Hello Readers ! Today I am giving you an overview of Cybersecurity Fundamentals on Defender's perspective. How to prevent the cyberattacks using cyber kill chain.
Here, I am giving you the short information which helps you for easy to remember. You can easily find the brief description over internet but here you can make an easy note to remember.
Let get started.
Cyberattack Kill Chain
-Defender's Perspective
Attack Kill Chain :-
- driven by military model
- by Lockheed Martin
- Industries-accepted Methodology
Steps:-
- Reconnaissance
- Weaponizations
- Delivery
- Exploitation
- Installation
- Command And Control
- Action On Objectives
Reconnaissance
- Honeypot
- Firewall
- Public Info
Honeypot:
- Setup inside, outside in DMZ of a firewall
- Described as,
- Production Honeypots
- Research Honeypots
Production Honeypots:
- Low-interaction pots
- Easy to deploy
- Gives less info about attacks and attackers than research Honeypots
Research Honeypots:
- Gather info about the motive and tactics of Black Hat communities
- Complex to deploy and maintain
- Capture extensive information
- Used primarily in military, large government organizations and
private organizations for research purpose
Note: Honeypots based on design criteria
- Pure Honeypots
- High-interaction Honeypots
- Low-interaction Honeypots
Basic honeypot tools, - "Pentbox" - Kali Linux
Firewalls
There are 8 - types of firewall
Packet-Filtering Firewalls
Circuit-Level Gateways
Stateful inspection gateways Firewall
Application-Level Gateways
Next-Gen Firewall
Software Firewall
Hardware Firewall
Cloud Firewall
* Last 3 are the methods of Functions delivery Firewall
Weaponization
- Patch Management
- Disabling Macros
- Anti-Virus
Patch Management:
- Exploit are used or loophole in security that haven't fixed yet
- Nearly impossible to find breach to completely patched system
Disabling Macros:
- Hacker may use office's macro function to create backdoor attacks
- Disable the macros to prevent backdoor attacks
Anti-Virus:
- Software to developed for detect viruses or removed them from systems
- It protects user and it's data from numerous attacks vectors
- Hence, sabotaging the weaponizations process
Delivery
- User Awareness
- Web Filtering
- Avoiding USB
User Awareness:
- Aware users to avoiding malicious or suspicious websites or web links
like"Phishing"
Web Filtering:
- Granted only trusted websites
- Prevent users to reaching untrusted sites or web links
Avoid USB:
- Avoid unknown USB devices will prevent. - way of delivery
- Block or monitored USB hardware and services
Exploitation
- Data Execution Prevention
- Anti - Exploit
- Endpoint Protection
DEP (Data Execution Prevention):
- It is group of hardware and software technology that prevent
additional memory check to prevent malicious codes from
running on system
Anti - Exploit:
- Additional Layer Of Security
- Blocking the techniques used by an attacker
Endpoint Protection:
- ESET (Essential Security against Evolving Threats) can be used for
both personal and Enterprise grade protection
- ESET identifies and block malware, virus, Trojans and spyware
- Provide protection against Network Threats
Installation
- Disable PowerShell
- EDR (Endpoint Detection and Response)
Disable PowerShell:
- Advance shell for automation and configuration management framework
From Microsoft.
- Such tool is very dangerous in the wrong hands
EDR (Endpoint Detection and Response):
- It detects advance, unknown and evasive threats that bypass Antivirus
- Analyst may use it to automate much of the hunting process to save time
Command and Control
- Isolating device from network
- Block Access Protocols
Isolating device from network:
- If the attacker managed to gain control over system
- Isolating the device from the network to prevent lateral movements inside
the organization
Block Access Protocols:
- Block protocols like, Netcat, Telnet, SSH, RDP
Action On Objective
- Data Loss Prevention
- User Behavior Analysis
- Network Segmentation
Data Loss Prevention:
- Basically work on CIA (Confidentiality, Integrity, Availability) tried
- Fundamentals of DLP (Data Loss Prevention)
Authentication - Verification that users identify themselves correctly
Access Control - only valid users are allowed
Audit - Recording of all authorized actions
Privacy - Users has control of information to them and how it is exposed
Non-Repudiation - Users can't deny that an action actually occurred
User Behavior Analysis:
- User behavior analysis is the process of detecting of inside threats,
targeted attacks and financial fraud.
Network Segmentation:
- Splitting computer network into sub-networks
- Segmentation of an organization's network to improve security
Thanks for reading, I hope you liked this blog.
Happy Learning!!!