• Kaushal Patel

Cybersecurity Fundamental - Cyber Kill Chain

Hello Readers ! Today I am giving you an overview of Cybersecurity Fundamentals on Defender's perspective. How to prevent the cyberattacks using cyber kill chain.


Here, I am giving you the short information which helps you for easy to remember. You can easily find the brief description over internet but here you can make an easy note to remember.


Let get started.


Cyberattack Kill Chain

-Defender's Perspective


Attack Kill Chain :-


- driven by military model

- by Lockheed Martin

- Industries-accepted Methodology


Steps:-


- Reconnaissance

- Weaponizations

- Delivery

- Exploitation

- Installation

- Command And Control

- Action On Objectives


Reconnaissance

- Honeypot

- Firewall

- Public Info


Honeypot:


- Setup inside, outside in DMZ of a firewall

- Described as,

- Production Honeypots

- Research Honeypots


Production Honeypots:


- Low-interaction pots

- Easy to deploy

- Gives less info about attacks and attackers than research Honeypots


Research Honeypots:


- Gather info about the motive and tactics of Black Hat communities

- Complex to deploy and maintain

- Capture extensive information

- Used primarily in military, large government organizations and

private organizations for research purpose


Note: Honeypots based on design criteria

- Pure Honeypots

- High-interaction Honeypots

- Low-interaction Honeypots

Basic honeypot tools, - "Pentbox" - Kali Linux


Firewalls


There are 8 - types of firewall

  1. Packet-Filtering Firewalls

  2. Circuit-Level Gateways

  3. Stateful inspection gateways Firewall

  4. Application-Level Gateways

  5. Next-Gen Firewall

  6. Software Firewall

  7. Hardware Firewall

  8. Cloud Firewall

* Last 3 are the methods of Functions delivery Firewall


Weaponization

- Patch Management

- Disabling Macros

- Anti-Virus


Patch Management:


- Exploit are used or loophole in security that haven't fixed yet

- Nearly impossible to find breach to completely patched system


Disabling Macros:


- Hacker may use office's macro function to create backdoor attacks

- Disable the macros to prevent backdoor attacks


Anti-Virus:


- Software to developed for detect viruses or removed them from systems

- It protects user and it's data from numerous attacks vectors

- Hence, sabotaging the weaponizations process


Delivery

- User Awareness

- Web Filtering

- Avoiding USB


User Awareness:


- Aware users to avoiding malicious or suspicious websites or web links

like"Phishing"


Web Filtering:


- Granted only trusted websites

- Prevent users to reaching untrusted sites or web links


Avoid USB:


- Avoid unknown USB devices will prevent. - way of delivery

- Block or monitored USB hardware and services


Exploitation

- Data Execution Prevention

- Anti - Exploit

- Endpoint Protection


DEP (Data Execution Prevention):


- It is group of hardware and software technology that prevent

additional memory check to prevent malicious codes from

running on system


Anti - Exploit:


- Additional Layer Of Security

- Blocking the techniques used by an attacker


Endpoint Protection:


- ESET (Essential Security against Evolving Threats) can be used for

both personal and Enterprise grade protection

- ESET identifies and block malware, virus, Trojans and spyware

- Provide protection against Network Threats


Installation

- Disable PowerShell

- EDR (Endpoint Detection and Response)


Disable PowerShell:


- Advance shell for automation and configuration management framework

From Microsoft.

- Such tool is very dangerous in the wrong hands


EDR (Endpoint Detection and Response):


- It detects advance, unknown and evasive threats that bypass Antivirus

- Analyst may use it to automate much of the hunting process to save time


Command and Control

- Isolating device from network

- Block Access Protocols


Isolating device from network:


- If the attacker managed to gain control over system

- Isolating the device from the network to prevent lateral movements inside

the organization


Block Access Protocols:


- Block protocols like, Netcat, Telnet, SSH, RDP


Action On Objective

- Data Loss Prevention

- User Behavior Analysis

- Network Segmentation


Data Loss Prevention:


- Basically work on CIA (Confidentiality, Integrity, Availability) tried

- Fundamentals of DLP (Data Loss Prevention)


  1. Authentication - Verification that users identify themselves correctly

  2. Access Control - only valid users are allowed

  3. Audit - Recording of all authorized actions

  4. Privacy - Users has control of information to them and how it is exposed

  5. Non-Repudiation - Users can't deny that an action actually occurred


User Behavior Analysis:


- User behavior analysis is the process of detecting of inside threats,

targeted attacks and financial fraud.


Network Segmentation:


- Splitting computer network into sub-networks

- Segmentation of an organization's network to improve security


Thanks for reading, I hope you liked this blog.

Happy Learning!!!

  • Twitter
  • Facebook
  • LinkedIn

This blog is for those who are beginner in Cyber Security . ​Please Subscribe for more update

© 2021 by CyberMetrix