Module 2: Protect organizational assets

I was fascinated by a world-wide malware event
that happened in 2017. I started watching videos
and preparing to take certification tests,
just like you. I felt overwhelmed at first, but my curiosity and passion has driven me to continue
learning in this field. I always remind
myself that no one is born knowing everything and everyone is on a
learning journey. Even now, I still
remember what it was like to start out
in this profession. So, believe me when I tell
you that you’re making great progress, and I am
proud of your effort! Now, before looking
ahead to where we’re headed on our journey into
the world of security, let’s take a moment to look
back on where we’ve been. Previously, we focused mostly on the concept of assets
and risks in security. We covered topics like
the importance of managing assets and
keeping them safe. We discussed how the
digital world presents new challenges and opportunities in the field of security. We also spent some time
exploring security plans. With this solid foundation, we’re ready to keep expanding
our security mindset. In this section, we’ll cover
the security controls that are used to proactively
keep assets safe. I used the word proactively
there on purpose. As you’ll soon discover, these controls are the
protections that we put in place to stop problems
before they happen. We’re going to begin by taking an in-depth look at privacy. Here, you’ll learn about the
effective data handling processes that keep
information safe. Next, you’ll explore the role of encryption and hashing in
safeguarding information. Finally, you’ll learn about the standard access
controls that companies use to authorize
and authenticate users. Alright, are you ready to keep
moving ahead? I know I am!

Introduction:

In the ever-evolving landscape of cybersecurity, securing sensitive information and mitigating threats is crucial for individuals and organizations alike. Security controls serve as the armor that protects against unauthorized access, data breaches, and cyberattacks. Understanding and implementing these controls effectively is essential for maintaining a robust cybersecurity posture.

What are Security Controls?

Security controls are safeguards designed to prevent, detect, and respond to cybersecurity incidents. They encompass a wide range of techniques, tools, and processes that address various security risks and vulnerabilities. These controls can be categorized into three primary types:

1. Preventive Controls:

• Technical: Firewalls, intrusion detection/prevention systems (IDS/IPS), encryption, data loss prevention (DLP), secure coding practices.
• Operational: Security awareness training, incident response plans, access control procedures, vulnerability assessments and penetration testing.
• Managerial: Security policies, standards, and guidelines, risk management frameworks, security awareness programs.

2. Detective Controls:

• Logging and monitoring: Monitoring system logs and activity for suspicious behavior.
• Vulnerability scanning: Regular scans to identify and address vulnerabilities in systems and applications.
• Security audits: Periodic assessments to identify and mitigate security risks and compliance issues.

3. Corrective Controls:

• Incident response: Processes for identifying, containing, eradicating, and recovering from security incidents.
• Data backup and recovery: Maintaining backups of critical data for restoration in case of a breach.
• Patch management: Timely application of security patches to address vulnerabilities.

Implementing Security Controls:

Effectively implementing security controls requires a comprehensive approach that considers the specific needs and risks of the organization. Here are key steps to follow:

1. Identify Assets and Risks:

• Identify and categorize critical assets that require protection.
• Analyze potential threats, vulnerabilities, and risks associated with these assets.

2. Select and Implement Controls:

• Based on identified risks, choose appropriate preventive, detective, and corrective controls.
• Implement these controls using technical solutions, operational procedures, and management policies.

3. Continuously Monitor and Review:

• Regularly monitor the effectiveness of implemented controls.
• Conduct periodic assessments to identify and address any gaps or weaknesses.
• Update and adapt controls as needed to address evolving threats and risks.

Benefits of Security Controls:

• Reduced risk of cyberattacks: By implementing robust controls, organizations can significantly reduce the risk of data breaches and cyberattacks.
• Increased compliance: Security controls help organizations comply with industry regulations and data privacy laws.
• Improved data security: Controls ensure the confidentiality, integrity, and availability of sensitive information.
• Enhanced operational resilience: Effective security controls allow organizations to recover quickly from security incidents.
• Reduced financial losses: By preventing breaches and mitigating damage, controls save organizations money and resources.

Conclusion:

Security controls are vital components of a comprehensive cybersecurity strategy. By understanding their purpose, types, and implementation process, organizations can strengthen their defenses against cyber threats and protect their valuable assets. Remember, security is an ongoing process, and continuous monitoring and improvement are crucial for maintaining a resilient cybersecurity posture.

These days, information is in so
many places at once. As a result, organizations are under
a lot of pressure to implement effective security controls that protects everyone’s
information from being stolen or exposed. Security controls are safeguards designed
to reduce specific security risks. They include a wide range of tools that
protect assets before, during, and after an event. Security controls can be
organized into three types: technical, operational, and managerial. Technical control types include the many
technologies used to protect assets. This includes encryption,
authentication systems, and others. Operational controls relate to maintaining
the day-to-day security environment. Generally, people perform these
controls like awareness training and incident response. Managerial controls are centered
around how the other two reduce risk. Examples of management controls include
policies, standards, and procedures. Typically, organization’s security policy
outlines the controls needed to achieve their goals. Information privacy plays
a key role in these decisions. Information privacy is the protection
of unauthorized access and distribution of data. Information privacy is
about the right to choose. People and organizations alike deserve
the right to decide when, how, and to what extent private
information about them is shared. Security controls are the technologies
used to regulate information privacy. For example, imagine using
a travel app to book a flight. You might browse through a list of
flights and find one at a good price. To reserve a seat, you enter some personal
information, like your name, email, and credit card number for payment. The transaction goes through successfully,
and you booked your flight. Now, you reasonably expect
the airline company to access this information you enter when signing
up to complete the reservation. However, should everyone at the company
have access to your information? A person working in the marketing
department shouldn’t need access to your credit card information. It makes sense to share that information
with a customer support agent. Except, they should only need to access
it while helping with your reservation. To maintain privacy, security controls are intended to limit
access based on the user and situation. This is known as the principle
of least privilege. Security controls should be designed with
the principle of least privilege in mind. When they are, they rely on
differentiating between data owners and data custodians. A data owner is a person who decides
who can access, edit, use, or destroy their information. The idea is very straightforward except
in cases where there are multiple owners. For example, the intellectual
property of an organization can have multiple data owners. A data custodian is anyone or
anything that’s responsible for the safe handling,
transport, and storage of information. Did you notice that I mentioned, “anything?” That’s because, aside from people,
organizations and their systems are also custodians
of people’s information. There are other considerations besides
these when implementing security controls. Remember that data is an asset. Like any other asset, information privacy
requires proper classification and handling. As we progress in this section, we’ll continue exploring other security
controls that make this possible.

What are the three types of security controls? Select three answers.

Technical, Managerial, Operational

The three types of security controls are technical, operational, and managerial. Each type of security control plays a key role in effective information privacy.

Hello, my name is
Heather and I’m the Vice President of Security
Engineering at Google. PII is everywhere. It’s a fundamental part of how we are all working
online all the time. If you are using
online resources, you are probably putting your
PII out there somewhere. There’s some of your PII
that lots of people know, such as your name. And then there’s sensitive data that you don’t want very
many people to know, such as your bank account number or your private medical
health information. And so we make these distinctions often because this kind of information needs to be
handled differently. Everything that we do now, from school to voting, to registering our car
happens online. And because of that, it’s so
important that we have safety built-in by default into all of our systems. Here’s some tips. You should always encrypt
the data as much as you can when it’s being
stored at rest. And secondly, when it’s
transitting over the Internet, we always want to encrypt
it using TLS or SSL. Third, within your company, you should think very clearly about who has access
to that data. It should be almost no one
if it’s very sensitive. And in the rare cases where somebody does need
to access that data, there should be a
record of that access, who accessed it, and a
justification as to why. And you should have a
program to look at the audit records
for that data. The most important thing
to remember is if you have a situation where PII
has been compromised, remember that’s someone’s
personal information and your response wants to be
grounded in that reality. They need to be able to
trust the infrastructure, the systems, the
websites, the devices. They need to be able to trust the experience they’re having. For me, that’s the
mission: To help keep billions of people
safe online every day.

Fundamentals of Cryptography in Cybersecurity

Introduction:

Cryptography, the art and science of secure communication, plays a vital role in cybersecurity. This tutorial delves into the fundamental principles and practices of cryptography, empowering you to understand how information is protected in the digital world.

1. Core Concepts:

• Plaintext: The original, readable form of information.
• Ciphertext: The encrypted, unreadable form of information.
• Encryption: The process of converting plaintext to ciphertext using a cipher.
• Decryption: The process of converting ciphertext back to plaintext using a key.
• Cipher: The algorithm used for encryption and decryption.
• Key: The secret information used to encrypt and decrypt data.

2. Types of Cryptography:

• Symmetric-key cryptography: Uses a single key for both encryption and decryption.
  • Examples: AES, DES, Blowfish.
• Asymmetric-key cryptography: Uses a pair of keys: a public key and a private key.
  • Public key: Used for encryption.
  • Private key: Used for decryption.
  • Examples: RSA, Elliptic Curve Cryptography (ECC).

3. Cryptographic Functions:

• Hashing: Converts data into a unique fixed-size string, regardless of the original data size.
  • Used for:
    • Verifying data integrity.
    • Password storage.
    • Digital signatures.
  • Examples: SHA-256, MD5.
• Digital signatures: Provides cryptographic proof of the sender’s identity and message integrity.
  • Uses both public and private keys.
  • Ensures authenticity, non-repudiation, and data integrity.

4. Applications of Cryptography in Cybersecurity:

• Secure communication: Protects data confidentiality in transit between systems.
• Data storage: Encrypts sensitive data at rest to prevent unauthorized access.
• Authentication: Verifies users’ identities during login attempts.
• Digital signatures: Authenticates documents and guarantees their integrity.
• Network security: Secures communication channels like VPNs and SSL/TLS.

5. Essential Cryptography Tools:

• OpenSSL: Open-source library for various cryptographic functions.
• GnuPG: Open-source tool for encryption, decryption, and digital signatures.
• PGP: Widely used tool for email encryption and digital signatures.

6. Best Practices for Secure Cryptography:

• Use strong ciphers and keys: Choose algorithms and key lengths that are resistant to known attacks.
• Keep keys secure: Store keys securely and avoid sharing them with unauthorized individuals.
• Update cryptography regularly: Stay informed about vulnerabilities and update algorithms and tools as needed.
• Follow best practices: Implement security best practices like secure coding and data management.

7. Conclusion:

Understanding the fundamentals of cryptography empowers you to protect your information and communication in the digital landscape. By learning about different types of cryptography, cryptographic functions, and best practices, you can contribute to a more secure online environment.

Additional Resources:

• National Institute of Standards and Technology (NIST): https://www.nist.gov/cryptography
• SANS Institute Reading Room: http://bok.ahima.org/doc?oid=25313
• Cryptography Engineering Course (Stanford University): https://www.coursera.org/learn/crypto

Fill in the blank: _____ is the process of transforming information into a form that unintended readers cannot understand.

Cryptography

Cryptography is the process of transforming information into a form that unintended readers cannot understand. In cryptography, a cipher is used to hide, or encrypt, information.

The internet is an open, public system
with a lot of data flowing through it. Even though we all send and
store information online, there’s some information that
we choose to keep private. In security, this type of data is known
as personally identifiable information. Personally identifiable information, or
PII, is any information that can be used
to infer an individual’s identity. This can include things like
someone’s name, medical and financial information, photos,
emails, or fingerprints. Maintaining the privacy of
PII online is difficult. It takes the right security
controls to do so. One of the main security
controls used to protect information online is cryptography. Cryptography is the process of
transforming information into a form that unintended readers can’t understand. Data of any kind is kept secret
using a two-step process: encryption to hide the information,
and decryption to unhide it. Imagine sending an email to a friend. The process starts by taking
data in its original and readable form, known as plaintext. Encryption takes that information and scrambles it into an unreadable
form, known as ciphertext. We then use decryption to unscramble
the ciphertext back into plaintext form, making it readable again. Hiding and unhiding private information
is a practice that’s been around for a long time. Way before computers! One of the earliest cryptographic
methods is known as Caesar’s cipher. This method is named after
a Roman general, Julius Caesar, who ruled the Roman empire near
the end of the first century BC. He used it to keep messages between
him and his military generals private. Caesar’s cipher is a pretty simple algorithm
that works by shifting letters in the Roman alphabet forward
by a fixed number of spaces. An algorithm is a set of
rules that solve a problem. Specifically in cryptography, a cipher is
an algorithm that encrypts information. For example, a message encoded with
Caesar’s cipher using a shift of 3 would encode an A as a D, a B as an E,
a C as an F, and so on. In this example, you could send
a friend a message that said, “hello” using a shift of 3, and
it would read “khoor.” Now, you might be wondering how would
you know the shift a message encrypted with Caesar’s cipher is using.
The answer to that is, you need the key! A cryptographic key is a mechanism
that decrypts ciphertext. In our example, the key would tell you
that my message is encrypted by 3 shifts. With that information, you
can unlock the hidden message! Every form of encryption
relies on both a cipher and key to secure the exchange of information. Caesar’s cipher is not widely used today
because of a couple of major flaws. One concerns the cipher itself.
The other relates to the key. This particular cipher relies entirely on
the characters of the Roman alphabet to hide information. For example, consider a message written
using the English alphabet, which is only 26 characters. Even without the key, it’s pretty simple
to crack a message secured with Caesar’s cipher by shifting
letters 26 different ways. In information security, this tactic
is known as brute force attack, a trial-and-error process of
discovering private information. The other major flaw of Caesar’s cipher
is that it relies on a single key. If that key was lost or stolen, there’s nothing stopping someone
from accessing private information. Properly keeping track of cryptographic
keys is an important part of security. To start, it’s important to ensure that
these keys are not stored in public places, and to share them separately
from the information they will decrypt. Caesar’s cipher is just one of many
algorithms used to protect people’s privacy. Due to its limitations, we rely on more complex algorithms
to secure information online. Our next focus is exploring
how modern algorithms work to keep information private.

In the ever-evolving digital landscape, secure communication is paramount. Public Key Infrastructure (PKI) plays a vital role in safeguarding online interactions, making it crucial for individuals and organizations alike to understand its principles and applications.

What is PKI?

PKI is a comprehensive framework that facilitates secure communication by establishing trust and ensuring data confidentiality, integrity, and authentication. It relies on two key components:

1. Cryptography: PKI utilizes both asymmetric cryptography (public and private key pairs) and symmetric cryptography (single secret key) to encrypt and decrypt information. Asymmetric encryption prioritizes security for sensitive data, while symmetric encryption focuses on speed for efficient communication.

2. Digital Certificates: These digital documents act as online identity badges, verifying the ownership of a public key and ensuring its authenticity. Issued by trusted third parties known as Certificate Authorities (CAs), these certificates enable secure communication by establishing trust between parties.

How does PKI work?

1. Key Generation: Each party involved in communication generates a key pair: a public key and a private key. The public key is shared with anyone who needs to send them encrypted information, while the private key remains confidential and is used to decrypt received messages.
2. Digital Certificate Issuance: Entities seeking a digital certificate submit relevant information to a CA for verification. The CA then creates a certificate containing the entity’s verified information and signs it with its own private key. This digital signature guarantees the certificate’s authenticity and trustworthiness.
3. Secure Communication: When communicating, entities exchange their public keys. Senders use the recipient’s public key to encrypt messages, ensuring only the recipient can decrypt them with their private key. This process guarantees confidentiality and data integrity.
4. Authentication: Digital certificates play a crucial role in verifying the identity of communicating parties. When interacting with a website or server, the user’s browser verifies the website’s digital certificate issued by a trusted CA. This ensures the user is interacting with the legitimate entity and not a fraudulent website.

Benefits of PKI:

• Enhanced Security: PKI protects data confidentiality and integrity by encrypting information in transit and at rest.
• Improved Authentication: Digital certificates verify the identity of individuals and entities, preventing man-in-the-middle attacks and phishing scams.
• Simplified Secure Communication: PKI automatically establishes trust, enabling secure communication without manual key exchange.
• Increased Trust and Confidence: PKI fosters trust in online transactions and interactions, promoting secure e-commerce and digital communication.

Applications of PKI:

• Secure websites & online transactions (e.g., HTTPS)
• Email encryption (e.g., PGP)
• Digital signatures for documents and contracts
• Secure remote access (e.g., VPNs)
• Mobile app security
• Cloud computing

Best Practices for Secure PKI Implementation:

• Use strong cryptographic algorithms and key lengths.
• Implement robust key management practices.
• Choose trusted certificate authorities with a good reputation.
• Regularly update PKI components and software.
• Educate users about PKI principles and best practices.

Conclusion:

PKI plays a fundamental role in securing the digital world by establishing trust and enabling secure communication. Understanding its principles and applications is crucial for individuals and organizations to protect themselves online. By implementing PKI effectively, we can create a safer and more secure online environment for everyone.

Additional Resources:

• National Institute of Standards and Technology (NIST): https://csrc.nist.gov/glossary/term/public_key_infrastructure
• SANS Institute: https://www.sans.org/white-papers/735/
• Cloudflare PKI Guide: https://research.cloudflare.com/projects/internet-infrastructure/pki/

Public key infrastructure (PKI) is a two-step process that includes the exchange of encrypted information. What other step is involved in the PKI process?

The establishment of trust using digital certificates

The PKI process involves the exchange of encrypted information and the establishment of trust using digital certificates. In PKI, data can be encrypted using asymmetric encryption, symmetric encryption, or both. Then, a digital certificate binds the data’s public key to the verified identity of a website, individual, organization, device, or server.

Computers use a lot of encryption algorithms to send and store information online. They’re all helpful
when it comes to hiding private information, but only as long as their
keys are protected. Can you imagine having to keep track of the encryption
keys protecting all of your personal information
online? Neither can I, and we don’t have to, thanks
to something known as public key infrastructure. Public key
infrastructure, or PKI, is an encryption framework that secures the exchange of
information online. It’s a broad system
that makes accessing information fast,
easy, and secure. So, how does it all work? PKI is a two-step process. It all starts with the exchange
of encrypted information. This involves either
asymmetric encryption, symmetric encryption, or both. Asymmetric encryption
involves the use of a public and private key pair for encryption and
decryption of data. Let’s imagine this as a box that can be opened with two keys. One key, the public key, can only be used to access the slot and add
items to the box. Since the public key can’t
be used to remove items, it can be copied and
shared with people all around the
world to add items. On the other hand, the
second key, the private key, opens the box fully, so that the items inside can be removed. Only the owner of the box has access to the private
key that unlocks it. Using a public key allows the people and servers
you’re communicating with to see and send you encrypted information
that only you can decrypt with
your private key. This two-key system makes asymmetric encryption
a secure way to exchange information online; however, it also slows
down the process. Symmetric encryption,
on the other hand, is a faster and simpler
approach to key management. Symmetric encryption
involves the use of a single secret key to
exchange information. Let’s imagine the
locked box again. Instead of two keys, symmetric encryption
uses the same key. The owner can use it to
open the box, add items, and close it again. When they
want to share access, they can give the secret key to anyone else to do the same. Exchanging a single secret key may make web
communications faster, but it also makes
it less secure. PKI uses both asymmetric
and symmetric encryption, sometimes in conjunction
with one another. It all depends on whether speed or security is the priority. For example, mobile
chat applications use asymmetric encryption to establish a connection
between people at the start of a conversation when security is the priority. Afterwards, when the speed of communications back-and-forth
is the priority, symmetric encryption takes over. While both have their own
strengths and weaknesses, they share a common
vulnerability, establishing trust between
the sender and receiver. Both processes rely
on sharing keys that can be misused, lost, or stolen. This isn’t a problem when we exchange information
in person because we can use our senses to
tell the difference between those we trust and
those we don’t trust. Computers, on the other hand, aren’t naturally equipped
to make this distinction. That’s where the second
step of PKI applies. PKI addresses the vulnerability of key sharing by establishing trust using a system of digital certificates between
computers and networks. A digital certificate
is a file that verifies the identity
of a public key holder. Most online information is exchanged using
digital certificates. Users, companies, and networks hold one
and exchange them when communicating
information online as a way of signaling trust. Let’s look at an example of how digital certificates
are created. Let’s say an online
business is about to launch their website, and they want to obtain a digital certificate. When they register
their domain, the hosting company sends
certain information over to a trusted certificate
authority, or CA. The information provided is
usually basic things like the company name and the country where its headquarters
are located. A public key for the
site is also provided. The certificate
authority then uses this data to verify the
company’s identity. When it’s confirmed, the CA encrypts the data with
its own private key. Finally, they create
a digital certificate that contains the
encrypted company data. It also contains CA’s
digital signature to prove that it’s authentic. Digital certificates are a
lot like a digital ID badge that’s used online
to restrict or grant access to information. This is how PKI solves
the trust issue. Combined with asymmetric and symmetric encryption, this two-step approach
to exchanging secure information between
trusted sources is what makes PKI such a
useful security control.

Non-Repudiation and Hashing in Cybersecurity

Non-repudiation and hashing are two important concepts in cybersecurity that work together to ensure the integrity and authenticity of information.

1. What is Non-Repudiation?

Non-repudiation is the principle that someone cannot deny having performed an action or sent a message. Imagine signing a contract; your signature serves as proof that you agreed to the terms of the contract. Similarly, in the digital world, non-repudiation mechanisms are used to provide proof of actions and prevent individuals from denying their involvement.

2. What is Hashing?

Hashing is a cryptographic process that converts data into a unique fixed-size string of characters known as a hash value or digest. This process is one-way, meaning that it is computationally impossible to recreate the original data from the hash value. Hashing functions are specifically designed to be sensitive to any changes in the input data, even the smallest alteration will result in a completely different hash value.

3. How are Non-Repudiation and Hashing Related?

Hashing plays a vital role in achieving non-repudiation in various ways:

• Data Integrity: Hash values act as digital fingerprints that can be used to verify the integrity of data. If a file or message has been altered in any way, its hash value will no longer match the original, indicating tampering.
• Digital Signatures: Digital signatures are created by combining a hash value of the data with the signer’s private key. This signature serves as proof that the signer has seen and approved the data, preventing them from later denying their involvement.
• Audit Logs: Hashing is often used to ensure the integrity of audit logs, which record security-related events within a system. By hashing each log entry, it becomes impossible to alter the log without being detected.

4. Applications of Non-Repudiation and Hashing:

• Digital signatures for contracts and documents
• Secure email communication
• Software integrity verification
• Data center security
• Blockchain technology

5. Benefits of Using Non-Repudiation and Hashing:

• Increased trust and accountability
• Reduced risk of fraud and errors
• Improved data security and compliance
• Enhanced forensic capabilities

6. Best Practices for Non-Repudiation and Hashing:

• Use strong hashing algorithms
• Implement secure key management practices
• Validate digital signatures before accepting data
• Regularly update and audit systems

7. Conclusion:

Non-repudiation and hashing are powerful tools that can significantly enhance the security and integrity of information in the digital world. By understanding these concepts and implementing them effectively, individuals and organizations can reduce the risk of cyber threats and create a more secure online environment.

Additional Resources:

• National Institute of Standards and Technology (NIST): https://csrc.nist.gov/projects/hash-functions
• SANS Institute: https://www.cryptomathic.com/products/authentication-signing/digital-signatures-faqs/what-is-non-repudiation
• Cloudflare PKI Guide: https://research.cloudflare.com/projects/internet-infrastructure/pki/

Security professionals are always thinking about vulnerabilities. It’s how
we stay ahead of threats. We’ve spent some time together exploring
a couple forms of encryption. The two types we’ve discussed
produce keys that are shared when communicating information. Encryption keys are vulnerable
to being lost or stolen, which can lead to sensitive
information at risk. Let’s explore another security control
that helps companies address this weakness. A hash function is an algorithm that
produces a code that can’t be decrypted. Unlike asymmetric and
symmetric algorithms, hash functions are one-way processes
that do not generate decryption keys. Instead, these algorithms produce a unique
identifier known as a hash value, or digest. Here’s an example to demonstrate this. Imagine a company has an internal
application that is used by employees and is stored in a shared drive. After passing through a hashing function,
the program receives its hash value. For example purposes, we created this relatively short hash
value with the MD5 hashing function. Generally, standard hash functions that
produce longer hashes are preferred for being more secure. Next, let’s imagine an attacker
replaces the program with a modified version that
performs malicious actions. The malicious program may
work like the original. However, if so much as one line of
code is different from the original, it will produce a different hash value. By comparing the hash values, we can
validate that the programs are different. Attackers use tricks like this often
because they’re easily overlooked. Fortunately, hash values help us identify
when something like this is happening. In security, hashes
are primarily used as a way to determine the integrity of files and
applications. Data integrity relates to the accuracy and
consistency of information. This is known as non-repudiation, the concept that authenticity
of information can’t be denied. Hash functions are important security
controls that make proven data integrity possible. Analysts use them frequently. One way to do this is by finding
the hash value of files or applications and comparing them
against known malicious files. For example, we can use the Linux command
line to generate the hash value for any file on your computer. We just launch a shell and type the name
of the hashing algorithm we want to use. In this case, we’re using
a common one known as sha256. Next, we need to enter the file
name of any file we want to hash. Let’s hash the contents of newfile.txt. Now, we’ll press Enter. The terminal generates this
unique hash value for the file. These tools can be compared with
the hash values of known online viruses. One such database is VirusTotal. This is a popular tool among security
practitioners that’s useful for analyzing suspicious files, domains,
IPs, and URLs. As we’ve explored, even the slightest
change in input results in a totally different hash value. Hash functions are intentionally designed
this way to assist with matters of non-repudiation. They equip computers with a quick and
easy way to compare input and output values and validate data integrity. Pretty cool, right?

Fill in the blank: Hash values are primarily used to determine the _____ of files and applications.

integrity

Hash values are primarily used as a way to determine the integrity of files and applications. Hashes also keep information confidential because they can’t be decrypted.

Access controls and authentication systems are fundamental pillars of cybersecurity. They ensure that only authorized users can access sensitive information and resources, thereby protecting data confidentiality, integrity, and availability. This tutorial will provide a comprehensive overview of these critical security concepts.

What are Access Controls?

Access controls are security mechanisms that manage who can access specific resources and information within a system. They determine whether a user is authorized to perform certain actions, such as reading, writing, or deleting data. Access control systems can be implemented at various levels, including:

• Network level: Firewalls and access control lists (ACLs) restrict access to specific network resources.
• System level: Operating systems and applications enforce access controls based on user permissions and roles.
• Data level: Databases and other repositories implement access controls to protect sensitive data.

Types of Access Controls:

There are several types of access controls, each with its own strengths and weaknesses:

• Discretionary Access Control (DAC): Users are granted access to resources based on their individual permissions or roles.
• Mandatory Access Control (MAC): Access is granted based on a central authority’s predefined rules and cannot be modified by individual users.
• Role-Based Access Control (RBAC): Users are assigned roles with predefined permissions, simplifying access management.
• Attribute-Based Access Control (ABAC): Access decisions are based on a set of dynamic attributes, such as user identity, location, time, and device.

What is Authentication?

Authentication is the process of verifying a user’s identity before granting access to a system or resource. It ensures that only authorized users can access sensitive information and prevents unauthorized access attempts.

Authentication Factors:

There are three primary factors used for authentication:

• Knowledge: Something the user knows, such as a password or PIN.
• Possession: Something the user has, such as a security token or smartphone.
• Inherence: Something the user is, such as a fingerprint or facial scan.

Strong Authentication:

Strong authentication systems use multiple authentication factors to improve security. This makes it more difficult for attackers to impersonate legitimate users. Common examples of strong authentication include:

• Multi-factor authentication (MFA): Requires users to provide at least two different factors for authentication.
• Biometric authentication: Uses unique physical or behavioral characteristics, such as fingerprints, iris scans, or voice patterns, for identification.

Single Sign-On (SSO):

Single sign-on (SSO) allows users to access multiple applications and resources with one set of credentials. This improves convenience for users and reduces the risk of password fatigue. However, it is important to note that SSO systems can be a single point of failure if compromised.

Best Practices for Access Control and Authentication:

Here are some best practices for implementing secure access control and authentication systems:

• Use strong passwords and enforce regular password changes.
• Implement multi-factor authentication (MFA) where possible.
• Grant users access only to the information and resources they need to perform their job duties.
• Monitor and audit access logs to detect suspicious activity.
• Keep your software up to date to patch vulnerabilities.
• Educate users about cybersecurity best practices.

Conclusion:

Access controls and authentication systems are essential components of any cybersecurity strategy. By implementing strong access controls and authentication mechanisms, organizations can protect their sensitive information and resources from unauthorized access. By understanding the different types of access controls and authentication factors, and by following best practices, organizations can create a more secure environment for their users and data.

Additional Resources:

• National Institute of Standards and Technology (NIST): https://www.nist.gov/cybersecurity
• SANS Institute: https://www.sans.org/
• Open Web Application Security Project (OWASP): https://owasp.org/

Further Learning:

• Explore specific tools and technologies for implementing access controls and authentication, such as Active Directory, Azure Active Directory, and Okta.
• Learn about advanced authentication methods, such as behavioral biometrics and risk-based authentication.
• Stay up-to-date with the latest cybersecurity threats and vulnerabilities related to access controls and authentication.

Protecting data is a fundamental
feature of security controls. When it comes to keeping information
safe and secure, hashing and encryption are powerful, yet limited tools. Managing who or what has access to information is
also key to safeguarding information. The next series of controls that we’ll
be exploring are access controls, the security controls that
manage access, authorization, and accountability of information. When done well, access controls
maintain data confidentiality, integrity, and availability. They also get users
the information they need quickly. These systems are commonly broken down
into three separate, yet related functions known as the authentication,
authorization, and accounting framework. Each control has its own protocol and
systems that make them work. In this video, let’s get comfortable with
the basics of the first one on the list, authentication. Authentication systems are access
controls that serve a very basic purpose. They ask anything attempting
to access information this simple question: who are you? Organizations go about collecting
answers to these questions differently, depending on the objectives
of their security policy. Some are more thorough than others,
but in general, responses to this question can be based
on three factors of authentication. The first is knowledge. Authentication by
knowledge refers to something the user knows, like a password or the answer to a security question
they provided previously. Another factor is ownership,
referring to something the user possesses. A commonly used type of authentication
by ownership is a one-time passcode, or OTP. You’ve probably experienced
these at one time or another. They’re a random number
sequence that an application or website will send you via text or
email and ask you to provide. Last is characteristic. Authentication
by this factor is something the user is. Biometrics, like fingerprint scans on your
smartphone, are example of this type of authentication. While not used everywhere, this form of
authentication is becoming more common because it’s much tougher for
criminals to impersonate someone if they have to mimic a fingerprint or
facial scan as opposed to a password. The information provided during
authentication needs to match the information on file for
these access controls to work. When the credentials don’t match,
authentication fails and access is denied. When they match, access is granted. Incorrectly denying access
can be frustrating to anyone. To make access systems more convenient, many organizations these
days rely on single sign-on. Single sign-on, or SSO, is a technology that combines
several different logins into one. Can you imagine having to reintroduce
yourself every time you meet up with a friend? That’s exactly the sort
of problem SSO solves. Instead of requiring users to authenticate
over and over again, SSO establishes their identity once, allowing them to
gain access to company resources faster. While SSO systems are helpful when it
comes to speeding up the authentication process, they present a significant
vulnerability when used alone. Denying access to authorized
users can be frustrating, but you know what’s even worse? Incorrectly
granting access to the wrong user. SSO technology is great, but not if
it relies on just a single factor of authentication. Adding more authentication
factors strengthen these systems. Multi-factor authentication, or
MFA, is a security measure, which requires a user to verify their identity in two or
more ways to access a system or network. MFA combines two or more independent
credentials, like knowledge and ownership, to prove that someone
is who they claim to be. SSO and MFA are often used in
conjunction with one another to layer the defense capabilities
of authentication systems. When both are used, organizations
can ensure convenient access that is also secure. Now that we covered authentication, we’re ready to explore the second
part of the framework. Next, we’ll learn about authorization!

What are the three factors of authentication? Select three answers.

Knowledge

The three factors of authentication are: characteristic, ownership, and knowledge. Knowledge is used to verify a user’s identity using something the user knows, like a password.

Ownership

The three factors of authentication are: characteristic, ownership, and knowledge. Ownership is used to verify a user’s identity using something the user possesses, like a one-time passcode.

Characteristic

The three factors of authentication are: characteristic, ownership, and knowledge. A characteristic is used to verify a user’s identity using something the user is, such as their fingerprint or other biometrics.

In the realm of cybersecurity, access control plays a critical role in safeguarding sensitive data and systems. While authentication verifies user identity, authorization determines their access privileges, defining what they can and cannot do within a system. This tutorial delves into the mechanisms of authorization, exploring its key principles, implementation methods, and best practices for secure access control.

Understanding the Essence of Authorization:

Authorization systems act as gatekeepers, ensuring only authorized individuals have access to specific resources and functionalities. They determine:

• What resources can be accessed: This includes files, applications, databases, and other sensitive information.
• What actions can be performed: This encompasses reading, writing, modifying, deleting, and other operations.
• Under what conditions access is granted: This involves factors like time of day, location, and purpose of access.

Fundamental Principles of Authorization:

Two fundamental principles guide authorization decisions:

• Principle of Least Privilege: Grant users the minimum level of access necessary to perform their assigned tasks. This minimizes the potential impact of unauthorized actions and simplifies access management.
• Separation of Duties: Divide responsibilities so no single individual has complete control over critical functions. This reduces the risk of internal fraud, errors, and misuse of authority.

Common Mechanisms for Implementing Authorization:

• Role-Based Access Control (RBAC): Users are assigned roles with predefined permissions, simplifying access management and ensuring compliance with least privilege.
• Attribute-Based Access Control (ABAC): Access decisions are based on dynamic attributes, such as user identity, location, time, device, and sensitivity of the resource.
• Mandatory Access Control (MAC): Enforces centrally defined access rules, restricting user control and providing a high level of security.
• Discretionary Access Control (DAC): Users have greater control over their own resources and can grant access to others.

Network Access Control Mechanisms:

• HTTP Basic Auth: Sends usernames and passwords openly, making it vulnerable to eavesdropping.
• HTTPS: Encrypts communication between client and server, protecting sensitive information.
• OAuth: Uses secure API tokens for authorization, eliminating the need for password sharing.

Best Practices for Secure Authorization:

• Implement the principle of least privilege and separation of duties.
• Use strong authentication methods like multi-factor authentication.
• Regularly review and update user permissions.
• Monitor and audit access logs to detect suspicious activity.
• Implement role-based access control (RBAC) or attribute-based access control (ABAC).
• Use secure network protocols like HTTPS and OAuth.
• Keep software and systems up-to-date to patch vulnerabilities.
• Educate users about cybersecurity best practices.

Conclusion:

Authorization plays a vital role in ensuring secure access control and protecting sensitive data. By understanding the fundamental principles, implementing appropriate mechanisms, and adhering to best practices, organizations can create a robust and secure environment for their users and systems. Remember, authorization is an ongoing process, requiring continuous monitoring, review, and adaptation to evolving security threats and business needs.

Further Learning:

• Explore specific authorization tools and technologies like Active Directory, Azure Active Directory, and Okta.
• Learn about advanced authorization models like identity and access management (IAM) and zero-trust security.
• Stay up-to-date with the latest cybersecurity threats and vulnerabilities related to authorization.

By deepening your understanding of authorization mechanisms, you can become a valuable asset in safeguarding your organization’s data and systems.

Access is as much
about authorization as it is about authentication. One of the most
important functions of access controls is how they assign responsibility for
certain systems and processes. Next up in our exploration of access control systems are the mechanisms of authorization. These protocols actually
work closely together with authentication
technologies. While one validates who the user is, the other determines what
they’re allowed to do. Let’s take a look at the
next part of the authentication, authorization, and
accounting framework that protects
private information. Earlier, we learned about the principle of
least privilege. Authorization is linked
to the idea that access to information only
lasts as long as needed. Authorization systems are also heavily influenced by this idea in addition to another
important security principle, the separation of duties. Separation of duties is the principle that users
should not be given levels of authorization
that will allow them to misuse a system. Separating duties
reduces the risk of system failures and inappropriate
behavior from users. For example, a person responsible for providing
customer service shouldn’t also be
authorized to rate their own performance.
In this position, they could easily neglect
their duties while continuing to give themselves high marks with no oversight. Similarly, if one person was authorized to develop and
test a security system, they are much more likely to be unaware of its weaknesses. Both the principle of least
privilege and the concept of separating duties apply
to more than just people. They apply to all systems
including networks, databases, processes, and any other aspect of
an organization. Ultimately,
authorization depends on a system or user’s role. When it comes to securing
data over a network, there are a couple
of frequently used access controls that you
should be familiar with: HTTP basic auth and OAuth. Have you ever wondered what the HTTP in web
addresses stood for. It stands for hypertext
transfer protocol, which is how communications
are established over network. HTTP uses what is
known as basic auth, the technology used to establish a user’s request to
access a server. Basic auth works by sending an identifier every time a user communicates
with a web page. Some websites still use basic
auth to tell whether or not someone is authorized to access information on that site. However, their protocol is considered to be
vulnerable to attacks because it transmits
usernames and password openly
over the network. Most websites today
use HTTPS instead, which stands for hypertext
transfer protocol secure. This protocol doesn’t expose
sensitive information, like access credentials, when communicating over the network. Another secure
authentication technology used today is OAuth. OAuth is an open-standard
authorization protocol that shares designated
access between applications. For example, you can
tell Google that it’s okay for another website
to access your profile to create an account. Instead of requesting
and sending sensitive usernames and
passwords over the network, OAuth uses API tokens to verify access between you and
a service provider. An API token is a small block of encrypted code that contains
information about a user. These tokens contain
things like your identity, site permissions, and more. OAuth sends and receives
access requests using API tokens by passing them from a server to a user’s device. Let’s explore what’s going
on behind the scenes. When you authorize
a site to create an account using
your Google profile, all of Google’s usual login
protocols are still active. If you have multi-factor
authentication enabled on your account,
and you should, you’ll still have the security
benefits that it provides. API tokens minimize
risks in a major way. These API tokens serve as an additional layer of
encryption that helps to keep your Google
password safe in the event of a breach
on another platform. Basic auth and OAuth are just a couple of examples
of authorization tools that are designed with
the principles of least privilege and
separation of duty in mind. There are many other
controls that help limit the risk of unauthorized
access to information. In addition to
controlling access, it’s also important to monitor it. In our next video, we’ll focus on the third and final part
of the authentication, authorization, and
accounting framework.

Authorization controls are linked to two security principles. One is the principle of least privilege. What is the other? 

Separation of duties

Authorization controls are linked to the separation of duties and the principle of least privilege. Separation of duties is the principle that users should not be given levels of authorization that would allow them to misuse a system.

In the ever-evolving landscape of cybersecurity, auditing user activity plays a critical role in safeguarding sensitive information and maintaining system integrity. By examining user actions and system events, organizations can gain valuable insights into potential threats, detect anomalies, and enforce accountability. This tutorial delves into the reasons why auditing user activity is crucial for robust cybersecurity.

Benefits of Auditing User Activity:

• Identifying Security Threats: Auditing user activity helps detect suspicious behavior, such as unauthorized access attempts, unusual resource usage, and data exfiltration attempts. Early identification of these threats allows for immediate response, minimizing potential damage.
• Investigating Security Incidents: When a security incident occurs, auditing logs provide a comprehensive record of user activity, aiding in incident investigation and root cause analysis. This information helps identify the origin of the attack, the affected systems, and the scope of the damage.
• Ensuring Compliance: Many regulations, such as HIPAA and PCI DSS, require organizations to audit user activity to demonstrate compliance with data security standards. Auditing logs provide evidence of compliance and can prevent costly fines and penalties.
• Enhancing Accountability: By tracking user activity, organizations can identify individuals responsible for specific actions within a system. This promotes accountability and helps deter unauthorized activity and data misuse.
• Identifying Trends and Patterns: Analyzing user activity logs over time can reveal patterns and trends, such as peak usage periods, frequently accessed resources, and user behavior anomalies. This information helps optimize resource allocation, improve system performance, and identify potential security vulnerabilities.

Key Components of User Activity Auditing:

• Data Collection: Identifying the types of user activity to be audited, such as logins, file access, and system modifications.
• Log Management: Implementing a system for collecting, storing, and analyzing audit logs securely and efficiently.
• Alerting and Reporting: Establishing automated alerts for suspicious activity and generating reports for further analysis and trend identification.
• Retention and Archiving: Defining data retention policies and ensuring secure archiving of audit logs for regulatory compliance and forensic investigation.

Best Practices for Effective User Activity Auditing:

• Clearly define audit policies and procedures.
• Limit access to sensitive data and audit privileged users more rigorously.
• Use strong authentication and authorization controls.
• Regularly review and update audit logs.
• Invest in user activity monitoring and analysis tools.
• Educate users about the importance of security and user behavior expectations.

Conclusion:

Auditing user activity is an indispensable practice for any organization committed to robust cybersecurity. By understanding the benefits, key components, and best practices, organizations can leverage user activity auditing to proactively identify and mitigate security threats, ensure compliance, and maintain system integrity. Remember, effective user activity auditing is a continuous process, requiring ongoing review, adaptation, and investment in security tools and technologies.

Further Learning:

• Explore specific user activity monitoring and analysis tools available.
• Learn about advanced security analytics techniques for detecting anomalies and threats.
• Stay up-to-date with emerging cybersecurity threats and trends.
• Implement a comprehensive security awareness program for your employees.

By prioritizing and continuously improving your user activity auditing practices, you can significantly strengthen your cybersecurity posture and protect your valuable data.

Have you ever wondered if
your employer is keeping a record of when you log into
company systems? Well, they are, if they’re implementing the third and final function
of the authentication, authorization, and
accounting framework. Accounting is the practice of monitoring the access
logs of a system. These logs contain
information like who accessed the system, and
when they accessed it, and what resources they used. Security analysts use
access logs a lot. The data they contain
is a helpful way to identify trends, like
failed login attempts. They’re also used to uncover hackers who have
gained access to a system, and for detecting an incident,
like a data breach. In this field, access
logs are essential. Oftentimes, analyzing them is the first procedure
you’ll follow when investigating
a security event. So, how do access logs compile
all this useful information? Let’s examine this more closely. Anytime a user
accesses a system, they initiate what’s
called a session. A session is a sequence
of network HTTP basic auth requests and responses associated
with the same user, like when you visit a website. Access logs are essentially
records of sessions that capture the moment a user enters a system until the
moment they leave it. Two actions are triggered
when the session begins. The first is the creation
of a session ID. A session ID is a unique
token that identifies a user and their device
while accessing the system. Session IDs are attached
to the user until they either close their browser
or the session times out. The second action that takes place at the start
of a session is an exchange of session cookies between a server
and a user’s device. A session cookie is a
token that websites use to validate a session
and determine how long that session should last. When cookies are exchanged between your computer
and a server, your session ID is
read to determine what information the
website should show you. Cookies make web sessions
safer and more efficient. The exchange of tokens means that no sensitive information, like usernames and
passwords, are shared. Session cookies
prevent attackers from obtaining sensitive data. However, there’s other
damage that they can do. With a stolen cookie, an attacker can impersonate a user using their
session token. This kind of attack is known
as session hijacking. Session hijacking
is an event when attackers obtain a legitimate
user’s session ID. During these kinds of attacks, cyber criminals
impersonate the user, causing all sorts of harm. Money or private
data can be stolen. If, for example, hijackers obtain
a single sign-on credential from stolen cookies, they can even gain access to additional systems that
otherwise seem secure. This is one reason
why accounting and monitoring session
logs is so important. Unusual activity on access
logs can be an indication that information has been
improperly accessed or stolen. At the end of the day,
accounting is how we gain valuable insight that
makes information safer.

[MUSIC] My name is Tim and I work on
the Detection and Response team at Google. You can think of us as the smoke detectors
and the fire departments at Google. So what our job is, is to detect
harmful activity that may affect Google and its users. The stakes here are very, very high. So imagine what you have on Google,
whether it’s docs, it’s pictures, your financial information,
some of your secrets. Some things that you don’t
want anybody to know. Those are the things
that we’re protecting. Cybersecurity professionals are there to protect the most
valuable assets of the company. You’ll be there to protect that, and that direct line from what you’re doing to
what the company feels is most important, most valuable, and protecting that, I think
provides a lot of purpose for folks. And provides a lot of motivation and
provides the basis and the foundation for a very,
very satisfying career. Cybersecurity is a profoundly
rewarding career. It is a function that is critical at many,
many companies and it is a career that is in high demand, and there is an absolute shortage
of talented labor out there. So from that aspect, if you’re looking for a path to a viable, long
term, rewarding career, this is as straight a path
to that as you can imagine.

Our focus in this section was on a major
theme of security: protecting assets. A large part of this relates to privacy. We should all enjoy the right to
decide who can access our information. As we learned, there are several controls
in place that help secure assets. We began the section by exploring
effective data handling processes that are founded on the principle
of least privilege. We then explored the role of encryption
and hashing and safeguarding information. We explored how symmetric and
asymmetric encryption works and how hashes further
safeguard data from harm. We then turned our attention to standard
access controls. Properly authenticating and authorizing users is what maintaining
the CIA triad of information is all about! We used the AAA framework of security
to take a detailed tour of identity and access management systems and the access
controls that validate whether or not someone is who they claim to be. Well done making it through
the first half of the course! You’re making great progress so
far, and I hope you keep it up. Remember, your background and
experiences are valuable in this field. This combined with the concepts
we’re covering will make you a valuable contributor
to any security team. Up until this point, we’ve been exploring
the defensive side of security, but security isn’t all about planning ahead
and waiting for something to happen. In the next part of our journey, we’re going to continue developing
a security mindset by taking a more proactive look at security from
the perspective of attackers. I’ll meet you there!