Please enable JavaScript.

Coggle requires JavaScript to display documents.

Security Revision - Coggle Diagram

- - - - Single Loss Expectancy - Asset value ($) x exposure factor (loss due to a successful threat exploit, given as a %)
      - Annualized Rate of Occurrence - How often in a year a threat will exploit a vulnerability
      - Annualized Loss Expectancy - The single loss expectancy multiplied by the annualized rate of occurence
- - - - Used to be globally unique per network device, however can now be changed with software tools
    - - IP Addresses are assigned in software and therefore cannot be considered strong identifiers
  - - - Passwords - They have to be difficult yet also easily to remember; when stored locally, passwords should be hashed
      - Graphical Passwords - Inverted to combat keystroke loggers; implemented by displaying pictures or through a virtual keyboard
    - - Memory Cards - No processing capabilities, and data on them is unprotected; recently being replaced by USB authentication devices
      - Smart Cards - Embedded semiconductor chip provides limited processing power; major advantage as the log on is one by the reader rather than the host (no password exposre)
    - - Physiological Authentication
        
        Fingerprints & hand geometry
        
        Iris / retina scans
        
        Facial geometry
      - Behavioral Authentication
        
        Voice patterns
        
        Keystroke & signature dynamics
  - - - Non-RBAC - User granted access to data or applications
      - Limited RBAC - Users are mapped to roles within single applications, instead of through an organization-wide role structure
      - Hybrid RBAC - There is a clear role assignment to the user which is applied over multiple applications or systems
      - Full RBAC - Control is always based on roles defined by organizational policies, applied on an enterprise-wide basis
  - - - Simple Integrity Axiom - No read up
      - Star Property - No write down
      - Strong Star Property - No write up (optionally implemented)
    - - Star Property - No write up
      - Invocation Property - A process from below cannot request higher access; only with subjects at an equal or lower level
      - Simple Security Property - No read down
    - - Simple Security Rule - A subject can be granted access to an object (o) only if the object is in the same company datasets as objects previously accessed by the subject, or if it belongs to an entirely different conflict of interest class
      - Star Property - Write access is permitted only if access is permitted by the simple security rule, and no object from a different company database is read
- - - - Application Layer - Directly interacts with applications and users, providing tools to access network resources
      - Presentation Layer - Provides compatibility by ensuring a common format of data representation between peer applications
        
        Achieved through architecture services such as data conversion, character code translation, compression, and encryption / decryption, containing the following sublayers and internet protocols:
        
        CASE - Common application service element
        
        SASE - Specific application service element
        
        Telnet - A remote terminal access protocol
        
        FTP (file-transfer protocol) - In between the presentation layer and session layer
      - Session Layer - Managing sessions or conversations between two systems (starting, maintaining, and ending a connection)
      - Transport Layer - Ensures reliable data transfer between hosts, containing important protocols such as:
        
        UPD (user datagram protocol) - Connectionless / unreliable protocol
        
        TCP (transmission control protocol) - A connection oriented and reliable protocol that provides integrity, by dividing the communication into segments and reassembling them in the correct order
      - Network Layer - Handles the routing of data between different networks, made up of the following protocols:
        
        IP (internet protocol) - Defines the IP of destinations used until packets reach their final destination; fragments packets depending on their size
        
        RIP (routing information protocol) - Uses distance vector algorithms to determine directions and distances to any link. It selects the path with the least number of hops
        
        OSPF (open shortest path first protocol) - Each router sends its own topography of the network to prevent routing loops. However, OSPF uses a lot of CPU and memory.
        
        BGP (border gateway protocol) - Achieves inter-domain routing in TCP / IP networks, updating only when the host detects changes
        
        ICMP (internet control message protocol) - Consists of error messages and query messages that announce network errors / congestion, assist in troubleshooting, and announce timeouts
      - Data-Link Layer - Moves data between two devices on the same network
        
        Logical Link Control - Manages connections for two peers, providing error and flow control
        
        Media Access Control - Transmits / receives frames; logical topologies and hardware addresses are defined
      - Physical Layer - Deals with the hardware and transmission of raw bits, including physical topologies and hardware
  - - - DNS is a frequent target of attacks such as DNS spoofing, since this can divert, prevent, or intercept the vast majority of end user communications. However, if a DNS resolver goes offline, the integrity of the system is kept
    - - Anonymizing Proxies - Used to avoid industrial espionage coming from cleartext data on web servers
      - Open Proxy Servers - Used to allow unrestricted access to GET commands. Used for attacks or for obscuring the origin of illegitimate requests
      - Content Filtering - Used for logging or blocking traffic that is assumed to be non-business related
      - HTTP Tunneling is applied to enhance functionality by bypassing user restrictions and allowing an application to function through a firewall
        
        Usually, this is done by encapsulating outgoing traffic from an application in HTTP requests and incoming traffic in HTTP responses
  - - - ESP Header - Information about the security association and sequence number
      - ESP Payload - Encrypted part of the packet (most of the times, symmetric encryption is used)
      - ESP Trailer - Padding, next header
      - ESP Authentication - Ensures integrity by checking the hash value of the ESP packet
    - - Phase I: Authenticate using a shared secret, or public key encryption. Then IKE, establishes a temporary security association (SA) and secure tunnel to protect the rest of the key exchange
      - The actual security associations (SA) are established using a secure channel
  - - - Port Scanning - Probing for TCP services on a machine, which identifies vulnerabilities in a target system
      - FIN Scanning - A stealth scanning method where a request to close a connection is sent to the target machine. If no application is listening to that port, a TCP, RST, or IMCP packet is sent, revealing an open port
      - NULL Scanning - Similar to FIN scanning, but no flags are set on the initiating TCP packet
      - XMAS Scanning - Similar to FIN scanning, but all flags are set on the initiating TCP packet
    - - Teardrop - IP packet fragments are constructed so that the target host calculates a negative fragment length when attempting to reconstruct the packet, resulting the host to crash
      - Overlapping Fragment Attack - Used to subvert packet filters that only inspect the first fragment of a fragmented packet. This is done through sending a harmless first fragment and overwriting it
      - Source Routing Exploitation - Allows the sender to specify the path of an IP packet instead of letting the router do it which allows for access to the internal network
      - Smurf Attack - The intruder broadcasts an ICMP echo request with a spoofed source address of the victim, overwhelming them with ICMP echo replies
      - Fraggle Attack - The intruder broadcasts UDP packets on port 7, also resulting in denial of service caused by the responses of the network
    - - Distributed Denial of Service Attack (DDos) - Deploying a denial of service attack using a network of remote controlled hosts. This attack is harder to detect and block that a standard DoS
      - Standard Denial of Service Attack (DoS) - Overloading a network with excessive traffic as to shut it down or render it useless. Some countermeasures include multiple layers of firewalls, filtering at firewalls, internal NACs, and load balancing
      - SYN Flooding - A type of denial of service attack against the initial handshake in a TCP connection. Many connections are fake and left open as to overload the system
    - - IP Address Spoofing - IP packets are sent with a bogus source address so that the victim will send a response to a different host. Spoofed addresses may be used to abuse the TCP handshake by leaving half-open connections.
      - E-Mail Spoofing - Can be done by sending a TELNET command on port 25 of a mail server, and used to obfuscate the sender's identity in spamming
      - DNS Spoofing - Occurs when an attacker fakes DNS data to direct users to a malicious website
      - DNS Poisoning - Injecting false information into a DNS server or cache, in order to redirect users to malicious websites
      - Pharming - Manipulating DNS records so that the victim is automatically taken to a malicious website, even when typing in the link for a trusted website correctly
  - - - Packet-Filtering Firewalls - Active by default, and behave based on a set of rules matching packets (IF, THEN / Action: ACCEPT, REJECT, DROP). However, they cannot block everything as it is possible to hide traffic as a different protocol or port
      - Proxy Firewalls - Forced intermediaries between two points A and B, operating on the application layer. The proxy crafts a request from point A, making a similar request to point B and vice versa. However, proxy firewalls are complex, may degrade performance, and must be trusted with sensitive data
    - - Stateless Firewalls - Check packets individually, without remembering details about previous packets. This is fast, but less intelligent.
      - Stateful Firewalls - Remember previous packets and track the state of connections, knowing if a packet is part of a valid ongoing session. This is a smarter / more secure approach, but uses more resources
  - - - Network-Based IDS (NIDS) - Events that are derived from listeners at strategic points such as routers, gateways, or switches. Packet sniffing is used to observe in-transit patterns
      - Host-Based IDS (HIDS) - Events that are derived from kernel operations, application logs, filesystem changes, etc
    - - Multi-Layer Packet Encapsulation - Achieved by placing a tunnel on top of a tunnel, so that no actor knows the complete communication path. This is also known as TOR (onion routing)
- - - - Laplace Mechanism - Addition of calibrated noise masks contribution of any possible individual in the data
      - Privacy Budget - The inherent privacy leakage incurred as a tradeoff between data privacy and data utility
  - - - Partially Homomorphic Encryption - Allows an unlimited number of one type of operation (addition OR multiplication) to be performed on the ciphertexts
      - Somewhat Homomorphic Encryption - Allows a limited number of two types of operations (addition AND multiplication) to be performed on the ciphertexts
      - Fully Homomorphic Encryption - Allows an unlimited number of two types of operations (addition AND multiplication) to be performed on the ciphertexts
    - - Active MPC Security Model - Assuming so-called malicious adversaries; the adversary can arbitrarily deviate from the protocol description
      - Passive MPC Security Model - Assuming honest but curious adversaries; the adversary tries to learn as much private information as possible but correctly (honestly) follows the protocol description
      - Multiparty computation also admits different corruption thresholds, indicating the capabilities of the adversary in terms of the number of computation parties it is allowed to corrupt, such as:
        
        Honest Majority - The adversary is allowed to corrupt strictly less than half of protocol participants
        
        Dishonest Majority - The adversary is allowed to corrupt a subset of the parties greater than half of protocol participants, up to all but one MPC parties (full-threshold security), as long as the overall security of the protocol is still guaranteed