Scribd
Upload
51 views6 pages

Cyber Security: Study Notes

This document provides an overview of key topics in cyber security based on study notes from a cyber security course. It covers introductory topics like security goals, threats and vulnerabilities. It then discusses specific technical topics like web security, transport layer security, operating system security, public key infrastructure, intrusion detection, email/VPN security and wireless security. For each topic it provides definitions and explanations of core concepts and security mechanisms.

Uploaded by

shabir Ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
51 views6 pages

Cyber Security: Study Notes

This document provides an overview of key topics in cyber security based on study notes from a cyber security course. It covers introductory topics like security goals, threats and vulnerabilities. It then discusses specific technical topics like web security, transport layer security, operating system security, public key infrastructure, intrusion detection, email/VPN security and wireless security. For each topic it provides definitions and explanations of core concepts and security mechanisms.

Uploaded by

shabir Ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 6

CYBER SECURITY

STUDY NOTES
TABLE OF CONTENTS

WEEK 1 – INTRODUCTION TO CYBERSECURITY ...................................................................................................... 2


WEEK 2 – DELOITTE GUEST LECTURE...................................................................................................................... 6
WEEK 3 – WEB SECURITY ........................................................................................................................................ 7
WEEK 4 – TRANSPORT LAYER SECURITY ............................................................................................................... 13
WEEK 5 – TCP/IP BASED ATTACKS......................................................................................................................... 18
WEEK 6 – OPERATING SYSTEM SECURITY ............................................................................................................. 22
WEEK 7 – CAs X.509 AND KERBEROS .................................................................................................................... 29
WEEK 8 – DELOITTE GUEST LECTURE 2 ................................................................................................................. 33
WEEK 9 – INTRUSION DETECTION AND PREVENTION (IDP) ................................................................................. 34
WEEK 10 – EMAIL AND VPN SECURITY.................................................................................................................. 43
WEEK 11 – NETWORK ACCESS CONTROL AND WIRELESS SECURITY .................................................................... 49

1
WEEK 1 – INTRODUCTION TO CYBERSECURITY

FOCUS OF CYBER SECURITY


- Prevent un-authorised access to
resources, stealing and modifying data and
network misuse
- Protect your own network
- Recover quickly from attacks

CYBER SECURITY LANDSCAPE


- Security threat zones – Web threats, mobile
devices (IOT), social media and scams, targeted
attacks, e-crime and malware

DEFENCE STRATEGY
- Prevention – Stop attackers from violating security
policies
- Detection – Detect attackers’ violation of security
policies
- Recovery – Stop attacks, assess and repair damage
- Education – Best defence is intelligence

BASIC DEFINITIONS
- Computer Security – Controls which ensure confidentiality, integrity, and availability of information system
assets including hardware, software, firmware, and information being processed, stored, and
communicated
- Network Security – Measures to prevent, detect, and correct security violations that involve the
transmission of information
- Cyber Security – Measures to protect and defend the use of a global domain within the information
environment consisting of the interdependent network of information systems infrastructures including the
Internet, telecommunications networks, computer systems, embedded processors and controllers

WHAT SECURITY GOALS ARE IMPORTANT?


- Confidentiality
o Data Confidentiality – Only intended users can understand the contents
o Data Privacy – Control or influence what information related to an individual may be collected and
stored and between whom that information may be disclosed
- Integrity
o Data Integrity – Information and data are changed only in a specified and authorized manner
o System Integrity – Assures a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system
- Availability
o Assures that systems work promptly, and service is not denied to authorized users
- Authenticity – Verifies users are who they claim to be and that data has come from a trusted source
- Accountability and Non-Repudiation – Actions made by an entity must be traced uniquely to that entity
- Access Control – Only permit access to resources for designated user/process

BREACH OF SECURITY AND IMPACT AT DIFFERENT LEVELS

2
SECURITY CHALLENGES
- Potential attacks on the security features need to be considered
- Procedures used to provide particular services are often counter-intuitive
- It is necessary to decide where to use the various security mechanisms
- Requires constant monitoring, is often an afterthought
- Security mechanisms typically involve more than a particular algorithm or protocol
- Security is essentially a battle of wits between a perpetrator and the designer
- Little benefit from security investment is perceived until a security failure occurs
- Strong security is often viewed as an impediment to efficient and user-friendly operation

SECURITY VULNERABILITIES, THREATS AND ATTACKS


- Categories of vulnerabilities
o Corrupted (Loss of integrity)
o Leaky (Loss of confidentiality)
o Unavailable or very slow (Loss of availability)
- Threats represent potential security harm to an asset when vulnerabilities are exploited
- Attacks are threats that have been carried out
o Passive – Make use of information from the system without affecting system resources
o Active – Alter system resources or affect operation
o Insider – Initiated by an entity inside the organisation
o Outsider – Initiated from outside the perimeter

RISK ASSESSMENT
- Risk = Probability (Exploit) x Exploit Cost
- Probability can be a combination of: Discoverability (D), Reproducibility (R) and Exploitability (E)
- Exploit cost can be a combination of: Number of affected users (A) and Damage potential (D)
- DREAD Model – Used to evaluate risk – Lowest = 1, Highest = 5
o EG. SQL Injection that reveals customer data
 D = 3, R = 5, E = 3, A = 4, D = 5
 Risk = (3+5+3+4+5)/5 = 4/5

COMMON VULNERABILITY SCORING SYSTEM (CVSS) CALCULATOR


- NIST has outlined method of calculating vulnerability HTTP://nvd.nist.gov/cvss.cfm?calculator&version=2
- Security Engineering involves; Identifying threats, how they can be remediated, finding vulnerabilities

CYBER THREATS
- Threat Actors:
o Social – People are the primary attack vector
o Operational – Failures of policy and procedure
o Technological – Technical issues with the system
o Environmental – From natural or physical facility factors
- Threat modelling – Helps determine the threat surface, assign risk and drive vulnerability mitigation

OSI SECURITY ARCHITECTURE


- Security Attack – Action that compromises the security of information

3
- Security Mechanism – Process that is designed to detect, prevent or recover from a security attack
- Security Service – Enhances security of data processing systems and information transfers of an
organisation

FUNDAMENTAL SECURITY DESIGN PRINCIPLES


- National Center of Academic Excellence in Information Assurance/Cyber Defence
o Economy of mechanism, Fail-safe defaults, Complete mediation, Open design
separation of privilege, Least privilege, Least common mechanism, Psychological
acceptability, Isolation, Encapsulation, Modularity, Layering, Least astonishment

ATTACK SURFACE
- Consists of the reachable and exploitable vulnerabilities in a system
o Network attack surface – Vulnerabilities over a network, or internet
o Software attack surface – Vulnerabilities in application, utility or OS code
o Human attack surface – Vulnerabilities created by personnel or outsiders.
EG. Social Engineering
VULNERABILITY ASSOCIATED WITH ATTACK TREES

MALWARE AND WORMS


- Malicious code often masquerades as part of useful software/message/information
- Exploits existing vulnerabilities in systems making quiet and easy entry
- Some programs need host programs to hide their tracks – Trojan horses, spyware, viruses, and rootkits
- Others can exist and propagate independently – Worms, automated viruses and zombies
- Propagation mechanisms: Sharing files via P2P, IRC, Instant messaging, SQL injection, Web pages, Buffer
Overflow, Emails

TROJAN HORSE AND BACKDOOR


- Program with hidden malware
o Usually superficially attractive
o Often used to propagate a virus/worm or install a backdoor
o Allow attackers to gain unauthorised access

SECURITY MECHANISMS
- Hardening of OS and applications
- Patches in OS and applications via security updates
- Local, domain and public security policies
- Cryptography (Hash functions for authenticity, Symmetric, Public-key infrastructure, Certificates, PRNG)
- Authentication and key establishment within a domain

1. HOST PROTECTION
- Use of Anti-malware software
- OS and application security patches
- Host-based firewall and intrusion detection
o Patterns of specific known exploits and vulnerabilities are looked for
o Behavioural-based analysis watches for suspicious behaviour
- Configuration hardening

4
2. NETWORK ACCESS CONTROL/PROTECTION (NAC/NAP)
- Needs a server side and client side (agent) software process in a host
- Agent reports the health state of the host to NAC/NAP server
- Policies for user/group/process access rights – Cisco ACS, Symantec Endpoint Protection Manager
- Cisco Network Admission Control (NAC), Symantec and McAfee NAC

3. CRYPTO AND PROTOCOLS


- Symmetric key crypto – Confidentiality: Encryption – Authentication: Hash
- Public key crypto – Encryption, Signature, Certificate – Authentication
- SSL protects transport layer using public key crypto for establishing a symmetric key and authentication
- SSL uses symmetric key for encryption, VPN for network layer

4. PERIMETER PROTECTION
- Can be physical (Router Interface) or virtual (VLAN)
- Firewall provides ongoing inspection and filtering of IP and transport headers
- IDS: Reports detected malicious packets, IPS: Blocks and reports detected malicious packets
- Detection based on signatures and abnormal behaviours

THE TOP 4 MITIGATION STRATEGIES


1. Application Whitelisting – Only allowing clients to run tested software
2. Patching Systems – Setting systems to auto-update, risk some applications will not work after patch
3. Restricting Administrative Privileges – Admins have two accounts, root access should not use internet
4. Creating a Defence-in-depth System

You might also like