Security Fundamentals

As the threat landscape evolves, cybersecurity needs emerge and are considered as a continuous effort to enable better protection, detection, and mitigation of attacks. This course, CSOL500 introduced basic concepts and terminologies of cybersecurity. It also has enlightened students on the latest cyber threat landscape and enabled us to better understand the granular details of the most recent breaches, types of attacks, and remediation.

Artifacts

As part of Cyber Security Foundation journey, we did research on many security areas which include threat categorization, vulnerability assessment, encryption policy for an enterprise class organization. I prefer to provide details on these artifacts because of their key critical nature and relevance as we moved to digital era. 1) Threats and Vulnerabilities
Digital Transformation ?
We know digitization is the 19 trillion-dollar opportunity and we are seeing an exponential growth in online devices from 15B today to an expected 500B by 2030.Today's rapidly evolving business models are reflected in trends like mobility and BYOD.New business models are driving opportunity and competitive advantage for companies. Countries and companies are bringing all their business processes online.
Who is the most beneficiary of Digital Shift ?
The industry that's benefiting the most from digitization is the hacking industry. And it's big business. It's estimated to be anywhere from half a trillion to a trillion dollars a year. And as a result, the actors in this business have changed. These are nation states, hactivist, and organized crime syndicates. These active adversaries are highly organized, they're well financed, and they're extremely patient. They know exactly the target they're after. They know what data inside of that target they're after. They know who's likely to have access to that data, they know some likes and dislikes of the people they're targeting, and they even know the defenses that the organization is deploying to stop them. This is the world of advanced persistent threats. Custom threats built just for the target. And it's the collision between the opportunity of digitization and the rise of industrialized hacking that's causing new challenges for our customers.
Threat Analysis
There seems to be a never-ending series of cyber threats striking on organizations these days. From ransomware to crypto-mining to state nexus threat actors, it feels like every day a new group is labeled or malware family is discovered. Keeping up with these threats can be daunting-until we consider what it takes to defend against them.
According to Rapid7, when a criminal is trying to hack an organization, they won't re-invent the wheel;They'll draw upon common types of hacking techniques that are known to be highly effective, such as malware, phishing, or cross-site scripting (XSS). Whether you're trying to make sense of the latest data breach headline in the news or analyzing an incident in your own organization, it helps to understand the different ways an attacker might try to cause harm. Here's an overview of some of the most common types of attacks seen today.

• Malware

​Malware, or malicious software, is any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of different functions such as stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission.

• Phishing

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.The information is then used to access important accounts and can result in identity theft and financial loss.

• SQL Injection

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

• Cross-Site Scripting

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

• Denial-of-Service

A denial-of-services is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses.

• Session Hijack and Man-in-the-Middle

Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems. A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
Vulnerability Assessment
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.A vulnerability assessment process that is intended to identify threats and the risks they pose typically involves the use of automated testing tools, such as network security scanners, whose results are listed in a vulnerability assessment report.
Some of the different types of vulnerability assessment scans include the following:

• Network-based scans are used to identify possible network security attacks. This type of scan can also detect vulnerable systems on wired or wireless networks.
• Host-based scans are used to locate and identify vulnerabilities in servers, workstations or other network hosts. This type of scan usually examines ports and services that may also be visible to network-based scans, but it offers greater visibility into the configuration settings and patch history of scanned systems.
• Wireless network scans of an organization's Wi-Fi networks usually focus on points of attack in the wireless network infrastructure. In addition to identifying rogue access points, a wireless network scan can also validate that a company's network is securely configured.
• Application scans can be used to test websites in order to detect known software vulnerabilities and erroneous configurations in network or web applications.
• Database scans can be used to identify the weak points in a database so as to prevent malicious attacks, such as SQL injection attacks.

References:
Common Types of Cyber Security Attacks
Vulnerability Assessment (Vulnerability Analysis)
Cisco Talos - Threat Intelligence 2) Encryption
​There are numerous cryptographic algorithms have been developed and used in many different protocols and functions. Cryptography is by no means static. Steady advances in computing and the science of cryptanalysis have made it necessary to adopt newer, stronger algorithms and larger key sizes. Older algorithms are supported in current products to ensure backward compatibility and interoperability. However, some older algorithms and key sizes no longer provide adequate protection from modern threats and should be replaced. Cryptography can provide confidentiality, integrity, authentication, and nonrepudiation for communications in public networks, storage, and more. Some real-world applications include protocols and technologies such as VPN networks, HTTPS web transactions, and management through SSH.
Over the years, some cryptographic algorithms have been deprecated, "broken," attacked, or proven to be insecure. There have been research publications that compromise or affect the perceived security of almost all algorithms by using reduced step attacks or others such as known plaintext, bit flip, and more. Additionally, advances in computing reduce the cost of information processing and data storage to retain effective security. Because of Moore's law and a similar empirical law for storage costs, symmetric cryptographic keys must grow by 1 bit every 18 months. For an encryption system to have a useful shelf life and securely interoperate with other devices throughout its life span, the system should provide security for 10 or more years into the future. The use of good cryptography is more important now than ever before because of the very real threat of well-funded and knowledgeable attackers.
Cryptographic algorithms, in general, are divided into the following categories:

• Symmetric key algorithms: These algorithms share the same key for encryption and decryption. Examples include Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES).
• Public key algorithms: These algorithms use different, mathematically related keys for encryption and decryption. Examples include Digital Signature Algorithm (DSA) and the Rivest-Shamir-Adleman (RSA) algorithm.
• Elliptic curve algorithms: These algorithms function over points that belong to elliptic curves. Examples include Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA).
• Hash: These algorithms provide a constant-sized output for any input and their most important property is irreversibility.​

References:
Next Generation of Encryption
Arora, M. (2012, June 5th) How secure is AES against brute force attacks
Brekle, Katherine (2017, Jan 19) Encryption - What would it take to crack it Reflection
Cyber Security Foundation course offers great insight on various artifacts; however, in my opinion, a) Threat & Vulnerabilities and b) encryption are very much relevant in today's digital world. Their importance is undeniable, where we have breaches due to vulnerabilities, and malware is the vehicle.
​

• Threat and Vulnerabilities

As mentioned above, globalization & digitalization have made IT systems vulnerable to threats; hence, I had chosen Threat & Vulnerabilities as one of the critical artifacts of today's time. Threat Analysis assignment made me do in-depth research on various attacks and breaches. I covered the Rio Olympic DDOS attack in 2015, WannaCry (Ransomware) & Ubiquiti Networks CEO scam (Business Email Compromise), which provided me insight on how a typical large enterprise fails to cope against cyberattacks. This analysis helps me build my knowledge base about the most common causes of data breaches, such as weak or stolen credentials, vulnerabilities, malware, malicious insiders, & weak cybersecurity strategies. Hence with all this exposure of today's complex threat landscape and its impact on the social or economic aspects of society. Its also our responsibility as cybersecurity specialists to create awareness about cybersecurity in general (e.g., educating consumers to follow best practices for WIFI, passwords, IoT, etc.). Cybersecurity professionals are challenged ethically on multiple levels by these threats and vulnerabilities. First, they are challenged by technical quandaries that have ethical implications: which security techniques are most likely to be effective, and what resources do these professional require? How can we keep up with an ever-escalating 'arms race' between network intruders and defenders? Since virtually no software can be made 100% secure, what levels and types of security risk are acceptable to tolerate?
A broader and better understanding of cybersecurity ethics is therefore essential to promoting and protecting human flourishing in an increasingly networked society.

• Encryption

Encryption was chosen because most of the world is going towards implementing TLS, and all the URLs/Internet websites are moving or moved to encryption. In the assignment, it was fascinating to enable encryption on email, which is THE NUMBER #1 threat vector. Most of the malware or ransomware enters the network through email. Hence, encryption is critical to implement across the infrastructure. I learned that encryption, if implemented correctly, can close doors for hackers; they are taking different routes of injecting themselves in the infrastructure like credential-stealing or social engineering attacks. Attackers don't want to spend time on breaking the keys if they have another simple way to get into the network. Implementing a cohesive encryption policy can push attackers to backseat; hence, I enjoyed and have developed a great interest in encryption. My goal is to simplify its implementation so more enterprises can deploy it efficiently. Organization needs to ensure that their encryption practices are well-aligned with industry standards. These standards must be adequate/ethically defensible.