AWS CSA

Description

Mapa mental para estudo de certificação Security + SY0 501(inglês)
T Haile
Mind Map by T Haile, updated more than 1 year ago More Less
Sérgio Proba
Created by Sérgio Proba almost 6 years ago
Dainius Nesvarbu
Copied by Dainius Nesvarbu over 5 years ago
T Haile
Copied by T Haile almost 5 years ago
2
0

Resource summary

AWS CSA
  1. 1 - RISK MANAGEMENT ()
    1. 1) The CIA of Security (5)
      1. Confidentiality
        1. goal of Keep the data secret of anyone who doesn't have the need or right to access that data
        2. Integrity
          1. no modification
          2. Availability
            1. maintain the access of the data available to authorized users when they needed
            2. Audition/Accountability
              1. Keep track of things that go on. EX: who's been logging and what are they logging
              2. Non Repudiation
                1. a user can't deny that he performe a particular action
              3. 2) Threat Actors - TA (2)
                1. Attributes (5)
                  1. Intent
                    1. OSINT (Open Source Intelligence)
                      1. ex: Use of social media records to obtain information
                      2. Resources
                        1. Level of sophistication
                          1. Internal/External
                          2. Types of TA (5)
                            1. Hacktivist
                              1. Intent is a motivation
                              2. Organized Crime
                                1. Money is the goal
                                2. Insiders
                                  1. Not always a employee. They have access to a system (user name and password)
                                  2. Nation States/Advanced Persistent Threat (APT)
                                    1. Entire country with tremendous resources and sophisticated tools to gather intellgence
                                      1. APT - They get into a system and stay there (persistent). The goal is get a naval intelligence or a state department intelligence for example
                                      2. Script Kiddies
                                        1. Trivial attack knowledge
                                          1. easy to block or firewalling
                                        2. People and/or organization that actualy do the type of attacks
                                        3. 3 - Risk (2)
                                          1. Managing Risk (4)
                                            1. 2) Risk Response
                                              1. Mitigation
                                                1. apply security controls to reduce the likelihood of a bad thing will happen
                                                2. Avoidance
                                                  1. do nothing
                                                  2. Transference
                                                    1. Offload the risk
                                                    2. Acceptance
                                                    3. 1) Risk Assessment/Identification
                                                      1. Guides for RA/I (4)
                                                        1. Secure Configuration Guides
                                                          1. Recomendations by the Vendor
                                                          2. General Purpose Guides
                                                            1. (general) list of security controls
                                                            2. Network Infra Devices
                                                              1. Guides for routers, switches, wlans...
                                                              2. Benchmark
                                                              3. RA/I = Vulnerability Assessment + Threat Assessment
                                                                1. Steps
                                                                  1. I) catalog and define the assets
                                                                    1. II) List of potential vulnerabilities using a tool.
                                                                      1. VULNERABILITY SCAN - use a toolkit to list (new) vulnerabilities
                                                                        1. PEN TEST - Exploits know/found vulnerabilities
                                                                        2. III) threat assessments
                                                                      2. 3) Frameworks
                                                                        1. a methodology/workflow that helps a security pro deal with risk management
                                                                          1. a) Regulatory
                                                                            1. c) national standards
                                                                              1. b) non-regulatory
                                                                                1. d) international standards
                                                                                  1. e) industry sspeciic frameworks
                                                                                    1. Most famous frameworks: NIST SP800-37 and ISO 27000
                                                                                      1. NIST SP800-37 6 steps
                                                                                        1. I) Categorize
                                                                                          1. Huge list of assets, workflows and process
                                                                                          2. II) Select (SC'S)
                                                                                            1. IV) Assess (avaliar)
                                                                                              1. verify if everything works
                                                                                              2. III) Implement (SC'S)
                                                                                                1. V) Authorize
                                                                                                  1. pull everything online
                                                                                                  2. VI) Monitor
                                                                                                2. 4) Security Controls
                                                                                                  1. The SC came ( are defined) from policies and organization standards
                                                                                                    1. it's an action that we apply to our IT infrastructure to do ONE of the two things
                                                                                                      1. 1) Protect IT infra: APLLY, MONITORING and ADJUST the SC on the needs of the infra
                                                                                                        1. 2) Remediate Problems
                                                                                                        2. Categories of SC
                                                                                                          1. c) Technical Control
                                                                                                            1. Controls actions of IT SYSTEMS make towards IT security
                                                                                                            2. b) Phisical Control
                                                                                                              1. Controls actions of REAL WORLD ACTORS make towards IT security
                                                                                                              2. a) Administrative Control
                                                                                                                1. Controls action PEOPLE make towards (em relação) IT security
                                                                                                                  1. Controls with: Policies, guidelines, best practices
                                                                                                                2. SC Functions
                                                                                                                  1. c) Corrective
                                                                                                                    1. used to correct a condition when there is either no control at all, or the existing control is ineffective
                                                                                                                      1. temporary
                                                                                                                      2. e) Compensative
                                                                                                                        1. assists and mitigates the risk an existing control is unable to mitigate
                                                                                                                        2. d) Detective (detectar)
                                                                                                                          1. recognize an actor's threat
                                                                                                                          2. b) Preventative
                                                                                                                            1. Stops the actor from performing the threat. The actor DOES NOT KNOW that control exists
                                                                                                                            2. a) Deterrent (Dificultar/Intimidar)
                                                                                                                              1. keeps someone from performing a malicious act. The actor HAS THE KNOWLEDGE of this control
                                                                                                                            3. Another SC's
                                                                                                                              1. Mandatory Vacation
                                                                                                                                1. Vacation in any different times of the year
                                                                                                                                2. Multi-Person Control
                                                                                                                                  1. more than one people to accomplish a mission
                                                                                                                                  2. Least Privilege
                                                                                                                                    1. use only the necessary resources
                                                                                                                                    2. Separation of Duties
                                                                                                                                      1. Dual execution
                                                                                                                                      2. Job Rotation
                                                                                                                                  3. Is the likelihood of being target by a given attack
                                                                                                                                    1. Terms (5)
                                                                                                                                      1. Assets (ativos) (4)
                                                                                                                                        1. a) Places
                                                                                                                                          1. b) People
                                                                                                                                            1. c) Hardware
                                                                                                                                              1. d) Software
                                                                                                                                              2. Vulnerabilities
                                                                                                                                                1. weakness of an asset
                                                                                                                                                2. Threats
                                                                                                                                                  1. negative event who exploits a vulnerability
                                                                                                                                                    1. Structural Threat
                                                                                                                                                      1. fail on an equipment or lost of power supply
                                                                                                                                                      2. Accidental Threat
                                                                                                                                                        1. Authorized people who doing something wrong accidentaly
                                                                                                                                                        2. Adversarial Threat
                                                                                                                                                          1. Hacker or a Malware (intentional)
                                                                                                                                                          2. Enviroment
                                                                                                                                                            1. fires, earthquake
                                                                                                                                                          3. Likelihood (2)
                                                                                                                                                            1. defines the level of certainty that something bad will happen
                                                                                                                                                              1. Quantitative Risk
                                                                                                                                                                1. porcentage
                                                                                                                                                                2. Qualitative Risk
                                                                                                                                                                  1. risk low, medium, high
                                                                                                                                                                3. Impact
                                                                                                                                                                  1. Harm caused by a threat
                                                                                                                                                                4. THREATS + (applys) VULNERABILITIES = RISK
                                                                                                                                                                  1. FORMULA RISK = PROBABILITY X LOSS
                                                                                                                                                                  2. 5 - Defense in Depth (2)
                                                                                                                                                                    1. Diversity VS Redundancy
                                                                                                                                                                      1. 1) Diversity
                                                                                                                                                                        1. ADM TECH PHIS
                                                                                                                                                                          1. Different types of controls in a same objective. EX: block facebook warning in policy and block the website in work hours
                                                                                                                                                                            1. Vendor Diversity
                                                                                                                                                                              1. Method of Defense in depth with technicals controls
                                                                                                                                                                            2. 2) Redundancy
                                                                                                                                                                              1. Add layers of the same type of control. EX: block malware with antimalware on a pc and on a firewall
                                                                                                                                                                          2. 6 - IT Secure Governance
                                                                                                                                                                            1. 1) Sources (4)
                                                                                                                                                                              1. a) Laws and regulations
                                                                                                                                                                                1. b) Standards
                                                                                                                                                                                  1. Government standards
                                                                                                                                                                                    1. Industry Standards
                                                                                                                                                                                    2. d) Common Sense
                                                                                                                                                                                      1. c) Best Practices
                                                                                                                                                                                      2. Influences how the organization conducts IT security
                                                                                                                                                                                        1. 2) Documents (4)
                                                                                                                                                                                          1. b) Organizational Standards
                                                                                                                                                                                            1. Defines the acceptable level of performance for our policy
                                                                                                                                                                                              1. Much more detailed than a policy
                                                                                                                                                                                                1. EX: Policy: use a strong password. OS: 12 chars alphanumerics
                                                                                                                                                                                                2. c) Procedures
                                                                                                                                                                                                  1. a step by step processes
                                                                                                                                                                                                  2. d) Guidelines
                                                                                                                                                                                                    1. Optional
                                                                                                                                                                                                    2. a) Policies (7)
                                                                                                                                                                                                      1. I) Acceptable Use Policy (AUP)
                                                                                                                                                                                                        1. document that identifies exactly what is appropriate and what is not appropriate activity on an organization’s network
                                                                                                                                                                                                          1. RULES OF BEHAVIOUR
                                                                                                                                                                                                            1. document of a new employer have to sign
                                                                                                                                                                                                            2. used as directives. EX: this will do this
                                                                                                                                                                                                              1. VI) Privacy Policy
                                                                                                                                                                                                                1. defines how your data, or data usage will be shared with other resources
                                                                                                                                                                                                                  1. are often for customers. Ex: facebook and the use of our data
                                                                                                                                                                                                                  2. V) Care and Use of the Equipment
                                                                                                                                                                                                                    1. Maintenance of the equipment
                                                                                                                                                                                                                    2. IV) Password Policy
                                                                                                                                                                                                                      1. Password recovery, bad login, password retention, password reuse
                                                                                                                                                                                                                      2. III) Access control Policies
                                                                                                                                                                                                                        1. defines how to get acces to data or resourcers by the job you have
                                                                                                                                                                                                                        2. II) Data Sensitive and Cassification Policies
                                                                                                                                                                                                                          1. Classifications and labels
                                                                                                                                                                                                                          2. VII) Personnel Policy
                                                                                                                                                                                                                            1. People using OUR data
                                                                                                                                                                                                                            2. Document that defines how we're going to be doing something. EX: policy that defines what employers can or can't do on the organization equipments
                                                                                                                                                                                                                              1. Broad in nature
                                                                                                                                                                                                                                1. Define roles and responsabilities
                                                                                                                                                                                                                            3. 7 - Business Impact Analisys (BIA)
                                                                                                                                                                                                                              1. Privacy Threshold Assessment (PTA)
                                                                                                                                                                                                                                1. is a process that a company uses to analyze how personal information is protected within an IT system. This process reviews how the information is collected, manipulated, transferred, or transmitted.
                                                                                                                                                                                                                            4. 2 - CRYPTOGRAPHY (10)
                                                                                                                                                                                                                              1. 1 - Basics ()
                                                                                                                                                                                                                                1. 2) Encryption/Decryption
                                                                                                                                                                                                                                  1. a) Cesar Cipher
                                                                                                                                                                                                                                    1. Substitution
                                                                                                                                                                                                                                      1. Cornestone of Caesar Cypher
                                                                                                                                                                                                                                    2. c) Exclusive OR (XOR)
                                                                                                                                                                                                                                      1. Phrase to binary
                                                                                                                                                                                                                                      2. b) Vigenere Cipher
                                                                                                                                                                                                                                        1. Caesar Cipher + Confusion
                                                                                                                                                                                                                                        2. Data encryption
                                                                                                                                                                                                                                          1. a) Data at Rest
                                                                                                                                                                                                                                            1. data encrypted stored on hard drive
                                                                                                                                                                                                                                            2. c) Data in process
                                                                                                                                                                                                                                              1. data in RAM or CPU
                                                                                                                                                                                                                                              2. b) Data in transit
                                                                                                                                                                                                                                                1. Ex: IP call or a text message
                                                                                                                                                                                                                                            3. 1) Obfuscation
                                                                                                                                                                                                                                              1. Diffusion
                                                                                                                                                                                                                                                1. make less visible, less obvious
                                                                                                                                                                                                                                                2. Confusion
                                                                                                                                                                                                                                                  1. make stirred up (agitado)
                                                                                                                                                                                                                                              2. Study of taking data and make it hidden in some way so that other people can't see it
                                                                                                                                                                                                                                                1. Provides CONFIDENTIALITY and INTEGRITY
                                                                                                                                                                                                                                                  1. 2 - Cryptography Methods
                                                                                                                                                                                                                                                    1. 1) Simetric Encryption
                                                                                                                                                                                                                                                      1. Primary way we encrypt data
                                                                                                                                                                                                                                                        1. Session Key
                                                                                                                                                                                                                                                          1. Key used in a moment of the exchange
                                                                                                                                                                                                                                                            1. Forms of exchange
                                                                                                                                                                                                                                                              1. OUT-BAND - Send the key outside the network
                                                                                                                                                                                                                                                                1. IN-BAND - Send the key with the encrypted data. VERY RISKY
                                                                                                                                                                                                                                                                2. Ephemeral Key - temporary key
                                                                                                                                                                                                                                                                  1. Perfect Forward Secrecy (PFS)
                                                                                                                                                                                                                                                                    1. Method of exchange key in every single session
                                                                                                                                                                                                                                                              2. 2) Asymmetric Encryption
                                                                                                                                                                                                                                                                1. Key pair
                                                                                                                                                                                                                                                                  1. Public Key
                                                                                                                                                                                                                                                                    1. Only ENCRYPT
                                                                                                                                                                                                                                                                    2. Private Key
                                                                                                                                                                                                                                                                      1. Only DECRYPT
                                                                                                                                                                                                                                                                    3. Used to send a secure session key
                                                                                                                                                                                                                                                                    4. Cryptosystems - Highly defined process tha programs do to define key properties, communications requirements for key exchange an actions taken through encryption and decryption
                                                                                                                                                                                                                                                                    5. 4 - Asymmetric Algorithms
                                                                                                                                                                                                                                                                      1. b) Elliptic Curve Cryptography
                                                                                                                                                                                                                                                                        1. VERY SMALL KEYS but with the same robustness as RSA keys
                                                                                                                                                                                                                                                                        2. a) Rivest Shamir Edelman (RSA)
                                                                                                                                                                                                                                                                          1. PRIME NUMBERS
                                                                                                                                                                                                                                                                            1. Larger keys
                                                                                                                                                                                                                                                                            2. c) Diffie-Helman
                                                                                                                                                                                                                                                                              1. Used to EXCHANGE SYMMETRIC KEYS
                                                                                                                                                                                                                                                                                1. DH GROUPS - table used for negotiation the size of the key
                                                                                                                                                                                                                                                                                  1. DH does not encrypt or authenticate
                                                                                                                                                                                                                                                                                    1. EDH - Ephemeral DH - PFS
                                                                                                                                                                                                                                                                                      1. ECDH - Elliptic Curve Diffie-Helman
                                                                                                                                                                                                                                                                                      2. d) Pretty Good Privacy (PGP)
                                                                                                                                                                                                                                                                                        1. originally used for E-MAIL encryption
                                                                                                                                                                                                                                                                                          1. Public Key Private Key Random Key
                                                                                                                                                                                                                                                                                            1. PGP Certificate - Web of Trust
                                                                                                                                                                                                                                                                                              1. Payd Version (Symantec)
                                                                                                                                                                                                                                                                                                1. Encrypt Mass Storages, Cloud Solutions and bitlocker
                                                                                                                                                                                                                                                                                                2. OpenPGP - Free
                                                                                                                                                                                                                                                                                                  1. Encrypt e-mail, S/MIME, PKI support
                                                                                                                                                                                                                                                                                                  2. GNU Privacy Guard (GPG)
                                                                                                                                                                                                                                                                                                    1. Encrypt files and disk
                                                                                                                                                                                                                                                                                                      1. OpenPGP
                                                                                                                                                                                                                                                                                                  3. 5) Hashing
                                                                                                                                                                                                                                                                                                    1. Provides Integrity
                                                                                                                                                                                                                                                                                                      1. Fixed Value of MESSAGE DIGGEST
                                                                                                                                                                                                                                                                                                        1. one way
                                                                                                                                                                                                                                                                                                          1. Hash Types
                                                                                                                                                                                                                                                                                                            1. a) Message Diggest 5 (MD5)
                                                                                                                                                                                                                                                                                                              1. Grandpa of Hashes
                                                                                                                                                                                                                                                                                                                1. 128bit hash
                                                                                                                                                                                                                                                                                                                2. c) Race Integrity Primitives Evaluation Message (RIPEMD)
                                                                                                                                                                                                                                                                                                                  1. Open Standard
                                                                                                                                                                                                                                                                                                                    1. NOT very common
                                                                                                                                                                                                                                                                                                                      1. 128, 160, 256 and 320bit versions
                                                                                                                                                                                                                                                                                                                      2. b) Secure Hash Algorithm (SHA)
                                                                                                                                                                                                                                                                                                                        1. Developed by NIS
                                                                                                                                                                                                                                                                                                                          1. SHA 1
                                                                                                                                                                                                                                                                                                                            1. 160bit hash
                                                                                                                                                                                                                                                                                                                            2. SHA 2
                                                                                                                                                                                                                                                                                                                              1. Separated by the lenght of the bit hash: SHA 256 or SHA 512
                                                                                                                                                                                                                                                                                                                            3. d) Hash Based Message Authentication (HMAC)
                                                                                                                                                                                                                                                                                                                              1. HMAC - MD5 HMAC - SHA1
                                                                                                                                                                                                                                                                                                                                1. Integrity authenticity
                                                                                                                                                                                                                                                                                                                                  1. used in protocols as IPSEC and TLS
                                                                                                                                                                                                                                                                                                                                    1. HASH + SECRET KEY
                                                                                                                                                                                                                                                                                                                                  2. Collision - 2 different hashes with the same value
                                                                                                                                                                                                                                                                                                                                    1. Use of Hashes - PASSWORD CHECK and Encryption
                                                                                                                                                                                                                                                                                                                                    2. 6 - Steganography
                                                                                                                                                                                                                                                                                                                                      1. Process of taking some data and hide in other data
                                                                                                                                                                                                                                                                                                                                        1. the message may or may not be encrypted
                                                                                                                                                                                                                                                                                                                                          1. commonly used with graphic images
                                                                                                                                                                                                                                                                                                                                          2. 7 - Certificates and Trust
                                                                                                                                                                                                                                                                                                                                            1. 2) Types of Trust
                                                                                                                                                                                                                                                                                                                                              1. c) PKI
                                                                                                                                                                                                                                                                                                                                                1. I) Certification Authority (CA)
                                                                                                                                                                                                                                                                                                                                                  1. II) Intermediate CA
                                                                                                                                                                                                                                                                                                                                                  2. b) Web of Trust
                                                                                                                                                                                                                                                                                                                                                    1. a) Unsign Certificate
                                                                                                                                                                                                                                                                                                                                                      1. d) Mutual Authentication
                                                                                                                                                                                                                                                                                                                                                      2. 1) Concepts
                                                                                                                                                                                                                                                                                                                                                        1. a) Digital Signature
                                                                                                                                                                                                                                                                                                                                                          1. Hash of a document using a private key of the sender
                                                                                                                                                                                                                                                                                                                                                            1. Authentication - proves source of the message
                                                                                                                                                                                                                                                                                                                                                              1. Non-Repudiation
                                                                                                                                                                                                                                                                                                                                                                1. the message dosn't need to be encrypted
                                                                                                                                                                                                                                                                                                                                                                2. b) Digital Certificate
                                                                                                                                                                                                                                                                                                                                                                  1. I) Sender Public key
                                                                                                                                                                                                                                                                                                                                                                    1. II) Sender Digital Signature
                                                                                                                                                                                                                                                                                                                                                                      1. III) Third Party Digital Signature
                                                                                                                                                                                                                                                                                                                                                                    2. 3) CRL and OCSP
                                                                                                                                                                                                                                                                                                                                                                      1. a) Certificate Revocation List (CRL)
                                                                                                                                                                                                                                                                                                                                                                        1. b) Online Certificate Status Protocol (OCSP)
                                                                                                                                                                                                                                                                                                                                                                        2. 5) Chain of Trust
                                                                                                                                                                                                                                                                                                                                                                          1. 4) Key escrow (garantia)
                                                                                                                                                                                                                                                                                                                                                                            1. 6) PKCS
                                                                                                                                                                                                                                                                                                                                                                              1. a) PKCS 7
                                                                                                                                                                                                                                                                                                                                                                                1. B) PKCS 12
                                                                                                                                                                                                                                                                                                                                                                              2. 8 - Cryptography Attacks
                                                                                                                                                                                                                                                                                                                                                                                1. Password Attacks
                                                                                                                                                                                                                                                                                                                                                                                  1. a) Brutte Force
                                                                                                                                                                                                                                                                                                                                                                                          1. b) Dictionary Attack
                                                                                                                                                                                                                                                                                                                                                                                            1. c) Rainbow Table
                                                                                                                                                                                                                                                                                                                                                                                              1. Salt
                                                                                                                                                                                                                                                                                                                                                                                                1. Algorithm + key
                                                                                                                                                                                                                                                                                                                                                                                                  1. Algorithm - math operation who convert data from plaintext to cyphertext (vice versa)
                                                                                                                                                                                                                                                                                                                                                                                                  2. Cryptoanalysis - break encrypted codes
                                                                                                                                                                                                                                                                                                                                                                                                    1. 3 - Symmetric Cryptosystems
                                                                                                                                                                                                                                                                                                                                                                                                      1. Block Cipher
                                                                                                                                                                                                                                                                                                                                                                                                        1. Blocks with fixed size (generaly 64bits)
                                                                                                                                                                                                                                                                                                                                                                                                        2. 1) Algorithms with block cypher
                                                                                                                                                                                                                                                                                                                                                                                                          1. b) Triple Data Encryption Standard (3DES)
                                                                                                                                                                                                                                                                                                                                                                                                            1. 64bit block size
                                                                                                                                                                                                                                                                                                                                                                                                              1. 16 rounds
                                                                                                                                                                                                                                                                                                                                                                                                                1. 128BIT KEY
                                                                                                                                                                                                                                                                                                                                                                                                                2. a) Data Encryption Standard (DES)
                                                                                                                                                                                                                                                                                                                                                                                                                  1. 64bit block size
                                                                                                                                                                                                                                                                                                                                                                                                                    1. 56BIT KEY = 64bit - 8bit dropped
                                                                                                                                                                                                                                                                                                                                                                                                                      1. Feistel Function
                                                                                                                                                                                                                                                                                                                                                                                                                        1. 16 rounds
                                                                                                                                                                                                                                                                                                                                                                                                                        2. d) Advanced Encryption Standard (AES) (Rijndael)
                                                                                                                                                                                                                                                                                                                                                                                                                          1. 128 block size
                                                                                                                                                                                                                                                                                                                                                                                                                            1. 128, 192 or 256 key size
                                                                                                                                                                                                                                                                                                                                                                                                                              1. Winner of the american government contest
                                                                                                                                                                                                                                                                                                                                                                                                                              2. c) Blowfish
                                                                                                                                                                                                                                                                                                                                                                                                                                1. 64bit size
                                                                                                                                                                                                                                                                                                                                                                                                                                  1. 16 rounds
                                                                                                                                                                                                                                                                                                                                                                                                                                    1. 32 to 448 key size
                                                                                                                                                                                                                                                                                                                                                                                                                                    2. e) Twofish
                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Finalista com o AES
                                                                                                                                                                                                                                                                                                                                                                                                                                    3. Streaming Ciphers
                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Randomization
                                                                                                                                                                                                                                                                                                                                                                                                                                        1. One bit at a time
                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Uses XOR to randomize
                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 2) Algorithm with stream cypher
                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Rivest Cipher 4 (RC4)
                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 40 - 2048 key size
                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 3) Symmetric Block Modes
                                                                                                                                                                                                                                                                                                                                                                                                                                            1. a) Eletronic CodeBook (ECB)
                                                                                                                                                                                                                                                                                                                                                                                                                                              1. uses Same key - generates same results
                                                                                                                                                                                                                                                                                                                                                                                                                                                1. not used anymore
                                                                                                                                                                                                                                                                                                                                                                                                                                                2. c) Cipher Feedback (CFB)
                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. I) Encrypt the I.V
                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. II) XOR the encrypted I.V with the plaintext
                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. III) The cyphertext replaces I.V in subsequent rounds
                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. b) Cipher Block Chaining (CBC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. I) XOR I.V and Plaintext
                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. II) Encrypt the result generating the CYPHERTEXT
                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. III) The cyphertext replaces I.V in subsequent rounds
                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. d) Output Feedback
                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Same as CFB
                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. The only difference is that the I.V never changes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. e) Counter (CTR)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. I) N+C is Encrypted
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. NONCE + COUNTER (0, 1, 2, ..., N, N+1...)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. II) The result is XORed with the plaintext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. III) CYPHERTEXT 0 CYPHERTEXT 1 CYPHERTEXT N CYPHERTEXT N+1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. NONCE - is an arbitrary number that can be used just once in a cryptographic communication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. 4 - Tools of the Trade
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. 1) OS Utilities
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. a) Ping
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. No need to use the command -t in a linux system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. used to verify that a device can communicate with another on a network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. uses ICMP protocol
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. DNS Tool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. b) Netstat (network statistics)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. netstat - n
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. shows with who you communicate
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. is a command who shows with whom you talking and who you listen
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. show ports who you are comunicating
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. netstat - a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. shows all active conections (open ports to see which are listening)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. c) tracert (Trace Route)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. is a function which traces the entire path (of routers) from one network to another.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. d) Arp (Adress Resolution Protocol)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Resolves IP adress to MAC adress (associate a local IP address with the MAC address)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. e) ipconfig
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. providest the IP Adress and the ethernet details
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. the -all shows the MAC Adress
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Ifconfig does the same on linux
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. g) netcat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Open ports and put on listening mode. Used for aggressive actions. Used for PEN TEST and VULNERABILITY ASSESSMENT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Become a BACKDOOR
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. f) nslookup
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. queries (consultas) to a DNS server, and quick change to another server. Shows our server and the adress
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. DIG does the same on linux
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 2) Network Scanners
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. a) Nmap (network mapper)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. allows you to gather information from ALL of the different devices across the network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Performs Port, OS and Service scan
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. used to determine what services might be running on a remote device
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3. 3) Protocol Analizers
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. a) Wreshark
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. I) Sniffer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Tools that are actually grabbing all the data that's going in and out of a particular
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. II) Broadcast Storm
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. A state in which a message that has been broadcast across a network results in even more responses, and each response results in still more responses in a snowball effect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. Protocol analyzers are tools that have for two functions: 1 - Sniff and 2 - Analyze the network traffic coming in and out of a specific host computer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. b) TCP DUMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Runs only on LINUX
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Sniff better than Wireshark
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 4) SNMP (Simple Network Management Protocol)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 1 - Actors
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. SNMP Manager
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Ports: UDP 162 and TLS 10162
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Network Management Station (NMS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Interface who did the queries to all managed devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Agent
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. It's a MANAGED DEVICE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Ports: UDP 161 and TLS 10161
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Management Information Base (MIB)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Built in every managed device
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. it's the way to talk properly to differents agents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 4 - CACTI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 3 - Versions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. V1 - without encryption
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. V2 - Basic Encryption
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. v3 - TLS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. this 3 versions talks to itself
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 2 - Commands
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Walk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. It's a batch of GETS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. GET
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. NMS send some query to a managed device
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Trap
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. TRAPS are initiated by the Agents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. It is a signal to the SNMP Manager by the Agent on the occurrence of an event
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 5 - Comunity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Group of Managed Devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        3. 5) Logs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 1 - Groups
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. a) Non-Network Logs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. I) OS Events
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Host starting Host shutdown OS updates Reboot
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Events that take place on a host even if that host is unplugged from a network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. II) Application Events
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. App Instalation App Starting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. III) Security Events
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Logons success and falures
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. They probably have a DATE, TIME, Account and Event number
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. b) Network Logs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Is something that takes place on a host that has to deal with the communication between that host and something on the network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. I) OS level
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Remote Logons (succes or fail)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. II) App level
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Activity on Web Server
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Activity on Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3. 2 - Forms
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 2 - Decentralized Logging
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Logs in every computer of a network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 1 - Centralized Logging
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. uses a central repository
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. SNMP Systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. 3 - Monitoring as a Service (MaaS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Service offered by third parties to monitor all logs of an organization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. 5 - Securing Individual Systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. 1) Denial of Service (DoS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. a) Volumetric Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. I) Ping Flood
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. II) UDP Flood
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Easy to stop today
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. b) Protocol Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. I) SYN Flood/TCP SYN Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Do naught things to the protocol to create confusion
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. The most common type of DoS Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Still a huge problem today
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. c) Application Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. I) Slow Loris attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Loris é um animal devagar
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. II) Amplification Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Smurf Attack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. The attacker broadcasts ICMP packets attached with the false IP address (spoofing) of the victim. The others computers respond this request and flood the server.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. DDoS - uses BotNet, and are the nightmare of attacks
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4. 2) Host Threats
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. a) SPAM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Can't cause danger
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Often came from a legitm source
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. b) Phishing/ Spear Phishing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. For the exam, came only from EMAIL
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Phishing - broadcast E-MAIL that trying to take some personal information of the victm/victms.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Spear Phishing - individual target, craft a fake email tailored for that person
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. c) SpIM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. receive spam via INSTANT MESSAGING
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. d) Vishing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. V from VOICE - Phone
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. e) ClickJacking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Click in something and goes to another site
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. f) Typpo Squading
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. use of similar web sites like gogle.com, waiting for someone type a wrong address and goes to a similar but naughty site
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. g) Domain Hijacking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. when somebody hijack your domain and ask for money to give it back
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. h) Privilege Scalation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Get higher privilege to do naughty things on the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3. 3) Man-in-the-Middle
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. a) Wired MitM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Intercepts the communication and passes it to another destination
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. ARP Poisoning
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Ettercap - ferramenta de segurança de rede gratuita e de código aberto para ataques man-in-the-middle na LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. b) Replay Atttack
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. c) Seesion Hijacking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 7 - Secure Protocols
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 8 - Testing Your Infrastructure
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 9 - Dealing with Incidents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 3 - Identity and Access Management ()
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1) Identification, Authorization, Authentication (3)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. 1 - Identification
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. FIRST STEP in the process and involves the user show his/her credential to the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. EX: type a username in a logio screen
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. 2 - Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Authentication factors
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. b) Something you have
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Token
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Smart Card
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. RSA Key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. a) Something you know
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Password
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Pin Code
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Captcha
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Security Questions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. c) Something you are/about you (physically)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Biometric
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Iris Scanner
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Facial Recognition
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. e) Something you do
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. The rhythym of a person typing a password
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. d) Somewhere you are
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. uses geography
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Multifactor Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Password + Biometric
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. Federation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4. 3 - Authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. What rights do I have to the system, ONCE AUTHENTICATED
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Concepts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Administrator has to assign (atribuir) permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. EX: permission to write an archive
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. We apply to resources
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3. Rights/Privileges
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. assign to a systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. EX: right to be able to change password, or right to log remotely
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Strategies
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Least privilege
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Separation of duties
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4. 2) Access Control List
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Authorization Models (5)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1) Mandatory Access Control (MAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. the OPERATING SYSTEM provides limits of access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Every object gets a label
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Rules of access defined by the admin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Users CAN'T change this settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Strong Method
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. 2) Discretionary Access Control (MAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. a) used in most operating systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. b) the creator of the archive is the OWNER and can modify access at any time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. c) The owner define the permissions for the other users
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. d) Flexible and weak
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Access properties are stored in ACL's
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. 3) ROLE Based Access Control (RBAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Windows uses GROUPS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. broader form of control that’s based on your particular role in the organization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Ex: Manager, Director, Operator
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. the administrator determines what type of access a user has
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. 4) RULE Based Access Control
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Access is based in a set of rules defined by a system administrator
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Access properties are stored in ACL's
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 5) Attribute Based Access Control (ABAC)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Complex relationships - access based on many different criteria
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Combine parameters like IP, time of the day, desired action
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. Implicity Deny - prevents access unless specifically permited
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 3) Password Security ()
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Security Policy (3)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1) Complexity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Length and characters requirements
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 2) Age or Expiration
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Reset and time triggers
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Minimum password age
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. force users to use a password for a minimum amount of time before they are allowed to change it. EX: 2 days
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Maximum password age
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. used to EXPIRE a password after a certain time period.: EX: 180 days
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. 3) Password History
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Reusage and Retention
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. simply records a previous number of passwords, so that they cannot be reused in the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 4) Group policy objects
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Active Directory is an example
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Applied to Domains, Groups, Individual sites, Organization Units
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 4) Linux File Permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. rwxrwxrwx
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 3 primeiros OWNER/CREATOR
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 3 do meio GROUP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. 3 finais EVERYBODY ELSE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. r - read
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. w - write
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. edit, add or delete a file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. x - execute
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. run a file and CD to a different directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. go to another directory only if you have the X permission
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. Open a file and view contents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. CHMODE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. command that allow to change permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. r=4; w=2; x=1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. EX: r-x = 5; -w- = 2; rwx= 7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Need a SUDO command before
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3. CHOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. command that allow to change the OWNER of a particular file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Need a SUDO command before
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. PASSWD
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. command that allow to change the user password
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3. 5) Windows File Permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Accepts set individual permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Create users and put them into groups with NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. INHERITANCE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. 1a) Commands to a folder
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 4) List folder contents
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Just see the contents of folder, subfolders and archives, but NOT have the access to read them
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. 1) Modify
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. R, W and delete subfolders and files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. 2) Read/Excecute
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. See contents and run programs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. 3) Write
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. write to files and creates new files and folders
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 5) read
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. view contents and open data files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. 1b) Commands to a file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 1) Modify
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. R,W and delete the file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 2) Read/Excecute
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Open and run the file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. 3) Write
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Open and write to the file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. 4) read
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Open the files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. DENY CHECKBOX IS STRONGER THAN ALLOW. DENY turn off inheritance
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. 2) copy and move permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Copy to different drives Copy to the same drive and Move to different drives
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Do the copy and not keep the NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Move to the same drive
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. The only situation that copy and keeps the NTFS permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4. 6) User Account Management
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. 1) Continuous Access Monitoring
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Track LOG IN/LOG OFF activity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Track file access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. 2) Shared Accounts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Don't do Shared Accounts!
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. 4) Default Accounts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. 3) Multiple Accounts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Use different names and passwords
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. 7) AAA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Identification
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Usualy your USERNAME (who you claim to be)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Need to be Centralized
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. proves you are who you say you are
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. your PASSWORD and others authentication factors
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. what access do you have? (after ID and Authentication)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Audition
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Resources used: Login time, data sent and received, Logout time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. usernames/passwords
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Uses Multi-factor authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Types of system who took care of AAA:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. b) Terminal Access Controler Assess-Control System Plus (TACACS+)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Really good in manager a bunch of devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Decouples authorization from authentication taking care of both more carefully
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Takes care of authorization aspect really well
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. TCP port 49
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Good in auditing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Encrypts all the information betwenn user and client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. c) DIAMETER
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. EAP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. a) Remote Authorization Dial-In User Service (RADIUS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. As it says, support DIAL-IN network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. I) RADIUS SERVER
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. The system that checks the authentication is the RADIUS server
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. II) RADIUS CLIENT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. is the GATEWAY in the middle of whos trying to get authenticated and of who authenticates
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. III) RADIUS SUPLICANT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. the person/system who's triyng to get authenticated
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Protocol who offers centralized management of AAA for users who connect and use the service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Used for network access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Can use up to 4 different ports: 1812 1813 (TCP/UDP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Mix the authorization and authentication services
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Not so good (sometimes do not do) authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. Good in authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2. Good in Auditing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Encrypt only the password between user and client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. 8) Authentication Methods
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. a) Password Authentication Protocol (PAP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Just pass to the server username and password IN THE CLEAR
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Is not used anymore
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. b) Challenge-Handshake Authentication Protocol (CHAP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. First to give some form of protection to the authentication process
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. MS-CHAP is the Microsoft version of the protocol
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. To encrypt all the traffic btween cient and server, MS-CHAP uses Microsoft Point-to-Point Encryption (MPPE)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2. Steps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. I) After link is established, the Server sends a challenge message to the client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. II) The Client responds with a password hash
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. III) Server compare send and stored hashes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. IV) after this process, the server continues sending challenges periodically. Users never know it happens
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. MS-CHAPV2 uses new feature of authenticate user and client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. c) NT LAN MANAGER (NTLM)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. Same as CHAP but this time, Client and Server exchange Challenger Messages
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Double check (server and client sides)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. d) Kerberos
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Domain Controlers is known as Key Distribution Center (KDC) who has 2 main functions:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. a) Authentication Service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. listen on TCP/UDP 88 PORTS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Distributes a TICKET GRANTING TICKET (TGT) who shows that the client is authenticated (but NOT authorized) to the system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. b) Ticket Granting Service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. listen on TCP/UDP 88 PORTS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Gets the TGT and generates a SESSION KEY to the client with only the authorization that he needs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. A new session key is generated every time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Authenticate once, trusted by the system (Multi-Authentication)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. No need to reauthenticate
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Protected aganist Man in the middle or replay attacks
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. e) Securty Assertion Markup Language (SAML)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. used for web applications
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. XML
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. f) Lightweight Directory Access Protocol (LDAP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. Uses TCP/UDP port 389
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. SSL port 636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. g) Time-based One-Time Password (TOTP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Generates temporary password and change in a period of time
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3. 9) Single Sign-On (SSO)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Secure Assertion Mark-up Language (SAML)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. 1 - Concepts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. a) Identity Provider (IP)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. is a system entity that issues authentication assertions in conjunction with a single sign-on
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2. b) Service Provider
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. All the different web apps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. EX: Cameras, Printers,
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. For web apps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Allow to login into a whole bunch of devices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 2 - Steps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. I) The client sign on into the Identity Provider who gives an authentication TOKEN to the client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. III) And then all the service providers are available to the Client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. II) The Identity Provider connects with the Service(s) Provider(s) via VPN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. Federated Systems
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1. LAN uses Active Directory as Single Sign-On tool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Remember the security you going to need:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1. if you talking about LAN, you have to use ACTIVE DIRECTORY
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. If you talk about widespread all over the place, you have to use SAML
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. (Secure European System for Applications in a Multivendor Environment) SESAME
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. is a European-developed authentication protocol that can provide for single sign-on capability
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Uses LDAP and Kerberos
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. 6 - LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. 6.1 - The Basic LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1. 6.2 -Beyond the Basic LAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Show full summary Hide full summary

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Similar

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        01 Types of Computers
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        mc_2871
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Simulado Cert IPMA-D
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Jorge Kolotelo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Security + SY0 501
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Dainius Nesvarbu
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Atividades - 01
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Explore EV3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Rebbecca Stanley
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        RoboCup Challenge: Assessment
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Rebbecca Stanley
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Atividade Seg02
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Security+ Acronyms
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Lyndsay Badding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Golf Putter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Ysabelle Glori
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Avaliação SEG01
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Avaliação Seg02
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Diego Melo