Pages

Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Thursday, May 25, 2017

Curriculum

I am going to approach this learning experience by following a structured path that includes everything I need to know. Here will live the master curriculum which I will add to and update as I go along.

There are many great (and free) resources on the web. After building a list of courses I wanted to take based off of a Cyber Security masters degree curriculum, I found that cybrary had everything I needed to get started so I will be using many of their resources to fulfill my educational requirements.

I love information but I also love simplicity. I plan to use these resources to learn to be a security personnel as quickly and efficiently as possible.

There is a useful extension on chrome called vimeo repeat & speed that can be used to watch the HD videos sped up.

I will be posting each course with my course notes so that this blog can be searched when more information is needed on a subject.

Off we go!

Introduction to Reverse Engineering  https://www.cybrary.it/course/malware-analysis/

Introduction to Post-Exploitation  https://www.cybrary.it/course/post-exploitation-hacking/

Introduction to Vulnerabilities  https://www.cybrary.it/course/metasploit/
Posted by at 2 comments:
Labels: ,

Cryptography

Historical uses of cryptography

-Caesar cipher -shifted character 3 spaces to the left
-Scytale -spartans used this cipher to communicate messages to generals in the field, wrapped tape around a rod, diameter of the rod is the pre-agreed upon secret
-Vignere -a polyalphabetic cipher, key word is agreed upon, first letter of the key is matched against first letter of the message
-Vernam cipher -the only mathematically unbreakable form of cryptography, one time key pad

Security services provided by cryptography

-privacy, authenticity, integrity, non-repudiation

plain text + initialization vector + algorithm + key = cipher text

Desirable qualities of an algorithm

-confusion, diffusion, avalanche, permutations, open-Kerchkoff's principle

Desirable qualities of a key
-long, random, secret

Symmetric cryptography

-the same key is used by both parties to both encrypt and decrypt
-two types of symmetric ciphers or algorithms --> stream and block
-stream is very efficient, however generally considered to be not as secure
-RC-4 is a stream cipher

-block ciphers are slower but more secure
-two main block ciphers used today are AES and 3DES

-drawbacks of symmetric cryptography -out of band key exchange, not scalable, no authenticity, integrity, or non-repudiation

Asymmetric cryptography

-every user has a key pair -public key is made available to anyone who requests it, private key is only available to that user and must not be disclosed or shared
-the keys are mathematically related so that anything encrypted with one key can only be decrypted by the other
Posted by at 2 comments:
Labels: , , ,

Security Systems Architecture

Governance and Risk Management

Risk Governance -comes from executive management and the board of directors, the job is to align the risk strategy with the objectives of the organization

-Are we doing the right things?
-Are we doing things right?
-Are we getting things done well?
-Are we maximizing the benefits?

Risk Management -planning, building, running, and monitoring according to the directions established and in compliance with governance

Enterprise Risks: Databases
-code injection -only allow users to input the bare minimum, input validation, force users who are untrusted to use an interface that is trusted before they access your backend data
-scripting -regulate field size 
-aggregation -the collection of information 
-inference 
-entity, semantic, and referential integrity 

Utilities 
-power -spikes, surge, sag, brownout, fault, blackout
-HVAC, humidity, EMI, RFI 

Network Components 
-cable, hubs, switches, routers, firewalls, proxies, network services, wireless communication

Users
-internal theft, fraud, salami attacks, data diddling, falsification of time-sheets, compromise of sensitive information, disgruntled employees 
What are Enterprise Goals? 

-the COBIT 5 generic enterprise goals can provide a starting point for the strategic planning 
-the derived enterprise goals should be linked to stakeholder needs and governance objectives of value creation, namely benefits realization, risk optimization and resource optimization 

Key principles of Enterprise Architecture
-define protections that enable trust in the cloud 
-develop cross-platform capabilities and patterns for proprietary and open source providers
-facilitate trusted and efficient access, administration, and resiliency to the customer


-provide direction to secure information that is protected by regulations 
Posted by at 1 comment:
Labels: , , , ,

Introduction to Malware

What is malware analysis and why is it useful? 

-malicious is software that executes without permission or knowledge
-it has software problems just like every other product: compatibility issues, bugs, customer service, versions/updating issues, team development/source code control    

Anti-virus software cannot be relied on because it is a difficult task to make a program or algorithm to determine if some software is malicious. 

Anti-virus software is not dead, it does catch a lot of old stuff, but it only detects about 17% of the time

50-97% of breaches involve malware, in most breaches malware has automated some task for an attacker or increased their capabilities by taking advantage of a vulnerability, exploiting something on a system, and increasing their foothold 

Breach happens -Now what?

Typically you reimage the machine

Advanced: Incident response
-analyze logs, network traffic, strange processes etc.
-is it anywhere else?
-how did it get there

Mature: Gather intelligence
-what is the impact
-what is the risk
-financially motivated? hacktivism? opportunistic? advanced persistent threat (apt)?

70-90% of malware samples are unique to an organization- Verizon data breach report 

Types of Analysis 

-Dynamic Analysis -executing the malware. Simple, Fast, Easy to miss things. 
-Static Analysis -reverse engineering. Slow, deep technical knowledge. With enough time anything can be reversed. 
-Hybrid Static/Dynamic -most analysis is a mixture: You will find something in the disassembly then you confirm/investigate while the malware is executing. 
-Memory forensics can be useful but is not the end all be all
Posted by at No comments:
Labels: , , ,

System Security


This course provided a good introduction to system security. For those with an IT background this course may not be necessary but I thought it was useful. 

Notes

Appropriate procedures to establish host security 

Application Security

Anti-Malware -takes care of viruses, worms, and trojans
-software has been designed to find the specific signatures of the malware on a system; track, identify, deactivate 
-regularly update the signature/definition files to keep the anti-malware software effective 

Anti-Spam -organizations will use spam filters on emails and messages to prevent spam from getting to the users inbox 
-prevents/limits servers from congestion  

Anti-Spyware -spyware can track your activity online by reviewing your cookies
-anti-spyware eradicates tracking cookies from your system 

Pop-up blockers- pop ups are usually how you get adware, you can turn on pop-up blockers by going to your internet options page 

Host-based firewalls -a firewall that resides on a computer system that protects traffic coming in or leaving the system 
-this is something to monitor periodically to prevent intrusion into the system and to facilitate the generation of alerts 

Patch management -patches are produced to fix flaws that exist within software
-individuals in an organization should be responsible for validating the source of a patch, testing it for sufficiency, and migrating the patch to the production systems once it has been found to be robust
-never download a patch and install it directly on your real system 

Hardware Security

-cable locks- prevent rearrangement of the infrastructure you have; most likely used for laptops
-safe -lock away spares, documents
-locking cabinets -used for servers, switches, patch panels, and server racks to prevent unauthorized access and modification

-unauthorized access could change config = loss of integrity 

-mobile device -screen lock, strong password

-devices should support encryption so that keys are required before anyone has access
-this way if you lose your device, you know that nobody else has access to the content 
-encryption is the best form of security for mobile devices
-another option is remote wipe which allows your providers or device administrators to send a script to the phone that can either erase or cause damage to the content on the phone so that it cannot be accessed anymore 

-devices should be returned to IT before they are shared between users; sanitization is very important 

-voice encryption is another best practice 
-one voice solution is VoIP (Voice over internet protocol) 
-a malicious person can packet sniff our transmission, when we use voice encryption our packets are encrypted as they move on data lines which prevents eavesdropping 

-another best practice is GPS tracking on mobile devices
-if GPS is disabled, you can still sync the picture content with your email to try to identify the location of the device 

Virtualization

-a hypervisor is the software environment within which we build virtual machines
-it shares resources with your host PC such as memory, processor, ports etc
-virtualization is different from multi booting where you have multiple operating systems on the host PC, but can only run one at a time
-with virtualization we can run all the machines at the same time provided there is sufficient memory and a reliable processor that supports virtualization  

Benefits -allows for maximum utilization of hardware, cost saving (buy less machines, less space, less licenses)

Data Security

-data loss prevention -financial, medical, trade secret, PII(personal identifiable information)

Data in motion -email, network, chat sessions 

Data at rest -database, file sharing, desktop or laptop

Data in use -copiers, printer, removable media, screen, clipboard

storage area networks -devoted to storage and useful during disaster recovery situations 

handling big data -some companies now employ security incidents events managers so that data that is of concern can be put on one management interface

Data Encryption

-this is required to ensure confidentiality 
-encrypting data changes it from plain text to cipher text

Full disk encryption -you encrypt the entire content of the hard drive, unless unauthorized users provide encryption keys, they don't have access to the data

Database encryption -unless keys are provided, no access to database

Individual files -moving a file off an encrypted disk can make it vulnerable, if you want to sent one file or a group of files, encrypting them ensures that they are still encrypted while in transit or storage 



Posted by at 1 comment:
Labels: , , , ,
Subscribe to: Comments (Atom)