- “Brand Name Attacks”
- Things like SolarWInds, log4j,
- Dave
- Dave is the user. Dave makes errors. Dave gets around security.
- CIA
- Confidentiality, Integrity, Availability plus Non-Repudiation and
Authentication
- Layers of Security
- Dependent on the organization, places like hospitals need to use all
of the layers where as somewhere without such crucial info wouldn’t
“need” as many layers
- Policies
- What you can and cannot do. Explicitly enforceable.
- Standards
- Stuff things you NEED to abide by. Requirements.
- Know how to use cryptography to secure the five components of
security
- Confidentiality
- File encryption with say AES
- Integrity
- Using hashes as checks utilizing MD5
- Availability
- Encrypted tunnels ensure secure movement of information
- Non-Repudiation
- Keys. One Key or Key Pair
- Authenticity
- Using MD5 again to ensure you got the correct file
- Code vs Cipher
- Code is just a representation of a value, like a surrogate value. A
cipher is information that has been encrypted and you cannot read
it.
- Cryptographic Attacks
- Birthday Attack: 2 Unique inputs give the same out
- Rainbow Tables
- Brute Force
- Three steps of proper privileges
- Authentication
- Authorization
- Auditing
- Certificate Classes
- Root trust is hard to get, intermediate CAs get root certs and from
that trust they can give out more certs based on that inherited
trust.
- Historical physical security defenses
- Walls, or anything in a castle
- Environmental Controls
- Mainly temp control. Computers are hot. Condensation builds.
Dehumidifiers.
- Virtualization types
- Type 1: Bare metal on hardware distribution
- Type 2: VM’s
- 5 Factors
- Something you have
- Something you know
- Something you are
- Someplace you are
- 3 Types of wireless
- Bluetooth
- NFC
- Wi-Fi
- Cellular
- Radio
- Infrared
- Wireless Protocols
- Common Auth Methods
- Two Factor
- MAC
- DAC - Discretionary Access Control
- RBAC - Role Based Authentication
- Rule-BAC
- ABAC
- Common Auth Protocols
- RADIUS
- PPTP
- OAuth2
- LDAP
- SSO