Common Security Principles - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • 1.1 Common Security Principles

    • 1.1.a Describe confidentiality, integrity, availability (CIA)
      • Confidentiality: protects data and keeps data private
      • Integrity: protects data and keeps data from unauthorized manipulation
      • Availability: Make the data available to authorized users.
      • 3 Principles that every security implementation must achieve. e.g. Firewall, Encryption, Hardened Server
    • 1.1.b Describe SIEM technology
      • Products that makes collecting, correlatiing and acting on event logs and security related information easier.
      • Used to provide enterprises with real time reporting
      • Used to provide long term analysis of security events.
      • Primary evolved from 2 products
        • (SIM) Security Information Management
        • (SEM) Security Event Management
        • two separtate products incorporated in SIEM. Features included:
          • Log collections: event records from many sources to provide forensic tools and compliance reporting requirements.
          • Normalization: links log messages from diverse systems into a single data model. Even when original format of data sources are different, normalization enables analyzing related events.
          • Correlation: links logs from many disparate systems and applications. Helps to speed up detection and reaction to security threats.
          • Aggregation: reduces volume of event data by sending summary of the data.
          • Reporting: presents correlated and aggregated data in real-time monitoring and long-term summaries.

  • 1.1 Common security principles

    • 1.1.c Identify common security terms
      • Security Terms | Term | Explanation | |--------|--------| |Asset|Item to be protected, property, people, and data that has value to the company| |Vulnerability|Exploitable weakness| |Threat| Anything that tries to gain unauthorized access to an asset so it can compromize it, destroy it or damage it.| |Risk| Potential for unauthorized access to compromise, destruction or damage to an asset.| |Countermeasure| a device or process to counteract a potential threat|
      • Asset Classification | Classfication Type| Terms used | |--------|--------| |Gov't Classification|Unclassified;Sensitive But Classified,Confidential,Secret, and Top Secret| |Private Sector|Public, Sensitive, Private,Confidential| |Classification Criteria|Value, Age, Replacement Cost, Useful lifetime| |Classification Roles|Owner, Custodian, User|
      • Attacks Methods | Action | Description | |--------|--------| |Reconnaissance|Discovery Process for information about the Network and determine potential vulnerabilities| |Social Engineering|Targets the user's vulnerabilities e.g. phishing and pharming| |Privilege Escalation|Taking a level of privilege then achieving higher level e.g. User Mode to Privileged Mode| |Back Doors|Attackers gain access to system for future use| |Code Execution|After access to execute code on remote machine| |Covert Channel|Using Programs and Methods in unintended ways| |Trust Exploitation|Attacker leverages a trusted site to gain access to another trusted network.| |Bruce Force|Password Guessing| |Botnet|Collection of Infected Computers ready to take instruction from attacker| |DoS and DDoS|Use of Botnet to attack a target to cause damage|
      • Guidelines for Secure Network Architecture | Guideline | Description | |--------|--------| |Rule of Lease Privilege|Only minimal access is provided and no more than necessary| |Defense in Depth| Multiple layers of security controls rather than a single defense| |Separation of Duties| provides checks and balances regarding security implementations| |Auditing|Accounting and keeping records about network events.
    • 1.1.d Identify common network security zones (Simple Diagram)
      • Campus Area Network (CAN)
        • Security is Modular (for each building,data center,WAN links and Edge)
        • Functionally provides connectivity, data and services.
      • Cloud, Wide Area Network (WAN)
        • Security must be considered for on premises and connection betweeen site and cloud provider
      • Data Center
        • Security is provided by firewall filters
      • Small office/Home office (SOHO)
        • Security at the SOHO WAN router
      • Virtual Environment
        • ACI (Application Centric Infrastructure): policy driven security for virtual, cloud and physical components.
        • ASAv (virtual ASA): detailed control and visibility of virtual services.
        • Security is provided for North-South Traffic and East-West traffic (DataCenter Traffic Patterns)
          • East-West Traffic stays within the Data Center
          • North-South Traffic enters and exits Data Center
        • Physical firewalls such as ASAs do not help to provide security for traffic that never leaves the physical server. This is the context for the ASAv

  • Terminology for Common Security Principles

    • asset
    • BYOD
    • brute-force (password-guessing) attacks
    • CERT
    • RDDoS
    • risk
    • threat
    • Traffic Light Protocol (TLP)
    • vulnerability