Cyber Security (Foundation Programme) Revision PDF
Document Details
Uploaded by Deleted User
Tags
Summary
These notes cover various aspects of cybersecurity and related technology and are geared towards cyber security professionals.
Full Transcript
CYBER SECURITY (FOUNDATION PROGRAMME) REVISION BEFORE MID TERMS TO BE FAMILIAR WITH Cybersecurity: The practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access. Vulnerability: A weakness in a system's design, implementation, or...
CYBER SECURITY (FOUNDATION PROGRAMME) REVISION BEFORE MID TERMS TO BE FAMILIAR WITH Cybersecurity: The practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access. Vulnerability: A weakness in a system's design, implementation, or security controls that could be exploited to compromise its security. Threat: A potential danger that could exploit a vulnerability, leading to harm or damage to a system or its data. Attack: An intentional action aimed at exploiting vulnerabilities to compromise the security of a system, network, or application. Countermeasure Action you take to protect your information against threats and vulnerabilities. TERMS TO BE FAMILIAR WITH Malware: Short for "malicious software," malware is software specifically designed to harm, disrupt, or gain unauthorized access to computer systems. Phishing: A type of cyber attack where attackers impersonate a trusted entity to deceive individuals into revealing sensitive information or performing actions. Firewall: A network security device that monitors and controls incoming and outgoing network traffic, based on predefined security rules. Encryption: The process of converting data into a coded form (cipher) to prevent unauthorized access during transmission or storage. Authentication: The process of verifying the identity of a user, device, or system to grant access to resources or data. Authorization: The process of determining what actions or resources a verified user, device, or system is permitted to access. TERMS TO BE FAMILIAR WITH Patch: A piece of software code designed to fix vulnerabilities or bugs in a program or operating system. Digital Certificate: An electronic document used to verify the identity of individuals, systems, or organizations online and facilitate secure communication Two-Factor Authentication (2FA): A security process that requires users to provide two different authentication factors (e.g., password and SMS code) to access a system. Data Breach: Unauthorized access, acquisition, or exposure of sensitive data, which can result in potential harm or compromise Social Engineering: Manipulating individuals into revealing sensitive information or performing actions that compromise security. Interactions everyday using technology Email Mobile devices Website Social media Ecommerce systems Online banking BYOD and office policy Network management Backup and remote access Cybersecurity Objectives CIA TRIAD Example: Confidentiality Criminal steals customers’ usernames, passwords, or credit card information Protecting information from unauthorized access and disclosure Integrity Protecting information from unauthorized modification Example: Someone alters payroll information or a proposed product design Example: Availability Your customers are unable to access your online services Preventing disruption in how information is accessed Cybersecurity Threats Phishing Attacks Ransomware Hacking Imposter Scams Environmental events Phishing Attacks Social engineering Example: attack involving trickery An email about a delayed Designed to gain access shipment causes you to to systems or steal data click a link and download malware to your network. Targeted phishing is “spear phishing” Variants include “vishing” – attacks by telephone and “smishing” those using SMS or text Ransomware Example: Type of software with malicious intent and a WannaCry was one of the threat to harm your data most devastating ransomware attacks in history, affecting The author or distributor several hundred thousand requires a ransom to undo machines and crippling banks, the damage law enforcement agencies, and No guarantee the ransom other infrastructure. payment will work Ransom often needs to be paid in cryptocurrency Hacking Unauthorized access to systems and Example: Newspaper kiosk’s point-of- information sale system was hacked; Website attack such malware installed. Every customer’s credit card as DDOS information was sent to criminals. Access denied to authorized users Stolen funds or intellectual property Imposter Scams Someone “official” calls or emails to report a Example: crisis situation IRS scams – You receive a They represent the IRS, phone call claiming to be a bank, the lottery or the IRS, reporting you owe technical support money and need to pay or else get hit with a fine. There will be a sense of urgency and a dire penalty or loss if you don’t act Environmental Threats Natural threats such as Example: fire, earthquake, flood Ellicott City flooding wiped can cause harm to out businesses and their computers or disrupt computers business access Recovery efforts attract scams such as financial fraud Downtime can lose customers, clients who can’t wait Vulnerabilities and Item Threats Potential Attacks Countermeasures Weaknesses Unauthorized access Weak passwords, Brute-force attacks, Account Strong password policies, password managers, Password password reuse, dictionary attacks, compromise multi-factor authentication, user education lack of complexity credential stuffing Data theft Unsecured Wi-Fi Eavesdropping, connections, Data interception malware Use secure Wi-Fi networks, keep OS up to date, Mobile Phone outdated operating Data leakage installation, app store security reviews, install antivirus systems, Unauthorized access unauthorized app software malicious apps access Social Media Weak account Account takeover, passwords, Account hijacking Strong password policies, two-factor impersonation, oversharing of Identity theft authentication, careful sharing of personal info phishing personal info Unsecured Wi-Fi Eavesdropping, Data interception Use secure Wi-Fi networks (WPA2/WPA3), VPN for Wi-Fi networks, man-in-the-middle Unauthorized access public Wi-Fi, strong encryption protocols weak encryption attacks Lack of end-to-end Message encryption, Eavesdropping interception, Use encrypted messaging apps, verify contacts' Instant Messaging unauthorized Unauthorized access phishing, social identities, be cautious of clicking links contacts engineering Unsecured webcam Remote access, devices, malware infection, Cover or disconnect the webcam when not in use, Unauthorized Webcam lack of awareness spying use strong passwords, keep software up to date surveillance Phone Camera Unauthorized Spyware Review app permissions, keep phone updated, Privacy invasion camera access, installation, use privacy settings malware camera hijacking Spear phishing, Phishing, weak Unauthorized access Email filtering, multi-factor authentication, Email email spoofing, email passwords Data theft user training on identifying phishing malware SQL injection, Regular security audits, input validation, web Data theft Injection attacks, Cross-Site Scripting Website Unauthorized access outdated software (XSS) application firewalls Defacement DDoS attacks Credential stuffing A type of cyber attack where attackers use previously stolen usernames and passwords (credentials) to gain unauthorized access to user accounts on various online platforms. This attack exploits the common practice of people reusing the same passwords across multiple websites and services. Since many individuals use the same credentials on different sites, attackers can use stolen username and password combinations from one breach to attempt to access other accounts. How credential stuffing works: Collection of Credentials: Attackers gather large sets of usernames and passwords from previous data breaches or leaks. These credentials are typically available for sale on the dark web or can be obtained through various hacking methods. Automated Login Attempts: Using automated scripts or software, attackers systematically input these stolen username and password combinations into the login pages of different websites and services. Targeted Platforms: Attackers often target popular websites, services, or applications, hoping that many users have reused their credentials across multiple sites. Successful Logins: When users have reused their passwords, attackers are able to successfully log in to their accounts using the stolen credentials. This can result in account takeovers, unauthorized access to sensitive data, or even financial fraud. Impact: Credential stuffing attacks can lead to compromised accounts, unauthorized access to personal information, identity theft, and fraudulent activities. They can also cause reputational damage to the affected organizations. Countermeasures against credential stuffing include: Strong and Unique Passwords: Encourage users to create strong and unique passwords for each account to prevent reuse. Multi-Factor Authentication (MFA): Implement MFA, which adds an extra layer of security by requiring a second form of verification beyond just the password. Account Lockouts and Rate Limiting: Implement mechanisms that temporarily lock accounts or impose rate limits on login attempts to prevent automated attacks. Regular Monitoring: Organizations should monitor login patterns and look for unusual or suspicious activities that might indicate a credential stuffing attack. Educate Users: Raise awareness among users about the dangers of password reuse and the importance of using strong, unique passwords for each account. Global and local cyber security News and updates CIA Component Threats Countermeasures Confidentiality Unauthorized Access - Strong Authentication (2FA, biometrics) - Access controls (RBAC) - Encryption (data at rest and in transit) Data Leakage - Data Loss Prevention (DLP) - Data classification and labeling - Network segmentation Phishing and Social Engineering - Security awareness training - Email filtering and authentication - Multi-factor authentication Insider Threats - User access monitoring - Segregation of duties - Privileged access management Data Interception - Encrypted communication (VPN, HTTPS) - Network segmentation - Intrusion detection systems (IDS) - Account lockouts Brute Force Attacks - CAPTCHAs and rate limiting - Strong password policies - Mobile device encryption Unsecured Mobile Devices - Remote wipe capabilities - App whitelisting - Cryptographic hashing (digital signatures) Integrity Data Tampering - Version control - Secure coding practices - Change management processes Unauthorized Modification - Data validation and input filtering - Secure APIs - Regular system scanning and antivirus software Malware and Ransomware - Data integrity checks and monitoring - Code reviews and secure coding practices Software Bugs - Regular vulnerability assessments - Checksums and error detection Data Corruption During Transfer - Reliable data transfer protocols (TCP) - User behavior monitoring and auditing Insider Threats - Strict access controls and least privilege - Strong encryption (TLS/SSL) Man-in-the-Middle Attacks - Digital certificates and public key infrastructure - DDoS protection services Availability Denial of Service (DoS) - Load balancing and failover mechanisms - Traffic filtering - Offsite backups and disaster recovery plans Natural Disasters - Redundant data centers and cloud services - Redundant hardware and failover systems Hardware/Software Failures - Regular system monitoring and maintenance - Network optimization and traffic management Insufficient Network Bandwidth - Scalable infrastructure - Monitoring and authentication of users Insider Threats - Employee training and awareness - Uninterruptible power supply (UPS) Power Outages - Backup power generators NETWORKING & COMMUNICATION What is a network? What is communication? What is the eco system of network and communication? Define the term protocol? Differentiate the terms LAN, WAN, PAN, MAN Why these devices are used in a network? HUB,ROUTER,SWITCH What are the protocols used in the following applications – Web browsing – Sending and receiving email – Remote access – Streaming – File sharing – Sending packets from one machine to another? – Preparing and organizing the packet to be sent to other device Explain how the INTERNET works