overview edit doc new doc remove

Jan 26, 2018

updated at: May 28, 2019

LPIC 3 security Summary

The goal of security:

                Confidentiality
                     / \
                    /   \
                   /     \
  Auditing &      /       \  Non-Repudiation
  Accountability /         \
                /           \
               /             \
              /_______________\
       Integrity             Availability

Physical security

Security Controls

types:

In depth types:

Laws and Regulations

Example: Employees should have a strong password.

Policiy Usage
Acceptable Use Policy What you can and can not do on company assets.
Access Control Policy TODO
Password Policy Example: If someone loses their password.
Privacy Policy Example: Google, Facebook, ...
Personal Policy
Data Sensitivity and Classification Policies You have to define the importance of your data.

Example: A password should have an Uppercase, numbers and a special character.

Risk Management

Network Security

Switch security

Router security

DOS / DDOS

Types:

IPSEC

A bunch of protocols securing a connection point2point.

2 types of IPSEC:

Authentication header

This only provides integrity. It will add an AH header to am ip packet and hash it (HMAC).

AH TCP DATA IP_ADDRESS

Encapsulating security payload

Encrypting the full ip packet with DES, 3DES or AES. and then put a header on it.

Transport mode:

AH TCP DATA IP_ADDRESS

There is also something called tunnel mode it will add a new ip address left to AH, this is used most of the time when talking about IPSEC.

NEW_IP_ADDR AH TCP DATA ORIGINAL_IP_ADDRESS

The protocol that makes all this security work is ISAKMP (internet security association and key management protocol).

IPSEC is used in VPN, RADIUS and TACACUS+.

RAID

Proxy server

Works at the application layer.

Web proxy

Web proxies speed up web traffic by caching, they can block websites, monitor the traffic, etc.

Web security gateway

Is kind of a proxy except the feature set is different and more focussed on anti-malware.

IDS / IPS

A IPS runs between a switch and a router this is what I mean with inline. An IDS runs just inside the network and mostly on servers.

Summary: A firewall filters, IDS notifies and an IPS acts to stop.

EAP

Extensible authentication protocol is an authentication framework frequently used in wireless networks and PPP.

Well known EAP's:

Wireless security

VPN

2 things needs for VPN:

  1. Set up tunnel.
  2. authentication and encryption.

Types:

Protocols:

SNMP

Simple network management protocol.

Access Control / Identity Management

MAC (mandatory access controls)

Data is controlled by the administrator, data is controlled by labels.

DAC (discretionry access controls)

The owner of the data defines the access.

RBAC (role-based access controls)

access to resources is defined by a set of rules defined by an admin.

Cryptography

Cryptography is the the practice of taking information and obscuring it / hiding it in such a way that a third party can't read it.

You always have an algorithm and a key.

Hashes

Types:

Hash-based message authentication code

Symmetric algorithms

Both parties share the same key.

2 kind of Symmetric algorithms:

  1. Block ciphers:

Cut off a block of data, encrypt it send it, take the next block.

Examples:

AES (advanced encryption standard) (ssl, ssh intern)

  1. Streaming encryption:

1 bit at a time

Asymmetric algorithms

public key and different private keys.

RSA

ECC (eliptic curve Cryptography)

Diffie helman -> key exchange protocol

ssh is a protocol not a math function

encrypting on the internet -> TLS protocol

Steganography

Hiding text inside other things where you normally don't look, fe. images

Digital signature

In terms of website security, there is also a private and public key. The server will send you a public key to send and receive data from the server but how do you as a client know for sure it's the right public key?

The server will encrypt the webpage with its private key and then hash it. You will get the public key, the hash and the webpage. You can encrypt and hash the webpage to and compare the hash (also known as the digital signature.)

Digital certificate

So it's all based on trust:

You can do this 3 ways:

  1. unsigned certificate, make your own
  2. Web of trust
  3. PKI (public key infrastructure)

TODO lookup PKI

How does public key infrastructure works:

based on hierarchy:

CA (issues certs)

is an Organization they will have a root certificate.

        o               root cert

    0   0   0           interneddiate

0   0   0   0   0       client

the thing is B trust A, C trust B so you will get a secure chain.

interneddiate (to take the load of CA) clients

How to check bad cert:

CLR OSCP

Online certificate status protocol replaces certifacte revocation list

1