CVSS Metrics

This is covered in the CompTIA CySA+ course.

Here are some examples of metrics used in the Common Vulnerability Scoring System (CVSS):

Attack Vector (AV)

How an attack can be executed, with higher scores for remote attacks:

Network (N): Remotely exploitable

Adjacent (A): Requires network adjacency for exploitation

Local (L): Not exploitable over a network

Physical (P): Requires physical interaction with the target system

Attack Complexity (AC)

How difficult it is to execute the attack:

Low: Easier to exploit

High: More challenging to exploit

Privileges Required (PR)

The level of access needed to exploit the vulnerability:

None: Unauthenticated

User Interaction (UI)

Whether the attacker needs to involve a user in the exploit:

Passive: The user needs to do something, like accidentally visiting a malicious website

Active: The user needs to do something, like executing a malicious office macro

Scope (S) indicates whether the exploit affects only the local security context

(U) Unchanged or not (C) Changed

Confidentiality (C)

High (H), Low (L), or None (N)

Integrity (I)

High (H), Low (L), or None (N)

Availability (A)

High (H), Low (L), or None (N)

Score Categories

Score                Description

0	None
0.1+	Low
4.0+	Medium
7.0+	High
9.0+	Critical

Here is a link to a CVSS calculator: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

This is covered in CompTIA CySA+.

Digital Signature: Exam notes CompTIA Security+

 Digital Signature

Listed below are the items you need to know for the exam:

Digital signatures provide:

• Non-repudiation
• Authentication
• Integrity

Creating the digital signature is a 2 step process:

• First, hash the email/message
• Second, the private key digitally signs (encrypts) the hash

The digital signature is created with the "sender's" keys. 

The digital signature is an encrypted wrapper for the sender's public key.

The recipient's system extracts the public key and decrypts the digital signature to validate the sender.

RSA and DSA (Digital Signature Algorithm) are used to create digital signatures.

Hashing Algorithms: MD5, SHA, RIPEMD, & HMAC

HASHING

Hashing is used to verify integrity, making sure the media has not been altered, changed, or modified by accidental or intentional means. Hashing can also be called a checksum or message digest. 

A hash is a one-way function that produces a fixed-length output. This output cannot be reversed to produce the original input. Hashing only alerts you to the fact that something has changed, in other words, it has lost its integrity.

Hashing is used for many reasons:
1. The most common and widely used methods are with passwords. When an individual login to the PC their password is hashed and matched against the hashes that are stored if it matches the user is authenticated.

2. Sometimes hashing is used to make sure financial records have not been changed. This process can be performed daily, weekly, or monthly. This is referred to as "file integrity monitoring."

3. File integrity monitoring can be used to check the hash value of image files. If the "hash value has changed" on website images, or other images being sent or stored at the organization, then the most likely explanation is someone is using "steganography" to hide stolen data.

4. Running a file integrity program to check configuration files on network devices to compare them to the previous week or months hashes to look for changes.

5. Vendors sometimes provide these for applications, patches, and updates to verify you received the entire download or that it has not been modified. You would need to run a hashing algorithm to see if the hash matches that on the website.

HASHING ALGORITHMS

MD5 - Message-Digest 5 uses a 128-bit has value. It is the fast of the hashing algorithms but has documented collisions. Despite being deprecated it is still one of the most widely used hashing programs.

SHA/SHA-1 - Secure Hash Algorithm. SHA was created to address the weaknesses of MD5. Both SHA and SHA-1 use a 160-bit digest. 

SHA-2 was created to address the problems with SHA-1. SHA-2 uses longer digests (256, 384, & 512).

RIPEMD - RACE Integrity Primitives Evaluation Message Digest. Produces performance and encryption strength similar to SHA-1.

HMAC - Hash-based Message Authentication Code is used to verify both the integrity and authenticity of a message. It combines a hash function and a secret key. 

C - I - A: Confidentiality - Integrity - Availability

CIA 

Confidentiality: Making certain information (data) is only viewable by certain people.

1. Encryption is the main method for confidentiality. Whether it is file encryption, full disk encryption, or full device encryption for mobile devices. The user needing to read the information would need a decryption key to decipher the encryption first. 

2. ACL (Access Control Lists) is another method of providing confidentiality. This is not as secure as using encryption. There are different access control methods such as MAC (Mandatory Access Control), DAC ( Discretionary Access Control), Role-BAC (Role-Based Access Control), Rule-BAC (Rule-Based Access Control), and ABAC (Attribute Access Control). These methods and examples will be discussed in a different post.

3. Steganography: With this method, you could hide a document inside of another document, inside a photo, video file, or audio file. The carrier (the file used as the hiding method has to be larger than the file you are trying to hide) looks the same, in the case of the audio or video file they still play. 

Steganography is "Security through Obscurity"

Steganography can be used in some cases to bypass security controls such as DLP (Data Loss Prevention) systems. One way to detect this activity would be to employ file integrity monitoring. That way you would have the original hash and any modification to the file would produce a different hash. 

For the "Use Case" of confidentiality, encryption is used.

Integrity: Making sure that the data has not been altered, changed, corrupted, or modified by intentional or accidental means. 

Verifying integrity is provided through hashing. Hashing is a one-way function that produces a fixed-length output that cannot be reversed to produce the original input.

For the use case of integrity, hashing is used

Availability: This means that the information/data is accessible when the information is needed to modify or view the data.

Many things provide availability such as Load Balancing, Fault Tolerance, Alternate Sites (Hot, Warm, Cold, Mobile), Alternate Power (Generator, UPS), Backups, Patching, RAID, and HVAC.