IT Fundamentals/Security Concepts



This lesson introduces IT security concepts.

Objectives and Skills
Objectives and skills for the security concepts portion of IT Fundamentals certification include:


 * Compare and contrast authentication, authorization, accounting and non-repudiation concepts.
 * Authentication
 * Single factor
 * Multifactor
 * Examples of factors
 * Password
 * PIN
 * One-time password
 * Software token
 * Hardware token
 * Biometrics
 * Specific location
 * Security questions
 * Single sign-on
 * Authorization
 * Permissions
 * Least privilege model
 * Role-based access
 * User account types
 * Rule-based access
 * Mandatory access controls
 * Discretionary access controls
 * Accounting
 * Logs
 * Tracking
 * Web browser history
 * Non-repudiation
 * Video
 * Biometrics
 * Signature
 * Receipt
 * Summarize confidentiality, integrity and availability concerns.
 * Confidentiality concerns
 * Snooping
 * Eavesdropping
 * Wiretapping
 * Social engineering
 * Dumpster diving
 * Integrity concerns
 * Man-in-the-middle
 * Replay attack
 * Impersonation
 * Unauthorized information alteration
 * Availability concerns
 * Denial of service
 * Power outage
 * Hardware failure
 * Destruction
 * Service outage

Readings

 * 1)  Authentication
 * 2)  Authorization
 * 3)  Accounting

Multimedia

 * 1) YouTube: Authentication, Authorization, Accounting & Non-Repudiation
 * 2) YouTube: Confidentiality, Integrity & Availability Concerns

Activities

 * 1) Manage user accounts.
 * 2) * Windows: Review GCF Global: Understanding user accounts. Create and test both administrator and standard accounts. Identify the differences between the two account types and when each one should be used.
 * 3) * macOS: Review GCF Global: Understanding user accounts. Create and test both administrator and standard accounts. Identify the differences between the two account types and when each one should be used.
 * 4) * Linux: Review Pluralsight: User and Group Management in Linux. Create and test both regular and super (sudoer) accounts. Identify the differences between the two account types and when each one should be used.
 * 5) Research multi-factor authentication. Consider setting up multi-factor authentication on all supported accounts, including Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
 * 6) Manage permissions.
 * 7) * Windows:
 * 8) ** Review Online Tech Tips: How to Set File and Folder Permissions in Windows.
 * 9) ** Check folder and file permissions for your Documents folder and one or more of the files in that folder.
 * 10) * macOS:
 * 11) ** Review Apple: Change permissions for files, folders, or disks on Mac.
 * 12) ** Check folder and file permissions for your Documents folder and one or more of the files in that folder.
 * 13) * Linux:
 * 14) ** Review Geeks for Geeks: Permissions in Linux
 * 15) ** Check folder and file permissions for your Documents folder and one or more of the files in that folder.
 * 16) Review security policy settings.
 * 17) * Windows: Review Microsoft: Security policyConsider whether any security policy changes are necessary.
 * 18) * macOS: Review Apple: Change Security & Privacy General preferences on Mac. Consider whether any security preference changes are necessary.
 * 19) * Linux: Review Pluralsight: Linux Hardening - A 15-Step Checklist for a Secure Linux Server. Consider whether any security setting changes are necessary.
 * 20) Research confidentiality, integrity, and availability concerns for your school or work environment. What security risks exist? How can these risks be mitigated?

Authentication

 * Authentication is the act of proving an assertion, such verifying the identity of a computer system user.
 * Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:
 * knowledge (something the user and only the user knows)
 * possession (something the user and only the user has)
 * inherence (something the user and only the user is)
 * Examples of factors include:
 * Password
 * PIN
 * One-time password
 * Software token
 * Hardware token
 * Biometrics
 * Specific location
 * Security questions
 * Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

Authorization

 * Authorization is the function of specifying access rights/privileges to resources, which is related to information security and computer security in general and to access control in particular.
 * Permissions or access rights control the ability of users to view, change, navigate, and execute system resources.
 * The principle of least privilege (PoLP) requires that every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.
 * Role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users based on job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions needed to perform particular system functions.
 * Common user account types may include guest, standard, power user, and administrator.
 * Rule-based access control extends role-based access by applying policies that express a complex Boolean rule set that can evaluate many different attributes. Attribute categories include:
 * Subject attributes: attributes that describe the user attempting the access e.g. age, clearance, department, role, job title
 * Action attributes: attributes that describe the action being attempted e.g. read, delete, view, approve
 * Object attributes: attributes that describe the object (or resource) being accessed e.g. the object type (medical record, bank account...), the department, the classification or sensitivity, the location
 * Contextual (environment) attributes: attributes that deal with time, location or dynamic aspects of the access control scenario
 * Mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.
 * Discretionary access control (DAC) is a type of access control by which a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).

Accounting

 * Accounting within computer security refers to accountability, using such system components as audit trails (records) and logs, to associate a subject with its actions.
 * An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.
 * Logs are files that record either events that occur in an operating system or other software runs.
 * Web browsing history is the list of web pages a user has visited recently, as well as associated data such as page title and time of visit, which is recorded by web browser software as standard for a certain period of time.

Non-repudiation

 * Non-repudiation involves associating actions or changes with a unique individual. This prevents the owner of the account from denying actions performed by the account.
 * Non-repudiation methods include:
 * Video
 * Biometrics
 * Digital Signature
 * Receipt

Confidentiality

 * Confidentiality involves a set of rules or a promise usually executed through agreements that limits access or places restrictions on certain types of information.
 * Snooping is stealthily observing any type of action or communication.
 * Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent.
 * Wiretapping is the monitoring of telephone and Internet-based conversations by a third party, often by covert means.
 * Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.
 * Dumpster diving is salvaging from garbage containers for items discarded by their owners, but deemed useful to the picker.

Integrity

 * Data integrity is the maintenance of, and the assurance of the accuracy and consistency of data over its entire life-cycle.
 * Man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
 * Replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.
 * Impersonation is when someone imitates or copies the behavior or actions of another, often as part of a criminal act such as identity theft.
 * Unauthorized information alteration may occur with incomplete or incorrect implementation of authentication and authorization.

Availability

 * Availability is the degree to which a system, subsystem or equipment is in a specified operable and committable state at a given time.
 * A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
 * A power outage (also called a power cut, a power out, a power blackout, power failure or a blackout) is the loss of the electrical power network supply to an end user.
 * Computer security can be compromised by devices, such as keyboards, monitors or printers (thanks to electromagnetic or acoustic emanation for example) or by components of the computer, such as the memory, the network card or the processor (thanks to time or temperature analysis for example).
 * An asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware, software, and confidential information. Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.
 * Downtime refers to periods when a system is unavailable. Downtime or outage duration refers to a period of time that a system fails to provide or perform its primary function. Reliability, availability, recovery, and unavailability are related concepts.

Key Terms

 * ACL (Access Control List)
 * A list of permissions attached to an object.


 * DDoS (Distributed Denial of Service)
 * A distributed denial-of-service (DDoS) is a large-scale DoS attack where the perpetrator uses more than one unique IP address or machines, often from thousands of hosts infected with malware.


 * DLP (Data Leak Prevention)
 * Preventing the intentional or unintentional release of secure or private/confidential information to an untrusted environment.


 * DoS (Denial of Service)
 * A cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.


 * IDS (Intrusion Detection System)
 * A device or software application that monitors a network or systems for malicious activity or policy violations.


 * IPS (Intrusion Prevention System)
 * Network security appliances that monitor network or system activities to identify malicious activity, log information about this activity, report it, and attempt to block or stop it.


 * MITM (Man in the Middle)
 * An attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.


 * ROSI (Return on Security Investment)
 * A ratio between net benefit and cost of investment. As a performance measure, ROI is used to evaluate the efficiency of an investment or to compare the efficiencies of several different investments.


 * SID (System Identifier or Security Identifier)
 * A unique, immutable identifier of a user, user group, or other security principal.

Assessments

 * Flashcards: Quizlet: IT Fundamentals - Security Concepts
 * Quiz: Quizlet: IT Fundamentals - Security Concepts