Introduction to Cyber Security

This is a recent update to this course done in September 2022.

What is cyber really? Here we look at the definition of cyber security and how it has evolved into what we now understand as cyber security.

Many security companies talk about APT (Advanced Persistent Threats) and cyber threats, here we take a look at what cyber threats are in order to understand what makes a threat a cyber threat.

Many types of attacks that target other nations also tend to be discovered after some time. This technology unfortunately tends to find its way into criminals malware and attacks. This lecture looks at the ramifications of cyber warfare and espionage and how these attacks or technologies are reverse engineered into the next cyber crime attacks that people and businesses have to deal with.

You may have heard of the "Onion" or defense in depth, here we talk about creating layers of security that protect assets. Depending on the layers, we have certain policies, technology and teams making sure that attacks do not reach the next layer in a business or institution.

Since technology has advanced, we have also seen an increase in the business side of things adapt more technology into it. Today, the internet hosts so many businesses that are interconnected throughout the world. The internet and the underlying technology has created its own economy. Some of the more recent areas include Bitcoin as a currency but certainly also includes eCommerce and eBusiness.

Although everyone "seems" to know what hacking is, reality tells a different story. There are big differences between hacking, hackers and the criminals that many erroniously refer to as "hackers" when in fact they are crackers.

The United Nations Inter-regional Crime Research Institute started a project that sought to put different types of hackers into profiles. This lecture looks at what they did and the results of some of those "profiles".

Incident response is a core process or procedure that is referenced in many different standards such as Cobit and ITIL. In cyber security this is even more important as attacks as well as situations that happen within a company or institution can be attacks. Incident response helps the security team or organization quickly stop the attack from going further and also collects data on what happened so that vulnerabilities can be closed.

In order to protect valuable things such as data, we need to first list what "assets" we have and then analyize what threats they face. Risk management is focused on managing the risks toward those assets in an organization.

This has only recently been an area within cyber security that has evolved as a result of attacks on water works, sewage and power plants. Critical infrastructure is the term for all services and structures that if attacked would result in catastrophic lose of life and damages to civilians or a given population.

Everyone works with information in some form or another. When we send and receive or work with information, a third party could be interested in it and will try to get it. One way to protect data is by using tools that encrypt it and enable safer handling or transportation. Encryption should be a standard component in any organization and its security policy.

This is an update to the encryption lecture with more information and practical implications of using encryption for 2022.

Awareness simply put means being aware of something, whether a threat, risk or anything else. When we know about something, its easier to recognize and stop.

The internet was never created as a secure system or protocol. As more countries and businesses depend on the internet to do business, so does its importance as an economic factor. When attacks happen, questions arise as to who owns the internet and who is responsible for attacking it. In today´s age, hiding behind Proxy servers can also hide the true identity of an attackers origin.

As with many things in security or technology, humans are usually the weakest link. The human factor discusses how our "humanity" enables attackers to use human nature (aka social engineering) to obtain access and information that is otherwise confidential or secret.

Social Engineering is a big attack vector that targets human nature to get access or to make people do things that are not allowed or are not correct. These attacks are so dangerous because they are almost always successful without the proper security awareness.

This refers to the strategy of using different components for defensive and offensive purposes. Most nations have either drafted or have a cyber space or cyber strategy that details what mechanisms and proposed laws apply when attacked and what rights and rules are to be followed in defending or attacking other targets.

A concept that was created in 2011by the Lockheed Martin Computer Incident Response Team. This concept basiclly discusses how APTs (Advanced Persistent Threats) are not or poorly detected by static technology.

Here we take a look at how computer or cyber technology is changing how nations engage in combat. Tomorow´s wars will be fought with computers, viruses, botnets and other computing technology.

Spy technology (just like warfare) has evolved to include computers, electronics and software into the intelligence spectrum that has evolving technical capabilities to "intercept" any and all data the flows through the internet and its systems.

The use of cyber threats for organized crime and stealing data, secrets as well as information which are then sold to the highest bidder. The lines between crime and espionage are becoming harder to distinguish today. Other areas that are included in cyber crime are stealing private data, passwords, credit cards and whole identities.

The use of computer technology and components of "traditional" IT Security for defensive purposes. This area also concentrates on protecting critical infrastructure from attacks as well as using newer methods of sandboxing and other technologies to detect and catagorize APTs and other cyber attacks.

The proactive use of attack technologies including malware, botnets DDOS and other malicous weapons to attack another company, attacker or nation-state.

Cyber Units are specially trained teams that deal with cyber threats such as war, espionage and even crime to a company or nation. When part of national security, these teams typically include components of defense as well as offense. In recent years most nations have worked on building these advanced types of military or national security technical teams.

Network based systems that analyze traffic to and from systems and block attacks as defined in a rule set.

This is an update to the original Firewall Video with additional context missing from the previous video.

We also go into types of firewalls and the pros and cons of each.

Integrating Firewalls and Defense-in-Depth

Lastly, we look at NIST 800-41 and ISO27001 recommendations and best practices for implementing firewalls.

A network alerting system that detects intrusion attempts to company or institution's resources.Newer versions integrate multiple functions such as SIEM, IDS and IPS in one platform.

A network based attack deterance system that resets TCP/IP connections or attempts to drop malicious attacks on infrastructure or systems.

Refers to collecting of intellience from open sources as opposed to closed sources (aka spying, human intelligence, etc.).

Systems collect data about what is going on in a network or systems. A challenge with dynamic and evolving threats is how to use information that we collect to help understand, detect and deter attacks either before they happen or as they are happening. Many systems today just collect too much information and the question arrises very quickly as to the value of that information if it can not be used.

Here we focus on explaining some of those systems that install agents that monitor the status and capture alerts and information of servers and critical services.

This lecture introduces another part of our "Proactive Security Team Methodology" and uses the same skills as hackers do. Malware analysis and reverse engineering looks at malware, its components and how to analyze and reverse engineer it.

This lecture introduces Vulnerability Management, its process as well as how to use it to defend against cyber attacks.

Successful security teams today and in the future must be just as dynamic and innovative as the attacks they face in cyber space. Teams that adopt a "proactive" stance in that they also learn how to "hack" their own systems, tend to be more secure than those teams that depend on more static and traditional approaches to security.

There are many different aspects to cyber security, tools and protection of data. Home users are in some cases more vulnerable than in enterprise or institutional networks because of the added risks involved if not using VPN and more elaborate network security technology in larger more complex networks.

Corporations and Businesses will have to face new threats that consistently push the boundaries of existing security technology and solutions. The dynamic and persistent nature of tomorrow´s cyber threats are changing the needs of security and methods to protect against corporate espionage and cyber crime.

The central network brain of an organization or institution that monitors the operational status of complex networks. Although tasked with watching over the network components, they also integrate with other functions such as incident management and rapid response teams.

Simular to the NOC, the Security Operations Center monitors the overall security of an enterprise or institution. Some areas that are included here are Threat Intelligence, Governance and Data Security.

A review of cyber security and what the future holds in regards to threats and defense within the context of this course.

Presentation to this training.

Handbook to this training.

This research case focuses on an example of how a BotNet can be used to monitor, infect and influence Social Media.

Recent cases of implanted backdoor technology focused on implanting boot-kits in Macs and other UEFI systems that keep systems insecure and monitored by spies or attackers (in some instances) from a distance.

Some cases in the past revolved around spyware installed on clients known as FinFisher and Hacking Team. These software suites installed via vulnerabilities and exploits that captured screenshots and circumvented authentication in order to monitor journalists, political dissidents as well as terrorists. One could argue that there needs to be methods to capture terrorist activity in order to protect nations, but there are also ramifications when these tools get into the wrong hands.

By now you certainly have heard of SCADA the malware / virus / worm that infected Nucelar Powerplants in Iran. Research from security companies found this nasty piece of work that broke centrifuges in the plants that were used for Uranium enrichment. This was the first example of a cyber war weapon that actually caused physical damage.

Liturature and discussion on 2FA and Authentication

This Exam tests that you know the basics, all exams are yes or no questions. If you read and know the course, passing is a piece of cake. Enjoy the process!

This tests your knowledge of Cyber Components, all exams here are yes or no. Enjoy the process!

This is the last part of the exams for this course, I promise.....would these eyes lie. ;-)

This chapter deals with the proactive security team and how defensive and offensive technology can be used together with an approach to protect the layers and also defend the organization.

The security "onion" has different layers. Each layer has certain mechanisms and a central strategy and processes that help defend against attacks reaching the next layer. Here we go through what types to tools protect the layers.

PTES is a stanard for Penetration Testing that also has a method to its madness. Many pen tests are just point, click and report. GUI or scanners are not pen testing so we will go through the standard and some of the examples.

This section discusses the Exploitation, Post Exploitation and Reporting phases of the PTES or Penetration Testing Execution Standard.

When looking at defense of networks, secure designs and architecture are very important elements of any strategy. When we invest time in the correct placement of network devices, segmentation and access control mechanisms and security, we can only improve the overall security posture. Firewalls, switches, routers, 2 and 3 layer network switching engine configurations such as from Cisco, HP, Juniper, etc. are a key aspect of good network design.

Inspecting network traffic and analyzing what is in packets is always a must for any NOC/SOC team member. Wireshark, TCP/IP dumps are standard components of a hacker, cracker and network or cyber security techie's arsenal.

We all know BackTrack which was the pen testers toolkit based on Ubuntu Linux. Since its inception, many new tools have come out and give us options to hack and test how secure we are. Kali Linux is a standard pen testing swiss knife Linux distro with many tools already installed and waiting to go.

After looking at Kali, we also look at community based versions of other scanners that help red and blue teams secure some aspects of the network through penetration testing. As with all GUI and scanners, manual validation is always needed to verify . We will take a brief look at Metasplot (in Kali Linux) and Nessus.

Looking at web applications has grown in popularity among crackers and hackers. Many successful attacks go back to older vulnerabilities and errors in design such as simple authentication, no filtering that detects and blocks SQL Injection, etc. Web scanners are an easy and fast way to do very simple tests to figure out how easy it is to break into and pwn web applications.

Black Arch Linux is another awesome Pen Testing and Network Audit virtual machine that allows you to do many things that Kali can but needs less resources and a bit more skills since you can install single packages.

This lecture takes a look at the free or open source based HIDS / NIDS and SIEM solutions out there from OSSEC, Snort, SGUIL (network) and Squert on a Xubuntu based Linux distribution called Security Onion. This VM is a more complex than Kali and even BlackArch in that you need to understand the concept of Snort and OSSEC before collecting intrusion information and configuring alerts and rules that trigger events on the dashboards.

This talk from Hamburg Sides in 2016 focused on research I did on open source mathematics and using data to classify real from botnet users on twitter. This talk starts with the math then goes on into details about using python scripts and lastly other solutions to help with detecting real social media users from botnet based automated propaganda slingers. 

This session gives some updates to older material like NIST's ATT@CK Framework, APT Groups, Social Media and Hybrid Cyber Warfare into the Introduction course without needed an additional course. We also talk about the 3 companion books on Blockchain and Crypto, Social Media Cyber Defense as well as Cyber Defense in 2021.