Disclaimer: The purpose of this article is to provide information on the Fundamentals of IT Security. All information provided is for educational purposes only and not intended to encourage any unlawful acts. These are my personal writings and i will not be liable for any actions you may take as a result of reading this article.
We are going through an era. A frantic race towards digitalization and automation. With this advance, the various infrastructures put in place need to be secured in order to be used properly. We can define IT security as:
the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide
Source: Wikipedia
In the field of computer security, whether for an SME, a large company, a private individual or other, the aim is always to ensure CIA. No, it is not the Central Intelligence Agency : ‘-) . It is an acronym of the computer jargon, commonly called triad.
Ensuring security within an organization always means ensuring Confidentiality, Integrity and Availability, hence the term CIA. Of course, we have other aspects such as Tracability, Non-repudiation or Authentication, but let’s focus on the triad first.
Confidentiality
It helps to protect the data. It ensures that sensitive information is not misappropriated and that it remains accessible to authorized persons, i.e. only those authorized to consult it. To give you a simple example, in the military, for example, the information that a captain may have access to is not the same information that a general may have access to; there must be accreditation levels and that is what confidentiality ensures.
Integrity
It involves maintaining the consistency, accuracy and reliability of data throughout its lifecycle. Data must not be modified during transmission. In addition, measures should be taken to prevent unauthorized persons from altering the data, for example in the event of a breach of confidentiality. This prevents MITM (Man In The Middle) attacks.
Availability
As the name implies, is about ensuring that the resources used are available when users need them. For example, a website like ours requires a server that is constantly active in order for the website to be accessible. To ensure availability, it is essential to ensure rigorous maintenance of all hardware, to perform all necessary hardware repairs instantly, and to maintain an operating environment that is in working order and free of software conflicts.
Depending on the sector in which you operate, the level of importance of each triad element may differ. For example, in an accounting firm, you may have confidentiality as the most important factor, whereas in the industrial sector, availability is the most important factor. So you have to adapt the infrastructure according to the needs of the business.
When a hacker (professional) wants to attack an organization, he proceeds in 5 steps that we will call here the 5P (Probe – Penetrate – Persist – Propagate – Paralyze). Each of these P is a step that the attacker goes through in order to compromise a given system.
*** Probe:
Usually called “information gathering”, this is the step where the attacker looks for information about his target. He will proceed by doing both passive and active information gathering; passive here simply means that the attacker does not interact directly with the target. He can do this by using Google dorks for example, which alone is a very powerful tool (let me know in the comments if you want me to do an article on Google dorks). The active search consists in interacting directly with the target. In this case, the attacker can use a port scanner like Nmap to determine the version of software used by the target, or a vulnerability scanner like Nessus or Nikto for web servers.
*** Penetrate:
No pun intended, this is the stage in which the attacker uses the information gathered to infiltrate the target’s system. Techniques such as brute force or dictionary attacks can be used to bypass password protection. Another possibility to infiltrate a system is to use application vulnerabilities; if the target has software that is out of date and has exploitable vulnerabilities, the attacker will use these vulnerabilities to gain access to the system.
*** Persist:
Once in the system, the attacker will try to take control of the network. To do so, he will either upgrade his privileges to have administrative rights over the victim’s system. Another technique is to install a remote control application commonly called backdoor that can resist a reboot (e.g. a Trojan horse).
*** Propagate:
Like a virus, an attacker’s goal is to spread through your system, making it harder for network administrators to get rid of the attack. I’ll give you a simple scenario to explain. Let’s say I want to break into Company X. I can start by hacking into their surveillance cameras. From there, I’ll try to access the ventilation system, the computers, the servers, and soon, I’ll have full access to my target’s system. As a result, it will be much more difficult for the company’s security team to completely get rid of the programs that I would have implemented here and there during my visit.
*** Paralyze:
Once in the target system, the attacker can use the server to attack another machine, destroy data or damage the operating system in order to crash the server. This is usually where the attacker injects ransomware into the network. A ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a certain amount of money from the victim in order to give him back access to the data.
We will soon see different kinds of attacks that a malicious person can launch on a system.
Other interesting article here!
