Week 1 Notes on Cyber Security PDF
Document Details
Uploaded by PatientSanAntonio
Tags
Summary
These notes provide an overview of cyber security concepts, including definitions of key terms and an explanation of advanced persistent threats (APTs). The document also discusses the stages of an APT attack and mitigation strategies, emphasizing the importance of considering both inbound and outbound traffic and using appropriate security mechanisms.
Full Transcript
Week 1 notes Cyber Security -- Security of any device connected to a network, e.g. the internet. Information Security -- The security of any information (physical or digital) Computer Security -- Security of any computing device Terminology: - Bad Actor - Threat Actor - Malicious Actor...
Week 1 notes Cyber Security -- Security of any device connected to a network, e.g. the internet. Information Security -- The security of any information (physical or digital) Computer Security -- Security of any computing device Terminology: - Bad Actor - Threat Actor - Malicious Actor - Attacker - Malicious - Non-malicious -- causing harm to a system accidentally, i.e, storing passwords unsafely. - Vulnerability - Threat - Attack - Attack surface -- Collection of all entry points an unauthorised attacker could attempt to exploit - Attack Vector -- Path an attacker has taken to gain access **APT -- Advanced Persistent Threat** - Large, long-term attacks against an organisation - Pragmatic and well organised campaigns against an enterprise or organisation - Campaigns can exist for several years and are sometimes well funded - Can be state actors - Ain "stealthy" access to targeted system for data, and gain long term access - Involves considerable research and analysis in terms of extracting the data - Concerning due to the increasingly complex nature of enterprise architectures **Why these attacks are so deadly:** - Attacks are not often advanced - APT often exploits the end user (insider) as entry point to the system through poor passwords etc. once penetrated, attacks can become more sophisticated. - Stealth of such attacks means detection is difficult - Not a "one off" attackers aim for long term access - Traffic from attackers purposely created to look like legitimate traffic and so firewalls, SIEMs and other sec tools can find it incredibly difficult to identify. Stages within an APT attack: - Reconnaissance: - Find out as much as possible about systems and points of entry - Initial Compromise - Gain access or a foothold in a system, Phishing email or social engineering. - Lateral Movement - Expand access across the systems, e.g. compromise additional service, increase permissions etc. - Minimise detection - And maintain access to systems **Mitigation** - Traditional perimeter security expanded to consider outbound traffic and internal network activity - Combination of mechanisms and processes such as least privilege firewalls, IDPS systems, SIEMs etc
