# Security - 23 Aug 2022
## Information Security
The protection of available information resources from unauthorized access, attack, theft or data damage.
CIA Triad : Confidentiality, Integrity, Availability.
Confidentiality: Confidentiality involves the efforts of an organization to make sure data is kept secret or private. To accomplish this, access to information must be controlled to prevent the unauthorized sharing of data—whether intentional or accidental.
Intergrity: Integrity involves making sure your data is trustworthy and free from tampering. The integrity of your data is maintained only if the data is authentic, accurate, and reliable.
Availablity: Even if data is kept confidential and its integrity maintained, it is often useless unless it is available to those in the organization and the customers they serve. This means that systems, networks, and applications must be functioning as they should and when they should.
* Resposible individuals and organisations must secure confidential data
* Data in all forms must be protected
* This minimizes business risks and other consequences of losing critical data.
## Identifying Security Fundamentals
* Identify info security concepts
* Identify basic secutiy concepts
* Cryptology
## Goals of Information Security
* Prevention
* various typr of information need protection
* doing so can lessen losses from a security breach.
* preventing unauthorized access to information is top priority
* Detection
* discovering attempts to access unauthorized data or thet info has been lost.
* investigate individuals or scan data and networks for traces of the intruder.
* Recovery
* Disasters and intrusions can cause compromised or damaged data
* you can also recover lost or stolen data
* you need a process to recover data from crashed systems or devices.
## Information Security Life Cycle
Alternate Version
* something about defence in depth
* enabling encryption for protecting the data
## What is file System?
A file system is a process that manages how and where data on a storage disk, typically a hard disk drive (HDD), is stored, accessed and managed. It is a logical disk component that manages a disk's internal operations as it relates to a computer and is abstract to a human user.
Cluster in a file system: A cluster is the smallest logical amount of disk space that can be allocated to hold a file. Storing small files on a filesystem with large clusters will therefore waste disk space; such wasted disk space is called slack space.
* Encryption is managed under file system
types of file systems
* NTFS
* FAT
* exFAT
* and many more
## Some Definitions
RAT : Remote Adminstration Tool
Backdoor: A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems.
Types of viruses:
* worm - samy worm
* ransomware
* spamware
* spyware - pegasus
## Vulnerablities
Any condition that leaves a device open to harm
* improperly configured or install hardware or software
* delays in applying and testing software and firmware architecture
* untested software or firmware patches
* bus in software or communication protocols.
* poorly designed networks
* poor physical security
* insecure passwords
* design flaws in sofware or OSs
* unchecked user input
## Threats
Any event or action that could potentially cause damage to an asset
* Information security threats
* changes to information
* interruption of services
* interruption of access
* damage to hardware
* damage to facilities
## Attacks
A technique used to exploit a vulnerablity in an application or physical computer system without the authorization to do so.
Common Attacks
* physical security attacks
* software based attacks
* social engineering attacks
* web-application based attacks
* network based attacks
## Controls
Countermeasures that you need to put in place to avoid, mitigate or counteract security risks due to threats and attacks.
* Solutions and activities for meeting information security objectives.
* Safeguards & countermeasures, physical or logical.
### Types of controls:
* Prevention
* help to prevent a threat from exposing a vuulnerability
* Detection
* help to discoverif a thereat or vulnerablity has enetered a computer system
* Correction
* help to mitigate the consequences of a threat or attck from adversely affecting a computer system.
## Security Control Categories
* Technical
* Controls implemented in OSs, software, and security appliances
* Operational
* controls that depend on a person for implementation
* Managerial
* controls that give oversight of the system
## Non-repudiation
Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the information.
## Identification
The process by which a claim is made
## Authentcation Factors
* fingerprints, handprints and retinal patterns
* password or pin
* key of Id
## Authorization
the process of determining awhat rights and privileges a particular entity has.
* after indentification and authentication are successful, a system can determine which resources the entity is authorized to access
## Access Control
the process of detemining and assigning to resouces objcts and data.
## Accounting and Auditing
<Strong>Accounting </Strong>: the process of tracking and recording activites and reource access.
<strong>Auditing </strong>: The portion of accounting that entails security professionals examining the logs of what was recorded.
## Principle of Least Privilege
The principle that users and sotware should have the minimal level of access that is necesary for them to perform the duties required of them.
* applies to access to facilites , computer haedware, sofrware and information
* assign only the level of access required to perform the necessary tasks.
## Token
* physical or virtual objects that store authentication indformation examples include smart cards, ID badges and data packers
* can store PINs, user indormation and passwords
* Token vlaues can be generated to respond.
## other protection methods:
* Geolocation
* biometrics
* keystroke authentication
* multifactor authentication
* mutual authentication
* crytography
* key login authentication - kerberos authentication protocol
* Encryption and Decryption
```shell=
cipher <directory>
net user username *
attrib +H +a +r wer // r- read a- append h-hide
ATTRIB [+R | -R] [+A | -A] [+S | -S] [+H | -H] [+O | -O] [+I | -I] [+X | -X] [+P | -P] [+U | -U]
[drive:][path][filename] [/S [/D]] [/L]
+ Sets an attribute.
- Clears an attribute.
R Read-only file attribute.
A Archive file attribute.
S System file attribute.
H Hidden file attribute.
O Offline attribute.
I Not content indexed file attribute.
X No scrub file attribute.
V Integrity attribute.
P Pinned attribute.
U Unpinned attribute.
B SMR Blob attribute.
[drive:][path][filename]
Specifies a file or files for attrib to process.
/S Processes matching files in the current folder
and all subfolders.
/D Processes folders as well.
/L Work on the attributes of the Symbolic Link versus
the target of the Symbolic Link
// cipher
Displays or alters the encryption of directories [files] on NTFS partitions.
CIPHER [/E | /D | /C]
[/S:directory] [/B] [/H] [pathname [...]]
CIPHER /K [/ECC:256|384|521]
CIPHER /R:filename [/SMARTCARD] [/ECC:256|384|521]
CIPHER /P:filename.cer
CIPHER /U [/N]
CIPHER /W:directory
CIPHER /X[:efsfile] [filename]
CIPHER /Y
CIPHER /ADDUSER [/CERTHASH:hash | /CERTFILE:filename | /USER:username]
[/S:directory] [/B] [/H] [pathname [...]]
CIPHER /FLUSHCACHE [/SERVER:servername]
CIPHER /REMOVEUSER /CERTHASH:hash
[/S:directory] [/B] [/H] [pathname [...]]
CIPHER /REKEY [pathname [...]]
/B Abort if an error is encountered. By default, CIPHER continues
executing even if errors are encountered.
/C Displays information on the encrypted file.
/D Decrypts the specified files or directories.
/E Encrypts the specified files or directories. Directories will be
marked so that files added afterward will be encrypted. The
encrypted file could become decrypted when it is modified if the
parent directory is not encrypted. It is recommended that you
encrypt the file and the parent directory.
/H Displays files with the hidden or system attributes. These files
are omitted by default.
/K Creates a new certificate and key for use with EFS. If this
option is chosen, all the other options will be ignored.
Note: By default, /K creates a certificate and key that conform
to current group policy. If ECC is specified, a self-signed
certificate will be created with the supplied key size.
/N This option only works with /U. This will prevent keys being
updated. This is used to find all the encrypted files on the
local drives.
/R Generates an EFS recovery key and certificate, then writes them
to a .PFX file (containing certificate and private key) and a
.CER file (containing only the certificate). An administrator may
add the contents of the .CER to the EFS recovery policy to create
the recovery key for users, and import the .PFX to recover
individual files. If SMARTCARD is specified, then writes the
recovery key and certificate to a smart card. A .CER file is
generated (containing only the certificate). No .PFX file is
generated.
Note: By default, /R creates an 2048-bit RSA recovery key and
certificate. If ECC is specified, it must be followed by a
key size of 256, 384, or 521.
/P Creates a base64-encoded recovery-policy blob from the passed-in
certificate. This blob can be used to set DRA policy for
MDM deployments.
/S Performs the specified operation on the given directory and all
files and subdirectories within it.
/U Tries to touch all the encrypted files on local drives. This will
update user's file encryption key or recovery keys to the current
ones if they are changed. This option does not work with other
options except /N.
/W Removes data from available unused disk space on the entire
volume. If this option is chosen, all other options are ignored.
The directory specified can be anywhere in a local volume. If it
is a mount point or points to a directory in another volume, the
data on that volume will be removed.
/X Backup EFS certificate and keys into file filename. If efsfile is
provided, the current user's certificate(s) used to encrypt the
file will be backed up. Otherwise, the user's current EFS
certificate and keys will be backed up.
/Y Displays your current EFS certificate thumbprint on the local PC.
/ADDUSER Adds a user to the specified encrypted file(s). If CERTHASH is
provided, cipher will search for a certificate with this SHA1
hash. If CERTFILE is provided, cipher will extract the
certificate from the file. If USER is provided, cipher will
try to locate the user's certificate in Active Directory Domain
Services.
/FLUSHCACHE
Clears the calling user's EFS key cache on the specified server.
If servername is not provided, cipher clears the user's key cache
on the local machine.
/REKEY Updates the specified encrypted file(s) to use the configured
EFS current key.
/REMOVEUSER
Removes a user from the specified file(s). CERTHASH must be the
SHA1 hash of the certificate to remove.
directory A directory path.
filename A filename without extensions.
pathname Specifies a pattern, file or directory.
efsfile An encrypted file path.
Used without parameters, CIPHER displays the encryption state of the
current directory and any files it contains. You may use multiple directory
names and wildcards. You must put spaces between multiple parameters.
```
## Stream and Block Ciphers
* Stream Ciphers
* encrypt and decrypt each bit/byte at a time.
* must be used with an initialization vector (IV) RC4.
* Block ciphers
* treat data as equal size blcks using padding if necesscary
* advanced encryption standards (AES/AES256)
* Key Length
* range of key values is the keyspace
* longer key bit lenght means a larger keyspace
* strength of key of any given length varies between ciphers.
## A Key
A specific piece of information that is used in conjuction with an algorithm to perform encryption & decryption.
* differnet keys produce different cipher text
* for each algorithm, longer keys provide stronger encryption
* static & ephemeral keys
## Symmetric Encryption
Two way encryption scheme in which encryption and decrytiopn are both performed by the same key (shared key encryption).
* Hardware keys & software keys
* Common alternate names:
*
* Before encrypted communications
## Asymmetric Encryption
Asymmertirc encrytion
[Resource](https://www.geeksforgeeks.org/difference-between-symmetric-and-asymmetric-key-encryption/)
## What is RSA algorithm?
[Resource](https://www.geeksforgeeks.org/rsa-algorithm-cryptography/#:~:text=RSA%20algorithm%20is%20asymmetric%20cryptography,Private%20key%20is%20kept%20private.)
## Digital Certificates
* wrapper for a public key to associate it with a digital id.
* identity assertion is validated by a certificate authority (CA) by signing the certificate.
* both parties must trust the CA
* referred to as public key infrastructure
## Certificate Authority Server
<strong> CRL - certified revockation list</strong>
* IPsec protocol
*
## Hashing
Hashing: A process or function that transforms plaintext to cipphertext that can't be directly decrypted.
Hash, hashvalue or message digest: The value that results from hashing encryption
* ised in several password authentication achemes
* used in digital signatures
* used for verifying file intergrity
Message --> HASH function --> Digest
## Steganography
An alternative encryption technique that hides a secret message by enclosing it in an ordinary message.
* hides content and its existence.
* information is embedded in text or image
## Identifying Security Threats
## Hackers and Attackers
different types:
* white - good guys
* grey - not so good
* black - bad guys
## Threat Actors
An entity that is particularly or wholly resposible
* script kiddie
* hacktivist
* Insider
* cinpetitiers
## types of attacks
* Social Engineering
* Pretending to be some else to gain access to information. Any actiivty where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
* Phishing
* A type of email based social engineering in which an attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
* types:
* Spear phising : attackers targets a specific person or organisation
* Whaling : attacking a wealthy target
* pharming: request redirected to a fake site
* Vishing: attacker extracts info while speaking over the phone.
* Smishing: Extracting info by using SMS.
## Watering Hole Attacks
An attack in which an attacker targets specific group, discovers which websites that group frequents, then injects those sites with malware.
## Viruses
* A piece of malicious code that spreads from one computer to another by attachin to other files through a process of self replication
* Can be used to:
* enable additional attacks
* Gather data
* Corrupt or destroy data
## Worms
Malware that spreads from computer to computer without attacking itself to different files
* no human trigger necessary
* just spread, increase payload on the network
## Adware
Software that automatically displays or downloads advertisements when it is used.
* unsolicited advertising
* often as pop ups
* chace of spyware or other malware
## Spyware
intended to track and report the usage of a target system or collect other data the attacker wishes ot obtain
Collected data:
* browser history and cookies
* username and passwords
## Trojan Horse
A type of malware that hides itself on an infected system and can cause damage to a system or give an atacker a platform for mointoring and/or controlling a system.
* not self replicating
* not attcked to other files
* malicious content in a benign package
## Keyloggers
recording keystrokes and sending to remote servers.
## Remote Access Trojans
A spcialised trojan horse that specifically aims to provide an attacker with unauthorized access to or control of a target computer
* can hide in:
* games
* downloaded files
* email attachments
## Logic Bombs
Software that sits dormant on a target computer until it is triggered by occurence of specific conditions, such as specific data and time.
* whent he software is triggered it detonates the logic bomb
* can erase or corrupt the data
## Botnets
A set of computers that has been infected by a control program called a bot that enables attackers to collectively exploit those computers to mount attacks
* used for DOS attacks
* send spam mails
* crypto mining
## RansomWare
lock/take control of the victim computer and ask for money.
## Advance persistent threats (APT)
A threat that uses multiple attack vectors to gain unauthorized access to sensitive resources and then maintains that access for a long period of time.
* malware induced
* cover tracks to remain undetected
## Software Attacks
Any attack that targets software resources, including operating systems,
applications, services, protocols, and files.
## Types of Password Attacks
* Guessing
* user's name
* spouse's name
* Stealing
* sniffing network communications
* reading handwritten password notes
* obseving user in the act of entering a password
* dictionary attacks
* autmoated password guessing
* compares passwords against a list of possible values
* Brute Force Attack
* Use password cracking software
* try every possible alphanumeric combination
* Rainbow Table attack
* using plaintext passwords and their hashes to crack passwords
* hybrid password attacks
* using multiple methods when trying to crack a password
* Birthday attack
* exploit weakmesses in the algorithms used to generate hashes
## Crytographic Attacks
A software attack that exploits weaknesses in cryptographic system
elements, such as code, ciphers, protocols, and key-management
systems
* usually used to decipher encrypted passwords
## Types of Application Attacks
* Cross site scripting
* injects malicious scrips into trusted websites
* scripts to run when a user visits the site
* similar to waternig hole attacks
* XSRF
* take advantage of the trust established between an authorised user of a a webiste and the website itself.
* Command injection attacks
* SQL injection
* LDAP injection
* XML injection
* Directory injection
* Zero Day exploit
* attack that occurs immediately after a vulenrablity ais identified
* the protection level is at its lowest
* Buffer overfow
* exploits ficed data buffer sizes in a target piece of software
* Sends data that is too large for the buffer, causing the application to crash
## Spoofing Attacks
A network based attack where the goal is to pretend to be someone else for the purpose of identity concealment.
* IP address spoofing
* MAC address spoofing
* ARP spoofing
* DNS spoofing
## Port Scanning At
Port: an endpoint of a logical connection that host computers use to connect to processes or services or services on other hosts
Port Scanning Attacks: A netwrok based attack where an attacker scans computers and other devices to see which ports are listening in a n attempt to find a way to gain unauthorized access.
* Scan Types
* Stealth Scan: A type of port scan the identifies open without completing the three way handshakes
* Full connect scan
* banner grabbing: the act of collecting information about netwokrks host by examining text based welcome screens that are sdsiplated by some hosts
## Man in the Middle Attack
A form of eavesdropping where the attacker makes an independent connection between two victims and steals info to use fraudulently
* there are 2 victims either 2 clients or 1 client and 1 server
* attacker controls information flow between victims
* can steal modufy and forward data to victims
## DoS Attacks
you know it man!
## DDoS
Distributed DoS. using computers on disparate networks to attack.
##
## Evil Twins
Unauthorized wireless access pints that deceive users into beliving that they are legitimate network access points.
## Hardening
the security technique of altering a system's confiuration to close vulnerablities and protect the system agains attack
* typically mplemented so systems conform to security policy
* may restrict a system's capablitites
* hardening must be balanced against accessiblity
## Operating System Security
• Each OS has unique vulnerabilities for attackers to exploit.
• Different OS types and OSes from different vendors have their own weaknesses.
• Vendors try to correct vulnerabilities while attackers try to exploit them.
• Stay up-to-date with security info posted by vendors and other references.
• Different types of OSes:
• Network
• Server
• Workstation
• Appliance
• Kiosk
• Mobile
## Security Frameworks
* NIST 800 Series
* NIST publishes numerous documents on many security topics
* the 800 series focuses on computer security
* COBIT 5
* framework for IT management and goveranance
* five guiding prinding principles for organziations to achieve IT management objectives
* ITIL
* comprehensive IT management structure developed in the UK
* ISO/IEC
* something
* something more
## Defence in Depth
A tactic that leveages layered security byt incorporates more comprehensive security startegies.
Sign in with Wallet
Connect another wallet