SEC+ preparation #3

Jonas SatkauskasJonas Satkauskas
3 min read

Table of contents

Intro

Let’s jump into next day of preparing for SEC+.

Before beginning I just want to give credit to Master OTW at Hackers-Arise. I really enjoy how he describes data. Real professional.

You can purchase Security+ SY0-701 boot camp here

Data Loss Prevention (DLP)

  • Agent based DLP uses software agents.

    • Agent scans the system and looks if there’s sensitive information. If yes, it gives a message and encrypts it. If the data is stolen, it is safe because it is encrypted.

  • Agentless DLP (network based)

    • Dedicated devices that sit in the network. Kind of like IDS (Intrusion detection system). But dedicated devices are used only for scanning the files.

Data minimization

Reducing risk by reducing the sensitive information

Simplest way is to destroy data that is not needed anymore

  • Hashing

  • Tokenization - information has a token, token is unique and that token is linked to for example DB (data-base) where all information is stored. For example if the system gets hacked, attacker gets only the token.

  • Masking - it’s kind of taking data and putting random info in it. For example as bank cards - XXXXXXXXXXXX1234 (only last numbers are visible, so it is masking)

Access Restrictions

  • Geographic restrictions - we can allow reaching the data only from a certain region

  • Permission restrictions

Segmentation and Isolation

Segment our networks and give access to only those people that really need it.

We can Isolate networks. For example by using switches we can create VLAN in organization.

Cybersecurity Threats

Over 80% of successful attacks includes a step of social engineering.

Classifying Cybersecurity Threats

  • Internal vs External

    • Sometimes internal is even more important, because workers have access and they can do stuff.

  • Level of sophistication/Capability

  • Resource/Funding

    • All things are hackable given enough resource, time and skill.

  • Intent/Motivation

Threat actors

APT - advanced persistent threat

  • Unskilled attackers - “script kitties”. People who run scripts and if a script fails, they quit because they don’t know how to adapt it to their situation.

  • Hacktivists - Anonymous

  • Nation-State Attackers - APT

  • Insider threat - that employee who wants to take you down. To get “even” with you.

  • Competitors - companies hiring hackers to steal information from competitors

Attacker motivations

  • Data exfiltration - credit card numbers, confidential information. Quick money way.

  • Espionage - trying find out what other people are up to

  • Service disruption - DoS attack or DDoS attack.

  • Blackmail - sometimes people knock down websites and then ask for a payment to let your website run back online again

  • Financial gain - self explanatory

  • Philosophical/political belief

  • Ethical - they feel that your activity is unethical

  • Revenge -

  • Disruption/chaos -

  • War - like in Ukraine. Cyber war happens all of the time

0
Subscribe to my newsletter

Read articles from Jonas Satkauskas directly inside your inbox. Subscribe to the newsletter, and don't miss out.

cybr#cybersecuritycybersecurityCyberSeclearningcomptia security+comptia

Written by

Jonas Satkauskas
Jonas Satkauskas