[Slides Note] 01 ISFT Concepts and Models (VE1) - MHH.pdf

Full Transcript

INTRODUCTION TO
SECURITY AND FORENSIC
TECHNOLOGIES
(ISFT)
CT046-3-1-ISFT (VERSION VE1)

Week 2

Security Concepts and Model

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 1
 What you expect
learning at APU?

What you actually
becoming when
learning at APU?
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 2
 Topic & Structure of The Lesson

Overview of Security
Security and Forensics Related Terms
CIA and AAA

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 3
 Learning Outcomes

At the end of this topic, You should be able to
–Explain overview of security and forensic technologies and common terms
–Explain security concepts and models

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 4
 Key Terms You Must Be Able To Use
If you have mastered this topic, you should be able to use the following
terms correctly in your assignments and exams:
– Active Digital Footprint
– Passive Digital Footprint
– Vulnerabilities
– Threats
– Attack
– Exploit
– Risk
– CIA Triad
– AAA
– Incident Response

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 5
 Overview of Security

The evolution of information systems has:
Caused a parallel evolution of Information System Security (ISS)
Invades every aspect of the average person’s life in today’s society.
E.g., sending an e-mail, writing a document, taking a picture with your digital
camera, surfing the web, driving in your car with the GPS

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 6
 Overview of Security

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 7
 Overview of Security

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 8
 DIGITAL
FOOTPRINT

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 9
Slide 9 of 92
 Digital Footprint

▪ No matter what you are doing these days, a digital footprint is probably
being created that contains some type of digital evidence that can be
recovered.
▪ It includes the websites you visit, emails you send, and information you
submit to online services.
▪ Information that is posted about you also gets added to your data trail.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 10
 Digital Footprint

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 11
 There’s a saying…

What goes
to the
internet,
stays
forever!
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 12
 Digital Footprint
Active digital footprints
▪ Active digital footprints consist of the data you leave
when you make deliberate choices on the internet.
▪ Few examples of active digital footprints:
✓ Posting on Facebook, Instagram, Snapchat, Twitter,
and other social media platforms
✓ Filling out online forms, such as when signing up to
receive emails or texts
✓ Agreeing to install cookies on your devices when
prompted by the browser

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 13
Slide 13 of 92
 Digital Footprint
Passive digital footprints
▪ Passive digital footprints are those you leave behind without intending
to or, in some cases, without knowing it.
▪ Few examples of passive digital footprints:
▪ Websites that install cookies in your device without disclosing it to you
▪ Apps and websites that use geolocation to pinpoint your location
▪ Social media news channels and advertisers that use your likes, shares, and
comments to profile you and to serve up advertisements based on your
interests
▪ Both active and passive footprints can be tracked and observed in
multiple ways and by multiple sources.
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 14
Slide 14 of 92
 How to Minimize Your Digital Footprint?

It is wise to consider what trail of data you are leaving behind
1. Search Yourself
It can be eye-opening to see what personal information is publicly available

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 15
Slide 15 of 92
 Google it!

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 16
 How to Minimize Your Digital Footprint?

It is wise to consider what trail of data you are leaving behind
1. Search Yourself
It can be eye-opening to see what personal information is publicly available

2. Online Tools
Have I Been PWNED. This site will tell you if your email address has been
involved in any major data breaches. If it has, be sure you’re no longer using
the passwords associated with those accounts at the time of the breaches
(others such as Google Alert, Mention, Talkwalker)

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 17
Slide 17 of 92
 Have I been pwned?

https://haveibeenpwned.com/
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 18
Google Alerts

www.google.com/alerts
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 19
 How to Minimize Your Digital Footprint?

3. Check all your privacy settings
This is especially important for social networks. And if you have included personal
information on your profiles, consider removing, reducing or hiding this.

Ex: Privacy setting in every social media and
Google Security Check Up Tools

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 20
Slide 20 of 92
 Security Check Up

https://myaccount.google.com/security-checkup
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 21
 How to Minimize Your Digital Footprint?

3. Check all your privacy settings
This is especially important for social networks. And if you have included personal
information on your profiles, consider removing, reducing or hiding this.
4. Use stealth mode when browsing

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 22
Slide 22 of 92
 Private Browsing

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 23
 How to Minimize Your Digital Footprint?

3. Check all your privacy settings
This is especially important for social networks. And if you have included personal
information on your profiles, consider removing, reducing or hiding this.
4. Use stealth mode when browsing
The Chrome browser has Incognito Mode. Microsoft Edge includes InPrivate
Browsing. Firefox users have Private Window. And Safari users can also switch on
private browsing from their browser's security settings.
The Tor internet browser offers high levels of anonymity, as it bounces all of your
browser usage across several servers around the world making it impossible for
anyone to track your internet sessions.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 24
Slide 24 of 92
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 25
 INFORMATION
SECURITY

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 26
Slide 26 of 92
 Goals of Information Security
Information Security
Description
Goals

Various types of information need protection.
Prevention Doing so can lessen losses from a security breach.
Preventing unauthorized access to information is top priority.

Discovering attempts to access unauthorized data, or that information has been
Detection lost.
Investigate individuals or scan data and networks for traces of the intruder.

Disasters and intrusions can cause compromised or damaged data.
Recovery You need a process to recover data from crashed systems or devices.
You can also recover lost or stolen physical resources.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 27
Slide 27 of 49
 Vulnerabilities
Any condition that leaves a device open to harm (weakness).
Improperly configured or installed hardware or software.
Delays in applying and testing software and firmware patches.
Untested software or firmware patches.
Bugs in software or OSs.
Misusing software or communication protocols.
Poorly designed networks.
Poor physical security.
Insecure passwords.
Design flaws in software or OSs.
Unchecked user input. Attacker Unsecured
Router
Information
System

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 28
Slide 28 of 49
 Threats
An event or action that could potentially cause damage to an asset.
Intentional or unintentional

Information Security
Threats

Changes to Interruption Interruption Damage to Damage to
Information of Services of Access Hardware Facilities

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 29
Slide 29 of 49
 Security Threats
Accidents Environment disaster
–Work related accidents –Nuclear accidents, terrorism,
Human errors radiological
–Theft, lost, improper Civil liability
documentation –Individual was harmed
Natural disasters through the action/inaction of
–Fire, flood, earthquakes another
Crime Abuse
–Civil, economic, white collar, –Drugs, riot
street, cyber

Intentional vs. Unintentional

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 30
 Exploit
A technique or tool that takes advantage of a vulnerability or weakness in a
computer system or network to gain unauthorized access, perform malicious
actions, or cause damage.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 31
Slide 31 of 49
 Attack
A technique used to exploit a vulnerability in an application or computer
system

Physical Security Attacks Software-Based Attacks

Social Engineering Attacks Web Application-Based Attacks

Network-Based Attacks

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 32
Slide 32 of 49
 Incident Response
How will you respond to Incidents of misuse (malicious or abusive
activity inside the network) or intrusion (breaches from the outside) ?
The incident response plan needs to cover four key activities:
1. Immediate action
2. Investigation
3. Restoration of resources
4. Reporting the incident to proper channels

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 33
 Incident Response
An incident response must be decisive and executed quickly.
–Reacting quickly may minimize the impact of resource unavailability
and the potential damage caused by system compromise.
There is little room for error in most cases.
–By staging practice emergencies and measuring response times, it is
possible to develop a methodology that fosters speed and accuracy.
This is often referred to as “ethical” hacking and cyber exercise

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 34
 Incident Response
The incident response plan needs input from legal counsel, so technical
and managerial staff understand the impacts of breaches
–The hazards of leaking a client's personal, medical, or financial records for
example, and the importance of restoring service in mission-critical environments
such as hospitals and banks.

Can a person be fired if their weak password caused the disclosure of credit card numbers
in our database of ecommerce customers?
Or should the system administrator who allowed the user to have a weak password be
fired?
Or should the manager who did not make and monitor compliance with the password
policy be fired?

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 35
 Security Guidelines
Disaster Recovery
–Balancing the need to return the affected area to normalcy with strategic goal
of reducing vulnerabilities.
–How fast can the organization get back to operation
–How much data can the organization recover
Routine check for vulnerabilities

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 36
 Controls
Countermeasures put in place to avoid, mitigate, or counteract security threats

Solutions and activities for meeting information security
objectives.
Safeguards and countermeasures, physical or logical.

Prevention Control Detection Control Correction Control

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 37
Slide 37 of 49
 Types of Controls

Preventative controls: Help to prevent a threat or attack from
exploiting a vulnerability. Eg: security guards.

Detective controls: Help to facilitates the detection of a security
breach (real time or after an event). Eg: CCTV and alarm.

Corrective controls: Help to mitigate the consequences of a threat or
attack. Eg: Backup copies.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 38
Slide 38 of 49
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 39
 CIA Triad

The three principles of security
control and management:
Confidentiality, Integrity, and
Availability.

Availability

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 40
Slide 40 of 49
 CIA
Triad

Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 41
 Authentication: the method of identifying users, including login and
password dialog, challenge and response, messaging support, and,
depending on the security protocol selected, possibly encryption.

Authorization: the method for access control, including one-time
authorization or authorization for each service, per-user account list and AAA
profile, user groups, and protocols

Accounting: the method for collecting and sending information used for
auditing and reporting, such as user identities, start and stop times,
executed commands, number of packets, and number of bytes.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 42
 Authentication, Authorization and Accounting
Three separate identity-based tasks.
–Verifying object identification (authentication).
–Ensuring object is assigned relevant permissions
(authorization).
–Logging actions to create an audit trail (accounting).
AAA solutions are the gatekeepers that provide access to services.

Authentication Authorization Accounting

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 43
Slide 43 of 49
 Authentication
A method of validating unique credentials of an entity / object / individual.
Does an individual have the correct credentials to access the
system?
Keep credentials secret to prevent unauthorized access to
confidential information.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 44
Slide 44 of 49
 Authentication Factors

Something you are
–Fingerprints, handprints, and retinal patterns
Something you have
–Key or ID card
Something you know
–Password or PIN
Somewhere you are or are not
–IP address or GPS location
Something you do
–Keystroke patterns or tracing picture passwords

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Security Concepts and Model SLIDE 45
 Aura – scan include Dark Web

https://scan.aura.com/
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 46
 Identity Guard

https://scan.identityguard.com/
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 47
 Authorization
The process of determining what privileges a particular entity has.

After successful authentication, the system determines which
resources the entity is authorized to access.
Privileges are assigned in advance, when the account is set up

Identification Authentication Authorization

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 48
Slide 48 of 49
 Accounting

Typical information that is gathered in accounting may be:
–the identity of the user,
–the nature of the service delivered,
–when the service began, and when it ended.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 49
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 50
 The Security Management Process

Identify security controls: Detecting
problems and determining how best
to protect the system.
Implement security controls:
Installing control mechanisms to
prevent problems in a system.
Monitoring security controls: Involves
detecting and solving any security
issues that arise after security
controls are implemented.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 51
Slide 51 of 49
 National Institute of Standards
and Technology (NIST)

5-step methodology outlined in the industry gold standard
NIST Cybersecurity Framework to bring you a proactive,
broad-scale and customized approach to managing cyber risk.

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 52
 NIST Cybersecurity Framework

1. Identify high-value assets
2. Protect against known and
unknown threats
A cycle of
3. Detect attacks
Continuous
4. Respond to suspicious Improvement
activity
5. Recover from breach

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 53
Slide 53 of 49
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 54
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 55
CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 56
 Quick Review Question

JSec is an IT consultancy firm which provides services to several
government sectors. There are 20 consultants and 10 part time
contractors working in this firm. The office is located at 7th storey of a 10-
floor building in Putrajaya. There are other companies’ offices in the
building. All these offices share 6 lifts. JSec has various IT systems on
multiple servers which are linked together.

From the above scenario, identify the possible vulnerabilities, threats
and risks

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 57
 TryHackMe Platform
https://tryhackme.com/room/startingoutincybersec

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 58
 Summary of Main Teaching Points

Overview of Security
Security and Forensics Related Terms
CIA and AAA

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 59
 What we will cover next

Layered Security

CT046-3-1-ISFT Introduction to Security and Forensic Technologies Security Concepts and Model SLIDE 60