Cybersecurity Concepts & Essentials (PDF)

Cybersecurity in a nutshell Offensive Security Defensive Security Security Management Network & System Web Security & Data Privacy and IT Law Pentesting H...

Cybersecurity in a nutshell Offensive Security Defensive Security Security Management Network & System Web Security & Data Privacy and IT Law Pentesting Honeypots Cybercrime & warfare Web Pentesting Windows & Linux Server Risk Management, Threat Reverse Engineering & Security Modelling & Security Malware Analysis Network & CCNA Security Policy Industrial and IOT Forensic Analysis Threat intelligence Security….. System & Security ….. Automation….. innovatief creatief ondernemend How is the course organized?  Lectures on Monday mornings and Friday mornings (20x)  Exercises Monday afternoon (10x)  Come to classes and exercises -> almost guaranteed chance of success. Materials to help with Cybersecurity Essentials  Lessons are based on Cybersecurity Fundamentals Study Guide from ISACA ( “Information Systems Audit and Control Association®”)  Go to https://www.isaca.org/credentialing/cybersecurity-fundamentals- certificate/resources#:~:text=Cybersecurity%20Fundamentals%20Study%20Guide  Choose your language and format (preferably digital)  Not mandatory but to deepen the learning.  Also interesting is Cybok (www.cybok.org)  database which contains most of the current knowledge around cybersecurity How are the exams organized?  Exam period 1:  70% written exam  30% evaluation of work done on the work seminars (15% on submission of completed assignments, 15% on scoring weekly assignments)  Exam period 2:  100% written exam  Mostly multiple choice; some questions/exercises with free input Learning Goals? (Course Sheet CS!) LR3 03.1.2 Identifies OSINT sources and techniques for reconnaissance LR4 04.1.1 Describes for each phase of cybersecurity the possible security measures and their context 04.1.2 Defines identification, authentication, authorization 04.1.3 Articulates and characterizes the various environments such as IT, OT, IOT, within which cyber security is applied, including physical security of cyber assets LR6 06.1.1 Defines the principles of usable cybersecurity including all factors affecting it 06.1.2 Identifies the phases between awareness and safe cyber behavior 06.1.3 Recognizes and frames cybersecurity requirements Learning Goals? (Course Sheet CS!) LR7 07.1.1 Defines the necessary cryptographic concepts 07.1.2 Identifies and describes relevant protocols from a cryptographic perspective 07.1.4 Explains the principles of forensics analysis at every level 07.1.6 Explains the principles of incident response. 07.1.7 Explains the principles of malware analysis LR9 09.1.1 Describes the legislative, deontological and ethical framework surrounding cybersecurity, data protection. The Cybersecurity Gap Landscape  “Cybercrime costs the global economy as much as $600 billion in 2017” (McAfee)  Cyber crime is organized like a company  CEO  Project managers with each their own specialty (Eg. Mail systems)  Suppliers (of eg code to bypass security on a website; many work with a support contract!)  Ransomware is the fastest growing cybercrime tool, with more than 6,000 online criminal marketplaces selling ransomware products and services, and Ransomware- as-a-service gaining in popularity. Cyber Security Rollen  Cyber Security Professionals/Practitioners  Design, implement and manage processes and technical controls, and respond to incidents and events. RvB Executive management Senior Information Security Management Cybersecurity Professionals Cyber Security Rollen Voorbeelden Cyber Security Professional Security Analyst Onderzoekt waar zijn organisatie kwetsbaar is, beveelt oplossingen aan, reageert op incidenten, test op “compliance” Security Engineer Monitort, analyseert gegevens en logs, forensisch werk, reageert op incidenten, onderzoekt nieuwe beveiligingstechnologieën en implementeert ze. Security Architect Ontwerpt een nieuw of verbeterd beveiligingssysteem voor een organisatie Security Administrator Installeert en onderhoudt beveiligingssystemen ENISA Cyber Security Rollen Senior Information Security Management CISO (Chief Information Security Officer), CSO (Chief Security Officer), Informatiebeveiligingsverantwoordelijke, Directeur informatiebeveiliging etc. Ontwikkelen de beveiligingsstrategie Werken de grote lijnen (zie beneden) uit in richtlijnen, procedures, regels Beheren het beveiligingsprogramma en -initiatieven. Executive management en Raad van Bestuur Bepalen de grote lijnen (policies) voor informatiebeveiliging Meer rollen (Alleen informatie; geen examenvragen) https://niccs.us-cert.gov/workforce-development/cyber-career-pathways Information Security What is cybersecurity? Physical security  Information security?  Security of information in any shape or form  Also physical forms of information (eg. paper)  Includes physical threats to information (eg. earthquake)  Cyber Security as part of information security Cybersecurity OT  Security of “information” in the cyber world  In the cyber world information is processed, stored on and transported over internetworked computers.  Extension cyber security (eg OT – operational technology)  Also programs, apps, configurations are a form of data or information  Take into account physical threats if they have a direct effect on the cyber world (required by certain security standards) A brief history of cybersecurity  1949: John von Neumann -> self-replicating automata.  1957: A blind boy hacks the phone system by whistling at a perfect pitch  1963: The first ever reference about malicious hacking -> 'telephone hackers’ using midi-computer PDP-1 for free calls in MIT's student newspaper  1970: The CREEPER -> Beginning of cyber security -> Bob Thomas made computer program move across network, leaving a small trail, printing the message “I’M THE CREEPER: CATCH ME IF YOU CAN.”  197x: The REAPER -> a colleague of Thomas made a version that replicated itself at times and eliminated the Creeper-> the first anti-virus software.  1981: Ian Murphy -> first hacker tried and convicted as a felon. Murphy broke into AT&T's computers in 1981 and changed the internal clocks that metered billing rates so people were getting late-night discount rates when they called at midday.  1981: Chaos Computer Club forms in Germany.  1983: TROJAN HORSE -> Ken Thompson mentions "hacking" and describes a security exploit that he calls a "Trojan horse“ Een korte geschiedenis van cyber security  1986: The FIRST BIG HACK? -> German Marcus Hess hacked internet gateway in Berkeley piggybacking on the Arpanet. Hacked 400 military computers, including Pentagon, with the intent of selling their secrets to the KGB. Caught when an astronomer named Clifford Stoll detected the intrusion and deployed a honeypot technique.  1988:The MORRIS WORM -> Robert Morris wanted to gauge the size of the internetand wrote a program designed to propagate across networks, infiltrate Unix terminals using a known bug, and then copy itself. The Morris worm replicated so aggressively that the early internet slowed to a crawl, causing untold damage (DOS attack).  1987: John McAFEE ANTIVIRUS -> Viruses started getting deadlier -> the rise of antivirus as a commodity -> the first dedicated antivirus company. McAfee's later opinion about his former anti-virus company  1989: RANSOMWARE -> The detection of AIDS (Trojan horse) is the first instance of a ransomware detection.  1990s: 10000s virus (malware) samples per year  1993: HACKER CONFERENCE -> first DEF CON hacking conference in Las Vegas meant to be a one-time BBS good-bye party -> so popular it became an annual event (Aug 2022) Een korte geschiedenis van cyber security  1996: PHISHING -> the first time that the term “phishing” was used and recorded was on January 2, 1996 in a Usenet newsgroup called AOHell. Through the AOL instant messenger and email systems, they would send messages to users while posing as AOL employees. Those messages would request users to verify their accounts or to confirm their billing information.  2007: 5 million new samples per year  2013: FIRST LARGE SCALE ENCRYPTING RANSOMWARE In September of 2013, Cryptolocker ransomware infected 250,000 personal computers,  2017: 500 K malware samples per day…  2017: Wannacry -> this infamous Ransomware targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin.  2019-2020: ASCO, Picanol, Belnet,  2020: The FBI reported a 400% rise in cybercrime after COVID-19 was declared a pandemic (pandemics, disasters, media stars can all be used as lure by hackers). Historical growth of computer malware New malware a year - there is still hope COVID 19 CIA - The fundamental principles of Cybersecurity C…………………………… I……………………………. A………………………….. Short Quiz – Wooclap time! Short Quiz – Wooclap time! Short Quiz – Wooclap time! Short Quiz – Wooclap time! 25 CIA - The fundamental principles of Cybersecurity CONFIDENTIALITY CONFIDENTIALITEIT I……………………………. A………………………….. Confidentiality  Protection of information from unauthorized access or disclosure  Some information is more sensitive than others. Eg. Medical, financial, personal information, “IPR” (intellectual property) versus a report from an internal staff meeting.  For some information, there are legal requirements to protect their confidentiality. Confidentiality  Methods of control: access control, file permissions, encryption  Possible consequences:  Disclosure of information protected by privacy laws. “GDPR”/”AVG”.  Loss of public confidence.  Loss of competitive advantage  Legal action against the enterprise  Interference with national security  Loss of compliance CIA - The fundamental principles of Cybersecurity CONFIDENTIALITY INTEGRITY A………………………… INTEGRITEIT Integrity  The protection of information from unauthorized modification.  Eg. Change a bank transfer by adding a zero to the amount or by changing the bank account number.  Is also important for software, configurations, files, electronic messaging.  Violation of integrity is significant because it may be the first step in a successful attack against system confidentiality. Integrity  Methods of control: Access controls, Logging (Blockchain), Digital signatures, Hashes, Backups, Encryption  Possible consequences:  Inaccuracy  Erroneous decisions  Fraud  Failure of hardware  Loss of compliance CIA - The fundamental principles of Cybersecurity CONFIDENTIALITY INTEGRITY AVAILABILITY BESCHIKBAARHEID Availability  Protection of information so that the timely and reliable access to and use of information and systems is ensured.  Includes safeguards to make sure data are not accidentally or maliciously deleted.  Particularly important with a mission-critical system like for instance the systems who manage the stock exchange.  Without information -> no ability to make effective decisions and responses. Availability  Methods of control: “redundancy”, “High Availability” systems, replication, backup, access control, “disaster recovery” and “business continuity” plan.  Possible consequences :  Loss of functionality and operational effectiveness  Loss of production time  Loss of compliance  Fines from regulatory bodies or a legal process  Impeding the company's objectives Non-repudiation  Outside the CIA Triad but an important consideration in cybersecurity.  Definition: Ensure that a message or other piece of information is genuine AND the person who sends or receives information cannot deny that they sent or received the information.  In the physical world: handwritten signatures.  In the cyber world: digital signatures and transaction logs. Examples CIA Triad  Stealing somebody’s bank account details.  Execute a digital attack on a bank and change the amount on somebody’s bank account.  Unauthorized deletion of somebody’s personal records in a database.  Forge a (digital) signature.  Cause an electrical outage at a major telecom operator (Eg. Telenet).  Malware which changes randomly information on your device.  A bogus website (replicating an authentic one), asking for your username and password. Examples CIA Triad  In 2000, a 15-year-old hacker known as ‘Mafiaboy’ took down several major websites including CNN, Dell, E-Trade, eBay, and Yahoo!, the last of which at the time was the most popular search engine in the world. This attack had devastating consequences, including creating chaos in the stock market.  eBay reported that an attack exposed its entire account list of 145 million users in May 2014.  In June 2019, two Florida city governments each paid hundreds of thousands of dollars to ransomware actors in order to recover their affected data and assets. Riviera Beach, paid $600,000 in bitcoin. Lake City handed $460,000 over to malefactors.  In Belgium, an IT service provider paid 250 K€ in 2021. McCumber Cube - Extensie van de CIA Triad Voettekst 38 McCumber Cube - Extensie van de CIA Triad  Also called the Cybersecurity Cube  Robust information security program considers relationship between:  Fundamental principles cybersecurity (CIA)  Information states: The different states in which information can be in a system  Storage, Transmission, Processing  Safeguards: The full range of available security safeguards to be included in the design.  Policies & practices (Operations)  Human factors (Personnel)  Technology Voettekst 39 Cybersecurity Concepts and their relations Cyber beveiliging concepten en relaties value Stakeholders want to minimize impose reduce Controls can reduce Ris k may be aware of can also be found in Vulnerabilities make use of increases for Threat agents give rise to Threats Assets aimed at An example  Young child of wealthy parents walks back from school on the street alone  Stakeholders = parents, family, friends, school, community  Asset / ”subject of interest” = Child  Vulnerability = Child walks alone through a dangerous neighborhood  Threat agents / ”Threatening entity” = kidnappers  Threat = Kidnapper has a plan to kidnap a child for ransom  Risk = real and high that child is abducted  Control(s) = Accompaniment by an adult, transport by car, bodyguard An IT example  Hacker asks private person money in order to stop him from spreading the spicy photos stolen from his computer.  Stakeholders = private person  Asset = photos (or the honor of the person in question)  Vulnerability = computer not sufficiently protected  Threat agents = Hacker  Threat = the distribution of the pictures and NOT an attack on the computer by a hacker to steal pictures (that already happened)  Risk / Risk = real and high, given that both the threat and the vulnerability are real and often occur  Control(s) = better computer security Definities  Asset: Something of tangible or Stakeholders value want to minimize intangible value worth protecting, including people, information, impose Controls reduce infrastructure, finance and reputation. may be aware of can reduce Risk  Example: private pictures can also be found in Vulnerabilities Threat agents make use of increases for give rise to Threats Assets aimed at Definities  Stakeholder: entity (e.g. person, organization, group) for which the asset Stakeholders value want to minimize has value and which has an interest in protecting the asset. impose Controls reduce  Example: the owner of private pictures. can reduce Risk may be aware of can also be found in Vulnerabilities Threat agents make use of increases for give rise to Threats Assets aimed at Definities value Stakeholders want to minimize  Vulnerability: A weakness in the design, implementation, operation or internal impose Controls reduce control of a process that could expose may be aware of can reduce Risk the asset to adverse threats. can also be found in  Example: a bug (programming error) in Vulnerabilities an application. Threat agents make use of increases for give rise to Threats Assets aimed at Definities value Stakeholders want to minimize  Threat: The (potential) result or outcome of the malicious activity of a impose Controls reduce threat agent. may be aware of can reduce Risk Note: Often "threat" and "threat agent" can also be found in are combined in a "threat". Vulnerabilities increases for  Example: the unlawful distribution of Threat agents make use of private photographs. give rise to Threats Assets aimed at Definities value Stakeholders want to minimize  Threat Agent: Anything (e.g., object, substance, human) that is capable of impose reduce Controls acting against an asset in a manner that may be aware of can reduce Risk can result in harm. can also be found in Vulnerabilities  Example: Wind (which can – if very increases for strong - destruct property). Threat agents make use of give rise to Threats Assets aimed at Definities value Stakeholders want to minimize  Risk: The combination of the probability of an event and its consequence (ISO/IEC 73). impose reduce Risk is mitigated through the use of Controls “controls”. may be aware of can reduce Risk can also be found in  Inherent risk: The risk level or exposure without considering the actions that Vulnerabilities management has taken or might take (e.g., increases for implementing controls) Threat agents make use of  Residual risk: Even after controls are in give rise to place, there will always be residual risk, Threats Assets defined as the remaining risk after aimed at management has implemented a risk response. (100% security) Definities value Stakeholders want to minimize  Control: Measures used to: impose reduce  protect the asset Controls can reduce Risk  reduce vulnerabilities and impacts may be aware of can also be found in  and/or reduce the risk to an Vulnerabilities acceptable level. Threat agents make use of increases for  Example: Anti-malware software for personal computers give rise to Threats Assets aimed at Definities value Stakeholders want to minimize  A "stakeholder" attaches value to an "asset" and will always try to minimize impose Controls reduce the "risk" by imposing "controls". may be aware of can reduce Risk can also be found in  In principle, a stakeholder should be Vulnerabilities aware of vulnerabilities, but this is often not the case! Threat agents make use of increases for give rise to Threats Assets aimed at Definities value Stakeholders want to minimize  "Controls" generally reduce "vulnerabilities“. impose reduce Controls can reduce Risk  Example: Anti-malware reduces risk of may be aware of can also be found in viruses. Vulnerabilities  But controls can also possess Threat agents make use of increases for “vulnerabilities”! give rise to  Example: faulty update by known Anti- Threats aimed Assets malware company resulted in blue at screen after reboot. Definities value Stakeholders want to minimize  "Vulnerabilities" lead to a certain "risk" but can be mitigated by "controls". impose reduce Controls can reduce Risk  Example: Vulnerability in MS Windows may be aware of can also be found in allows you to control a PC remotely. Vulnerabilities This can be mitigated by installing the make use of increases for right anti-malware solution. Threat agents give rise to Threats Assets aimed at Definities value Stakeholders want to minimize  Threat agents give rise or are the cause of "threats". Their goal is to abuse or impose reduce Controls damage an asset. may be aware of can reduce can also be found in Risk  Example: Kidnapper wants to abduct a Vulnerabilities child to obtain ransom. Without a make use of increases for kidnapper there is no threat! Threat agents  Example: A pyromaniac setting fire to a give rise to Threats Assets building aimed at Definities value Stakeholders want to minimize  A "threat" is aimed at an "asset" which increases the "risk“. The threat will try impose reduce Controls to exploit "vulnerabilities". may be aware of can reduce can also be found in Risk Vulnerabilities Threat agents make use of increases for give rise to Threats Assets aimed at De essentie van cybersecurity  The core task of cyber security is to identify, mitigate and manage cyber risks to an organization's digital assets.  Cyber risk is that part of total risk management that focuses exclusively on risks that manifest themselves in the cyber domain.  By using a risk-based approach to cyber security, more informed decision making can be made in order to  protect the organization  and apply limited budgets and resources effectively. Inhoud cursus  Cybersecurity Concepts  Security Architecture Principles  Security of Networks, Systems, Applications and Data  Cryptography  Incident Response  Security Implications and Adoption of Evolving Technology  Maths problem solving concepts zoals talstelsels en notaties, modulo rekening, basic probability calculation (brute force) and password entropy  Python scripts in a simplified cybersecurity context.  Guest speakers on cybersecurity topics Voettekst 57 Exercises Cybersecurity Essentials Praktisch Room D.3.202 (15.15u). Exercises in LEHO. Make ALL the exercises! Coaches Submit all answers no later than midnight Mr. Kurt Schoenmaekers Sunday. Mr. Henk Brouckxon Remember, completing the exercises counts toward your final score! Mr. Chris Roets Mr. Nico Declerck

Cybersecurity Concepts & Essentials (PDF)

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue