Security Series
Part 2
Weakness: A Quality or feature that prevents something from being secure. A weakness encourages Attackers to use the specific app which has weakness as Attack surface.
Vulnerability: A weakness in a system, application or network that is subject to exploitation or misuse.
Exploit: A program that allows attackers to automatically break into a system.
Attack: An attempt to gain unauthorized access.
Mitigation: Steps taken to eliminate or diminish a threat or risk.
Exposure: A period of time during which a vulnerability can possibly be exploited.
Security Framework
- Identify: Identify the risks or gaps in your environment and the people, process and tools you need.
- Protect: protect your environment. You need to tune and see areas to protect continuously,
- Detection: Detection is vital, check for alarms and alerts, the quicker you detect a potential exploit or a potential bad actor entering your network, the faster your response time is.
- Response: Response is critical, once you get an alarm, you need to respond to that immediately.
- Recover: Get your systems back online, review the lessons learned.
This is full life cycle Identify -> Protect -> Detection -> Response -> Recovery
Security Teams
Red Team: Technical and penetration testers. actively trying to attack the network in an ethical way to see if they can find any vulnerabilities or weakness.
Blue Team: protecting environment daily like SOC ( security operations center). These analysts are reading alarms and triaging. Always looks for false positives. They are trying to see what is a real attack and whats not.
Purple Team: When read and blue team come together and simulate an attack and work together to improve the entire security posture.
Zero Day Exploit: A repeatable implementation of an attack unknown to the community or O-Day exploit. Nobody ever heard of it before, so don't know how to defend against it. Attackers can use ZDE to gain access to the system as nobody ever heard of it or know how to defend it.
Back Door: A Means of accessing your computer that bypasses computer security mechanism. Often developers will put backdoor into apps or products as a troubleshooting mechanism. They think no one will ever know its there. But attackers will hunt and search for them. They find where the backdoor is and publicize it across internet. Never build backdoor to your product.
Access control: A means of restricting access to files, referenced functions, URLs and data based on the identity of users and or groups to which they belong.
Authentication: The verification of the claimed identity of an application user. Its starts in HR process where we verify identity through background checks.
*In Order to recognize and mitigate an attack, you must understand the methods of attack*
0 comments:
Post a Comment