From 306c72b00cd3da23b9a6fe4eee7c549c4023a9b3 Mon Sep 17 00:00:00 2001 From: Matt Date: Wed, 3 Jan 2024 17:29:12 +1000 Subject: [PATCH] update regulations, tools, cryptography, MFA sections --- Analysis Frameworks.md | 4 +-- Cryptography.md | 27 +++++++++----- Forensics tools.md | 0 Laws and Regulations.md | 66 +++++++++++++++++++++++----------- Multi-factor Authentication.md | 5 +-- Port numbers.md | 20 +++++------ Tools.md | 5 ++- 7 files changed, 84 insertions(+), 43 deletions(-) delete mode 100644 Forensics tools.md diff --git a/Analysis Frameworks.md b/Analysis Frameworks.md index 67bf061..0fc2116 100644 --- a/Analysis Frameworks.md +++ b/Analysis Frameworks.md @@ -12,11 +12,11 @@ Different ways of analyzing, categorizing, and theorizing about cyberattacks 7. Actions on Objectives ### MITRE ATT&CK framework -- Developed by [MITRE](Organizations.md#MITRE), a non-profit organization - - Also maintains CVE system and CWE (Common Weakness Enumeration) project - Adversarial Tactics, Techniques, and Common Knowledge - matrix of tactics and techniques, not an ordered set of steps - complementary to Lockheed's cyber kill chain +- Developed by [MITRE](Organizations.md#MITRE), a non-profit organization + - MITRE also maintains CVE system and CWE (Common Weakness Enumeration) project ### Diamond model of intrusion analysis diff --git a/Cryptography.md b/Cryptography.md index 7d7d0fe..0598a70 100644 --- a/Cryptography.md +++ b/Cryptography.md @@ -3,6 +3,7 @@ - [Symmetric](#Symmetric%20algorithms) - equal keys held by both parties, which allow both encrypting and decrypting the information - [Asymmetric](#Asymmetric%20algorithms) - keys are split, with a public key being able to encrypt, and a private key being able to decrypt, or vice versa +- [Unbreakable](#Unbreakable%20Encryption) - truly secure encryption, the holy grail for cryptography ## Symmetric algorithms @@ -18,14 +19,16 @@ Identical keys held by both parties, which allow both encrypting and decrypting ### RC4 - #symmetric-cryptography - Rivest Cipher 4 -- stream cypher, high speed +- **stream cypher** +- high speed - considered insecure ### PGP - #symmetric-cryptography - "Pretty Good Privacy" -- increases security of email communication +- software suite uses primarily for encrypting email communication - used to sign, encrypt, and decrypt texts, emails, files, directories and disk partition +- uses [RSA](#RSA) or [DSA](#DSA) algorithms ### AES - #symmetric-cryptography @@ -59,9 +62,10 @@ Also known as Public-key cryptography. Keys are split into pairs, with a public key being able to encrypt, and a private key being able to decrypt, or vice versa, using one-way mathematical functions Examples: -- Diffie–Hellman key exchange protocol -- DSS (Digital Signature Standard) -- Elliptic-curve cryptography +- [Diffie–Hellman](#Diffie–Hellman) key exchange protocol +- [DSS](#DSS) (Digital Signature Standard) +- [RSA](#RSA) +- [Elliptic-curve cryptography](#Elliptic-curve%20cryptography) - Elliptic Curve Digital Signature Algorithm (ECDSA) - Elliptic-curve Diffie–Hellman (ECDH) @@ -80,7 +84,7 @@ Examples: ### Elliptic-curve cryptography - Elliptic-curve cryptography (ECC) -- public-key cryptography based on the algebraic structure of elliptic curves +- public-key cryptography based on the algebraic structure of elliptic curves - smaller key size than other methods - considered [quantum-vulnerable](#Quantum%20safety) - Examples: @@ -95,14 +99,21 @@ Examples: - used in OpenSSL - considered [quantum-vulnerable](#Quantum%20safety) +## Unbreakable + +### One-time Pad +- the only known unbreakable encryption method +- masking messages with pre-known and shared string of random characters & digits, each only used one time ## Hashing #hashing #cryptography - non-reversible function - generates a unique hash based on content of information. - allows verification that data is intact and hasn't been modified -- hashing algorithms: - - SHA256 +### Hashing algorithms: +- SHA-1 +- SHA-2 +- MD5 ## Quantum safety - Algorithms which were originally secure prior may now be vulnerable to breaking with quantum computers diff --git a/Forensics tools.md b/Forensics tools.md deleted file mode 100644 index e69de29..0000000 diff --git a/Laws and Regulations.md b/Laws and Regulations.md index 15749a0..f3f4aa0 100644 --- a/Laws and Regulations.md +++ b/Laws and Regulations.md @@ -10,38 +10,64 @@ Various types of vendor-client agreements and contracts - BPA - Business Partnership Agreement - terms of a business relationship between partners -## PII and PHI -- Personally identifying information (PII) - any type of data that could specifically identify individuals +## Types of personal data +### PII +- Personally identifying information (PII) +- any type of data that could specifically identify individuals + +### PHI - Personal Health Information (PHI) -### PCI-DSS -#laws #regulations #payments #credit-cards -- Related to credit cards payments -- Payment Card Industry Data Security Standard (PCI-DSS) -- compliance requirements for organizations storing credit card information +### SPI +- Sensitive personal information +- information about a subject's opinions, beliefs, and nature -### GDPR -#laws #regulations #eu - - GDPR (General Data Protection Regulation) is a regulation that applies to companies that do business in the European Union +## Regulations & Laws -### GLBA -#laws #regulations #united-states -- Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999 -- Financial institutions need inform customers of what information is collected about them, how that information is used, where and with whom it’s shared, and how it’s protected - -### SOX -#laws #regulations -- Sarbanes–Oxley (SOX) -- a United States federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms ### COPPA #laws #regulations - Children's Online Privacy Protection Act (COPPA) +- Subject: **children's protection** - United States federal law that imposes certain requirements on operators of websites or online services directed to children under 13 years of age + +### FERPA +- Family Educational Rights and Privacy Act +- United States federal law, created in 1974 +- Subject: **educational records** +- governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments + ### FISMA #laws #regulations - Federal Information Security Management Act +- Subject: standards for government information - United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats + +### GDPR +#laws #regulations #eu + - GDPR (General Data Protection Regulation) is a regulation that applies to companies that do business in the European Union + - Subject: **EU Consumer rights** + +### GLBA +#laws #regulations #united-states +- Gramm–Leach–Bliley Act (GLBA +- also known as the Financial Services Modernization Act of 1999 +- Subject: **Financial institutions** +- *Financial institutions need inform customers of what information is collected about them, how that information is used, how it’s shared and to whom, and how it’s protected* + ### HIPPA #laws #regulations #medical - Health Insurance Portability and Accountability Act (HIPPA) -- United States federal law designed to provide privacy standards to protect patients' medical records and other health information \ No newline at end of file +- Subject: **health care information** +- United States federal law designed to provide privacy standards to protect patients' medical records and other health information + +### PCI-DSS +#laws #regulations #payments #credit-cards +- Payment Card Industry Data Security Standard (PCI-DSS) +- Subject: **credit cards payments data safety** +- compliance requirements for organizations storing credit card information + +### SOX +#laws #regulations +- Sarbanes–Oxley (SOX) +- subject: **corporate boards & accounting firms** +- a United States federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms \ No newline at end of file diff --git a/Multi-factor Authentication.md b/Multi-factor Authentication.md index b577c1b..6656472 100644 --- a/Multi-factor Authentication.md +++ b/Multi-factor Authentication.md @@ -20,11 +20,11 @@ Requiring multiple types of authentication greatly increases security over tradi ### Biometric "something you are" -- iris scan +- iris scan - infrared, surface level. quicker than retinal scan & less prone to inaccuracy due to disease - fingerprints - voice scan - vein scan -- retina scan +- retina scan - gait analysis ### Location @@ -69,4 +69,5 @@ Requiring multiple types of authentication greatly increases security over tradi ### Actions "something you can do" - perform a puzzle or challenge (like CAPTCHA) +- match a signature diff --git a/Port numbers.md b/Port numbers.md index 112c5a4..5d9f595 100644 --- a/Port numbers.md +++ b/Port numbers.md @@ -29,8 +29,8 @@ Sources: ### 53 - Domain Name System (DNS) - Port: UDP 53 - Used to associate IP addresses with domain names + - Port: UDP 53 + - Used to associate IP addresses with domain names ### 67/68 - DHCP @@ -61,7 +61,7 @@ Sources: - Network Time Protocol - used for synchronizing device time -### 143 / 993 - IMAP +### 143 - IMAP - Internet Message Access Protocol (IMAP) - Port: TCP 143, 993 - E-mail protocol used by e-mail clients to communicate with e-mail servers. Provides two way communication unlike POP @@ -86,7 +86,7 @@ Sources: - Secure Sockets Layer virtual private network - Port: TCP 443 -### 445 -SMB +### 445 - SMB - Server Message Block / SAMBA - Port: TCP 445 - used by Windows computers to share files, printers, serial ports, and miscellaneous communications between nodes on a network @@ -102,7 +102,7 @@ Sources: - Port: UDP 514 ### 587 - SMTP -- SMTP (Secure Mail Transfer Protocolo) with TLS/SSL +- SMTP (Secure Mail Transfer Protocol) with TLS/SSL - Port: TCP 587 ### 636 - LDAPS @@ -139,11 +139,6 @@ Sources: - Port: TCP 1723 - obsolete & insecure method for implementing virtual private networks -### 3868 - Diameter -- Port: 3868 -- an upgrade to RADIUS, using EAP -- Provides AAA services - ### 1812 - RADIUS with EAP - Encrypted version of RADIUS - Port: TCP 1813 @@ -158,6 +153,11 @@ Sources: - Port: TCP/UDP 3389 - Microsoft developed, provides a user with a graphical interface to connect to another computer over a network +### 3868 - Diameter +- Port: 3868 +- an upgrade to RADIUS, using EAP +- Provides AAA services + ### 5004 - SRTP - Secure Real-time Transport Protocol - Port: UDP 5004 diff --git a/Tools.md b/Tools.md index 69fdb44..e8d4731 100644 --- a/Tools.md +++ b/Tools.md @@ -23,7 +23,7 @@ General networking tools - route - curl -Specific / 3rd party tools +### Specific / 3rd party tools - the harvester - Python tool for gathering emails, subdomains, employee names, network details from the public web - sn1per - automated network vulnerability scanner - scanless - creates an exploitation website for stealthier port scans @@ -36,16 +36,19 @@ Specific / 3rd party tools - PowerShell - Python - OpenSSL + ### Packet Capture tools - tcpdump - tcpreplay - Wireshark + ### Forensics tools - dd - disk imaging - FTK Imager - data preview and imaging tool - Memdump - dumps system memory to stdout - WinHex - hex editor and disk editor - Autopsy - digital forensics tool + ### Exploitation tools - Metasploit (MSF) - general collection of vulnerability exploits, used for pentesting - Browser Exploitation Framework - exploit tool using browser