• Network layers and protocols

https://int0x33.medium.com/day-51-understanding-the-osi-model-f22d5f3df756

• Network administration and management

Network administration aims to manage, monitor, maintain, secure, and service an organization's
network. However, the specific tasks and procedures may vary depending on the size and type of
an organization.

Understand security concepts+ Document security control (week 1to week 4)

https://www.coursera.org/learn/security-operations-administration-sscp/home/week/1

Risk Management process & week 2 & Week 3 (compliance) & week 5 (hash & bussnins contiunuing)
https://www.coursera.org/learn/incident-response-recovery-risks-sscp/home/week/1

hash: is a function used to protect the values using has function which print hash value/digest , it’s
different from the encryption buscese there is no encryption key could convert the message to it’s original.
Collison means to users have the same the pass will have the same hash values. To reduce that we can use
salting tech , which a random key to the end of user input before it’s passed to the hash function. Also ,
peppering used to add same random value at the end of the plain text
6 Common network authentication methods
Here are the most common network authentication methods that your company can integrate to prevent future
breaches:

1. Password-based authentication

Passwords are the most common network authentication method. And for obvious reasons, they are the easiest to
implement. Passwords can be any combination of letters, numbers, and special characters, and work best when they
are complex and tricky to guess. However, passwords are also very easy targets for cybercriminals and are often
compromised as a result of phishing attacks and bad password hygiene.

2. Two-factor authentication

Two-factor authentication (2FA) provides an additional layer of security on top of password protection. It requires
an additional login credential, on top of a username and password. For example, when logging into a banking
portal, users may have to provide a password and follow by entering a 6-digit code that’s been sent to their
phone. This makes it more difficult for hackers to successfully access the account.

3. Multi-factor authentication

Multi-Factor Authentication (MFA) is a network authentication method that is similar to a 2FA but requires
two or more ways to identify a user. This can be anything from text messages that send security codes to your
mobile device, facial recognition, fingerprints, or even voice biometrics. MFA authentication significantly improves
security and user confidence by adding additional layers of security.

4. CAPTCHAs

The term is an acronym for “completely automated public Turing test to tell computers and humans apart”, and is
used to identify if a user is a human or a malicious bot. CAPTCHAs are designed to prevent sophisticated
automated programs from breaking into secure systems by displaying a distorted image of numbers and letters and
asking users to type out the message they see. Computers have a hard time understanding these distortions, and
without the ability to successfully decipher images will be unable to access the network.

5. Biometrics authentication

Biometrics is a computer authentication method that relies on the individual biological characteristics of a single
person. It is often used by consumers, governments, and private corporations (airports, national borders, etc.) for
security and identification purposes. Since no two users have the same physical features (unless you
are identicaltwins, perhaps), biometric authentication is extremely secure and is becoming increasingly popular as it
archives a high level of security without infringing on the user. Here are the most common biometric authentication
methods:
FACIAL RECOGNITION

If you have one of the latest iPhones, then you are familiar with this biometric feature. Facial recognition matches
different facial features of a user attempting to gain access to an approved facial record stored within the database.
For example, if your friend is not within the facial recognition database of your iPhone, they will not be able to
unlock your phone. While facial recognition is a progressive authentication method, it can be inconsistent when
comparing faces at different angles or comparing the faces of close relatives, which may confuse the authentication
algorithm.

FINGERPRINT SCANNERS

Fingerprint scanners match the specific patterns of an individual’s fingerprint to approve and grant user access.
Fingerprint scanners are the oldest and most popular type of biometric authentication.

SPEAKER RECOGNITION

Speaker recognition, or voice biometrics, examines the speech patterns of a speaker to determine the formation of
shapes and sound qualities. A device protected by voice recognition relies on standardized words to identify a user.

6. Certificate-based authentication

Certificate-based authentication identifies users, devices, or machines by using digital certificates — based on
the ideas of a passport or a driver’s license. Each certificate contains the digital identity of a user with a public
key and digital signature. When a user is being authenticated, this digital certificate is deployed the same way as a
username and password.

A network attack is an attempt to gain unauthorized access to an organization’s network, with the objective of
stealing data or perform other malicious activity. There are two main types of network attacks:

• Passive: Attackers gain access to a network and can monitor or steal sensitive information, but without
making any change to the data, leaving it intact.
• Active: Attackers not only gain unauthorized access but also modify data, either deleting, encrypting or
otherwise harming it.

We distinguish network attacks from several other types of attacks:

• Endpoint attacks—gaining unauthorized access to user devices, servers or other endpoints, typically
compromising them by infecting them with malware.
• Malware attacks—infecting IT resources with malware, allowing attackers to compromise systems, steal
data and do damage. These also include ransomware attacks.
 • Vulnerabilities, exploits and attacks—exploiting vulnerabilities in software used in the organization, to
gain unauthorized access, compromise or sabotage systems.
• Advanced persistent threats—these are complex multilayered threats, which include network attacks but
also other attack types.

In a network attack, attackers are focused on penetrating the corporate network perimeter and gaining access to
internal systems. Very often, once inside attackers will combine other types of attacks, for example compromising
an endpoint, spreading malware or exploiting a vulnerability in a system within the network.

What are the Common Types of Network Attacks?

Following are common threat vectors attackers can use to penetrate your network.

1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving permission. Among the causes of
unauthorized access attacks are weak passwords, lacking protection against social engineering, previously
compromised accounts, and insider threats.

2. Distributed Denial of Service (DDoS) attacks

Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic at your network or
servers. DDoS can occur at the network level, for example by sending huge volumes of SYN/ACC packets which
can overwhelm a server, or at the application level, for example by performing complex SQL queries that bring a
database to its knees.

3. Man in the middle attacks

A man in the middle attack involves attackers intercepting traffic, either between your network and external sites or
within your network. If communication protocols are not secured or attackers find a way to circumvent that security,
they can steal data that is being transmitted, obtain user credentials and hijack their sessions.

4. Code and SQL injection attacks

Many websites accept user inputs and fail to validate and sanitize those inputs. Attackers can then fill out a form or
make an API call, passing malicious code instead of the expected data values. The code is executed on the server
and allows attackers to compromise it.

5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand their reach. Horizontal privilege
escalation involves attackers gaining access to additional, adjacent systems, and vertical escalation means attackers
gain a higher level of privileges for the same systems.

6. Insider threats
A network is especially vulnerable to malicious insiders, who already have privileged access to organizational
systems. Insider threats can be difficult to detect and protect against, because insiders do not need to penetrate the
network in order to do harm. New technologies like User and Even Behavioral Analytics (UEBA) can help identify
suspicious or anomalous behavior by internal users, which can help identify insider attacks.

LAN stands for local area network. It is a group of network devices that allow communication between various
connected devices. Private ownership has control over the local area network rather than the public. LAN has a short
propagation delay than MAN as well as WAN. It covers smaller areas such as colleges, schools, hospitals, and so
on.
MAN stands for metropolitan area network. It covers a larger area than LAN such as small towns, cities, etc. MAN
connects two or more computers that reside within the same or completely different cities. MAN is expensive and
should or might not be owned by one organization.
WAN stands for wide area network. It covers a large area than LAN as well as a MAN such as country/continent
etc. WAN is expensive and should or might not be owned by one organization. PSTN or satellite medium is used for
wide area networks.

VLAN

ISA Roles and Responsibilities:

1- Organize and coordinating data protection program:
2- information assets management
3- Risk assessment and risk treatment
4- data protection awareness
5- reporting information security observations
6- data backup and retention
7- physical security
8- Business Continuity planning
9- external party security
10- software management
11- data protection reviews
12- compliance management
13- corrective and preventative actions
14- data protection performance reporting
15- IT assets management
16- data protection implementation

Corrective actions take steps to fix the cause of a problem after the problem has occurred,
whereas preventive actions notice the problem before it occurs and takes steps to fix the cause of
the problem before it happens
 Firewall software is a network security device that monitors and filters incoming and outgoing network
traffic based on an organization's previously established security policies

Types of Firewalls

• Packet filtering

A small amount of data is analyzed and distributed according to the filter’s standards.

• Proxy service

Network security system that protects while filtering messages at the application layer.

• Stateful inspection

Dynamic packet filtering that monitors active connections to determine which network packets to allow
through the Firewall.
 • Next Generation Firewall (NGFW)

Deep packet inspection Firewall with application-level inspection.

Phishing means:

A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent
solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or
reputable person.

How to prevent Phishing attack:

• The message is sent from a public email domain

• The domain name is misspelt

• The email is poorly written

• It includes suspicious attachments or links which include Infected attachments

• The message creates a sense of urgency

Types of Computer Virus

Discussed below are the different types of computer viruses:

• Boot Sector Virus – It is a type of virus that infects the boot sector of floppy disks or the Master Boot
Record (MBR) of hard disks. The Boot sector comprises all the files which are required to start the
Operating system of the computer. The virus either overwrites the existing program or copies itself to
another part of the disk.
• Direct Action Virus – When a virus attaches itself directly to a .exe or .com file and enters the device
while its execution is called a Direct Action Virus. If it gets installed in the memory, it keeps itself hidden.
It is also known as Non-Resident Virus.
• Resident Virus – A virus which saves itself in the memory of the computer and then infects other files and
programs when its originating program is no longer working. This virus can easily infect other files because
it is hidden in the memory and is hard to be removed from the system.
• Multipartite Virus – A virus which can attack both, the boot sector and the executable files of an already
infected computer is called a multipartite virus. If a multipartite virus attacks your system, you are at risk of
cyber threat.
• Overwrite Virus – One of the most harmful viruses, the overwrite virus can completely remove the
existing program and replace it with the malicious code by overwriting it. Gradually it can completely
replace the host’s programming code with the harmful code.
 • Polymorphic Virus – Spread through spam and infected websites, the polymorphic virus are file infectors
which are complex and are tough to detect. They create a modified or morphed version of the existing
program and infect the system and retain the original code.
• File Infector Virus – As the name suggests, it first infects a single file and then later spreads itself to other
executable files and programs. The main source of this virus are games and word processors.
• Spacefiller Virus – It is a rare type of virus which fills in the empty spaces of a file with viruses. It is
known as cavity virus. It will neither affect the size of the file nor can be detected easily.
• Macro Virus – A virus written in the same macro language as used in the software program and infects the
computer if a word processor file is opened. Mainly the source of such viruses is via emails.

Type for harmful software

1. Trojans

A Trojan (or Trojan Horse) disguises itself as legitimate software with the purpose of tricking you into executing
malicious software on your computer.

2. Spyware

Spyware invades your computer and attempts to steal your personal information such as credit card or banking
information, web browsing data, and passwords to various accounts.

3. Adware

Adware is unwanted software that displays advertisements on your screen. Adware collects personal information from
you to serve you with more personalized ads.

4. Rootkits

Rootkits enable unauthorized users to gain access to your computer without being detected.

5. Ransomware

Ransomware is designed to encrypt your files and block access to them until a ransom is paid.

6. Worms

A worm replicates itself by infecting other computers that are on the same network. They’re designed to consume
bandwidth and interrupt networks.
7. Keyloggers

Keyloggers keep track of your keystrokes on your keyboard and record them on a log. This information is used to gain
unauthorized access to your accounts.

Types of encryption

Symmetric encryption

When using symmetrical encryption methods, a single secret key is used to encrypt plaintext and decrypt ciphertext.
Both the sender and receiver have private access to the key, which can only be used by authorized recipients.
Symmetric encryption is also known as private key cryptography.
Some common symmetric encryption algorithms include:

• Advanced Encryption Standard (AES)

• Data Encryption Standard (DES)
• Triple DES (TDES)
• Twofish

And we’ll look at each of these shortly.

Asymmetric encryption

This method of encryption is known as public key cryptography. In asymmetric encryption, two keys are used: a
public key and a private key. Separate keys are used for both the encryption and decryption processes:

• The public key, as the name suggests, is either publicly available or shared with authorized recipients.
• The corresponding private key is required to access data encrypted by the public key. The same public key
will not work to decrypt the data in this technique.

Asymmetric encryption offers another level of security to the data which makes online transfers safer. Common
asymmetric encryption methods include Rivest Shamir Adleman (RSA) and Elliptic Curve Cryptography (ECC)

Comparing symmetric vs asymmetric encryption

Aside from the fact both techniques use different key combinations, there are other differences between symmetric
and asymmetric encryption.

• Asymmetric encryption is a newer method that eliminates the need to share a private key with the
receiver. Importantly, however, this approach takes longer in practice than symmetric encryption.
 • Symmetric encryption techniques are best suited to larger data sets but use smaller ciphertexts in
comparison to the original plaintext file. (The opposite is true of asymmetric encryption.)

Risk Register and assessment :