Security: Basics

Overview

Overview

Cybersecurity, often referred to as information technology security or computer security, is the practice of protecting computer systems, networks, devices, and data from unauthorized access, cyber attacks, damage, or theft. It encompasses a wide range of technologies, processes, and practices designed to safeguard digital assets and ensure the confidentiality, integrity, and availability of information.

In essence, cybersecurity aims to mitigate the risks associated with cyber threats, which can include various forms of malicious activities such as hacking, malware, phishing, ransomware, denial-of-service attacks, and social engineering. These threats can target individuals, organizations, governments, or even entire nations, and they can lead to financial losses, reputational damage, privacy breaches, and disruption of critical services.

Key Components

• Risk Management: Identifying, assessing, and prioritizing risks to determine the most effective strategies for mitigating them
• Security Policies and Procedures: Establishing guidelines, standards, and protocols to govern the secure use of technology and the protection of information assets
• Access Control: Implementing mechanisms to regulate and monitor access to systems, networks, and data, ensuring that only authorized users can perform specific actions
• Encryption: Using cryptographic techniques to secure data in transit and at rest, preventing unauthorized disclosure or tampering
• Network Security: Deploying firewalls, intrusion detection systems, and other technologies to detect and prevent unauthorized access and malicious activities on networks
• Endpoint Security: Securing individual devices (e.g., computers, smartphones, IoT devices) to protect against malware, unauthorized access, and data breaches
• Incident Response: Developing and implementing procedures to detect, respond to, and recover from security incidents, minimizing their impact on operations and data
• Security Awareness Training: Educating users about cybersecurity risks, best practices, and policies to promote a security-conscious culture within organizations
• Compliance and Regulation: Ensuring compliance with relevant laws, regulations, and industry standards related to cybersecurity and data protection
• Continuous Monitoring and Improvement: Regularly monitoring systems, networks, and processes for security threats and vulnerabilities, and continually improving security measures based on emerging threats and evolving best practices

Terminology

Threat

• Threat: Any potential danger to an asset
• Cyber Threat: A threat that leverages digital means to compromise confidentiality, integrity, or availability of data or systems
• Attack Vector: The path or means by which a cyber attack is carried out
• Malware: Malicious software designed to damage or gain unauthorized access to a computer system
• Vulnerability: Weakness in a system that could be exploited by a threat
• Zero-day Vulnerability: A vulnerability that is unknown to the vendor and has not been patched
• Exploit: Code or technique used to take advantage of a vulnerability
• Backdoor: A hidden entry point into a system used for unauthorized access

Security Controls and Measures

• Firewall: A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules
• Intrusion Detection System (IDS): Security system that monitors network or system activities for malicious activities or policy violations
• Intrusion Prevention System (IPS): Security system that actively blocks or prevents detected intrusion attempts
• Antivirus Software: Software designed to detect, prevent, and remove malware
• Encryption: Process of converting data into a ciphertext that can only be decoded with the correct encryption key
• Key: A piece of information used in encryption algorithms to encrypt and decrypt data
• Access Control: Mechanism to regulate who can access resources in a system or network
• Two-factor Authentication (2FA): Authentication method that requires two different authentication factors (e.g., password and SMS code) to verify a user's identity
• Multi-factor Authentication (MFA): Authentication method that requires two or more authentication factors
• Patch: Update to fix or improve software, typically addressing security vulnerabilities

Authentication and Authorization

• Authentication (AuthN): Process of verifying the identity of a user or system
• Authorization (AuthZ): Process of granting or denying access to resources based on the identity and permissions of the requester
• Credential: Information used to authenticate a user (e.g., username and password)
• Token: A piece of data used as part of an authentication process, often used in token-based authentication

Network Security

• Firewall: A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules
• VPN (Virtual Private Network): Secure private network that extends across a public network, allowing users to securely send and receive data
• DMZ (Demilitarized Zone): A network segment that separates an organization's internal network from an external network, typically used to host public-facing services
• DNS (Domain Name System): Hierarchical decentralized naming system for computers, services, or other resources connected to the internet or a private network

Incident Response

• Incident: An event that violates security policies, potentially impacting the confidentiality, integrity, or availability of data or systems
• Incident Response: The process of identifying, managing, and mitigating security incidents
• SOC (Security Operations Center): Centralized unit responsible for monitoring and analyzing an organization's security posture and responding to security incidents

Compliance and Regulation

• Compliance: Adherence to laws, regulations, and standards relevant to cybersecurity
• GDPR (General Data Protection Regulation): European Union regulation concerning data protection and privacy for all individuals within the EU and the European Economic Area
• HIPAA (Health Insurance Portability and Accountability Act): U.S. legislation that sets the standard for protecting sensitive patient data
• PCI DSS (Payment Card Industry Data Security Standard): Security standard for organizations that handle branded credit cards from the major card schemes

Cryptography

• Cryptography: Science of secure communication in the presence of third parties
• Encryption: Process of converting plaintext into ciphertext using an encryption algorithm and an encryption key
• Decryption: Process of converting ciphertext back into plaintext using a decryption algorithm and a decryption key
• Symmetric Encryption: Encryption method where the same key is used for both encryption and decryption
• Asymmetric Encryption: Encryption method where a pair of keys (public and private) are used for encryption and decryption

Miscellaneous

• Phishing: Attempt to trick individuals into providing sensitive information by posing as a trustworthy entity
• Social Engineering: Manipulation of individuals to divulge confidential information or perform actions they would not normally do
• Denial of Service (DoS): Attack that attempts to disrupt the normal functioning of a target system or network by overwhelming it with a flood of traffic
• Man-in-the-Middle (MitM) Attack: Attack where the attacker intercepts and possibly alters communication between two parties without their knowledge

Cryptography

Definition

Cryptography is the science and practice of securing communication and data by converting it into an unreadable format, known as ciphertext, using mathematical algorithms. It ensures that only authorized parties can access and understand the information. Cryptography plays a crucial role in cybersecurity by protecting sensitive data from unauthorized access, tampering, or theft.

Terminology

• Asymmetric Cryptography: A cryptographic method that uses pairs of keys**: a public key for encryption and a private key for decryption
• Ciphertext: This is the encrypted form of the plaintext, which is unintelligible without the decryption key
• DSA (Digital Signature Algorithm): United States Federal Information Processing Standard for digital signatures. It is based on modular exponentiation and the discrete logarithm problem. DSA is commonly used for digital signatures and authentication in applications like secure email and web browsing
• Decryption Algorithm: A mathematical procedure used to decrypt data
• Decryption: The reverse process of encryption, which involves converting ciphertext back into plaintext using a decryption algorithm and the corresponding key
• Digital Signature: A cryptographic technique used to verify the authenticity and integrity of a message or document
• Encryption Algorithm: A mathematical procedure used to encrypt data
• Encryption: The process of converting plaintext into ciphertext using an encryption algorithm and a secret key
• HSM (Hardware Security Module): Physical device or appliance that provides secure storage and management of cryptographic keys and sensitive data. HSMs are tamper-resistant and offer hardware-based encryption, key generation, and key management services. They are commonly used to enhance the security of cryptographic operations in various applications
• Hash Function: A cryptographic algorithm that converts an input (or 'message') into a fixed-size string of bytes
• IPsec (Internet Protocol Security): Suite of protocols used to secure internet communication at the IP layer. It provides authentication, encryption, and integrity protection for IP packets, ensuring secure transmission of data between network devices. IPsec is commonly used to establish virtual private networks (VPNs) and secure communication between networks
• KMS (Key Management Service): Service that manages encryption keys for cloud services and applications. It provides a centralized platform for generating, storing, and managing cryptographic keys securely. KMS ensures that keys are protected and used in compliance with security policies and regulations
• Key Management: The process of generating, storing, exchanging, and revoking cryptographic keys securely
• Key: A secret value used by encryption and decryption algorithms to transform data
• Plaintext: This refers to the original, readable message or data before encryption
• RSA (Rivest-Shamir-Adleman): Named after its inventors Rivest, Shamir, and Adleman. It is based on the difficulty of factoring large integers, making it secure for use in encryption and digital signatures. RSA is commonly used for securing communications, authentication, and digital signatures
• SSH (Secure Shell): Network protocol used for secure remote access to systems and data communication. It provides encrypted communication between clients and servers, preventing eavesdropping and unauthorized access. SSH is commonly used for remote administration, file transfer, and tunneling
• SSL (Secure Sockets Layer): Deprecated cryptographic protocol used to secure communication over the internet. It provides encryption, authentication, and data integrity for transmitting sensitive information between clients and servers. However, due to security vulnerabilities, SSL has been replaced by newer protocols such as TLS
• Symmetric Cryptography: A cryptographic method where the same key is used for both encryption and decryption
• TLS (Transport Layer Security): Protocol that ensures secure communication over a computer network. It encrypts data transmitted between clients and servers, providing privacy, data integrity, and authentication. TLS is widely used in web browsing, email, instant messaging, and other internet applications

Cryptographic Algorithms

Symmetric Encryption

Algorithm	Type	Key Size	Speed	Security	Use Cases
AES	Block Cipher	128, 192, 256 bits	Very Fast	High	Data encryption, Secure communications
DES	Block Cipher	56 bits	Fast	Low (Deprecated)	Legacy applications
3DES	Block Cipher	112 or 168 bits	Moderate	Moderate	Legacy applications, Data encryption

Asymmetric Encryption

Algorithm	Type	Key Size	Speed	Security	Use Cases
RSA	Asymmetric	1024 - 4096 bits	Moderate to Slow	High	Digital signatures, Key exchange
ECC	Asymmetric	160 - 521 bits (in practice)	Fast to Moderate	High	Mobile devices, IoT, Digital signatures
ElGamal	Asymmetric	Variable	Moderate	Moderate	Key exchange, Digital signatures

Hash Functions

Algorithm	Type	Key Size	Speed	Security	Use Cases
SHA-256	Cryptographic Hash	256 bits	Fast	High	Digital signatures, Integrity verification
SHA-3	Cryptographic Hash	224, 256, 384, 512 bits	Fast	High	Similar to SHA-256, Resistant to length extension attacks
MD5	Cryptographic Hash	128 bits	Very Fast	Low (Deprecated)	Legacy applications

Key Exchange Protocols

Algorithm	Type	Key Size	Speed	Security	Use Cases
Diffie-Hellman	Key Exchange	Variable	Moderate	High	Secure key exchange
RSA Key Exchange	Key Exchange	Variable	Moderate	High	Secure key exchange, Digital signatures
ECDH	Key Exchange	Variable	Fast to Moderate	High	Secure key exchange for ECC

Cryptographic Attacks

Attack/Vulnerability	Description	Mitigation
Brute Force Attack	An attack where an attacker tries all possible keys or passwords until the correct one is found	Use sufficiently long and complex keys or passwords Implement account lockout mechanisms after a certain number of failed attempts Employ key stretching techniques like PBKDF2, bcrypt, or scrypt
Dictionary Attack	An attack where an attacker uses a predefined list of likely passwords or phrases	Encourage the use of complex passwords that are less susceptible to dictionary-based attacks Implement account lockout mechanisms Enforce password expiration policies to minimize the effectiveness of stolen password databases
Cryptanalysis	The study of mathematical techniques for deciphering cryptographic algorithms and protocols	Regularly update cryptographic algorithms and protocols to resist new cryptanalytic attacks Employ well-vetted and standardized cryptographic algorithms with proven security properties Use large key sizes to increase the difficulty of cryptanalysis
Side-channel Attack	An attack that targets weaknesses in the physical implementation of a cryptographic system, such as timing information, power consumption, or electromagnetic radiation	Implement secure coding practices to minimize side-channel leakage Use constant-time algorithms to prevent timing attacks Employ techniques like masking, blinding, or noise injection to mitigate power analysis attacks
Man-in-the-Middle (MITM) Attack	An attack where an attacker intercepts and potentially alters communication between two parties without their knowledge	Use secure communication protocols like TLS/SSL to encrypt data in transit Verify the identity of communication endpoints using digital certificates Implement mutual authentication to prevent MITM attacks
Replay Attack	An attack where an attacker intercepts and retransmits data that was previously captured	Use timestamping or sequence numbers to detect and discard duplicate or out-of-sequence messages Implement cryptographic protocols that include message freshness guarantees, such as nonce-based authentication
Birthday Attack	A type of cryptographic attack that exploits the mathematics of probability to find collisions in hash functions more efficiently than brute force	Use cryptographic hash functions with a sufficiently large output size to reduce the probability of collisions Implement collision-resistant hash functions such as SHA-256 or SHA-3 Employ techniques like salting to mitigate precomputed table attacks
Chosen Plaintext Attack	An attack where an attacker can choose plaintexts to be encrypted and observe the corresponding ciphertexts	Use secure encryption algorithms that are resistant to chosen plaintext attacks, such as AES Implement randomized encryption modes like CBC or GCM to prevent pattern analysis Employ authenticated encryption to ensure confidentiality and integrity of data
Adaptive Chosen Ciphertext Attack (CCA)	An attack where an adversary can obtain the decryption of chosen ciphertexts and adaptively choose subsequent ciphertexts based on previous results	Use encryption schemes that provide security against CCA, such as RSA-OAEP or IND-CCA2 secure encryption schemes Implement appropriate padding schemes to prevent chosen ciphertext attacks Employ secure cryptographic libraries and implementations
Quantum Cryptanalysis	Cryptanalysis techniques that leverage the computational power of quantum computers to break certain cryptographic algorithms, particularly those based on integer factorization and discrete logarithm problems	Transition to quantum-resistant cryptographic algorithms and protocols, such as lattice-based cryptography or hash-based signatures Develop and deploy post-quantum cryptographic standards to ensure long-term security against quantum attacks Research and invest in quantum-resistant cryptographic research and development

Authentication (AuthN) and Authorization (AuthZ)

Definition

Aspect	Authentication	Authorization
Definition	The process of verifying the identity of a user (who are you?)	The process of determining what resources a user can access and what actions they can perform (what are you allowed to do?)
Purpose	To ensure that the user is who they claim to be	To control access to resources based on user identity and permissions
Objective	Verify the user's identity	Determine if the user is allowed to access the requested resource
Focus	Identity verification	Permission management
Goal	To establish trust between the system and the user	To enforce security policies and restrict access to authorized users
Dependency	Precedes authorization	Depends on authentication
Process	Typically involves providing credentials such as username/password, biometrics, tokens, etc.	Typically occurs after successful authentication, involves verifying user permissions and access rights
Components	Credentials, authentication server, user, and verifier	Permissions, roles, access control lists (ACLs), policy enforcement points
Examples	Username/password, biometric authentication, multi-factor authentication	Role-based access control (RBAC), attribute-based access control (ABAC), access control lists (ACLs)
Common Protocols	OAuth, OpenID Connect, SAML, LDAP, Kerberos	OAuth, OpenID Connect, SAML, XACML, ABAC
Failure Impact	Authentication failure denies access to the system	Authorization failure allows access but restricts functionality
Risks	Impersonation, credential theft, replay attacks	Unauthorized access, data breaches, privilege escalation
Implementation	Implemented at the application or network level	Implemented through access control mechanisms within applications or systems
Techniques	Single-factor authentication, multi-factor authentication, biometric authentication	Role-based access control (RBAC), attribute-based access control (ABAC), discretionary access control (DAC)
Granularity	Usually binary (authenticated or not)	Can be fine-grained, defining specific permissions for different resources or actions

Types

Authentication Type	Description	Security Level	Usability	Implementation Complexity	Suitability
Password-Based	Users authenticate themselves using a predefined password.	Moderate	High (familiar to users)	Moderate	General-purpose authentication.
Biometric Authentication	Users are authenticated based on unique biological traits such as fingerprints, facial recognition, or iris scans.	High	High (convenient and user-friendly)	Moderate to High	Secure access control in sensitive environments.
Multi-Factor Authentication (MFA)	Requires users to provide multiple forms of verification such as a password, fingerprint, and a one-time code sent to their phone.	High	Moderate to High (depends on implementation)	Moderate to High	High-security scenarios, financial institutions, sensitive data access.
Single Sign-On (SSO)	Allows users to access multiple applications with a single set of credentials.	Moderate to High	High (reduces password fatigue)	Moderate to High	Enterprises, organizations with multiple systems.
Smart Cards	Users authenticate with a physical card containing an embedded chip that stores authentication data.	High	Moderate (requires physical card)	Moderate to High	High-security environments, government agencies.
Token-Based Authentication	Users are issued a physical or digital token that generates one-time passwords.	High	Moderate (need for token device or app)	Moderate to High	Remote access, VPNs, online banking.
Certificate-Based Authentication	Users authenticate using digital certificates issued by a trusted authority.	High	Moderate to High (initial setup complexity)	High	Secure web applications, client-server communications.
Time-Based One-Time Password (TOTP)	Users generate a one-time password based on the current time and a shared secret.	High	High (via authenticator apps)	Low to Moderate	Secure web services, two-factor authentication.