Midterm Topics - Hsanokklis/2022-2023-Tech-journal GitHub Wiki

Explain and apply Confidentiality, Integrity and Availability

The CIA triad is an information security model meant to guide an organizations security procedures and policies

Confidentiality:

Deals with keeping an organization's data private. This often means that only authorized users and processes should be able to access or modify data.

Ex. When you log in, you're asked for a password. If it's been a while since your last log-in, you may be asked to input a code that's been sent to you or some other for of two-factor authentication.

Ex. Can be found in access control methods like two-factor authentication, password less sign-on. Its not just about letting authorized users in, its also about keeping certain files inaccessible.

Ex. Encryption. It helps organizations secure information from accidental disclosure and malicious attacks.

Integrity

Means that data can be trusted. It should be maintained in a correct state, kept so that it may not be tampered with, and should be correct, authentic, and reliable.

Ex. Can be maintained with access control and encryption. Can be setting a read-only file. Could be hashing or data checksums(which allow data to be audited to ensure the data hasn't been compromised)

Ex. Data might be protected physically from outside sources that might corrupt it.

Ex. Data integrity is provided by making sure your purchases are reflected in your account and allowing you to contract a representative if there's a discrepancy.

Availability

Data should be available to authorized users whenever they require it. This means keeping systems, networks, and devices up and running.

Ex. you can log into your account whenever you want, and you may even be able to contact customer support at any tie of the day or night.

Ex. Creating a DDoS response plan and redundancy in your system is a way of ensuring availability. Also load balancing and fault tolerance.

https://securityscorecard.com/blog/what-is-the-cia-triad/

Compare and contrast Symmetric and Asymmetric encryption

Symmetric Key Encryption

  1. Only requires a single key for both encryption and decryption
  2. The size of cipher text is the same or smaller than the original plain text
  3. The encryption process is very fast
  4. It is used when a large amount of data is required to transfer
  5. It only provides confidentiality
  6. The length of key used is 128 or 256 bits
  7. In symmetric key encryption, resource utilization is low as compared to asymmetric key encryption.
  8. It is efficient as it is used for handling large amounts of data
  9. security is less as only one key is used for both encryption and decryption
  10. Examples: 3DES, AES, DES, RC4

Asymmetric Key Encryption

  1. Requires two keys, a public key and a private key, one to encrypt and the other one to decrypt.
  2. the size of cipher text us the same or larger than the original plain text.
  3. the encryption process is slow
  4. it is used to transfer small amounts of data
  5. it provides confidentiality, authenticity and non-repudiation
  6. The length of key used is 2048 or higher
  7. in asymmetric key encryption resource utilization is high.
  8. it is comparatively less efficient as it can handle a small amount of data
  9. it is more secure as two keys are used here - one for encryption and the other for decryption.
  10. Examples: Diffie- Hellman, ECC, El Gamal, DSA and RSA

https://www.geeksforgeeks.org/difference-between-symmetric-and-asymmetric-key-encryption/

Different kinds of encryption algorithms

  • (DES) Data Encryption Standard

A symmetric block cipher which encrypts blocks of data consisting of 64 bits with a 56 bit key

  • (AES) Advanced Encryption Standard

A symmetric block cipher which works by repeating the same action multiple times and has a block size of 128 bits

  • RC4

A variable stream cipher based on random permutation (symmetric)

  • RC5

A block cipher with variable block size, key size, and # rounds. Default key size is 128 bits (symmetric)

  • RC6

A symmetric key block cipher derived from RC5 with two additional features, 1: Uses interger multiplication, 2: uses 4 bit working registers

  • (DSA) Digital Signature Algorithm

An algorithm which is used to generate and authenticate digital signatures of sensitive or unclassified applications. Defined in the Federal Information Processing Standard. (asymmetric)

  • (RSA) Rivest Shamir Adleman

A public key encryption system used for public key encryption and digital signatures. It uses mathematical computations using large prime numbers (asymmetric)

  • Ceasar Cipher

image\

  • Atbash Cipher

image

  • Pigpen Cipher

image

  • Rail Fence Cipher

image

  • Vigenère Cipher

image

http://practicalcryptography.com/

https://www.keyfactor.com/resources/types-of-encryption-algorithmns/

https://www.arcserve.com/blog/5-common-encryption-algorithms-and-unbreakables-future

Different kinds of malware

  • Ransomware

Uses encryption to disable a target's access to its data until a ransom is paid. The victim is rendered partially or totally unable to operate until it pays, but there is no guarantee that payment will result in the necessary decryption key or that files will function properly afterwards.

  • Fileless malware

Doesn't install anything initially, instead it makes changes to files that are native to the OS, such as PowerShell or WMI. Because the OS recognizes the edited files as legitimate, a fileless attack is not caught by antivirus software, and because these attacks are stealthy, they are up to 10 times more successful then traditional malware attacks.

  • Spyware

Collects information about uses activities without their knowledge or consent. This can include passwords, pins, payment information, and unstructured messages. It can operate on a desktop browser, app or phone.

  • Adware

Tracks a users surfing activity to determine which ads to serve them. It is similar to spyware, but it does not install any software on a user's computer not does it capture keystrokes. The danger is that it is an invasion of privacy. It can be used to create a whole profile about someone, such as family, friends, addresses which is all data that could be used for other malicious purposes.

  • Trojans

Disguises itself as desirable code or software. Once downloaded, the trojan can take control of the victims systems for malicious purposes. They hide inside games, apps, software patches, or in attachments included in phishing emails. They require users to download them.

  • Worms

spreads through a network by replicating itself. They target vulnerabilities in OS's to install themselves into networks. They can gain access in may ways: thorough backdoors built into software, through unintentional software vulnerabilities, or through flash drives. Once in place worms can be used to launch DDoS attacks, steal sensitive data, or conduct ransomware attacks. They do not use applications to execute.

  • Virus

A pieces of code that inserts itself into an application and executes when the app is run. Once inside a network a virus may be used to steal sensitive data, launch DDoS attacks or conduct ransomware attacks. It cannot execute or reproduce unless the app it has infected is running.

image

  • Rootkits

software that gives hackers remote control of a victim's device with full admin access. They can be injected into applications, kernels, hypervisors or firmware. They spread through phishing, malicious attachments, malicious downloads, and compromised shared drives. They can be used to conceal other malware like keyloggers.

  • keyloggers

A type of spyware that monitors user activity through keystrokes. They have legitimate uses, such as businesses can use them to monitor employee activity and families may use them to keep track of children's online behaviors.

  • Bots

A software application that performs automated tasks on command. They are used for legitimate purposes, such as indexing search engines, but when used for malicious purposes they take the form of self-propagating malware that can connect back to a central server. Normally bots are used in large numbers to create a botnet, which is a network of bots to launch broad remotely controlled floods of attacks such as DDos attacks. Botnets can become quite expansive. The botnet Mirai IoT botnet ranged from 800,000 to 2.5 million computers.

  • Wiper malware

malware with the purpose of erasing user data beyond recoverability. They can be used to take down computer networks in public or private companies across various sectors. Threat actors also use wipers to cover up traces left after an intrusion, weakening their victim's ability to respond.

image\

**

Access Control Methods

  • Role-based access control (RBAC)

Access control is granted based on the roles and responsibilites of an individual working in the organization. For example and engineers role would be restricted to accessing design documents and software. He can add, delete or modify his own code but cannot access the project level or production data. Also he will not have access to the HR database or financial database. This system is best for a company that has a high employee turnover.

image

  • Discretionary access control (DAC)

Access Control is based on the owner's discretion. The owner of the resource can decide who gets permission to access, and exactly what they are allowed to access. This is the most common model used in most of the file sharing utilities both in Microsoft OS and UNIX OS. Permission granted to those who need access is classified as "need-to-know" access model. An example of this is Access Control Lists (ACLs).

  • Mandatory access control (MAC)

A group of a set of people are provided access based on the clearance given to a specific level of access depending on the classification of information/data. For example, data that is "top secret" is available to a set of people based on their clearance level to access "top secret" documents. Such people also have clearance to access lower level documents. This model is often implemented in government organizations.

image

  • Attribute-based access control (ABAC)

Access can be granted using attributes. Subject attributes like identity, roles. Object attributes like device name, file, record, table, application, programs, and network. Environment attributes like location, and time. When the role assigned to a subject is used as the single attribute to control access, that is RBAC. When access control is based on multiple attributes then it is ABAC.

  • Access Control List(ACL)

A list of rules that specifics which users or systems are granted or denies access to a particular object or system resource. They can be installed in routers or switches to manage which traffic can access the network. Or they can be used for file permissions to allow/deny users file privileges.

https://www.openpath.com/blog-post/access-control-models

https://westoahu.hawaii.edu/cyber/best-practices/best-practices-weekly-summaries/access-control/

Different website attack methods

  • Cross-Site Scripting(XXS)

This involves an attacker uploading a piece of malicious script code onto your website that can them be used to steal data or perform other kinds of mischief.

  • SQL Injection

This happens when a hacker submits destructive code into an input form. If your system fails to clean this information, it can be summitted into the database, changing, deleting or revealing data to the attacker. Leads to a loss of integrity within a database.

  • command injection

a cyber attack that involves executing arbitrary commands on a host OS. Typically the threat actor injects the commands by exploiting an application vulnerability such as insufficient input validation.

image

  • cookie poisoning/hijacking

Cookie poisoning is when a malicious hacker injects malicious content into an HTTP cookie before they are delivered from the user's browser to a web application. The aim of cookie poisoning is cookie manipulation. Cookie hijacking is when the hacker attempts to access the data being transmitted(the cookie contents). The aim of cookie hijacking is to gain access to sensitive information stored in the cookies. This information can be used in later attacks.

  • Buffer Overflow attacks

An attack in which hackers exploits a buffer overflow vulnerability where use-controlled data is written to the memory. By submitting more data than can fit in the allocated memory block, the attacker can overwrite data in other parts of memory.

image

  • Man in the Middle Attacks

an attack in which a perpetrator positions himself in a conversation between a user and a application either to eavesdrop or to impersonate one of the parties making it appear as if a normal exchange of information is underway.

image

  • URL Poisoning

This can be recording a user's browsing pattern on a website by tracking a session ID number onto the URL. It can also be hiding one URL behind another, or diverting the user to a different page based on hidden scripting.

https://www.trustnetinc.com/web-application-attacks/

  • What are certificates and how are they used?

They are a electronic file that uniquely identify people and resources on the internet. They also enable secure confidential communication between two entities. They can be used to establish secure sessions between the server and clients through secure SSL technology. They are based on public key cryptography which uses pairs of keys to encrypt information so it can be read by only its intended recipient. Its like a passport it identifies the holder and provides other important information. They are issued by a trusted third party canned a Certificate Authority. It is like the passport office. It validates the certificates holder's identity and signs the certificate so that it cannot be forged or tampered with. The certificate binds the owner's public key to the owner's identity. The certificate includes information such as the name of the holder and other identification such as the URL of the Web server using the certificate or the individuals email address. The name of the CA that issued the certificate, and expiration date.

AAA framework

A simple way to understand security issues surrounding the access ability of individuals within an organization.

  • Authentication

This is the first step in a secure identification system. The system needs to make sure the person accessing it is who they say they are. Authenticating a person can fall into 3 main categories.

  1. What they know

Such as a password or security questions

  1. Who they are

Biometrics such as a finger print

  1. What they have

Access cards to enter a building, mobile devices providing 2FA

  • Authorization

The right people should have access to the right access level to areas of a network.

  1. Mandatory Access Control (MAC)
  2. Discretionary Access Control (DAC)
  3. Role-Based Access Control (RBAC)

In general, giving users the least amount of privileges needed to accomplish their job is the goal. Limiting access to sensitive areas makes these more secure.

  • Accounting

After a person begins logging into a network and working, their usage should be monitored. This can be accomplished with auditing tools. Knowing what files a person is accessing or attempting to access can inform whether more or less authorization is needed. SUS activity can prompt questions as to whether the person accessing the network was authenticated correctly.

https://cipher.com/blog/the-aaa-framework-for-identity-access-security/

  • Hashing

The process of converting a given key into another value. A hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or a hash. A good hash function uses a one-way hashing algorithm meaning once encrypted it cannot be decrypted. A collision can happen when two keys generate the same hash. You can salt a hash, which means you add random data to the input of a hash function to guarantee a unique output.

image

https://www.educative.io/answers/what-is-hashing

https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

image