Unit1 - Subjective Questions

The CIA Triad is a foundational model in information security designed to guide policies for information security within an organization. It stands for:

1. Confidentiality: Ensuring that information is not disclosed to unauthorized individuals, entities, or processes.

   • Example: Encrypting sensitive data like credit card numbers so that interceptors cannot read it.

2. Integrity: Maintaining the accuracy and completeness of data. It ensures data has not been altered in an unauthorized manner.

   • Example: Using hashing algorithms (like SHA-256) to verify that a downloaded file has not been corrupted or modified by a hacker.

3. Availability: Ensuring that information and resources are accessible to authorized users when needed.

   • Example: Implementing redundant servers and Denial of Service (DoS) protection to ensure a banking website remains online during high traffic.

Authentication (Who are you?):

• The process of verifying the identity of a user, device, or system.
• Example: Entering a username and password, or using biometric scanning.

Authorization (What can you do?):

• The process of determining what actions, privileges, or resources an authenticated user is allowed to access.
• Example: A standard employee is authorized to read a document, but only a manager is authorized to edit it.

Accounting (What did you do?):

• The process of tracking and recording user activities and resource usage.
• Example: Logging system events to see who accessed a specific file and at what time for audit purposes.

Security controls are categorized based on how they are implemented:

1. Technical (Logical) Controls:

   • Implemented using software or hardware components.
   • Examples: Firewalls, Encryption, Intrusion Detection Systems (IDS), Antivirus software.

2. Administrative (Managerial) Controls:

   • Policies, procedures, and guidelines defined by management to manage security.
   • Examples: Security awareness training, Acceptable Use Policy (AUP), Incident response plans, Background checks.

3. Physical Controls:

   • Measures taken to protect the physical environment and hardware.
   • Examples: Security guards, biometric door locks, CCTV cameras, fencing, and fire suppression systems.

Social Engineering is the art of manipulating people so they give up confidential information or perform actions that compromise security. It exploits human psychology rather than technical vulnerabilities.

• Phishing: A method where attackers send fraudulent emails or messages purporting to be from a reputable source (e.g., a bank) to induce individuals to reveal personal information like passwords or credit card numbers.
• Vishing (Voice Phishing): The use of telephony (voice calls) to conduct phishing attacks. Attackers often fake Caller IDs to appear as legitimate organizations.
• Pretexting: Creating a fabricated scenario (the pretext) to gain a victim's trust and steal information. For example, an attacker posing as an IT support technician claiming they need your password to 'fix a bug'.

Attack Surface refers to the sum of all different points (vectors) where an unauthorized user (the attacker) can try to enter data to or extract data from an environment.

Network Attack Surface:

• Includes vulnerabilities related to ports, protocols, channels, and network devices.
• Mitigation: Closing unused ports, using firewalls, and patching network firmware.

Human Attack Surface:

• Includes vulnerabilities related to employees, contractors, and users who can be manipulated.
• Mitigation: Security training, anti-phishing simulations, and strict access policies.

Hashing is the process of converting an input of any length into a fixed-size string of text, using a mathematical function. It is a one-way function.

Key Differences from Encryption:

1. Reversibility: Encryption is two-way (can be decrypted with a key). Hashing is one-way (cannot get the original data back from the hash).
2. Purpose: Encryption is used for Confidentiality (hiding data). Hashing is used for Integrity (verifying data hasn't changed).
3. Output Size: Encrypted output size correlates to input size. Hash output size is fixed (e.g., SHA-256 always produces 256 bits), regardless of input size.

1. Script Kiddies: Unskilled attackers who use existing tools/scripts found online. Motivation: Attention, thrill, or simple vandalism.
2. Hacktivists: Attackers motivated by social, political, or religious beliefs. They target organizations to promote a cause. Motivation: Ideology.
3. Cybercriminals: Organized groups driven by financial gain. They use ransomware, theft, and fraud. Motivation: Money.
4. Insiders: Employees or contractors with authorized access who misuse it. Motivation: Revenge, financial gain, or negligence.
5. State-Sponsored Actors (APT): Highly skilled groups funded by governments to conduct espionage or cyber warfare. Motivation: National interest, military advantage, economic espionage.

Public Key Infrastructure (PKI) is a framework of policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.

Role of Certificate Authority (CA):

• The CA is the core of PKI. It is a trusted third-party entity.
• Issuance: It validates the identity of a user or entity and issues a Digital Certificate.
• Trust: Browsers and systems trust the CA, and by extension, trust the certificates the CA signs.
• Revocation: The CA publishes Certificate Revocation Lists (CRLs) for certificates that are no longer trustworthy before their expiration.

A Digital Signature ensures that a message comes from a specific sender and hasn't been altered.

Creation (Signing by Sender):

1. The sender takes the message and applies a Hash Function to create a message digest.
2. The sender encrypts this hash digest using their Private Key.
3. This encrypted hash is the Digital Signature, which is attached to the original message.

Verification (by Receiver):

1. The receiver separates the message and the signature.
2. The receiver decrypts the signature using the sender's Public Key to reveal the received hash.
3. The receiver hashes the original message content themselves to calculate a new hash.
4. Comparison: If the calculated hash matches the decrypted hash, the signature is valid. This proves Integrity (message wasn't changed) and Non-repudiation (only the holder of the private key could have signed it).

Defense in Depth (also known as Layered Security) is a strategy that leverages multiple security measures to protect an organization's assets. The idea is that if one line of defense is compromised, additional layers exist as a backup to ensure that threats are stopped or slowed down.

Layers typically include:

• Physical Security: Fences, guards.
• Perimeter: Firewalls, DMZ.
• Network: IDS/IPS, segmentation.
• Endpoint: Antivirus, patching.
• Application: Input validation, secure coding.
• Data: Encryption, masking.

Importance: No single security control is perfect. Layering controls eliminates single points of failure.

RSA is an asymmetric algorithm based on the difficulty of factoring the product of two large prime numbers.

1. Select Primes: Choose two distinct large prime numbers, and .
2. Calculate Modulus: Compute . The value is used as the modulus for both public and private keys.
3. Calculate Totient: Compute Euler's totient function, .
4. Public Exponent: Choose an integer such that and (meaning and are coprime).
5. Private Exponent: Determine such that . This means .

• Public Key:
• Private Key:

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The goal is to hide the existence of the communication.

Difference from Cryptography:

• Cryptography obscures the meaning of the message (scrambling it so it looks like nonsense), but an observer knows a message is being sent.
• Steganography hides the existence of the message. The carrier file (e.g., a picture of a cat) looks normal to the casual observer, but contains hidden data bits.

Salting involves adding a unique, random string of characters (the salt) to a password before hashing it.

Significance:

1. Defeats Rainbow Table Attacks: Rainbow tables are pre-computed lists of hash values for common passwords. Since the salt makes every password unique (even if two users have the same password "password123", their salts will differ), pre-computed tables become useless.
2. Prevents Collision Attacks: It ensures that identical passwords result in different hash values in the database, preventing attackers from knowing which users share the same password.

A Digital Certificate is an electronic document used to prove the ownership of a public key. It functions like a digital passport.

X.509 Structure includes:

• Version: Version of X.509 (usually v3).
• Serial Number: Unique identifier assigned by the CA.
• Algorithm ID: The algorithm used to sign the certificate.
• Issuer: The name of the Certificate Authority (CA) that issued it.
• Validity: Start and End date/time.
• Subject: The entity (user or website) the certificate represents.
• Subject Public Key Info: The actual public key of the subject.
• Digital Signature: The CA's signature verifying the data.

Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeters.

Core Principle: "Never trust, always verify."

Key Characteristics:

• Strict Identity Verification: Access is granted based on identity, not network location.
• Least Privilege Access: Users get only the access they need.
• Micro-segmentation: Breaking the network into small zones to prevent lateral movement of attackers.
• Continuous Monitoring: Continually assessing the security posture of assets and user behavior.

Both are targeted forms of social engineering, but they differ in their specific targets:

Spear Phishing:

• A phishing attempt targeted at a specific individual or organization.
• Attackers research the victim (using social media, LinkedIn) to customize the message, making it appear legitimate.

Whaling:

• A specific sub-category of spear phishing that targets high-profile individuals ("Whales"), such as CEOs, CFOs, or senior executives.
• The goal is often to steal sensitive corporate data or initiate large fraudulent wire transfers (Business Email Compromise).

A Man-in-the-Middle (MitM) attack occurs when an attacker secretly intercepts and relays communications between two parties who believe they are communicating directly with each other.

Operation:

1. The attacker places themselves in the communication path (e.g., via a rogue Wi-Fi hotspot or ARP spoofing).
2. When Party A sends a message to Party B, the attacker intercepts it.
3. The attacker can Eavesdrop (read the data) or Alter the data before relaying it to Party B.
4. Party B responds, and the attacker again intercepts/modifies the response before sending it to Party A.
5. Neither party realizes the communication has been compromised.

A cryptographic hash function is an algorithm that maps data of arbitrary size to a bit string of fixed size (the hash).

Properties:

1. Pre-image Resistance (One-wayness): Given a hash value , it should be computationally infeasible to find any message such that .
2. Second Pre-image Resistance: Given an input , it should be infeasible to find a different input such that .
3. Collision Resistance: It should be infeasible to find any two different inputs and that hash to the same output, i.e., .

Key Distribution Problem:
In symmetric cryptography, both the sender and receiver need the same secret key to communicate. The challenge is: How do you send this key to the receiver securely? If you send it over the network, an attacker might intercept it. If the attacker has the key, the encryption is useless.

Solution via Asymmetric Cryptography:
Asymmetric cryptography uses a Key Pair (Public and Private).

1. The receiver shares their Public Key openly.
2. The sender uses this Public Key to encrypt the symmetric key (often called a session key).
3. Only the receiver's Private Key can decrypt this package.
4. Once decrypted, both parties possess the shared symmetric key without it ever having been transmitted in plaintext.