate and unaltered through checksums.
• Availability ensures information and resources are accessible when needed, often through redundancy measures.

CIANA Pentagon

• An extension of the CIA triad that includes non-repudiation and authentication

Triple A's of Security

• Authentication verifies the identity of a user or system, such as with password checks.
• Authorization determines actions or resources an authenticated user can access, such as permissions.
• Accounting tracks user activities and resource usage for audit or billing purposes.

Security Control Categories

• Technical controls involve technologies, hardware, and software mechanisms to manage and reduce risks.
• Managerial controls involve strategic planning and governance.
• Operational controls involve procedures and measures to protect data daily, governed by internal processes and human actions.
• Physical controls involve tangible, real-world measures to protect assets.

Security Control Types

• Preventative controls thwart potential security threats or breaches proactively.
• Deterrent controls discourage potential attackers by making the effort less appealing or more challenging.
• Detective controls monitor and alert organizations to malicious activities.
• Corrective controls mitigate potential damage and restore systems to their normal state.
• Compensating controls are alternative measures when primary security controls are not feasible or effective.
• Directive controls guide, inform, or mandate actions, rooted in policy or documentation.

Zero Trust Model

• Operates under that principle that no one should be trusted by default.
• The control plane and data plane are used to achieve the model.
• The control plane uses adaptive identity, threat scope reduction, policy-driven access contol, and secured zones.
• Data planes use a subject/system, policy engine, policy administrator and establishes policy enforcements points.

Threats and Vulnerabilities

• A threat is anything that could cause harm, loss, damage, or compromise to information technology systems.
  • Threats stem from natural disasters, cyber-attacks, data integrity breaches, and disclosure of confidential information.
• A vulnerability is any weakness in system design or implementation, arising from internal factors like software bugs, misconfigured software, improperly protected network devices, missing security patches, and lack of physical security.
• Risk exists where threats and vulnerabilities intersect.
  • No risk if there is a threat with no matching vulnerability, and no risk if there's a vulnerability with no threat against it.
• Risk management minimizes the likelihood of a negative outcome and achieves the desired outcome.

Confidentiality

• Refers to the protection of information from unauthorized access and disclosure.
• Confidentiality ensures that private or sensitive information is not available or disclosed to unauthorized entities.
• Confidentiality serves to protect personal privacy, maintain a business advantage, and achieve regulatory compliance.

Methods to Ensure Confidentiality

• Encryption converts data into a code to prevent unauthorized access.
• Access controls are in place to ensure that only authorized personnel can access certain types of data.
• Data masking obscures specific data within a database, making it inaccessible to unauthorized users.
• Physical security measures ensure confidentiality for physical data, such as paper records, and digital information on servers/workstations.
• Training and awareness programs educate employees on security awareness.

Integrity

• Helps ensure that information and data remain accurate and unchanged from its original state
• Verifies the accuracy and trustworthiness of data over the entire lifecycle
• Integrity serves to to ensure data accuracy, maintain trust,and ensure system operability.

Methods to Maintain Data Integrity

• Hashing converts data into a fixed-size value.
• Digital signatures ensure both integrity and authenticity.
• Checksums verify data integrity during transmission.
• Access controls ensure only authorized individuals can modify data, which reduces the risk of unintended/malicious alterations.
• Regular audits involve systematically reviewing logs and operations to ensure all authorized changes were made, and that any discrepancies are addressed immediately.

Availability

• Ensures that information, systems, and resources are accessible and operational when needed by authorized users.
• Availability is required for ensuring business continuity, maintaining customer trust, and upholding an organization's reputation.
• To maintain Availability, use redundancy in systems and network designs.
• Redundancy involves duplication of critical components or functions of a system with the intention of enhancing its reliability

Types of Redundancy

• Server redundancy uses multiple servers in a load-balanced or failover configuration.
• Data redundancy stores data in multiple places.
• Network redundancy ensures data can travel through another route if one network path fails.
• Power redundancy uses backup power sources like generators and UPS systems.

Non-Repudiation

• Focuses on providing undeniable proof in the world of digital transactions.
• It is a security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions.
• It serves to confirm the authenticity of digital transactions, ensure the integrity of critical communications, and provide accountability in digital processes.
• Digital Signatures are unique to each user operating within the digital domain.
  • They're created by first hashing a particular message or communication that you want to digitally sign
  • After this, it encrypts that hash digest with the user’s private key using asymmetric encryption

Authentication

• Verifies that individuals or entities are who they claim to be during a communication or transaction.
• Five common authentication methods:
  • Something you know (Knowledge Factor) which relies on information a user can recall.
  • Something you have (Possession Factor) which is based on user presenting a physical item.
  • Something you are (Inherence Factor) based on user giving a unique physical or behavioral trait.
  • Something you do (Action Factor)
  • Somewhere you are (Location Factor) relies on the user being in a certain geographic location before its granted.
• Multi-Factor Authentication (MFA) requires multiple identification methods.

Key Outcomes of Authentication

• Prevention of unauthorized access
• User data and privacy protection
• Resource restriction to valid users only

Authorization

• Pertains to the permissions and privileges granted to users or entities after they have been authenticated.
• Important to protect senstitive data, maintain system integrity, and create a streamlined user experience.

Accounting

• Ensures all user activities during a communication or transaction are properly tracked and recorded.
• Accounting systems achieve the following:
  • Create an audit trail to trace changes and unauthorized access.
  • Maintain regulatory compliance by keeping a comprehensive record of user activities.
  • Conduct forensic analysis so cybersecurity experts understand what happened and how to prevent it.
  • Optimize resource allocation to allow the organization to function better.
  • Achieve accountability and logged to deter misuse.

Technologies for Accounting

• Syslog Servers aggregate logs from various network devices and systems.
• Network Analysis Tools are used to capture and analyze network traffic.
• Security Information and Event Management (SIEM) Systems offer real-time analysis of security alerts.

Security Control Categories

• Technical Controls utilize technologies, hardware, and software mechanisms that are implemented to manage and reduce risks.
• Managerial Controls are also referred to as administrative controls.
• Operational Controls are procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions.
• Physical Controls are tangible, real-world measures taken to protect assets.

Security Control Types

• Preventive Controls proactively implemented to thwart potential security threats or braches.
• Deterrent Controls discourage potenial atackers.
• Detective Controls monitor and alert organizatons to malicious activities.
• Corrective Controls mitigate any potential damage and restore the systems.
• Compensating controls are alternative measures that are implemented when primary security controls are not fesaible or effective.
• Directive controls are used to guide, inform or mandate an action.

Gap Analysis

• A process of evaluating the differences between an organization’s current performance and its desired performance.
• Can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture
• There are several steps involved in conducting one:
  • Define the scope of the analysis
  • Gather data on the current state of the organization
  • Analyze the data to identify any areas where the organization's current performance falls short of its desired performance
  • Develop a plan to bridge the gap.

Types of Gap Analysis

• Technical Gap Analysis: involves evaluating an organization's current technical infrastructure, identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions.
• Business Gap Analysis: involves evaluating an organization's current business processes, identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions.
• Plan of Action and Milestones (PO&M): outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task.

Zero Trust

• Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin.
• To create, we need to use the two planes:
• Control Plane: Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization.
  • Adaptive identity: Relies on real-time validation that takes into account the user's behavior, device, location, and more
  • Threat Scope Reduction: Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface Focused on minimizing the "blast radius" that could occur in the event of a breach
  • Policy-Driven Access Control: Entails developing, managing, and enforcing user access policies based on their roles and responsibilities
  • Secured Zones: Isolated environments within a network that are designed to house sensitive data..
• Control Plane uses a Policy Engine and a Policy Administrator to make decisions about access -Policy Engine: Cross-references the access request with its predefined policies
  • Policy Administrator: Used to establish and manage the access policies
• Data Plane: Consists of the following
  • Subject/System: Refers to the individual or entity attempting to gain access
  • Policy Enforcement Point: Where the decision to grant or deny access is actually executed

Threat Actor Motivations

• There is a difference between the intent of the attack and the motivation that fuels that attack
• Threat Actors Intent: Specific objective or goal that a threat actor is all aiming to achieve through their attack
• Threat Actors Motivation: Underlying reasons or driving forces that pushes a threat actor to carry out their attack

Motivations Behind Threat Actors

• Data Exfiltration- Unauthorized transfer of data for a computer-
• Financial Gain: Achieved through various means, such as ransomware attacks, or through banking trojans that allows them to steal financial information in order to gain unauthorized access into victims bank accounts
• Blackmail: Where an attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met.
• Service Disruption: Some threat actors aim to disrupt the services of various organizations, either to cause chaos, make a political statement, or to demand a ransom
• Philosophical or Political Beliefs: Attacks that are conducted due to the philosophical or political beliefs of the attackers is known as hacktivism,
• Ethical Reasons: Contrary to malicious threat actors, ethical hackers, also know as Authorized hackers, are motivated by a desire to improve security
• Revenge It can also be a motivation for a threat actor that wants to target an entity that they believe has wronged them in some way
• Disruption or Chaos: Creating or spreading malware to launching sophisticated cyberattacks against the critical infrastructure in a populated city
• Espionage: Spying on individuals, organizations, or nations to gather sensitive or classified information
• War; Cyber warfare can be used to disrupt a country's infrastructure, compromise its national security, and to cause economic damage

Threat Actor Attributes

• 2 Most Basic Attributes of a Threat Actor
  • Internal Threat Actors: Individuals or entities within the organization who pose a threat to its security
  • External Threat Actors: Individuals or groups outside of an organization who attempt to breach its cybersecurity defenses.
• Resources and funding available to the specific threat actor: Tools, skills, and personnel at the disposal of a given threat actor
• Level of sophistication and capability of a specific threat actor
• Refers to their technical skill, the complexity of the tools and techniques they use and their ability to evade detection and countermeasures.
• In the world of cybersecurity, lowest skilled threat actors are classified as "script kiddies""
  • Script Kiddie: Individual with limited technical knowledge, use pre-made software or scripts to exploit computer system and networks
• Nation states actors, Advanced Persistent Threat and others have high levels of sophistication and competencies and process advanced technical skills.
  • Use sophisticated tools and techniques

Types of Threat Actors

• Unskilled Attackers (Script Kiddies)- An individual who Lacks the technical knowledge to develop their own hacking tools or exploits and these low-skilled threat actors need to rely on scripts and programs that have been developed by others.
• • One way these unskilled attackers can cause damage is by launching a DDos attack.
• Hacktivists - Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain
• Hacktivism: Activities in which the use of hacking and other cyber techniques is used to promote or advance a political or social cause
• To accomplish their objectives, hacktivists use a wide range of techniques to achieve their goals such as, Website Defacement: Form of electronic graffiti and is usually treated as an act of vandalism
• Distributed Denial of Service (DDoS): Attacks: Attempting to over whelm the victim's systems or networks so that that cannot be accessed by the organization's legitimate user Doxing: public release of private information of an individual or organization and to leak sensitive data.
• Hacktivists are primarily motivated by their ideolgical beliefs rather than trying to achieve financial gains

Most Well Known Hacktivist Groups

• Is Known By Anonymous and it it loosley affiliated collective that has been involved in numerous high-profile attacks over the years for targeting organizations that they perceive as acting unethically or against the public intrest at large.
• Organized Cybercrime Groups are groups or syndicates that handed together to conduct criminal activities in the digital world
  • Sophisticated and well structured
  • Used resources and technical skills for illicit gain.

Threat Categories

• Nation-state Actor
  • Groups or individuals that are sponsored by a government to conduct cyber operations agasint other nations, organizatons or individuals
• Often threat actors orchestrtae false flag attacks
  • Attack that is orchstrated is one such way that it appears to orginate from a different source or group than the actual perpetrators with the intent to mislead investigators and attribute the attack to someone else -- Consists of creating custom malware, using zero-day exploits, become an advanced persistent threat
• Some threat actors attempt false flag attacks with custom malware and zero-day exploits.

APT (Advanced Persistent Threat)

• Term used to be used synonymously with a nation-state actor because of their long term persistence and stealth
  • prolonged and targeted cyberware in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activites, rather than cause immediate damage
  • often are sponsored by a nation states or its proxies , like organized cybertime groups
• Money not other motivation, is the objective of their attacks the take place in the political sphere

Why Nation-State Actors take Action

• Want to achieve long term stragetic goals and are not seeking financial gain.

• Cybersecurity threats origante from wothin the organizations

• Cybersecurity threats can take form as data theft, sabotage, misuse of access previlgedgs

• Each insider threat is driven with the different motivations

• driven by financial gain and they will want to profit from the sale of sensitive organization

  Common Best Practices

• Always implement Zero-Trust Architecture.

• Ensure that the organization robust access controls.

• Conduct regular audits

• Providers effective employee security awareness programs Shadow

IT Consists

• shadow IT, usage of information tehchnology systems, devices, software applications services with out organization approval
• Shadow It Projects to provide security is actually set to complex for business operations to affect the operation that can occur to be negatively affected

Bring Your Own Device

• Shadow IT exists when security is too complex for business operations or involves use of personal devices for work purposes.
• It can minimized by restricting access and remocving all uncessary software and disabling unused protocols

Understanding Threat Vectors

• The "how" of the attack where as the attack surface where to where
• Message threat can include simple service of SMS OR other form of instant messaging

Phishing

• Campaigns commonly cause a message based threat where an attacker impersonates a trusted entity to trick its victims into revealign the sendstive information
• Threats include image with embeded Malicoius code.
• The files are often disguised as a legitimate documents on a malicious site
• Vishing: A use of voice to click the visitors into revealing their secure information.
• Removable Devices: one comming device is know as baitin attack:
• when an attacker can leave a malicoius.
• Attack on the unsecured networks (wireless, wired, bluetooth)
• The vulnerabilities can expiot the bluetooth or bluesmack exploits

Wireless and Wired Networks

• Unsecured networks includes wireless, wired and bluetooth networks that lack the appropriate security measures to protect these networks.

• Where as Wired network to tend to be more secure rather there their wireless, but they are still not immune to threats

• There are different techniques to bypass (Mac address and VLAN Hopping)

• By explointing voulnerbitlrites an attacker can carry out their attacks using technoiues like (blueborne or bluesmack exploits)

• Bluesmacth- is denial of service is a bluetooth service (where specially crafted) to logical link the adapted protocol packet

How one has has to find different threat actors

• One the most effective way to attack the dfferent threat actor that is
• tactics technique and procedures for behavior associated with a particular threat or group of threat actous

Decpetive and Disruptive

• One of the technologies designed is to confuse the diverts that it atackers from criminal assects in order to detect and newtralizign theth threat ,

Threat Examples

• Honeypop: Decoy system set to attract potential hackers
• Honeynet; network of honeypots to create a more complex system to mimiic an entire newtork.
• Honeyfield : decoy file place withhin the system to lure potential attackers
• honeytopken pieces that are of no resources or value

Port Triggering

• security mechinism is the port that to be where service are on newtork Sporffing Flase Telemetry Data: when a systems detection the newtork

• Physical Security

  1. Physical Security
     • Protect tangible assets (buildings, equipment, people) from harm and unauthorized access
  2. Security Controls
     • Fencing and Bollards -Bollards: Short and and sturdy poles that control prevents vehicle access -Fences: Made from different barriers to close or seperate areas
     • Attack Force -Forcible entry/ Damage to system
       • Attack of personal or equipment -Ram or crash systems

• -** Surveillance Systems**

  • An organized strategy to observe and report activities. video survalence to security gurads the lighting- security sensors, access controls

• *double door: the electronic is system allow one a door the opens preventing piggybaking or tailgating Security Systems

  • Pad locks, PIN pad readers, Card readers,biometric scans,

Fencing and Bollards

• Can serve at physical barriers, delay intruders which provide more time to react.
• Robust and are designed to manage and redirect vehicleer traffic.
• "The 3 Types of Brute Force"*..**
• Forceful Entry: A brute force-like method for gaining unauthorized access to a system or region by breaking or bypassing its barriers, such as windows, doors, or walls.

Tampering and Exploiting devices the protect or help increase data. Confornting - Involve the direct attack personell. Ramming Barriers- Uses car, truck or other morized vehicle to bam into the organization -Surveillance Systems

• is is to desigh with an oraning setup with certain location .

• is is ofton is comproised of four main catergorys (video, audio, lights, sensors)

  A wireless solution is relies is WI FItosend it signal back to the central monitoring station.
  

• Pan-Tilt-Zoom (PTZ) System***

  • The Camera can move with in it areas to help

• Best places to have cameras:*

• Data center.

• Lighting (for surveillance needs

• telecom rooms Sensors 4 type/pressure /light audio waves/ Pressure- activation if a person or wieght are at the location.

• *"ByPass Security with survalence".

1. Obstruct camera or blind with light

Access Control Vestibules

Security double-door system is that is deisgn the two doors is the to help prevents access to each in turn. Is is prevent and stops piggy backing when person helps another pass though with proper access Access Control Vestibules are typically integrated with card systems that a guard will need to verify.

Types Of Door Locks

• Basic Lock.
• Pad Locks
• pin Tumbler pad or number locks
• Modern eletroc doors
• These with RFID or key cards will need inut (Pass word or RFID ) to be unlocked
• Some will have biometric as well as pin

What is Access Badge Cloning?

• radio Frequency identification ( RFID ) and New field Communication (NFC ) technologies how to have attacks

1. the scan is RFID badge
2. the attaers will use the data for access

How does one attack clonge

• scan the badge
• extract the badge

Social Engineering

• Manuplative strategy exploiting human psychology for unauthorized access to systems, data or physical spaces .

  Social engineering is the manipulation of someone to trick them into divulging confidential or personal information that may be used for fraudulent purposes. -Social engineers exploit psychological motivational triggers:

1. Authority: Most people are willing to do what you tell them to do if they believe it's coming from authority.
2. Urgency: Compelling sense of immediacy that drives individuals to act swiftly and prioritize actions 3. Social Proof: Individuals look to the behaviors and actions of others to determine decisions in similar situations.
3. Scarcity: the Psychological pressure feels the limit of a product or out of store.
4. "Baiting" offer something that is appealing then the victim is to provide information.
5. • Impersonate: pretending to be some one else (with the help with names and info)

To trick people impersonation can be brand related attacks to do typo-squatting,

• "Social attacks will perform the following"*
• Pretaxt: the person will give some information to seem true to for the victim trust
• pretexting attacks involve creating to fill in some type of fake or call or need

The "Phising Attacks" will sent out fraudant email for passwrd and email

• Attacks* Spear Phishing: more tageted more tighter attacks "Whaling attacks" more high profalies

• Attacks Can Start

• Phishing.

• smashing attacks- (phone-based with messages)

• Business Email Compromise * Attack by using Internal accounts* A: The person will trick their virictims for personal info.

"###Preventin attacks ###

• Provide education users about security awarness training*