Monday, January 8, 2024

Quick and Dirty -- Preferably Dirty



Key Terms 


  • CIA - Confidentiality Integrity Availability
  • Risk = TVA - Threat Vulnerability Asset
  • Bots & Zombies - Hijacked computers called bots or zombies running botnets
  • APTs - Advanced Persistent Threats
  • MD5 and SHA are - Hases used to store secret info
  • RMF - Risk Management Framework
  • TCP/IP - Internet Comm Protocol -- Transmission Control Protocol
  • Segmentation - Breaking a network in segments for performance and security
  • VPN - Virtual Privae Network
  • On-Path Attack - MITM Man in the Middle Attacks
  • DDoS - Distributed Denial of Service
  • Open Source - Source code available to anyone, free software liscence
  • GNU Coreutils - GNU is Not Unix, Standard utilities in Unix & Linux
  • AD - Microsoft Active Directory
  • Defender - Microsoft endpoint security aka Microsoft Defender AntiVirus
  • LM Cyber Kill Chain - Lockheed Martin Attack Framework
  • ATT&CK - Mitre's Adversarial Tactics, Technicques & Common Knowledge
  • Kali - Linux distro with over 600 tools
  • GUI - Graphical User Interaface
  • CLI - Command Line Interface
  • Linux - OS Kernel created by Linus Torvalds using the 
  • GNU/GPL - General Public Liscence 
  • CIS - Center for Internet Secrity & Benchamarks
  • An OS - infrastructure software between apps and hardware
  • Wintel - hardware specs built around the x86 intel cpus owned by microsoft based on the original IBM PC from 1981
  • DLP - Data Loss Prevention


Patches -- security patches are software and operating system updates that aim to fix security vulnerabilities in a program or product. These updates literally “patch” a hole in your defense, preventing a hacker or piece of malware from exploiting a way into your network.


Windows Vs Linux : WINDOWS 

  • Directory/Folder Based File System
  • 75% of the worlds computers
  • Proprietary : users DO NOT have kernel access
  • Limited customizability
  • Security relies on user updates or acceptance of limitations
  • Collects and Shares much of user behavior


Windws vs Linux : LINUX

  • Hierarchical Tree file system
  • Server adoption rates continue to outpace other OS's
  • OPEN SOURCE
  • Very Customizable 
  • Open-source, community supported security
  • more privacy focused by design


Windows Enterprise :

  • Windows Server
  • Web Server/IIS
  • File/Print/DB Servers
  • Cloud
  • WiFi
  • Mobile Device Management


Windows Active Directory:

  • Oversees all users, groups, and devices in a windows environment
  • Enables system admins to control permissions and access
  • Runs on Windows Servers
  • Objects : single users, applictions, devices


Todays most popular OSs

  • Linux - Primarilty for SERVERS
  • Windows - Desktops Laptops and Servers
  • MacOS - Apple Desktop and Laptops
  • iOS & Android - Apple and Open-Source OSs for mobile phones

  • Linux IS Open Source and follows the GNU General Public Liscence






SSDLC -- Secure Software Development Lifecycle 

 Secure coding practices and vulns

  • 1. Requirement Analysis 
  • 2. Design
  • 3. Development
  • 4. Testing
  • 5. Release
  • 6. Maint.




Three States of Data :


  1. Data in Use -- Data that is being processed actively
  2. Data in Transit -- Data moving from one locaiton to another
  3. Data at Rest -- Data that is being stored or archived


Overview of tools and controls 


  • Segmentation -- Dividing networks into multiple segments or zones
  • Segregation -- Implementing rules to control comm. betweeen hosts services or subnets 
  • Firewalls -- BiDirectional implementation of above two controls.



Network Segregation

  • DMZ -- demilitarized zone can create isolation and the importance of isolation to the security of a network.
  • Adheres to a ZERO-TRUST model
  • Organizations place public facing services within a DMZ


Server Hardening:


  • User Configuration
  • Network Configuration
  • Roles and Features (Specific to windows server)
  • Update Management
  • Network Time Protocol -- NTP
  • Firewall Configuration
  • Event Logging


Zero Trust Framework


Zero Trust is a proactive, interated approach to security accross all layers. Demands the following :

  • 1. Continuously verifies every transaction
  • 2. Asserts least priviledge
  • 3. Relies on intelligence, advanced detection, and real time response to threats.



Whats the difference between windows and linux?

Windows is a hierarchical folder-based file system, Linux is a tree file system.  Windows is proprietary with a closed kerenel where linux is open source.


How would you differentiate Windows Enterprise from a home computer?

the use of centralized auth thru active directory is the key diff


What does the term "object" refer to in AD

a single entity such as a user or device


Shift-Left Testing -- Stage-based testing of code and functionality for constant improvement

Application -- program designed to perform a function or funcitons on a computer

Misinformed Users is NOT a regular vuln on the OWASP top 10 list.

Fuzzing is NOT a step in SSDLC

Shift-Left testing refers to Incorporating security controls and considerations at each phase of the SSDLC

What is DevOps?  A set of practices designed to avoid delays and bugs by incorporating IT and Dev teams during SSDLC











Yes there is typo's.....see title

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Current Project

Bypassing Paywalls with Curl by Deon V.

  Sometimes you just want to read an article, but there is a popup that stops you, asking to subscribe in someway. Although there ar...