Security + SY0 501

Description

Mapa mental para estudo de certificação Security + SY0 501(inglês)
Dainius Nesvarbu
Mind Map by Dainius Nesvarbu, updated more than 1 year ago More Less
Sérgio Proba
Created by Sérgio Proba almost 6 years ago
Dainius Nesvarbu
Copied by Dainius Nesvarbu over 5 years ago
7
0

Resource summary

Security + SY0 501
  1. 1 - RISK MANAGEMENT ()
    1. 1) The CIA of Security (5)
      1. Confidentiality
        1. goal of Keep the data secret of anyone who doesn't have the need or right to access that data
        2. Integrity
          1. no modification
          2. Availability
            1. maintain the access of the data available to authorized users when they needed
            2. Audition/Accountability
              1. Keep track of things that go on. EX: who's been logging and what are they logging
              2. Non Repudiation
                1. a user can't deny that he performe a particular action
              3. 2) Threat Actors - TA (2)
                1. Attributes (5)
                  1. Intent
                    1. OSINT (Open Source Intelligence)
                      1. ex: Use of social media records to obtain information
                      2. Resources
                        1. Level of sophistication
                          1. Internal/External
                          2. Types of TA (5)
                            1. Hacktivist
                              1. Intent is a motivation
                              2. Organized Crime
                                1. Money is the goal
                                2. Insiders
                                  1. Not always a employee. They have access to a system (user name and password)
                                  2. Nation States/Advanced Persistent Threat (APT)
                                    1. Entire country with tremendous resources and sophisticated tools to gather intellgence
                                      1. APT - They get into a system and stay there (persistent). The goal is get a naval intelligence or a state department intelligence for example
                                      2. Script Kiddies
                                        1. Trivial attack knowledge
                                          1. easy to block or firewalling
                                        2. People and/or organization that actualy do the type of attacks
                                        3. 3 - Risk (2)
                                          1. Managing Risk (4)
                                            1. 2) Risk Response
                                              1. Mitigation
                                                1. apply security controls to reduce the likelihood of a bad thing will happen
                                                2. Avoidance
                                                  1. do nothing
                                                  2. Transference
                                                    1. Offload the risk
                                                    2. Acceptance
                                                    3. 1) Risk Assessment/Identification
                                                      1. Guides for RA/I (4)
                                                        1. Secure Configuration Guides
                                                          1. Recomendations by the Vendor
                                                          2. General Purpose Guides
                                                            1. (general) list of security controls
                                                            2. Network Infra Devices
                                                              1. Guides for routers, switches, wlans...
                                                              2. Benchmark
                                                              3. RA/I = Vulnerability Assessment + Threat Assessment
                                                                1. Steps
                                                                  1. I) catalog and define the assets
                                                                    1. II) List of potential vulnerabilities using a tool.
                                                                      1. VULNERABILITY SCAN - use a toolkit to list (new) vulnerabilities
                                                                        1. PEN TEST - Exploits know/found vulnerabilities
                                                                        2. III) threat assessments
                                                                      2. 3) Frameworks
                                                                        1. a methodology/workflow that helps a security pro deal with risk management
                                                                          1. a) Regulatory
                                                                            1. c) national standards
                                                                              1. b) non-regulatory
                                                                                1. d) international standards
                                                                                  1. e) industry sspeciic frameworks
                                                                                    1. Most famous frameworks: NIST SP800-37 and ISO 27000
                                                                                      1. NIST SP800-37 6 steps
                                                                                        1. I) Categorize
                                                                                          1. Huge list of assets, workflows and process
                                                                                          2. II) Select (SC'S)
                                                                                            1. IV) Assess (avaliar)
                                                                                              1. verify if everything works
                                                                                              2. III) Implement (SC'S)
                                                                                                1. V) Authorize
                                                                                                  1. pull everything online
                                                                                                  2. VI) Monitor
                                                                                                2. 4) Security Controls
                                                                                                  1. The SC came ( are defined) from policies and organization standards
                                                                                                    1. it's an action that we apply to our IT infrastructure to do ONE of the two things
                                                                                                      1. 1) Protect IT infra: APLLY, MONITORING and ADJUST the SC on the needs of the infra
                                                                                                        1. 2) Remediate Problems
                                                                                                        2. Categories of SC
                                                                                                          1. c) Technical Control
                                                                                                            1. Controls actions of IT SYSTEMS make towards IT security
                                                                                                            2. b) Phisical Control
                                                                                                              1. Controls actions of REAL WORLD ACTORS make towards IT security
                                                                                                              2. a) Administrative Control
                                                                                                                1. Controls action PEOPLE make towards (em relação) IT security
                                                                                                                  1. Controls with: Policies, guidelines, best practices
                                                                                                                2. SC Functions
                                                                                                                  1. c) Corrective
                                                                                                                    1. used to correct a condition when there is either no control at all, or the existing control is ineffective
                                                                                                                      1. temporary
                                                                                                                      2. e) Compensative
                                                                                                                        1. assists and mitigates the risk an existing control is unable to mitigate
                                                                                                                        2. d) Detective (detectar)
                                                                                                                          1. recognize an actor's threat
                                                                                                                          2. b) Preventative
                                                                                                                            1. Stops the actor from performing the threat. The actor DOES NOT KNOW that control exists
                                                                                                                            2. a) Deterrent (Dificultar/Intimidar)
                                                                                                                              1. keeps someone from performing a malicious act. The actor HAS THE KNOWLEDGE of this control
                                                                                                                            3. Another SC's
                                                                                                                              1. Mandatory Vacation
                                                                                                                                1. Vacation in any different times of the year
                                                                                                                                2. Multi-Person Control
                                                                                                                                  1. more than one people to accomplish a mission
                                                                                                                                  2. Least Privilege
                                                                                                                                    1. use only the necessary resources
                                                                                                                                    2. Separation of Duties
                                                                                                                                      1. Dual execution
                                                                                                                                      2. Job Rotation
                                                                                                                                  3. Is the likelihood of being target by a given attack
                                                                                                                                    1. Terms (5)
                                                                                                                                      1. Assets (ativos) (4)
                                                                                                                                        1. a) Places
                                                                                                                                          1. b) People
                                                                                                                                            1. c) Hardware
                                                                                                                                              1. d) Software
                                                                                                                                              2. Vulnerabilities
                                                                                                                                                1. weakness of an asset
                                                                                                                                                2. Threats
                                                                                                                                                  1. negative event who exploits a vulnerability
                                                                                                                                                    1. Structural Threat
                                                                                                                                                      1. fail on an equipment or lost of power supply
                                                                                                                                                      2. Accidental Threat
                                                                                                                                                        1. Authorized people who doing something wrong accidentaly
                                                                                                                                                        2. Adversarial Threat
                                                                                                                                                          1. Hacker or a Malware (intentional)
                                                                                                                                                          2. Enviroment
                                                                                                                                                            1. fires, earthquake
                                                                                                                                                          3. Likelihood (2)
                                                                                                                                                            1. defines the level of certainty that something bad will happen
                                                                                                                                                              1. Quantitative Risk
                                                                                                                                                                1. porcentage
                                                                                                                                                                2. Qualitative Risk
                                                                                                                                                                  1. risk low, medium, high
                                                                                                                                                                3. Impact
                                                                                                                                                                  1. Harm caused by a threat
                                                                                                                                                                4. THREATS + (applys) VULNERABILITIES = RISK
                                                                                                                                                                  1. FORMULA RISK = PROBABILITY X LOSS
                                                                                                                                                                  2. 5 - Defense in Depth (2)
                                                                                                                                                                    1. Diversity VS Redundancy
                                                                                                                                                                      1. 1) Diversity
                                                                                                                                                                        1. ADM TECH PHIS
                                                                                                                                                                          1. Different types of controls in a same objective. EX: block facebook warning in policy and block the website in work hours
                                                                                                                                                                            1. Vendor Diversity
                                                                                                                                                                              1. Method of Defense in depth with technicals controls
                                                                                                                                                                            2. 2) Redundancy
                                                                                                                                                                              1. Add layers of the same type of control. EX: block malware with antimalware on a pc and on a firewall
                                                                                                                                                                          2. 6 - IT Secure Governance
                                                                                                                                                                            1. 1) Sources (4)
                                                                                                                                                                              1. a) Laws and regulations
                                                                                                                                                                                1. b) Standards
                                                                                                                                                                                  1. Government standards
                                                                                                                                                                                    1. Industry Standards
                                                                                                                                                                                    2. d) Common Sense
                                                                                                                                                                                      1. c) Best Practices
                                                                                                                                                                                      2. Influences how the organization conducts IT security
                                                                                                                                                                                        1. 2) Documents (4)
                                                                                                                                                                                          1. b) Organizational Standards
                                                                                                                                                                                            1. Defines the acceptable level of performance for our policy
                                                                                                                                                                                              1. Much more detailed than a policy
                                                                                                                                                                                                1. EX: Policy: use a strong password. OS: 12 chars alphanumerics
                                                                                                                                                                                                2. c) Procedures
                                                                                                                                                                                                  1. a step by step processes
                                                                                                                                                                                                  2. d) Guidelines
                                                                                                                                                                                                    1. Optional
                                                                                                                                                                                                    2. a) Policies (7)
                                                                                                                                                                                                      1. I) Acceptable Use Policy (AUP)
                                                                                                                                                                                                        1. document that identifies exactly what is appropriate and what is not appropriate activity on an organization’s network
                                                                                                                                                                                                          1. RULES OF BEHAVIOUR
                                                                                                                                                                                                            1. document of a new employer have to sign
                                                                                                                                                                                                            2. used as directives. EX: this will do this
                                                                                                                                                                                                              1. VI) Privacy Policy
                                                                                                                                                                                                                1. defines how your data, or data usage will be shared with other resources
                                                                                                                                                                                                                  1. are often for customers. Ex: facebook and the use of our data
                                                                                                                                                                                                                  2. V) Care and Use of the Equipment
                                                                                                                                                                                                                    1. Maintenance of the equipment
                                                                                                                                                                                                                    2. IV) Password Policy
                                                                                                                                                                                                                      1. Password recovery, bad login, password retention, password reuse
                                                                                                                                                                                                                      2. III) Access control Policies
                                                                                                                                                                                                                        1. defines how to get acces to data or resourcers by the job you have
                                                                                                                                                                                                                        2. II) Data Sensitive and Cassification Policies
                                                                                                                                                                                                                          1. Classifications and labels
                                                                                                                                                                                                                          2. VII) Personnel Policy
                                                                                                                                                                                                                            1. People using OUR data
                                                                                                                                                                                                                            2. Document that defines how we're going to be doing something. EX: policy that defines what employers can or can't do on the organization equipments
                                                                                                                                                                                                                              1. Broad in nature
                                                                                                                                                                                                                                1. Define roles and responsabilities
                                                                                                                                                                                                                            3. 7 - Business Impact Analisys (BIA)
                                                                                                                                                                                                                              1. Privacy Threshold Assessment (PTA)
                                                                                                                                                                                                                                1. is a process that a company uses to analyze how personal information is protected within an IT system. This process reviews how the information is collected, manipulated, transferred, or transmitted.
                                                                                                                                                                                                                            4. 2 - CRYPTOGRAPHY (10)
                                                                                                                                                                                                                              1. 1 - Basics ()
                                                                                                                                                                                                                                1. 2) Encryption/Decryption
                                                                                                                                                                                                                                  1. a) Cesar Cipher
                                                                                                                                                                                                                                    1. Substitution
                                                                                                                                                                                                                                      1. Cornestone of Caesar Cypher
                                                                                                                                                                                                                                    2. c) Exclusive OR (XOR)
                                                                                                                                                                                                                                      1. Phrase to binary
                                                                                                                                                                                                                                      2. b) Vigenere Cipher
                                                                                                                                                                                                                                        1. Caesar Cipher + Confusion
                                                                                                                                                                                                                                        2. Data encryption
                                                                                                                                                                                                                                          1. a) Data at Rest
                                                                                                                                                                                                                                            1. data encrypted stored on hard drive
                                                                                                                                                                                                                                            2. c) Data in process
                                                                                                                                                                                                                                              1. data in RAM or CPU
                                                                                                                                                                                                                                              2. b) Data in transit
                                                                                                                                                                                                                                                1. Ex: IP call or a text message
                                                                                                                                                                                                                                            3. 1) Obfuscation
                                                                                                                                                                                                                                              1. Diffusion
                                                                                                                                                                                                                                                1. make less visible, less obvious
                                                                                                                                                                                                                                                2. Confusion
                                                                                                                                                                                                                                                  1. make stirred up (agitado)
                                                                                                                                                                                                                                              2. Study of taking data and make it hidden in some way so that other people can't see it
                                                                                                                                                                                                                                                1. Provides CONFIDENTIALITY and INTEGRITY
                                                                                                                                                                                                                                                  1. 2 - Cryptography Methods
                                                                                                                                                                                                                                                    1. 1) Simetric Encryption
                                                                                                                                                                                                                                                      1. Primary way we encrypt data
                                                                                                                                                                                                                                                        1. Session Key
                                                                                                                                                                                                                                                          1. Key used in a moment of the exchange
                                                                                                                                                                                                                                                            1. Forms of exchange
                                                                                                                                                                                                                                                              1. OUT-BAND - Send the key outside the network
                                                                                                                                                                                                                                                                1. IN-BAND - Send the key with the encrypted data. VERY RISKY
                                                                                                                                                                                                                                                                2. Ephemeral Key - temporary key
                                                                                                                                                                                                                                                                  1. Perfect Forward Secrecy (PFS)
                                                                                                                                                                                                                                                                    1. Method of exchange key in every single session
                                                                                                                                                                                                                                                              2. 2) Asymmetric Encryption
                                                                                                                                                                                                                                                                1. Key pair
                                                                                                                                                                                                                                                                  1. Public Key
                                                                                                                                                                                                                                                                    1. Only ENCRYPT
                                                                                                                                                                                                                                                                    2. Private Key
                                                                                                                                                                                                                                                                      1. Only DECRYPT
                                                                                                                                                                                                                                                                    3. Used to send a secure session key
                                                                                                                                                                                                                                                                    4. Cryptosystems - Highly defined process tha programs do to define key properties, communications requirements for key exchange an actions taken through encryption and decryption
                                                                                                                                                                                                                                                                    5. 4 - Asymmetric Algorithms
                                                                                                                                                                                                                                                                      1. b) Elliptic Curve Cryptography
                                                                                                                                                                                                                                                                        1. VERY SMALL KEYS but with the same robustness as RSA keys
                                                                                                                                                                                                                                                                        2. a) Rivest Shamir Edelman (RSA)
                                                                                                                                                                                                                                                                          1. PRIME NUMBERS
                                                                                                                                                                                                                                                                            1. Larger keys
                                                                                                                                                                                                                                                                            2. c) Diffie-Helman
                                                                                                                                                                                                                                                                              1. Used to EXCHANGE SYMMETRIC KEYS
                                                                                                                                                                                                                                                                                1. DH GROUPS - table used for negotiation the size of the key
                                                                                                                                                                                                                                                                                  1. DH does not encrypt or authenticate
                                                                                                                                                                                                                                                                                    1. EDH - Ephemeral DH - PFS
                                                                                                                                                                                                                                                                                      1. ECDH - Elliptic Curve Diffie-Helman
                                                                                                                                                                                                                                                                                      2. d) Pretty Good Privacy (PGP)
                                                                                                                                                                                                                                                                                        1. originally used for E-MAIL encryption
                                                                                                                                                                                                                                                                                          1. Public Key Private Key Random Key
                                                                                                                                                                                                                                                                                            1. PGP Certificate - Web of Trust
                                                                                                                                                                                                                                                                                              1. Payd Version (Symantec)
                                                                                                                                                                                                                                                                                                1. Encrypt Mass Storages, Cloud Solutions and bitlocker
                                                                                                                                                                                                                                                                                                2. OpenPGP - Free
                                                                                                                                                                                                                                                                                                  1. Encrypt e-mail, S/MIME, PKI support
                                                                                                                                                                                                                                                                                                  2. GNU Privacy Guard (GPG)
                                                                                                                                                                                                                                                                                                    1. Encrypt files and disk
                                                                                                                                                                                                                                                                                                      1. OpenPGP
                                                                                                                                                                                                                                                                                                  3. 5) Hashing
                                                                                                                                                                                                                                                                                                    1. Provides Integrity
                                                                                                                                                                                                                                                                                                      1. Fixed Value of MESSAGE DIGGEST
                                                                                                                                                                                                                                                                                                        1. one way
                                                                                                                                                                                                                                                                                                          1. Hash Types
                                                                                                                                                                                                                                                                                                            1. a) Message Diggest 5 (MD5)
                                                                                                                                                                                                                                                                                                              1. Grandpa of Hashes
                                                                                                                                                                                                                                                                                                                1. 128bit hash
                                                                                                                                                                                                                                                                                                                2. c) Race Integrity Primitives Evaluation Message (RIPEMD)
                                                                                                                                                                                                                                                                                                                  1. Open Standard
                                                                                                                                                                                                                                                                                                                    1. NOT very common
                                                                                                                                                                                                                                                                                                                      1. 128, 160, 256 and 320bit versions
                                                                                                                                                                                                                                                                                                                      2. b) Secure Hash Algorithm (SHA)
                                                                                                                                                                                                                                                                                                                        1. Developed by NIS
                                                                                                                                                                                                                                                                                                                          1. SHA 1
                                                                                                                                                                                                                                                                                                                            1. 160bit hash
                                                                                                                                                                                                                                                                                                                            2. SHA 2
                                                                                                                                                                                                                                                                                                                              1. Separated by the lenght of the bit hash: SHA 256 or SHA 512
                                                                                                                                                                                                                                                                                                                            3. d) Hash Based Message Authentication (HMAC)
                                                                                                                                                                                                                                                                                                                              1. HMAC - MD5 HMAC - SHA1
                                                                                                                                                                                                                                                                                                                                1. Integrity authenticity
                                                                                                                                                                                                                                                                                                                                  1. used in protocols as IPSEC and TLS
                                                                                                                                                                                                                                                                                                                                    1. HASH + SECRET KEY
                                                                                                                                                                                                                                                                                                                                  2. Collision - 2 different hashes with the same value
                                                                                                                                                                                                                                                                                                                                    1. Use of Hashes - PASSWORD CHECK and Encryption
                                                                                                                                                                                                                                                                                                                                    2. 6 - Steganography
                                                                                                                                                                                                                                                                                                                                      1. Process of taking some data and hide in other data
                                                                                                                                                                                                                                                                                                                                        1. the message may or may not be encrypted
                                                                                                                                                                                                                                                                                                                                          1. commonly used with graphic images
                                                                                                                                                                                                                                                                                                                                          2. 7 - Certificates and Trust
                                                                                                                                                                                                                                                                                                                                            1. 2) Types of Trust
                                                                                                                                                                                                                                                                                                                                              1. c) PKI
                                                                                                                                                                                                                                                                                                                                                1. I) Certification Authority (CA)
                                                                                                                                                                                                                                                                                                                                                  1. II) Intermediate CA
                                                                                                                                                                                                                                                                                                                                                  2. b) Web of Trust
                                                                                                                                                                                                                                                                                                                                                    1. a) Unsign Certificate
                                                                                                                                                                                                                                                                                                                                                      1. d) Mutual Authentication
                                                                                                                                                                                                                                                                                                                                                      2. 1) Concepts
                                                                                                                                                                                                                                                                                                                                                        1. a) Digital Signature
                                                                                                                                                                                                                                                                                                                                                          1. Hash of a document using a private key of the sender
                                                                                                                                                                                                                                                                                                                                                            1. Authentication - proves source of the message
                                                                                                                                                                                                                                                                                                                                                              1. Non-Repudiation
                                                                                                                                                                                                                                                                                                                                                                1. the message dosn't need to be encrypted
                                                                                                                                                                                                                                                                                                                                                                2. b) Digital Certificate
                                                                                                                                                                                                                                                                                                                                                                  1. I) Sender Public key
                                                                                                                                                                                                                                                                                                                                                                    1. II) Sender Digital Signature
                                                                                                                                                                                                                                                                                                                                                                      1. III) Third Party Digital Signature
                                                                                                                                                                                                                                                                                                                                                                    2. 3) CRL and OCSP
                                                                                                                                                                                                                                                                                                                                                                      1. a) Certificate Revocation List (CRL)
                                                                                                                                                                                                                                                                                                                                                                        1. b) Online Certificate Status Protocol (OCSP)
                                                                                                                                                                                                                                                                                                                                                                        2. 5) Chain of Trust
                                                                                                                                                                                                                                                                                                                                                                          1. 4) Key escrow (garantia)
                                                                                                                                                                                                                                                                                                                                                                            1. 6) PKCS
                                                                                                                                                                                                                                                                                                                                                                              1. a) PKCS 7
                                                                                                                                                                                                                                                                                                                                                                                1. B) PKCS 12
                                                                                                                                                                                                                                                                                                                                                                              2. 8 - Cryptography Attacks
                                                                                                                                                                                                                                                                                                                                                                                1. Password Attacks
                                                                                                                                                                                                                                                                                                                                                                                  1. a) Brutte Force
                                                                                                                                                                                                                                                                                                                                                                                          1. b) Dictionary Attack
                                                                                                                                                                                                                                                                                                                                                                                            1. c) Rainbow Table
                                                                                                                                                                                                                                                                                                                                                                                              1. Salt
                                                                                                                                                                                                                                                                                                                                                                                                1. Algorithm + key
                                                                                                                                                                                                                                                                                                                                                                                                  1. Algorithm - math operation who convert data from plaintext to cyphertext (vice versa)
                                                                                                                                                                                                                                                                                                                                                                                                  2. Cryptoanalysis - break encrypted codes
                                                                                                                                                                                                                                                                                                                                                                                                    1. 3 - Symmetric Cryptosystems
                                                                                                                                                                                                                                                                                                                                                                                                      1. Block Cipher
                                                                                                                                                                                                                                                                                                                                                                                                        1. Blocks with fixed size (generaly 64bits)
                                                                                                                                                                                                                                                                                                                                                                                                        2. 1) Algorithms with block cypher
                                                                                                                                                                                                                                                                                                                                                                                                          1. b) Triple Data Encryption Standard (3DES)
                                                                                                                                                                                                                                                                                                                                                                                                            1. 64bit block size
                                                                                                                                                                                                                                                                                                                                                                                                              1. 16 rounds
                                                                                                                                                                                                                                                                                                                                                                                                                1. 128BIT KEY
                                                                                                                                                                                                                                                                                                                                                                                                                2. a) Data Encryption Standard (DES)
                                                                                                                                                                                                                                                                                                                                                                                                                  1. 64bit block size
                                                                                                                                                                                                                                                                                                                                                                                                                    1. 56BIT KEY = 64bit - 8bit dropped
                                                                                                                                                                                                                                                                                                                                                                                                                      1. Feistel Function
                                                                                                                                                                                                                                                                                                                                                                                                                        1. 16 rounds
                                                                                                                                                                                                                                                                                                                                                                                                                        2. d) Advanced Encryption Standard (AES) (Rijndael)
                                                                                                                                                                                                                                                                                                                                                                                                                          1. 128 block size
                                                                                                                                                                                                                                                                                                                                                                                                                            1. 128, 192 or 256 key size
                                                                                                                                                                                                                                                                                                                                                                                                                              1. Winner of the american government contest
                                                                                                                                                                                                                                                                                                                                                                                                                              2. c) Blowfish
                                                                                                                                                                                                                                                                                                                                                                                                                                1. 64bit size
                                                                                                                                                                                                                                                                                                                                                                                                                                  1. 16 rounds
                                                                                                                                                                                                                                                                                                                                                                                                                                    1. 32 to 448 key size
                                                                                                                                                                                                                                                                                                                                                                                                                                    2. e) Twofish
                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Finalista com o AES
                                                                                                                                                                                                                                                                                                                                                                                                                                    3. Streaming Ciphers
                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Randomization
                                                                                                                                                                                                                                                                                                                                                                                                                                        1. One bit at a time
                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Uses XOR to randomize
                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 2) Algorithm with stream cypher
                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Rivest Cipher 4 (RC4)
                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 40 - 2048 key size
                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 3) Symmetric Block Modes
                                                                                                                                                                                                                                                                                                                                                                                                                                            1. a) Eletronic CodeBook (ECB)
                                                                                                                                                                                                                                                                                                                                                                                                                                              1. uses Same key - generates same results
                                                                                                                                                                                                                                                                                                                                                                                                                                                1. not used anymore
                                                                                                                                                                                                                                                                                                                                                                                                                                                2. c) Cipher Feedback (CFB)
                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. I) Encrypt the I.V
                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. II) XOR the encrypted I.V with the plaintext
                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. III) The cyphertext replaces I.V in subsequent rounds
                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. b) Cipher Block Chaining (CBC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. I) XOR I.V and Plaintext
                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. II) Encrypt the result generating the CYPHERTEXT
                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. III) The cyphertext replaces I.V in subsequent rounds
                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. d) Output Feedback
                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Same as CFB
                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. The only difference is that the I.V never changes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. e) Counter (CTR)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. I) N+C is Encrypted
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. NONCE + COUNTER (0, 1, 2, ..., N, N+1...)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. II) The result is XORed with the plaintext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. III) CYPHERTEXT 0 CYPHERTEXT 1 CYPHERTEXT N CYPHERTEXT N+1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. NONCE - is an arbitrary number that can be used just once in a cryptographic communication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. 4 - Tools of the Trade
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. 1) OS Utilities
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. a) Ping
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. No need to use the command -t in a linux system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. used to verify that a device can communicate with another on a network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. uses ICMP protocol
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. DNS Tool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. b) Netstat (network statistics)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. netstat - n
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. shows with who you communicate
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. is a command who shows with whom you talking and who you listen
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. show ports who you are comunicating
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. netstat - a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. shows all active conections (open ports to see which are listening)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. c) tracert (Trace Route)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. is a function which traces the entire path (of routers) from one network to another.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. d) Arp (Adress Resolution Protocol)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Resolves IP adress to MAC adress (associate a local IP address with the MAC address)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. e) ipconfig
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. providest the IP Adress and the ethernet details
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. the -all shows the MAC Adress
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Ifconfig does the same on linux
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. g) netcat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Open ports and put on listening mode. Used for aggressive actions. Used for PEN TEST and VULNERABILITY ASSESSMENT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Become a BACKDOOR
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. f) nslookup
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. queries (consultas) to a DNS server, and quick change to another server. Shows our server and the adress
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. DIG does the same on linux
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 2) Network Scanners
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. a) Nmap (network mapper)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. allows you to gather information from ALL of the different devices across the network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Performs Port, OS and Service scan
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. used to determine what services might be running on a remote device
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3. 3) Protocol Analizers
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. a) Wreshark
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. I) Sniffer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Tools that are actually grabbing all the data that's going in and out of a particular
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. II) Broadcast Storm
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. A state in which a message that has been broadcast across a network results in even more responses, and each response results in still more responses in a snowball effect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. Protocol analyzers are tools that have for two functions: 1 - Sniff and 2 - Analyze the network traffic coming in and out of a specific host computer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. b) TCP DUMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Runs only on LINUX
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Sniff better than Wireshark
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 4) SNMP (Simple Network Management Protocol)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 1 - Actors
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. SNMP Manager
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Ports: UDP 162 and TLS 10162
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Network Management Station (NMS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Interface who did the queries to all managed devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Agent
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. It's a MANAGED DEVICE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Ports: UDP 161 and TLS 10161
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Management Information Base (MIB)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Built in every managed device
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. it's the way to talk properly to differents agents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 4 - CACTI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 3 - Versions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. V1 - without encryption
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. V2 - Basic Encryption
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. v3 - TLS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. this 3 versions talks to itself
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 2 - Commands
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Walk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. It's a batch of GETS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. GET
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. NMS send some query to a managed device
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Trap
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. TRAPS are initiated by the Agents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. It is a signal to the SNMP Manager by the Agent on the occurrence of an event
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 5 - Comunity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Group of Managed Devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        3. 5) Logs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 1 - Groups
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. a) Non-Network Logs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. I) OS Events
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Host starting Host shutdown OS updates Reboot
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Events that take place on a host even if that host is unplugged from a network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. II) Application Events
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. App Instalation App Starting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. III) Security Events
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Logons success and falures
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. They probably have a DATE, TIME, Account and Event number
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. b) Network Logs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Is something that takes place on a host that has to deal with the communication between that host and something on the network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. I) OS level
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Remote Logons (succes or fail)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. II) App level
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Activity on Web Server
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Activity on Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3. 2 - Forms
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 2 - Decentralized Logging
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Logs in every computer of a network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 1 - Centralized Logging
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. uses a central repository
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. SNMP Systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. 3 - Monitoring as a Service (MaaS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Service offered by third parties to monitor all logs of an organization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. 5 - Securing Individual Systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. 1) Denial of Service (DoS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. a) Volumetric Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. I) Ping Flood
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. II) UDP Flood
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Easy to stop today
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. b) Protocol Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. I) SYN Flood/TCP SYN Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Do naught things to the protocol to create confusion
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. The most common type of DoS Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Still a huge problem today
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. c) Application Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. I) Slow Loris attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Loris é um animal devagar
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. II) Amplification Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Smurf Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. The attacker broadcasts ICMP packets attached with the false IP address (spoofing) of the victim. The others computers respond this request and flood the server.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. DDoS - uses BotNet, and are the nightmare of attacks
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4. 2) Host Threats
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. a) SPAM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Can't cause danger
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Often came from a legitm source
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. b) Phishing/ Spear Phishing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. For the exam, came only from EMAIL
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Phishing - broadcast E-MAIL that trying to take some personal information of the victm/victms.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Spear Phishing - individual target, craft a fake email tailored for that person
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. c) SpIM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. receive spam via INSTANT MESSAGING
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. d) Vishing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. V from VOICE - Phone
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. e) ClickJacking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Click in something and goes to another site
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. f) Typpo Squading
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. use of similar web sites like gogle.com, waiting for someone type a wrong address and goes to a similar but naughty site
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. g) Domain Hijacking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. when somebody hijack your domain and ask for money to give it back
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. h) Privilege Scalation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Get higher privilege to do naughty things on the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3. 3) Man-in-the-Middle
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. a) Wired MitM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Intercepts the communication and passes it to another destination
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. ARP Poisoning
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Ettercap - ferramenta de segurança de rede gratuita e de código aberto para ataques man-in-the-middle na LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. b) Replay Atttack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. c) Seesion Hijacking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 7 - Secure Protocols
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 8 - Testing Your Infrastructure
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 9 - Dealing with Incidents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 3 - Identity and Access Management ()
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1) Identification, Authorization, Authentication (3)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. 1 - Identification
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. FIRST STEP in the process and involves the user show his/her credential to the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. EX: type a username in a logio screen
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. 2 - Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Authentication factors
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. b) Something you have
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Token
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Smart Card
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. RSA Key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. a) Something you know
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Password
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Pin Code
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Captcha
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Security Questions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. c) Something you are/about you (physically)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Biometric
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Iris Scanner
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Facial Recognition
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. e) Something you do
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. The rhythym of a person typing a password
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. d) Somewhere you are
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. uses geography
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Multifactor Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Password + Biometric
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. Federation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4. 3 - Authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. What rights do I have to the system, ONCE AUTHENTICATED
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Concepts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Administrator has to assign (atribuir) permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. EX: permission to write an archive
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. We apply to resources
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3. Rights/Privileges
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. assign to a systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. EX: right to be able to change password, or right to log remotely
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Strategies
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Least privilege
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Separation of duties
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4. 2) Access Control List
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Authorization Models (5)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1) Mandatory Access Control (MAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. the OPERATING SYSTEM provides limits of access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Every object gets a label
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Rules of access defined by the admin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Users CAN'T change this settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Strong Method
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. 2) Discretionary Access Control (MAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. a) used in most operating systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. b) the creator of the archive is the OWNER and can modify access at any time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. c) The owner define the permissions for the other users
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. d) Flexible and weak
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Access properties are stored in ACL's
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. 3) ROLE Based Access Control (RBAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Windows uses GROUPS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. broader form of control that’s based on your particular role in the organization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Ex: Manager, Director, Operator
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. the administrator determines what type of access a user has
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. 4) RULE Based Access Control
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Access is based in a set of rules defined by a system administrator
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Access properties are stored in ACL's
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 5) Attribute Based Access Control (ABAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Complex relationships - access based on many different criteria
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Combine parameters like IP, time of the day, desired action
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. Implicity Deny - prevents access unless specifically permited
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 3) Password Security ()
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Security Policy (3)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1) Complexity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Length and characters requirements
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 2) Age or Expiration
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Reset and time triggers
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Minimum password age
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. force users to use a password for a minimum amount of time before they are allowed to change it. EX: 2 days
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Maximum password age
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. used to EXPIRE a password after a certain time period.: EX: 180 days
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. 3) Password History
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Reusage and Retention
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. simply records a previous number of passwords, so that they cannot be reused in the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 4) Group policy objects
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Active Directory is an example
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Applied to Domains, Groups, Individual sites, Organization Units
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 4) Linux File Permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. rwxrwxrwx
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 3 primeiros OWNER/CREATOR
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 3 do meio GROUP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. 3 finais EVERYBODY ELSE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. r - read
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. w - write
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. edit, add or delete a file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. x - execute
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. run a file and CD to a different directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. go to another directory only if you have the X permission
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. Open a file and view contents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. CHMODE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. command that allow to change permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. r=4; w=2; x=1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. EX: r-x = 5; -w- = 2; rwx= 7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Need a SUDO command before
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3. CHOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. command that allow to change the OWNER of a particular file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Need a SUDO command before
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. PASSWD
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. command that allow to change the user password
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3. 5) Windows File Permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Accepts set individual permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Create users and put them into groups with NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. INHERITANCE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 1a) Commands to a folder
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 4) List folder contents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Just see the contents of folder, subfolders and archives, but NOT have the access to read them
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 1) Modify
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. R, W and delete subfolders and files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. 2) Read/Excecute
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. See contents and run programs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. 3) Write
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. write to files and creates new files and folders
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 5) read
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. view contents and open data files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. 1b) Commands to a file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 1) Modify
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. R,W and delete the file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 2) Read/Excecute
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Open and run the file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. 3) Write
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Open and write to the file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. 4) read
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Open the files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. DENY CHECKBOX IS STRONGER THAN ALLOW. DENY turn off inheritance
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. 2) copy and move permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Copy to different drives Copy to the same drive and Move to different drives
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Do the copy and not keep the NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Move to the same drive
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. The only situation that copy and keeps the NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4. 6) User Account Management
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. 1) Continuous Access Monitoring
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Track LOG IN/LOG OFF activity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Track file access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 2) Shared Accounts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Don't do Shared Accounts!
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 4) Default Accounts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 3) Multiple Accounts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Use different names and passwords
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 7) AAA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Identification
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Usualy your USERNAME (who you claim to be)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Need to be Centralized
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. proves you are who you say you are
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. your PASSWORD and others authentication factors
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. what access do you have? (after ID and Authentication)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Audition
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Resources used: Login time, data sent and received, Logout time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. usernames/passwords
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Uses Multi-factor authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Types of system who took care of AAA:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. b) Terminal Access Controler Assess-Control System Plus (TACACS+)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Really good in manager a bunch of devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Decouples authorization from authentication taking care of both more carefully
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Takes care of authorization aspect really well
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. TCP port 49
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Good in auditing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Encrypts all the information betwenn user and client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. c) DIAMETER
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. EAP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. a) Remote Authorization Dial-In User Service (RADIUS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. As it says, support DIAL-IN network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. I) RADIUS SERVER
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. The system that checks the authentication is the RADIUS server
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. II) RADIUS CLIENT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. is the GATEWAY in the middle of whos trying to get authenticated and of who authenticates
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. III) RADIUS SUPLICANT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. the person/system who's triyng to get authenticated
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Protocol who offers centralized management of AAA for users who connect and use the service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Used for network access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Can use up to 4 different ports: 1812 1813 (TCP/UDP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Mix the authorization and authentication services
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Not so good (sometimes do not do) authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Good in authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Good in Auditing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Encrypt only the password between user and client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. 8) Authentication Methods
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. a) Password Authentication Protocol (PAP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Just pass to the server username and password IN THE CLEAR
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Is not used anymore
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. b) Challenge-Handshake Authentication Protocol (CHAP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. First to give some form of protection to the authentication process
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. MS-CHAP is the Microsoft version of the protocol
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. To encrypt all the traffic btween cient and server, MS-CHAP uses Microsoft Point-to-Point Encryption (MPPE)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. Steps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. I) After link is established, the Server sends a challenge message to the client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. II) The Client responds with a password hash
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. III) Server compare send and stored hashes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. IV) after this process, the server continues sending challenges periodically. Users never know it happens
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. MS-CHAPV2 uses new feature of authenticate user and client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. c) NT LAN MANAGER (NTLM)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Same as CHAP but this time, Client and Server exchange Challenger Messages
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Double check (server and client sides)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. d) Kerberos
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Domain Controlers is known as Key Distribution Center (KDC) who has 2 main functions:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. a) Authentication Service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. listen on TCP/UDP 88 PORTS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Distributes a TICKET GRANTING TICKET (TGT) who shows that the client is authenticated (but NOT authorized) to the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. b) Ticket Granting Service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. listen on TCP/UDP 88 PORTS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Gets the TGT and generates a SESSION KEY to the client with only the authorization that he needs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. A new session key is generated every time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Authenticate once, trusted by the system (Multi-Authentication)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. No need to reauthenticate
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Protected aganist Man in the middle or replay attacks
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. e) Securty Assertion Markup Language (SAML)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. used for web applications
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. XML
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. f) Lightweight Directory Access Protocol (LDAP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Uses TCP/UDP port 389
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. SSL port 636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. g) Time-based One-Time Password (TOTP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Generates temporary password and change in a period of time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3. 9) Single Sign-On (SSO)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Secure Assertion Mark-up Language (SAML)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1 - Concepts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. a) Identity Provider (IP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. is a system entity that issues authentication assertions in conjunction with a single sign-on
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. b) Service Provider
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. All the different web apps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. EX: Cameras, Printers,
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. For web apps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Allow to login into a whole bunch of devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 2 - Steps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. I) The client sign on into the Identity Provider who gives an authentication TOKEN to the client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. III) And then all the service providers are available to the Client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. II) The Identity Provider connects with the Service(s) Provider(s) via VPN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. Federated Systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. LAN uses Active Directory as Single Sign-On tool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Remember the security you going to need:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. if you talking about LAN, you have to use ACTIVE DIRECTORY
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. If you talk about widespread all over the place, you have to use SAML
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. (Secure European System for Applications in a Multivendor Environment) SESAME
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. is a European-developed authentication protocol that can provide for single sign-on capability
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Uses LDAP and Kerberos
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. 6 - LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. 6.1 - The Basic LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 6.2 -Beyond the Basic LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Show full summary Hide full summary

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Similar

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Security + SY0 501
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Dainius Nesvarbu
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        AWS CSA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        T Haile
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Simulado Cert IPMA-D
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Jorge Kolotelo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Atividades - 01
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Atividade Seg02
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Security+ Acronyms
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Lyndsay Badding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Avaliação SEG01
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Avaliação Seg02
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10 Basic English Questions - Quiz 1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Leo JC
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Characteristics and Climate of a hot desert
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Adam Collinge
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        IB Chem Flashcards
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        j. stu