Buffl
Buffl
Safety & Cyber-Security

Cyber-Security

AH
von Adrian H.

What is Cyber-security?

Acceptable risk for the severity of all consequences of an attack originatign from computers as the target or enabler

What is the CIA Triad?

Three goals of cyber security:

  • Confidentiality

    • Protection against unauthorized access

    • Encryption, Access Control

  • Integrity

    • Protection of accuracy, consistency and trustworthiness

    • Signing, hashing, validation, version control

  • Availability

    • Ensuring timely and reliable access

    • Load balancing, Backups, Redundancy


What is an adversary?

Individual, group, organization or government that conducts or has the intent to conduct detrimental activities.

What is an attack?

Any kind of malicious activity that attempts to collect, disrupt, deny, degrade or destroy information or system ressources

What is a countermeasure?

A tool or method designed to reduce or stop harmful actions or threats

  • Partitioning

  • Security domains

  • Access and User control

  • Development assurance

  • Cryptography

  • Continued assessment and update


What is risk?

The chance of harm or loss from a pontential problem, based on Severity and likelihood

What is an asset?

Important element or ressource in a system

  • Data

  • Software/Hardware

  • Personell


What is a threat?

Potential danger or possible harmful event

  • Phishing

  • Malware

  • Spam

  • Insiders

  • Botnet

Sources:

  • Nation states

  • Terrorists

  • Criminals

  • Insiders


What is a vulnerability?

Weakness in a system, security procedures, controls or implementation, that could be exploited by adversary

What is a Security Assessment?

Structured approach to judge cyber security of a system.

  • Identify assets

  • Enumerate threat scenarios

  • Determine impact and likelihood

  • Quantify and judge risk

  • Countermeasures


How could attacks be classified?

Active

  • alter

  • destroy

  • compromise

Passive

  • eavesdropping

  • monitoring


What are secure design principles?

Examples?

Design principles that inherently boost security

  • Defense in depth (independence, layering)

  • Integrity of software updates

  • Continued airworthiness

  • Simplicity

  • Detection and restoration

  • Minimize external interfaces

  • Disable all unused interfaces

  • Error handling

  • Least priviledge

  • Controlled access


What are possible attack surfaces?

  • Network (Ports, Protocols)

  • Application (User input, APIs)

  • Physical (Buildings, server rooms, devices)

  • Human (Phishing)

  • IoT and embedded systems (Firmware, protocols)

  • Cloud (Config, APIs)


What is the DREAD model and what is it used for?

Modeling and analyzing threat scenarios:


What is the STRIDE model?

Enumeration of threats for analysis:


What is an attack tree

Diagram that depicts attacks with all neccessary or possible steps

Equivalent to fault tree

What is a risk matrix

Tabularized diagramm mapping scenarios on a Likelihood-Severity grid.

Risk can be deducted

What is encryption?

Encoding information such that it is not readable as is and is only readable by owners of a key or with great effort.


Symmetric:

  • Encryption and decryption with the same shared key

  • Encryption and decryption only by owners of key

Asymmetric:

  • Encryption by everyone with public key

  • Decryption only by owner of private key


What are some encryption methods?

Rivest-Shamir-Adleman (RSA)

  • Public Key encryption based on Prime factorization

Data Encryption Standard (DES)

Advanced Encryption Standard (AES)


What is hashing?

  • Mapping of any input to a fixed length output

  • Modification of input changes hash significantly

    —> Proof of tampering

  • Non reversible

Use cases:

  • Storing passwords

  • Data integrity

  • Signatures


How can be encryption algorithms be attacked?

  • Mathematical attack

  • Brute force

  • Timing attack

  • Chosen Cyphertext


What are some examples for network security?

  • Sandboxing

  • Firewalls and segmentation

  • Intrusion detection

  • Access Control


Why is cyber-security becoming increasingly important in aviation?

  • Increased number of attacks

  • More complex systems

  • More integrated and connected systems


What is a threat condition?

Conditions of the A/C which are not caused by errors or failures

Conditions that are a combination of independent failure conditions (dependent due to threat)

What is a threat scenario?

Combination of threat, attack and confition:

  • Threat source

  • Attack vector

  • Attack path

  • Possible mitigations

  • Threat conditions as effect of the attack


How are security measures classified based on their effect?

  • Deterrent

  • Preventive

  • Detective

  • Corrective

  • Restorative


What is incident response?

Coordinated activities to:

  • identify, analyze

  • contain

  • remediate

  • recover

  • learn

from incidents.


What phases are important for Incident response?

  • Preparation (Training of Staff, implementing tools, backups)

  • Identification

  • Containment

  • Eradication

  • recovery

  • Lessons Learned

  • Ongoing improvement


What are some examples of IR tools

  • Vulnerability scanners

  • Threat intelligence

  • Intrusion detection

  • Digital forensics


Use cases of AI in cyber-security?

  • Monitoring

  • Predictive maintenance

  • Vulnerabiliyt assessment


Use cases of Blockchain in cyber-security?

  • Immutability and Data Integrity

  • Digital identities


Name the principles of zero trust

  • The network is a dangerous environment all the time

  • There are external and internal threats in the network

  • The location of the network is not enough to ensure credibility

  • All devices, users and traffic should be authenticated and authorized

  • Security policies must be dynamic ad calculated based on as many data sources as possible


Beitreten
Vorschau

Author

Adrian H.

Informationen

Zuletzt geändert

Kurs melden
© 2023 Buffl GmbH