Please enable JavaScript.
Coggle requires JavaScript to display documents.
7. CYBER SECURITY FUNDAMENTAL, by : Anwar Kholidi Nasution - Coggle…
7. CYBER SECURITY FUNDAMENTAL
SECURITY PRINCIPLES
security concepts of information assurance
CIA TRIAD
Availibility
Ensures that authorized users have reliable and timely access to information and resources when needed.
Protects against disruptions (e.g., hardware failures, denial-of-service attacks).
Common controls: redundancy, backup procedures, failover solutions, disaster recovery planning.
Ransomeware
Authentication
Single Factor Authentication
Multi Factor Authentication
two of the following 3 options
Knowledge-based : Password/passphrase
Token-based : PIN
Characteristic-based : Biometric such as fingerprint, face recognized, an iris scan
DDOS
Confidenatiallity
Ensures that information is accessible only to those authorized to have access.
Protects sensitive data from unauthorized disclosure
Common controls: encryption, access control lists, authentication mechanisms.
Dorking
Dorking, often referred to as "Google dorking" or "Google hacking," is a technique that leverages advanced search engine queries to discover sensitive information that may be unintentionally exposed online.
RBAC (Role Based Access Control)
Encryption
Integrity
Ensures the accuracy and completeness of information.
Protects data from being altered or tampered with by unauthorized parties.
Common controls: checksums, hash functions, file permissions, version control.
Checksum
4 Algorithm : md5, sha1, sha256, sha512
Hash Function
File Permissions
Version Control
3 Pilar Cyber Security
People
Red Teaming
Training & Awareness
Prevent Insider Attack
Social Engineering
Cyber Higiene
2FA or OTP
Password ReUse Policy
Authorization & Authentification
Process
Procedure & Compliance
Security Operation System
Security Audit
Vulnerabikity Asessement
Penetration Testing
ISMS ISO 27001
Technology
Zero Trust & Acces Control
Firewall and endpoint Protection
Intrusion Detection/Prevention System
Data Privacy
Personally Identifiable Information
Cross Site Tracking
Cookies
SOCIAL ENGINEERING
Social engineering is the manipulation of people into performing actions or divulging confidential information
Spear Phising
Phising
DENIAL OF SERVICE (DOS)
Denial-of-Service (DoS) attacks are a type of network attack that is relatively simple to carry out, even by an unskilled attacker. A DoS attack results in some sort of interruption of network service to users, devices or applications.
DISTRIBUTED DOS
A Distributed DoS (DDoS) attack is similar to a DoS attack but originates from multiple, coordinated sources. For example:
An attacker builds a network (botnet) of infected hosts called zombies, which are controlled by handler systems.
BOTNET
A bot computer is typically infected by visiting an unsafe website or opening an infected email attachment or infected media file. A botnet is a group of bots, connected through the Internet, that can be controlled by a malicious individual or group. It can have tens of thousands, or even hundreds of thousands, of bots that are typically controlled through a command and control server.
ON-PATH ATTACKS
On-path attackers intercept or modify communications between two devices, such as a web browser and a web server, either to collect information from or to impersonate one of the devices.
This type of attack is also referred to as a man-in-the-middle or man-in-the-mobile attack
SEO POISONING
You’ve probably heard of search engine optimization or SEO which, in simple terms, is about improving an organization’s website so that it gains greater visibility in search engine results
PASSWORD ATTACK
by : Anwar Kholidi Nasution