Cybersecurity Essentials

Cheatsheet Content

1. Foundational Concepts Confidentiality: Protecting information from unauthorized access. Integrity: Ensuring information is accurate and unmodified. Availability: Ensuring authorized users can access information when needed. Authentication: Verifying the identity of a user or system. Authorization: Granting or denying access to resources based on identity. Non-repudiation: Proving that a sender sent a message and a recipient received it. 2. Common Attack Types 2.1. Social Engineering Phishing: Fraudulent attempts to obtain sensitive info (e.g., usernames, passwords) by disguising as a trustworthy entity. Spear Phishing: Targeted phishing attacks. Whaling: Phishing attacks targeting high-profile individuals (e.g., executives). Pretexting: Creating a fabricated scenario to trick victims into divulging info. Baiting: Offering something enticing (e.g., free download) to trick victims. Tailgating: Gaining unauthorized access by following an authorized person. 2.2. Malware Virus: Malicious code that attaches to legitimate programs and self-replicates. Worm: Standalone malicious program that self-replicates and spreads across networks. Trojan Horse: Malicious program disguised as legitimate software. Ransomware: Encrypts data and demands payment for decryption key. Spyware: Collects information about users without their knowledge. Adware: Displays unwanted advertisements. Rootkit: Hides its presence and other malicious software on a system. Botnet: Network of compromised computers controlled by an attacker. 2.3. Network Attacks DoS/DDoS: Overwhelming a system with traffic to disrupt service. Man-in-the-Middle (MitM): Intercepting communication between two parties. SQL Injection: Inserting malicious SQL queries into input fields. Cross-Site Scripting (XSS): Injecting malicious scripts into trusted websites. Buffer Overflow: Writing more data to a buffer than it can hold, overwriting adjacent memory. Zero-Day Exploit: Exploiting a vulnerability before a patch is available. Port Scanning: Identifying open ports and services on a network. 3. Cryptography Basics Encryption: Transforming data into an unreadable format. Decryption: Reversing encryption to restore original data. Plaintext: Original, readable data. Ciphertext: Encrypted, unreadable data. Key: Secret information used in encryption/decryption. 3.1. Symmetric Encryption Uses the same key for encryption and decryption. Algorithms: AES, DES, 3DES. Pros: Faster, efficient for large data. Cons: Key distribution is a challenge. 3.2. Asymmetric (Public Key) Encryption Uses a pair of keys: a public key (shared) and a private key (kept secret). Algorithms: RSA, ECC. Pros: Secure key distribution, digital signatures. Cons: Slower than symmetric encryption. 3.3. Hashing One-way function that converts data into a fixed-size string (hash/digest). Used for integrity checking, password storage. Properties: Irreversible, unique output for unique input, collision resistant. Algorithms: MD5 (deprecated), SHA-1 (deprecated), SHA-256, SHA-512. 3.4. Digital Signatures Uses asymmetric encryption to verify authenticity and integrity of a message. Sender encrypts hash with their private key. Recipient decrypts with sender's public key. 4. Network Security Devices Firewall: Monitors and controls incoming/outgoing network traffic based on predefined rules. Can be hardware or software. Intrusion Detection System (IDS): Monitors network/system activities for malicious activity or policy violations, alerts administrators. Intrusion Prevention System (IPS): Similar to IDS but can also block detected threats. Proxy Server: Acts as an intermediary for requests from clients seeking resources from other servers. Improves security and performance. VPN (Virtual Private Network): Creates a secure, encrypted connection over a less secure network (e.g., internet). SIEM (Security Information and Event Management): Centralized logging and analysis of security alerts. 5. Access Control Models Discretionary Access Control (DAC): Owner of the resource grants/revokes access. (e.g., file permissions in typical OS). Mandatory Access Control (MAC): Access decided by system-wide security policies. (e.g., military, highly secure systems). Role-Based Access Control (RBAC): Access based on user's role within an organization. Most common in enterprises. Attribute-Based Access Control (ABAC): Access based on attributes of user, resource, and environment. 6. Security Best Practices Strong Passwords: Long, complex, unique for each account. Multi-Factor Authentication (MFA): Requires two or more verification factors. Regular Updates/Patching: Apply security patches promptly. Backup Data: Regularly backup critical data offline. Principle of Least Privilege: Users/systems only have access to resources absolutely necessary for their function. Security Awareness Training: Educate users on threats and safe practices. Incident Response Plan: A predefined plan for handling security incidents. Physical Security: Protect physical assets (servers, devices) from unauthorized access. Secure Coding Practices: Develop software with security in mind (e.g., input validation). 7. Regulatory Compliance GDPR (General Data Protection Regulation): EU law on data protection and privacy. HIPAA (Health Insurance Portability and Accountability Act): US law protecting patient health information. PCI DSS (Payment Card Industry Data Security Standard): Standard for organizations handling credit card information. SOX (Sarbanes-Oxley Act): US law regarding corporate financial reporting.