









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
IBM Cybersecurity Exam preparations__Latest updates...
Typology: Summaries
1 / 17
This page cannot be seen from the preview
Don't miss anything!










Save
NIST National Institute of Standards and Technology CIA Triad Confidentiality, Integrity, Availability
Confidentiality
Similar to or equivalent to privacy. For confidentiality access to resources or data must be restricted to only authorized subjects or entities. Data encryption is a common method of ensuring confidentiality.
Integrity
· Involves maintaining the consistency and accuracy of data over its entire life cycle. Data must not be changed in transit, i.e. when it is sent over the Internet or using a local area network (LAN). And steps must be taken to ensure that no one or an unauthorized person or subject makes any changes to our data, so it cannot be altered by unauthorized person or subject makes any changes to our data, so it cannot be altered by unauthorized people. It is very common to use hash values for data integrity verification, i.e. when you download a new OS from the Internet. One of the first things to do once the download is ready is to compare the hash values that there are provided by the author of the OS and the hash value of the down loaded file. They must match to make sure that the integrity is accurate.
Availability
· Ensuring availability requires maintenance and upgrading of hardware and software and OS environments. So basically, it is about keeping the business operations up and running, firewalls, proxies, computers everything has to be up and running 24 7, 365 days. Now business continuity plans, disaster recovery, redundancy, all those are best practices consider for availability to guarantee that the business is always running.
according to NIST it is the protection of information systems from unauthorized activities in order to provide confidentiality, integrity and availability.
vulnerability
a flaw, loophole, oversight, or error that can be exploited to violate system security policy. For example, a software or an application that has code vulnerable to a buffer or flow exploit.
Threat
an event, natural or man-made, able to cause negative impact to an organization. It could be a storm or a hurricane or a hacker, for instance. An exploit is a defined way to breach the security of an IT system through a vulnerability. Like the buffer overflow example.
Exploit
a piece of code available on the internet to execute such attack against an application that happens to be vulnerable.
Risk
The probability of an event or that an event could actually happen. The likelihood of a vulnerability to be exploited.
Vulnerability Assessment
the process of identifying, analyzing, and ranking vulnerabilities in the specific environment. Basically a tool used, for instance, to analyze these specific asset, identify the associated vulnerabilities, and rank each vulnerability according to a specific criteria, whether the vulnerability can be exploitable in the while, if it is a null vulnerability, and many other parameters can be considered. Now there are two points to uptake into consideration. Many systems are shipped with known and unknown security holes and bugs, for instance. This is also associated with misconfigurations like when you get a modem and this modem has, for example, the username and password admin, this could be considered a vulnerability since a hacker from the Internet or a threat attack could actually connect to the modem and use those user account or those credentials to access the modem and perform any malicious activity. So the vulnerability assessment tool will be able to detect that these modem has the default credentials and will flag that as a misconfiguration vulnerability. So the system admin can actually go ahead and make the necessary actions or take the necessary actions to fake the vulnerability. In this case, change the username and the password or change the password to something stronger, so that it will be more difficult to get access to the modem.
Clipper Chip
operation developed by the NSA. This operation was something that those guys in the NSA tried to incorporate like a chip into any landline for phones in most of the US homes to try to spy the communications. Obviously that project, that operation didn't go well, didn't receive any approval from the Congress. But since the leaks from Edward Snowden, we already know that, well, it's not Clipper Chip, the operation that goes into operation. It was something different that catch not just communications over the landlines, but also communications over emails and other communication methods.
Solar Sunrise
· This operation is important. This operation has one interesting component here. Firstly, this operation was a series of attacks to the DoD computer networks. It launched on February of '98. Essentially, they exploit a known vulnerability on OS, on the network of the DoD. They use or they start the attack following a series of steps. Actually that's part of the interesting part of the operation. They tried to determinate or understand if the vulnerability that the attacker wants to exploit exists on the network. If the vulnerability exist, they exploit a vulnerability. They implanted in a program like backdoor and the sniffer there and return later to retrieve the collected data. The attackers launched not just this attack for the DoD network, but also for the Air Force, Navy, the Marine Corps, and also in another countries such as Israel, France, Germany, and they target some of the key parts of the network. They tried to dump also passwords and documents from the technological or from the infrastructure on the networks that they had attacked. But the interesting part here is who launched this attack? It was maybe terrorist or a rogue state such as Iraq or something like that. Actually, the attack was launched by two teenagers from California. Actually one of the teenagers was from Israel. So this is a good example of things that could happen even if we are not dealing with the nation state cyber command on what things could happens if we do not secure our network.
Buckshoot Yankee
· was categorized as the most significant breach of the US military computers ever by the Secretary of Defense, William J. Lynn. This operation was part of a series of compromises on the year 2008. Everything starts with USB drive inserted into a computer in the Middle East military based operation. They used Trojan called Agent.BTZ, and the Trojan, the worm keep or stay on the network for 14 months until the IT security staff from the military cleaned the infection. No one, at this moment, had attributed the attack. It seemed like it was from China, but there is no real accusation right now on the courts. So that's one important major security breach and security operation, or cyberwarfare operation from the last 10- 15 years.
Desert Storm
some of the radars that Saddam Hussein used to try to alert their military forces that airplanes are coming to destroy bases or things like that. Some of the radars are destroyed or are tampered with fake formation. So that's one of the things that the US military command used to successfully attack some of their key military buildings of Saddam Hussein.
On Bosnia
there was a lot of cyber operations. But things like, i.e. fakes news, fake information delivered to the militaries in the field, things of that sort was used in Bosnia.
Stuxnet
A computer worm designed to find and infect a particular piece of industrial hardware; used in an attack against Iranian nuclear plants. The process that virus, that fugen, was created supposedly by U.S. and Israel using one operation called Olympic games.
new freedom act
Demanded stronger antitrust legislation, banking reform, and reduced tariffs. was the key part to start the massive surveillance programs that Edward Snowden revealed a couple of years ago.
Authentication sender, receiver wants to confirm identity of each other.
Confidentiality
only sender, intended receiver should "understand" message contents. : sender encrypts message : receiver decrypts message
Man-in-the-middle (example)
If Alice and Bob wants to send secure message but Trudy can interferre in the middle and manipulate the message.
client server example
Bob and Alice may be real life Bobs and Alices such as web browser/server for electronic transactions such as online purchases, online banking client/server, DNS servers, routers exchanging routing table updates.
NIST Computer Security
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources which includes hardware, software, firmware, information/data, and telecommunications.
Computer Security Challenges
· Security not as simple as it seems o Easy requirements, tough solutions · Solutions can be attacked themselves o Security policy enforcement structures as the targets · Protection of enforcement structure can complicate solutions o Solution itself can be easy, but complicated by protection · Security architectural decisions o Know what to do, but where to do them? · Key management is really hard o More on this later · Protectors have to be right all the time o Attackers just once · No one likes security until its needed o Seat belt philosophy · Security architectures require constant effort o Strategic versus tactical perspectives · Security is often a decision after thought o Iced on rather than baked in · Security is viewed as in the way
Security not as simple as it seems
Easy requirements, tough solutions
Solutions can be attacked themselves
Security policy enforcement structures as the targets
Protection of enforcement structure can complicate solutions
Solution itself can be easy, but complicated by protection
Security architectural decisions
Know what to do, but where to do them?
Protectors have to be right all the time
Attackers just once
Intrusion Detection
Reactive security - identify and mitigate malicious activity. May be network-based or host-based. i.e. Snort, Suricata, Bro.
Reverse Engineering
Needed for malware analysis and vulnerability research i.e. IDA Pro (Disassembler), WinHex (Hexeditor), OllyDbg (Debugger).
Programming
Useful for scripting, tools development, security research, and reverse engineering. i.e. Python, C/C++, Java, Assembly
Virtualization
Common across IT organizations - for research, lab, development, and reverse engineering. i.e. VMware, VirtualBox.
Cryptography
Understand and develop algorithms, ciphers, and security systems. i.e. encryption, digital signatures, hash functions, etc.
Networking Understand networking protocols, packet sniffing, firewalls, routers, i.e. TCP/IP, ICMP, Wireshark.
Operating Systems System architecture, application execution, logging details, configurations and settings
Database Modeling Useful for threat modeling and incident investigation. i.e. Maltego, Synapse.
The reality of tools Metasploit, Wireshark, Nessus, Splunk, and other tools.
Common Misconceptions Keeping up with the latest technical tools and trends is the key to success.
Reality Tools Tools (and the threat landscape) change quickly - it is impossible to be proficient in everything.
Good news about Security and design fundamentals
Security and design fundamentals change slowly.
The Point about Critical thinking skills and an understanding of security fundamentals:
Critical thinking skills and an understanding of security fundamentals will allow us to identify solutions to unknown, undefined, and complex situations (regardless of technology).
Critical Thinking Key Skills 1
Challenge assumptions: Systematically list and challenge, Refine as you learn more.
Critical Thinking Key Skills 2
Consider alternatives: Brainstorm full range of possibilities, Break into components - who, what, when, where, why, and how.
Critical Thinking Key Skills 3
Evaluate data: Crux of the scientific method. Does the data fit your hypothesis?
Critical Thinking Key Skills 4
Identify key drivers: What are the driving forces at play? This can help you identify the future.
Critical Thinking Key Skills 5
Understand context: MOST IMPORTANT! Put yourself in others' shoes - reframe the problem.
The mental model that underlies your reasoning
· An assumption is a thought that causes us to predict an outcome · Usually based on a past experience or old thoughts and evidence · Challenge them! Systematically list your assumptions and then assess whether it is solid, has caveats, or is unsupported · Refine as you learn more and circumstances change · Questions are converted into collection requirements (I need more hard data) or research topics (I need more information).
Explicitly list all assumptions
Infinite all stakeholders, Brainstorm, Look for phrases like "Will always, will never, would have to be, based on, generally the case..."
Examine each with key Qs
Why do I think this is correct? When could this be untrue? How confident am I that this is valid? If it is invalid, what would the impact be?
Employees Employee perspective. Skills. Training needs.
Threat Actors Technical capability, Motives, Opportunity.
Context means you understand the operational environment in which you are working.
Perspective Consider the ____ of your managers, colleagues, and clients.
Framing techniques help keep everyone on the same page.
Key Components Break the problem down into component parts and then list key actors or categories.
Factors at Play
Identify driving focus so that tyou understand the dynamics of the situation. Break the problem into component parts to reveal additional insights or relationships.
Relationships
What patterns and relationships exist among the components and factors? Are they static? Dynamic? Graphing or sorting may help here.
Similarities/Differences
Are there historical analogies? Similar situations can help you understand and respond. You are almost never starting from scratch on an issue - investigate past work.
Redefine
Experiment with different ways to reframe your problem. Write down what you know, what you don't know, and rephrase or paraphrase the issue. What is the root cause?
Internal Users
· They are still the most likely to cause security problems, whether intentional or not. Loss and sale of information is the most normal, along with the installation of malware. - Just Play (Demonstrate the capabilities of the group or the individual, on the hackers community.)
Just Play Demonstrate the capabilities of the group or the individual, on the hackers community.