Access Control Methods

 ABAC, DAC, MAC, Role-BAC, Rule-BAC

ABAC (Attribute-Based Access Control)

The most fine-grained access control.

Access is based on a combination of subject and object attributes

• Operating system
• IP address
• Up-to-date patches
• Up-to-date antimalware
• Employee's identity
• Time of day
• Location
• Type of device

DAC (Discretionary Access Control)

• Based on the owner of the file or folder
• The owner decides who gets access and the type of access
• Windows, Linux, and UNIX use a DAC method

MAC (Mandatory Access Control)

• Each object is assigned a classification label
• Each subject is assigned a clearance level (such as Confidential, Secret, or Top Secret)
• A subject with the label "Secret" would be unable to access "Top Secret" data as it would be above its clearance level.
• Also, based on "Need to know," in other words, not everything will they have access to at its security level. 

RBAC (Role-Based Access Control)

• Based on your job function (role)
• Group-based security
• Group examples: Accounting, HR, IT, Sales. etc

RBAC (Rule-Based Access Control)

• System enforced rules
• Some rule triggers the access control
• Time of day 
• Conditional access is a form of rule-based access control
• UAC (User Account Control - Windows) and sudo - Linux are examples of conditional access

Netstat - Native to Linux / Windows

 NETSTAT

Netstat is a tool built into both Linux and Windows, but the syntax is different between the two operating systems.

Several ways this local command line tool can be utilized:

• See what ports (services) are in a listening state, both TCP and UDP ports.
• See what files are being accessed and which computers are involved.
• See if any systems are connected before rebooting a server.
• See what process established the connection (such as Zoom, Firefox, Chrome, Edge, etc.)
• Display ethernet statistics
• Display the owning process ID
• Display the routing table

Tokenization

 Credit Cards - Tokenization

Tokenization is used to make it easy to reorder a credit card. One such method is the vendor storing the credit card information (not in plaintext) for monthly or yearly subscriptions. 

This process can replace part or all of the original data. The token is located on a token server.

Tokenization is a security technique that replaces sensitive data with a non-sensitive substitute called a token. Tokens are unique identifiers that link to the original data but cannot be deciphered to access the original information.

Tokenization is used in many areas, including:

Payment processing

Tokenization protects credit card and bank account numbers by replacing them with tokens. This removes the connection between the transaction and sensitive data, making transmitting data over wireless networks safer.

Speech recognition

Voice-activated assistants like Siri or Alexa use tokenization to process spoken words. When you ask a question or command, your spoken words are converted into text, which is then tokenized.

Commodities

Tokenization can turn ownership of commodities like oil, gold, or agricultural products into on-chain tokens, making the market for these assets more liquid and accessible.

Tokenization is also known as "masking" or "obfuscation."

 Attack Frameworks

MITRE ATT&CK (MITRE Adversarial Tactics, Techniques, and Common Knowledge)

This provides a database of known TTPs (Tactics, Techniques, and Procedures). 

Here is a link to the website: MITRE ATT&CK

Each individual technique is assigned a unique ID. 

The tactics are persistence, command & control, and initial access.

The Diamond Model of Intrusion Analysis

This is used to analyze an intrusion based on four core features:

• Victim
• Capability
• Infrastructure
• Adversary

Cyber Kill Chain Attack Framework

This is a white paper put out by Lockheed Martin.

This shows the order of the stages of an attack.

1. Reconnaissance—This is the stage where the attacker chooses the methods to use for the attack. The attacker collects information about the target's computer systems, supply chain, and employees.

2. Weaponization - The attacker chooses what exploit and payload code to use for the attack. 

3. Delivery - the attack vector to transmit the attack code to the target, an email attachment, or a USB drive.

4. Exploitation - trick a user into running the code by clicking on an attachment or drive-by-download.

5. Installation - this stage is for persistence

6. Command and Control (C2) - this stage is where the attacker can install additional tools

7. Actions on Objectives - this stage is where data exfiltration occurs.

Directory Traversal Attack

 Directory Traversal Attack Examples

http://www.sample.com/../../../etc/passwd

http://www.sample.com%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd

http://www.sample.com%2f..%2f..%2f..%2fetc%2fpasswd

http://www.sample.com2f..2f..2f..2fetc2fpasswd

C:\Users\JohnDoe\AppData\Local\Microsoft\Office

Some of these examples used percent encoding. 

%2E is a period "."

%2F is a "/."

 METADATA

Metadata is data about data, such as information about things you used on your mobile device, like taking a picture, the date and time, and the GPS location.

• GPS Tagging
• Photographs
• Video 

Files on your PC, smartphone, laptop, tablet, etc. Multiple attributes are recorded and attached to these files. If the person creating the document backdates the date on the document, you can see the date it was made.

• Date and time created.
• When it was modified
• When it was accessed

Metadata is recorded when you make a phone call or send a text.

• Incoming and outgoing phone numbers are involved.
• The date and time of the class.
• The duration of the calls.
• SMS text time

Protecting Passwords Against Offline Attacks

 Offline Password Attacks & Preventive Measures

Rainbow table attack

The best protection against this attack type is adding salt (random data) to the password before hashing.

Brute Force & Dictionary

The best method for slowing down the attacker from discovering the password is to use key stretching. This method uses thousands of rounds of hashing. This does not make the key stronger, but the attacker has to do a lot of processing to check each possible key to find the correct one. There are 2 methods on the exam:

PBKDF2 & bcrypt