labsim online notes chapter 1 PDF

Preview

Summary

A security over view of what you are going to learn about cybersecurity....

Description

1.1

Security Overview

The TestOut Security Pro Certification exam measures not just what you know, but what you can do. This exam measures your ability to implement processes to protect an organization's assets against danger, damage, loss, and criminal activity. As you study this section, answer the following questions:     

What challenges does a security professional face? What is the difference between integrity and non-repudiation? What are the three main goals of the CIA of Security? What are the key components of risk management? What are three types of threat agents?

Key terms for this section include the following: Term Security

Confidentiality Integrity

Availability

Definition The degree of protection against danger, damage, loss, and criminal activity.

Confidentiality ensures that data is not disclosed to unintended persons. Integrity ensures that data is not modified or tampered with.

Availability ensures that a system is up so that data is available when needed.

NonRepudiation

Non-repudation provides the validation of a message's origin.

Asset

Something that has value to an individual or an organization.

Threat

Anything that has the potential to cause the loss of an asset.

Threat agent

The person or entity that attempt or carries out a threat.

Vulnerability

An opening or weakness in the system.

Exploit

An act, procedure, or piece of software that takes advantage of a vulnerability to carry out an attack.

Copyright © 2022 TestOut Corporation All rights reserved.

1.1.3

Security Introduction

Security is the degree of protection against danger, damage, loss, and criminal activity. This lesson covers the following topics:     

Security Challenges Security Terms Security Components Risk management Threat Agents

Security Challenges In regards to information security, computers, and IT networks, modern day security challenges include the following: Challenge

Description Sophisticated attacks are complex, making them difficult to detect and thwart. Sophisticated attacks:

Sophisticated Attacks

 

Proliferation of Attack Software

Attack Scale and Velocity

Use common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic. Vary their behavior, making the same attack appear differently each time.

A wide variety of attack tools are available on the internet, allowing anyone with a moderate level of technical knowledge to download the tools and run an attack. The scale and velocity of an attack can grow to millions of computers in a matter of minutes or days due to its ability to proliferate on the internet. Because modern attacks are not limited to user interactions, such as using a floppy disk, to spread an attack from machine to machine, the attacks often affect very large numbers of computers in a relatively short amount of time.

Security Terms Common security terms include the following: Term

Confidentiality

Description Confidentiality ensures that data is not disclosed to unintended persons. This is provided through encryption, which converts the data into a form that makes it less likely to be usable by an unintended recipient.

Integrity

Integrity ensures that data is not modified or tampered with. This is provided through hashing.

Availability

Availability ensures the uptime of the system so that data is available when needed.

Nonrepudiation

Non-repudiation provides validation of a message's origin. For example, if a user sends a digitally signed email, they cannot claim later that the email was not sent. Non-repudiation is enforced by digital signatures.

The CIA of Security refers to confidentiality, integrity, and availability. These are often identified as the three main goals of security.

Security Components Key security components include the following: Component

Description Physical security includes all hardware and software necessary to secure data, such as firewalls and antivirus software.

Physical Security

Users and Administrators

Users and administrators are the people who use the software and the people who manage the software, respectively.

Policies

Policies are the rules an organization implements to protect information.

Risk Management Risk management is the process of identifying security issues and deciding which countermeasures to take in reducing risk to an acceptable level. The main objective is to reduce the risk for an organization to a level that is deemed acceptable by senior management. Risk management generally takes the following items into account: Item

Description

Asset

An asset is something that has value to the person or organization, such as sensitive information in a database.

Threat

A threat is an entity that can cause the loss of an asset or any potential danger to the confidentiality, integrity, or availability of information or systems, such as a data breach that results in a database being stolen.

Threat Agent

A threat agent (sometimes known as an attacker) is an entity that can carry out a threat, such as a disgruntled employee who copies a database to a thumb drive and sells it to a competitor.

Vulnerability

A vulnerability is a weakness that allows a threat to be carried out, such as a USB port that is enabled on the server hosting the database or a server room door that is frequently left ajar. USB devices pose the greatest threat to the confidentiality of data in most secure organizations. There are so many devices that can support file storage that stealing data has become easy, and preventing it is difficult.

Exploit

An exploit is a procedure or product that takes advantage of a vulnerability to carry out a threat, such as when a disgruntled employee waits for the server room door to be left ajar, copies the database to a thumb drive, and then sells it.

Threat Agents Types of threat agents include the following: Type

Description Employees can be the most overlooked yet most dangerous threat agent because they have greater access to information assets than anyone on the outside trying to break in. Employees are also known as internal threats. Employees can:

Employe e

   

Become disgruntled with their employer Be bribed by a competitor Be an unintentional participant in an attack Accidentally delete or cause data corruption

Spies can be employed in corporate espionage to obtain information about competitors for commercial purposes. Spies are typically deployed in the following scenarios: Spy

 

Hacker

A spy applies for a job with a commercial competitor and then exploits internal vulnerabilities to steal information and return it to their client. A spy attacks an organization from the outside by exploiting external vulnerabilities and then returns the information to their client.

In general, a hacker is any threat agent who uses their technical knowledge to bypass security mechanisms to exploit a vulnerability to access information. Hacker subcategories include the following: 

Script kiddies, who download and run attacks available on the internet, but generally are not technically savvy enough to create their own attacking code or script.

 

Cybercriminals, who usually seek to exploit security vulnerabilities for some kind of financial reward or revenge. Cyber terrorists, who generally use the Internet to carry out terrorist activities, such as disrupting network-dependent institutions.

Copyright © 2022 TestOut Corporation All rights reserved.

1.2.3

Defense Planning Facts

Layered security, or defense in depth, combines multiple security controls and defenses to create a cumulative effect. This lesson covers the following topics:   

The seven layers of security User education Countermeasures

The Seven Layers of Security Layered security has seven layers. The following table describes each layer. Security Layer

Includes:

Policies, procedures, and awareness

User education; manageable network plans; and employee onboarding and off-boarding procedures.

Physical

Perimeter

Fences, door locks, mantraps, turnstiles, device locks, server cages, cameras, motion detectors, and environmental controls.

Firewalls using ACLs and securing the wireless network.

Network

The installation and configuration of switches and routers; implementation of VLANs; penetration testing; and virtualization use.

Host

Log management, OS hardening, patch implementation, patch management, auditing, anti-malware, and password attack prevention on each workstation, laptop, and mobile device.

Application

Authentication and authorization, user management, group policies, and web application security.

Data

Storing data properly, destroying data, classifying data, cryptography, and

data transmission security.

It is important to know that each layer does not require its own security appliance or software. Layered security is not about specific mechanisms, but the method of protecting a network by employing various techniques at one time.

User Education Employees are the single greatest threat to network security. Therefore, user education is very important. Look for ways to take the following actions:      

Make employees aware that they are the primary targets in most attacks. Ensure employees understand that phishing attacks are one of the most common attacks directed at employees. Train employees to identify email, instant messaging, download, and website attacks. Enforce effective password policies, including a policy that prohibits writing down passwords. Train employees to identify both internal and external threats. Ensure that employees are aware of the company's security policies.

Countermeasures A countermeasure is a way to mitigate a potential risk. Countermeasures reduce the risk of a threat agent exploiting a vulnerability. An appropriate countermeasure:        

Provides a security solution to an identified problem. Is not dependent on secrecy. Is testable and verifiable. Provides uniform or consistent protection for all assets and users. Is independent of other safeguards. Requires minimal human intervention. Is tamper-proof. Has overrides and fail-safe defaults.

Copyright © 2022 TestOut Corporation All rights reserved....