How does a DNS zone transfer attack work and why can it be harmfull
A DNS Zone transfer is a process where one DNS server copys parts of its databse to another DNS. This helps to have more than one server which can answer questions about a zone. The slaves ask for a copy by the master.
A DNS Zone transfer attack, is that you pretend to be a slave an get a copy of the DNS zone records.
Risk: The zone records, show a lot of internal topology information about the network, if someone wants to subvert (untergraben) the DNS with spoofing (falsche Identität verwenden) and poisoning, this is very helpful.
What is Red Team in the context of Cybersecurity
Offensive Cybersecurity, focus on penetration testing, assume the role of a hacker, show organizations what could be backdoors or exploits, common practice is that they are outside of the organization.
What is Blue Team in the context of Cybersecurity
Defensive Cybersecurity, Assessment (Bewertung) of network security, identification of possible vulnerabilities, find ways to defend, change and re-group defence mechanisms to make incidents responses much stronger. They are continuously improving the digital security infrastructure using security audits, log and memory analysis, pcap, risk intelligence data
Whats the idea behind risk management?
Reduce risk and support the mission of the organization.
Process:
Whats part of a risk analysis?
Whats Risk mitigation?
reducing risk, implementation of safeguards and countermeasures to eliminate vulnerabilities
Whats Risk assignment
moving risk to another entity or organization
Whats Risk acceptance
risk tolerance, cost/benefit analysis shows that countermeasure costs too much
Whats Risk Deterrence
Deterrence: Abschreckung
security cameras, security guards, instructional signage
Whats Risk avoidance
selecting alternate options or activities that have less associated risk than the default e.g.: removing the FTP protocol from a server to avoid FTP attacks.
Whats Risk Rejection
to reject risk or ignore risk.
Whats Residual risk
What is the Patriot act
What is the European Union General Data Protection Regulation
What does STRIDE stand for
STRIDE is a model of threats
Spoofing: attack with the goal to gain access and target the system with a falsified identity
Tampering: unauthorized change or manipulation of data whether in transit or storage, to falsify communication or alter static information
Repudiation: The ability of an attacker to deny having performed an action or activity
Information disclosure: the revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.
Denial of Service (DoS): prevents use of a resource, could reduce throughput or introduce latency in order to hamper productive use of a service
Elevation of privilege: transform a limited use account into an account with greater privileges, powers and access.
What is a Threat and what does it involve?
Any potential danger to an asset done intentional or accidental
Threat actor: intentionally exploits vulnerabilities, Script kiddies, Organized crime groups, state sponsor and governments, Hacktivists, Terrorist groups,
Threat intelligence: knowledge about an existing or emerging threat to assets including networks and systems.
Threat event: accidental and intentional exploits of vulnerabilities.
What different ways of data removing/erasing are possible
Erasing: only link to the data is removed, actual data remains on the drive
Clearing: Clearing or Overwriting is a process to preparing media for reuse and make sure that deleted data can not be recovered using traditional tools,
Purging: more intense from of clearing used in less secure environments
Degaussing: erasing data with a strong magnetic field from, does not affect CDs, DVDs and SSDs
Destruction: Destroy it in a way that it cannot be repaired.
How does the CIA triad look like?
a triad of
Confidentiality
Integrity Availability
Describe Integrty in the context of the CIA triad
Protecting the reliability and correctness of data
Data integrity implies information is known to be good, and the information can be trusted as being complete, consistent and accurate
System integrity implies that a system will work as it is intended to.
Examples: intrusion detection systems, hash verification
Describe availability in the context of the CIA triad
Authorized subjects are granted unlimited and uninterrupted access to objects.
Examples: Redundancy, maintain reliable backups, prevent data loss or destruction
Describe Confidentiality in the context of the CIA triad
Prevent or minimize unauthorized access to data. Allow authorized users access to the data and prevent it for everyone else.
Examples: encryption, access control
Describe Nonrepudiation & accountability
Nonrepudiation: records all actions, so that who caused the event cannot deny it was done by him/her
Accountability: Being responsible or obligated for actions and results
Examples: Nonrepudiation can be established using digital certificates, session identifiers, transaction logs.
Describe Copyright and how its used
Describe Trademarks and how they are used
Describe Trade Secrets and how they are used
Whats a Patent and is it usable for software
What are assets of an organization
What could happen if an asset is lossed or disclouserd
waht are the military and business data classifications
Military :
The unauthorized disclosure of top-secret data will have drastic effects and cause grave damage to national security. The unauthorized disclosure of data classified as secret will have significant effects and cause critical damage to national security. The unauthorized disclosure of data classified as confidential will have noticeable effects and cause serious damage to national security. Sensitive but unclassified is used for data that is for internal use.
Business:
What is SSH, why is it used and what are the advantages compared to older technologies as e.g. ftp, telnet, rlogin ...
Secure Shell replaces unsecure remote configuration operations as e.g.: telnet, ftp, rlogin, rsh, rcp and rexec. Old commands and protocols transmit the content in plain text rather than encrypted format.
Advantages: encrypts data, offers different authentication methods e.g. password authentication, Pubkey Authentication