Cyber Security References
Cyber Security Resources
- US CERT | Current Activity
- MITRE | Common Vulnerabilities and Exposures (CVE)
- NIST | National Vulnerability Database
- DoD Approved 8570 Baseline Certifications
- TechRepublic | Security
- ZD Net | Zero Day Blog
- Symantec | Security Blog
- McAfee | Infomration Security Trends
- The Hacker News
What is Cyber Security?
“Cybersecurity” or “Cyberspace security” [is], defined as the “preservation of confidentiality, integrity and availability of information in the Cyberspace”. Source: ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cybersecurity
I define cyber security as the protection (preservation of confidentiality, integrity and availability) of information and defense (prevention, detection and response to attacks) of networks and networked systems and software applications.
This is achieved through proper execution of a comprehensive strategy outlined by policies and standards that define authorized and prohibited activities.
According to the U.S. definition:
The process of protecting information by preventing, detecting, and responding to attacks. Source: Draft Strategy for Improving Critical Infrastructure Cybersecurity (2014)
The ability to protect or defend the use of cyberspace from cyber attacks. Source: CNSS Instruction No. 4009 (26 Apr 2010)
1.The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
2. Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
The process of protecting information by preventing, detecting, and responding to attacks. Source: National Institute of Standards and Technology. US Department of Homeland Security - Draft Framework for Improving Critical Infrastructure Cybersecurity (2014)
The vulnerability of any computing system, software program, or critical infrastructure, or their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized means of, the Internet, public or private telecommunications systems.
Cryptography
Here is an Introduction to Public-Key Cryptography for beginners or refresher.
Open Source tools for creating RSA keys:
Open Source tools for Certificate Authorities
- CAcert
- Dogtag Certificate System
- EJBCA - Open Source PKI Certificate Authority
- Let's Encrypt
- OpenCA Labs
Security Incident Common Language
| <-------------------------Incident-------------------------> | ||||||
| <--------------Attack--------------> | ||||||
| <--Event--> | ||||||
| Attackers | Tool | Vulnerability | Action | Target | Unauthorized Result | Objectives |
- Hackers - attackers who attache computer for challenge, status, or the thrill of obtaining access
- Spies - attackers who attack computers for information to be used for political gain
- Terrorists - attackers who attack computers to cause fear, for political gain
- Corporate raiders - employees (attackers) who attack competitors' computers for financial gain
- Professional criminals - attackers who attack computers for personal financial gain
- Vandals - attackers who attack computers to cause damage
- Voyeurs - attackers who attack computer for the thrill of obtaining sensitive information
- Physical attack - means of physically stealing or damagin a computer, network, its components or its supporting systems
- Information exchange - means of obtaining information either from other attackers or from the people being attacked
- User command - means of expoiting a vulnerablitity by entering commands to a process through direct user input at the process interface
- Script or program - means of exploiting a vulnerability by entering commands to a process thorugh the execution of a file of commands or a program at the process interface
- Autonomous agent - means of exploiting a vulnerability by using a program or program fragment that operates independently from the user
- Toolkit - software package that contains scripts, programs or autonomous agents that expoit vulnerabilities
- Distributed tool - tool that can be distributed to multiple hosts, which then can be coordinated to anonymously perform an attack on the target host simultaneously after some timy delay
- Data tap - means of monitoring the electromagnetic radiation emanating from a computer or network using an external device
- Design vulnerability - vulnerability inherent in the design or specification of hardware or software whereby even a perfect implementation will result in a vulnerability
- Implementation vulnerability - vulnerability resulting from an error made in the software or hardware implementation of a satisfactory design
- Configuration vulnerability - vulnerability resulting from an error in the configuration of a system
- Probe - access a target in order to determine one or more of its characteristics
- Scan - access a set of targets systematically in order ot identify which targets have one or more specific characteristics
- Flood - access a target repeatedly in order to overload the target's capacity
- Authenticate - present an identity to a process and, if required, verify that identity, in order to access a target
- Bypass - avoid a process by using an alternative method to access a target
- Spoof - masquerade by assuming the appearance of a different entity in network communications
- Read - obtain the content of data in a storage device or other data medium
- Copy - reproduce a target leaving the original target unchanged
- Steal - take possession of a target without leaving a copy in the original location
- Modify - change the content or characteristics of a target
- Delete - remove a target or render it irretrievable
- Account - domain of user access on a computer or network that is controlled according to a record of information which contains the user's account name, password, and use restrictions
- Process - program in ixecution, consisting of the executable program, the program's data and stack, its program counter, stack pointer and other registers, and all other information needed to execut the program
- Data - representations of facts, concepts, or instructions in a manner suitable for communication, interpretation, or processing by humans or by automatic means
- Component - one of hte parts that make up a computer or network
- Computer - device that consists of one or more associated components, including processing units and peripheral units, that is controlled by internally stored programs and that can perform substantial computations
- Network - interconnected or interrelated group of hosts computers, switching elements, and interconnecting branches
- Internetwork - network of networks
- Increased access - unauthorized increase in the domain of access on a computer or network
- Disclosure of information - dissemination of information to anyone who is not authorized to access that infomration
- Corruption of information - unauthorized alteration of data on a computer or network
- Denial of service - intentional degradation or blocking of computer or network resources
- Theft of resources - unauthorized use of a computer or network resources
- Challenge, status, thrill -
- Political gain -
- Financial gain -
- Damage -
- Site - organizational level with responsibility for security events
- Site name - portion of the fully qualified domain name that correspons to a site
- Reporting date - first date that the incident was reported to a response team or other agency or individuals collecting data
- Starting date - date of the first known incident activity
- Ending date - date of the last known incident activity
- Number of sites - overall number of sites known to have been reported or otherwise to hve been involved in an incident
- Reporting sites - site names of sites known to have reported an incident
- Other sites - site names of sites known to have been involved in an incident but that did not report the incident
- Indicent number - reference number used to track an incident or identify incident information
- Corrective action - action taken during or after an incident to prevent further attacks, repair damage, or punish offenders
Digital Forensic Tools
- Free Forensic Image Analysis Tools
- The Sleuth Kit - Autopsy for Windows
- Access Data - Forensic Tool Kit for Windows
- SANS - SIFT for Ubuntu
- Linux - dd for Linux
- For Purchase Forensic Image Analysis Tools
- opencase - EnCase Forensic for Windows
DoD Approved 8570 Baseline Certifications
| Approved Baseline Certifications | |||
|---|---|---|---|
| Level I | Level II | Level III | |
| IAT | A+ CE CCNA Security Network+ CE SSCP |
CCNA Security CySA+ GICSP GSEC Security+ CE SSCP |
CASP CE CCNP Security CISA CISSP (or Associate) GCED GCIH |
| IAM | CAP GSLC Security+ CE |
CAP CASP CE CISM CISSP (or Associate) GSLC |
CISM CISSP (or Associate) GSLC |
| IASAE | CASP CE CISSP (or Associate) CSSLP |
CASP CE CISSP (or Associate) CSSLP |
CISSP-ISSAP CISSP-ISSEP |
| CSSP Analyst | CSSP Infrastructure Support | CSSP Incident Responder | |
| CEH CFR CySA+ GCIA GCIH GICSP SCYBER |
CEH CySA+ GICSP SSCP |
CEH CFR CySA+ GCFA GCIH SCYBER |
|
| CSSP Auditor | CSSP Manager | ||
| CEH CySA+ CISA GSNA |
CISM CISSP-ISSMP |
||
