sussy.win

1.1 Security Controls

Categories

• Technical - Anything implemented through hardware/software to protect against attackers. Examples: AAA, Firewalls, IDS/IPS, etc.
• Managerial - Also called Administrative. All the policies, procedure, compliance related stuff.
• Operational - COMING SOON
• Physical - Physical stuff. Security Guards, CCTV, Access Control Systems.

Control types

• Preventive - Stop Attackers Before Incident
• Deterrent - Dissuades Attackers
• Detective - Identifies attacks that have occurred
• Corrective - Fixes for attack/security issues that have occurred
• Compensating - Reduce impact
• Directive - Guides Employees on how to react to situations (policies/procedures)

1.2 Fundamental Security Concepts

CIA (Confidentiality Integrity Availability)

• Confidentiality - ONLY authorized users can access data
• Integrity - complete and unaltered WITHOUT MODIFICATION!!
• Availability - Access data when needed. (make sure dem skids aint ddos u)

Non-repudiation

Ensures if action taken, it can be proved through digital evidence. Makes sure you can't deny it

AAA (Authentication, Authorization, Accounting)

Framework for managing access to systems/networks
First a user must be Authenticated (user/pass). Then the user gets Authorized (assigns permissions). Lastly the accounting process starts, which logs user behavior and actions

Gap Analysis

evaluation of security objectives, sort of like internal audit on security practices

• Purpose - Identify weaknesses in security practices
• Compliance - Measure adherence to standards
• Gap Identification - Compare current security measure to desired state. thats the "gap"

Zero Trust

states no entity within network is assumed safe. all traffic within/outside the network is potential threat and must be evaluated prior to transmission

Physical security

• Bollards - vehicle barriers
• Access Control vestibules - rust airlock
• Fencing - deterrent
• Video Surveillance - CCTV, FNAF
• Security Guards - Physical security control, can respond to threats immediately & acts as a deterrent
• access badge - method of authentication, RFID or NFC, often w/ photos to prevent impersonation

2.1 Threat actors & motivations

Threat actors

• Nation-state - Gov-funded, usually APTs (Advanced Persistent Threats), highly skilled
• Unskilled Attacker - script kiddie, automated tools
• Hacktivist - motivated by activist goals
• Insider - originates from within target network, usually disgruntled employees, contracts, etc.
• Organized Crime - well funded, skilled group motivated by money
• Shadow IT - Authorized users who use unauthorized tech - such as installing vpn or ftp programs to bypass restricts or sync files

Motivations

• Data Exfiltration - Seek to acquire sensitive/proprietary data
• Espionage - seek to acquire secret/confidential data for enemy nation-states or business competitors.
• Blackmail - seek to acquire data or info that can be used to force target to complete action, such as payment
• Financial Gain - benefit in the moneys
• Philosophical/Political - most of Hacktivists motivations
• Ethical - exposing vulnerability with aim of improving its security. white hackers
• Revenge - seeking retribution
• Disruption - some people love chaos
• war - disrupt military operations

2.2 Threat vectors & surfaces

Threat Vectors - method used
Attack Surface - vulnerability within system/network

• COMING SOON

Vulnerabilities

Application