CCST Cybersecurity

MODULE 1
1. Essential Security Principles
Security principles are foundational concepts and guidelines that inform
the design, implementation, and management of secure systems. These
principles ensure systems are resilient against vulnerabilities and threats
while maintaining functionality and usability.
Key Principles:
• Least Privilege: Granting users or systems only the permissions
necessary to perform their tasks.
• Separation of Duties: Dividing responsibilities to reduce the risk of
unauthorized access or fraud.
• Defense-in-Depth: Employing multiple layers of security measures to
protect systems and data.
• Fail-Safe Defaults: Denying access by default unless explicitly
permitted.
• Keep It Simple (KISS): Avoiding unnecessary complexity to minimize
potential vulnerabilities.
• Security Through Obscurity (Debatable): Using secrecy as an
additional layer of defense, though not as the sole reliance.
• Zero Trust Model: Assuming no user or system is trustworthy by
default and verifying every access request.
Vulnerabilities, threats,
exploits, and risks
Vulnerabilities
A vulnerability is a weakness or flaw in a system, application, process, or
configuration that can be exploited to compromise security. These
weaknesses create opportunities for threats to exploit.
Examples:
✓ Unpatched Software: A web server running outdated software with
known security flaws.
✓ Weak Passwords: Using simple passwords like "123456" or "password”.
✓ Misconfigured Permissions: Allowing public access to sensitive files in a
cloud storage bucket.
✓ Code Injection Point: A poorly validated web application allowing SQL
injection attacks.
Treats
A threat is a potential event, entity, or action that could exploit a
vulnerability and harm an organization, system, or individual. Threats may
be intentional (like a hacker) or unintentional (like a natural disaster).
Examples:
✓ Malicious Software (Malware): Viruses, worms, ransomware, and
spyware.
✓ Phishing Attacks: Fraudulent emails designed to steal sensitive
information.
✓ Insider Threats: Employees misusing their access for personal or financial
gain.
✓ Natural Disasters: Floods, fires, or earthquakes that disrupt operations.
Exploit
An exploit is a specific technique, tool, or piece of code used by
attackers to leverage vulnerabilities and carry out a successful attack.
Exploits are the "how" of attacks.
Examples:
✓Buffer Overflow Attack: Exploiting a vulnerability in an application
to execute arbitrary code.
✓SQL Injection: Using malicious SQL queries to manipulate or steal
data from a database.
✓Exploit Kits: Pre-packaged tools that automate the exploitation of
known vulnerabilities (e.g., Metasploit).
Risk
A risk is the potential impact or damage that can result when a threat
successfully exploits a vulnerability. Risks quantify the severity and
likelihood of harm.
Formula:
Risk = Threat × Vulnerability × Impact
Examples:
✓ Data Breach Risk: A company failing to secure customer data, leading to
identity theft if attacked.
✓ Downtime Risk: An organization with weak disaster recovery plans facing
prolonged downtime after a ransomware attack.
✓ Financial Loss Risk: Loss of revenue due to a distributed denial-of-service
(DDoS) attack on an e-commerce website.
Attack Vector
An attack vector is the method or path an attacker uses to exploit a
vulnerability in a system or network. It's essentially the "entry point" for a
cyberattack. Attack vectors can be diverse, targeting various components of
a system, including:
▪ Software vulnerabilities: Exploiting bugs or flaws in software, such as
operating systems, applications, or web servers.
▪ Hardware vulnerabilities: Targeting weaknesses in physical devices like
routers, switches, or IoT devices.
▪ Network vulnerabilities: Exploiting weaknesses in network protocols,
configurations, or devices.
▪ Human vulnerabilities: Targeting human behavior, such as social
engineering, phishing, or insider threats.
Hardening
Hardening is the process of securing a system or network by reducing its attack
surface and making it more resistant to attacks. It involves implementing various
security measures to minimize vulnerabilities and strengthen defenses.
Key aspects of hardening include:
o Configuration management: Ensuring proper configuration of systems and
devices, including disabling unnecessary services, applying security patches,
and enforcing strong passwords.
o Access control: Implementing strict access controls, such as user
authentication, authorization, and least privilege principles.
o Vulnerability management: Regularly scanning for and patching vulnerabilities,
as well as conducting penetration testing to identify weaknesses.
o Intrusion detection and prevention: Deploying intrusion detection and
prevention systems (IDPS) to monitor network traffic and block malicious
activities.
Defense in Depth
Defense in depth is a cybersecurity strategy that employs multiple layers of
security controls to protect valuable assets. It's based on the principle that
if one layer of defense is breached, others will remain intact, providing
multiple lines of defense. Key elements of defense in depth
▪ Layered security: Implementing multiple security controls at different
levels, such as firewalls, antivirus software, intrusion detection systems,
and access controls.
▪ Redundancy: Providing backup and redundancy for critical systems and
data to ensure business continuity in case of an attack.
▪ Segmentation: Isolating sensitive systems and data from the rest of the
network to limit the impact of a breach.
▪ Incident response planning: Having a well-defined incident response
plan to quickly detect, contain, and recover from security incidents.
Defense in Depth
o Administrative controls
Policies and procedures to restrict unauthorized access, such as role-
based access control (RBAC) or employee training.
o Physical controls
Security measures that prevent physical access to IT systems, such as
security guards, keycards, and locked doors.
Confidentiality, Integrity, and
Availability
The CIA triad, consisting of Confidentiality, Integrity, and Availability, is a fundamental concept
in information security. It outlines three core principles for safeguarding data and ensuring its
reliability and accessibility.
Confidentiality:
This principle focuses on protecting data from unauthorized access or
disclosure. It ensures that only authorized individuals or systems can
view and use sensitive information. Measures like encryption, access
controls, and secure authentication mechanisms help maintain
confidentiality.
Integrity:
Integrity ensures that data remains accurate, complete, and unaltered
throughout its lifecycle. It prevents unauthorized modifications or
deletions that could compromise the data's reliability. Techniques
such as data validation, checksums, and version control help
maintain data integrity.
Availability:
Availability guarantees that authorized users can access and use data
or systems when needed. It ensures that services and systems remain
operational and accessible during disruptions or attacks. Measures
like redundancy, disaster recovery, and regular maintenance
contribute to system availability.
Thank You