Foundations of Cybersecurity: Module 2 Part 2

-

The Eight CISSP Security Domains.




1. Security and Risk Management 

=> Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

2. Asset Security

=> Secures digital and physical assets. 

It's also related to the storage, maintenance, retention and destruction of data 

3. Security Architecture and Engineering 

=> Optimizes data security by ensuring effective tools, systems, and processes are in place. 

4. Communication and Network security

=> Manage and secure physical networks and wireless communications. 
5. Identity and access management 

=> keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

6. Security assessment and testing 

=> Conducting security control testimng, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. 

7. Security Operations 
=> Conducting investigations and implementing preventative measures

8. Software Development security

= Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.

Type of attacks

Social Engineering attacks

Phishing
Smishing
Vishing
Spear phishing
Whaling
Social media phishing
Business Email Compromise (BEC)
Watering hole attack
USB (Universal Serial Bus) baiting
Physical social engineering 

Physical attack

Malicious USB cable
Malicious flash drive
Card cloning and skimming

Adversarial artificial intelligence

Adversarial artificial intelligence is a technique that manipulates 
artificial intelligence and machine learning technology to conduct attacks more efficiently. 

Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.

Supply-chain attack

A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.

Cryptographic attack

A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are: 

Birthday
Collision
Downgrade

Cryptographic attacks fall under the communication and network security domain. 

Understanding Attackers.

Threat actor types

APTs: Advanced persistent threats, have significant expertise accessing an organization's network without authorization. APTs tend to research their targets (e.g., large corporations or government entities)  in advance and can remain undetected for an extended period of time. 

Their intentions and motivations can include:
  • Damaging critical infrastructure, such as the power grid and natural resources
  • Gaining access to intellectual property, such as trade secrets or patents

Insider threats

Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include: 
  • Sabotage
  • Corruption
  • Espionage
  • Unauthorized data access or leaks 

Hacktivists

Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include: 
  • Demonstrations
  • Propaganda
  • Social change campaigns

Fame

A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:

Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.

Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.

Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain. 

Note: There are multiple hacker types that fall into one or more of these three categories.

New and unskilled threat actors have various goals, including: 

To learn and enhance their hacking skills

To seek revenge

To exploit security weaknesses by using existing malware, programming scripts, and other tactics 

Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.

There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.

Comments

Post a Comment

Popular posts from this blog

Common Network Commands: Ping

-
Ping Command Overview The `ping` command is a fundamental utility used in network diagnostics. It checks the reachability of a host on an Internet Protocol (IP) network and measures the round-trip time for messages sent from the originating host to a destination computer. The command uses the Internet Control Message Protocol (ICMP) to send echo request packets and listens for echo replies. Origin and Development The `ping` command was developed in 1983 by Mike Muuss as a diagnostic tool for the ARPANET. Since then, it has become a standard utility available on most operating systems, including Linux, Windows, and macOS, making it an essential tool for network administrators and users. Basic Functionality The `ping` command serves several functions: - Tests connectivity to a specified host. - Measures the time taken for packets to travel to the destination and back. - Provides statistics about packet loss and round-trip time. Key Command Syntax 1. Basic Syntax:    ```    ping [options]
Read more

Common Network Commands: Route

-
Route Command Overview The route command is a part of the older net-tools package used in Linux systems for viewing and manipulating the IP routing table. It provides information about how packets are routed through the network and allows for the addition, deletion, and modification of routes. Origin and Development Historically, the route command has been a primary tool for managing network routing in Linux. However, it has largely been replaced by the ip command from the iproute2 package, which offers more advanced features and capabilities. Despite this, route is still commonly used in many Linux distributions for its simplicity and familiarity. Basic Functionality The route command serves several functions: - Displays the current routing table entries. - Shows destination networks, gateways, and associated interfaces. - Allows for the addition, deletion, and modification of routes. Key Command Syntax 1. Display Routing Table:    ```    route -n    ```    The -n option prevents DNS
Read more

John The Ripper

-
John the Ripper  Is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking. A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example: If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash. Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, w
Read more