Cybersecurity Fundamentals PDF

CYBERSECURITY FUNDAMENTALS MUHANNAD ALRIHALI 1. INTRODUCTION OUTLINE What is Cyber Security? Key concepts in Cyber Security (CIA triad) Level of Impact Cyber Security Challenges Assets of Computer System Passive & Active Attacks Career in Cyber Security Q/A WHAT IS CYBER SECURITY? Cybersecurity refers to the practice of protecting systems, networks, and data from digital attacks, unauthorized access, damage, or theft. It encompasses a wide range of technologies, processes, and practices designed to safeguard information and ensure the confidentiality, integrity, and availability of data. Cybersecurity aims to protect critical infrastructure, personal and corporate information, and ensure the safe and reliable operation of various digital systems. The NIST defines “Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.” KEY CONCEPTS IN CYBER SECURITY (CIA TRIAD) The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability. The CIA triad is a common model that forms the basis for the development of security systems. 1. Confidentiality: Ensuring that information is accessible only to those authorized to have access. 2. Integrity: Protecting information from being altered or tampered with by unauthorized parties. 3. Availability: Ensuring that authorized users have access to information and resources when needed. EXAMPLES OF SECURITY REQUIREMENTS Confidentiality: An example would be encryption of sensitive data like credit card numbers in an e- commerce transaction. Only authorized parties with the correct decryption key can access the information. Confidentiality – student grades Integrity: An example is the use of checksums or hash functions to verify that a file has not been tampered with during transfer. If even a single bit of the file is altered, the hash value will change, indicating a potential integrity breach. Integrity – patient information Availability: An example is implementing redundant systems and regular backups to ensure that a website remains online even during hardware failures or cyberattacks like a Distributed Denial of Service (DDoS) attack. Availability – authentication service LEVEL OF IMPACT Low The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals Moderate The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals High The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals Computer security is not as simple as it might first appear to the novice. In developing a particular security mechanism or algorithm, CYBER one must always consider potential attacks on those security features. SECURITY CHALLENGES Physical and logical placement needs to be determined. Security mechanisms typically involve more than a particular algorithm or protocol and also require that participants be in possession of some secret information which raises questions about the creation, distribution, and protection of that secret information. Human Factors: Users are often the weakest link in cybersecurity. Social engineering attacks, such as phishing, exploit human behavior to gain unauthorized access. Zero-Day Vulnerabilities: These are previously unknown vulnerabilities in software or hardware that are exploited by CYBER attackers before the vendor becomes aware of them. Defending against zero-day attacks is particularly difficult as no patches or updates are available at the time of the attack. SECURITY CHALLENGES Complexity of Systems: Modern IT environments are highly complex, with interconnected systems, cloud services, IoT devices, and mobile platforms. Securing all components and ensuring consistent security policies across diverse environments is a major challenge. Rapid Technological Change: The fast pace of technological innovation, such as cloud computing, AI, and 5G, introduces new security challenges. Keeping up with these changes and adapting security practices accordingly can be difficult. Attackers only need to find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. Security is still too often an afterthought to be incorporated into a system after the design is CYBER complete, rather than being an integral part of the design process. SECURITY CHALLENGES Security requires regular and constant monitoring. There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs. CYBER SECURITY TERMINOLOGY Cyber Security Terminology, from RFC 2828, Internet Security Glossary, May 2000 Adversary (threat agent): Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. Countermeasure: A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive information or information systems. Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event, and is typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (Table can be found on page 8 in the textbook) CYBER SECURITY TERMINOLOGY Cyber Security Terminology, from RFC 2828, Internet Security Glossary, May 2000 Security Policy: A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data. System Resource (Asset): A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems. Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. (Table can be found on page 8 in the textbook) SECURITY CONCEPTS AND RELATIONSHIP ASSETS OF A COMPUTER SYSTEM Hardware Software Data Communication facilities and networks Categories of vulnerabilities Corrupted (loss of integrity) Leaky (loss of confidentiality) Unavailable or very slow (loss of availability) Threats VULNERABILITIES, Capable of exploiting vulnerabilities Represent potential security harm to an asset THREATS AND ATTACKS Attacks (threats carried out) Passive – attempt to learn or make use of information from the system that does not affect system resources Active – attempt to alter system resources or affect their operation Insider – initiated by an entity inside the security parameter Outsider – initiated from outside the perimeter Means used to deal with security attacks Prevent Detect Recover COUNTERMEASURES Residual vulnerabilities may remain May itself Goal is to introduce new minimize residual vulnerabilities level of risk to the assets COMPUTER & NETWORK ASSETS Availability Confidentiality Integrity Equipment is stolen or An unencrypted CD- Hardware disabled, thus denying ROM or DVD is stolen. service. A working program is modified, either to Programs are deleted, An unauthorized copy cause it to fail during Table 1.3: Software denying access to users. of software is made. execution or to cause it Computer and Network Assets, with to do some unintended task. Examples of Threats An unauthorized read of data is performed. Existing files are Files are deleted, Data An analysis of modified or new files denying access to users. statistical data reveals are fabricated. underlying data. Messages are destroyed Messages are modified, Communication or deleted. Messages are read. The delayed, reordered, or Lines and Communication lines traffic pattern of duplicated. False Networks or networks are messages is observed. messages are rendered unavailable. fabricated. PASSIVE ATTACK A passive attack is a type of cyberattack in which the attacker intercepts or monitors communications or data without altering them. The goal of a passive attack is typically to gather information or intelligence, such as eavesdropping on data transmissions, capturing network traffic, or reading encrypted messages without the sender or receiver’s knowledge. Since passive attacks do not modify the data or system, they are often difficult to detect. Example of passive attack : Eavesdropping: Listening to private communications or capturing data packets traveling across a network. Traffic Analysis: Observing patterns of communication to deduce information, such as the frequency and timing of messages, even if the content is encrypted. PASSIVE ATTACK ACTIVE ATTACK An active attack is a type of cyberattack in which the attacker attempts to alter, disrupt, or damage a system, network, or data. Unlike passive attacks, active attacks involve direct interaction with the target, such as modifying, injecting, or deleting data, or disrupting normal operations. Active attacks are generally more easily detected than passive attacks due to their disruptive nature. Examples of active attacks include: Man-in-the-Middle (MitM) Attack: The attacker intercepts and potentially alters communications between two parties without their knowledge. Denial of Service (DoS) Attack: The attacker overwhelms a system or network with excessive traffic, causing it to become unavailable to legitimate users. Spoofing: The attacker impersonates another user or device to gain unauthorized access or disrupt communication. ACTIVE ATTACK PASSIVE & ACTIVE ATTACKS Passive Attack Active Attack Attempts to learn or make use of Attempts to alter system resources or affect information from the system but does not their operation affect system resources Involve some modification of the data Eavesdropping on, or monitoring of, stream or the creation of a false stream transmissions Four categories: Goal of attacker is to obtain information that is being transmitted ▪ Replay ▪ Masquerade Two types: ▪ Modification of messages ▪ Release of message contents ▪ Denial of service ▪ Traffic analysis OFFENSIVE & DEFENSIVE D Offensive security is the process of breaking into computer systems, exploiting software bugs, and finding loopholes in applications to gain unauthorized access to them. Defensive security, which is the process of protecting an organization's network and computer systems by analyzing and securing any potential digital threats. CAREERS IN CYBER SECURITY Security Analyst: monitors networks for security breaches, investigate incidents, and implement security measures. Security Engineer: designs, implements, and maintains security systems and architectures. Penetration Tester (Ethical Hacker): tests systems and networks for vulnerabilities by simulating cyberattacks. Incident Responder: responds to and mitigates security incidents and breaches. Cybersecurity Consultant: provides expert advice to organizations on how to protect their networks and data. Security Operations Center (SOC) Analyst: works in a SOC to monitor, detect, and respond to security incidents in real-time. Q/A THANK YOU FOR LISTENING ANY QUESTIONS?

Cybersecurity Fundamentals PDF

Document Details

Tags

Related

Summary

Full Transcript