The document discusses cybersecurity concepts including encryption, authentication, digital signatures, and penetration testing. It defines cybersecurity as protecting computer systems from threats. Encryption converts data into cipher text for protection. Authentication verifies identities through methods like passwords, certificates, and biometrics. Digital signatures mathematically verify the authenticity and integrity of messages. Penetration testing involves simulated cyber attacks to evaluate security. The document outlines security best practices and roles of security operations centers in monitoring for threats.
4. Cybersecurity
It is the protection of computer
systems and networks from
information disclosure, theft of
or damage to their hardware,
software, or electronic data, as
well as from the disruption or
misdirection of the services they
provide
5. Cybersecurity Significance
1- Due to the continuously expanding reliance on computer systems, the
Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to
the growth of "smart" devices, including smartphones, televisions, and the
various devices that constitute the "Internet of things".
2- Cybersecurity is also one of the significant challenges in the contemporary
world, due to its complexity, both in terms of political usage and technology.
6. Assets
It is any resource owned or controlled by a business or an economic entity
Assets Types:
Data Assets
Financial Assets
9. Encryption
It is converting the original representation of the information (plaintext), into an
alternative form known as (cipher text).
Wireless Application
EEA: EPS Encryption Algorithm
Types
Symmetric: one key used in Encryption & Decryption
Asymmetric: a key used in Encryption and another in Decryption
11. Asymmetric Encryption Example
Diffie–Hellman key exchange
It is a method of securely exchanging
cryptographic keys over a public channel
and was one of the first public-key protocols
as conceived by Ralph Merkle and named
after Whitfield Diffie and Martin Hellman.
It establishes a shared secret between two
parties that can be used for secret
communication for exchanging data over a
public network. An analogy illustrates the
concept of public key exchange by using
colors instead of very large numbers:
12. Integrity
It is Checking that data is not altered or
modified during Tx.
MAC = HMAC Authentic
MAC = HMAC Not Authentic
Wireless Application
TKIP (Temporary Key Integrity Protocol)
EIA: EPS Integrity Algorithm
14. Authentication Factor Types
1-Knowledge factors: Something the user knows
(e.g., a password, partial password, pass phrase, personal identification number (PIN), challenge
response (the user must answer a question or pattern), security question).
2-Ownership factors: Something the user has
(e.g., wrist band, ID card, security token, implanted device, cell phone with built-in hardware token,
software token, or cell phone holding a software token).
3- Inherence factors: Something the user is or does
(e.g., fingerprint, retinal pattern, DNA sequence (there are assorted definitions of what is sufficient),
signature, face, voice, unique bio-electric signals, or other biometric identifier).
16. DoD (Defense of Depth)
Onion Model: The best DoD Representation
Data is the center and the most important security level
It is a concept used in Information security in which
multiple layers of security controls (defense) are placed
throughout an information technology (IT) system
17. DoD Controls
Physical control
Anything that physically limits or prevents access to IT systems. Fences, guards, dogs, and CCTV systems and the like.
Technical controls
hardware or software whose purpose is to protect systems and resources.
Examples: disk encryption, File integrity software, and authentication. Hardware technical controls differ from physical
controls in that they prevent access to the contents of a system, but not the physical systems themselves.
Administrative controls
Organization's policies and procedures. Their purpose is to ensure that there is proper guidance available in regard to
security and that regulations are met. They include things such as hiring practices, data handling procedures, and security
requirements.
18. Information security culture
1-Pre-evaluation: To identify the awareness of information security within
employees and to analyze the current security policies.
2-Strategic planning: To come up with a better awareness program, clear targets
need to be set. Assembling a team of skilled professionals is helpful to achieve it.
3-Operative planning: A good security culture can be established based on
internal communication, management-buy-in, security awareness and a training
program.
19.
4-Implementation: Four stages should be used to implement the information
security culture. They are:
A-Commitment of the management
B-Communication with organizational members
C-Courses for all organizational members
D-Commitment of the employees
5-Post-evaluation: To assess the success of the planning and implementation,
and to identify unresolved areas of concern.
20. Incident response planning
1-Preparation: Preparing stakeholders on the procedures for handling computer
security incidents or compromises
2-Detection and analysis: Identifying and investigating suspicious activity to confirm a
security incident, prioritizing the response based on impact and coordinating
notification of the incident
3-Containment, eradication and recovery: Isolating affected systems to prevent
escalation and limit impact, pinpointing the genesis of the incident, removing
malware, affected systems and bad actors from the environment and restoring
systems and data when a threat no longer remains
4-Post incident activity: Post mortem analysis of the incident, its root cause and the
organization's response with the intent of improving the incident response plan and
future response efforts
21. Digital Certificate
Called also public key certificate / identity certificate
It is an electronic document used to prove the ownership of a public key
The certificate includes:
1- Key Information
2- Subject: Information about the identity of its owner
3- Issuer: Digital signature of an entity that has verified the certificate's contents
22. Public key infrastructure (PKI)
It is a set of roles, policies, hardware, software and
procedures needed to create, manage, distribute, use,
store and revoke digital certificates and manage public-
key encryption.
CA: Certificate Authority
RA: Registration Authority
VA: Validation Authority
23. Digital Signature
It is a mathematical scheme for verifying the authenticity
of digital messages or documents.
A valid digital signature, where the prerequisites are
satisfied, gives a recipient very strong reason to believe
that the message was created by a known sender
(authenticity), and that the message was not altered in
transit (integrity)
Digital Signature Schemes
24. Hackers
Persons skilled in information technology who
uses their technical knowledge to achieve a goal
or overcome an obstacle, within a computerized
system by non-standard means.
25. Penetration Testing
It is an authorized simulated cyberattack on a computer system, performed to evaluate the security of
the system
Tools
BackBox
Nmap
Metasploit Project
Nessus
26. Penetration Testing Phases
1-Reconnaissance: The act of gathering important information on a target system. This information can
be used to better attack the target.
For example, open source search engines can be used to find data that can be used in a social
engineering attack.
2-Scanning: Uses technical tools to further the attacker's knowledge of the system.
For example, Nmap can be used to scan for open ports.
27.
3-Gaining access: Using the data gathered in the reconnaissance and scanning phases, the attacker can
use a payload to exploit the targeted system.
For example, Metasploit can be used to automate attacks on known vulnerabilities.
4-Maintaining access: Maintaining access requires taking the steps involved in being able to be
persistently within the target environment in order to gather as much data as possible.
5-Covering tracks: The attacker must clear any trace of compromising the victim system, any type of
data gathered, log events, in order to remain anonymous.
28. SOC (Security Operation Center)
is a facility where enterprise information
systems (web sites, applications, databases,
data centers and servers, networks,
desktops and other endpoints) are
monitored, assessed, and defended.
29. SOC other names
Security Defense Center (SDC)
Security Analytics Center (SAC)
Network Security Operations Center (NSOC)
Security Intelligence Center
Cyber Security Center
Threat Defense Center,
Security Intelligence and Operations Center (SIOC)
Infrastructure Protection Center (IPC)
30. SOC Types
SNOC, Security Network Operations Center
ASOC, Advanced Security Operations Center
GSOC, Global Security Operations Center
vSOC, Virtual Security Operations Center
CSOC, Cloud Security Operations Center
SSOC, Smart Security Operations Center