Glossary_Sidebar_Cyber Sec - AinsleyPlayer/Journal GitHub Wiki
APT1- Advanced Persistent Threat https://www.mandiant.com/resources/apt1-exposing-one-of-chinas-cyber-espionage-units
DDoS- distributed denial of service; shutting down websites/ blocking your access
Stuxnet- Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
Fraud Popup- Basically one giant button, click anywhere and you download malware; Scareware; Grey area; malicious that was selling you software but was just a huge scam/money maker for scammers (2009-11)
CryptoLocker- Did actually work and was reason for alarm; incentive for attackers to actually decrypt your files and take advantage of the fear and concern for this; they would give you the key because they wanted more people to do it; credit cards were used, so they had to open a merchant account and therefor were easy to find (2013)
Wana Cry Decrypt0r 2.0- Used bitcoin so banks couldn't trace it, and no one knew who held they wallet/was getting the money(2017)
Petya- Got people to download Tor{dark web} to pay in bitcoin; could have been close to 30k; had their own support; they are running as a proper company; gave step by step instructions for Tor/Bitcoin; they really try to get you to pay and believe the threat is real(2019)
****A lot of companies are paying the ransom because of the content of the information that is at risk
Cyber Attack Motives + Cyber-Crime +Intellectual Property +Espionage (Personal, State, Corporate) +Terrorism +"Hacktivism" Hacking as a weapon for activism ;Example would be hacking a company that tests on animals +Messing around; doing it for shits and gigs
Economic Impact- Huge
C.I.A- +Confidentially(Only those who should have access to data do) +Integrity(Ensures the data has not been changed) +Availability(Data is accessible when needed)
Hacktivism- +Denial of Service +Defacement +Information disclosure
6 Cybersecurity "Concepts"- +Keep it simple +Defense in depth +Think like an adversary +Integrity +Availability
Logic Bomb - a type of malware that stays low until the timer runs out, then sets off the attack, making it a lot harder to identify and to trace back to the attackers.
** Threat Defined** - A threat is anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. +Any circumstance or event with the potential to adversely impact: +Organizational operations (including mission, functions, image, or reputation) +Organizational assets +Individuals +Other organizations +The Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (NIST) Not all threats have malicious intent, such as end users that accidentally click on a phishing link.
Threats can be- Natural events such as floods, wildfires, hurricanes, earthquakes. Environmental events such as climate change, global pandemic, power outage/brownouts. Unintentional events, human error (misconfiguration, lack of awareness, complacency) – non-malicious threats. Intentional acts by an adversary.
Threats +Intentional +Unintentional +Acts of Nature +Environmental
Attacks Defined- Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself (NIST). An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality (NIST)
Attackers can be - A curious teenager, a disgruntled worker, hacktivists, sophisticated criminal organizations, terrorists, a nation-state or affiliated group. Motivated by theft, disclosure, disruption, destruction and/or subversion. Inside or outside of an organization.
Attacks +Theft +Disclosure +Disruption +Destruction and/or +Subversion
Vulnerability Defined - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. (NIST) A vulnerability is exploited (used).
Vulnerabilities can be - Human (errors due to lack of awareness, carelessness). Physical (unlocked doors, shoulder surfing, dumpster diving, lost or stolen hardware). Network (mobile use). Hardware (evil hardware, design flaws). Software (lack of secure coding practices). A combination of these into a system might create vulnerabilities that the individual components do not have on their own.
Vulnerability + A threat requires a vulnerability, +Weakness or Flaw
Software Vulnerability- A security flaw, glitch, or weakness found in software that can be exploited by an attacker.
Importance of securing software- Some examples where insecure software could lead to loss of CIA +Do you want private information (your grades) to be viewed or stolen? (Loss of confidential data) +What if you couldn’t access a timed online exam? (Loss of Availability) +What if someone changed your homework scores – decreasing them all by 1-5 points? (Loss of data integrity)
Cyber Threat- A cyber threat is an attempt to damage or disrupt a computer network or system. +Cyber threats can become a reality if there are vulnerabilities present within +A network +Hardware, or +Software which allow an attacker to reduce a system's information assurance
Intentional Threat Sources and Motivations- National Governments (State actors or APTs) – disruption, destruction +Terrorists – theft, destruction, disruption +Industrial Spies and Organized Crime Groups – theft and fraud for monetary gain +Hacktivists – motivated by ideology to disrupt, disclose to gain attention +Hackers – disruption, disclosure +Bot-net operators – take control of systems to disrupt +Phishers and Spammers – identity theft, theft of information for monetary gain +Insiders – can use unrestricted access for theft, disruption, or destruction
Threat Modeling-Works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. Most of the time, a threat model includes: +A description / design / model of what you’re worried about +A list of assumptions that can be checked or challenged in the future as the threat landscape changes +A list of potential threats to the system +A list of actions to be taken for each threat +A way of validating the model and threats, and verification of success of actions taken
Risk- How likely is something to happen, and what the damage could occur if it happened +Risk = Likelihood x Consequences +Risks can target organizational operations such as the mission, function, image, or reputation, as well as risk to data, hardware and software.
https://www.youtube.com/watch?v=hzC6BONJgsQ
OSINT- Open Source Intelligence + Our personal information is stored in public databases, on social medias, and plenty of other places across the internet + Open source places can store information on the public and cause harm to a person or organization (OSINT) + mainly starts at the OSINT website
SHA-2(or SHA-256) https://en.wikipedia.org/wiki/SHA-2 https://md5calc.com/hash
Hashing - Can allow you to decrypt a password, keeps information as it is - secures original data/info and keeps it safe and untampered
Rainbow Table Attack - A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes. After the user enters their password to login, it is converted to hashes, and the result is compared with the stored hashes on the server to look for a match. If they match, the user is authenticated and able to login to the application.
Can two passwords have the same hash? +Yes, called a Hash Collision +Passwords with the same hash - compromise of integrity +Hash collision attacks: find a password that will result in the same hash from a reported breach and try to use that password to login
Can you guess a password by just looking at a hash? +No. Hashes are designed to prevent guessing. Hashing algorithms are a one-way process. +Adversaries may check a hash in a pre-computed list, also known as a rainbow table. https://youtu.be/cczlpiiu42M
DNS- +Hierarchical distributed naming system for any resource connected to an IP network +Translates easy to remember host names to IP address +eg: my.champlain.edu is 216.93.150.217
Wireshark - +Popular tool for “capturing” network traffic +Also called “sniffing” +Captures all traffic to and from local host +Will parse packet “headers” and display the info in an organized way +Can filter results to show specific sessions, protocols, hosts etc.
Cryptography Terms +Cryptography: “lock and key” that protects data through “disguise”
+Cryptographers: create lock and key
+Cryptanalysts: attempt to remove the disguise
+Cryptology is study of cryptography and cryptanalysis
+Cipher: Method to disguise text
+Plaintext: the original text
+Ciphertext: the disguised text
+Encrypt: the process of disguising
+Decrypt: Remove disguise
+Cryptography: “lock and key” that protects data through “disguise”
+Cryptographers: create lock and key
+Cryptanalysts: attempt to remove the disguise
+Cryptology is study of cryptography and cryptanalysis
Symmetric Encryption +A secret key: (number, word, a random string)
-applied to a message to change the content in a particular way.
-Can be as simple as shifting each letter by a number of places in the alphabet.
-If sender and recipient know the secret key, they can encrypt and decrypt messages
+Pros – Fast, simple, and very effective
+Cons – Exchanging keys, keeping keys private
Asymmetric Encryption +aka Public Key encryption
+Uses “key pairs”
-Public key – A key made available to anyone
-Private key – Only the key owner knows
+Any message encrypted using the public key can only be decrypted by the matching private key.
+Any message encrypted using the private key can only be decrypted by the matching public key.
Hash Function +Algorithm that computes a fixed-bit-length string from a block of data
-“Message” is the data
-“Message Digest” is the fixed-bit string
--Often called “hash”
+MD5 – creates 128 bit message digest
-Popular but has weaknesses
+SHA-1: Creates 160 bit
+SHA-2: 256 and 512 bit
Hash Functions - A hash function maps digital data of arbitrary size to digital data of fixed size. The hash is sometimes called a message digest. A cryptographic hash function is a hash function that is considered practically impossible to invert (one-way-ness) or find collisions (i.e. two messages with the same hash value).
Cyber-Physical System:
Smart Grid - +A smart grid is an electrical grid which includes centralized monitoring and connectivity to smart meters, smart appliances, renewable energy resources, and energy efficient resources
+Potentially vulnerable to false injection attacks where an adversary injects false readings into the grid to steal electrical energy or cause energy cut-off.
+Potentially vulnerable to topology poisoning attacks where an adversary intercepts measurements, modifies them, and forwards to the control center to confuse the centralized topology monitoring and result in energy cut-off.
ICS- +Industrial Control Systems (ICS) automate processes in many industries, including manufacturing, health care, transportation, and the military.
SCADA - +Supervisory Control And Data Acquisition (SCADA) is a control system architecture comprising computers, networked data communications and graphical user interfaces (GUI) for industrial control system supervisory management.
+It uses peripheral devices like programmable logic controllers (PLC) as sensors and actuators to control the automated processes.
PLCs - Programmable logic controllers
-
PLCs have limited processing capability, need to execute commands without delays, and cannot be easily updated or replaced like other computer components.
-
PLCs usually don’t implement authentication, access control, encryption, nor integrity checks.
-
Many PLCs are part of older systems never meant to go online and the systems were not designed to have security.
+PLCs are connected to computer machines part of the SCADA so if an adversary can seize control of a SCADA machine, it can issue and command to the PLC they wish.
+Welcome, Stuxnet.
IoT - +Internet of Things (IoT) - Interconnected machines and devices equipped with processors, implementing an application logic
++Internet (network connectivity)
+Ethernet (physical cable connection)
+WiFi
+3G/4G LTE
+Bluetooth, ZigBee, 6LoWPAN
++Things
+High-end devices (smartphones, tablets, appliances)
+Low-end devices (sensors, actuators)
+Passive entities (QR-code, RFID)
AES - symmetrical block cipher algorithm
HTTPS - The S in HTTPS means that the website is using secure communication to connect to the web server
Lock next to website URL The lock indicates that HTTPS is being used and it is from a trusted organization. Read more at https://support.google.com/chrome/answer/95617?hl=en .
Cryptography and the Main Tenets of Information Security +Confidentiality = Encryption/decryption algorithms.
+Integrity = Hash functions.
+Authenticity = Digital signatures, digital certificates.
+Non-repudiation = Digital signatures, digital certificates.
Requirements for a Cryptographic Hash Function
Variable Input/Fixed Output Size - Can be applied to data of practically any size but the output is always a fixed number of bits.
Pre-Image Resistant - Computationally infeasible to find the input value for a given hash value (one-way-ness).
Collision Resistant - Computationally infeasible to find two inputs that have the same hash value.
Efficiency - Easy (fast) to compute so practical on hardware and software.
Pseudo-Randomness - The outputs pass tests designed to detect not truly random, but imitating randomness known as pseudorandomness.
Uses of Hash Functions
Digital Signatures - When you sign messages digitally, the hash value of the message is encrypted instead of the message itself. This allows messages of arbitrary lengths to be signed
Password Files - Hashes of passwords are stored, not the passwords themselves. Because no one can see the plain password, this provides an extra layer of security in case the password file is stolen.
Intrusion/Virus Detection - A change in the hash value of a file may indicate an intrusion or a virus.
File Signature - Related to virus detection, hashes serve as a fingerprint or signature for a file. You can differentiate between one Notepad.exe from another. Hashes are used to verify downloaded files.
Construction of a Pseudorandom Number Generator - One of the required properties of a cryptographic function is that the output has to pass pseudorandomness tests.
File Synchronization - Whether to upload a file or not for synchronization (for example with cloud storage) can be determined by checking the hash value of the file has changed or not since the last update.
Cryptographic Hash Function Algorithms
**MD - Message Digest Algorithms ** - +MD4 - Designed by Rivest 1990
- 128 bit digests; used in TLS certificates
- Practical collision attacks were developed against it
+MD5 - Similar to MD4; security compromised, so it's not suitable for cryptographic use.
VIRUS TOTAL - Free website that will let you know if the file you have has a virus or not.
SHA = Secure Hash Algorithm + SHA-1 - Designed by NSA -Published by NIST in 1993 as Federal Info. Processing Standard -Theoretical attacks developed for SHA1 in 2005 suggested the algorithm may not be secure enough for ongoing use.
SHA-2 - Designed by NSA -Published by NIST in 2001 as Federal Info. Processing Standard -Includes six hash functions with digests that are 224, 256, 384 or 512 bits.
SHA-3 - Designed by Bertoni,Daemen,Peeters,Van Assche -Published by NIST in 2015 as the new standard -Not meant to replace SHA-2 as SHA-2 has not been broken