Add to collection(s) Add to saved
  1. No category
Uploaded by Mbuso Mbuso

LESSON 1

advertisement 
LESSON 1
COMPARING SECURITY ROLES AND SECURITY CONTROLS
-
Security is an organizational process that include analyzing requirements, setting up
organizational security systems, hardening them, monitoring them, responding to attacks
in progress, and deterring attackers.
COMPARE AND CONTRAST INFORMATION ECURITY ROLES
-
Information security (or infosec) refers to the protection of data resources from
unauthorized access, attack, theft, or damage.
Data may be vulnerable because of the way it is stored, the way it is transferred, or
processed
The system used to store data must demonstrate the properties of security
Secure information has 4 properties called (CIA Triad)
-
-
Confidentiality
Means that some certain information needs to be known by certain people.
Integrity
Means that the data is stored and transferred as intended and that any modification is
authorized.
Availability
Means that information is accessible to those authorized to view or modify it.
Cybersecurity Framework
Within the goal of ensuring information security, cybersecurity refers specifically to provisioning
secure processing of hardware and software.
Information security and cyber security tasks can be classified as five functions:
- Identify
Develop security policies and capabilities. Evaluate/determine risks, threats, and
vulnerabilities and recommend security controls/strategy to mitigate them.
- Protect
Procure/develop, install, operate, and decommission IT hardware and software assets
with security as an embedded requirement of every stage of this operations life cycle
- Detect
Perform ongoing, proactive monitoring to ensure that controls are effective and capable
of protecting against new threats.
- Respond
Identify, analyze, contain, and eradicate
LESSON 2
Lesson Introduction
In order to make an effective security assessment, you should be able to explain strategies for
both defense and attack.
LESSON 3
Performing security assessments
-
Security assessments refers to a process and tools that evaluate the attack surface.
The purpose of the security assessment is for deploying, enhancing, or reconfiguring
security controls to mitigate risks.
TOPIC 3A
Assess organizational security with network reconnaissance tool
Reconnaissance
- Is a type of assessment activity that maps the potential attack surface by identifying the
nodes and connection that makes up the network
- You’ll often need to run scans using both command-line interface and GUI topology
discovery tools
- You should also understand how tools can be used to operate backdoor connection to a
host and to covertly exfiltrate data.
Ipconfig, ping, and arp
-
The process of doing the mapping on the attack surface is referred to as network
reconnaissance and discovery.
Reconnaissance techniques are used by threat actors, but they are also used by security
professionals to test their own security systems, as part of security assessment and
ongoing monitoring.
-
Topology discovery ( or “footprinting”) means scanning for hosts, IP ranges, and routes
between netowrks to map out the structure of the target network.
-
Topology discovery can also be used to build an asset database and to identify nonauthorized hosts (rogue system detection) or network configuration errors.
The following tools report the IP configuration and test connectivity on the local network segment
or subnet
Ipconfig - shows the configuration assigned to network interface(s) in windows, including the hardware
or Media Access Control (MAC) address, IPv4 and IPv6 addresses, default gateway, and whether the
address is static or assigned by DHCP.
- If the address is DHCP assigned, the output also shows the address of the DHCP server that
provided the lease.
Ifconfig – show the configuration assigned to network interface(s) in Linux
ping – probe a host a particular IP address or host name using Internet Control Message Protocol (ICMP).
- You can use ping for a simple script to perform a sweep of all the IP addresses in a subnet. The
following example will scan the 10.1.0.0/24 subnet from a windows machine:
For /1 %i in (1,1,255) do @ ping –n 1 –w 100 10.1.0.%i | find /i “reply”
TOPIC 3D
Explain Penetration Testing Concepts
Vulnerability Scanning does not determine what a threat actor might be able to achieve.
Penetration Testing is a type of assessment that use known tactics and techniques to attempt
intrusions (Actions). Devising, planning and leading is a specialized security role.
Penetration test
– often shortened to pen test. Penetration test uses authorized hacking techniques to discover
exploitable weaknesses in the target’s security system. Pen test is also referred to as
Ethicalhacking. You can perform security checks or penetration test by referring to one of these
techniques. Verify a threat exist, Bypass security controls, Actively test security controls,
and exploits vulnerabilities.

Verify threat exists – use surveillance, social engineering, network scanners, and
vulnerability assessment tools to identify a vector by which vulnerabilities that could be
exploited.
Networking and computer surveillance is the process of monitoring the computer systems by
keeping an eye on the activities done on the computers or data being transferred over the
network(such as internet).

Bypass security controls – to bypass security controls, this where we look for the easy
way to break into the system.
Example: If the network is protected by the firewall, it is possible to gain physical access to a
computer in the building and run malware from a USB stick?


Actively test security controls – Review security controls by checking configuration
weaknesses and errors such as weak passwords or software vulnerabilities.
Exploit vulnerabilities – Here a security expert proves that a system has some
weaknesses, by exploiting it to gain access to data or install back-door.
Rules of Engagement
Security controls might be done by employees or may be done by a third party or a by
consultant. Rules of Engagement provide details on what activity needs to be done and what is
permitted under that activity and what is prohibited. A pen test should have a scope to follow
while doing it.
Attack Profile
Attacks comes in different forms. You may need or wish to perform your network scan from the
external part of your network or from the inside (External and Insider Threats).
Attack Profiling is the method used to determine actions of an attacker, sharing threat
Intelligence and preparing necessary tools for the exploits that might happen in future.

Blackbox (or unknown environment) – This is where a consultant is given no privileged
information about the network and its security systems. Blackbox I
Threat intelligence – Threat intelligence (Information) refers to the information that has been
found, analyzed, interpreted to provide necessary ideas on how to act or make a decision based
on the system insecurities.
LESSON 5
Summarizing Basic Cryptographic Concepts
A cryptographic system encode data in such a way that only authorized person can decode it.
Compare and Contrast Cryptographic Ciphers
-
A cipher is a particular operation or process made to encode or decode data.
Cryptographic systems use symmetric and asymmetric cipher types to encode or
decode data.
As well as these cipher types, one-way hash function have an important role to play in
many security controls.
The one-way hash function cipher type plays an important role in many security
controls.
Cryptographic concepts
-
Cryptography (literally meaning “secret writing”).
Cryptography is the art of protecting or keeping data secure by encoding it.
This stands in opposition to the concept of security through obscurity. Security through
obscurity means keeping something a secret by hiding it.
The concept Security through obscurity states that a system can stay secure if the
vulnerabilities of a system are kept as a secret or hidden.
An attacker can exploit the system if h or she does not know the weaknesses. The flipped
side is that what if the vulnerabilities are exposed, it is no longer secure.
Security through obscurity is considered as high risk strategy on any sort of computer
network.
The following terminology is used to discuss cryptography:




Plaintext (or cleartext) – an unencrypted message
Ciphertext - is an encrypted message
Cipher – is the process used to encrypt and decrypt a message.
Cryptanalist – is the art of cracking cryptographic systems
In discussing cryptography and attacks against encryption systems, it is customary
to use a cast of characters to describe different actors involved in the process of an
attack. The main characters are:
Alice – The sender of a signature message
Bob – The intended recipient of the message
Mallory – a malicious attacker attempting to subvert (destroy or damage) the message in some
way.
There are three main types of algorithm with different roles to play in the assurance of security
properties confidentiality, integrity, availability, and non-repudiation. These types are hashing
algorithms and two types of encryption ciphers: symmetric and asymmetric.
Hashing Algorithms
Related documents
agency report redacted (1)
agency report redacted (1)
10 General Security Rules
10 General Security Rules
MCA (R+LE) 4th semester (Sessional (Minor I) Examination, April
MCA (R+LE) 4th semester (Sessional (Minor I) Examination, April
This worksheet
This worksheet
here - kaist
here - kaist
Web Security: Deep Dive
Web Security: Deep Dive
Download
advertisement