Cyber-security

From CNM Wiki
Jump to: navigation, search

Cyber-security (also known as computer security, cyber security, and cybersecurity; hereinafter, the Security) is the practice and a set of concepts based on that practice that are designed to protect computers, data, and networks from potential attacks or unauthorized access.


Basic practices

Infrastructure security

  1. Up-to-date server software such as programming language support, cPanel, DBMS, OS, etc.
  2. Malware monitoring and removal such as detecting and preventing malware infections, malware scanning and removal.
  3. Firewalls and other security measures such as a firewall as it prevents unauthorized outside access to the server.
  4. Server/system/cluster backup

Certificate encryption

SSL certificates encrypt the data exchanged over the Internet.

Data backup

New software vetting

Software updates

File editing disabling

Authorization security

  1. Login strength
  2. Default login names
  3. Login page lock-down

Lexicon

  • Anomaly detection. AI and ML's ability to detect abnormal logins, movement within the network, or the export of files.
  • Application security (AppSec): An IT field where specialists focus on secure application design and are familiar with programming.
  • Authentication: A mechanism that confirms a user’s identity when they are requesting access to a resource in a system. This is generally handled by granting users an access token when they confirm their identity through a mechanism such as a password.
  • Bitcoin: A digital currency (cryptocurrency) that is not ruled by any governing body.
  • Blockchain: A large database of transactions, also known as a transaction ledger.
  • Content delivery network (CDN): A hosted, geographically-distributed server network that improves website file delivery and performance. It can also include security features such as DDoS protection.
  • Continuous threat management: Adaptive and predictive defense based on prevention technology to be ready for timely incident response.
  • Cross-site request forgery (CSRF): A malicious web exploit in which an attacking program forces a user’s browser to perform an unwanted action on a site where the user is currently authenticated.
  • Cross-site scripting (XSS): A type of injection attack that targets an application through client-side scripts, which will usually be JavaScript.
  • Cryptocurrency: An encrypted digital exchange whose encryption techniques are used as a method to ensure that secure transactions that are both regulated and verified take place.
  • Data exfiltration: An unauthorized transfer of data. It can be carried out manually or through a malicious automated program.
  • Decentralized Autonomous Organization (DAO): An organization that serves as a form of a venture capital fund. It runs through smart contracts and its transaction records are maintained in a blockchain.
  • Denial of Service Attack (DDoS): A type of attack that uses multiple compromised systems that are forced to visit a website or system and overload its bandwidth in order to cause an outage.
  • DevSecOps: The integration of security into the DevOps methodology.
  • Dynamic applications security testing (DAST): An analysis of an application's security that only monitors the runtime environment and the code that is executed in it. It simulates potential attacks and analyzes the results.
  • Encryption: A method of encoding data so that it is unreadable to parties without a method of decryption.
  • Exploit: A piece of code that takes advantage of a vulnerability in computer software or hardware in order to produce undesirable behavior.
  • Injection attack: A scenario where attackers relay malicious code through an application to another system for malicious manipulation of the application. These attacks can target an operating system via system calls, external programs via shell commands, or databases via query language (SQL) injection.
  • Interactive application security testing (IAST): A combination of SAST and DAST that is usually implemented in the form of an agent that monitors attacks and identifies vulnerabilities within the test runtime environment.
  • Malware: A software that is meant to cause harm to computers or programs.
  • Obfuscation layer: Designed to provide a high level of protection on the critical parts of code.
  • Open web application security project (OWASP): An online community of corporations, educational organizations, and individuals focused on providing web security tools, resources, events, and more for the wider development community.
  • Ransomware: A type of malware that restricts or blocks access to the victim's system until a ransom is paid, typically in cryptocurrencies such as Bitcoin.
  • Risk management: Prioritizing what's most important to secure based on the company or industry.
  • Runtime application self-protection (RASP): A feature that is built into an application in order to detect and halt attacks in real-time, automatically.
  • Reentrancy attacks: An attack where untrusted code reenters a contract and manipulates state.
  • Secure sockets layer (SSL): An encrypted link that serves as a means to keep information secure that is passed between the web server and private browsers.
  • Security by design: Security is integrated at the beginning of the SDLC.
  • Single sign-on (SSO): A user or session authentication process that allows a user to enter one set of credentials in order to access multiple applications that are connected by the SSO software.
  • SQL injection: A code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution.
  • Static application security testing (SAST): An analysis of an application's security that looks at an application's source code, bytecode, or binary code to determine if there are parts that could allow security exploits by attackers.
  • Threat vector: A path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.
  • Turing complete: A system theoretically capable of solving any computational problem if memory or runtime limitations are not taken into consideration.
  • Web application firewall (WAF): An appliance or application that monitors, filters, and blocks HTTP transmissions to a website based on customizable rules.
  • Zero day: A vulnerability that is currently unknown to the software maker or to antivirus vendors. It also refers to a piece of code that allows attackers to exploit a zero day vulnerability.

General tips

  • Password Process – The first feature that will go live is the new Password Process. Password protection is needed on devices to secure sensitive data. Within the next 48 hours, users will receive a detailed explanation providing information about what is required to make this transition as seamless as possible. The new process will go into production during the last week of September.
  • Data Loss Prevention – Security breaches due to transmission of sensitive data carry steep consequences. To prevent this, a new feature will be activated which searches emails and attachments related to Personally Identifiable Information (PII), Payment Card Industry (PCI) security, and Health Insurance Portability and Accountability Act (HIPPA or HIPAA) data and prevent transmission. As an example, the program will automatically block an email or attachment with numbers formatted in a 3-2-4 sequence (123-45-6789). A note will be sent back to the sender informing them that protected information was included in the email. If the data needs to be sent, the I.T. Department will provide the sender with an encryption tool so that an encrypted file can be attached to an email and safely transmitted.
  • Encryption of Desktops and Laptops – Data encryption is a function of Windows 10. The I.T. Department is currently in the process of upgrading machines to Windows 10 one at a time, complying with the recommendation.
  • Screen Saver – When a machine has been inactive for 15 minutes, it will move to a screen saver. A password will be required to re-enter the system.
  • Network and Server Infrastructure – Vaughn is now compliant with the audit recommendation pertaining to servers. Newer server software was needed but there were incompatibility problems with the older software utilized by some applications. The primary users of those software applications helped I.T. find a way to eliminate them so the servers could be upgraded.
  • Mobile Device Passwords – Any device that has a Vaughn email interface will be required to have a password in order to protect users, data, and the network.
  • The most important thing you can do to help with our network security is to refrain from opening emails from people you don't know and clicking on an attachment or a link.

Management

See also

Related lectures

Retrieved from "https://wiki.cnmcyber.com/w/index.php?title=Cyber-security&oldid=57026"