CIA Triad: Confidentiality, Integrity, Availability. Threat Modeling: System decomposition, security by design.
Kerchoff's principal: 1. Security should not depend on the system, only on the key. 2. The system should be usable. 3. Keys must be easy to change.
One Time Pad: A algorithm that XOR the message with an equal length of random generated key. Secure: 1. The key needs to be totally random. 2. The key needs to be as the same length as the message. 3. Every key can only be used for encrypting one message. (Don't reuse!) Why we don't use it: 1. Hard to compute totally random key. 2. Computationally expensive to generate a long random key. 3. Hard to distribute such long key.
Something I...: Know: first pet's name. Have: Phone. Am: Fingerprint. Do: Typing pattern.
Cryptographic hash: a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size and is a one-way function. 1. Pre-image Resistance: one way. 2. Second Pre-imaged Resistance: Given x it should be infeasible to find h(x’) = h(x). 3. Collision Resistance: It should be infeasible to find a pair x, x’ s.T. H(x) = h(x’). (Birthday problem makes it hard)
Password Attack: 1. Timing 2. Replay: entails interruption of the data packets and replaying the recorded series afterwards. (Hash then send)
chmod: rwx*3: user, group, world. ACL: access control list: a table that says who has what permissions.
Principle of least privilege: Only give the minimal amount of privileges. Strong access control. Hard to determine what permission to give in the first place. Too little, people keep asking for permission. Too much, it will be a security risk.
DAC vs MAC: DAC: user defined, user can delegate, their programs can pass rights. (Unix file system) MAC: system defined, subjects can't pass rights, subject's program can't pass rights.
Saltzer and Schroeder's Principle: 1. Economy of mechanisms: keep the design as simple and small as possible. 2. Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. 3. Open design: The design should not be secret. 4. Fail-safe defaults: Base access decisions on permission rather than exclusion. 5. Complete mediation: Every access to every object must be checked for authority.
Malware propagations: 1. Trojan Horses: carries a useful purpose with a hidden purposes. 2. Logic Bombs: insert code that fires under certain logic. 3. Viruses: spreading through computers, Bodily fluids – Sharing code over a network or bluetooth.
Malware payloads: 1. Ransomware: encrypts files, demand a fee to unlock. 2. Spyware: monitor users. 3. Zombies and Bots: DDoS attacks. 4. Rootkit: Malware installed in a privileged area.
SANS Social engineering cycle: 1. Information gathering: phone book, facebook, google. 2. Developing relationships: started out by asking harmless questions. 3. Exploitation: one last thing, can I get your password? 4. Execution: use them.
Buffer Overflow: Put more data into a buffer then it can hold. NOP slide: guess good enough to eventually reach the code.
Heap Overflow: Defenses – randomization and non-execution. Integer Overflow: Numbers are represented with bits.
Overflow Defenses: Memory Randomization, Canary: put something in the stack to detect changes. Confinement.
XSS: reflected: The attack script is reflected back to the user as part of a page from the victim site. Stored: The attacker stores the malicious code in a resource managed by the web application, such as a database. (Input Validation)
CSRF: an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. (Secret validation token: session ID) SQLI: in-band: data is extracted from the same channel that we inject the code. Blind: No returned data, but use of side-channel to make observations.