cybersecurity

i’m taking some security courses so i’m just dropping notes/thoughts here

Cybersecurity Rulebook: Principles, Attacks, and Ethics

Core Cybersecurity Principles (CIA Triad)

• Confidentiality – Protects sensitive data from unauthorized access.
• Integrity – Ensures data remains accurate and unaltered.
• Availability – Keeps systems and data accessible when needed.

Security Foundations

• Controls – Security measures that mitigate cyber threats.
• Frameworks – Best practices for implementing security.
• Compliance – Legal regulations ensuring security policies are followed.

• NIST CSF & RMF – Risk management guidelines.
• FERC-NERC – Protects the U.S. power grid.
• FedRAMP – Standardizes cloud security for government.
• CIS Controls – Actionable security best practices.
• GDPR – Requires breach notifications for EU citizens within 72 hours.
• PCI DSS – Secures credit card transactions.
• HIPAA – Protects medical records.
• ISO Standards – Global security guidelines.
• SOC 1 & SOC 2 – Financial and data security standards.

• GLBA – Protects consumer financial data.
• SOX – Ensures corporate financial transparency.
• Executive Order 14028 – Strengthens U.S. cybersecurity policies.

Cyberattack Methods & Risks

Social Engineering & Phishing Attacks

• Phishing – Deceptive emails stealing credentials.
• Spear Phishing – Targeted, personalized phishing.
• Whaling – High-profile phishing aimed at executives.
• Vishing & Smishing – Phone and SMS-based scams.
• BEC (Business Email Compromise) – Fraudulent executive impersonation.
• Social Media Phishing – Using personal data for scams.
• Watering Hole Attack – Infecting frequently visited websites.
• USB Baiting & Physical Social Engineering – Tricking users into giving access.

Malware Attacks

• Viruses – Attach to files and spread.
• Worms – Self-replicating network malware.
• Ransomware – Encrypts data and demands ransom.
• Spyware – Secretly monitors user activity.

Password Attacks

• Brute Force – Trying all possible password combinations.
• Rainbow Table – Cracking encrypted passwords using precomputed hashes.
  

Physical & AI Attacks

• Malicious USB & Flash Drives – Devices carrying malware.
• Card Cloning & Skimming – Stealing credit card data.
• Adversarial AI – Manipulating AI models to bypass security.
  

Cybersecurity Ethics & Legal Boundaries

Counterattacks (Hacking Back)

• Computer Fraud and Abuse Act (1986) – Bans unauthorized access.
• Cybersecurity Information Sharing Act (2015) – Allows threat sharing but prohibits counterattacks.

• Allowed under strict conditions (e.g., targeting only the attacker, no escalation, reversible damage).
• Why It’s Risky – Counterattacks often escalate conflicts and can misidentify attackers.

Cybersecurity Code of Ethics

• Confidentiality – Limit access to authorized users only.
• Privacy Protection – Secure sensitive personal data.
• Legal Compliance – Follow cybersecurity regulations.
• Continuous Learning – Stay updated on evolving threats.

Key Takeaways: Cybersecurity Is More Than Just Tech

• Strong security relies on controls, frameworks, and compliance.
• Cyber laws protect both individuals and organizations.
• Ethical responsibility is as important as technical skills.
• Defense, not offense – Counterattacks are illegal and risky.

Essential Tools for Security Analysts

Key Cybersecurity Tools

Security Information and Event Management (SIEM) Tools

• Purpose: Analyzes log data to detect suspicious activity.
• Key Features:
  • Dashboards – Visualize security data for quick threat detection.
  • Threat Alerts – Notify analysts of unusual activity.
  • Cloud vs. On-Premise – Cloud-based SIEM offers easy deployment, while on-premise provides more control.

Network Protocol Analyzers (Packet Sniffers)

• Purpose: Captures and inspects network traffic to identify security breaches.
• Function: Monitors data packets traveling through a network, tracking potential threats.

Incident Response Playbooks

• Purpose: Guides security teams in handling security incidents systematically.
• Key Playbooks:
  • Chain of Custody – Tracks who handled digital evidence and its storage history.
  • Protecting & Preserving Evidence – Ensures digital evidence remains intact for legal investigations.

Key Takeaways

• SIEM tools streamline threat detection through automated log analysis.
• Packet sniffers help monitor and analyze network activity for security risks.
• Playbooks provide structured procedures for investigating and responding to cyber incidents.

Essential Concepts in Risk Management and Threats

• Risk Management
  
  • The process of protecting valuable organizational assets from threats, risks, and vulnerabilities.
  • Strategies include:
    • Acceptance: Acknowledging a risk without taking further action.
    • Avoidance: Implementing measures to completely prevent a risk.
    • Transference: Shifting risk management to a third party.
    • Mitigation: Reducing the impact of a risk.
• Assets
  
  • Items of value to an organization, which can be:
    • Digital Assets: Employee, client, or vendor information such as Social Security numbers, dates of birth, bank account numbers, mailing addresses.
    • Physical Assets: Tangible items like payment kiosks, servers, computers, and office spaces.
• Risk Management Frameworks
  
  • Guidelines and processes used to protect assets, such as:
    • NIST Risk Management Framework (RMF)
    • Health Information Trust Alliance (HITRUST)
• Threats
  
  • Circumstances or events that can negatively impact assets.
  • Examples include:
    • Insider Threats: Abusive use of authorized access by staff or vendors.
    • Advanced Persistent Threats (APTs): Long-term unauthorized access maintained by threat actors.
• Risks
  
  • The potential impact on confidentiality, integrity, or availability of an asset.
  • Influenced by factors such as:
    • External Risks: Threats originating outside the organization.
    • Internal Risks: Risks posed by current or former employees, vendors, or partners.
    • Legacy Systems: Outdated technology that may not be secure.
    • Multiparty Risk: Risks from third-party vendor relationships.
    • Software Compliance/Licensing: Unpatched or non-compliant software vulnerabilities.
• Vulnerabilities
  
  • Weaknesses in a system that can be exploited by threats.
  • Notable examples include:
    • ProxyLogon: A vulnerability in Microsoft Exchange servers.
    • ZeroLogon: A flaw in Microsoft’s Netlogon authentication protocol.
    • Log4Shell: A vulnerability in the Log4j Java library allowing remote code execution.
    • PetitPotam: A technique exploiting Windows NTLM to initiate unauthorized authentication requests.
    • Security Logging and Monitoring Failures: Insufficient systems to detect vulnerabilities.
    • Server-Side Request Forgery (SSRF): Allows attackers to manipulate server applications to access backend resources.
• Continuous Monitoring and Patching
  
  • Regularly inspect systems for vulnerabilities and apply updates or patches to mitigate risks, reducing potential exposure.