UDEMY - TOTAL: CompTIA Security+ Certification (SY0-601) - course notes

From PedrosBrainDump

Risk Management

Definiton of risk

  • Asset: An asset is any critical resource used to generate value, such as important data or key personnel within a team.
  • Likelihood: This refers to the probability of an event occurring over time, such as potential disruptions to your infrastructure.
  • Threat Actors: Entities or individuals that may cause harm to your infrastructure. Key types include:
    • Hackers: Individuals who exploit vulnerabilities to gain unauthorized access.
    • Hacktivists: Hackers driven by activist principles, often with political or social motives.
    • Script Kiddies: Inexperienced individuals who use pre-made scripts and known exploits without deep knowledge of hacking.
    • Insiders: Employees or others with internal access who might intentionally or unintentionally compromise the system.
    • Competitors: Rival companies that may attempt to access sensitive business information.
    • Shadow IT: Unauthorized or unofficial IT infrastructure that may introduce security risks.
    • Criminal Syndicates: Organized groups that accept payment to conduct cyberattacks for financial gain.
    • State Actors: Government-backed entities involved in long-term cyber espionage or attacks.
    • Advanced Persistent Threats (APTs): A sophisticated, prolonged hacking campaign aimed at extracting information over time.
  • Vulnerability: A weakness in the system's defenses that could be exploited to compromise an asset.
  • Threat: A potential harmful action or exploit that a threat actor may use to take advantage of a vulnerability.
  • Remediation: The process of evaluating potential risks within the infrastructure, assessing their likelihood, and making decisions on how to mitigate or eliminate these threats.

Some quick review

Risk is the likelihood of a threat actor taking advantage of a vulnerability by using a threat against an it asset Asset is any part of an IT infrastructure that has value.

Likelihood is the probability of assts being damaged over time Threat actor is anyone or anything with the motive and resources to attack another's IT infrastructure.

Vulnerability is a weakness in an asset.

Threat is an action that a threat actor can use against a vulnerability to cause harm.

Risk management

CIA Security Triad

  • Confidentiality (C): Protects data from unauthorized access, often by using encryption to keep sensitive information hidden from threat actors.
  • Integrity (I): Ensures that data remains unchanged and accurate. This is typically achieved by hashing the data at its creation and then re-hashing it upon retrieval to verify that it hasn’t been altered.
  • Availability (A): Guarantees that services and data are accessible when needed, ensuring the system remains operational.

Attack vectors

These are pathways that attackers can exploit to gain access to your infrastructure:

  • Weak Configurations: Misconfigured systems or security settings that create vulnerabilities.
  • Open Firewall Ports: Unmonitored or unsecured firewall ports that allow unauthorized entry.
  • Lack of Security Awareness: Insufficient knowledge or training among users or employees about security risks and best practices.
  • Lack of Multifactor Authentication: Absence of an additional layer of security beyond passwords, making it easier for attackers to gain access.
  • Missing Patches: Failure to apply software updates that address known security vulnerabilities.
  • Infected Hardware: Devices, such as USB drives, that are compromised and connected to the infrastructure, introducing malware.
  • Supply-Chain Attacks: Vulnerabilities introduced through third-party providers. To mitigate, it is essential to have a "right-to-audit" clause in contracts with:
    • Manufacturers
    • Contractors
    • Implementers
    • Outsourced Software Development Teams

Quick review

Vulnerabilities are weakness of an asset in an IT system.

Exploits take advantage of vulnerabilities.

Threat actors are the sources of threats.

Attack vectors are pathways to gain access to restricted systems.

Threat Intelligence Sources

A threat intelligence source provides information on the latest cybersecurity threats, helping organizations stay aware of emerging risks in the market. Key benefits include:

  • Facilitating Risk Management: Enhances the ability to identify and mitigate risks before they cause harm.
  • Hardening Systems: Helps reduce incident response times by strengthening defenses.
  • Providing Cybersecurity Insights: Offers valuable information on adversary tactics, techniques, and procedures (TTPs) and current threats.
  • Threat Maps: Visual representations, often geographical, showing the spread of malware outbreaks.

Types of Threat Intelligence Sources

  • Closed/Proprietary: Paid or restricted-access sources that provide specialized threat intelligence.
  • OSINT (Open-Source Intelligence): Publicly available data used for cybersecurity insights.
  • Government Reports: Reports from agencies like the NSA that provide actionable intelligence.
  • Media: News outlets reporting on cybersecurity incidents and trends.
  • Academic Papers: Research papers providing in-depth analysis of cybersecurity topics.
  • File/Code Repositories: Platforms like GitHub, where security researchers share code and vulnerability information.
  • Vulnerability Databases: Collections of known vulnerabilities, such as:
    • Common Vulnerabilities and Exposures (CVEs): A database of publicly disclosed security flaws.

Dark Web/Deep Web

The Dark Web operates through encrypted, anonymous connections and is not indexed by traditional search engines. Key features include:

  • Tor Network and Browser: The primary tools for accessing the Dark Web, providing anonymity through multiple layers of encryption.
  • Not Indexed by Search Engines: Content on the Dark Web cannot be found using typical search engines.
  • Tor Encryption & Anonymity: Ensures privacy by hiding the user’s identity and location.

Common Users of the Dark Web

  • Journalists: Use it for secure communication.
  • Law Enforcement: Monitors for illegal activities.
  • Government Informants: May use it for covert operations.

Automated Indicator Sharing (AIS)

AIS enables the sharing of cybersecurity intelligence (CI) between entities, helping organizations to stay updated on threats in real time.

  • Structured Threat Information eXpression (STIX): A standardized format for exchanging threat intelligence data. It is a part of AIS and helps in sharing actionable threat information.
  • Trusted Automated eXchange of Intelligence Information (TAXII): A system for real-time sharing of threat intelligence, much like an RSS feed, enabling seamless data exchange between servers and clients.

Quick Review

  • OSINT (Open-Source Intelligence): Publicly available threat intelligence sources.
  • Common Vulnerabilities and Exposures (CVE): A public database of known security vulnerabilities, often used in OSINT.
  • Dark Web: A segment of the internet accessible via encrypted, anonymous networks like Tor, allowing access to unindexed content.
  • STIX: A standardized format for sharing cybersecurity intelligence.
  • TAXII: A protocol that facilitates the exchange of cybersecurity intelligence in real time, similar to a feed for threat data.
Retrieved from "https://pedromussato.com/index.php?title=UDEMY_-_TOTAL:_CompTIA_Security%2B_Certification_(SY0-601)_-_course_notes&oldid=86"