The document outlines 50 shapes or topics related to network and information security. Some of the topics covered include the CIA security triad, symmetric and asymmetric encryption, cloud service models, hashing functions, the OSI model, firewalls vs proxies, and risk assessment processes. Each shape has a brief description or graphic explaining the key aspects of that security topic. The document is intended as a high-level overview of common concepts in network and information security.
2. Shape 01 : The CIA Security Triad
Shape 02 : Security Requirements, Threats, and Attacks
Shape 03 : How do DDoS attacks work?
Shape 04 : Symmetric Encryption
Shape 05 : Asymmetric Encryption
Shape 06 : Digital Signature
Shape 07 : The OSI Model
Shape 08 : TCP 3 Way Handshake
Shape 09 : TCP/IP Model vs. OSI Model
Shape 10 : TLS Negotiation
Shape 11 : SAML-based Single Sign-On
Shape 12 : Cloud Service Models
Shape 13 : Cloud Deployment Responsibilities
Index
3. Shape 14 : Hashing Functions
Shape 15 : Salted Hashes
Shape 16 : Encryption, Masking, Anonymization, and
Tokenization
Shape 17 : Kerberos
Shape 18 : Risk Terminologies
Shape 19 : Defense in Depth
Shape 20 : APT Life Cycle
Shape 21 : OWASP Top 10
Shape 22 : Security Policy and Supporting Docs.
Shape 23 : Data Security Lifecycle
Shape 24 : Secure SDLC
Shape 25 : Pass the Hash (PtH) Attack
Index
4. Shape 26 : ITIL Framework
Shape 27 : ISO 27001
Shape 28 : Cyber Security Domains
Shape 29 : NIST Cyber Security Framework
Shape 30 : SAST, IAST, DAST, and RASP
Shape 31 : PCI DSS Requirements
Shape 32 : Security Incident Handling Steps
Shape 33 : SANS Security Incident Handling Model
Shape 34 : NIST Incident Response Life Cycle
Shape 35 : SOC Team Structure
Shape 36 : Risk Management Process
Shape 37 : Risk Assessment Process
Shape 38 : Risk Assessment Matrix
Index
18. Cloud Deployment Responsibilities
13 of 50 Shapes of Network & Information Security Hatem ElSahhar
On-Premises
Applications
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
IaaS
Applications
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
PaaS
Applications
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
SaaS
Applications
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
What customer manages What provider manages
34. NIST Cyber Security Framework
29 of 50 Shapes of Network & Information Security Hatem ElSahhar
35. SAST, IAST, DAST, and RASP
30 of 50 Shapes of Network & Information Security Hatem ElSahhar
Column1 SAST IAST DAST RASP
Timeline Development QA, Testing Testing, Production Production
Speed Instant to hours Instant (at runtime) Hours to Days Instant (at runtime)
How it works
Analyzes static code to
identify vulnerabilities
Analyze code and behavior
of running apps through
instrumentation
Sends HTTP requests to test
behavior of web apps
Monitors and protects apps
at the runtime or server
layer
Allows continuous
security testing
Yes Yes No Yes
CI/CD integration Yes Yes No No
Integration
IDEs, build tools, issue
trackers
Build tools, test automation,
issue trackers, APIs
No real integration
Language runtime,
application server
Accuracy Medium High Medium High
Actionability
High: points to vulnerable
lines of codes
High: points to vulnerable
lines of codes
Low: difficult to deduce
location of problem
High: detailed information
on attacks
38. SANS Security Incident Handling Model
33 of 50 Shapes of Network & Information Security Hatem ElSahhar
Preparation
Identification
Containment
Eradication
Recovery
Lesson
Learned
39. NIST Incident Response Life Cycle
34 of 50 Shapes of Network & Information Security Hatem ElSahhar
40. SOC Team Structure
35 of 50 Shapes of Network & Information Security Hatem ElSahhar
SOC
Manager
L1
Monitoring
Team
L2/L3 SOC
Analysts
Incident
Responders
Service
Desk
Forensics
SIEM
Admins
Threat
Intelligence
Threat
Hunter
41. Risk Management Process
36 of 50 Shapes of Network & Information Security Hatem ElSahhar
•Actions &
mechanism to
minimize risks
•Risk acceptance
•Continuous
monitoring of risks
•Actions to control
them
•Estimate like hood
and impact of risk
•Quantitative vs.
Qualitative
•Identification of
risk and their
causes
Risk
Identification
Risk
Categorization
Risk
Mitigation
Risk
Management
42. Risk Assessment Process
37 of 50 Shapes of Network & Information Security Hatem ElSahhar
System
Characterization
Threat Identification
Vulnerability
Identification
Control Analysis
Likelihood
Determination
Impact Analysis Risk Determination
Control
Recommendations
Results
Documentation
44. Risk
Avoid
Eliminate the risk factor
Stop
Don’t provide
the product
or service
Outsource
Your vendor
accepts the
risk
Accept
Can you
afford to
cover the
cost?
Self Insure
Pay out of
pocket or
with a
deductible
Transfer
Move the risk to someone
else
Contract
Agreement
says
customer
provides
insurance
Insure
Your policy
covers
potential cost
Reduce
Take steps to reduce the
cost of a loss
Loss
Control
Program
Take actions
to reduce risk
Technology
/ Training
Use
technology to
reduce risk
Risk Mitigation Options
39 of 50 Shapes of Network & Information Security Hatem ElSahhar
45. FTPS vs. SFTP
40 of 50 Shapes of Network & Information Security Hatem ElSahhar
Features
FTPS
Also known as:
FTP over SSL (Secure Socket Layer)
SFTP
Also known as:
FTP over SSH (Secure Shell)
Implements strong
encryption algorithms
Algorithms such as AES and Triple
DES are used to encrypt transferred
data
Algorithms such as AES and Triple
DES are used to encrypt transferred
data.
Encrypts usernames and
passwords
User IDs and passwords over the
FTPS connection are encrypted.
User IDs and passwords over the
SFTP connection are encrypted.
Supports key-based
authentication
Key-based authentication is not
supported.
SSH keys can be used to authenticate
SFTP connections in addition to (or
instead of) passwords.
Supports certificates Connections are authenticated using
a user ID, password, and
certificate(s).
Certificates are not supported.
Firewall-friendly Can be very difficult to patch through
a tightly secured firewall since FTPS
uses multiple port numbers
Only needs a single port number
(default of 22) to be opened through
the firewall
46. Cookies
41 of 50 Shapes of Network & Information Security Hatem ElSahhar
Session cookie
Persistent
cookie
HttpOnly
cookie
Secure cookie
First-party
cookie
Third-party
(tracking)
cookie
47. Malware Types
42 of 50 Shapes of Network & Information Security Hatem ElSahhar
Spyware
Virus
Spam
Worm
Trojan
Back-
doors
Rootkit
Key
loggers
Ransom
ware
49. • Proxy will intercept the
user agent requests
without the user agent’s
knowledge
• The user agent thinks it is
talking with the web server
directly
• The proxy will issue origin-
style challenge (HTTP 401)
as the browser will not
accept proxy challenges
• The user agent (i.e. web
browser) is configured with
the proxy server IP address
to direct the traffic to it
• The user agent knows it is
using a proxy
• The proxy will issue a proxy
challenge (HTTP 407)
Explicit Proxy Transparent Proxy
Explicit vs. Transparent Proxies
44 of 50 Shapes of Network & Information Security Hatem ElSahhar