Monday, January 8, 2024

Quick and Dirty -- Preferably Dirty



Key Terms 


  • CIA - Confidentiality Integrity Availability
  • Risk = TVA - Threat Vulnerability Asset
  • Bots & Zombies - Hijacked computers called bots or zombies running botnets
  • APTs - Advanced Persistent Threats
  • MD5 and SHA are - Hases used to store secret info
  • RMF - Risk Management Framework
  • TCP/IP - Internet Comm Protocol -- Transmission Control Protocol
  • Segmentation - Breaking a network in segments for performance and security
  • VPN - Virtual Privae Network
  • On-Path Attack - MITM Man in the Middle Attacks
  • DDoS - Distributed Denial of Service
  • Open Source - Source code available to anyone, free software liscence
  • GNU Coreutils - GNU is Not Unix, Standard utilities in Unix & Linux
  • AD - Microsoft Active Directory
  • Defender - Microsoft endpoint security aka Microsoft Defender AntiVirus
  • LM Cyber Kill Chain - Lockheed Martin Attack Framework
  • ATT&CK - Mitre's Adversarial Tactics, Technicques & Common Knowledge
  • Kali - Linux distro with over 600 tools
  • GUI - Graphical User Interaface
  • CLI - Command Line Interface
  • Linux - OS Kernel created by Linus Torvalds using the 
  • GNU/GPL - General Public Liscence 
  • CIS - Center for Internet Secrity & Benchamarks
  • An OS - infrastructure software between apps and hardware
  • Wintel - hardware specs built around the x86 intel cpus owned by microsoft based on the original IBM PC from 1981
  • DLP - Data Loss Prevention


Patches -- security patches are software and operating system updates that aim to fix security vulnerabilities in a program or product. These updates literally “patch” a hole in your defense, preventing a hacker or piece of malware from exploiting a way into your network.


Windows Vs Linux : WINDOWS 

  • Directory/Folder Based File System
  • 75% of the worlds computers
  • Proprietary : users DO NOT have kernel access
  • Limited customizability
  • Security relies on user updates or acceptance of limitations
  • Collects and Shares much of user behavior


Windws vs Linux : LINUX

  • Hierarchical Tree file system
  • Server adoption rates continue to outpace other OS's
  • OPEN SOURCE
  • Very Customizable 
  • Open-source, community supported security
  • more privacy focused by design


Windows Enterprise :

  • Windows Server
  • Web Server/IIS
  • File/Print/DB Servers
  • Cloud
  • WiFi
  • Mobile Device Management


Windows Active Directory:

  • Oversees all users, groups, and devices in a windows environment
  • Enables system admins to control permissions and access
  • Runs on Windows Servers
  • Objects : single users, applictions, devices


Todays most popular OSs

  • Linux - Primarilty for SERVERS
  • Windows - Desktops Laptops and Servers
  • MacOS - Apple Desktop and Laptops
  • iOS & Android - Apple and Open-Source OSs for mobile phones

  • Linux IS Open Source and follows the GNU General Public Liscence






SSDLC -- Secure Software Development Lifecycle 

 Secure coding practices and vulns

  • 1. Requirement Analysis 
  • 2. Design
  • 3. Development
  • 4. Testing
  • 5. Release
  • 6. Maint.




Three States of Data :


  1. Data in Use -- Data that is being processed actively
  2. Data in Transit -- Data moving from one locaiton to another
  3. Data at Rest -- Data that is being stored or archived


Overview of tools and controls 


  • Segmentation -- Dividing networks into multiple segments or zones
  • Segregation -- Implementing rules to control comm. betweeen hosts services or subnets 
  • Firewalls -- BiDirectional implementation of above two controls.



Network Segregation

  • DMZ -- demilitarized zone can create isolation and the importance of isolation to the security of a network.
  • Adheres to a ZERO-TRUST model
  • Organizations place public facing services within a DMZ


Server Hardening:


  • User Configuration
  • Network Configuration
  • Roles and Features (Specific to windows server)
  • Update Management
  • Network Time Protocol -- NTP
  • Firewall Configuration
  • Event Logging


Zero Trust Framework


Zero Trust is a proactive, interated approach to security accross all layers. Demands the following :

  • 1. Continuously verifies every transaction
  • 2. Asserts least priviledge
  • 3. Relies on intelligence, advanced detection, and real time response to threats.



Whats the difference between windows and linux?

Windows is a hierarchical folder-based file system, Linux is a tree file system.  Windows is proprietary with a closed kerenel where linux is open source.


How would you differentiate Windows Enterprise from a home computer?

the use of centralized auth thru active directory is the key diff


What does the term "object" refer to in AD

a single entity such as a user or device


Shift-Left Testing -- Stage-based testing of code and functionality for constant improvement

Application -- program designed to perform a function or funcitons on a computer

Misinformed Users is NOT a regular vuln on the OWASP top 10 list.

Fuzzing is NOT a step in SSDLC

Shift-Left testing refers to Incorporating security controls and considerations at each phase of the SSDLC

What is DevOps?  A set of practices designed to avoid delays and bugs by incorporating IT and Dev teams during SSDLC











Yes there is typo's.....see title

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Current Project

Short History of the CCP Cyber

    Whether this is due to their naivety, thinking the state will cover their activities, or their inability to understand that the Great Fi...

  • IT-UA Target List
        TARGET LIST Business corporations: Gazprom - https://www.gazprom.ru/ Lukoil - https://lukoil.ru Magnet - https://magnit.ru/ Norilsk Nick...
  • Escaping Surveillance in Modern Society
      Escaping surveillance capitalism, at scale Jan 18, 2024 • Our relationship with computers and phones has changed. We used to rely on softw...