CEH Basics - Information Security - Terms and Concepts

Created in January 04, 2024

2024   ·   cybersecurity   CEH   ·   cyber-security

In today’s AI era, the importance of securing information has never been greater. Whether you’re a cybersecurity enthusiast or a professional, understanding the basics of information security is crucial for navigating this dynamic field. This blog breaks down the core principles, frameworks, and emerging trends in information security to help you build a solid foundation to help you in your path to a Certified Ethical Hacker.

What is Information Security?

Information Security (InfoSec) refers to safeguarding sensitive information from unauthorized access, misuse, or destruction. It ensures the Confidentiality, Integrity, Availability, and Authenticity of data while preventing unauthorized activities.

Core Elements of Information Security

  1. Confidentiality: Ensures that sensitive information is accessible only to authorized personnel.
  2. Integrity: Maintains trustworthiness by ensuring data is not altered by unauthorized entities (e.g., through techniques like hashing).
  3. Availability: Guarantees that data and resources are accessible to users whenever needed.
  4. Authenticity: Validates the identity of users and systems accessing resources, ensuring data genuineness.
  5. Non-Repudiation: Prevents denial of actions, ensuring that senders and recipients cannot deny sending or receiving messages.

Understanding Attacks: Motives, Goals, and Objectives

Cyberattacks arise from various motives such as financial gain, data theft, or resource exploitation. Here’s how these elements interplay:

  • Motive: The attacker’s reason for targeting specific systems (e.g., money, intellectual property).
  • Goal: Achieving unauthorized access or disrupting services.
  • Method (TTP): The tactics, techniques, and procedures used to exploit vulnerabilities.

Attacks = Motive (Goal) * Method (TTP) * Vulnerability

Vulnerabilities

  • The weakness or technical malfunction of a software or a hardware which can lead a hacker to use it for his benefit to extract data from a system.

Tactics, Techniques, and Procedures (TTP)

  • Tactics: High-level strategies that outline an attack from start to finish.
  • Techniques: The specific methods used to achieve intermediate goals (e.g., phishing, SQL injection).
  • Procedures: Step-by-step execution plans for attacks.

Types of Attacks

  1. Passive Attacks: Eavesdropping, network sniffing, or OSINT methods to gather data without altering it.
  2. Active Attacks: Tampering with data or breaking security protocols (e.g., ransomware).
  3. Close-In Attacks: Physical proximity-based attacks, such as stealing hardware or tampering with devices.
  4. Insider Attacks: Exploiting insider knowledge or planting malicious insiders.
  5. Distribution Attacks: Tampering with software or hardware during the supply chain process.

Ethical Hacking: Think Like a Hacker

To combat cybercriminals, ethical hacking focuses on anticipating malicious tactics. Ethical hackers simulate attacks to identify and mitigate vulnerabilities.

Skills of an Ethical Hacker

Technical Skills:

  • Knowledge of operating systems (Windows, Linux, macOS)
  • Networking fundamentals
  • Expertise in security tools and methods

Non-Technical Skills:

  • Strong analytical, communication, and problem-solving abilities
  • Adherence to organizational security policies and ethical standards

Artificial Intelligence (AI) is revolutionizing cybersecurity, enabling automated vulnerability detection and response. It involves using AI Algorithms, ML Models, automation frameworks to faciliate and automate ethical hacking efforts. However, it also introduces new risks:

  • Sophisticated Phishing: AI can generate convincing fake emails.
  • Automated Exploit Generation: Leveraging machine learning to exploit zero-day vulnerabilities.
  • It helps hackers by automatic routine tasks in assistance.
  • Accelerated LLM Analysis : LLMs can rapidly analyze massive datasets, including security logs and network traffic, to identify patterns that may indicate a breach or vulnerability.
  • Scripting and Coding : Writing backdoors, Exploits for a given scenario improves hacker’s work easy.

ShellGPT , a Command line based GPT, is one such tool to support terminal based LLM Assistance for ethical hackers and programmers

Frameworks used in Information Security

Frameworks in information security provide structured methodologies to manage risks, mitigate threats, and establish robust cybersecurity practices. They offer guidelines for organizations to systematically secure their assets, ensure compliance, and effectively respond to incidents. Here, we explore key frameworks that form the backbone of modern cybersecurity strategies.

1. CEH Ethical Hacking Framework

This framework outlines a systematic approach for ethical hackers to test and identify vulnerabilities in a system. The steps include:

Phase 1: Reconnaissance

  • Footprinting and Reconnaissance: Gathering data about the target through open-source intelligence (OSINT) and passive information gathering.
  • Scanning and Enumeration: Identifying live hosts, open ports, and services through tools like Nmap and Wireshark.

Phase 2: Vulnerability Scanning

  • Vulnerability Analysis: Scanning for misconfigurations, outdated software, and exploitable weaknesses using tools like Nessus and OpenVAS.

Phase 3: Gaining Access

  • Exploiting vulnerabilities to infiltrate systems. Techniques may include exploiting misconfigured applications or privilege escalation.

Phase 4: Maintaining Access

  • Creating backdoors and persistent threats to ensure continued control over the system for further investigation.

Phase 5: Clearing Tracks

  • Deleting logs, hiding scripts, or using anti-forensics techniques to ensure the attack is untraceable.

2. Cyber Kill Chain Methodology

The Cyber Kill Chain, developed by Lockheed Martin, maps out the stages of a cyberattack and provides a framework to disrupt adversary operations.

  1. Reconnaissance: Researching the target to gather exploitable information.
  2. Weaponization: Developing malware, exploits, or phishing kits to target specific vulnerabilities.
  3. Delivery: Transmitting the malicious payload via phishing emails, USB devices, or infected websites.
  4. Exploitation: Triggering the payload by exploiting system vulnerabilities.
  5. Installation: Placing malware or backdoors for continuous access.
  6. Command and Control (C2): Establishing communication with the attacker’s server.
  7. Actions on Objectives: Extracting data, disrupting services, or achieving the attacker’s goals.

3. MITRE ATT&CK Framework

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a globally recognized knowledge base detailing the behavior of adversaries. It is a framework globally accessible knowledge base of adversary tactics and techniques based on real-world observations

The ATT&CK Knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sectorm government and the cybersecurity product and service community.

The 14 tactic categories within ATT&CK for Enterprise are derived from the later stages of the sevens stages of Cyberkillchain

Recon -> Weaponize -> Deliver -> Exploit -> Control -> Execute -> Maintain { PRE - ATT&CK } { Enterprise ATT&CK }

4. Diamond Model of Intrusion Analysis

This model emphasizes understanding cyber intrusions by examining their key elements:

  • Adversary: The attacker or threat actor.
  • Victim: The system or organization being targeted.
  • Capability: Tools, tactics, or techniques used in the attack.
  • Infrastructure: Assets like servers, IPs, or domains leveraged by the attacker.

The Diamond Model helps in correlating attack data, understanding adversarial behavior, and predicting future actions.

5. Defense-in-Depth Framework

A Defense-in-Depth approach integrates multiple layers of security to protect assets:

  1. Policies and Awareness: Security training and compliance policies.
  2. Physical Security: Securing access to premises and hardware.
  3. Perimeter Security: Firewalls and intrusion detection systems.
  4. Network Security: Segmentation and secure configurations.
  5. Host Security: Protecting individual devices with endpoint security solutions.
  6. Application Security: Secure coding practices and penetration testing.
  7. Data Security: Encryption, backup, and access control.

This layered approach ensures that breaching one layer does not compromise the entire system.

Regulations in Information Security

Regulatory frameworks mandate organizations to adhere to specific security and privacy standards, ensuring data protection and minimizing risks. Here’s a detailed look at some pivotal regulations:

1. General Data Protection Regulation (GDPR)

  • Jurisdiction: European Union (EU), but applies globally to organizations handling EU citizens’ data.
  • Purpose: Grants individuals rights over their personal data, including the right to access, correct, and delete their information.
  • Key Features:
    • Mandatory data breach notification within 72 hours.
    • Heavy penalties for non-compliance (up to €20 million or 4% of annual global turnover).
    • Requires Data Protection Officers (DPOs) for organizations processing large-scale personal data.

2. Payment Card Industry Data Security Standard (PCI DSS)

  • Scope: Entities involved in payment card processing.
  • Key Requirements:
    • Encrypt cardholder data transmission.
    • Regularly update and patch systems.
    • Implement access control measures.
  • Benefits: Protects against card fraud and ensures secure transactions.

3. ISO/IEC Standards

  • ISO/IEC 27001:2022: Establishes an Information Security Management System (ISMS).
  • ISO/IEC 27701:2019: Extends ISMS to include Privacy Information Management (PIMS).
  • ISO/IEC 27002:2022: Best practices for implementing controls.
  • ISO/IEC 27036-3:2023: Secures supply chains for hardware, software, and services.
  • ISO/IEC 27040:2024: Guidelines for secure data storage.

4. Health Insurance Portability and Accountability Act (HIPAA)

  • Scope: Protects patient data in the healthcare industry.
  • Requirements:
    • Secure electronic health records (EHRs).
    • Regular audits and risk assessments.
    • Training employees on data protection.

5. Sarbanes-Oxley Act (SOX)

  • Purpose: Protects investors by ensuring accurate financial disclosures.
  • Cybersecurity Relevance: Emphasizes secure handling and transmission of financial data.
  • Focus: Protects intellectual property online.
  • Cybersecurity Impact: Prevents unauthorized distribution of copyrighted digital content.

7. Federal Information Security Management Act (FISMA)

  • Scope: U.S. federal agencies and contractors.
  • Requirements:
    • Conduct annual security reviews.
    • Implement risk management frameworks.

8. Information Technology (IT) Act, 2000 (India)

  • Objective: Regulates e-commerce and cybercrime.
  • Provisions:
    • Defines electronic signatures.
    • Penalizes hacking, identity theft, and other cybercrimes.

Information security is a dynamic field requiring constant vigilance, adaptability, and innovation. Whether you’re a beginner or a seasoned professional, understanding the fundamental concepts and frameworks is key to staying ahead in this ever-evolving domain. By combining traditional approaches with AI-driven advancements, we can build a resilient digital ecosystem that safeguards critical data and systems.

Hack, Learn, Repeat!



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • Create Your Own Neural Network from Scratch
  • CEH Basics - Network Scanning
  • CEH Basics - The Art of Reconnaissance
  • Understanding KNN with Malware File Prediction