Question 71. What’s the difference between a threat, vulnerability, and a risk?

There’s a direct relationship between threats, vulnerabilities, and risks within the context of security. You can’t fully understand one without understanding the others.

1-Threat  téléchargementis a potential danger. It’s any circumstance or event that can compromise the confidentiality, integrity, or availability of data or a system.

Example of Threat

  • Malicious Insider Threat: is anyone that has legitimate access to an organization’s internal resources, but exploits this access for personal gain or damage against the company. This person’s actions can compromise confidentiality, integrity, and availability. Because of this, most organizations implement basic controls to prevent potential problems. For example, the principle of least privilege ensures that employees have only the rights and permissions to perform their assigned tasks and functions, but no more. Other policies such as job rotation, separation of duties, and mandatory vacations combined, help prevent damage from malicious insiders.

Some organizations implement

  • Threat Modelling : It ‘s a process that helps an organization identify and categorize threats. It attempts to predict the threats against a system or application along with the likelihood and potential impact from these threats. Once the organization identifies and prioritizes threats, it identifies security controls to protect against the most serious threats.  Organizations have limited resources so it’s not possible to protect against all threats. However, threat modeling improves the security posture of any system or application by ensuring that the resources aren’t squandered on low-priority threats.

2-Vulnerability  is a flaw or weakness in software or hardware, or a weakness in a process that could be exploited, resulting in a security breach. Just because a vulnerability exists doesn’t mean it will be exploited, only that it can be exploited.

Examples of vulnerabilities include:

  • Lack of updates. If systems aren’t kept up to date with patches, hotfixes, and service packs, they are  vulnerable to bugs and flaws in the software.
  • Default configurations. If defaults aren’t changed in hardware and software configurations, they are  susceptible to attacks. Similarly, default usernames and passwords are susceptible to attacks if they  aren’t changed.
  • Lack of malware protection or updated definitions. If antivirus and anti-spyware protection  isn’t used and kept up to  date, systems are vulnerable to malware  attacks.
  • No firewall. If personal and network firewalls aren’t enabled or configured properly, systems are more   vulnerable to network and Internet-based attacks.
  • Lack of organizational policies. If job separation, mandatory vacations, and job rotation policies aren’t implemented, an organization may be  more susceptible to fraud and collusion from   employees.

Not all vulnerabilities are exploited. For example, a user may install a wireless router using the defaults. It is highly vulnerable to an attack, but that doesn’t mean that an attacker will discover it and attack. In other words, just because the wireless router has never been attacked, it doesn’t mean that it isn’t vulnerable

3-Risk  is the likelihood that a threat will exploit a vulnerability. The result is a negative impact on the organization. Impact refers to the magnitude of harm that can be caused if a threat exercises a vulnerability.

For example, a system without up-to-date antivirus software is vulnerable to malware. Malware written by malicious attackers is the threat. The likelihood that the malware will reach a vulnerable system represents the risk. Depending on what the malware does, the impact may be an unbootable computer, loss of data, or a remote-controlled computer that has joined a botnet.

However the likelihood of a risk occurring isn’t 100 percent. An isolated system without Internet access, network connectivity, or USB ports has a low likelihood of malware infection. The likelihood will significantly increase for an Internet-connected system, and it will increase even more if a user visits risky websites and downloads and installs unverified files.

An organization can avoid a risk by not providing a service or not participating in a risky activity. Insurance transfers the risk to another entity. You can mitigate risk by implementing controls. When the cost of the controls exceeds the cost of the risk, many organizations accept the risk.

Remember this : A Risk is the likelihood that a threat will exploit a vulnerability. A vulnerability is a weakness, not all vulnerabilities are exploited, and a threat is a potential danger. It’s not possible to eliminate risk, but you can take steps to manage it. 

src: Security+ Study Guide,Darril Gibson.

Question 253 : What’s the difference between encoding, encryption, and hashing?

1-Encoding is the process of téléchargementconverting data into a format required for a number of information processing needs, including:

  • Program compiling and execution
  • Data transmission, storage and compression/decompression
  • Application data processing, such as file conversion

In computer technology, encoding is the process of applying a specific code, such as letters, symbols and numbers, to data for conversion into an equivalent cipher.

For example Encoding is used to reduce the size of audio and video files. Each audio and video file format has a corresponding coder-decoder (codec) program that is used to code it into the appropriate format and then decodes for playback

2-Encryption provides confidentiality and prevents unauthorized disclosure of data. Encrypted data is in a cipher text format that is unreadable. Attackers can’t read encrypted traffic sent over a network, or encrypted data stored on a system. In contrast, if data is sent in clear text, an attacker can capture and read the data using a protocol analyzer.

The two primary encryption methods are symmetric  and asymmetric. Symmetric encryption(ex: DES , 3DES, AES) encrypts and decrypts data with the same key. Asymmetric encryption (ex: RSA )  encrypts and decrypts data using a matched key pair of a public key and a private key.

These encryption methods include two elements:

  • Algorithm. The algorithm performs mathematical calculations on data. The algorithm is always the same.
  • Key. The key is a number that provides variability for the encryption. It is either kept private and/or changed frequently

3-Hashing is an algorithm performed on data such as a file or message to produce a number called a hash (sometimes called a checksum). The hash is used to verify that data is not modified, tampered with, or corrupted. In other words, you can verify the data has maintained integrity.

A key point about a hash is that no matter how many times you execute the hashing algorithm against the data, the hash will always be the same as long as the data is the same.

Hashes are created at least twice so that they can be compared. For example, you can create a hash on a message at the source before sending it, and then again at the destination. If the hashes are the same, you know that the message has not lost integrity. Message Digest 5 (MD5) and the Secure Hash Algorithm (SHA) family are popular hashing algorithms.

Remember this : Encoding involves the use of a code to change original data into a form that can be used by an external process so it  should not be confused with encryption, which hides content and Hashing is an algorithm used to verify data integrity.

src: Security+ Study Guide,Darril Gibson.

Securing Cisco Network with Threat Detection and Analyst – (SCYBER)

CyberSecurity Specialist
CyberSecurity Specialist

I would like to introduce you to the  Cisco Certification called SCYBER.

The Securing Cisco Networks with Threat Detection and Analysis (SCYBER) (600-199) is a 1.5-hour exam with 50−60 questions.

This exam is associated with the Cisco Cybersecurity Specialist certification. Candidates can prepare for this exam by taking the Interconnecting “Securing Cisco Networks with Threat Detection and Analysis”course.This exam tests a candidate’s knowledge and skills required to proactively detect and mitigate network security threats by leveraging features that exist in Cisco and other industry network security products today.

Designed for professional security analysts, the exam covers essential areas of competency including event monitoring, security event/alarm/traffic analysis, and incident response. The exam is closed book and no outside reference materials are allowed.

My experience with this certification is the following:

Some months ago ( February) after I passed my CompTia Security + Certification , I was looking for the  next certification to prepare.

My search leads me to CEH of EC-Council , GSEC of SANS Institute and Cybersecurity Essentials of Prometric. In the same time I received some Cisco ads  about their new SCYBER  Certification and that caught my attention.

To make my choice , I discarded CEH and GSEC because the sources materials for these certifications were scarse and not fully available on Pi****bay ;)!(shuuuuuut !!! I took almost all y sources materials on it ).

I started compare SCYBER and Cyber Security Essentials of Prometric , and for me this last looked like Security + Certification that I passed . Then I focused on SCYBER , but it was a new certification , that means no sources materrials available,  only in the training center !

I decided to come back to CEH. some months have passed and I started to see the new version V8 of the certification available, but my mind was always in the SCYBER  may be due to of lack of materials  to correctly setup my CEH Lab.., it was difficult for me to perform CEH Labs  ( I had 2 computers one Mac Book Air “11”, and an old Windows PC 32bits  😦  ,  not enough memory for different VMs Machine to setup  …and so on ) .

This is how the true CEH Lab looks like according to EC-Council.

Capture d’écran 2014-10-01 à 14.40.41

But I don’t give up , I keep trying my best by download and learn about Computer Forensic , Hacking , Cybersecurity … ( I have a 700 GB data  hard disk so I can always  do news things :)) .

Few week ago , after an interview I saw one Cisco Live conference gived by James Risler , the Topic was about Cisco Cyber Security Analyst Specialist Certification, that convince me to prepare SCYBER.

For me , it was not too difficult , besides I think that the SCYBER exam was  easy more  than the preparation I  made (may be I did too much  preparation ?!?!). I so  much appreciated all subjects I learned and experienced more  than the exam itself.  I just failed one question on 58  🙂 .

The official sources material it not yet available excepted some cisco presses . The official  preparation is given by a  cisco instructor led courses.

I used some Cisco presses , mainly  my own searchs among my 700 GB data of my hard disk ( Computer Forensic , Ethical Hacking , TCP/IP fundamental , TCPdumps , Wireshark , Incidence Response procedure , …) and some forum .

Capture d’écran 2014-10-01 à 17.49.57

Some subjects seems basic, but for example if you can not read the information contained in the TCP header , payload can you investigate?

Even if  it’s Cisco certification , the subjects are not based on cisco technologies or products, but mainly on Cybersecurity in general like a neutral vendor certification can proceed .

And the winner is … 😉

Capture d’écran 2014-10-23 à 23.22.07

That’s what I can say about this certification I recommend you to watch this video if you want more details.