Cybersecurity Fundamentals For IT Professionals Theory Notebook PDF
Document Details
Uploaded by SufficientProbability
Tags
Summary
This document is a theory notebook on cybersecurity fundamentals for IT professionals. It covers the fundamentals of cybersecurity and ethical hacking.
Full Transcript
Cybersecurity Fundamentals for IT Professionals Theory Notebook In collaboration with Disclaimer - Copyrights part or disclosed to a third party without the prior written cons...
Cybersecurity Fundamentals for IT Professionals Theory Notebook In collaboration with Disclaimer - Copyrights part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌ The copyright and any other rights relating to texts, illustrations, photos or any other files on the site belong exclusively to Thales or the mentioned owners. For the reproduction of any elements written consent of the copyright holder must be obtained in advance. ▌ Information provided in this course is for educational purposes only. No other use are allowed, notably you shall not use information provided in this course to gain unauthorized access. ▌ All the information provided in this course is meant for developing Hacker Defense attitude among the users and help preventing the hack attacks. ▌ The course is all about Ethical Hacking and White Hat hacking only. ▌ This training materials are provided 'AS IS' without warranty of any kind, either expressed or implied. ▌ The Academy, trainers and authors of the course are no way responsible for any use or misuse of the information given during such training. ▌ Be aware that performing hack attempts without permission is illegal and might lead to criminal charges. ▌ Refer to the applicable laws before accessing, using, or in any other way utilizing the material and information provided in this course. In collaboration with REF 65XXXXXX rev xxx 3 Course presentation In collaboration with Purpose of the course part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Cybersecurity has become today the new theater of operation, the new center of interest. It applies to everyone, everywhere. This training is focusing mainly on the IT population as they are specifically exposed to the external threats. It provides an overview of the Cybersecurity main risk and challenges in an Enterprise and highlights the best practices to assess the impacts, to ensure a better protection on systems against Cyber Criminality and to react in case of Crisis due to an attack. In collaboration with REF 65XXXXXX rev xxx 5 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 6 In collaboration with REF 65XXXXXX rev xxx Prerequisites IT functions IT organizations ▌This course is dedicated to people who are familiar with: Course breakdown part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in - Part 03 - - Part 01- - Part 02 - Cybersecurity Foundation of Cyber Data, Systems, Concepts Security Engineering Network and Applications Security - Part 05 - - Part 04 - Security Risk Management & Operations Centre Cyber Resilience In collaboration with REF 65XXXXXX rev xxx 7 Pedagogic goals and principles part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Intended learning outcome To have an overview of: The Cybersecurity, its environment and concepts …………………….……......…(Part 01) (history, main attacks , threat categories) The foundation of Cybersecurity engineering ……………………..….………….....(Part 02) (understand how to segment and secure architecture and how to control flows) How to protect Systems, Data, Networks and the role of the cryptography …(Part 03) (identify products and configurations) The Risk Management & Cyber Resilience ………….……………………………….(Part 04) (understand risk assessment and reduction ) The Security Operations Centre (identify tools and processes) ……..…………...(Part 05) In collaboration with REF 65XXXXXX rev xxx 8 Part 01 – Cybersecurity Concepts In collaboration with Cybersecurity Fundamentals for IT Professionals part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Table of contents Cybersecurity Concepts Part 01 – Cybersecurity Concepts 1. Introduction Part 02 – Foundation of Cybersecurity Engineering 2. Information Security Part 03 – Data, Systems, Network, 3. Definitions Applications Security 4. Infection Vectors Part 04 – Risk Management & 5. Attacks Cyber Resilience Part 05 – Security Operations Centre In collaboration with REF 65XXXXXX rev xxx 10 Definition of Cybersecurity part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in Cybersecurity is the combination of people, policies, processes and technologies employed by an enterprise to protect its cyber assets. Cybersecurity is optimized to levels that business leaders define, balancing the resources required with usability/manageability and the amount of risk offset. Subsets of cybersecurity include IT security, IoT security, information security and OT security. Gartner In collaboration with REF 65XXXXXX rev xxx 11 Definition of a “Cyber Attack” part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Subject to a number of nuances that depend Civilians in which context the word is used Military “A cyber-attack is an action undertaken by hostile agents who seek to disrupt or to harm a nation, an organization or an individual, by Hospitals Cyber Bank disturbing their activities, hurting their conscience, Insurers Attack Lawyers or by stealing, incapacitating or destroying their assets.” An attempt to gain illegal access to a computer An illegal attempt to harm someone's or computer system for the purpose of causing computer system or the information on it, damage or harm Merriam-Webster dictionary using the internet Cambridge dictionary In collaboration with REF 65XXXXXX rev xxx 12 Cyber-attack definition - Take away part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌The word cyber-attack remains unclear today: It takes different meanings in different contexts. The common notion is that cyber-attacks use information and automation technologies to harm our values, societies, businesses and security ▌Cyber Attacks can be divided into two main types: Disabling the target computer or take it offline Accessing data on the target computer and maybe gain administrator privileges In collaboration with REF 65XXXXXX rev xxx 13 There are two types of target systems: IT and OT systems part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌ IT (Information Technology) ▌ OT (Operational Technology) Computer & communication systems Hardware & software now Software applications combined Real-time behaviour often bounded by - Electromechanical only in past pace of human interaction Collects information, computes - But exceptions (financial systems, …) and causes changes in the Little consideration for safety & reliability physical world - “Cyber-Physical Systems” - Automation, cars, pacemakers… Real-time behaviour essential Reliability paramount Safety mandatory In collaboration with REF 65XXXXXX rev xxx 14 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 15 In collaboration with REF 65XXXXXX rev xxx https://www.enisa.europa.eu/publications/ics-scada-dependencies Cyber-attack pathways have been immensely multiplied This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 16 In collaboration with REF 65XXXXXX rev xxx Around 50% of cyber alarms are not processed!!! READINGS: attacks-coming-report/13april2018 Cisco 2018 Annual Cybersecurity Report , @ http://www.isssource.com/more-ot-iot- Only a third of organizations have a board member in charge of cyber ! part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in https://www.gov.uk/government/statistics/cyber-security-breaches-survey- 17 In collaboration with REF 65XXXXXX rev xxx 2021/cyber-security-breaches-survey-2021 Cyber Attack: Awareness part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌In business, value is both the key and the goal Companies strive to preserve their value. Value can decrease and be lost by way of cyber-attacks. It is therefore important to get first an idea of what cyber-attacks are. We shall present how a TV channel was attacked and what it managed to do to Web TV and Air TV channels. In collaboration with REF 65XXXXXX rev xxx 18 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 19 In collaboration with REF 65XXXXXX rev xxx Facebook admin Webmaster management Social network TV websites Video board An attack on a TV channel: Understanding cyber-attacks An attack on a TV channel – Phase 1 = Reconnaissance part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in TV websites Webmaster’s Social network management +12 months before Reconnaissance Facebook admin Trials (discovery and access): Vulnerabilities identification Points of entry Facebook admin account Access to admin PC Installation of root kits Video board In collaboration with REF 65XXXXXX rev xxx 20 An attack on a TV channel – Phase 2 = Exploration part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in I have all the TV websites facebook account credentials I gain access to the webmaster’s laptop I can see the Webmaster’s Mux from this Social network server management + 6 months before Exploration of the intranet Facebook admin Get root access to admin PC Early malware injection I have access to active directory Installation of root kits System mapping Propagation pathways Video board In collaboration with REF 65XXXXXX rev xxx 21 An attack on a TV channel – Phase 3 = Targeting & planning part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in I have all the TV websites facebook account credentials I gain access to the webmaster laptop Webmaster’s Social network management 1 to 3 months before Procurement of a Mux for weaponising Facebook admin Precise targetting Operation’s fine planning Coordination of cyber-attack impacts Diversion via tweeter Broadcast control via attack on Mux Claim on Facebook & TV website Development & injection of payloads Video board Rehearsals In collaboration with REF 65XXXXXX rev xxx 22 An attack on a TV channel – Phase 4 = Attack Primary effect part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in Primary effect Diversion TV websites Under control Under control Webmaster Social network D day management Change of admin passwords Control of the Mux, … Facebook admin Access to tweeter and diversion Broadcasting of propaganda clips on air Display of claims on Facebook & website Deletion of traces on switches Deletion of other traces and logs Deletion of firmware… Post-attack exploitation Video board Under control In collaboration with REF 65XXXXXX rev xxx 23 Cyber-attacks are one arm of hostile strategies. part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Cyber-attackers are no longer amateurs They have good reasons to act against you. They are powerful. They can elaborate sophisticated strategies against you. Cyber-attacks are part of those strategies but not the only way. In collaboration with REF 65XXXXXX rev xxx 24 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 25 In collaboration with REF 65XXXXXX rev xxx Motivations of cyber-attacks The Cyber Kill Chain (CKC) part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in Readings: In collaboration with https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html REF 65XXXXXX rev xxx 26 https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29 https://blog.insiderattack.net/deep-dive-into-tor-the-onion-router-6de4c25beba7 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 27 In collaboration with REF 65XXXXXX rev xxx Attackers are strategists How powerful are cyber-attackers? part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. Classes of potential attackers This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in Competitors/Corporations Employees/insiders State cyber-forces Individual hackers (Cyber) Terrorists Organised crime (H)activists Characteristics of potential attackers Time to prepare: Time needed to prepare the attack, including the research of information, exploitation, analysis of the difficulty to successfully conduct the attack, development of dedicated malicious software, etc. There is no reason why any class of attackers could not take the time required to perpetrate an attack. Expertise: Skills required to achieve the attack. Expertise can be gained by surveillance, open source research, specialized training, or years of practice in industry. Computer science and cyber-security education curricula will prepare more and more competent engineers. Knowledge of the target: May be on design, implementation, operational procedures, vulnerabilities and weaknesses, etc. Those with only remote access or inferior means will have less knowledge. Means: Equipment or other means required to be able to perform the attack, and the ease by which the materials or equipment can be acquired to carry out the attack. New attack technologies like AIAs, costly equipment and abundant human resources needed to perform large-scale, combined, in-depth attacks will be on hand only to those who have the largest financial and institutional capacities. Impunity: Represents the assessment (by attackers or defenders) of the likelihood of being identified during the attack (accountability) and subjected to sanctions. States and the organised crime are more likely to be In collaboration with REF 65XXXXXX rev xxx at bay from such difficulties. 28 NB: Green = Yes/Achievable; Orange = Uncertain/Difficult; Red = No/Impossible/Maximum risk The cyber threat to the World is now a daily reality, everywhere part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in Readings: Some statistics and data https://www.symantec.com/security-center/threat-report https://www.hackmageddon.com/category/security/cyber- attacks-statistics/ Source: https://reports.weforum.org/global-risks-report-2020/survey-results/the-global-risks- interconnections-map-2020/ In collaboration with REF 65XXXXXX rev xxx 29 A rapid review of the history of cyber-attacks part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌ 1971: Cap’n Crunch cereals gave away a ▌Serge Humpich (1997) plastic whistle for kids. Discovered a serious flaw in If you blew the toy, it made a 2600 Hz tone. the Credit Card system used in Blowing the Captain Crunch whistle into an France AT&T phone made free long distance phone calls possible. Tried to negotiate a deal with This was using an AT&T phone system’s the bank association. characteristic against the system itself. He was arrested after buying a metro ticket (~1 OMR) with a counterfeit credit cards to prove the flaw. He was arrested and convicted in 2000 to a ten months suspended sentence. In collaboration with REF 65XXXXXX rev xxx 30 A rapid review of the history of cyber-attacks part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌ 2009: Skygrabber software ($26) + a satellite dish Access to the video traffic generated by a Predator drone ▌ 2015: Attack on a Jeep Cherokee 2014 model Demonstration of attack capacity and vulnerabilities in cars ▌ The rise of ransomware 2013 CryptoLocker (Ciphering files) 2016 Petya (file System) 2017 WannaCry (NotPetya) spreads via Eternal Blue 2019 LockerGoga ▌ 2019: Ransomware attacks - Example of Norsk Hydro, an aluminium maker (03/2019) - Industrial processes switched to manual mode - Some plants temporarily stopped - Power plants running on isolated IT systems - Interfered with negotiation to reopen a plant in Brazil - Web site down and Shares lost 1.1% - Potential disruption of customer supply - Forced to establish backup plans - Norwegian Security Authority helped, and liaised with other nations ▌ From now on: Self-propagating malware Future: Autonomous Intelligent Malware In collaboration with REF 65XXXXXX rev xxx 31 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 32 In collaboration with REF 65XXXXXX rev xxx Visitors can be a threat... Key executives may be spied on... This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 33 In collaboration with REF 65XXXXXX rev xxx On Board Diagnostic Automobiles are a target: Heating Ventilation Air-Conditioning This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 35 In collaboration with REF 65XXXXXX rev xxx Crypto-currencies are a juicy target Source: www.hackmageddon.com This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 36 In collaboration with REF 65XXXXXX rev xxx Cyber-attacking a high-pressure die casting process to harm clients This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 37 In collaboration with REF 65XXXXXX rev xxx What about military systems?... Cybersecurity Fundamentals for IT Professionals part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Table of contents Cybersecurity Concepts Part 01 – Cybersecurity Concepts 1. Introduction Part 02 – Foundation of Cybersecurity Engineering 2. Information Security Part 03 – Data, Systems, Network, 3. Definitions Applications Security 4. Infection Vectors Part 04 – Risk Management & 5. Attacks Cyber Resilience Part 05 – Security Operations Centre In collaboration with REF 65XXXXXX rev xxx 38 Information Security > Introduction part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌What does “information” stand for? A set of contextualized structured data Data Digital Information can take various forms: - Communications (networks, VoIP…) Information - Files and documents ▌Sensitive information: Personal information (GDPR) Context Health & Insurance information (HIPAA) Banking information (PCI-DSS) Patents… In collaboration with REF 65XXXXXX rev xxx 39 Information Security > Objectives part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Information Security: Processes, policies and tools designed and Confidentiality deployed to protect information ▌CIA Triad Model designed to guide Information System Security development Information within an organization System Availability Integrity In collaboration with REF 65XXXXXX rev xxx 40 Information Security > Confidentiality part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Confidentiality Assurance that sensitive information is not accessed by / disclosed to unauthorized entities such as persons, processes or devices. Confidentiality covers data: Access Control, - in storage, File Permission, - during processing, Encryption, - in transit. Strong Passwords, Examples: Two-Factor Authentication... - Credit card data transmission, - Password and sensitive file storage, - Etc. In collaboration with REF 65XXXXXX rev xxx 41 Information Security > Integrity part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Integrity Assurance that information has not been altered (modification or destruction) - Intact - Complete - Accurate Access Control, File Permission, Examples: Encryption, - Data loss detection during transit - File or Configuration File modification Logging, Backup, - Checksum control Hashes, Digital Signatures... - Etc. In collaboration with REF 65XXXXXX rev xxx 42 Information Security > Availability part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Availability Assurance that the access to an information or a service is timely and reliable. Examples: - Distributive allocation Access Control, - Redundancy High Availability, - Fault tolerance Data Replication, - Redundant Array of Independent Disks (RAID) - Disaster Recovery Plan (DRP) Backup, - Business Continuity Plan (BCP) DRP, BCP... - Etc… In collaboration with REF 65XXXXXX rev xxx 43 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. 44 In collaboration with REF 65XXXXXX rev xxx ▌In terms of asset : Availability 4 aptitudes that can be jeopardized Traceability Confidentiality Integrity Information Security > What cyber-attacks compromise? Information Security > System’s Aptitudes (Target) part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌Confidentiality ▌Availability to prevent data leakage, theft or loss to access Information or resources and to protect from unauthorized required and to return to nominal disclosure service levels from downtime as fast as specified. ▌Integrity ▌Traceability Confidentiality to keep hardware, software, to prove, as specified, who, how, data and system configurations where and when which systems, in their specified nominal state. devices or data were used, Traceability modified, transferred or stored. Availability Integrity In collaboration with REF 65XXXXXX rev xxx 45 Information Security > Policies and Procedures part or disclosed to a third party without the prior written consent of Thales - © Thales 2019 All rights reserved. This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in ▌IS Policies and procedures goals Designing and implementing security practices to protect critical business process and IT assets Those practices are meant to mature over time Use processes to focus on: - Risk assessment and information management through IS governance - Threat prevention and handling through Change Management - Post-attack recovery and resiliency through Incident Response Plans In collaboration with REF 65XXXXXX rev xxx 46