Security + SY0 501

1 - RISK MANAGEMENT ()
1. 1) The CIA of Security (5)
  1. Confidentiality
    1. goal of Keep the data secret of anyone who doesn't have the need or right to access that data
  2. Integrity
    1. no modification
  3. Availability
    1. maintain the access of the data available to authorized users when they needed
  4. Audition/Accountability
    1. Keep track of things that go on. EX: who's been logging and what are they logging
  5. Non Repudiation
    1. a user can't deny that he performe a particular action
2. 2) Threat Actors - TA (2)
  1. Attributes (5)
    1. Intent
    2. OSINT (Open Source Intelligence)
      1. ex: Use of social media records to obtain information
    3. Resources
    4. Level of sophistication
    5. Internal/External
  2. Types of TA (5)
    1. Hacktivist
      1. Intent is a motivation
    2. Organized Crime
      1. Money is the goal
    3. Insiders
      1. Not always a employee. They have access to a system (user name and password)
    4. Nation States/Advanced Persistent Threat (APT)
      1. Entire country with tremendous resources and sophisticated tools to gather intellgence
      2. APT - They get into a system and stay there (persistent). The goal is get a naval intelligence or a state department intelligence for example
    5. Script Kiddies
      1. Trivial attack knowledge
      2. easy to block or firewalling
  3. People and/or organization that actualy do the type of attacks
3. 3 - Risk (2)
  1. Managing Risk (4)
    1. 2) Risk Response
      1. Mitigation
        apply security controls to reduce the likelihood of a bad thing will happen
      2. Avoidance
        do nothing
      3. Transference
        Offload the risk
      4. Acceptance
    2. 1) Risk Assessment/Identification
      1. Guides for RA/I (4)
        Secure Configuration Guides
        Recomendations by the Vendor
        General Purpose Guides
        (general) list of security controls
        Network Infra Devices
        Guides for routers, switches, wlans...
        Benchmark
      2. RA/I = Vulnerability Assessment + Threat Assessment
      3. Steps
        I) catalog and define the assets
        II) List of potential vulnerabilities using a tool.
        VULNERABILITY SCAN - use a toolkit to list (new) vulnerabilities
        PEN TEST - Exploits know/found vulnerabilities
        III) threat assessments
    3. 3) Frameworks
      1. a methodology/workflow that helps a security pro deal with risk management
      2. a) Regulatory
      3. c) national standards
      4. b) non-regulatory
      5. d) international standards
      6. e) industry sspeciic frameworks
      7. Most famous frameworks: NIST SP800-37 and ISO 27000
      8. NIST SP800-37 6 steps
        I) Categorize
        Huge list of assets, workflows and process
        II) Select (SC'S)
        IV) Assess (avaliar)
        verify if everything works
        III) Implement (SC'S)
        V) Authorize
        pull everything online
        VI) Monitor
    4. 4) Security Controls
      1. The SC came ( are defined) from policies and organization standards
      2. it's an action that we apply to our IT infrastructure to do ONE of the two things
        1) Protect IT infra: APLLY, MONITORING and ADJUST the SC on the needs of the infra
        2) Remediate Problems
      3. Categories of SC
        c) Technical Control
        Controls actions of IT SYSTEMS make towards IT security
        b) Phisical Control
        Controls actions of REAL WORLD ACTORS make towards IT security
        a) Administrative Control
        Controls action PEOPLE make towards (em relação) IT security
        Controls with: Policies, guidelines, best practices
      4. SC Functions
        c) Corrective
        used to correct a condition when there is either no control at all, or the existing control is ineffective
        temporary
        e) Compensative
        assists and mitigates the risk an existing control is unable to mitigate
        d) Detective (detectar)
        recognize an actor's threat
        b) Preventative
        Stops the actor from performing the threat. The actor DOES NOT KNOW that control exists
        a) Deterrent (Dificultar/Intimidar)
        keeps someone from performing a malicious act. The actor HAS THE KNOWLEDGE of this control
      5. Another SC's
        Mandatory Vacation
        Vacation in any different times of the year
        Multi-Person Control
        more than one people to accomplish a mission
        Least Privilege
        use only the necessary resources
        Separation of Duties
        Dual execution
        Job Rotation
  2. Is the likelihood of being target by a given attack
  3. Terms (5)
    1. Assets (ativos) (4)
      1. a) Places
      2. b) People
      3. c) Hardware
      4. d) Software
    2. Vulnerabilities
      1. weakness of an asset
    3. Threats
      1. negative event who exploits a vulnerability
      2. Structural Threat
        fail on an equipment or lost of power supply
      3. Accidental Threat
        Authorized people who doing something wrong accidentaly
      4. Adversarial Threat
        Hacker or a Malware (intentional)
      5. Enviroment
        fires, earthquake
    4. Likelihood (2)
      1. defines the level of certainty that something bad will happen
      2. Quantitative Risk
        porcentage
      3. Qualitative Risk
        risk low, medium, high
    5. Impact
      1. Harm caused by a threat
  4. THREATS + (applys) VULNERABILITIES = RISK
  5. FORMULA RISK = PROBABILITY X LOSS
4. 5 - Defense in Depth (2)
  1. Diversity VS Redundancy
    1. 1) Diversity
      1. ADM TECH PHIS
      2. Different types of controls in a same objective. EX: block facebook warning in policy and block the website in work hours
      3. Vendor Diversity
        Method of Defense in depth with technicals controls
    2. 2) Redundancy
      1. Add layers of the same type of control. EX: block malware with antimalware on a pc and on a firewall
5. 6 - IT Secure Governance
  1. 1) Sources (4)
    1. a) Laws and regulations
    2. b) Standards
      1. Government standards
      2. Industry Standards
    3. d) Common Sense
    4. c) Best Practices
  2. Influences how the organization conducts IT security
  3. 2) Documents (4)
    1. b) Organizational Standards
      1. Defines the acceptable level of performance for our policy
      2. Much more detailed than a policy
      3. EX: Policy: use a strong password. OS: 12 chars alphanumerics
    2. c) Procedures
      1. a step by step processes
    3. d) Guidelines
      1. Optional
    4. a) Policies (7)
      1. I) Acceptable Use Policy (AUP)
        document that identifies exactly what is appropriate and what is not appropriate activity on an organization’s network
        RULES OF BEHAVIOUR
        document of a new employer have to sign
      2. used as directives. EX: this will do this
      3. VI) Privacy Policy
        defines how your data, or data usage will be shared with other resources
        are often for customers. Ex: facebook and the use of our data
      4. V) Care and Use of the Equipment
        Maintenance of the equipment
      5. IV) Password Policy
        Password recovery, bad login, password retention, password reuse
      6. III) Access control Policies
        defines how to get acces to data or resourcers by the job you have
      7. II) Data Sensitive and Cassification Policies
        Classifications and labels
      8. VII) Personnel Policy
        People using OUR data
      9. Document that defines how we're going to be doing something. EX: policy that defines what employers can or can't do on the organization equipments
      10. Broad in nature
      11. Define roles and responsabilities
6. 7 - Business Impact Analisys (BIA)
  1. Privacy Threshold Assessment (PTA)
    1. is a process that a company uses to analyze how personal information is protected within an IT system. This process reviews how the information is collected, manipulated, transferred, or transmitted.
2 - CRYPTOGRAPHY (10)
1. 1 - Basics ()
  1. 2) Encryption/Decryption
    1. a) Cesar Cipher
      1. Substitution
        Cornestone of Caesar Cypher
    2. c) Exclusive OR (XOR)
      1. Phrase to binary
    3. b) Vigenere Cipher
      1. Caesar Cipher + Confusion
    4. Data encryption
      1. a) Data at Rest
        data encrypted stored on hard drive
      2. c) Data in process
        data in RAM or CPU
      3. b) Data in transit
        Ex: IP call or a text message
  2. 1) Obfuscation
    1. Diffusion
      1. make less visible, less obvious
    2. Confusion
      1. make stirred up (agitado)
2. Study of taking data and make it hidden in some way so that other people can't see it
3. Provides CONFIDENTIALITY and INTEGRITY
4. 2 - Cryptography Methods
  1. 1) Simetric Encryption
    1. Primary way we encrypt data
    2. Session Key
      1. Key used in a moment of the exchange
      2. Forms of exchange
        OUT-BAND - Send the key outside the network
        IN-BAND - Send the key with the encrypted data. VERY RISKY
      3. Ephemeral Key - temporary key
        Perfect Forward Secrecy (PFS)
        Method of exchange key in every single session
  2. 2) Asymmetric Encryption
    1. Key pair
      1. Public Key
        Only ENCRYPT
      2. Private Key
        Only DECRYPT
    2. Used to send a secure session key
  3. Cryptosystems - Highly defined process tha programs do to define key properties, communications requirements for key exchange an actions taken through encryption and decryption
5. 4 - Asymmetric Algorithms
  1. b) Elliptic Curve Cryptography
    1. VERY SMALL KEYS but with the same robustness as RSA keys
  2. a) Rivest Shamir Edelman (RSA)
    1. PRIME NUMBERS
    2. Larger keys
  3. c) Diffie-Helman
    1. Used to EXCHANGE SYMMETRIC KEYS
    2. DH GROUPS - table used for negotiation the size of the key
    3. DH does not encrypt or authenticate
    4. EDH - Ephemeral DH - PFS
    5. ECDH - Elliptic Curve Diffie-Helman
  4. d) Pretty Good Privacy (PGP)
    1. originally used for E-MAIL encryption
    2. Public Key Private Key Random Key
    3. PGP Certificate - Web of Trust
    4. Payd Version (Symantec)
      1. Encrypt Mass Storages, Cloud Solutions and bitlocker
    5. OpenPGP - Free
      1. Encrypt e-mail, S/MIME, PKI support
    6. GNU Privacy Guard (GPG)
      1. Encrypt files and disk
      2. OpenPGP
6. 5) Hashing
  1. Provides Integrity
  2. Fixed Value of MESSAGE DIGGEST
  3. one way
  4. Hash Types
    1. a) Message Diggest 5 (MD5)
      1. Grandpa of Hashes
      2. 128bit hash
    2. c) Race Integrity Primitives Evaluation Message (RIPEMD)
      1. Open Standard
      2. NOT very common
      3. 128, 160, 256 and 320bit versions
    3. b) Secure Hash Algorithm (SHA)
      1. Developed by NIS
      2. SHA 1
        160bit hash
      3. SHA 2
        Separated by the lenght of the bit hash: SHA 256 or SHA 512
    4. d) Hash Based Message Authentication (HMAC)
      1. HMAC - MD5 HMAC - SHA1
      2. Integrity authenticity
      3. used in protocols as IPSEC and TLS
      4. HASH + SECRET KEY
  5. Collision - 2 different hashes with the same value
  6. Use of Hashes - PASSWORD CHECK and Encryption
7. 6 - Steganography
  1. Process of taking some data and hide in other data
  2. the message may or may not be encrypted
  3. commonly used with graphic images
8. 7 - Certificates and Trust
  1. 2) Types of Trust
    1. c) PKI
      1. I) Certification Authority (CA)
      2. II) Intermediate CA
    2. b) Web of Trust
    3. a) Unsign Certificate
    4. d) Mutual Authentication
  2. 1) Concepts
    1. a) Digital Signature
      1. Hash of a document using a private key of the sender
      2. Authentication - proves source of the message
      3. Non-Repudiation
      4. the message dosn't need to be encrypted
    2. b) Digital Certificate
      1. I) Sender Public key
      2. II) Sender Digital Signature
      3. III) Third Party Digital Signature
  3. 3) CRL and OCSP
    1. a) Certificate Revocation List (CRL)
    2. b) Online Certificate Status Protocol (OCSP)
  4. 5) Chain of Trust
  5. 4) Key escrow (garantia)
  6. 6) PKCS
    1. a) PKCS 7
    2. B) PKCS 12
9. 8 - Cryptography Attacks
  1. Password Attacks
    1. a) Brutte Force
    5. b) Dictionary Attack
    6. c) Rainbow Table
    7. Salt
10. Algorithm + key
  1. Algorithm - math operation who convert data from plaintext to cyphertext (vice versa)
11. Cryptoanalysis - break encrypted codes
12. 3 - Symmetric Cryptosystems
  1. Block Cipher
    1. Blocks with fixed size (generaly 64bits)
  2. 1) Algorithms with block cypher
    1. b) Triple Data Encryption Standard (3DES)
      1. 64bit block size
      2. 16 rounds
      3. 128BIT KEY
    2. a) Data Encryption Standard (DES)
      1. 64bit block size
      2. 56BIT KEY = 64bit - 8bit dropped
      3. Feistel Function
      4. 16 rounds
    3. d) Advanced Encryption Standard (AES) (Rijndael)
      1. 128 block size
      2. 128, 192 or 256 key size
      3. Winner of the american government contest
    4. c) Blowfish
      1. 64bit size
      2. 16 rounds
      3. 32 to 448 key size
    5. e) Twofish
      1. Finalista com o AES
  3. Streaming Ciphers
    1. Randomization
      1. One bit at a time
      2. Uses XOR to randomize
  4. 2) Algorithm with stream cypher
    1. Rivest Cipher 4 (RC4)
      1. 40 - 2048 key size
  5. 3) Symmetric Block Modes
    1. a) Eletronic CodeBook (ECB)
      1. uses Same key - generates same results
      2. not used anymore
    2. c) Cipher Feedback (CFB)
      1. I) Encrypt the I.V
      2. II) XOR the encrypted I.V with the plaintext
      3. III) The cyphertext replaces I.V in subsequent rounds
    3. b) Cipher Block Chaining (CBC)
      1. I) XOR I.V and Plaintext
      2. II) Encrypt the result generating the CYPHERTEXT
      3. III) The cyphertext replaces I.V in subsequent rounds
    4. d) Output Feedback
      1. Same as CFB
      2. The only difference is that the I.V never changes
    5. e) Counter (CTR)
      1. I) N+C is Encrypted
      2. NONCE + COUNTER (0, 1, 2, ..., N, N+1...)
      3. II) The result is XORed with the plaintext
      4. III) CYPHERTEXT 0 CYPHERTEXT 1 CYPHERTEXT N CYPHERTEXT N+1
      5. NONCE - is an arbitrary number that can be used just once in a cryptographic communication
4 - Tools of the Trade
1. 1) OS Utilities
  1. a) Ping
    1. No need to use the command -t in a linux system
    2. used to verify that a device can communicate with another on a network
    3. uses ICMP protocol
    4. DNS Tool
  2. b) Netstat (network statistics)
    1. netstat - n
      1. shows with who you communicate
    2. is a command who shows with whom you talking and who you listen
    3. show ports who you are comunicating
    4. netstat - a
      1. shows all active conections (open ports to see which are listening)
  3. c) tracert (Trace Route)
    1. is a function which traces the entire path (of routers) from one network to another.
  4. d) Arp (Adress Resolution Protocol)
    1. Resolves IP adress to MAC adress (associate a local IP address with the MAC address)
  5. e) ipconfig
    1. providest the IP Adress and the ethernet details
    2. the -all shows the MAC Adress
    3. Ifconfig does the same on linux
  6. g) netcat
    1. Open ports and put on listening mode. Used for aggressive actions. Used for PEN TEST and VULNERABILITY ASSESSMENT
    2. Become a BACKDOOR
  7. f) nslookup
    1. queries (consultas) to a DNS server, and quick change to another server. Shows our server and the adress
    2. DIG does the same on linux
2. 2) Network Scanners
  1. a) Nmap (network mapper)
    1. allows you to gather information from ALL of the different devices across the network
    2. Performs Port, OS and Service scan
  2. used to determine what services might be running on a remote device
3. 3) Protocol Analizers
  1. a) Wreshark
    1. I) Sniffer
      1. Tools that are actually grabbing all the data that's going in and out of a particular
    2. II) Broadcast Storm
      1. A state in which a message that has been broadcast across a network results in even more responses, and each response results in still more responses in a snowball effect
  2. Protocol analyzers are tools that have for two functions: 1 - Sniff and 2 - Analyze the network traffic coming in and out of a specific host computer
  3. b) TCP DUMP
    1. Runs only on LINUX
    2. Sniff better than Wireshark
4. 4) SNMP (Simple Network Management Protocol)
  1. 1 - Actors
    1. SNMP Manager
      1. Ports: UDP 162 and TLS 10162
      2. Network Management Station (NMS)
        Interface who did the queries to all managed devices
    2. Agent
      1. It's a MANAGED DEVICE
      2. Ports: UDP 161 and TLS 10161
      3. Management Information Base (MIB)
        Built in every managed device
        it's the way to talk properly to differents agents
  2. 4 - CACTI
  3. 3 - Versions
    1. V1 - without encryption
    2. V2 - Basic Encryption
    3. v3 - TLS
    4. this 3 versions talks to itself
  4. 2 - Commands
    1. Walk
      1. It's a batch of GETS
    2. GET
      1. NMS send some query to a managed device
    3. Trap
      1. TRAPS are initiated by the Agents
      2. It is a signal to the SNMP Manager by the Agent on the occurrence of an event
  5. 5 - Comunity
    1. Group of Managed Devices
5. 5) Logs
  1. 1 - Groups
    1. a) Non-Network Logs
      1. I) OS Events
        Host starting Host shutdown OS updates Reboot
      2. Events that take place on a host even if that host is unplugged from a network
      3. II) Application Events
        App Instalation App Starting
      4. III) Security Events
        Logons success and falures
      5. They probably have a DATE, TIME, Account and Event number
    2. b) Network Logs
      1. Is something that takes place on a host that has to deal with the communication between that host and something on the network
      2. I) OS level
        Remote Logons (succes or fail)
      3. II) App level
        Activity on Web Server
        Activity on Firewall
  2. 2 - Forms
    1. 2 - Decentralized Logging
      1. Logs in every computer of a network
    2. 1 - Centralized Logging
      1. uses a central repository
      2. SNMP Systems
  3. 3 - Monitoring as a Service (MaaS)
    1. Service offered by third parties to monitor all logs of an organization
5 - Securing Individual Systems
1. 1) Denial of Service (DoS)
  1. a) Volumetric Attack
    1. I) Ping Flood
    2. II) UDP Flood
    3. Easy to stop today
  2. b) Protocol Attack
    1. I) SYN Flood/TCP SYN Attack
    2. Do naught things to the protocol to create confusion
    3. The most common type of DoS Attack
    4. Still a huge problem today
  3. c) Application Attack
    1. I) Slow Loris attack
      1. Loris é um animal devagar
    2. II) Amplification Attack
      1. Smurf Attack
        The attacker broadcasts ICMP packets attached with the false IP address (spoofing) of the victim. The others computers respond this request and flood the server.
  4. DDoS - uses BotNet, and are the nightmare of attacks
2. 2) Host Threats
  1. a) SPAM
    1. Can't cause danger
    2. Often came from a legitm source
  2. b) Phishing/ Spear Phishing
    1. For the exam, came only from EMAIL
    2. Phishing - broadcast E-MAIL that trying to take some personal information of the victm/victms.
    3. Spear Phishing - individual target, craft a fake email tailored for that person
  3. c) SpIM
    1. receive spam via INSTANT MESSAGING
  4. d) Vishing
    1. V from VOICE - Phone
  5. e) ClickJacking
    1. Click in something and goes to another site
  6. f) Typpo Squading
    1. use of similar web sites like gogle.com, waiting for someone type a wrong address and goes to a similar but naughty site
  7. g) Domain Hijacking
    1. when somebody hijack your domain and ask for money to give it back
  8. h) Privilege Scalation
    1. Get higher privilege to do naughty things on the system
3. 3) Man-in-the-Middle
  1. a) Wired MitM
  2. Intercepts the communication and passes it to another destination
  3. ARP Poisoning
  4. Ettercap - ferramenta de segurança de rede gratuita e de código aberto para ataques man-in-the-middle na LAN
  5. b) Replay Atttack
  6. c) Seesion Hijacking
7 - Secure Protocols
8 - Testing Your Infrastructure
9 - Dealing with Incidents
3 - Identity and Access Management ()
1. 1) Identification, Authorization, Authentication (3)
  1. 1 - Identification
    1. FIRST STEP in the process and involves the user show his/her credential to the system
    2. EX: type a username in a logio screen
  2. 2 - Authentication
    1. Authentication factors
      1. b) Something you have
        Token
        Smart Card
        RSA Key
      2. a) Something you know
        Password
        Pin Code
        Captcha
        Security Questions
      3. c) Something you are/about you (physically)
        Biometric
        Iris Scanner
        Facial Recognition
      4. e) Something you do
        The rhythym of a person typing a password
      5. d) Somewhere you are
        uses geography
      6. Multifactor Authentication
        Password + Biometric
    2. Federation
  3. 3 - Authorization
    1. What rights do I have to the system, ONCE AUTHENTICATED
    2. Concepts
      1. Permissions
        Administrator has to assign (atribuir) permissions
        EX: permission to write an archive
        We apply to resources
      2. Rights/Privileges
        assign to a systems
        EX: right to be able to change password, or right to log remotely
        Strategies
        Least privilege
        Separation of duties
2. 2) Access Control List
  1. Authorization Models (5)
    1. 1) Mandatory Access Control (MAC)
      1. the OPERATING SYSTEM provides limits of access
      2. Every object gets a label
        Rules of access defined by the admin
        Users CAN'T change this settings
      3. Strong Method
    2. 2) Discretionary Access Control (MAC)
      1. a) used in most operating systems
      2. b) the creator of the archive is the OWNER and can modify access at any time
      3. c) The owner define the permissions for the other users
      4. d) Flexible and weak
      5. Access properties are stored in ACL's
    3. 3) ROLE Based Access Control (RBAC)
      1. Windows uses GROUPS
      2. broader form of control that’s based on your particular role in the organization
        Ex: Manager, Director, Operator
      3. the administrator determines what type of access a user has
    4. 4) RULE Based Access Control
      1. Access is based in a set of rules defined by a system administrator
      2. Access properties are stored in ACL's
    5. 5) Attribute Based Access Control (ABAC)
      1. Complex relationships - access based on many different criteria
      2. Combine parameters like IP, time of the day, desired action
    6. Implicity Deny - prevents access unless specifically permited
3. 3) Password Security ()
  1. Security Policy (3)
    1. 1) Complexity
      1. Length and characters requirements
    2. 2) Age or Expiration
      1. Reset and time triggers
      2. Minimum password age
        force users to use a password for a minimum amount of time before they are allowed to change it. EX: 2 days
      3. Maximum password age
        used to EXPIRE a password after a certain time period.: EX: 180 days
    3. 3) Password History
      1. Reusage and Retention
      2. simply records a previous number of passwords, so that they cannot be reused in the system
    4. 4) Group policy objects
      1. Active Directory is an example
        Applied to Domains, Groups, Individual sites, Organization Units
4. 4) Linux File Permissions
  1. rwxrwxrwx
    1. 3 primeiros OWNER/CREATOR
    2. 3 do meio GROUP
    3. 3 finais EVERYBODY ELSE
    4. r - read
      1. w - write
        edit, add or delete a file
      2. x - execute
        run a file and CD to a different directory
        go to another directory only if you have the X permission
      3. Open a file and view contents
  2. CHMODE
    1. command that allow to change permissions
    2. r=4; w=2; x=1
      1. EX: r-x = 5; -w- = 2; rwx= 7
    3. Need a SUDO command before
  3. CHOWN
    1. command that allow to change the OWNER of a particular file
    2. Need a SUDO command before
  4. PASSWD
    1. command that allow to change the user password
5. 5) Windows File Permissions
  1. NTFS permissions
    1. Accepts set individual permissions
    2. Create users and put them into groups with NTFS permissions
    3. INHERITANCE
    4. 1a) Commands to a folder
      1. 4) List folder contents
        Just see the contents of folder, subfolders and archives, but NOT have the access to read them
      2. 1) Modify
        R, W and delete subfolders and files
      3. 2) Read/Excecute
        See contents and run programs
      4. 3) Write
        write to files and creates new files and folders
      5. 5) read
        view contents and open data files
    5. 1b) Commands to a file
      1. 1) Modify
        R,W and delete the file
      2. 2) Read/Excecute
        Open and run the file
      3. 3) Write
        Open and write to the file
      4. 4) read
        Open the files
      5. DENY CHECKBOX IS STRONGER THAN ALLOW. DENY turn off inheritance
    6. 2) copy and move permissions
      1. Copy to different drives Copy to the same drive and Move to different drives
        Do the copy and not keep the NTFS permissions
      2. Move to the same drive
        The only situation that copy and keeps the NTFS permissions
6. 6) User Account Management
  1. 1) Continuous Access Monitoring
    1. Track LOG IN/LOG OFF activity
    2. Track file access
  2. 2) Shared Accounts
    1. Don't do Shared Accounts!
  3. 4) Default Accounts
  4. 3) Multiple Accounts
    1. Use different names and passwords
7. 7) AAA
  1. Identification
    1. Usualy your USERNAME (who you claim to be)
  2. Authentication
    1. Need to be Centralized
    2. proves you are who you say you are
    3. your PASSWORD and others authentication factors
  3. Authorization
    1. what access do you have? (after ID and Authentication)
  4. Audition
    1. Resources used: Login time, data sent and received, Logout time
  5. usernames/passwords
  6. Uses Multi-factor authentication
  7. Types of system who took care of AAA:
    1. b) Terminal Access Controler Assess-Control System Plus (TACACS+)
      1. Really good in manager a bunch of devices
      2. Decouples authorization from authentication taking care of both more carefully
        Takes care of authorization aspect really well
      3. TCP port 49
      4. Good in auditing
      5. Encrypts all the information betwenn user and client
      6. c) DIAMETER
        EAP
    2. a) Remote Authorization Dial-In User Service (RADIUS)
      1. As it says, support DIAL-IN network
      2. I) RADIUS SERVER
        The system that checks the authentication is the RADIUS server
      3. II) RADIUS CLIENT
        is the GATEWAY in the middle of whos trying to get authenticated and of who authenticates
      4. III) RADIUS SUPLICANT
        the person/system who's triyng to get authenticated
      5. Protocol who offers centralized management of AAA for users who connect and use the service
      6. Used for network access
      7. Can use up to 4 different ports: 1812 1813 (TCP/UDP)
      8. Mix the authorization and authentication services
        Not so good (sometimes do not do) authorization
        Good in authentication
      9. Good in Auditing
      10. Encrypt only the password between user and client
8. 8) Authentication Methods
  1. a) Password Authentication Protocol (PAP)
    1. Just pass to the server username and password IN THE CLEAR
    2. Is not used anymore
  2. b) Challenge-Handshake Authentication Protocol (CHAP)
    1. First to give some form of protection to the authentication process
    2. MS-CHAP is the Microsoft version of the protocol
      1. To encrypt all the traffic btween cient and server, MS-CHAP uses Microsoft Point-to-Point Encryption (MPPE)
    3. Steps
      1. I) After link is established, the Server sends a challenge message to the client
      2. II) The Client responds with a password hash
      3. III) Server compare send and stored hashes
      4. IV) after this process, the server continues sending challenges periodically. Users never know it happens
    4. MS-CHAPV2 uses new feature of authenticate user and client
  3. c) NT LAN MANAGER (NTLM)
    1. Same as CHAP but this time, Client and Server exchange Challenger Messages
    2. Double check (server and client sides)
  4. d) Kerberos
    1. Domain Controlers is known as Key Distribution Center (KDC) who has 2 main functions:
      1. a) Authentication Service
        listen on TCP/UDP 88 PORTS
        Distributes a TICKET GRANTING TICKET (TGT) who shows that the client is authenticated (but NOT authorized) to the system
      2. b) Ticket Granting Service
        listen on TCP/UDP 88 PORTS
        Gets the TGT and generates a SESSION KEY to the client with only the authorization that he needs
        A new session key is generated every time
    2. Authenticate once, trusted by the system (Multi-Authentication)
      1. No need to reauthenticate
      2. Protected aganist Man in the middle or replay attacks
  5. e) Securty Assertion Markup Language (SAML)
    1. used for web applications
    2. XML
  6. f) Lightweight Directory Access Protocol (LDAP)
    1. Uses TCP/UDP port 389
    2. SSL port 636
  7. g) Time-based One-Time Password (TOTP)
    1. Generates temporary password and change in a period of time
9. 9) Single Sign-On (SSO)
  1. Secure Assertion Mark-up Language (SAML)
    1. 1 - Concepts
      1. a) Identity Provider (IP)
        is a system entity that issues authentication assertions in conjunction with a single sign-on
      2. b) Service Provider
        All the different web apps
        EX: Cameras, Printers,
    2. For web apps
    3. Allow to login into a whole bunch of devices
    4. 2 - Steps
      1. I) The client sign on into the Identity Provider who gives an authentication TOKEN to the client
      2. III) And then all the service providers are available to the Client
      3. II) The Identity Provider connects with the Service(s) Provider(s) via VPN
  2. Federated Systems
  3. LAN uses Active Directory as Single Sign-On tool
  4. Remember the security you going to need:
    1. if you talking about LAN, you have to use ACTIVE DIRECTORY
    2. If you talk about widespread all over the place, you have to use SAML
  5. (Secure European System for Applications in a Multivendor Environment) SESAME
    1. is a European-developed authentication protocol that can provide for single sign-on capability
  6. Uses LDAP and Kerberos
6 - LAN
1. 6.1 - The Basic LAN
2. 6.2 -Beyond the Basic LAN

Next up

Security + SY0 501

Description

Resource summary

Similar

	Created by Sérgio Proba about 5 years ago