Cybersecurity Fundamentals and Advanced Concepts

Posted on Mar 31, 2024 in Computers

Cybersecurity Basics

  • Security Models and Principles:

    • Bell-LaPadula Model: Ensures confidentiality with “no read up, no write down” principles.

    • Biba Model: Integrity-focused, with “no write up, no read down” rules to prevent data corruption.

    • Clark-Wilson Model: Ensures transaction integrity and separation of duties.

    • Least Privilege & Defense in Depth: Fundamental principles for minimal access and multi-layered defense strategies.

  • Authentication & Access Control:

    • Strong authentication mechanisms, including complex passwords, 2FA, and biometrics (fingerprint, iris scans), are essential.

    • Access control models (DAC, MAC, RBAC) tailor security according to data sensitivity and user roles.

  • Threat Modeling & Risk Management:

    • In-depth discussion on identifying, assessing, and mitigating cybersecurity risks and threats, incorporating methods like STRIDE and DREAD for systematic analysis.

Cryptography Essentials

  • Symmetric vs. Asymmetric Cryptography:

  • Symmetric Encryption (AES, DES): Detailed comparison, highlighting AES’s adoption due to DES’s vulnerabilities to brute-force attacks.
  • Asymmetric Encryption (RSA, ECC): RSA’s widespread use for secure data transmission and ECC’s efficiency with smaller key sizes for the same security level.

    • AES: The standard for symmetric encryption, highlighting its efficiency and security.

    • DES: An older standard, replaced by AES due to vulnerability to brute-force attacks.

    • RSA: A cornerstone of asymmetric cryptography, enabling secure data transmission.

    • ECC: Provides similar security to RSA with smaller key sizes, enhancing efficiency.

Cryptographic Protocols:

SSL/TLS: Protocols for secure internet communication, safeguarding web browsing, email, and more.

Hash Functions:

  • Properties:

    • Deterministic: The same input always produces the same output.

    • Fixed Size: Output length is constant regardless of input size.

    • Efficiency: Computing the hash value for any input is quick and practical.

    • Pre-image Resistance: Given a hash value, it should be infeasible to find the original input.

    • Small Changes in Input: Even tiny changes to the input produce unrecognizable, vast differences in the output.

    • Collision Resistance: Two different inputs should not produce the same output.

  • Use Cases:

    • Data Integrity Checks: Verifying software or file integrity by comparing expected and computed hash values.

    • Password Storage: Hashing passwords before storing them, often with a salt, to protect against theft.

    • Digital Signatures: Hashing data to create a digest, which is then encrypted with a private key to authenticate the origin and ensure integrity.

  • Common Algorithms:

    • MD5: Once popular but now considered broken due to vulnerability to collision attacks.

    • SHA-1: Similarly to MD5, SHA-1 is vulnerable to collision attacks and is being phased out in favor of more secure options.

    • SHA-256 and SHA-3: Part of the SHA-2 family, these algorithms are currently considered secure and are widely used for cryptographic applications.

Key Management/Exchange

  • Diffie-Hellman Key Exchange: Explained for its secure key-sharing mechanism, foundational for encrypted communication. Vulnerable to man in the middle attacks, and uses RSA for secure key exchange

  • Public Key Infrastructure (PKI): Outlined for its role in managing digital certificates, ensuring secure communications over the internet.

  • Components:
  • Certificate Authority (CA): Trusted entity that issues and manages digital certificates. Acts as a root of trust.
  • Registration Authority (RA): Validates entities’ credentials before the CA issues a certificate.
  • Digital Certificates: Electronic documents using public key cryptography to pair a public key with an identity (individual, organization, or device).
  • Certificate Revocation Lists (CRLs): Published lists by CAs of revoked certificates no longer considered valid.
  • Certificate Lifecycle:
  • Issuance: After verification, the CA issues a certificate to the entity.
  • Management: Certificates may need updates or modifications during their validity period.
  • Revocation: If a key is compromised or the information in the certificate changes, it is revoked.
  • Expiration: Certificates have a defined validity period after which they expire.

Authentication

  • Password-Based Authentication: Discussed for its common use and inherent vulnerabilities, emphasizing the need for secure password management practices.

  • Biometric and Token-Based Authentication: Detailed for providing higher security levels through biological attributes and physical or digital tokens.

Factors of Authentication:

  • Something You Know: Passwords, PINs, or patterns.
  • Something You Have: Smart cards, security tokens, or mobile devices.
  • Something You Are: Biometric verification, including fingerprints, facial recognition, and iris scans.
  • Something You Do: Behavioral biometrics such as typing rhythm or mouse movements.

Multi-Factor Authentication (MFA): Combining two or more independent credentials from different categories of authentication for enhanced security. MFA is significantly more secure than single-factor methods, as it decreases the likelihood of unauthorized access.

Federated Identity: Refers to linking and using the electronic identities a user has across multiple identity management systems. It allows users to access systems across different organizations using the same identification data, facilitated by standards like SAML and OAuth.

Access Control

Access Control Mechanisms:

  • ACLs: Define permissions per object for fine-grained access control.
  • RBAC: Simplifies permission management by associating users with roles.
  • ABAC: Offers dynamic, context-aware policies for comprehensive access control.

Network Security Protocols

  • TLS (Transport Layer Security): For secure communications over a computer network.

  • IPSec (Internet Protocol Security): Secures Internet Protocol communications by authenticating and encrypting each IP packet.

Application and Software Security

  • OWASP Top 10: Identifies critical web application security risks.

  • SDLC Security: Integrates security throughout the software development life cycle.

  • SAST and DAST: Tools for identifying vulnerabilities in software applications.

Advanced Topics in Cybersecurity

  • Incident Response: Preparedness and mitigation strategies for cybersecurity incidents.

  • Digital Forensics: Collection, preservation, and analysis of digital evidence.

  • Blockchain Security: Security aspects of blockchain technology and digital currencies.

Advanced Access Control Models:

  • Dynamic Access Control (DAC): Adjusts permissions based on context.
  • Temporal and Spatial Restrictions: Limit access based on time or location, enhancing security for sensitive operations.

Network and Internet Security

Secure Networking Protocols:

  • VPN Technologies: Detailing protocols like PPTP, L2TP, and OpenVPN for secure, encrypted connections over potentially insecure networks.
  • Wireless Security: WEP, WPA, and WPA2 standards, discussing the evolution and vulnerabilities leading to the adoption of WPA3.

Emerging Technologies and Challenges

  • IoT Security: Security challenges associated with the Internet of Things (IoT), including device heterogeneity and the expanded attack surface.
  • AI and Machine Learning in Cybersecurity: Potential and challenges of leveraging AI for threat detection and response, and the ethical considerations of AI-powered attacks.