"state": {
"type": "markdown",
"state": {
- "file": "People/Ruxi.md",
+ "file": "University/Computer Security/Cheatsheet (extensive, draft).md",
"mode": "source",
"source": false,
"backlinks": true,
}
},
"icon": "lucide-file",
- "title": "Ruxi"
+ "title": "Cheatsheet (extensive, draft)"
}
}
]
"autoReveal": true
},
"icon": "lucide-folder-closed",
- "title": "Files"
+ "title": "File explorer"
}
},
{
},
"left-ribbon": {
"hiddenItems": {
+ "daily-notes:Open today's note": false,
"switcher:Open quick switcher": false,
"graph:Open graph view": false,
"canvas:Create new canvas": false,
- "daily-notes:Open today's daily note": false,
"templates:Insert template": false,
"command-palette:Open command palette": false,
"excel:Create Excel File": false,
},
"active": "b32655feb9b7d9db",
"lastOpenFiles": [
+ "Pasted image 20250416221211.png",
+ "Pasted image 20250416221155.png",
"People/Ruxi.md",
- "University/Computer Security/Cheatsheet (mmm for exam).md",
+ "University/Computer Security/Cheatsheet (extensive, draft).md",
"University/Human Computer Interaction/Untitled.md",
"University/Computer Security",
"University/Human Computer Interaction",
"Bundesverfassungsgericht/References on Bundesverfassungsgericht.md",
"University/Algorithm Design/Resources.md",
"University/Algorithm Design/Greedy.md",
- "AI/Thoughts on the Ethics of AI.md",
"People",
"University/HCI",
"University/Algorithm Design",
--- /dev/null
+# Network Sec.
+## Firewalls
+1. **Packet Filtering Firewall**: Simple firewall that checks packet (semi-) independently.
+2. **Application-Level Firewall**: More complex traffic patterns, allowing finer control (but requires more resources)
+
+Layered Defence:
+ Implement a multi-layered security approach to address different levels of threats.
+
+### Threat vs. Harm
+> Threat = A potential danger that could cause harm
+> Risk = The likelihood that the threat will actually exploit a vulnerability and cause damage
+Risk = Likelihood * Impact
+
+Threat Model:
+ A strategic framework that identifier potential attacks and adversaries
+
+## Types of Threat Actors
+| Threat Actor | Motivation |
+| ---------------- | -------------------- |
+| Cybercriminal | Profit |
+| Nation State | Geopolitical |
+| Terrorist Groups | Ideological Violence |
+| Thrill-Seeker | Satisfaction |
+| Insider Threats | Discontent |
+| Hackers | Variable |
+
+Coordinated Vulnerability Disclosure (CVD):
+ CVD is an ethical practice where security researchers or individuals who discover a vulnerability responsibly report it
+
+Bug Bounties:
+ Ethical hackers hunt for rewards in discovering and report vulnerabilities.
+
+
+### Cyber Kill Chain:
+1. Recon
+2. Weaponisation
+3. Delivery
+4. Exploitation
+5. Installation
+6. Command and Control (C2)
+7. Actions on Objectives
+
+Detecting Criminals can be based on multiple things:
+1. Hash Values
+2. IP Addresses
+3. Domain Names
+4. Network / Host Artifacts
+5. Tools
+6. Tactics, Techniques and Procedures
+
+Defense in Depth: cybersec. strategy that involves deploying multiple layers of security (layered security)
+
+Usable Security: If your security is not very usable this can pose its own security risks.
+
+CIA Triad:
+ The CIA Triad contains the three security essential goals in Cyber Security
+ 1. Confidentiality
+ 2. Integrity
+ 3. Availability
+
+Confidentiality can be achieved with:
+- Encryption
+- Access Control Systems
+- Policies an Governance
+
+Integrity with:
+- Data validation
+- Change Management and Version Control
+
+Availability:
+- Redundancy and failover
+- Load balancing
+- Monitoring and alerting
+
+# Physical Layer
+This includes: Servers, Cabling, Storage Devices, Network Equipment, Acess Points and Entry doors. You need to limit this kind of access, otherwise even the most secure system is vulnerable.
+
+Access control:
+ Only the people that should have authorised access, should be able to go there.
+
+Types of Access Control:
+- Physical Barriers
+- Authentication Systems
+- Surveillance & Monitoring
+- Visitor Management
+
+Cables can be tapped.
+This can be detected, either with phyiscal inspection, signal strength analysis and cable testing. You can both tap glass-fibre and copper.
+
+Cables can generate Electro-magnetic interference.
+Rodent and Pest Damage.
+
+Typically critical systems are air-gapped, can only be acccessed from specific places, that are physically protected.
+Sometimes even with data diodes.
+
+**Guided Medium**:
+ A communication channel where the signals are guided along a physical path.
+ e.g. Copper Cables, Fibre Cables etc. etc.
+ Physical access is needed
+
+**Unguided Medium**:
+ Refers to a communication channels where the signals propagate freely through the air or space
+ e.g. Radio or Infrared
+
+Unguided can be controlled through range, directional attenas etc.
+
+Signal security:
+- Spread signals to prevent jamming
+- Frequency hopping aims to change freqs. very fast in a pattern that is unknown to an attacker
+- Authenticating and encrypting data sent over wireless can ensure integrity and confidentiality
+
+Spoofing: In the case of IP Spoofing, making a server's response to go someone else, not you.
+Denial of Service: An Attack that floods a victim's network with traffic, making it unavailable
+
+Types of DDoS:
+- Volumetric Attack (loads of stuff)
+- Protocol Attacks (break the protocol in some way)
+- Application Layer Attacks (target specific apps)
+
+Volumetric:
+Amplification Attack: Use an intermediary that returns a large response, in order to overwhelm stuff.
+
+Can be done with a lot of protocols: commonly UDP.
+People love DNS to do DoS
+
+Protocol:
+TCP SYN Flood is a common protocol attack
+You Spoof a SYN packet, and make it send SYN ACKS to people, and because the bot doesn't ever send an 'ACK' it leaves the server waiting, and sometimes wasting memory space.
+
+This can be mitigated by, e.g. not using memory to keep this state but using a crypto validation instead on the number.
+
+The SYN-ACKS that go nowhere are 'backscatter'
+
+Application lyer attack: HTTP Flood
+Cannot be spoofed. Requests a lot of large files.
+Cannot be spoofed because HTTP requires TCP.
+
+HTTP/2 RAPID RESET ATTACK
+Request, and Reset, all the time
+
+![[Pasted image 20250416221155.png]]
+
+
+![[Pasted image 20250416221211.png]]
+HTTP 2 attack
+
+How to mitigate DDoS attacks:
+- Redundant network infrastructure (no single point of failure)
+- Traffic filtering
+- Content Delivery Networks (distribute and cache content)
+- Web Application Firewalls (try to identify malicious traffics)
+
+Botnets:
+A botnet is a network of compromised computers that are under the control of a single entity, usually a malicious actor.
+Spreading malware, stealing sensitive info, DDoS
+
+Architecture:
+Infected Devices, Command and Control (C2), Communications Channels (basically everything is used here)
+
projects / research-obsidian.git / commitdiff
