Cybersecurity Fundamentals: Principles and Practices

**CIA Triad: Core Security Principles**

The CIA Triad consists of Confidentiality, Integrity, and Availability. These are the fundamental goals of information security.

**Threat Modeling: Proactive Security**

Threat modeling involves system decomposition and emphasizes security by design.

**Kerckhoffs's Principle: System Security**

Kerckhoffs's Principle states that:

1. Security should not depend on the secrecy of the system's design, but only on the secrecy of the key.
2. The system should be usable.
3. Keys must be easy to change.

**One-Time Pad: Unbreakable Encryption**

A One-Time Pad is an algorithm that XORs the message with a randomly generated key of equal length. It is secure if:

1. The key is truly random.
2. The key is as long as the message.
3. Each key is used to encrypt only one message (no reuse).

Reasons for its limited use:

1. Difficulty in generating truly random keys.
2. Computational expense of generating long random keys.
3. Challenges in securely distributing long keys.

**Authentication Factors**

Authentication factors include:

• Something you know: e.g., your first pet's name.
• Something you have: e.g., your phone.
• Something you are: e.g., your fingerprint.
• Something you do: e.g., your typing pattern.

**Cryptographic Hash Functions**

A cryptographic hash is a mathematical algorithm that maps data of arbitrary size to a fixed-size bit string. It is a one-way function with these properties:

1. Pre-image Resistance: It is computationally infeasible to find the original input from its hash.
2. Second Pre-image Resistance: Given an input x, it is infeasible to find a different input x' such that h(x') = h(x).
3. Collision Resistance: It is infeasible to find any pair of distinct inputs x and x' such that h(x) = h(x'). The Birthday Problem makes finding collisions easier than expected.

**Password Attacks: Common Techniques**

Types of password attacks include:

1. Timing Attacks: Analyzing the time taken to process different password attempts.
2. Replay Attacks: Intercepting and retransmitting data packets. Mitigation involves hashing the data before sending it.

**File Permissions: chmod and ACL**

chmod uses a three-digit code (rwx) to represent permissions for the user, group, and others (world). ACL (Access Control List) is a table that specifies permissions for each user or group.

**Principle of Least Privilege: Minimizing Risk**

The Principle of Least Privilege dictates granting only the minimum necessary privileges. It strengthens access control but can be challenging to implement. Too little access leads to frequent requests, while too much poses a security risk.

**DAC vs. MAC: Access Control Models**

DAC (Discretionary Access Control): User-defined, users can delegate permissions, and their programs can pass rights (e.g., Unix file system). MAC (Mandatory Access Control): System-defined, subjects cannot pass rights, and their programs cannot pass rights.

**Saltzer and Schroeder's Design Principles**

Saltzer and Schroeder's principles for secure system design include:

1. Economy of Mechanisms: Keep the design simple and small.
2. Least Privilege: Grant the least set of privileges necessary.
3. Open Design: Do not rely on secrecy of the design for security.
4. Fail-Safe Defaults: Base access decisions on permission, not exclusion.
5. Complete Mediation: Check every access to every object for authority.

**Malware Propagation Methods**

Malware spreads through various methods, including:

1. Trojan Horses: Programs with a hidden malicious purpose alongside a legitimate one.
2. Logic Bombs: Code that executes under specific conditions.
3. Viruses: Self-replicating code that spreads between computers, often through networks or Bluetooth.

**Malware Payloads: Malicious Actions**

Malware can carry out various harmful actions, such as:

1. Ransomware: Encrypting files and demanding payment for decryption.
2. Spyware: Monitoring user activity.
3. Zombies and Bots: Used in Distributed Denial of Service (DDoS) attacks.
4. Rootkits: Malware installed in privileged areas of the system.

**Social Engineering Cycle: Exploiting Humans**

The SANS Institute outlines the social engineering cycle:

1. Information Gathering: Using resources like phone books, Facebook, and Google.
2. Developing Relationships: Starting with harmless questions.
3. Exploitation: Requesting sensitive information, such as passwords.
4. Execution: Using the obtained information for malicious purposes.

**Buffer Overflow: Exploiting Memory**

Buffer Overflow occurs when more data is written to a buffer than it can hold. A NOP slide can be used to increase the chances of reaching malicious code.

**Heap Overflow and Integer Overflow**

Heap Overflow is similar to buffer overflow but occurs in the heap memory. Defenses include randomization and non-executable memory. Integer Overflow happens when an arithmetic operation results in a value outside the representable range.

**Overflow Defenses: Protecting Memory**

Defenses against overflow attacks include:

• Memory Randomization: Randomizing memory addresses to make exploitation harder.
• Canary: Placing a value on the stack to detect modifications.
• Confinement: Restricting the actions a program can perform.

**Same-Origin Policy (SOP): Web Security**

SOP is a security policy that allows JavaScript code to execute only within the same origin. It prevents JavaScript from one origin from accessing data or injecting code into another origin. SOP considers the protocol, host, and port.

**Cross-Site Scripting (XSS): Web Attacks**

XSS attacks involve injecting malicious scripts into web pages. Types include:

• Reflected XSS: The attack script is reflected back to the user from the victim site.
• Stored XSS: The attacker stores malicious code in a resource managed by the web application, such as a database. Input validation is crucial for prevention.

**Cross-Site Request Forgery (CSRF) and SQL Injection (SQLI)**

CSRF forces an authenticated user to execute unwanted actions. Mitigation involves using secret validation tokens, such as session IDs. SQLI involves injecting malicious SQL code. Types include:

• In-band SQLI: Data is extracted through the same channel used for injection.
• Blind SQLI: No data is returned directly, but side-channel information is used to infer data.