Is Cyberspace an operational domain in which the armed forces must be able to operate and defend?
Yes, Cyberspace is an operational domain in which the armed forces must be able to operate in and defend?
What is Cyberspace?
The global domain within the information environment consisting of "Interdependent Networks" of information technology infrastructures and resident data.
What does Cyberspace include?
The internet
Telecommunications Networks
Computer Systems
Embedded Processors and Controllers
Is the internet included in Cyberspace?
Yes, the internet is included in Cyberspace
Are Telecommunications networks included in Cyberspace?
Yes, Telecommunications networks are included in Cyberspace.
Are Computer Systems included in Cyberspace?
Yes, Computer Systems are included in Cyberspace
Are Embedded Processors and Controllers included in Cyberspace?
Yes, embedded processors and controllers are included in Cyberspace.
What are the five categories of the Cyber Domain?
Persona
Interface
Logic
Circuit
Geographic
What is Persona in the Cyberspace domain?
Users.
- Generally human at this point.
What is Interface in the Cyberspace domain?
Devices and software that user interact with.
What is Logic in the Cyberspace domain?
The logic used by devices and software systems.
What are Circuits in the Cyberspace domain?
Circuits that provide a path for logic to flow.
What is Geography (Geographic) in the Cyberspace domain?
The location of the circuit, physical systems and users.
What are the Persona Aspects in the Cyberspace Domain?
They represent users that have a role (persona) in the cyber domain.
At different times a single person may have multiple personas in the cyber domain.
What do the Interface Aspects in the Cyber Domain represent?
The hardware devices and software that users interact with to provide input into other components in the cyber domain.
What are some historical examples of the Interface Aspects?
Mouse and Keyboard
What are some modern examples of Interface Aspects?
Touchscreens
Microphones
Cameras
What are some potential future interface aspects?
Long-Term implants inside your body.
What are Logic Aspects?
The information that is stored within the information systems.
IE: The meaning of the raw data that are flowing between or stored in systems in the cyber domain
What are Circuit Aspects?
The paths that data flow across between systems or systems that store data.
IE: Raw Data
What are Geographic Aspects?
The physical location of the user, system, or data paths.
Includes natural boundaries and geopolitical boundaries (borders separating human defined regions)
How does the layer method of the Cyber Domain work?
The Cyber Domain is more complicated than simple layers.
One aspect can have many simultaneous interactions with adjacent interactions.
Interactions can skip traditional layers and interact with non-adjacent aspects.
Interactions between the aspects are continually changing in number of interactions and how they are occurring.
What are Information Systems?
Store, process, and transmit data to different parts of the system in order to provide services.
Are we protecting computers and data, or more?
We are protecting those and Information Systems
What are the five fundamental properties of Information Systems that must be maintained?
Confidentiality
Integrity
Availability
Non-Repudiation
Authenticity
What is Confidentiality as a Pillar of Cyber Security?
It is the protection of information from disclosure to unauthorized individuals, systems, or entries.
Data Oriented
What is an example of a Confidentiality breach?
In December 2013, national retailer Target reported the theft of records for 40 million credit and debit cards used at its stores. Not long after the breach, the card data was being sold at underground forums to thieves. The credit card data was supposed to be confidential, but confidentiality of the data was not preserved.
What is Integrity as a Pillar of Cyber Security?
The Protection of Information, systems, and services from unauthorized modification or destruction.
Data Oriented
What is an example of the an Integrity Breach?
In 2010, the Stuxnet computer worm was used to infiltrate the computer systems controlling Iran's nuclear enrichment centrifuges. The code modified the programmable logic controller (PLC) software, causing the centrifuges to spin out of control, while giving the console operators only normal indications. The integrity of the PLC software was violated in this attack.
What two pillars of Confidentiality are Data oriented?
Integrity and Confidentiality
What is Availability as a Pillar of Cyber Security?
Timely, reliable access to data and information services by authorized users.
Service Oriented
What is an example of a failure of Availability as a Pillar of Cyber Security?
In 2008, computer systems supporting banks, media, communications, transportation, and other infrastructure in the nation of Georgia experienced a widespread denial-of-service attack originating from Russia. The availability of critical systems through Georgia's connection to the Internet was greatly diminished.
What is Non-Repudiation as a pillar of cyber security?
The ability to correlate, with high certainty, a recorded action with its originating individual or entity.
Entity Oriented.
What is an example of the Non-Repudiation Pillar of Cyber Security?
Unauthorized manipulation of administrator access logs on any computer (making it hard or impossible to later prove who was logged on, and when).
What Pillar of Cyber Security is Service Oriented?
Availability
What Pillars of Cyber Security are Entity Oriented?
Non-Repudiation
Authentication
What is Authentication as a Pillar of Cyber Security?
The Ability to verify the identity of an individual or entity.
What is an example of Authentication breaking down?
In 2011, a security services company called RSA acknowledged its proprietary authentication system, which is employed by some defense contractors and other high-security industries, was compromised. As a result, the attackers were also able to log into systems at Lockheed Martin, using the stolen credentials of legitimate users.
What is the main fundamental tension between in Cyber Security?
Services VS. Security
What must you
...
What is the trade off between Services and Security?
For every service allowed there is another entry point needed security.
Balancing risks and rewards is key.
What are the two kinds of technology in Cyber
Space?
Information Technology (IT)
Operating Technology (OT)
What is Information Technology (IT)?
Entire spectrum of technologies for "Information processing", including software, hardware, communications technologies, and related services.
What is not typically included in Information Technology (IT)?
IT does not generally include embedded technologies that do not generate data for enterprise use.
What is Operating Technology (OT)?
Hardware and software that detects or causes a changes through the direct monitoring and/or control of physical devices, processes, and events.
What is the Internet of Things (IoT)
The network of physical objects - devices, vehicles, buildings, etc - embedded with processors, software, sensors, and network connectivity that enables them to collect and exchange data
What are some risks associated with the Internet of Things (IoT)?
Device and Network Security
Insider Threats/User Error
Automation
What is Device and Network Security as a risk on the (IoT)?
More devices and applications on a network creates a massive web of potential entry points for cyber attackers
What are Insider Threats/User Errors as a kid risk on the (IoT)?
Having many users on a network increases the risk of a user allowing an access point for a hacker - in error or intentionally
What are automation risks in the (IoT)?
Automation of equipment and vehicles extends the reach of cyber threats into the physical domain
What is the Purpose of Information Technology?
Process transactions, provide information
What is the Purpose of Operational Technology?
Control or monitor physical processes and equipment
What is the Architecture of Information Technology
Enterprise wide infrastructure and application (generic)
What is the Architecture of Operational Technology?
Event-Driven, real-time, embedded hardware and software (custom)
What is the Interfaces of Information Technology?
GUI, Web Browser, terminal and keyboard
What are the Interfaces of Operational Technology?
Electromechanical sensors, actuators, coded displays, hand-held devices
What is Ownership of Information Technology?
CIO and computer grads, finance and admin. depts.
What is Ownership of Operational Technology?
Engineers, technicians, and operators and managers.
What is Connectivity of Information Technology?
Corporate network, IP-Based
What is Connectivity of Operational Technology?
Control networks, hard wired twisted pair and IP-based
What is the Role of Information Technology?
Supports People
What is the Role of Operational Technology?
Controls machines
What does the Internet of Things (IoT) look like in the military?
What is the Internet of Things (IoT) in the military focused on?
To date, the deployment of IoT-related technologies by the military has primarily focused on applications for Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) and fire-control systems. This is driven by a predominant view across the military that sensors and networks serve first and foremost as tools to gather and share data on the battlefield and create more effective command and control of military assets.
What does the Internet of Things (IoT) look like in the Civilian world?
What is the first Strategic Goal of Cyber Defense?
Build and maintain ready forces and capabilities to conduct cyberspace operations.
- Train DoD personnel and forces to the highest standards
- Equip personnel with best-in-class technical capabilities
How is the DoD going to achieve its First Strategic Goal of Cyber Defense?
Train DoD personnel and forces to the highest standards
Equip personnel with best-in-class technical capabilities
What is the Second Strategic Goal of Cyber Defense?
To Defend the DoD information network. Secure DoD data, and mitigate risks to DoD missions.
How is the DoD going to achieve its Second Strategic Goal of Cyber Space?
It will identify, prioritize, and defend its most important networks and data.
They will plan and exercise to operate within a degraded and disrupted cyber-enviroment
Build and employ a more defendable network architecture in the Joint Information Environment (JIE)
How does the DoD stay ahead of the enemy cyber threat?
By enhancing our cyber defense capabilities
What is the Third Strategic Goal of Cyberspace?
Be prepared to defend the US homeland and US vital interests from disruptive or destructive cyber-attacks of significant consequence.
How does the DoD achieve the Third Strategic Goal of Cyber Defense?
Work with agencies, the private sector, and partner nations to deter and if necessary defeat a cyber-attack of significant consequence.
Develop intelligence, warning, and operational capabilities to mitigate sophisticated attacks.
What is the Fourth Strategic Goal of Cyber Defense?
Build and maintain viable cyber options and plan to use those options to control conflict escalation.
How does the DoD achieve the Fourth Goal of Cyber Security?
The provide the President with a wide range of options for managing conflict escalation.
The DoD should be able to use cyber operations to disrupt an advesary's command and control networks, military-related critical infrastructure, and weapons capabilities.
What is the Fifth Strategic Goal of Cybersecurity?
Build and maintain robust international alliances and partnerships to deter shared threats and increase security and stability.
How will the DoD achieve the Fifth Strategic Goal of Cyberspace?
The DoD will constantly assess the international environment and develop innovative partnerships to respond to emerging challenges and opportunities.
What is a Computer?
An electronic device that processes data based on a set of instructions.
It is programmable and responds to instructions in a well-defined manner.
It generally accepts input data, processes it, and then outputs and/or stores it.
What are some typical Computer Components?
Central Processing Unit (CPU)
Memory (RAM)
Hard Drive (HDD)
Peripherals
What is the Central Processing Unit (CPU)?
Carries out basic instructions for the computer through logical operations.
What is the Memory (RAM)?
CPU's short-term memory, stores data for computations, lost when power-off.
What is a Hard Drive (HDD)?
Long-Term memory; stores data even when power-off
What are the Peripherals of a computer?
Components attached to computer to expand capabilities, but are not a part of the core architecture.
What is a Program?
A file that contains a series of "statements" for the computer to process to achieve a predetermined objective.
What is a Statement?
The smallest standalone element of a programming language that commands a computer to perform a specified action.
What are Expressions?
A combination of one or more explicit "values", "constants", "variables", "functions", or "operators" that a programming language interprets and computes to produce another value
What is an Example Program?
What is a Compiler?
Combines a series of statements into an executable program file.
What is an Interpreter?
Can execute single statements sequentially without the need to compile an entire set of instructions.
What is Pseudocode?
An informal, high-level description of a program's operating principles; uses structural conventions of a programming language, but meant for human reading.
What is an example of Pseudocode?
How are codes traditionally executed?
Statements are executed sequentially, unless the computer is given the instruction to deviate from the order.
What are Conditional Statements?
Features of a programming language that cause different statements to be executed based on a logical test.
A Boolean Condition.
- If/Then
- While
- When
Should I stay in and study this Friday?
Should I go to FEP?
Guess a number Game
What is a problem with the "Guess a Number Game"?
If someone enters a non-number like pizza it will create a logic-error in which the response was not anticipated.
This is problematic because it can let outsiders gain entry by being wrong in creative ways.
What term is used to refer to Unexpected Inputs?
Logic Errors
What are Logic Errors?
A bug in a computer program that causes it to operate incorrectly, but not terminate abnormally (crash)
How can Logic Errors lead to vulnerabilities
Causing a program to execute out of normal sequence
Mistakenly bypass authentication or permissions checks
Leaking sensitive information due to improper error handling.
What is an Operating System (OS)?
A program (or collection of programs) that manages computer hardware and software operations.
What are three features of an Operating System?
Is automatically loaded when a computer is turned on.
Is the Primary interface for users/applications and hardware
Controls where to get data, how to process it, and where to store it.
What are some examples of OS Interfaces?
Graphical User Interface (GUI)
Command Shell
Application Programming Interface (API)
What is a Graphical User Interface (GUI)
Allows users to interact through visual icons; easy to use and interpret.
What is a Command Shell?
Allows command to be entered as plain text strings
What is a Application Programming Interface (API)
Exclusively for programs; specifies how software should interact with the OS
What are some examples of OS Services?
File Operations
Network Connections
Processes
User Accounts, permissions, logins
What are File Operations?
Part of an OS Service
They manage the different storage-related peripherals, like: hard drives, flash drives, disc drives.
Can create, modify, or destroy files on behalf of other programs.
What are Network Connections?
Allows programs to send and receive data through the computer's wired or wireless data network.
Part of an OS Service.
What are Processes?
Part of an OS Service
An instance of a computer program being executed.
The OS may operate multiple processes concurrently.
What are User accounts, permissions and logins?
OS Services
The OS ensures that users log in properly and that they can only access the things they're supposed to
What is the relevance of a username?
Every file, directory, and process has a username attached to it; normally the file's owner/creator.
What is the relevance of Permissions?
Permissions are rules which govern/define which types of users can preform what types of actions.
Adjustable by the file's owner.
What is the relevance of a Super-User account?
A user with unlimited privileges to access every file on the system regardless of user permissions scheme.
Becoming a Super-User/Administrator is the Ultimate prize in attacking a computer.
What is the ultimate prize in attacking a computer?
To gain Super-User privileges, because then you essentially "own" that machine.
In particular, if you can launch a command shell with elevated privileges, you win.
Can operate for long periods of time undetected.
What are the Super-User risks?
Because of the immunity to restrictions, the number of super-users on DoD networks should be kept to a minimum.
Administrators accounts should only be used as necessary to perform system administration tasks.
Depending on the command, ANY officer could be placed in charge of the ship's IT network.
What is a Computer Network?
Consists of two or more computers and typically other devices as well (such as printers, external hard drives, modems and routers), that are linked together so that they can
communicate with each other and thereby exchange commands and share data, hardware and other resources.
.
What is a Host?
A computer or other device connected to a network.
- May provide information resources, applications, or other services to other computers on the network.
What is a Computer Network also referred to as?
Just a Network
What are the devices on a network typically referred to as?
Nodes
What is a Router?
The network device responsible for forwarding packets of data between different networks.
What is an IP Address?
An integer assigned to uniquely identifying every host on a TCP/IP network
-usually expressed as a dotted quad, e.g., 94.136.40.8
What is the internet (lowercase i)?
internet (lowercase i): A network composed of a number of smaller computer networks.
What is the Internet (capital I):?
The worldwide network of interconnected internets that operates using a standardized set of communications protocols.
What is a Network Protocol?
A common set of rules and signals that computers use to communicate on a network.
What do Network Protocols revolve around?
Providing some sort of service.
- HTTP
- TCP/IP
- FTP
What kinds of service do Network Protocols enable?
HTTP
TCP/IP
FTP
What is a Protocol Stack?
The collection of Protocols used for Network communications.
- Organized as an abstract set of layers.
How are Protocol stacks organized?
An abstract set of layers.
What is TCP/IP?
Protocol suite specifying how data should be routed across the internet.
-Transmission Control Protocol (TCP) manages how data is prepared for transmission
-Internet Protocol (IP) manages the actual transmission
What does TCP mean?
Transmission Control Protocol (TCP) manages how data is prepared for transmission.
It is responsible for breaking data down into small packets before they can be sent over a network, and for assembling the packets again when they arrive.
What does IP mean?
Internet Protocol: Manages the actual transmission and takes care of the communication between computers.
It is responsible for addressing, sending and receiving the data packets over the internet.
What is the application layer in a TCP/IP Stack?
It is at the Top of the TCP/IP Protocol Stack.
It defines the language used by the client and server applications to communicate.
What is the Transport Layer in an TCP/IP stack?
Responsible for Network communication between processes, using port numbers as addresses.
- Disseminates large data into smaller packets ready for transmission.
- Reassembles packets into original data on destination hosts.
How does the Transport Layer in a TCP/IP stack work?
It disseminates large data into smaller packets ready for transmission.
Reassembles packets into original data on destination hosts.
What is a Network Layer in a TCP/IP stack?
Responsible for routing packets across the internet from source to host destination.
- Specifies the source and destination IP addresses in the packets.
How does a Network Layer in TCP/IP stack work?
Specifies the source and destination IP addresses in the packets.
What is the Link Layer in a TCP/IP stack?
It is responsible for communications between adjacent devices on the same network.
- Using MAC adresses
What policy/strategy has the DoD outlined to mitigate risks in IoT and cyberspace at large?
The Five Strategic Goals
What is a protocol, generally for computer networks?
An agreement about communication.
A complete specification of what things can be said, what responses can and must be made; and what these things mean.
What is the protocol behind the web, and what does it govern?
HTTP
It governs the interaction between web servers and web clients (browsers)
In the TCP/IP stack, what are two important features about the layers?
1.) Each layer has a concrete, well defined role. (The service it provides)
2.) Each layer only needs to know how to interact with the layers directly above and directly below it.
What is the order of the TCP/IP Stack?
Application Layer
Transport Layer
Network Layer
Link Layer
Physical Layer
What does the TCP/IP Stack look like?
What is a Packet?
A unit of data transmitted on a network, consisting of a piece of the original message, plus addressing information.
A message is disassembled into packets by the originating host, which are transmitted through possibly differing routes to the destination, which then re-assembles the packets into the message.
What are some example protocols which work in the Application Layer?
HTTP
DNS
SSH
DHCP
What is the Physical Layer in the TCP/IP Stack?
It is responsible for transmitting/receiving data as bits on the physical network medium.
Can be wired or wireless.
How does the Physical Layer in the TCP/IP Stack work?
The copper wires, fiber optic cables, radio waves, or wireless networks that data is transmitted/received on as bits.
What are some drawbacks to using a wireless physical layer in your TCP/IP stack?
Anyone within range of the network can monitor it. (Privacy)
Cannot effectively restrict "snooping" (Listening to radio traffic)
How do you mitigate concerns about a Wireless network?
Use Wireless Encryption.
- WEP
- WPA
- WPA 2
Require a key to decode.
What is the order of the Wireless Encryption techniques from oldest/weakest to newest/strongest?
WEP - 40 bit key
WPA - 128 bit key
WPA 2 - 256 bit key
How does the Application Layer of the TCP/IP Stack work in summary?
Deals with the processes that PROVIDE SERVICE DIRECTLY TO USERS
(web, video-conferencing, file sharing).
How does the Transport Layer of the TCP/IP Stack work in summary?
PACKAGES DATA FOR TRANSFER from a process on Host A to a process on Host B.
TCP
UDP
How does the Network Layer of the TCP/IP Stack work in summary?
GETS PACKETS FROM HOST A TO HOST B by specifying the source and destination IP address.
What does HTTP stand for?
HyperText Transfer Protocol
What does HTTPS stand for?
Hyper Text Transfer Protocol Secure
What does HTTP do?
HyperText Transfer Protocol
Facilitates the transfer of information on web pages.
Where does HTTP operate?
HyperText Transfer Protocol
Operates completely in the Application Layer.
What does HTTPS do?
HyperText Transfer Protocol Secure
An encrypted version of HTTP
How does HTTPS work?
HyperText Transfer Protocol
- Sets up a "sublayer" to encrypt data before it gets passed to the Transport Layer
- Receiving Host must pass authentication to decrypt.
It does not make it any harder to steal the data.
Rather its like forcing criminals to steal guns while they are still locked in safes.
What is an SSH (Secure Shell)?
SSH (Secure SHell) is an Application Layer protocol that uses public-key cryptography to secure data transmission on a network.
What is a Domain Name?
A string identifying one or more IP addresses as belonging to a single entity.
- Must be registered in DNS
- www.google.com
What is the Domain Name System? (DNS)
An "Application Layer" Protocol used to resolve a Domain Name to an IP address.
- "Phone Book" for the internet
What does SSH (Secure Shell) allow for?
SSH allows secure, remote command shell access. In this setting, secure means preserving confidentiality and authentication. Nobody snooping on the network traffic can read off your password or other information that gets sent back and forth during the session.
What is DNS Cache Poisoning?
An attack which makes a DNS server cache wrong information.
Redirects you.
What is the danger of DNS Cache Poisoning?
Can map a website name to a malicious IP Address
What is Spoofing (DNS)?
Answering a DNS request that was intended for another server.
What is the goal of both Spoofing and DNS Cache Poisoning?
In both cases, the goal is "client misdirection"
What is the "World-Wide Web" (Web)
Vast collection of "servers" and "clients" communicating over the "internet" using HTTP (S)
What is a Client?
An application or host makes use of a service from a server.
What is a Web Client?
Requests and renders (displays) information from a web server using the HTTP protocol.
- Primary interface for the client is the web browser
What is the primary interface for a Web Client?
Web Browser
What is a Server?
A responding application or host that provides the information sought by a client.
What is a Web Server?
Any information system that serves web pages and other content to a Web Client via HTTP and/or HTTPS
What does URL stand for?
Uniform Resource Locator
What is a Uniform Resource Locator (URL)?
Reference to a web resource that specifies its location on a computer network.
"Web address"
What three things does a Uniform-Resource-Locator (URL) specify?
The "Protocol"
The server
File path
What is the "Protocol" part of a URL?
Specifies the language and guidelines for communication between the browser and server
- Most Browsers support several Protocols.
- HTTP, HTTPS, FTP, File
What kinds of Protocols do most browsers support?
Several Protocols.
HTTP, HTTPS, FTP, File
What is the Server part of a URL?
The Domain Name of the web server that the client is trying to reach.
•Domain names correlate to the IP addresses of specific servers as registered in DNS
•One domain can have many servers (Amazon) or one server can support many domains
What is the File System part of a URL?
The path specifying a file's location on that server.
•Web servers has hierarchical structure of files
-Similar to a directory on PC
How do communications work on Hyper-Text-Transfer Protocol (HTTP)?
A series of requests and responses enabling the transfer of files between web clients and servers,
Communications are initiated by the client.
- Your browser makes a request to a remote server On Your
Behalf.
What does HTML stand for?
Hyper-Text Markup Language
What is Hyper-Text Markup Language (HTML)
Standard language used to create web pages.
HTML code may be very simple . . .
. . . Or very complex embedded with numerous scripts.
What is a Static Web Page?
A simple web page.
It will render HTML code exactly s it is stored on the server.
It will render HTML code the same way regardless of who visits it.
Browser receives HTML code in plain text. . .
. . . Then renders it into a visible webpage as instructed.
How many steps are there in a Client-Server Interaction?
6
What are the six steps of "Client-Server Interaction"?
(1.) Browser contacts the server at usna.edu, and sends a GET request to receive the file SamplePage.html from the location CyberDept/si110/
(2.) -a- The server retrieves the file SamplePage.html from its hard drive and sends it
-b- The server retrieves the file SamplePage.html from its hard drive and sends it to the browser
(3.) -a- The browser receives the file SamplePage.html and looks through it.
-b- It sees that it needs the image SleepyFace.jpg to render the page correctly.
(4.) The browser sends another GET request for the image SleepyFace.jpg
(5.) The server retrieves the file SleepyFace.jpg from its hard drive and sends it to the browser
(6.) The browser sees that it has everything it needs to render the image, and does
What is the first step in the Client-Server Interaction?
(1.) Browser contacts the server at usna.edu, and sends a GET request to receive the file SamplePage.html from the location CyberDept/si110/
What is the second system in the Client-Server interaction?
(2.) -a- The server retrieves the file SamplePage.html from its hard drive and sends it
-b- The server retrieves the file SamplePage.html from its hard drive and sends it to the browser
What is the third step in the Client Server Interaction?
(3.) -a- The browser receives the file SamplePage.html and looks through it.
-b- It sees that it needs the image SleepyFace.jpg to render the page correctly.
What is the Fourth step in the Client-Server Interaction?
(4.) The browser sends another GET request for the image SleepyFace.jpg
What is the Fifth step in the Client-Server Interaction?
(5.) The server retrieves the file SleepyFace.jpg from its hard drive and sends it to the browser
What is the Sixth Step of the Client-Server Interaction?
(6.) The browser sees that it has everything it needs to render the image, and does
What do Secure Shells (SSH) enable?
Secure, remote command shell access. In this setting secure means preserving "confidentiality" and authentication.
Nobody snooping on the network traffic can read off your password or other information that gets sent back and forth during the session.
What are Dynamic Web Pages?
can provide a "live" or "interactive" user experience
•Content on the page changes in response to different contexts or conditions
•Require scripts, executable applications embedded within the code, to get dynamic effects
What is Scripting?
A way to get dynamic effects
What are the two main types of Scripting?
1.) Client Side Scripting: Code is executed in the client machine
2.) Server-Side Scripting: Code is executed on the server
What are Client-Side Scripts?
Code generates content on client in response to user input or at specified timing events
How are Client-Side Scripts written?
In a "scripting language" which can be embedded in HTML, like JavaScript
- Can be disabled in most browsers, at a cost in functionality
Does the Client or Server machine assume greater security risk in Client-Side Scripts?
The Client Machine assumes greater security risk
Does the Client or Server machine use more computing resources in Client-Side Scripts?
The Client Machine
Describe Client-Side Scripting?
Client-side scripting is changing interface behaviors within a specific web page in response to mouse or keyboard actions, or at specified timing events. In this case, the dynamic behavior occurs within the presentation. The Client-side content is generated on the user's local computer system.
What are Server-Side Scripts?
They are controlled by an "application server" which can run more-robust applications.
Data processed on server must transfer back across the network.
Does the Client or Server machine assume greater security risk in Server-Side Scripts?
The Server assumes greater security risk
Does the Client or Server machine use more computing resources in Server-Side Scripts?
The Server uses more CPU processing resources
Do Client-Side Scripts require network communications to change what's on the web page?
No
How does risk work in Client-Side/Server-Side Scripts?
Allowing code to execute in response to user input (or other events, like a timer going off) could pose a security risk. In client-side scripting the one visiting the website incurs risk. In server-side scripting the organization hosting the website incurs risk.
What is HTML email?
Most email clients will allow you to write and read emails with HTML formatting, not just plain text.
Combining this with JavaScript allows for some evil possibilities.
IE HTML can automatically send you to the page of our choosing, no clicks required.
If an e-mail client executes JavaScript embedded in an HTML-formatted e-mail sends the machine's browser to a site of our choosing.
What can be hidden in an HTML email?
Misleading Links (Pshishing Scams)
Embedded Scripts
(Direct the client to a website clicking on a link)
What is Authentication with respect to Sessions?
The ability to verify the identity of an individual or entity
What is a Session?
After logging-in to a site, browsers keep users logged-on, by establishing a session.
Maintained state of authentication.
What is the benefit of a Session?
Prevents the hassle of signing in after each mouse click on a site
What is a risk of a Session?
Can pose a risk if the security credentials are stored improperly.
What is a Session Cookie?
A Temporary data file created by the server host and stored on the client PC.
The duration of the cookie is defined by the sever, but Session Cookies will usually be deleted once the browser is closed.
What are the security risks of a Session Cookie?
A hacker can steal your login information from the cookie.
"Hijack" your authenticated state for their own use
What is a Persistent Cookie?
Temporary file created by the server and stored on the client.
Usually lasts for a predetermined amount of time, even through PC restarts.
Generally do not store login credentials.
- Generally store Tracking Data that will identify your machine to the server.
What is the practical relationship between Session Cookies and Persistent Cookies.
If you log in to your account on an online retailer's site that uses session cookies, you should be able to visit any page within the domain, adding new items to your cart. For as long as you have the browser open, or the cookie is terminated for another reason such as logging out, or idle time.
If you close your browser and open it back up in a few days to revisit the online retailer. It will likely show you products that you've visited in the past. Your browsing history is stored in a persistent cookie.
What is a Session Key?
A random string that serves as authentication for a specific session.
Where and how is a Session Key generated and stored?
A Session key is generated on a server after verifying user credentials, and stored as a cookie on client host.
What is a risk of a Session Key?
It can still be hijacked to duplicate a user's authenticated state, but only for a single session.
What is a benefit of a Session Key?
No permanently compromising data is stored within the cookie.
What is the Web-Versus the Internet?
The Internet includes all the infrastructure and protocols through which browsers and web servers communicate, and much more.
E-Mail, Voice-Over IP Calls, File Sharing, Remote Logins
What is in the Web?
The Web is just web-servers, web-clients, HTTP and HTTPS protocols.
What is the Web Versus Internet Diagram look like?
How do Web Clients typically request information?
From web servers via a web browser.
How do servers and Web Servers operate
A server is the responding host who provides whatever information the client is looking for.
That's what a server is: any application that provides a service to a client.
In the context of the web, a web server is any information system (hardware, OS, and software) that serves web pages and other content to a web client via HTTP or HTTPS.
What are some examples of some Top-Level Domains (TLDs)
.com
.org
.edu
etc
What is Cyber-Security?
The ongoing ability for an information system to provide is services while maintaining the integrity of the Cyber Security Pillars.
How does US Fleet Cyber Command define a Cyber Attack?
A hostile act using computers, electronic information and/or digital networks that is intended to manipulate, steal, disrupt, deny, degrade or destroy critical systems, assets, and information or functions.
If I want to steal a file, which Pillar of Cyber Security have I violated?
Confidentiality
If I want to deface a web page, which Pillar of Cyber Security have I violated?
Integrity
If I want to bring down a DNS server, which Pillar of Cyber Security have I violated?
Availability
If I want to send a malicious e-mail from someone else's account, which Pillar of Cyber Security have I violated?
Non-Repudiation
If I want to steal login credentials, which Pillar of Cyber Security have I violated?
Authentication
What must a Cyber Attack overcome in order to be effective?
Three Concentric Barriers.
1.) Network Barrier (Outermost)
2.) Host Barrier (Middle)
3.) Privilege Barrier (Privilege)
What is the Outermost barrier of Cyber Security?
Network Barrier
What is the Middle Barrier of Cyber Security?
Host Barrier
What is the Inside most Barrier of Cyber Security?
Privilege Barrier
What are the three Concentric Barriers of Cyber Security?
1.) Network Barrier (Outermost)
2.) Host Barrier (Middle)
3.) Privilege Barrier (Inside)
What is the Network Barrier of Cyber Security?
This is the barrier between the Internet at large and the target's host network.
Normally protected by a perimeter Firewall
What is a Firewall?
A device or program designed to filter network traffic in order to control access to services.
- Used on the Network Barrier (Outer)
What is the Host Barrier of Cyber Security?
This is the barrier between the Target Host and the Target Host's Network.
Usually protected by a combination of Authentication (Access Credentials) and a Host-Based Firewall application
In what circumstance is the Host-based Firewall especially important?
If the Host is a server, since it helps restrict which ports are open.
What is the Privilege Barrier of Cyber Security
Separates unprivileged users from privileged users on the host computer
SuperUser/Admin Accounts
How would a hacker overcome a Privilege Barrier?
Password Cracking tools to access an Administrator Account or "privilege" escalation malware attacks.
What are barrier gaps?
Ports allowed through by the Firewall are like the gaps in the barriers
What is a Port?
And Endpoint communication for an OS specified by the protocol
How can you manipulate Barrier Gaps/Ports in Cyber Security?
Pivot Attacks.
Go from one host to another (more accessible/vulnerable to another)
What is Port 80 Traffic?
HTTP
What are the Three Phases of a Cyber Attack?
1.) Reconnaissance:
2.) Infiltration and Maneuver:
3.) Exfiltrate & Maintaining Access:
What is a simple explanation of the Reconnasissance phase of a Cyber Attack?
In this phase, the attacker finds out the information he needs to actually get in: what traffic the firewall lets through, what hosts are in the network, what services they actually have running, etc.
IE:
firewall lets in port 80
traffic, that there's this other host running a web server, that the target has an SSH server, etc.
What four types of Information do attackers look for in the Reconnaissance Phase of a Cyber Attack?
Network Information
- IP Address
- Domain names
- Network Typology (arrangement of elements)
and
Host Information
- User Names
- Group Names
- Architecture Type
and
Security
Policies
- Password Complexity Requirements
- Password Change Requirements
- Firewalls
-Intrusion Detection Systems
and
Human Information
- Home address, phone number
- Frequent Hangouts (Online/Real)
- Computer Knowledge
- Hobbies/Interests
What is a goal of the Reconnaissance Phase of a Cyber Attack?
The goal of the reconnaissance phase is to identify weak points of the target. A successful military strategist would dedicate ample resources on reconnaissance to find weaknesses in the enemy's defenses or to assess the enemy's capabilities.
What pieces of information about Network Information are of interest during the Reconnaissance Phase of a Cyber Attack?
IP Address
Domain Names
Network Typology (Arrangement of Elements)
What pieces of information about Host Information are of interest during the Reconnaissance Phase of a Cyber Attack?
User Names
Group Names
Architecture Type
What pieces of information about Security Policies are of interest during the Reconnaissance Phase of a Cyber Attack?
Password Complexity Requirements
Password Change Requirements
Firewalls
Intrusion Detection Systems
What pieces of information about Human Information are of interest during the Reconnaissance Phase of a Cyber Attack?
Home address, phone number
Frequent Hangouts (Real/Online)
Computer Knowledge
Hobbies/Interests
What are the two methods of Reconnaissance in a Cyber Attack?
Passive
Active
What is Passive Reconnaissance in a Cyber Attack?
Gathering Information, often indirectly, in a manner unlikely to alert the subject of the surveillance
What is Active Reconnaissance in a Cyber Attack?
Gathering information while interacting with the subject directly, in a way that usually can be discovered.
What is the natural start to any Reconnaissance Mission?
Passive Reconnaissance in which the attacker minimizes any interaction with the target network which may raise flags in the computer logs
What are some methods for Passive Reconnaissance?
Many sources of public information for an attacker to gain network insight
--- View HTML
--- Public Network Information
How can attacker use Google as a Passive Reconnaissance Method?
Attackers can find helpful information by googling their target; company information, social media.
How can attacker view HTML as a Passive Reconnaissance Method?
Attackers scan source code in a browser to look for vulnerabilities.
How can attacker use Public Network Information as a Passive Reconnaissance Method?
Attackers can query Domain Name System servers for a target website's network information and the person who registered it.
What is Scanning with respect to Active Reconnaissance?
An Active Reconnaissance Procedure for identifying active hosts on a network, either for attacking them or assessing security.
Is Scanning more or less intrusive than Passive Reconnaissance?
It is more intrusive but it provides more useful information.
- IP Address ranges
- Open Ports
What extra useful information can Scanning provide relative to Passive Reconnaissance?
IP Address Ranges
Open Ports
What is a drawback to Scanning?
Scanning creates a greater risk that an attacker will alert his target.
How can Scanning create a greater risk that an attacker will alert his target?
Attacker leaves more evidence
Target may increase security measures
What are three methods of Active Reconnaissance?
Ping
Port Scanning
Traceroute
How does Pinging work as a method of Active Reconnaissance?
It transmits small packets to one or more specified IP addresses and receives a response.
- Allows attacker to see which hosts are connected to a network.
How does Port Scanning work as a method of Active Reconnaissance?
An application designed to probe a server or host for open ports.
- Allows attackers to see which services are running on a host so he can exploit vulnerabilities
How does Traceroute work as a method of Active Reconnaissance?
Determines all of the intermediate hosts (routers) between the originator and specified destination.
- Allows hacker to identify the physical layout of networks.
What does Pinging allow the attacker in Active Reconnaissance do?
Allows the attacker to see which hosts are connected to a network
What does Port Scanning allow the attacker in Active Reconnaissance to do?
Allows the attackers to see which services are running on a host so they can exploit vulnerablities
What do Traceroutes allow the attacker in Active Reconnaissance do?
Allows the hacker to identify the physical layout of networks
What are Digital Forensics?
Scientifically reconstructing a sequence of digital events involving computers and information systems
What is Locard's Exchange Principle?
In the commission of a crime, a perpetrator leaves something behind and takes something with him
What is an Event Log?
A special file that records significant events on a computer.
- Most events that happen to a host from an external soource are tracked on an event log
Are event logs tracked on servers and clients as well?
Yes, but for many OSs, you need Administrator credentials to access the event logs.
What are some examples of events that servers normally record as an event log?
User login attempts: Whether successful or not
Applications Executed: This includes applications that were supposed to run (server-side scripts) or scripts that an attacker injected into a remote host
Requests to the server: Pings, Ports Scanned, and Traceroute
Is information stored locally in addition to leaving evidence on remote servers?
Yes.
Cookies with information about websites we've visited
Browser cache: a record of the browser's activity
What is a System Registry?
A locally stored database of settings and application records
What does the System Registry store?
Recently accessed files
Networks visited
What is Malware?
Malicious software that violates one of the Pillars of Cyber Security
- Different than network attacks because the victim generally installs or enables the malware inadvertently.
How is malware different than network attacks?
- Different than network attacks because the victim generally installs or enables the malware inadvertently.
How is malware categorized?
Categorized by delivery method
Virus
Worms
Trojan
What are the three categories of Malware?
Virus
Worms
Trojan
What is a Computer Virus?
A program that can replicate itself and infect a computer without user permission or knowledge.
Viruses attach to other files on a computer (usually executables)
Cannot spread past one computer without some human act assisting
Where do Computer Viruses live?
The attach themselves to other files on a computer (usually executables)
How do Computer Viruses spread from one computer to another?
Cannot spread past one computer without some human act assisting
What are some different types of Computer Viruses?
Macro
Cross-Site Scripting (XSS)
Program Virus
Boot Sector Vrius
Worm
Trojan Horse
What is a Macro Virus?
A Virus written into a Macro language for a separate application and embedded in non-executable files
- Virus Program is executed on file is opened
- MS Word Doc
How can a Macro Virus work in a Microsoft Word Document?
A Macro embedded into a word document is executed when the document is opened.
Sends itself as an attachment to 50 different emails to propogate itself.
What is a Cross-Site Scripting Virus (XSS)?
An up and coming virus type executed by your web browser.
- A security vulnerability that can embed malicious code into webpages.
- Virus may be run just by visiting website
Which Virus type injects a Client-Side Script?
Cross-Site Scripting (XSS) Virus
What do Cross-Site Scripting Viruses inject?
Client-Side Scripts
What is the most common internet security vulnerability?
Cross-Site Scripting (XSS) Viruses
What is a Program Virus?
This is the most traditional virus, a stand-alone executable program attached to some other file (which usually looks benign)
What is a Boot Sector Virus?
A Virus that starts every time a computer boots.
This can be mitigated by setting this area on the disk to read-only, so that only the Administrator can override.
What is a Worm virus type?
A Self-Replication, self-propagating program that uses networking mechanisms to spread itself.
- Can spread across a network without user assistance.
- Scans the surrounding network and then exploits vulnerabilities
How is a Worm Virus different from most Viruses and Tojans?
It can spread across a network without any help from the user.
What is the effect of Worm Viruses scanning networks and exploiting vulnerabilities?
By scanning networks and exploiting vulnerabilities in the host operating systems or services via an open port and then transfers itself to the new host.
What are two famous examples of Worm Viruses?
Morris Worm
Conficker
What is a Trojan Horse?
A program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms sometimes exploiting legitimate authorizations of a system entity that invoked the program.
How do Trojan Horses differ from Viruses
The don't try to propagate or replicate themselves or send themselves to other machines.
What are three general effects of Malware?
1.) Data can become comprised
2.) Attacker can take administrative control, remotely
3.) Confidentiality Breach
How can Malware compromise data?
It can be
Lost
Stolen
Modified
How can Malware enable attackers to take administrative control remotely?
- Zombie (Host that's owned by a bad guys) (gives it commands)
-Spam, DDoS Attacks
- Backdoors: Secret portals used to gain illicit access
What can a Zombie Attack from malware enable?
Remotely controlling countless computers to preform spam or DDoS attacks without their knowing
How can Malware create confidentiality breaches?
Keyloggers
What are keyloggers?
Installable malware programs that violate confidentiality.
Capture what you type on the keyboard or see on your screen.
Can turn on your computer's web cam.
What is Spyware?
Form of malware.
Software that is secretly installed onto a computer with the express intent of gathering information without the user's knowledge.
What is Spyware commonly associated with?
Identity Theft
What information might a Spyware program steal?
Executable Programs, not tracking programs
What is Adware?
Software that automatically displays advertisements to the user
What are some examples of Adware?
Pop-Ups
Browser Hijackers
Why do attackers use Adware?
To generate revenue
Can adware be embedded with Spyware?
Yes
What are Two DoD Malware attacks?
2008: Buckshot Yankee
2015: OPM Hack
What was the Buckshot Yankee attack in 2008?
Auto-running executable from a USB drive inserted into a computer on CENTCOM's network
Worm spread undetected; foreign servers had unrestricted access to data
14 months to clean the worm from DoD Networks
What was the OPM Hack in 2015?
Attackers infiltrated OPM server's through social engineering and installed malware to establish backdoors
Attackers had administrator access to OPM records for nearly a year
Data breach exposed sensitive PII of up to 20 million DoD worker
What is a potential risk the US Navy has due to malware attacks for the Confidentiality Pillar of Cyber Security?
Information about force movement; mission plans; blueprints of weapons systems, personnel information
What is a potential risk the US Navy has due to malware attacks for the Integrity Pillar of Cyber Security?
Hackers could inject a code into a weapons system to modify its intended behavior;
Intercept friendly communications and relay incorrect information
What is a potential risk the US Navy has due to malware attacks for the Availability Pillar of Cyber Security?
Disable major command and control systems
What is a potential risk the US Navy has due to malware attacks for the Non-Repudiation Pillar of Cyber Security?
Someone within the DoD supplying forwarding information to the enemy and modifying the IT systems to cover his tracks
What is a potential risk the US Navy has due to malware attacks for the Authentication Pillar of Cyber Security?
An attacker uses stolen credentials to access classified information; Can relay orders on behalf on an unknowing party
The DoD Cyber Strategy: Strategic Goal IV
If directed, DoD should be able to use cyber operations to disrupt and advesary's command and control networks, military related critical infrastructure and weapons capabilities.
USN Fleet Cyber Command Statement
Must raise the level of understanding and confidence in cyber effects. Mature our delivery process, reliable and promptly establish unambiguous cyber command and control
What are some possible cyber attacks that could be carried out at the state level?
Compromised counterfeit computer software
Computer viruses and worms
Cyber data collection exploits
Computer and metwork reconnaissance tools
Exploitation of unreported software vulnerabilities (zero-day)
Self-encrypting/decrypting of malicious code
External disruptions of wireless networks
Electronic circuit destruction
What is an example of the US conducting an offensive Cyber Attack?
2016 Cyber Attack against ISIS
Describe the 2016 Cyber Attack against ISIS?
Computer network attacks used in conjunction with more traditional weapons
Meant to disrupt ISIS' ability to communicate covertly and spread their message
Manipulating ISIS data, causing commanders to question integrity of messages
What is a Denial of Service (DOS) Attack?
At attempt to make a machine or network resource unavailable for its intended use.
Attacks Availability Pillar
DoS Attacks overwhelm servers with requests rendering them temporarily or permanently unable to function correctly.
What Pillar of Cyber Security is attacked in A Denial of Service (DoS) Attack?
Availability
How does a Denial of Service (Dos) Attack work?
DoS attacks overwhelm servers with requests which render them temporarily or permanently unable to function correctly
What is a Distributed Denial of Service (DDoS) Attack?
A Denial of Service (DoS) attack in which a multitude of compromised systems attack a single target.
What is a Botnet?
A Group of zombie computers co-opted by a malicious actor
What is Cryptography?
The study and practice of hiding information.
What are the three fundamental areas of Cryptography?
1.) Encryption
2.) Hashing
3.) Steganography
Generally, what is Encryption as a fundamental area of cryptography?
Scrambling a message in such a way that only the intended recipient unscramble it.
Generally, what is Hashing as a fundamental area of cryptography?
Assigning a fixed-length numerical value to an arbitrarily-sized string of data to verify the data's integrity (more on this later)
Generally, what is Steganography as a fundamental area of cryptography?
Disguising a message as something else altogether
How does Cryptography protect the Confidentiality pillar of Cyber Security?
Encryption
Steganography
How does Cryptography protect the Integrity pillar of Cyber Security?
Hashing
How does Cryptography protect the Authentication pillar of Cyber Security?
Encryption
How does Cryptography protect the Non-Repudiation pillar of Cyber Security?
Encryption, hashing
How does Encryption work?
It does not prevent interception, but instead denies the message content to the interceptor.
Original message (plaintext) is encrypted using some type of algorithm to generate (ciphertext).
In order to (decrypt) the message, the recipient Must Have the Encryption Key
In order to decrypt and encrypted message, the recipient must have...
The encryption key
What is an example of Symmetric Encryption?
Caesar Shift
What is Symmetric (Secret Key) Encryption?
Both the sender and the receiver must know the key ahead of time.
What is a Caesar Shift?
You shift the key to encrypt it.
How does Symmetric Encryption work?
symmetric encryption (also called secret-key), where there is a secret key agreed upon by both sender and receiver ahead of time.
What are some limitations of Symmetric Encryption?
In order for two parties to communicate securely, they need to agree on a secret key
In order to agree on a key, they need to communicate securely.
In order to communicate securely, they need to agree on a secret key.
Chicken-Egg Problem
What is Asymmetric Encryption?
Uses two separate keys (one public and one private) to encrypt and decrypt data.
How many keys are in Asymmetric Encryption?
Two Keys each
Private Key: Used to decrypt and sign, closely guarded
Public Key: Used for encryption or signature verification, shared with the world.
Four total (2 each)
What is a Private Key?
Used to Decrypt and Sign, closely guarded.
What is a Public Key?
Used for encryption or signature verification, shared with the world.
What are the Three Fundamental Points of Public-Key Encryption?
1.) Either key can be used to encrypt or decrypt, but they Only Work in Pairs.
2.) A message encrypted with a certain public key can "only be decrypted with the corresponding private key", and vice versa
3.) "Public keys can be shared openly" alleviating the limitations of symmetric encryption
What is an example of Encrypted Communications (Asymmetric)
Alice Encrypts her message with Bob's public key.
Bob decrypts the message with his private key.
Because Alice encrypted the message with Bob's public key, only Bob's private key can decrypt the message.
Although Bob can read the message, how does he know it came from Alice because anyone can use Bob's public key since its freely available.
Confidentiality but no Authentication
What is an Example of Authenticated Communications (Asymmetric)
Alice encrypts her message with her private key.
Bob decrypts the message with Alice's public key.
If the message correctly decrypts with Alice's public key, Bob knows that the message could have only been encrypted by someone possessing Alice's private key.
This means Bob can authenticate that the message must have been sent by Alice.
However, anyone who has Alice's public key could decrypt the message just like Bob meaning that Confidentiality is lost.
What is an example of Asymmetric Encryption that solves that preserves Confidentiality and is Authentic?
Alice encrypts the message first with her Private key.
She then encrypts it with Bob's public key.
Bob then decrypts the message with private key.
Then he decrypts the message with Alice's public key.
How are login credentials usually sent over the internet?
Encrypted
HTTPS
Are passwords or keys meant to be generated and remembered by humans?
Passwords
How are passwords normally stored?
They are not stored as "plaintext" on remote servers.
They are usually hashed.
What is a Hash Function?
A Mathematical algorithm that takes data of any size and assigns it a fixed-length numerical value to verify the data's integrity.
What is a Hashing example of the password GoNavy
and
Gonavy
$2a$10$6aOmc.wbz4yt/czCGvFrIu6UYrngif1B1rwVmzJxV0YzyIxMi6qA
$2a$10$i0GOBtbnozTmH1efWka2FezCsxlgaoeiEjnTYsfn6zrLTpx1XyLzy
Spelling error leaves same first five but different following sequence
What are the two keys to Hashing?
Consistency in the output and very unique results
Why would an attacker perform an online password attack?
When an attacker does not possess hash file, but tries many attempts at logging on.
Trial and error
- Common passwords
- Easily guessable
- Attacker must guess from a narrowed list
Why are online password attacks not ideal?
Most systems have security systems built in to minimize unsuccessful logins.
- Logs
- Throttling
- Disabling Accounts
Explain Offline Password Attacks
Attacker has stolen the hashed password file
Doesn't have to log on to a real system to check whether he's found a password.
What are the three basic offline attacks?
1.) brute Force (Try every input of length 1, then 2...)
2.) Dictionary Attacks
3.) Precomputed Attacks (Rainbow Tables)
What are some alternative methods to getting passwords?
Violence and Threats (Cyber or Non-Cyber Threats)
Tickery - Phishing or other types of social engineering
Unchanged Defaults - Some accounts (like router admin) have default passwords that are easily accessible by the public.
Predictable Passwords
Passwords sent in the clear
How to defend against guessing passwords?
Be long: More computational power required to crack it
Be drawn from a large/diverse character set (upper case #'s symbols)
Be unusual
Not based on dictionary words
Not based on personal info
Not be reused
Not be default passwords
What does the Risk to information systems depend on?
Both the exploitable vulnerabilities and the impact of successful exploits.
What are the Three Fundamental Principals information systems should be designed with to reduce risk and minimize the exploit of an attack?
1.) Least Privilege
2.) Defense in Depth
3.) Vigilance
What is Least Privilege?
Give users and programs the privileges they need, and no more.
What is an example of Least Privilege?
Only ITs should have superuser accounts.
Hosts that use a particular service should have access to those ports blocked
What is Best Practice?
Remove Unnecessary Accounts and Services
- Every service and account is a potential vulnerability, therefore it is important to remove or disable all non-vital accounts and services
Minimize what Executes with Elevated privileges
- Any process that runs with admin permissions is a potential avenue for an attacker with unprivileged access can exploit to gain
privileged access.
What is Defense in Depth (Castle Defense)
A security concept in which multiple layers of defensive control are placed throughout an IT system
- Provides redundancy in the event one perimeter is breached
What is the Best Practice with respect to Defense in Depth?
Placing additional firewalls between web servers and the internal network to keep ports from getting to the inner network.
Perimeter Network/DMZ
What is Vigilance?
The state of constantly being watchful of potential vulnerabilities and threats
Allows us to recognize intrusions, and take measures to prevent further infiltration
What is the Best Practice for Vigilance?
Keep logs and Actively Monitor them
- System Admins
- Automated Software
Monitor Outbound and Inbound Traffic
- Look for large data transfers
What is a Firewall?
A device or program that filters out network traffic in order to control access to services
Makes determination on whether to forward/filter packets based on an Access Control List (ACL)
Can filter/drop based
on:
IP/MAC address
Port number
Protocol (i.e. UDP/TCP)
What are some Firewall Locations?
Multiple firewalls can be placed at different points within a network.
- Can control access and services to the entire network
- Or to a specific host