InfoSec Notes
Quick reference guide to essential security concepts including defense in depth, least privilege, separation of duties, and security by design.
Overview
Quick reference guide to essential security concepts including defense in depth, least privilege, separation of duties, and security by design. This reference material supports both learning and practical application of information security knowledge.
Quick Reference
Essential Security Concepts
| Concept | Definition | Application |
|---|---|---|
| CIA Triad | Confidentiality, Integrity, Availability | Foundation of all security decisions |
| Least Privilege | Minimum necessary access | Access control design |
| Defense in Depth | Multiple security layers | Architecture design |
| Separation of Duties | No single person controls critical process | Prevent fraud/insider threat |
| Need to Know | Access only to required information | Data classification |
| Fail Secure | System denies access on failure | System design |
| Security by Design | Build security in from the start | SDLC integration |
Common Ports and Protocols
| Port | Protocol | Service | Security Notes |
|---|---|---|---|
| 20/21 | TCP | FTP | Insecure — use SFTP (22) |
| 22 | TCP | SSH | Secure remote access |
| 23 | TCP | Telnet | Insecure — use SSH |
| 25 | TCP | SMTP | Email transfer, often filtered |
| 53 | TCP/UDP | DNS | DNS-over-HTTPS preferred |
| 80 | TCP | HTTP | Insecure — redirect to HTTPS |
| 443 | TCP | HTTPS | Secure web traffic |
| 445 | TCP | SMB | Windows file sharing, common attack target |
| 1433 | TCP | MSSQL | Database, restrict access |
| 3306 | TCP | MySQL | Database, restrict access |
| 3389 | TCP | RDP | Remote desktop, common brute force target |
| 5432 | TCP | PostgreSQL | Database, restrict access |
| 8080 | TCP | HTTP Proxy | Alternative HTTP, often test servers |
| 8443 | TCP | HTTPS Alt | Alternative HTTPS |
Encryption Algorithm Quick Reference
| Algorithm | Type | Key Size | Status | Use For |
|---|---|---|---|---|
| AES-256-GCM | Symmetric | 256 bits | Secure | Data encryption + authentication |
| ChaCha20-Poly1305 | Symmetric | 256 bits | Secure | Mobile/IoT encryption |
| RSA-2048 | Asymmetric | 2048 bits | Minimum | Key exchange, signatures |
| ECDSA P-256 | Asymmetric | 256 bits | Secure | Digital signatures |
| X25519 | Key Exchange | 256 bits | Secure | TLS key agreement |
| SHA-256 | Hash | N/A | Secure | Integrity verification |
| Argon2id | KDF | N/A | Secure | Password hashing |
| PBKDF2 | KDF | N/A | Acceptable | Password hashing (legacy) |
Security Tools by Category
| - Nmap | Port scanning and service detection |
| - Masscan | High-speed port scanner |
| - Amass | DNS enumeration |
| - Shodan | Internet device search engine |
| - Burp Suite | Web proxy and scanner |
| - OWASP ZAP | Open source web scanner |
| - SQLMap | Automated SQL injection tool |
| - Nikto | Web server scanner |
| - Wireshark | Packet capture and analysis |
| - tcpdump | Command-line packet capture |
| - NetworkMiner | Network forensics |
| - Zeek (Bro) | Network security monitoring |
| - Metasploit | Exploitation framework |
| - Cobalt Strike | Adversary simulation |
| - Empire | Post-exploitation framework |
| - Impacket | Network protocol toolset |
| - Snort/Suricata | IDS/IPS |
| - OSSEC | Host-based IDS |
| - Elastic SIEM | Log aggregation and analysis |
| - CrowdStrike/SentinelOne | EDR platforms |
| - Autopsy | Digital forensics platform |
| - Volatility | Memory forensics |
| - FTK Imager | Disk imaging |
| - KAPE | Evidence collection |
Security Certifications Roadmap
Entry Level (0-2 years)
- CompTIA Security+ (foundational)
- CompTIA CySA+ (analyst focused)
- ISC2 CC (Certified in Cybersecurity)
Mid Level (2-5 years)
- CISSP (broad management/technical)
- CEH (ethical hacking)
- CISM (management focused)
- GCIH (incident handling)
Advanced (5+ years)
- OSCP (hands-on penetration testing)
- GXPN (advanced exploitation)
- CISA (audit focused)
- CCSP (cloud security)
Specialist
- GREM (malware reverse engineering)
- OSWE (web exploitation)
- AWS Security Specialty
- Azure Security Engineer
Attack Framework Reference (MITRE ATT&CK)
| Tactic | Description | Example Techniques |
|---|---|---|
| Initial Access | Gaining foothold | Phishing, drive-by, valid accounts |
| Execution | Running code | PowerShell, scripting, exploitation |
| Persistence | Maintaining access | Registry keys, scheduled tasks, implants |
| Privilege Escalation | Getting higher permissions | Kernel exploits, token manipulation |
| Defense Evasion | Avoiding detection | Obfuscation, disabling security tools |
| Credential Access | Stealing credentials | Mimikatz, keylogging, brute force |
| Discovery | Learning the environment | Network scanning, account enumeration |
| Lateral Movement | Moving between systems | Pass-the-hash, RDP, SSH |
| Collection | Gathering target data | Screen capture, data staging |
| Exfiltration | Stealing data | DNS tunneling, cloud storage, HTTP |
| Impact | Damaging or disrupting | Ransomware, wiper, data destruction |
Interview Questions
- What security certifications do you recommend for someone starting their career?
- Start with CompTIA Security+ for foundational knowledge, then choose based on career path: CySA+ for blue team/analysis, OSCP for penetration testing, or CISSP for management track. Supplement with hands-on labs (TryHackMe, HackTheBox).
- What security tools should every security professional know?
- Essential tools: Wireshark (packet analysis), Nmap (scanning), Burp Suite (web testing), Metasploit (exploitation understanding), a SIEM platform (log analysis), and command-line networking tools (curl, openssl, dig, netstat).
- How do you stay current with evolving security threats?
- Follow threat intelligence feeds, read vendor research blogs (Mandiant, CrowdStrike), participate in security communities (Reddit r/netsec, Twitter InfoSec), attend conferences (DEF CON, BSides), practice on CTF platforms, and subscribe to vulnerability advisories (CISA, NVD).
- Explain the MITRE ATT&CK framework and how it's used.
- ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. It's used for: threat intelligence (mapping threats), detection engineering (writing detection rules), red teaming (simulating adversaries), and gap analysis (identifying blind spots in defenses).
- What's the most important skill for an information security professional?
- Critical thinking and problem-solving ability. Technical skills are learnable, but the ability to think like an attacker, understand business context, communicate risk effectively, and adapt to new challenges is what separates good security professionals from great ones.
Summary
This reference material provides quick access to essential information security knowledge. Use it as a starting point for deeper exploration of any topic, and keep it updated as the field evolves.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Important Security Concepts Reference.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, resources, important, concepts, important security concepts reference
Related Information Security Topics