[Slides Note] 01 ISFT Concepts and Models (VE1) - MHH.pdf

Full Transcript

INTRODUCTION TO SECURITY AND FORENSIC TECHNO...

INTRODUCTION TO SECURITY AND FORENSIC TECHNOLOGIES (ISFT) CT046-3-1-ISFT (VERSION VE1) Week 2 Security Concepts and Model CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 1 What you expect learning at APU? What you actually becoming when learning at APU? CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 2 Topic & Structure of The Lesson Overview of Security Security and Forensics Related Terms CIA and AAA CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 3 Learning Outcomes At the end of this topic, You should be able to –Explain overview of security and forensic technologies and common terms –Explain security concepts and models CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 4 Key Terms You Must Be Able To Use If you have mastered this topic, you should be able to use the following terms correctly in your assignments and exams: – Active Digital Footprint – Passive Digital Footprint – Vulnerabilities – Threats – Attack – Exploit – Risk – CIA Triad – AAA – Incident Response CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 5 Overview of Security The evolution of information systems has: Caused a parallel evolution of Information System Security (ISS) Invades every aspect of the average person’s life in today’s society. E.g., sending an e-mail, writing a document, taking a picture with your digital camera, surfing the web, driving in your car with the GPS CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 6 Overview of Security CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 7 Overview of Security CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 8 DIGITAL FOOTPRINT CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 9 Slide 9 of 92 Digital Footprint ▪ No matter what you are doing these days, a digital footprint is probably being created that contains some type of digital evidence that can be recovered. ▪ It includes the websites you visit, emails you send, and information you submit to online services. ▪ Information that is posted about you also gets added to your data trail. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 10 Digital Footprint CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 11 There’s a saying… What goes to the internet, stays forever! CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 12 Digital Footprint Active digital footprints ▪ Active digital footprints consist of the data you leave when you make deliberate choices on the internet. ▪ Few examples of active digital footprints: ✓ Posting on Facebook, Instagram, Snapchat, Twitter, and other social media platforms ✓ Filling out online forms, such as when signing up to receive emails or texts ✓ Agreeing to install cookies on your devices when prompted by the browser CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 13 Slide 13 of 92 Digital Footprint Passive digital footprints ▪ Passive digital footprints are those you leave behind without intending to or, in some cases, without knowing it. ▪ Few examples of passive digital footprints: ▪ Websites that install cookies in your device without disclosing it to you ▪ Apps and websites that use geolocation to pinpoint your location ▪ Social media news channels and advertisers that use your likes, shares, and comments to profile you and to serve up advertisements based on your interests ▪ Both active and passive footprints can be tracked and observed in multiple ways and by multiple sources. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 14 Slide 14 of 92 How to Minimize Your Digital Footprint? It is wise to consider what trail of data you are leaving behind 1. Search Yourself It can be eye-opening to see what personal information is publicly available CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 15 Slide 15 of 92 Google it! CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 16 How to Minimize Your Digital Footprint? It is wise to consider what trail of data you are leaving behind 1. Search Yourself It can be eye-opening to see what personal information is publicly available 2. Online Tools Have I Been PWNED. This site will tell you if your email address has been involved in any major data breaches. If it has, be sure you’re no longer using the passwords associated with those accounts at the time of the breaches (others such as Google Alert, Mention, Talkwalker) CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 17 Slide 17 of 92 Have I been pwned? https://haveibeenpwned.com/ CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 18 Google Alerts www.google.com/alerts CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 19 How to Minimize Your Digital Footprint? 3. Check all your privacy settings This is especially important for social networks. And if you have included personal information on your profiles, consider removing, reducing or hiding this. Ex: Privacy setting in every social media and Google Security Check Up Tools CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 20 Slide 20 of 92 Security Check Up https://myaccount.google.com/security-checkup CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 21 How to Minimize Your Digital Footprint? 3. Check all your privacy settings This is especially important for social networks. And if you have included personal information on your profiles, consider removing, reducing or hiding this. 4. Use stealth mode when browsing CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 22 Slide 22 of 92 Private Browsing CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 23 How to Minimize Your Digital Footprint? 3. Check all your privacy settings This is especially important for social networks. And if you have included personal information on your profiles, consider removing, reducing or hiding this. 4. Use stealth mode when browsing The Chrome browser has Incognito Mode. Microsoft Edge includes InPrivate Browsing. Firefox users have Private Window. And Safari users can also switch on private browsing from their browser's security settings. The Tor internet browser offers high levels of anonymity, as it bounces all of your browser usage across several servers around the world making it impossible for anyone to track your internet sessions. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 24 Slide 24 of 92 CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 25 INFORMATION SECURITY CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 26 Slide 26 of 92 Goals of Information Security Information Security Description Goals Various types of information need protection. Prevention Doing so can lessen losses from a security breach. Preventing unauthorized access to information is top priority. Discovering attempts to access unauthorized data, or that information has been Detection lost. Investigate individuals or scan data and networks for traces of the intruder. Disasters and intrusions can cause compromised or damaged data. Recovery You need a process to recover data from crashed systems or devices. You can also recover lost or stolen physical resources. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 27 Slide 27 of 49 Vulnerabilities Any condition that leaves a device open to harm (weakness). Improperly configured or installed hardware or software. Delays in applying and testing software and firmware patches. Untested software or firmware patches. Bugs in software or OSs. Misusing software or communication protocols. Poorly designed networks. Poor physical security. Insecure passwords. Design flaws in software or OSs. Unchecked user input. Attacker Unsecured Router Information System CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 28 Slide 28 of 49 Threats An event or action that could potentially cause damage to an asset. Intentional or unintentional Information Security Threats Changes to Interruption Interruption Damage to Damage to Information of Services of Access Hardware Facilities CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 29 Slide 29 of 49 Security Threats Accidents Environment disaster –Work related accidents –Nuclear accidents, terrorism, Human errors radiological –Theft, lost, improper Civil liability documentation –Individual was harmed Natural disasters through the action/inaction of –Fire, flood, earthquakes another Crime Abuse –Civil, economic, white collar, –Drugs, riot street, cyber Intentional vs. Unintentional CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 30 Exploit A technique or tool that takes advantage of a vulnerability or weakness in a computer system or network to gain unauthorized access, perform malicious actions, or cause damage. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 31 Slide 31 of 49 Attack A technique used to exploit a vulnerability in an application or computer system Physical Security Attacks Software-Based Attacks Social Engineering Attacks Web Application-Based Attacks Network-Based Attacks CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 32 Slide 32 of 49 Incident Response How will you respond to Incidents of misuse (malicious or abusive activity inside the network) or intrusion (breaches from the outside) ? The incident response plan needs to cover four key activities: 1. Immediate action 2. Investigation 3. Restoration of resources 4. Reporting the incident to proper channels CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 33 Incident Response An incident response must be decisive and executed quickly. –Reacting quickly may minimize the impact of resource unavailability and the potential damage caused by system compromise. There is little room for error in most cases. –By staging practice emergencies and measuring response times, it is possible to develop a methodology that fosters speed and accuracy. This is often referred to as “ethical” hacking and cyber exercise CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 34 Incident Response The incident response plan needs input from legal counsel, so technical and managerial staff understand the impacts of breaches –The hazards of leaking a client's personal, medical, or financial records for example, and the importance of restoring service in mission-critical environments such as hospitals and banks. Can a person be fired if their weak password caused the disclosure of credit card numbers in our database of ecommerce customers? Or should the system administrator who allowed the user to have a weak password be fired? Or should the manager who did not make and monitor compliance with the password policy be fired? CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 35 Security Guidelines Disaster Recovery –Balancing the need to return the affected area to normalcy with strategic goal of reducing vulnerabilities. –How fast can the organization get back to operation –How much data can the organization recover Routine check for vulnerabilities CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 36 Controls Countermeasures put in place to avoid, mitigate, or counteract security threats Solutions and activities for meeting information security objectives. Safeguards and countermeasures, physical or logical. Prevention Control Detection Control Correction Control CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 37 Slide 37 of 49 Types of Controls Preventative controls: Help to prevent a threat or attack from exploiting a vulnerability. Eg: security guards. Detective controls: Help to facilitates the detection of a security breach (real time or after an event). Eg: CCTV and alarm. Corrective controls: Help to mitigate the consequences of a threat or attack. Eg: Backup copies. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 38 Slide 38 of 49 CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 39 CIA Triad The three principles of security control and management: Confidentiality, Integrity, and Availability. Availability CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 40 Slide 40 of 49 CIA Triad Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 41 Authentication: the method of identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol selected, possibly encryption. Authorization: the method for access control, including one-time authorization or authorization for each service, per-user account list and AAA profile, user groups, and protocols Accounting: the method for collecting and sending information used for auditing and reporting, such as user identities, start and stop times, executed commands, number of packets, and number of bytes. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 42 Authentication, Authorization and Accounting Three separate identity-based tasks. –Verifying object identification (authentication). –Ensuring object is assigned relevant permissions (authorization). –Logging actions to create an audit trail (accounting). AAA solutions are the gatekeepers that provide access to services. Authentication Authorization Accounting CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 43 Slide 43 of 49 Authentication A method of validating unique credentials of an entity / object / individual. Does an individual have the correct credentials to access the system? Keep credentials secret to prevent unauthorized access to confidential information. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 44 Slide 44 of 49 Authentication Factors Something you are –Fingerprints, handprints, and retinal patterns Something you have –Key or ID card Something you know –Password or PIN Somewhere you are or are not –IP address or GPS location Something you do –Keystroke patterns or tracing picture passwords CT046-3-1-ISFT Introduction to Security and Forensic Technologies Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org Security Concepts and Model SLIDE 45 Aura – scan include Dark Web https://scan.aura.com/ CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 46 Identity Guard https://scan.identityguard.com/ CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 47 Authorization The process of determining what privileges a particular entity has. After successful authentication, the system determines which resources the entity is authorized to access. Privileges are assigned in advance, when the account is set up Identification Authentication Authorization CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 48 Slide 48 of 49 Accounting Typical information that is gathered in accounting may be: –the identity of the user, –the nature of the service delivered, –when the service began, and when it ended. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 49 CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 50 The Security Management Process Identify security controls: Detecting problems and determining how best to protect the system. Implement security controls: Installing control mechanisms to prevent problems in a system. Monitoring security controls: Involves detecting and solving any security issues that arise after security controls are implemented. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 51 Slide 51 of 49 National Institute of Standards and Technology (NIST) 5-step methodology outlined in the industry gold standard NIST Cybersecurity Framework to bring you a proactive, broad-scale and customized approach to managing cyber risk. CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 52 NIST Cybersecurity Framework 1. Identify high-value assets 2. Protect against known and unknown threats A cycle of 3. Detect attacks Continuous 4. Respond to suspicious Improvement activity 5. Recover from breach CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 53 Slide 53 of 49 CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 54 CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 55 CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 56 Quick Review Question JSec is an IT consultancy firm which provides services to several government sectors. There are 20 consultants and 10 part time contractors working in this firm. The office is located at 7th storey of a 10- floor building in Putrajaya. There are other companies’ offices in the building. All these offices share 6 lifts. JSec has various IT systems on multiple servers which are linked together. From the above scenario, identify the possible vulnerabilities, threats and risks CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 57 TryHackMe Platform https://tryhackme.com/room/startingoutincybersec CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 58 Summary of Main Teaching Points Overview of Security Security and Forensics Related Terms CIA and AAA CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 59 What we will cover next Layered Security CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 60

Use Quizgecko on...
Browser
Browser