Lesson Cybersecurity Threats and Controls - Cybersecurity - ثالث ثانوي

34 Lesson 3 Cybersecurity Threats and Controls Link to digital lessor www.jens.edu.sa Cybersecurity Threats Cybersecurity threats have become an ever-present danger in our increasingly digitized world. As online activities become more commonplace and our personal data more easily accessible, it is imperative that we understand the risks associated with a range of cybersecurity issues, such as data threats, identity theft, and online tracking. Data Threats Data protection becomes crucial as more personal and sensitive information is stored digitally. Organizations must handle personal data securely and responsibly, protecting it from unauthorized access, alteration, or disclosure. Key data protection concerns include: Data Breaches Unauthorized access to or disclosure. of personal data, often due to weak security measures or human error. Data Retention The duration and manner in which personal data is stored can raise concerns if the stored data is inadequately protected. Data Sovereignty The legal implications of storing data in different countries, which can expose personal information to other privacy laws and regulations. Identity Theft Identity theft occurs when an individual's personal information is stolen and used fraudulently, often for financial gain. The digital age has made it easier for criminals to access and exploit personal data, increasing identity theft. Examples of identity theft include: Spear-Phishing Spear-phishing targets individuals or organizations with personalized messages to obtain sensitive information. The attacker uses the target's personal information to make the message appear legitimate. Spoofing Spoofing is when an attacker disguises themselves as a legitimate user in order to gain access to information. Online Tracking As people engage in various online activities, their actions are often tracked and monitored, raising concerns about privacy and surveillance. Online tracking can involve both legitimate and invasive practices, including: 2173-1485

ليم Cookies Small text files placed on a user's device by websites, which can be used to track browsing activity and preferences for legitimate purposes, such as personalizing content, but can also be used for invasive tracking. Behavioral Tracking The monitoring and analysis of an individual's online activities to create a profile of their interests, habits, and preferences, often used for targeted advertising. To address these cybersecurity threats, governments, organizations, and individuals must work together to develop and implement policies, regulations, and best practices that balance the benefits of digital technologies with the need to protect personal privacy. Cybersecurity and Access Control Access control is a fundamental defense measure in cybersecurity that aims to protect information systems and data privacy from unauthorized access and modification. Access control can also be based on different models, such as role-based, or attribute-based. Access control can help achieve various security objectives, such as authentication, authorization, and nonrepudiation. These concepts are further explained below. Role-Based Access Control (RBAC) RBAC is a method in cybersecurity that restricts system access to authorized users based on their roles within an organization. In this model, permissions to perform certain operations are assigned to specific roles, and users are assigned appropriate roles, thereby obtaining these permissions. For example, developers could have access to write and modify code in a software company. In contrast, a quality assurance tester would only have access to view and test the code but not modify it. RBAC simplifies the management and auditing of user rights, and it is less prone to errors than individually assigned permissions. Attribute-Based Access Control (ABAC) ABAC is a more flexible, fine-grained access control method that grants permissions based on attributes associated with a user, the assets they are trying to access, and the conditions under which access is being requested. These attributes can be user attributes (such as role, department, or location), resource attributes (such as data classification), and environmental attributes (such as time of day and location of access). For example, a sensitive document in a corporation may be accessible by a manager (user attribute) only if the document is tagged as belonging to their department (resource attribute) and the access is made during office hours (environmental attribute), ABAC allows for a highly dynamic and contextual access control system. Identification Identification is the means of verifying the identity of a user, process, or device, typically as a pre-requisite for granting access to resources in a system. the Identification step is usually done outside the system as a pre-step. For example, issuing a new employee with a username and password once they join an organization and the identification happens in person or via a verified way the organization establishes. 2177-1445 35

36 Authentication Authentication is the verification of the identity of a user, device, or system attempting to access resources within an organization. Strong authentication mechanisms help ensure that only legitimate users gain access to the organization's resources. Authorization Once a user, device, or system has been authenticated, the authorization process determines the level of access they should be granted. This involves assigning permissions based on predefined access policies, user roles, or group memberships. Proper authorization ensures that users can only access the resources and perform the actions they are explicitly permitted to, limiting the potential for unauthorized access or misuse of sensitive data. Nonrepudiation Nonrepudiation is a critical aspect of access control and cybersecurity, ensuring that a user cannot deny the authenticity of their actions or transactions within a system. This is particularly important in situations where the integrity of data or the validity of transactions must be maintained, such as in financial services, healthcare, or legal settings. Implementing nonrepudiation mechanisms can help prevent disputes, fraud, and unauthorized activities by providing irrefutable evidence of user actions. Principle of Least Privilege Access control systems should adhere to the principle of least privilege, which states that users should only be granted the minimum level of access necessary to perform their job functions. This limits the potential for unauthorized access or misuse of sensitive data and reduces the potential damage caused by compromised user accounts or insider threats. Need to Know Only those who have an operational need to know certain information should have access to that information. It is an important security and privacy measure because it limits the amount of data that can potentially be accessed inappropriately. This principle is used in both public and private organizations alike to ensure the safety of important assets. Layering By adding different forms of security at multiple levels, users can ensure that important data and systems are protected from unauthorized access and manipulation. This principle is a key part of information security systems because it helps to reduce the risks of a single security measure being breached. Diversification This principle recommends that organizations should implement a variety of security mechanisms to reduce risk from attack or other threats. By having different forms of security, organizations are able to identify where weaknesses and vulnerabilities may occur and respond accordingly. By diversifying the security measures implemented, organizations can minimize the risk of a single flaw leading to a breach. Obscurity The principle of obscurity is the practice of providing limited visibility to sensitive data or systems. By making them hard to find or preventing direct access to them, organizations can protect certain assets Ffrom potential attackers or intruders. 477-1445

This principle also includes hiding necessary authentication data from plain sight and is an important form of application defense for preventing unauthorized access to important information and data. Auditing and Monitoring Access control systems should include auditing and monitoring capabilities to track user activities and access attempts. By logging and reviewing access events, organizations can identify suspicious activities, detect potential security breaches, and ensure compliance with internal policies and external regulations. Cybersecurity Access Control Tools IAM Access Control Identity and Access Management (IAM) is a critical component of cybersecurity that helps organizations to manage and protect user identities and access to resources. IAM solutions are designed to provide centralized control over user identities and access to resources and automate user account provisioning and de-provisioning. Enterprise-grade IAM solutions typically include various features to help organizations manage and protect user identities and resource access. These features include: Privileged Access Management бод Authentication Authorization IAM Auditing and Reporting Access Control Directory Services Identity Management Single Sign-On (550) Figure: 110 Features of Idenary and Access Management (IAM) Authentication Including multi-factor authentication (MFA) capabilities to help protect against identity theft and unauthorized access. Authentication can begin with processes outside the system, such as issuing a new employee with a username and password once they join an organization and the identification happens in person or via verified methods established by the organization. Authorization Allowing organizations to manage resource access based on role-based access controls (RBAC) and other actr Identity Management Managing iser identities across various platforms and applications and automate the provisioning and 'de-provisioning of user accounts. 15- כלו 37

38 Single Sign-On (SSO) Accessing multiple applications and resources with a single set of credentials, simplifying the login process and reducing the risk of password-related security incidents. Directory Services Directory services provide centralized management of user identities and resource access. Auditing and Reporting Providing detailed auditing and reporting capabilities, which allow organizations to track user activity, detect suspicious activity, and meet compliance requirements. Privileged Access Management (PAM) PAM helps organizations secure, manage, and monitor privileged access to sensitive systems and data. Active Directory Example Active Directory allows administrators to create and manage user accounts, groups, and computers and control resource access based on RBAC. It also includes a built-in authentication system, which provides secure authentication for Windows-based servers and clients. Active Directory is organized into a hierarchical structure of domains, trees, and forests. A domain is a logical group of network resources, such as user accounts and computers, that share a common namespace. A tree is a group of domains that share a contiguous namespace, and a forest is a tree with a common schema. Active Directory can also be used to implement identity federation, which allows users to access resources across multiple domains or forests using a single set of credentials. This can be useful for organizations with multiple subsidiaries or that need to share resources with partners or customers. التعليم 177-1445 The domain Group Folicus Sham Lhurs Sanity Group Mobile device Workstations Figure 1:17 Active Directory structure Server>

Table 1.3: Advantages and potential issues of IAM systems Advantages IAM solutions provide centralized control over user Identities and resource access. This allows organizations to enforce security policies, such as multi-factor authentication, and to manage access to resources based on role-based access controls. IAM solutions can automate the provisioning and de-provisioning of wer accounts, reducing the risk of emors and improving the effidency of the process IAM solutions can provide detailed auditing and reporting capabilities, which allow organizations to track user activity and detect suspicious activity, helping to meet compliance requirements. IAM solucions can also provide Single Sign-On (550) capabilities, simplifying the login process and reducing the risk of password-related security incidents. Potential issues IAM solutions can be complex to implement and maintain, requiring specialized knowledge and resources. IAM solutions may require integration with existing systems and applications, which can be time-consuming and difficult. IAM solutions are typically targets for attackers, meaning they must be constantly updated and monitored to protect against new threats. IAM solutions rely heavily on accurate, up-to- dale data, which can be difficult to maintain, especially in large and complex environments. Attacking an IAM There are several ways that an attacker can attempt to attack an IAM system: Social Engineering An attacker can use social engineering techniques, such as phishing or pretexting, to trick users into revealing their credentials or to convince them to perform actions that compromise security. Brute-force attacks An attacker can use automated tools to try different combinations of usernames and passwords to guess the correct login credentials. Privilege escalation An attacker can attempt to exploit vulnerabilities in the IAM system or in other systems to gain elevated privileges and access sensitive resources. Insider threats An attacker can be someone already authenticated and has access to the system. They can use their access to steal sensitive data, disrupt the system, or use the system to launch attacks on other resources. Man-in-the-middle (MitM) attacks An attacker can intercept network communications and use them to intercept or steal sensitive information, such as login credentials. Distributed Denial of Service (DDoS) attacks An'altable can use a DDoS attack to overwhelm the IAM system and disrupt its operations, making it unable to process requests and authenticate users. 2173-1445 39

Single Sign-On (SSO) Single Sign-On (SSO) is a method of authentication that allows users to access multiple applications and resources with a single set of credentials rather than having to remember and enter separate login information for each application. This can simplify the login process for users and reduce the risk of password-related security incidents. An example of an SSO control is the Saudi Nafath portal. SSO Single Sign-On Figure 1.18 User access to multiple applications via 550 M and mont... Table 1.4: Advantages and potential issues of SSO authentication Advantages SSO can make it easier for users to access the resources they need, as they only need to remember one set of login credentials. SSO can reduce the reck of password-related security incidents, such as password reuse and phishing attacks as users only tread to remember one password SSO can help organizations to comply with Potential issues SSO relles en a central authentication server. If this server becomes unavallable, users cannot access the necessary resources. $50 can be complex to implement and maintain. requiring specialized knowledge and resources. SSO can create a higher security risk, as an attacker regulatory requirements for password who compromises a user's credentials can gain access managempa sers only need to remember depassword. to multiple resources. وزارة التعليم 1173-1469 40

Assessing and Identifying Vulnerabilities of Systems There are various cybersecurity strategies and techniques to assess and identify the vulnerabilities and weaknesses of information systems. Two of the most prominent are Vulnerability Assessment (VA) and Penetration Testing (PT). VA and PT are essential cybersecurity practices that help organizations assess and identify vulnerabilities and weaknesses in their systems. These proactive measures allow organizations to address potential security risks before malicious actors can exploit them. The following is an explanation of these strategies. Vulnerability Assessment (VA) A vulnerability assessment systematically identifies, analyzes, and prioritizes vulnerabilities in an organization's systems, applications, or networks. The goal of a VA is to discover weaknesses that could be exploited by attackers and provide insights into potential attack vectors. Key aspects of a vulnerability assessment include: Scanning Using automated tools or manual techniques, vulnerability scanners inspect systems and applications for known vulnerabilities or misconfigurations. Reporting After scanning, a detailed report is generated, listing identified vulnerabilities, their severity, and potential impact on the organization. Prioritization Vulnerabilities are ranked based on their severity and potential impact, helping organizations prioritize their remediation efforts. Remediation Organizations use the findings from the vulnerability assessment to address and fix the identified vulnerabilities, often through patching, configuration changes, or other security improvements. Penetration Testing (PT) Penetration testing, or ethical hacking, is a more in-depth and targeted assessment of an organization's security posture. It involves simulating real-world attacks to test the effectiveness of security controls and identify exploitable vulnerabilities. PT aims to uncover weaknesses that automated vulnerability scans may not detect and to evaluate the organization's overall defense capabilities. Key aspects of penetration testing include: Planning and Scope A clear plan and scope for the penetration test are established, including objectives, target systems, and testing boundaries. The penetration tester gathers information about the target systems and environment to identify potential vulnerabilities and attack vectors. وزارة التعليم 2177-1445 41

Exploitation The tester attempts to exploit identified vulnerabilities, simulating the actions of a real attacker to gain unauthorized access, escalate privileges, or compromise sensitive data. Reporting After the test, a detailed report is generated, outlining the vulnerabilities discovered, successful exploits, and recommendations for remediation. Cybersecurity and Ethical Hacking Ethical hackers or white-hat hackers, use techniques and tools to identify vulnerabilities and weaknesses in an organization's systems, networks, or applications. The primary difference between ethical hacking and malicious hacking is the intent behind the actions and the permission granted by the target organization. Ethical hackers work within legal and moral boundaries to help organizations improve their security posture, whereas malicious hackers aim to exploit vulnerabilities for personal gain or malicious purposes. It is important to strike a balance when discussing ethical hacking, as the term can be misunderstood or misused. While ethical hacking plays a crucial role in identifying vulnerabilities, it should not be encouraged as a free-for-all activity, nor should it be confused with the illegal practices of traditional hackers. The following points highlight the critical aspects of maintaining a balanced view of ethical hacking: Permission and Authorization Working with the explicit permission of the organization they are testing. They should have a clear agreement outlining their activities' scope, objectives, and boundaries. Legal and Regulatory Compliance Complying with relevant laws, regulations, and industry standards. This ensures that the activities are within legal and ethical boundaries and helps to avoid potential legal issues or unintended consequences. Professionalism and Responsibility Adhering to a strict code of conduct and demonstrate professionalism. They must be accountable for their actions and take care not to cause any harm to the systems they are testing. Disclosure and Remediation Upon discovering vulnerabilities, ethical hackers should promptly report their findings to the target organization and provide recommendations for remediation. This collaborative approach helps to address security issues effectively while maintaining trust between the ethical hacker and the organization. Education and Certification Encouraging the pursuit of ethical hacking education and certifications, helps to establish a clear understanding of the ethical and professional standards that should be maintained. In conclusion, security professionals play a vital role in identifying cybersecurity vulnerabilities and helping organizations to improve their security posture. However, it is essential to maintain a balanced perspective on the practice to ensure that it remains within ethical and legal boundaries and to discourage any potential misuse of the term or the skills involved. وزارة التعليم 2177-1445 42

Table 1.5: Main activities performed by security professionals Activity Penetration Testing Vulnerability Assessments Security Audits Social Engineering Assessments Wireless Netwerk Assessments Web Application Testing Description Executing penetration tests to simulate attacks on an organization's systems, networks, or applications This helps to identify exploitable vulnerabilities and assess the effectiveness of existing security controls. Performing vulnerability assessments by scanning systems and applications for known vulnerabilites, misconfigurations, or weaknesses. They then provide a detailed report of their findings and prioritize the vulnerabilities for remediation. Conducting comprehensive security audits of an organization's infrastructure, policles, and procedures to evaluate their overall security posture and identify areas for improvement. Conducting social engineering assessments to evallate an organization's susceptibility to human-based attacks, such as phishing, pretailing, or physical security breaches. They can also provide recommendations for improving employee security awareness and training. Assessing the security of an organization's wireless networks, including WI-FI and Bluetooth, to identify vulnerabilities, weak encryption, or misconfigurations that attackers could exploit.. Testing web applications for vulnerabilities such as SQL injection, cross- site scripting, or authentication bypasse, helping organizations to secure their online services and protect sensitive data. Red Team Exercises Secure Code Review Security Training and Participating in red team exercises, acting as attackers in a simulated scenario to test an organization's incident response capabilities, security defenses, and overall resilience. Reviewing an organization's software code for potential security flaws or vulnerabilities, providing recommendations for Improving code security and reducing the risk of exploitation. Helping organizations develop and deliver security training programs, sharing their expertise and knowledge to educate employees on cybersecurity best practices and common attack techniques. Awareness وزارة التعليم 2173-1445

44 Exercises Read the sentences and tick True or False. 1. Spear-phising attacks are distributed attacks sent to masses of people. 2. Cookies are small text files placed on a user's device by websites to track browsing activity, 3. Behavioral tracking is used exclusively for security purposes and not for targeted advertising. 4. Access control is not important for protecting information systems and data privacy from unauthorized access and modification. 5. The principle of least privilege states that users should be granted the maximum level of access necessary to perform their job functions. 6. Access control models, such as ABAC and RBAC are responsible for enforcing security policies and managing user access within an organization. 7. Ethical hacking is identical to malicious hacking in terms of intent and permission. 8. Ethical hackers should always work with the explicit permission of the organization they are testing. 9 Disclosure and remediation are essential aspects of ethical hacking to maintain trust and address security issues effectively. 10. Social engineering assessments by white-hat hackers evaluate an organization's susceptibility to human-based attacks. True False 2 Analyze the role of data protection in addressing data threat issues in the digital age. What are the key data protection concerns? وزارة التعليم

Evaluate the use of cookies in online tracking How can cookies both enhance user experience and raise privacy concerns? Analyze the significance of nonrepudiation in access centrol and cybersecurity. وزارة التعليم

5 Evaluate the principle of least privilege and its impact on access control. How does adhering to this principle reduce security risks within an organizatien? 6 Describe the role of ethical hacking in maintaining a strong cybersecurity posture. How does ethical hacking contribute to the overall security of an organization? وزارة التعليم JE

7 Outline the roles of professionalism and responsibility in ethical hacking. Evaluate the role of white hat hackers in conducting security audits and red team exercises. مرارة العليم