Lernkarten

A DNS Zone transfer is a process where one DNS server copys parts of its databse to another DNS. This helps to have more than one server which can answer questions about a zone. The slaves ask for a copy by the master.

A DNS Zone transfer attack, is that you pretend to be a slave an get a copy of the DNS zone records. 

Risk: The zone records, show a lot of internal topology information about the network, if someone wants to subvert (untergraben) the DNS with spoofing (falsche Identität verwenden) and poisoning, this is very helpful.

Offensive Cybersecurity, focus on penetration testing, assume the role of a hacker, show organizations what could be backdoors or exploits, common practice is that they are outside of the organization.

Defensive Cybersecurity, Assessment (Bewertung) of network security, identification of possible vulnerabilities, find ways to defend, change and re-group defence mechanisms to make incidents responses much stronger. They are continuously improving the digital security infrastructure using security audits, log and memory analysis, pcap, risk intelligence data

Reduce risk and support the mission of the organization.

• It is impossible to design a risk-free environment
• Significant risk reduction is possible often with little effort

Process:

• Identifying factors that could damage or disclose data
• Evaluating those factors in light of data value and countermeasure (Gegenmassnahme) cost
• Implementing cost-effective solutions for mitigating(mildern) or reducing risks

• Evaluation, assessment, and the assignment of value for all assets of an organization
• Examining (untersuchen) an environment for risks
• Evaluating each threat event as to its likelihood of occurring and the cost of damage it would cause if it did occur
• Assessing (bewerten) the cost of various countermeasures for each risk and creating a cost benefit report for safeguards to present upper management

reducing risk, implementation of safeguards and countermeasures to eliminate vulnerabilities

moving risk to another entity or organization

risk tolerance, cost/benefit analysis shows that countermeasure costs too much

Deterrence: Abschreckung

security cameras, security guards, instructional signage

selecting alternate options or activities that have less associated risk than the default e.g.: removing the FTP protocol from a server to avoid FTP attacks.

to reject risk or ignore risk. 

• once a countermeasure is implemented the risk that remains is called a residual risk. 

• the way government agencies obtain wiretapping authorizations
• allow authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant.
• ISPs may have to provide the government with a large range of information.

• The new law applies to all organizations that collect data from EU residents or process that information on behalf of someone who collects it.
• The law even applies to organizations that are not based in the EU, if they collect information about EU residents.
• The ability of the EU to enforce this law globally remains an open question
• A data breach notification requirement that mandates that companies inform authorities of serious data breaches within 24 hours
• The creation of centralized data protection authorities in each EU member state
• Provisions that individuals will have access to their own data
• Data portability provisions that will facilitate the transfer of personal information between service providers at the individual’s request
• The “right to be forgotten” that allows people to require companies to delete their information if it is no longer needed

STRIDE is a model of threats

Spoofing: attack with the goal to gain access and target the system with a falsified identity

Tampering: unauthorized change or manipulation of data whether in transit or storage, to falsify communication or alter  static information

Repudiation: The ability of an attacker to deny having performed an action or activity

Information disclosure: the revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.

Denial of Service (DoS): prevents use of a resource, could reduce throughput or introduce latency in order to hamper productive use of a service

Elevation of privilege:  transform a limited use account into an account with greater privileges, powers and access.

Any potential danger to an asset done intentional or accidental

Threat actor: intentionally exploits vulnerabilities, Script kiddies, Organized crime groups, state sponsor and governments, Hacktivists, Terrorist groups,

Threat intelligence: knowledge about an existing or emerging threat  to assets including networks and systems.

Threat event: accidental and intentional exploits of vulnerabilities.

Erasing: only link to the data is removed, actual data remains on the drive

Clearing: Clearing or Overwriting is a process to preparing media for reuse and make sure that deleted data can not be recovered using traditional tools,

Purging: more intense from of clearing used in less secure environments

Degaussing: erasing data with a strong magnetic field from, does not affect CDs, DVDs and SSDs

Destruction: Destroy it in a way that it cannot be repaired.

a triad of 

             Confidentiality

Integrity                  Availability

Protecting the reliability and correctness of data

• Prevents unauthorized alterations of data
• Only authorized subjects can modify the data
• Alternations should not occur while the object is in storage, transit, or process

Data integrity implies information is known to be good, and the information can be trusted as being complete, consistent and accurate

System integrity implies that a system will work as it is intended to.

Examples: intrusion detection systems, hash verification

Authorized subjects are granted unlimited and uninterrupted access to objects.

Examples: Redundancy, maintain reliable backups, prevent data loss or destruction

Prevent or minimize unauthorized access to data. Allow authorized users access to the data and prevent it for everyone else.

Examples: encryption, access control

Nonrepudiation: records all actions, so that who caused the event cannot deny it was done by him/her

Accountability: Being responsible or obligated for actions and results

Examples: Nonrepudiation can be established using digital certificates, session identifiers, transaction logs.

• Protection against unauthorized dupliction
• Eight broad categories of works qualify for copyright protection. (Literary, musical, dramatic choreographic, graphical/sculptural works, audiovisual works, sound recordings, architectural works)
• Copyright only protects the acutal code but not the idea behind the code, means rewriting is allowed
• The copyright exists once something is created, it must not be registered, if you can prove in court that you were the creator of a work you will be protected under copyright law.
• You can mark your work with the copyright symbol (©) to protect it.
• Works by one or more authors are protected until 70 years after the death of the last surviving author.
• A work is considered “for hire” when it is made for an employer during the normal course of an employee’s workday.

• Words, slogans and logos identifing a company
• No need to register them
• ™ Symbol is used to mark protected words or slogans
• For official recognition it can be register at the «Eidgenössisches Institut für Geistiges Eigentum»

• Patent or copyright could be used for such information, but both of the m provide the protection just for a limited time period
• Trade Secrets are often used by big software companies to protect their core base of intellectual property.

• Protect the intellectual property rights of inventors
• 20 years exclusive usage of the invention
• After 20 years the invention is public available for everyone to use
• Must be new, must be useful, must not be obvious
• Does not provide adequate protection for computer software products

• Information: All data of an organization
• Systems: The system includes any services provided for / from the organization (IT)
• Devices: server, desktop computers, portable laptops, tablets, smartphones, external devices e.g. printers
• Facilities: all physical location that an organization owns or rents
• Personnel: Working for an organization 
• Intellectual Property: Assets which are intangible (immateriel)
  • Brand names
  • Creative output
  • Secret recipes or product techniques

• An overall security compromise (security breach, security leck)
• Loss of productivity
• Reduction of profits
• Additional expenditures (Auslagen / Ausgaben)
• Discontinuation (Stilllegung / Unterbrechung) of the organization
• And more …

Military : 

• Top secret
• Secret
• Confidential
• Sensitive but unclassified
• unclassified

The unauthorized disclosure of top-secret data will have drastic effects and cause grave damage to national security. The unauthorized disclosure of data classified as secret will have significant effects and cause critical damage to national security. The unauthorized disclosure of data classified as confidential will have noticeable effects and cause serious damage to national security. Sensitive but unclassified is used for data that is for internal use. 

Business: 

• Confidental / Private
• Sensitive
• Public

Secure Shell replaces unsecure remote configuration operations as e.g.: telnet, ftp, rlogin, rsh, rcp and rexec. Old commands and protocols transmit the content in plain text rather than encrypted format.

Advantages: encrypts data, offers different authentication methods e.g. password authentication, Pubkey Authentication