Add content to Cyber security roadmap (#6978)
* 57 topics copy * 28 topics * Update iaas@1nPifNUm-udLChIqLC_uK.md * 18 topics * adding links to 20 topics * links added to 44 topics * links added to 67 topics * completed roadmap, no empty topics remain * mesh topic links * last 5 topics --------- Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com>pull/7043/head
dsh
4 months ago
committed by
GitHub
parent
7cf4618634
commit
ee143d8b6c
143 changed files with 681 additions and 3187 deletions
@ -0,0 +1,8 @@ |
||||
# ACL |
||||
|
||||
An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/) |
||||
- [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w) |
||||
@ -1,39 +1,8 @@ |
||||
# ACLs |
||||
|
||||
Access Control Lists (ACLs) act as an essential part of an organization's security infrastructure by helping to manage access rights to resources and maintain security between users, groups, and systems. |
||||
An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems. |
||||
|
||||
In this section, we will discuss the following: |
||||
Learn more from the following resources: |
||||
|
||||
- What are Access Control Lists |
||||
- Types of ACLs |
||||
- How to implement and administer ACLs |
||||
|
||||
## What are Access Control Lists |
||||
|
||||
Access Control Lists are rule sets that define which user, group, or system has access to specific resources and determine what type of access they have (e.g., read or write). ACLs act as a barrier to prevent unauthorized access to sensitive data and systems; this can help maintain confidentiality, integrity, and availability of your organization's critical assets. |
||||
|
||||
## Types of ACLs |
||||
|
||||
There are two primary types of ACLs: Discretionary and Mandatory. |
||||
|
||||
- **Discretionary Access Control Lists (DACLs)** |
||||
DACLs allow the owner of a resource to determine who can gain access to the resource, and the level of access they can have. For example, a user or a group of users may have read access rights to a particular file, whereas another group may have full control over the file. |
||||
|
||||
- **Mandatory Access Control Lists (MACLs)** |
||||
MACLs rely on predefined security labels or classifications to enforce access control. In this case, resources are assigned security labels, and users or systems are given security clearances. Access is granted only if the user's security clearance level matches the resource label. |
||||
|
||||
## Implementing and Administering ACLs |
||||
|
||||
Here are some best practices you can follow when implementing and administering Access Control Lists: |
||||
|
||||
- **Define clear access policies**: Establish clear rules and guidelines for accessing resources, such as who can access specific resources and what type of access they can have. |
||||
|
||||
- **Use Role-Based Access Control (RBAC)**: Assign permissions to roles instead of individual users. This will help simplify the ACL management process. |
||||
|
||||
- **Regular audits and reviews**: Periodically review and update the ACLs to ensure that access permissions are aligned with business requirements and security policies. |
||||
|
||||
- **Apply the principle of least privilege**: Grant users the minimum privileges they need to perform their tasks. |
||||
|
||||
- **Maintain a change management process**: Document all changes to ACLs, including the date of change, the reason for the change, and the individual responsible for executing the change. |
||||
|
||||
Remember that a well-implemented and maintained ACL system can significantly reduce the risks associated with unauthorized access to your organization's critical assets. |
||||
- [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/) |
||||
- [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w) |
||||
@ -0,0 +1,8 @@ |
||||
# Anti-malware |
||||
|
||||
Anti-malware is a type of software designed to detect, prevent, and remove malicious software, such as viruses, worms, trojans, ransomware, and spyware, from computer systems. By continuously scanning files, applications, and incoming data, anti-malware solutions protect devices from a wide range of threats that can compromise system integrity, steal sensitive information, or disrupt operations. Advanced anti-malware programs utilize real-time monitoring, heuristic analysis, and behavioral detection techniques to identify and neutralize both known and emerging threats, ensuring that systems remain secure against evolving cyber attacks. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@video@How Does Antivirus and Antimalware Software Work?](https://www.youtube.com/watch?v=bTU1jbVXlmM) |
||||
- [@article@What is antimalware?](https://riskxchange.co/1006974/cybersecurity-what-is-anti-malware/) |
||||
@ -0,0 +1,8 @@ |
||||
# Antivirus |
||||
|
||||
Antivirus software is a specialized program designed to detect, prevent, and remove malicious software, such as viruses, worms, and trojans, from computer systems. It works by scanning files and programs for known malware signatures, monitoring system behavior for suspicious activity, and providing real-time protection against potential threats. Regular updates are essential for antivirus software to recognize and defend against the latest threats. While it is a critical component of cybersecurity, antivirus solutions are often part of a broader security strategy that includes firewalls, anti-malware tools, and user education to protect against a wide range of cyber threats. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@video@What is an antivirus and how does it keep us safe?](https://www.youtube.com/watch?v=jW626WMWNAE) |
||||
- [@article@What is antivirus software?](https://www.webroot.com/gb/en/resources/tips-articles/what-is-anti-virus-software) |
||||
@ -0,0 +1,8 @@ |
||||
# ANY.RUN |
||||
|
||||
ANY.RUN is an interactive online malware analysis platform that allows users to safely execute and analyze suspicious files and URLs in a controlled, virtualized environment. This sandbox service provides real-time insights into the behavior of potentially malicious software, such as how it interacts with the system, what files it modifies, and what network connections it attempts to make. Users can observe and control the analysis process, making it a valuable tool for cybersecurity professionals to identify and understand new threats, assess their impact, and develop appropriate countermeasures. ANY.RUN is particularly useful for dynamic analysis, enabling a deeper understanding of malware behavior in real-time. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@official@ANY.RUN Website](https://any.run/) |
||||
- [@video@Malware analysis with ANY.RUN](https://www.youtube.com/watch?v=QH_u7DHKzzI) |
||||
@ -1,32 +1,12 @@ |
||||
# arp |
||||
# ARP |
||||
|
||||
ARP is a crucial network protocol used to map IP addresses to their corresponding MAC (Media Access Control) addresses. This mapping is crucial, as devices on a network use MAC addresses to communicate with one another. As IP addresses are easier to remember and utilize for humans, ARP helps in converting these logical addresses to physical addresses that devices can understand. |
||||
ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. |
||||
|
||||
## Why ARP is important |
||||
When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. |
||||
|
||||
In a network, when a device wants to send data to another device, it needs to know the recipient's MAC address. If the sender only knows the IP address, it can use ARP to determine the corresponding MAC address. The mapping is stored in the device's ARP cache, which holds a record of both the IP and MAC addresses. This allows devices to quickly identify and communicate with others on the network. |
||||
The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address. |
||||
|
||||
## ARP Request and Reply |
||||
Learn more from the following resources: |
||||
|
||||
Here are the basic steps involved in the ARP process: |
||||
|
||||
- The sender creates an ARP request packet with its own IP and MAC addresses, and the recipient's IP address. The packet is broadcast to all devices on the local network. |
||||
- Each device on the network receives the ARP request, checks if the IP address is its own, and replies to the sender as needed. |
||||
- The sender receives the ARP reply containing the recipient's MAC address and updates its ARP cache with the new information. |
||||
- Finally, the sender uses the MAC address to transmit data packets to the intended recipient. |
||||
|
||||
## Troubleshooting with ARP |
||||
|
||||
If you're having issues with network communication or want to investigate your network, the ARP table can be a helpful tool. You can view your device's ARP cache using commands specific to your operating system: |
||||
|
||||
- **Windows**: Open Command Prompt and type `arp -a` |
||||
- **Linux**: Open Terminal and type `arp` |
||||
- **macOS**: Open Terminal and type `arp -a` |
||||
|
||||
The output will display the IP and MAC addresses of devices on the network that the system has interacted with. |
||||
|
||||
## ARP Spoofing and Security Concerns |
||||
|
||||
As crucial as ARP is, it can be exploited by attackers for malicious purposes. ARP spoofing, also known as ARP poisoning, is a form of cyberattack in which an attacker sends fake ARP requests to a network to link their MAC address with an IP address that legitimately belongs to another device. This enables the attacker to intercept and manipulate network traffic or launch denial-of-service (DoS) attacks. |
||||
|
||||
To mitigate ARP spoofing, consider implementing security measures such as monitoring ARP traffic, using a static ARP table, or employing security solutions like intrusion detection and prevention systems. Additionally, maintaining a secure and up-to-date network infrastructure can help reduce potential vulnerabilities. |
||||
- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio) |
||||
- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp) |
||||
@ -1,41 +1,9 @@ |
||||
# Bash |
||||
|
||||
Bash (**B**ourne **A**gain **Sh**ell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL). |
||||
Bash (Bourne Again Shell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL). |
||||
|
||||
## Bash Scripting |
||||
Learn more from the following resources: |
||||
|
||||
Bash scripting is an essential skill for anyone engaged in cyber security. It allows you to automate simple tasks, monitor system activities, and manage multiple files and directories with ease. With Bash scripts, you can develop tools, automate repetitive tasks, or even develop security testing tools. |
||||
|
||||
## Key Features |
||||
|
||||
- **Variables**: Variables can store data in the form of strings or numbers, which can be used and manipulated throughout your script. |
||||
|
||||
- **Control Structures**: Bash supports loops (`for`, `while`) and conditional statements (`if`, `case`) to build more robust scripts with decision-making capabilities. |
||||
|
||||
- **Functions**: Create reusable code blocks that can be called with specified parameters, making your script more modular and easier to maintain. |
||||
|
||||
- **User Input**: Bash scripts allow you to interact with the user by accepting input or choosing options. |
||||
|
||||
- **File Management**: Create, modify, or analyze files using built-in commands such as `ls`, `cp`, `mkdir`, and `grep`. |
||||
|
||||
## Learning Bash |
||||
|
||||
As a cyber security expert, having a strong foundation in Bash can save you time and help you better understand the inner workings of a system. Invest time in learning Bash essentials, such as basic commands, file manipulation, scripting, and processing text data. |
||||
|
||||
- Basic Commands: Start by learning some of the most commonly used Bash commands: `cd`, `mv`, `cp`, `rm`, `grep`, `find`, `sort`, etc. |
||||
|
||||
- File and Directory Management: Explore the use of commands, like `mkdir`, `rmdir`, `touch`, `chmod`, `chown`, and `ln`, to create, modify, and delete files and directories. |
||||
|
||||
- Text Processing: Learn to use commands like `cat`, `less`, `head`, `tail`, and `awk` to analyze and manipulate text data. |
||||
|
||||
- Scripting: Start by understanding the syntax and structure of Bash scripts, and learn how to create, debug, and execute scripts. |
||||
|
||||
Some resources to begin your journey with Bash are: |
||||
|
||||
- [@article@GNU Bash Manual](https://www.gnu.org/software/bash/manual/bash.html): A comprehensive guide to Bash, provided by the GNU project. |
||||
- [@article@Bash Beginner's Guide](http://www.tldp.org/LDP/Bash-Beginners-Guide/html/): A beginner-friendly guide that covers the basics of Bash scripting. |
||||
- [@official@Bash Academy](https://www.bash.academy/): An interactive platform to start learning Bash from scratch. |
||||
- [@article@Learn Shell](https://www.learnshell.org/): An online resource with tutorials and exercises to help you practice your Bash skills. |
||||
- [@feed@Explore top posts about Bash](https://app.daily.dev/tags/bash?ref=roadmapsh) |
||||
|
||||
Bash scripting is a versatile tool in the cybersecurity toolkit, and mastering it will provide you with greater control over the systems you protect. |
||||
- [@video@Bash in 100 Seconds](https://www.youtube.com/watch?v=I4EWvMFj37g) |
||||
- [@course@Beginners Guide To The Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag) |
||||
- [@course@Start learning bash](https://linuxhandbook.com/bash/) |
||||
|
||||
@ -1,39 +1,12 @@ |
||||
# Basics and Concepts of Threat Hunting |
||||
|
||||
Threat hunting is the proactive process of identifying and mitigating potential threats and vulnerabilities within a network, before they can be exploited by an attacker. To perform effective threat hunting, security professionals must use their knowledge, skills, and the latest threat intelligence to actively search for previously undetected adversaries and suspicious activities within a network. |
||||
Threat hunting is a proactive approach to cybersecurity where security professionals actively search for hidden threats or adversaries that may have bypassed traditional security measures, such as firewalls and intrusion detection systems. Rather than waiting for automated tools to flag suspicious activity, threat hunters use a combination of human intuition, threat intelligence, and advanced analysis techniques to identify indicators of compromise (IoCs) and potential threats within a network or system. |
||||
|
||||
## Key Objectives of Threat Hunting |
||||
The process involves several key concepts, starting with a **hypothesis**, where a hunter develops a theory about potential vulnerabilities or attack vectors that could be exploited. They then conduct a **search** through logs, traffic data, or endpoint activity to look for anomalies or patterns that may indicate malicious behavior. **Data analysis** is central to threat hunting, as hunters analyze vast amounts of network and system data to uncover subtle signs of attacks or compromises. If threats are found, the findings lead to **detection and mitigation**, allowing the security team to contain the threat, remove malicious entities, and prevent similar incidents in the future. |
||||
|
||||
- **Detect**: Identify unknown threats and suspicious behavior that traditional security tools may miss. |
||||
- **Contain**: Quickly isolate and remediate threats before they can cause significant damage. |
||||
- **Learn**: Gather valuable insights about the adversary, their techniques, and the effectiveness of existing security measures. |
||||
Threat hunting also involves **continuous learning** and adapting, as hunters refine their techniques based on evolving attack methods and the latest threat intelligence. This approach improves an organization’s overall security posture by identifying sophisticated or previously unknown threats that might evade conventional security measures. |
||||
|
||||
## Threat Hunting Techniques |
||||
Learn more from the following resources: |
||||
|
||||
There are several practical approaches to threat hunting, such as: |
||||
|
||||
- **Hypothesis-driven hunting**: Develop hypotheses about potential threats and validate them through data analysis and investigation. |
||||
- **Indicator of Compromise (IoC) hunting**: Leverage existing threat intelligence and IoCs to search for matches within your environment. |
||||
- **Machine learning-driven hunting**: Utilize algorithms and advanced analytics tools to automatically detect anomalies and other suspicious patterns of behavior. |
||||
- **Situational awareness hunting**: Understand the normal behavior and baseline of the environment and look for deviations that may indicate malicious activity. |
||||
|
||||
## Tools & Technologies for Threat Hunting |
||||
|
||||
Some common tools and technologies used for threat hunting include: |
||||
|
||||
- **Security information and event management (SIEM) systems**: Provide a centralized platform for detecting, alerting, and investigating security incidents and events. |
||||
- **Endpoint detection and response (EDR) solutions**: Deliver real-time monitoring, analysis, and remediation capabilities for endpoints. |
||||
- **Threat intelligence platforms (TIPs)**: Aggregate and analyze global threat data and indicators of compromise (IoC) to provide actionable intelligence. |
||||
- **User and entity behavior analytics (UEBA) tools**: Apply advanced analytics algorithms to detect potential threats by analyzing the behavior of users, devices, and applications. |
||||
|
||||
## Essential Skills for Threat Hunters |
||||
|
||||
Successful threat hunters should possess a strong combination of technical skills, critical thinking, and situational awareness. Some essential skills include: |
||||
|
||||
- **Understanding of networks and protocols**: Deep knowledge of network architecture, protocols, and communication patterns. |
||||
- **Familiarity with operating systems**: Ability to navigate, investigate, and analyze various operating systems, including Windows, Linux, and macOS. |
||||
- **Scripting and programming**: Proficiency in scripting languages (e.g., Python, PowerShell) and automation tools to streamline the threat hunting process. |
||||
- **Knowledge of common attacker tactics, techniques, and procedures (TTPs)**: Awareness of the latest TTPs, ensuring that you stay ahead of potential threats. |
||||
- **Critical thinking and problem-solving**: Ability to analyze complex scenarios and think creatively to identify potential threats and vulnerabilities. |
||||
|
||||
By developing a strong foundation in threat hunting concepts and techniques, security professionals are better equipped to proactively identify and mitigate potential attacks, thereby strengthening their organization's overall cybersecurity posture. |
||||
- [@article@What is Threat Hunting](https://www.ibm.com/topics/threat-hunting) |
||||
- [@video@Cyber Security Threat Hunting explained](https://www.youtube.com/watch?v=VNp35Uw_bSM) |
||||
@ -1,56 +1,17 @@ |
||||
# Basics of Computer Networking |
||||
|
||||
Computer networking refers to the practice of connecting two or more computing devices, creating an infrastructure in which they can exchange data, resources, and software. It is a fundamental part of cyber security and IT skills. In this chapter, we will cover five aspects of computer networking, including networking devices, network types, network protocols, IP addresses, and the OSI model. |
||||
Computer networking involves connecting multiple computers and devices to share resources, such as data, applications, and internet connections. Networks can range from small local area networks (LANs) to large-scale wide area networks (WANs), such as the internet. The basic components of a network include devices (computers, servers, routers), transmission media (wired or wireless), and network protocols, which govern communication between devices. |
||||
|
||||
## Networking Devices |
||||
Key concepts in networking include: |
||||
|
||||
Several devices enable and facilitate communication between different devices. Common networking devices include: |
||||
1. **IP Addressing**: Every device on a network has a unique Internet Protocol (IP) address, which allows it to be identified and communicate with other devices. |
||||
2. **Subnetting**: This involves dividing a network into smaller, manageable sections to optimize performance and security. |
||||
3. **Routing**: Routers are used to forward data between different networks, ensuring that information reaches the correct destination. |
||||
4. **DNS**: The Domain Name System translates human-readable domain names into IP addresses, enabling easier navigation and communication on the internet. |
||||
5. **TCP/IP Protocol**: The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the foundation of most networks, handling how data is broken into packets, transmitted, and reassembled. |
||||
|
||||
- **Hubs**: Devices that connect different devices together, transmitting data packets to all devices on the network. |
||||
- **Switches**: Similar to hubs, but transmit data packets only to specific devices instead of broadcasting to all. |
||||
- **Routers**: Devices that direct data packets between networks and provide the best path for data packets to reach their destination. |
||||
- **Firewalls**: Devices or software that monitor and filter incoming and outgoing network traffic, allowing only authorized data to pass through. |
||||
Learn more from the following resources: |
||||
|
||||
## Network Types |
||||
|
||||
There are various types of networks based on the distance they cover, and the number of devices they connect. A few common network types are: |
||||
|
||||
- **Personal Area Network (PAN)**: Connects devices within an individual workspace, typically within a range of 10 meters. |
||||
- **Local Area Network (LAN)**: Covers a small geographical area, such as a home or office, connecting multiple computers and other devices. |
||||
- **Wide Area Network (WAN)**: Covers a larger geographical area, interconnecting different LANs, often using leased telecommunication lines or wireless links. |
||||
- **Virtual Private Network (VPN)**: A secure network established over the public internet, encrypting the data transferred and restricting access to authorized users only. |
||||
|
||||
## Network Protocols |
||||
|
||||
Protocols are sets of rules that govern the communication between devices within a network. Some of the most common protocols include: |
||||
|
||||
- **Transmission Control Protocol (TCP)**: Ensures the reliable transmission of data and establishes connections between devices. |
||||
- **Internet Protocol (IP)**: Facilitates the transmission of data packets, assigning unique IP addresses to identify devices. |
||||
- **User Datagram Protocol (UDP)**: A lightweight, fast, but less reliable protocol compared to TCP, often used for streaming and gaming applications. |
||||
|
||||
## IP Addresses |
||||
|
||||
An IP address is a unique identifier assigned to every device in a network. There are two types of IP addresses: |
||||
|
||||
- **IPv4**: Uses a 32-bit addressing system, allowing for approximately 4.3 billion unique IP addresses. |
||||
- **IPv6**: Uses a 128-bit addressing system, providing a significantly larger number of available IP addresses. |
||||
|
||||
IP addresses can also be categorized as dynamic or static, depending on whether they change over time or remain constant for a device. |
||||
|
||||
## OSI Model |
||||
|
||||
The Open Systems Interconnection (OSI) model is a conceptual framework used to understand and describe how different network protocols interact. It divides networking functions into seven distinct layers: |
||||
|
||||
- **Physical Layer**: Deals with the physical connection between devices, including cabling and hardware. |
||||
- **Data Link Layer**: Handles the communication between adjacent devices on the same network. |
||||
- **Network Layer**: Identifies the best route for data packets and manages IP addresses. |
||||
- **Transport Layer**: Ensures the reliable transmission of data, including error checking and flow control. |
||||
- **Session Layer**: Establishes, maintains, and terminates connections between applications on different devices. |
||||
- **Presentation Layer**: Translates data into a format that is suitable for transmission between devices. |
||||
- **Application Layer**: Represents the user interface with which applications interact. |
||||
|
||||
Mastering the basics of computer networking is key to understanding and implementing effective cyber security measures. This chapter has covered essential networking concepts, but it is important to continually expand your knowledge in this ever-evolving field. |
||||
|
||||
- [@article@What is Computer Networking?](https://tryhackme.com/room/whatisnetworking) |
||||
- [@video@Learn Networking in 3 hours (basics for cybersecurity and DevOps)](https://www.youtube.com/watch?v=iSOfkw_YyOU\&t=1549s) |
||||
- [@feed@Explore top posts about Networking](https://app.daily.dev/tags/networking?ref=roadmapsh) |
||||
- [@article@Networking basics - What you need to know](https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html) |
||||
- [@video@Computer Networking in 100 seconds](https://www.youtube.com/watch?v=keeqnciDVOo) |
||||
- [@video@Computer Networks: Crash Course Computer Science #28](https://www.youtube.com/watch?v=3QhU9jd03a0) |
||||
@ -1,36 +1,11 @@ |
||||
# Basics of NAS and SAN |
||||
|
||||
Network Attached Storage (NAS) and Storage Area Network (SAN) technologies play a crucial role in managing data within an organization and serve as the building blocks for a more comprehensive IT infrastructure. |
||||
Network Attached Storage (NAS) and Storage Area Network (SAN) are both technologies used for storing and managing data, but they operate in different ways and serve different purposes. NAS is a dedicated file storage device that connects to a network, allowing multiple users and devices to access files over a shared network. It operates at the file level and uses standard networking protocols such as NFS or SMB/CIFS, making it easy to set up and manage, especially for small to medium-sized businesses. NAS devices are ideal for sharing files, providing backups, and enabling centralized data access across multiple users in a local network. |
||||
|
||||
## Network Attached Storage (NAS) |
||||
SAN, on the other hand, is a high-performance, specialized network designed to provide block-level storage, which means it acts as a direct-attached storage device to servers. SAN uses protocols such as Fibre Channel or iSCSI and is typically employed in large enterprise environments where fast, high-capacity, and low-latency storage is critical for applications like databases and virtualized systems. While NAS focuses on file sharing across a network, SAN is designed for more complex, high-speed data management, enabling servers to access storage as if it were directly connected to them. Both NAS and SAN are vital components of modern data storage infrastructure but are chosen based on the specific performance, scalability, and management needs of the organization. |
||||
|
||||
NAS is a high-capacity storage solution that operates on a data file level, allowing multiple users and clients to access, store, and retrieve data from a centralized location over a network. NAS devices are generally connected to a local area network (LAN) and use various file-sharing protocols, such as NFS (Network File System), SMB/CIFS (Server Message Block/Common Internet File System), or AFP (Apple Filing Protocol). |
||||
Learn more from the following resources: |
||||
|
||||
Some key features of a NAS system include: |
||||
|
||||
- **Ease of Deployment**: NAS devices are simple to install and configure, facilitating quick integration into existing network infrastructures. |
||||
- **Scalability**: NAS systems can be easily expanded to accommodate growing storage needs by adding more drives or units. |
||||
- **Data Protection**: Most NAS devices offer data protection features such as RAID (Redundant Array of Independent Disks), data backup, and data encryption. |
||||
|
||||
## Storage Area Network (SAN) |
||||
|
||||
SAN is a high-performance, dedicated storage network designed to provide block-level data storage for applications and servers. Unlike NAS, which uses file-sharing protocols, SANs utilize block-based protocols such as Fibre Channel (FC) and iSCSI (Internet Small Computer System Interface) to handle storage requests. |
||||
|
||||
SANs offer several advantages in terms of performance, reliability, and scalability: |
||||
|
||||
- **Performance**: SANs can handle low-latency, high-speed data transfers, providing optimal performance for mission-critical applications and large-scale virtualization. |
||||
- **Fault Tolerance**: SANs are designed to provide redundancy and failover capabilities, ensuring continued access to data in the event of hardware failures. |
||||
- **Scalability**: SANs can be easily scaled by adding more disk arrays, switches, or connections to meet growing storage demands. |
||||
|
||||
## NAS vs. SAN: Choosing the Right Solution |
||||
|
||||
When it comes to deciding between NAS and SAN, there are several factors to consider: |
||||
|
||||
- **Cost**: NAS devices are generally more affordable than SANs, making them an attractive option for smaller organizations or environments with limited budgets. |
||||
- **Infrastructure**: NAS solutions can be more easily integrated into existing network infrastructures, whereas SANs may require dedicated hardware, connections, and management tools. |
||||
- **Performance Requirements**: If you need high-performance storage for intensive applications, SANs may be a more appropriate choice than NAS. |
||||
- **Data Management**: While NAS solutions excel in handling file-based storage, SANs provide better support for block-level storage and can deliver improved performance for virtualized environments and database applications. |
||||
|
||||
It's essential to evaluate your organization's specific needs and requirements to determine which storage solution is the most appropriate fit. As you expand your knowledge in cyber security, a solid understanding of both NAS and SAN technologies will prove invaluable in implementing secure and efficient data storage systems. |
||||
|
||||
- [@video@NAS vs SAN](https://youtu.be/3yZDDr0JKVc) |
||||
- [@video@What is a NAS](https://www.youtube.com/watch?v=ZwhT-KI16jo) |
||||
- [@video@What is a Storage Area Network](https://www.youtube.com/watch?v=7eGw4vhyeTA) |
||||
- [@article@NAS vs SAN - What are the differences?](https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/) |
||||
@ -1,48 +1,10 @@ |
||||
# Basics of Reverse Engineering |
||||
|
||||
Reverse engineering is the process of analyzing a system, component, or software to understand how it works and deduce its design, architecture, or functionality. It is a critical skill in cybersecurity, as it helps security professionals uncover the potential attack vectors, hidden vulnerabilities, and underlying intentions of a piece of software or hardware. |
||||
Reverse engineering is the process of deconstructing a system, software, or hardware to understand its internal workings, design, and functionality without having access to its source code or original documentation. In cybersecurity, reverse engineering is often used to analyze malware or software vulnerabilities to uncover how they operate, allowing security professionals to develop defenses, patches, or detection methods. This involves breaking down the binary code, disassembling it into machine code, and then interpreting it to understand the logic, behavior, and intent behind the program. |
||||
|
||||
In this section, we will cover the basic concepts and techniques of reverse engineering that every cybersecurity professional should be familiar with. |
||||
Reverse engineering can also be used in hardware to investigate a device's design or performance, or in software development for compatibility, debugging, or enhancing legacy systems. The process typically includes static analysis, where the code is examined without execution, and dynamic analysis, where the program is executed in a controlled environment to observe its runtime behavior. The insights gained through reverse engineering are valuable for improving security, fixing bugs, or adapting systems for different uses. However, it’s important to be aware of the legal and ethical boundaries, as reverse engineering certain software or hardware can violate intellectual property rights. |
||||
|
||||
## Static Analysis Vs. Dynamic Analysis |
||||
Learn more from the following resources: |
||||
|
||||
There are two main approaches to reverse engineering: static analysis and dynamic analysis. Static analysis involves examining the code and structure of a software without executing it. This includes analyzing the source code, if available, or examining the binary executable using disassemblers or decompilers. |
||||
|
||||
Dynamic analysis, on the other hand, involves executing the software while observing and monitoring its behaviors and interactions with other components or systems. This analysis is typically performed in controlled environments, such as virtual machines or sandbox environments, to minimize potential risks. |
||||
|
||||
Both approaches have their merits and limitations, and combining them is often the most effective way to gain a comprehensive understanding of the target system. |
||||
|
||||
## Disassemblers and Decompilers |
||||
|
||||
Disassemblers and decompilers are essential tools in reverse engineering, as they help transform binary executables into a more human-readable format. |
||||
|
||||
- **Disassemblers** convert machine code (binary executable) into assembly language, a low-level programming language that is more human-readable than raw machine code. Assembly languages are specific to the CPU architectures, such as x86, ARM, or MIPS. |
||||
- **Decompilers** attempt to reverse-engineer binary executables into high-level programming languages, such as C or C++, by interpreting the structures and patterns in the assembly code. Decompilation, however, is not always perfect and may generate code that is more difficult to understand than assembly. |
||||
|
||||
Some popular disassemblers and decompilers are: |
||||
|
||||
- [@article@IDA Pro](https://www.hex-rays.com/products/ida/) |
||||
- [@article@Ghidra](https://ghidra-sre.org/) |
||||
- [@article@Hopper](https://www.hopperapp.com/) |
||||
|
||||
## Debuggers |
||||
|
||||
Debuggers are another essential tool for reverse engineering, as they allow you to execute a program and closely monitor its behavior during runtime. Debuggers provide features such as setting breakpoints, stepping through code, and examining memory contents. |
||||
|
||||
Some popular debuggers include: |
||||
|
||||
- [@article@OllyDbg](http://www.ollydbg.de/) |
||||
- [@article@GDB](https://www.gnu.org/software/gdb/) |
||||
- [@article@x64dbg](https://x64dbg.com/) |
||||
|
||||
## Common Reverse Engineering Techniques |
||||
|
||||
Here are some basic reverse engineering techniques: |
||||
|
||||
- **Control flow analysis:** Understanding the execution flow of a program, such as loops, branches, and conditional statements, to determine how the program behaves under certain conditions. |
||||
- **Data flow analysis:** Analyzing how data is passed between different parts of a program and tracing the origin and destination of data. |
||||
- **System call analysis:** Examining system calls made by a program to understand how it interacts with the operating system, hardware, or external resources. |
||||
- **Cryptographic analysis:** Identifying and analyzing encryption and decryption algorithms used within a program or analyzing any cryptographic keys or certificates that may be present. |
||||
- **Pattern recognition:** Identifying common patterns, structures, or routines in code that may indicate the use of known algorithms or frameworks. |
||||
|
||||
Remember that mastering the art of reverse engineering takes time and practice. As you delve deeper into the world of reverse engineering, you will develop the ability to recognize patterns, understand complex systems, and ultimately, better defend against cyber threats. |
||||
- [@course@Reverse Engineering for Everyone!](https://0xinfection.github.io/reversing/) |
||||
- [@video@What is reverse engineering?](https://www.youtube.com/watch?v=gh2RXE9BIN8) |
||||
@ -1,53 +1,11 @@ |
||||
# Basics of Subnetting |
||||
|
||||
Subnetting is the process of dividing an IP network into smaller sub-networks called subnets. It allows better allocation of IP addresses and provides better organization, control, and security for the network. Here we go through some of the basic concepts of subnetting and why it's crucial for cybersecurity. |
||||
Subnetting is a technique used in computer networking to divide a large network into smaller, more manageable sub-networks, or "subnets." It enhances network performance and security by reducing broadcast traffic and enabling better control over IP address allocation. Each subnet has its own range of IP addresses, which allows network administrators to optimize network traffic and reduce congestion by isolating different sections of a network. |
||||
|
||||
## IP Addresses and Subnet Masks |
||||
In subnetting, an IP address is split into two parts: the network portion and the host portion. The network portion identifies the overall network, while the host portion identifies individual devices within that network. Subnet masks are used to define how much of the IP address belongs to the network and how much is reserved for hosts. By adjusting the subnet mask, administrators can create multiple subnets from a single network, with each subnet having a limited number of devices. Subnetting is particularly useful for large organizations, allowing them to efficiently manage IP addresses, improve security by segmenting different parts of the network, and control traffic flow by minimizing unnecessary data transmissions between segments. |
||||
|
||||
An IP address is a unique identifier for devices on a network. It consists of two parts: the network address and the host address. The network address indicates the network to which a device belongs, while the host address identifies the specific device within that network. |
||||
Learn more from the following resources: |
||||
|
||||
Subnet masks are used to define which portion of an IP address is the network address and which is the host address. For example, in the IP address `192.168.1.5`, and subnet mask `255.255.255.0`, the network address is `192.168.1.0`, and the host address is `5`. |
||||
|
||||
## Why Subnetting? |
||||
|
||||
Subnetting has several advantages, including: |
||||
|
||||
- **Improved Network Performance**: Breaking a large network into smaller subnets helps reduce congestion and improve overall performance. |
||||
- **Enhanced Security**: By isolating different parts of a network, you can control access and limit the spread of potential threats. |
||||
- **Easier Administration**: Smaller networks are easier to manage and maintain, as it's simpler to track issues and allocate resources. |
||||
|
||||
## Subnetting Process |
||||
|
||||
The process of subnetting involves the following steps: |
||||
|
||||
- **Choose the Appropriate Subnet Mask**: Determine the right subnet mask for your network based on the number of required subnets and hosts. The more subnets you need, the more bits you will "borrow" from the host portion of the IP address. |
||||
|
||||
- **Divide the Network into Subnets**: Calculate the subnet addresses by incrementing the network portion of the IP address by the value of the borrowed bits. |
||||
|
||||
- **Determine Host Ranges**: Calculate the valid host addresses within each subnet by identifying the first and last usable IP addresses. Remember that the first address in a subnet is the network address, and the last address is used for broadcasting. |
||||
|
||||
- **Assign IP Addresses**: Allocate IP addresses to devices within their respective subnets, and configure devices with the correct subnet mask. |
||||
|
||||
## Example |
||||
|
||||
Let's suppose we have the network `192.168.1.0` with a subnet mask of `255.255.255.0`. We want to create four smaller subnets. Here's how we can do it: |
||||
|
||||
- `255.255.255.0` in binary is `11111111.11111111.11111111.00000000`. We can borrow 2 bits from the host portion to create four subnets: `11111111.11111111.11111111.11000000`, which is `255.255.255.192` in decimal format. |
||||
|
||||
- Our subnets will have the following network addresses: |
||||
|
||||
- `192.168.1.0` |
||||
- `192.168.1.64` |
||||
- `192.168.1.128` |
||||
- `192.168.1.192` |
||||
|
||||
- The valid host ranges within each subnet are: |
||||
|
||||
- `192.168.1.1 - 192.168.1.62` |
||||
- `192.168.1.65 - 192.168.1.126` |
||||
- `192.168.1.129 - 192.168.1.190` |
||||
- `192.168.1.193 - 192.168.1.254` |
||||
|
||||
- Allocate IP addresses from these host ranges to devices within their respective subnets, and configure devices with the correct subnet mask (`255.255.255.192`). |
||||
|
||||
Understanding the basics of subnetting is essential to properly configuring and securing your network. By efficiently dividing your network into smaller subnets, you can optimize performance, organization, and security. |
||||
- [@article@Networking Basics: What is IPv4 Subnetting?](https://www.cbtnuggets.com/blog/technology/networking/networking-basics-what-is-ipv4-subnetting) |
||||
- [@video@Lets subnet your home network!](https://www.youtube.com/watch?v=mJ_5qeqGOaI&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF&index=6) |
||||
- [@video@Subnetting for hackers](https://www.youtube.com/watch?v=o0dZFcIFIAw) |
||||
@ -1,42 +1,10 @@ |
||||
# Basics of Threat Intel, OSINT |
||||
|
||||
Open Source Intelligence (OSINT) is a crucial part of cyber threat intelligence (CTI). It refers to the collection and analysis of publicly available information from various sources to identify potential threats to an organization's information security. |
||||
Threat Intelligence (Threat Intel) and Open-Source Intelligence (OSINT) are both critical components in cybersecurity that help organizations stay ahead of potential threats. Threat Intelligence refers to the collection, analysis, and dissemination of information about potential or current attacks targeting an organization. This intelligence typically includes details on emerging threats, attack patterns, malicious IP addresses, and indicators of compromise (IoCs), helping security teams anticipate, prevent, or mitigate cyberattacks. Threat Intel can be sourced from both internal data (such as logs or past incidents) and external feeds, and it helps in understanding the tactics, techniques, and procedures (TTPs) of adversaries. |
||||
|
||||
## Why is OSINT important for threat intelligence? |
||||
OSINT, a subset of Threat Intel, involves gathering publicly available information from open sources to assess and monitor threats. These sources include websites, social media, forums, news articles, and other publicly accessible platforms. OSINT is often used for reconnaissance to identify potential attack vectors, compromised credentials, or leaks of sensitive data. It’s also a valuable tool in tracking threat actors, as they may leave traces in forums or other public spaces. Both Threat Intel and OSINT enable organizations to be more proactive in their cybersecurity strategies by identifying vulnerabilities, understanding attacker behavior, and implementing timely defenses based on actionable insights. |
||||
|
||||
OSINT plays a significant role in achieving comprehensive threat intelligence by offering valuable insights into various threat actors, their tactics, techniques, and procedures (TTPs). By leveraging OSINT, security teams can: |
||||
Learn more from the following resources: |
||||
|
||||
- Identify and track adversaries targeting their organization |
||||
- Gain knowledge about the latest attack strategies and trends |
||||
- Evaluate the effectiveness of existing security measures |
||||
- Develop proactive defense strategies to mitigate potential threats |
||||
|
||||
## Key OSINT Sources |
||||
|
||||
There are numerous sources of OSINT data that can be valuable for threat intelligence. Some of the main sources include: |
||||
|
||||
- **Publicly accessible websites and blogs**: Security researchers, hackers, and threat actors frequently share information about their findings, tools, and techniques in their blogs and websites. |
||||
|
||||
- **Social media platforms**: Social media platforms like Twitter, Reddit, and LinkedIn offer a wealth of information about threat actors' activities and can act as a valuable resource for threat intelligence. |
||||
|
||||
- **Security-related conference materials**: Many industry conferences and workshops publish their research papers, video recordings, and presentations online, allowing you to gather valuable insights from experts in the field. |
||||
|
||||
- **Online forums and chat rooms**: Hacker forums, online chat rooms, and bulletin boards often contain discussions related to the latest vulnerabilities, exploits, and attack techniques. |
||||
|
||||
- **Pastebin and GitHub**: These platforms offer code snippets and repositories that may contain working hacking tools or proof-of-concept exploits, making them valuable sources of OSINT. |
||||
|
||||
## Best Practices for OSINT Collection |
||||
|
||||
Collecting and analyzing OSINT for threat intelligence may seem like a daunting task, but by following these best practices, you can effectively incorporate it into your cyber defense strategies: |
||||
|
||||
- **Set clear goals and objectives**: Define what you want to achieve with your OSINT collection efforts and how it contributes to your organization's threat intelligence initiatives. |
||||
|
||||
- **Establish a methodology**: Develop a structured approach and process for searching, collecting, and analyzing OSINT data. |
||||
|
||||
- **Filter your data**: As the volume of data available from OSINT sources can be overwhelming, it's essential to filter the data gathered effectively. Prioritize information that is relevant to your organizational context and specific intelligence requirements. |
||||
|
||||
- **Maintain up-to-date knowledge**: Regularly review newly available OSINT and stay current with the latest tactics, techniques, and procedures utilized by threat actors. |
||||
|
||||
- **Collaborate and share with peers**: The security community is known for collaboration and knowledge sharing. Engage with other security professionals to benefit from their knowledge and experience. |
||||
|
||||
In conclusion, OSINT is a significant aspect of threat intelligence that helps organizations identify and mitigate potential security threats. By effectively collecting and analyzing OSINT, you can gain a better understanding of the ever-evolving threat landscape and develop more effective strategies to protect your organization. |
||||
- [@article@OSINT Framework](https://osintframework.com/) |
||||
- [@course@Open-Source Intelligence (OSINT) in 5 Hours](https://www.youtube.com/watch?v=qwA6MmbeGNo&t=457s) |
||||
@ -1,24 +1,12 @@ |
||||
# Basics of Vulnerability Management |
||||
|
||||
Vulnerability management is a crucial aspect of cybersecurity, as it helps organizations to identify, prioritize, and remediate potential risks in their networks, systems, and applications. It involves continuous processes and practices designed to protect sensitive data by reducing the attack surface and minimizing the likelihood of a breach. |
||||
Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities in an organization's systems, applications, and networks. It is a continuous, proactive approach to safeguarding digital assets by addressing potential weaknesses that could be exploited by attackers. The process begins with **vulnerability scanning**, where tools are used to detect known vulnerabilities by analyzing software, configurations, and devices. |
||||
|
||||
## Importance of Vulnerability Management |
||||
Once vulnerabilities are identified, they are **assessed and prioritized** based on factors such as severity, potential impact, and exploitability. Organizations typically use frameworks like CVSS (Common Vulnerability Scoring System) to assign risk scores to vulnerabilities, helping them focus on the most critical ones first. |
||||
|
||||
- **Prevent cyberattacks**: By addressing vulnerabilities before they can be exploited, organizations reduce the chances of successful attacks and protect their critical assets. |
||||
- **Comply with regulations**: Organizations must adhere to various data protection standards and regulations, such as GDPR, HIPAA, or PCI DSS. A robust vulnerability management program can help meet these requirements. |
||||
- **Maintain customer trust**: Frequent security breaches can lead to reputational damages, making it vital to prioritize vulnerability management as a means to safeguard customer data. |
||||
- **Save costs**: Proactively identifying and mitigating vulnerabilities reduces the financial implications of dealing with a security breach, including the costs of incident response, legal liabilities, and penalties. |
||||
Next, **remediation** is carried out through patching, configuration changes, or other fixes. In some cases, mitigation may involve applying temporary workarounds until a full patch is available. Finally, continuous **monitoring and reporting** ensure that new vulnerabilities are swiftly identified and addressed, maintaining the organization's security posture. Vulnerability management is key to reducing the risk of exploitation and minimizing the attack surface in today's complex IT environments. |
||||
|
||||
## Components of Vulnerability Management |
||||
Learn more from the following resources: |
||||
|
||||
- **Vulnerability Assessment**: Regular vulnerability assessments are essential to identify security weaknesses. This includes scanning networks, system components, software, and applications to identify existing vulnerabilities. |
||||
|
||||
- **Risk Analysis**: After identifying vulnerabilities, it is essential to assess their potential risks. This involves determining the likelihood and impact of each vulnerability, prioritizing them based on severity, and deciding which vulnerabilities to address first. |
||||
|
||||
- **Remediation**: The remediation process involves implementing patches, updates, or configuration changes to address the identified vulnerabilities. It is crucial to regularly review and ensure that patches have been applied effectively to prevent further exploitation. |
||||
|
||||
- **Verification**: After remediation, organizations must verify that the implemented solutions have effectively eliminated the risk posed by the vulnerability. Verification processes may include re-scanning and penetration testing. |
||||
|
||||
- **Reporting**: Maintaining comprehensive and accurate records of vulnerability management activities is essential for regulatory compliance and informing key stakeholders about the organization's security posture. Regular reporting can also aid in identifying problem areas and trends, allowing decision-makers to allocate resources and plan accordingly. |
||||
|
||||
By implementing a thorough vulnerability management program, organizations can significantly reduce their risk exposure and improve their overall cybersecurity posture. In today's digital landscape, proactively managing vulnerabilities is a critical step in safeguarding sensitive information and maintaining customer trust. |
||||
- [@article@What is vulnerability management?](https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/) |
||||
- [@video@Vulnerability Management explained by experts](https://www.youtube.com/watch?v=RE6_Lo2wSIg) |
||||
|
||||
@ -1,21 +1,8 @@ |
||||
# Bluetooth |
||||
|
||||
**Bluetooth** is a wireless technology used to transfer data between devices over short distances. It operates in the 2.4 GHz frequency band and offers a reasonably secure means of communication between devices like smartphones, computers, headphones, and more. |
||||
Bluetooth is a short-range wireless technology standard used for exchanging data between fixed and mobile devices over short distances. While it offers convenience for connecting peripherals and transferring information, it also presents several security concerns in the cybersecurity landscape. Bluetooth vulnerabilities can potentially allow attackers to intercept communications, execute malicious code, or gain unauthorized access to devices. Common attacks include bluejacking, bluesnarfing, and bluebugging. To mitigate these risks, cybersecurity professionals recommend regularly updating device firmware, using the latest Bluetooth protocols, enabling encryption, and turning off Bluetooth when not in use. Despite ongoing security improvements, Bluetooth remains an attack vector that requires vigilant monitoring and protection in both personal and enterprise environments. |
||||
|
||||
Below are some key points about Bluetooth: |
||||
Learn more from the following resources: |
||||
|
||||
- **Short-range communication**: Bluetooth typically works within a radius of 10 meters (33 feet), giving it a significant advantage in terms of power consumption when compared to other wireless technologies such as Wi-Fi. The short range also reduces the chances of interference between devices. |
||||
|
||||
- **Low power consumption**: Bluetooth devices are designed to use relatively low power compared to other wireless technologies. This aspect contributes to their widespread adoption in battery-powered devices like wearable gadgets and IoT sensors. |
||||
|
||||
- **Convenience**: Bluetooth allows for easy, automatic connection between devices once they have been paired. This 'pair and play' functionality ensures users can quickly establish connectivity between their devices with minimal effort. |
||||
|
||||
- **Security**: Bluetooth includes security features like encryption and authentication, which ensure secure communication between paired devices. However, users must remain vigilant in terms of keeping their devices up-to-date with the latest Bluetooth security patches and protocols. |
||||
|
||||
- **Potential vulnerabilities**: Despite its built-in security measures, Bluetooth is not immune to cyber attacks. Some common risks include "bluejacking" (unauthorized sending of messages or files), "bluesnarfing" (unauthorized access to device data), and "BlueBorne" (an attack vector that exploits Bluetooth connections to infiltrate devices and spread malware). Users should be cautious in their usage of Bluetooth and follow best practices like not accepting unknown connection requests and turning off Bluetooth when not in use. |
||||
|
||||
In conclusion, Bluetooth offers a convenient means of connecting devices wirelessly. While it provides reasonably secure communication, users must stay informed about potential vulnerabilities and follow good security practices to safeguard their devices. |
||||
|
||||
- [@article@Bluetooth security risks to know (and how to avoid them)](https://us.norton.com/blog/mobile/bluetooth-security) |
||||
- [@official@Bluetooth security best practices from official website](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/) |
||||
- [@feed@Explore top posts about Bluetooth](https://app.daily.dev/tags/bluetooth?ref=roadmapsh) |
||||
- [@article@Bluetooth in Cyber Security](https://www.zenarmor.com/docs/network-basics/what-is-bluetooth) |
||||
- [@video@Everything about Bluetooth Security](https://www.youtube.com/watch?v=i9mzl51ammA) |
||||
|
||||
@ -1,24 +1,7 @@ |
||||
# Box |
||||
|
||||
[Box](https://www.box.com/) is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams. |
||||
Box is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams. |
||||
|
||||
## Features |
||||
Learn more from the following resources: |
||||
|
||||
- **Security:** Box ensures the data stored within their platform is secure by implementing various security measures, such as encryption (in-transit and at-rest), multi-factor authentication, and granular access controls. |
||||
- **Collaboration:** Users can easily invite collaborators, assign permissions, and share files via secure links within Box. It also features real-time document editing and file version history. |
||||
- **Integrations:** Box integrates with several other applications and services, such as Microsoft Office 365, Google Workspace, Salesforce, Slack, and more. |
||||
- **Box Drive:** With Box Drive, users can access and work on their files directly from the desktop, without downloading them locally, making it easy to keep files up-to-date. |
||||
|
||||
## Pricing |
||||
|
||||
Box offers a [variety of pricing plans](https://www.box.com/pricing), catering to different user requirements. These include: |
||||
|
||||
- **Individual Plan:** Free, with limited storage and features. |
||||
- **Personal Pro Plan:** $10/month, includes 100GB storage, larger file size support, and additional features. |
||||
- **Business Plans:** Starting at $5/user/month, tailored to meet the needs of small to enterprise-level businesses, with increased storage, advanced security, and much more. |
||||
|
||||
## Privacy & Compliance |
||||
|
||||
Box is compliant with various international privacy laws and regulations, such as GDPR, HIPAA, and FedRAMP. It also undergoes third-party audits and assessments to verify the efficacy of their security measures. |
||||
|
||||
In conclusion, Box is a highly secure and feature-rich cloud storage service that is specifically designed for businesses and individuals who require advanced security and collaboration functionality. |
||||
- [@official@Box Website](https://www.box.com/en-gb/home) |
||||
@ -1,21 +1,8 @@ |
||||
# Bus |
||||
|
||||
A **bus topology** is a type of network configuration where all the devices or nodes in the network are connected to a single, central cable known as the bus, backbone or trunk. This common shared path serves as the medium for data transmission and communication amongst the nodes. |
||||
In the context of cybersecurity, a bus refers to a communication system that transfers data between components inside a computer or between computers. It's a critical part of computer architecture that can be vulnerable to various security threats. Attackers may attempt to exploit bus systems to intercept sensitive data, inject malicious code, or perform side-channel attacks. These vulnerabilities can exist at different levels, from the system bus connecting major computer components to expansion buses for peripheral devices. Securing bus communications involves implementing encryption, access controls, and monitoring for unusual activity. As buses play a crucial role in data transfer, protecting them is essential for maintaining the overall security and integrity of computer systems and networks. |
||||
|
||||
## How Bus Topology Works |
||||
Learn more from the following resources: |
||||
|
||||
In a bus topology, every node has a unique address that identifies it on the network. When a node wants to communicate with another node in the network, it broadcasts a message containing the destination node's address as well as its own address. All the nodes connected to the bus receive the message, but only the intended recipient with the matching address responds. |
||||
|
||||
## Advantages of Bus Topology |
||||
|
||||
- **Easy to set up**: Bus topology is relatively simple in terms of installation, as it requires less cable and minimal hardware. |
||||
- **Cost-effective**: Due to its simplicity and reduced cabling requirements, it's typically more affordable to implement than other topologies. |
||||
- **Expandable**: New nodes can be easily added to the network by connecting them to the bus. |
||||
|
||||
## Disadvantages of Bus Topology |
||||
|
||||
- **Limited Scalability**: As the number of nodes increases, network performance may decrease due to increased collisions and data transmission time. |
||||
- **Single point of failure**: If the central cable (bus) fails or gets damaged, the entire network will be affected and may result in a complete breakdown. |
||||
- **Maintenance difficulty**: Troubleshooting and identifying issues within the network can be challenging due to the shared path for data transmission. |
||||
|
||||
Bus topology can be an effective solution for small networks with minimal devices. However, as network size and complexity increase, other topologies such as star, ring, or mesh may be more suitable for maintaining efficiency and reliability. |
||||
- [@article@What is a bus?](https://www.lenovo.com/gb/en/glossary/bus/?srsltid=AfmBOoocoXVvqdupLu13XAm0FZMOHjRtjnnCCFxa59tEa-bQwhiVhac2) |
||||
- [@video@Computer buses](https://www.youtube.com/watch?v=aBCaCrC3z0k) |
||||
@ -1,31 +1,10 @@ |
||||
# CISM |
||||
|
||||
The [Certified Information Security Manager (CISM)](https://www.isaca.org/credentialing/cism) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs. |
||||
The Certified Information Security Manager (CISM) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs. |
||||
|
||||
## Who Should Pursue CISM Certification? |
||||
Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services. |
||||
|
||||
The CISM certification is ideal for: |
||||
Learn more from the following resources: |
||||
|
||||
- Information security managers |
||||
- IT consultants |
||||
- IT auditors |
||||
- Senior IT professionals responsible for information security |
||||
- Security architects and engineers |
||||
|
||||
## Exam Requirements and Process |
||||
|
||||
To obtain the CISM certification, candidates must: |
||||
|
||||
- **Register for the CISM Exam**: You must [register](https://www.isaca.org/exams) for the exam, pay the registration fee, and select an exam date during one of the three annual exam windows. |
||||
- **Meet the Experience Requirements**: You must have at least five years of experience in information security management across at least three of the four CISM domains. There is the option to waive up to two years of experience based on your education or other certifications. |
||||
- **Study for the Exam**: Thorough exam preparation is essential for success. ISACA provides a range of study materials, including the [CISM Review Manual](https://www.isaca.org/bookstore), online question banks, and instructor-led courses. |
||||
- **Take the Exam**: The CISM exam consists of 150 multiple-choice questions, and you have four hours to complete it. It covers four main domains: |
||||
|
||||
- Information Security Governance |
||||
- Information Risk Management |
||||
- Information Security Program Development and Management |
||||
- Information Security Incident Management |
||||
|
||||
- **Maintain Your Certification**: Once you pass the exam and meet the experience requirements, you need to [apply for certification](https://www.isaca.org/credentialing/certified-information-security-manager/get-cism-certified). To maintain your CISM credential, you must earn Continuing Professional Education (CPE) hours and renew your certification every three years. |
||||
|
||||
The CISM certification is globally recognized for its emphasis on the strategic and managerial aspects of information security. Professionals with this certification are in high demand, as they possess the knowledge and skills to develop and manage comprehensive information security programs in various organizations. |
||||
- [@official@CISM Website](https://www.isaca.org/credentialing/cism) |
||||
- [@article@Certified Information Security Manager (CISM)](https://www.techtarget.com/searchsecurity/definition/certified-information-security-manager-CISM) |
||||
@ -1,48 +1,10 @@ |
||||
# Cloud Skills and Knowledge |
||||
|
||||
In the realm of cyber security, cloud skills and knowledge are indispensable for professionals who work with cloud-based infrastructure and services. As more organizations migrate to the cloud, the demand for cloud security expertise continues to rise. This chapter focuses on the essential cloud skills and knowledge a cyber security specialist should possess. |
||||
Cloud skills and knowledge are essential for working effectively with cloud computing technologies and services, which provide scalable, on-demand resources over the internet. Core cloud skills include understanding the architecture and types of cloud deployments, such as public, private, and hybrid clouds, as well as the major service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Knowledge of cloud platforms like AWS, Microsoft Azure, and Google Cloud is crucial, along with the ability to manage virtual machines, storage, networking, and databases in a cloud environment. |
||||
|
||||
## Understanding Cloud Models |
||||
Security in the cloud is a vital skill, encompassing encryption, identity and access management (IAM), compliance, and disaster recovery. Understanding DevOps practices, containerization (using tools like Docker and Kubernetes), and serverless computing also plays a significant role in cloud operations. Additionally, familiarity with cloud-native tools for automation, monitoring, and orchestration, as well as knowledge of cloud cost optimization and performance tuning, are important for maximizing cloud efficiency and ensuring a secure, scalable infrastructure. |
||||
|
||||
It is fundamental for a cyber security professional to be acquainted with the different cloud service models, including: |
||||
Learn more from the following resources: |
||||
|
||||
- **IaaS (Infrastructure as a Service):** Offers virtualized computing resources over the Internet (e.g., Amazon Web Services, Microsoft Azure). |
||||
- **PaaS (Platform as a Service):** Provides a platform for developers to build, test, and deploy applications (e.g., Google App Engine, Heroku). |
||||
- **SaaS (Software as a Service):** Offers on-demand access to software applications over the Internet (e.g., Salesforce, Microsoft 365). |
||||
|
||||
## Familiarity with Cloud Security Architecture |
||||
|
||||
A comprehensive understanding of cloud security architecture enables professionals to design and implement secure cloud environments. Key aspects include: |
||||
|
||||
- Identifying and managing risks in cloud deployments |
||||
- Configuring and managing cloud security services |
||||
- Applying best practices for data storage, access control, and encryption in the cloud |
||||
|
||||
## Compliance and Legal Issues |
||||
|
||||
Cloud security specialists must be aware of various compliance and legal requirements related to cloud data storage and processing, such as GDPR, HIPAA, and PCI-DSS. |
||||
|
||||
## Cloud Security Tools and Technologies |
||||
|
||||
Cyber security professionals should be proficient in using various security tools and technologies specifically designed for the cloud, including: |
||||
|
||||
- Cloud security monitoring and management tools (e.g., AWS Security Hub, Azure Security Center) |
||||
- Cloud-native security platforms (e.g., Palo Alto Networks Prisma, Check Point CloudGuard) |
||||
- API security and management tools (e.g., Postman, Swagger) |
||||
|
||||
## Cloud Identity and Access Management |
||||
|
||||
A strong grasp of identity and access management (IAM) concepts in the cloud is crucial. This entails understanding: |
||||
|
||||
- How to create and manage user identities and permissions |
||||
- Implementing multi-factor authentication (MFA) |
||||
- Understanding the differences between cloud-based and traditional IAM systems |
||||
|
||||
## Securing Cloud Networks |
||||
|
||||
Professionals should know the fundamentals of securing cloud networks, including: |
||||
|
||||
- Implementing network security features such as firewalls, virtual private networks (VPNs), and intrusion detection systems |
||||
- Segmenting cloud networks for better security |
||||
|
||||
Overall, possessing cloud skills and knowledge prepares cyber security professionals to effectively protect and manage cloud infrastructure and applications in today's fast-paced digital landscape. |
||||
- [@article@7 Cloud Computing skills to know](https://www.coursera.org/articles/cloud-computing-skills) |
||||
- [@video@What cloud skills are essential?](https://www.youtube.com/watch?v=udKBDRcj178) |
||||
@ -1,83 +1,30 @@ |
||||
# Common Commands |
||||
|
||||
In this guide, we will cover essential common commands you need to know when starting your journey in cyber security. By becoming proficient in these commands, you will be able to navigate, analyze, and manage different aspects of systems and networks. The list will cover command prompts, shell commands, and other tools. |
||||
Common operating system (OS) commands are essential for interacting with a system's shell or command-line interface (CLI). These commands allow users to perform a wide range of tasks, such as navigating the file system, managing files and directories, checking system status, and administering processes. Below are some commonly used commands across Unix/Linux and Windows operating systems: |
||||
|
||||
_Please note this guide assumes you already have basic knowledge of command line interfaces (CLI)_ |
||||
1. **Navigating the File System:** |
||||
- Unix/Linux: `ls` (list files), `cd` (change directory), `pwd` (print working directory) |
||||
- Windows: `dir` (list files), `cd` (change directory), `echo %cd%` (print working directory) |
||||
|
||||
## Operating System Commands |
||||
2. **File and Directory Management:** |
||||
- Unix/Linux: `cp` (copy files), `mv` (move/rename files), `rm` (remove files), `mkdir` (create directory) |
||||
- Windows: `copy` (copy files), `move` (move/rename files), `del` (delete files), `mkdir` (create directory) |
||||
|
||||
These commands are useful for managing and understanding your operating system and its components. |
||||
3. **System Information and Processes:** |
||||
- Unix/Linux: `top` or `htop` (view running processes), `ps` (list processes), `df` (disk usage), `uname` (system info) |
||||
- Windows: `tasklist` (list processes), `taskkill` (kill process), `systeminfo` (system details) |
||||
|
||||
## Windows |
||||
4. **File Permissions and Ownership:** |
||||
- Unix/Linux: `chmod` (change file permissions), `chown` (change file ownership) |
||||
- Windows: `icacls` (modify access control lists), `attrib` (change file attributes) |
||||
|
||||
- `ipconfig`: Display the IP configuration for all network interfaces on the device. |
||||
5. **Network Commands:** |
||||
- Unix/Linux: `ping` (test network connection), `ifconfig` or `ip` (network interface configuration), `netstat` (network statistics) |
||||
- Windows: `ping` (test network connection), `ipconfig` (network configuration), `netstat` (network statistics) |
||||
|
||||
- `netstat`: Display active network connections, listening ports, and routing tables. |
||||
These commands form the foundation of interacting with and managing an OS via the command line, providing greater control over system operations compared to graphical interfaces. |
||||
|
||||
- `systeminfo`: Display detailed information about the computer's hardware and software configuration. |
||||
Learn more from the following resources: |
||||
|
||||
- `nslookup`: Look up the IP address of a domain or host. |
||||
|
||||
- `ping`: Send a series of network packets to test network connectivity. |
||||
|
||||
## Linux/Unix/MacOS |
||||
|
||||
- `ifconfig`: Display the IP configuration for all network interfaces on the device. |
||||
|
||||
- `netstat`: Display active network connections, listening ports, and routing tables. |
||||
|
||||
- `uname -a`: Display detailed information about the operating system. |
||||
|
||||
- `dig`: Look up the IP address of a domain or host. |
||||
|
||||
- `ping`: Send a series of network packets to test network connectivity. |
||||
|
||||
## File System Commands |
||||
|
||||
These commands are useful for navigating and managing file systems on your device. |
||||
|
||||
## Windows |
||||
|
||||
- `dir`: List files and directories in the current directory. |
||||
|
||||
- `cd`: Change the current directory. |
||||
|
||||
- `copy`: Copy files from one location to another. |
||||
|
||||
- `move`: Move files from one location to another. |
||||
|
||||
- `del`: Delete specified files. |
||||
|
||||
## Linux/Unix/MacOS |
||||
|
||||
- `ls`: List files and directories in the current directory. |
||||
|
||||
- `cd`: Change the current directory. |
||||
|
||||
- `cp`: Copy files from one location to another. |
||||
|
||||
- `mv`: Move files from one location to another. |
||||
|
||||
- `rm`: Delete specified files. |
||||
|
||||
## Network Analysis Commands |
||||
|
||||
These commands are useful for analyzing and troubleshooting network connections. |
||||
|
||||
- `traceroute` (Linux/Unix/MacOS) / `tracert` (Windows): Display the route and transit delay of packets across a network. |
||||
|
||||
- `tcpdump` (Linux/Unix/MacOS) / `Wireshark` (Windows): Capture and analyze network traffic. |
||||
|
||||
## Cyber Security Tools |
||||
|
||||
- `nmap`: Scan networks and hosts for open ports and network services. |
||||
|
||||
- `Metasploit`: A penetration testing framework that simplifies the discovery and exploitation of vulnerabilities. |
||||
|
||||
- `John the Ripper`: A password-cracking tool that automatically detects and cracks multiple password formats. |
||||
|
||||
- `Wireshark`: A network protocol analyzer that captures and analyzes network traffic. |
||||
|
||||
- `Aircrack-ng`: A suite of tools for auditing wireless networks. |
||||
|
||||
By familiarizing yourself with these common commands and tools, you'll have a solid foundation to build upon in your cyber security journey. As you progress, you will encounter more advanced tools and techniques, so keep learning and stay curious! |
||||
- [@video@60 Linux commands you must know](https://www.youtube.com/watch?v=gd7BXuUQ91w) |
||||
- [@video@Top 40 Windows commands to know](https://www.youtube.com/watch?v=Jfvg3CS1X3A) |
||||
@ -1,39 +1,8 @@ |
||||
# Common Ports and their Uses |
||||
|
||||
Ports are crucial in networking, as they facilitate communication between devices and applications. They act as endpoints in the networking process, enabling data transfer. We've compiled a list of commonly used ports to help you understand their significance in cyber security. |
||||
Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services. |
||||
|
||||
## Transmission Control Protocol (TCP) Ports |
||||
Learn more from the following resources: |
||||
|
||||
- **FTP (File Transfer Protocol) - Ports 20 and 21**: FTP is a widely used protocol for transferring files. |
||||
|
||||
- **SSH (Secure Shell) - Port 22**: SSH allows secure communication and remote access to devices over an unsecured network. |
||||
|
||||
- **Telnet - Port 23**: Telnet is a text-based protocol that allows you to interact with remote devices over networks. |
||||
|
||||
- **SMTP (Simple Mail Transfer Protocol) - Port 25**: SMTP is a protocol for sending and receiving emails. |
||||
|
||||
- **DNS (Domain Name System) - Port 53**: DNS translates human-readable domain names into IP addresses to facilitate communication between devices. |
||||
|
||||
- **HTTP (Hypertext Transfer Protocol) - Port 80**: HTTP is the primary protocol used for communication on the World Wide Web. |
||||
|
||||
- **POP3 (Post Office Protocol 3) - Port 110**: POP3 is a protocol for receiving emails from your email server. |
||||
|
||||
- **IMAP (Internet Message Access Protocol) - Port 143**: IMAP is a more advanced email protocol that allows you to access and manage your emails on the email server. |
||||
|
||||
- **HTTPS (Hypertext Transfer Protocol Secure) - Port 443**: HTTPS is an encrypted and secure version of HTTP. |
||||
|
||||
- **RDP (Remote Desktop Protocol) - Port 3389**: RDP is a Microsoft-developed protocol for remotely accessing Windows devices. |
||||
|
||||
## User Datagram Protocol (UDP) Ports |
||||
|
||||
- **DHCP (Dynamic Host Configuration Protocol) - Ports 67 and 68**: DHCP is used to allocate IP addresses to devices within a network. |
||||
|
||||
- **DNS (Domain Name System) - Port 53**: (same function as in TCP) |
||||
|
||||
- **TFTP (Trivial File Transfer Protocol) - Port 69**: TFTP is a simplified version of FTP for quick and easy file transfer. |
||||
|
||||
- **SNMP (Simple Network Management Protocol) - Port 161**: SNMP enables monitoring and managing network devices, including printers, routers, and switches. |
||||
|
||||
- **NTP (Network Time Protocol) - Port 123**: NTP is a standard protocol used to synchronize time across network devices. |
||||
|
||||
Understanding these common ports and their functions is essential for network administrators and cyber security professionals. Proper knowledge of these ports will help you identify and assess potential security risks, as well as implement robust network defense measures. |
||||
- [@video@Common network ports](https://www.youtube.com/watch?v=dh8h-4u7Wak) |
||||
- [@article@Common network ports you should know](https://opensource.com/article/18/10/common-network-ports) |
||||
@ -1,35 +1,8 @@ |
||||
# Common Protocols and their Uses |
||||
|
||||
In this section, we will discuss some of the most common protocols used in networking and their importance in maintaining cyber security. Protocols are a set of rules and procedures that define how data should be transmitted, formatted, and processed over a network. |
||||
Networking protocols are essential for facilitating communication between devices and systems across networks. In cybersecurity, understanding these protocols is crucial for identifying potential vulnerabilities and securing data transmission. Common protocols include TCP/IP, the foundation of internet communication, which ensures reliable data delivery. HTTP and HTTPS are used for web browsing, with HTTPS providing encrypted connections. FTP and SFTP handle file transfers, while SMTP, POP3, and IMAP manage email services. DNS translates domain names to IP addresses, and DHCP automates IP address assignment. SSH enables secure remote access and management of systems. Other important protocols include TLS/SSL for encryption, SNMP for network management, and VPN protocols like IPsec and OpenVPN for secure remote connections. Cybersecurity professionals must be well-versed in these protocols to effectively monitor network traffic, implement security measures, and respond to potential threats targeting specific protocol vulnerabilities. |
||||
|
||||
## HyperText Transfer Protocol (HTTP) and HTTPS |
||||
Learn more from the following resources: |
||||
|
||||
HTTP, or HyperText Transfer Protocol, is the foundation of data communication on the World Wide Web. It defines how data should be formatted and transmitted between a client (like your browser) and a web server. HTTP is a stateless protocol, meaning each request and response pair is independent from others. |
||||
|
||||
HTTPS, or HTTP Secure, is a secure version of HTTP that encrypts data between the client and server using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to protect sensitive data from being intercepted or tampered with. |
||||
|
||||
## Transmission Control Protocol (TCP) |
||||
|
||||
TCP, or Transmission Control Protocol, is a reliable, connection-oriented protocol that ensures data is delivered correctly between applications over a network. It ensures accurate and complete data delivery by establishing a connection, segmenting data into smaller packets, verifying the receipt of packets, and reordering packets to their original sequence. |
||||
|
||||
## Internet Protocol (IP) |
||||
|
||||
Internet Protocol (IP) is responsible for delivering packets from the source host to the destination host based on their IP addresses. IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has two main versions - IPv4 and IPv6. |
||||
|
||||
## User Datagram Protocol (UDP) |
||||
|
||||
UDP, or User Datagram Protocol, is a connectionless communication protocol used for fast and efficient data transmission. Unlike TCP, UDP does not provide error checking or guarantee delivery, making it suitable for real-time applications like video streaming and online gaming where low latency is crucial. |
||||
|
||||
## Domain Name System (DNS) |
||||
|
||||
The Domain Name System (DNS) is responsible for translating human-readable domain names (like www.example.com) into corresponding IP addresses that computers understand. This process is called domain name resolution. DNS is an essential component of internet communication, as it allows users to access websites using easy-to-remember names instead of numerical IP addresses. |
||||
|
||||
## File Transfer Protocol (FTP) |
||||
|
||||
File Transfer Protocol (FTP) is a standard network protocol used for transferring files from one host to another over a TCP-based network, such as the Internet. FTP is commonly used for sharing files and transferring files between a client and a server. |
||||
|
||||
## Simple Mail Transfer Protocol (SMTP) |
||||
|
||||
Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending email messages across a network. It defines how email messages should be formatted, encrypted, and relayed between email clients, servers, and other email systems. |
||||
|
||||
Understanding these common protocols and their roles in network communication is vital for ensuring the proper implementation of cyber security measures. It will help you better identify potential vulnerabilities and make informed decisions on network defense strategies. |
||||
- [@video@Networking For Hackers! (Common Network Protocols)](https://www.youtube.com/watch?v=p3vaaD9pn9I) |
||||
- [@article@12 common network protocols](https://www.techtarget.com/searchnetworking/feature/12-common-network-protocols-and-their-functions-explained) |
||||
@ -0,0 +1,8 @@ |
||||
# Compliance |
||||
|
||||
Compliance in cybersecurity refers to the adherence to laws, regulations, standards, and best practices designed to protect sensitive data and ensure the security of information systems. It encompasses a wide range of requirements that organizations must meet to safeguard their digital assets and maintain the trust of customers, partners, and regulatory bodies. Common compliance frameworks include GDPR for data protection in the EU, HIPAA for healthcare information in the US, PCI DSS for payment card industry, and ISO 27001 for information security management. Compliance often involves implementing specific security controls, conducting regular audits, maintaining documentation, and demonstrating ongoing commitment to security practices. While achieving compliance can be complex and resource-intensive, it is crucial for mitigating legal and financial risks, protecting reputation, and fostering a culture of security within organizations. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@What is Cyber Security Compliance?](https://www.comptia.org/content/articles/what-is-cybersecurity-compliance) |
||||
- [@article@Cyber Security Compliance 101](https://sprinto.com/blog/cyber-security-compliance/) |
||||
@ -1,71 +1,10 @@ |
||||
# Computer Hardware Components |
||||
|
||||
When it comes to understanding basic IT skills, one cannot overlook the importance of familiarizing yourself with the essential computer hardware components. These are the physical parts that make up a computer system, and understanding their functions will help you troubleshoot issues and maintain your device better. Here's a brief overview of some of the primary computer hardware components: |
||||
Computer hardware components are the physical parts of a computer system that work together to perform computing tasks. The key components include the **central processing unit (CPU)**, which is the "brain" of the computer responsible for executing instructions and processing data. The **motherboard** is the main circuit board that connects and allows communication between the CPU, memory, and other hardware. **Random Access Memory (RAM)** serves as the computer's short-term memory, storing data that is actively being used by the CPU for quick access. |
||||
|
||||
## Central Processing Unit (CPU) |
||||
The **storage device**, such as a hard disk drive (HDD) or solid-state drive (SSD), is where data is permanently stored, including the operating system, applications, and files. The **power supply unit (PSU)** provides the necessary electrical power to run the components. **Graphics processing units (GPU)**, dedicated for rendering images and videos, are important for tasks like gaming, video editing, and machine learning. Additionally, **input devices** like keyboards and mice, and **output devices** like monitors and printers, enable users to interact with the system. Together, these components make up the essential hardware of a computer, enabling it to perform various computing functions. |
||||
|
||||
The CPU serves as the heart and brain of a computer. It performs all the processing inside the computer and is responsible for executing instructions, performing calculations, and managing the flow of data. |
||||
Learn more from the following resources: |
||||
|
||||
**Key Points:** |
||||
|
||||
- Considered the "brain" of the computer. |
||||
- Performs all the major processes and calculations. |
||||
|
||||
## Motherboard |
||||
|
||||
The motherboard is the main circuit board that connects all components of the computer. It provides a central hub for communication between the CPU, memory, and other hardware components. |
||||
|
||||
**Key Points:** |
||||
|
||||
- Connects all other hardware components. |
||||
- Allows components to communicate with each other. |
||||
|
||||
## Memory (RAM) |
||||
|
||||
Random Access Memory (RAM) is where data is temporarily stored while the computer is powered on. The data is constantly accessed, written, and rewritten by the CPU. The more RAM a system has, the more tasks it can process simultaneously. |
||||
|
||||
**Key Points:** |
||||
|
||||
- Temporary storage for data while the computer is on. |
||||
- More RAM allows for better multitasking. |
||||
|
||||
## Storage (Hard Drives) |
||||
|
||||
Storage devices like hard disk drives (HDD) or solid-state drives (SSD) are used to store data permanently on the computer, even when the device is powered off. Operating systems, software, and user files are stored on these drives. |
||||
|
||||
**Key Points:** |
||||
|
||||
- Permanent storage for data. |
||||
- Comes in HDD and SSD types, with SSDs being faster but more expensive. |
||||
|
||||
## Graphics Processing Unit (GPU) |
||||
|
||||
The GPU is responsible for rendering images, videos, and animations on the computer screen. Its main function is to handle and display graphics, making your visuals smooth and responsive. |
||||
|
||||
**Key Points:** |
||||
|
||||
- Handles and processes graphics and visuals. |
||||
- Important for gaming, video editing, and graphic design tasks. |
||||
|
||||
## Power Supply Unit (PSU) |
||||
|
||||
The power supply unit provides the necessary power to all components in the computer. It converts the AC power from the wall socket into the DC power that the computer's components require. |
||||
|
||||
**Key Points:** |
||||
|
||||
- Provides power to all computer components. |
||||
- Converts AC power to DC power. |
||||
|
||||
## Input/Output Devices |
||||
|
||||
Input devices, such as a mouse, keyboard, or scanner, are used to interact with and input data into the computer. Output devices, like the display monitor and speakers, present information and data in a format we can understand. |
||||
|
||||
**Key Points:** |
||||
|
||||
- Input devices allow users to interact with the computer. |
||||
- Output devices present information to the user. |
||||
|
||||
By understanding these essential computer hardware components, you can enhance your knowledge of how a computer functions and improve your IT troubleshooting and maintenance skills. Happy computing! |
||||
|
||||
- [@video@What does what in your computer? Computer parts Explained](https://youtu.be/ExxFxD4OSZ0) |
||||
- [@feed@Explore top posts about Hardware](https://app.daily.dev/tags/hardware?ref=roadmapsh) |
||||
- [@video@Computer Components for Dummies](https://www.youtube.com/watch?v=cZs6kh0WFRY) |
||||
- [@article@What is computer hardware?](https://uk.crucial.com/articles/pc-builders/what-is-computer-hardware) |
||||
|
||||
@ -1,32 +1,19 @@ |
||||
# Connection Types and their function |
||||
|
||||
In the realm of cyber security, understanding various connection types is crucial in maintaining a secure network environment. This section will provide you with an overview of different connection types commonly encountered in IT and their impact on security. |
||||
There are several types of network connections that enable communication between devices, each serving different functions based on speed, reliability, and purpose. **Ethernet** is a wired connection type commonly used in local area networks (LANs), providing high-speed, stable, and secure data transfer. Ethernet is ideal for businesses and environments where reliability is crucial, offering speeds from 100 Mbps to several Gbps. |
||||
|
||||
## Wired Connections |
||||
**Wi-Fi**, a wireless connection, enables devices to connect to a network without physical cables. It provides flexibility and mobility, making it popular in homes, offices, and public spaces. While Wi-Fi offers convenience, it can be less reliable and slower than Ethernet due to signal interference or distance from the access point. |
||||
|
||||
Ethernet is the most widespread and commonly used wired connection type. It provides a secure, high-speed data transmission between devices, such as computers, routers, and switches, using Category 5 (Cat5) or higher cables. Ethernet connections are generally considered more reliable and secure compared to wireless connections because they are less vulnerable to interference and unauthorized access. |
||||
**Bluetooth** is a short-range wireless technology primarily used for connecting peripherals like headphones, keyboards, and other devices. It operates over shorter distances, typically up to 10 meters, and is useful for personal device communication rather than networking larger systems. |
||||
|
||||
## USB (Universal Serial Bus) |
||||
**Fiber-optic connections** use light signals through glass or plastic fibers to transmit data at very high speeds over long distances, making them ideal for internet backbones or connecting data centers. Fiber is faster and more reliable than traditional copper cables, but it is also more expensive to implement. |
||||
|
||||
USB is a popular connection type, primarily used for connecting peripheral devices such as keyboards, mice, and storage devices to computers. While USB provides a convenient way of expanding a computer's functionality, it also poses security risks. Using untrusted USB devices can lead to the spread of malware, making it essential to ensure that only trusted devices are connected to your system. |
||||
**Cellular connections**, such as 4G and 5G, allow mobile devices to connect to the internet via wireless cellular networks. These connections offer mobility, enabling internet access from almost anywhere, but their speeds and reliability can vary depending on network coverage. |
||||
|
||||
## Wireless Connections |
||||
Each connection type plays a specific role, balancing factors like speed, distance, and convenience to meet the varying needs of users and organizations. |
||||
|
||||
Wi-Fi is the most prevalent wireless connection type, allowing devices to connect to the internet and each other without the need for physical cables. Although Wi-Fi provides greater flexibility and mobility, it introduces additional security risks. To minimize these risks, always use encryption (preferably WPA3 or WPA2), strong passwords, and update your router's firmware regularly. |
||||
Learn more from the following resources: |
||||
|
||||
## Bluetooth |
||||
|
||||
Bluetooth is another widely used wireless connection type, primarily designed for short-range communication between devices such as smartphones, speakers, and headsets. While Bluetooth offers convenience, it can also be susceptible to attacks, such as Bluesnarfing and Bluejacking. To mitigate these risks, keep your devices updated, use Bluetooth 4.0 or higher, and disable Bluetooth when not in use. |
||||
|
||||
## Network Connections |
||||
|
||||
A VPN is a secure tunnel that creates a private network connection over a public network (such as the internet) by encrypting data transfers between devices. VPNs help protect sensitive information from being intercepted by unauthorized parties and are especially useful when accessing public Wi-Fi hotspots. Always use trusted VPN providers to ensure your data remains encrypted and private. |
||||
|
||||
## Peer-to-Peer (P2P) |
||||
|
||||
P2P is a decentralized connection type where devices connect directly with each other, without the need for a central server. P2P is commonly used for file-sharing services and can pose significant security risks if utilized without adequate security measures in place. To minimize risks, avoid using untrusted P2P services and refrain from sharing sensitive information on such networks. |
||||
|
||||
In summary, understanding and managing different connection types is an essential aspect of cyber security. By using secure connections and taking preventive measures, you can reduce the risk of unauthorized access, data breaches, and other malicious activities. |
||||
|
||||
- [@video@Connection & Service Types Pt. 1](https://youtu.be/TzEMiD2mc-Q) |
||||
- [@video@Connection & Services Types Pt. 2 ](https://youtu.be/4N3M1aKzoyQ) |
||||
- [@article@What is ethernet?](https://www.techtarget.com/searchnetworking/definition/Ethernet) |
||||
- [@article@What is WiFi and how does it work?](https://computer.howstuffworks.com/wireless-network.htm) |
||||
- [@article@How bluetooth works](https://electronics.howstuffworks.com/bluetooth.htm) |
||||
@ -1,26 +1,8 @@ |
||||
# Containment |
||||
|
||||
In the Incident Response Process, containment is the step where the identified threat is controlled to prevent any further damage to the system and organization, while maintaining the integrity of the collected incident data. The primary goal of containment is to limit the attack's scope and prevent any further compromises. |
||||
Containment in cybersecurity refers to the process of limiting the impact of a security incident by isolating affected systems, networks, or data to prevent further spread or damage. When a breach or malware infection is detected, containment strategies are quickly implemented to halt the attack's progress, often by disconnecting compromised systems from the network, blocking malicious traffic, or restricting user access. Containment is a critical step in incident response, allowing security teams to control the situation while they investigate the root cause, assess the extent of the breach, and prepare for remediation. Effective containment minimizes the potential harm to the organization, preserving the integrity of unaffected systems and data. |
||||
|
||||
## Short-term and Long-term Containment |
||||
Learn more from the following resources: |
||||
|
||||
There are two main types of containment measures that need to be applied depending on the nature of the incident: short-term and long-term containment. |
||||
|
||||
## Short-term Containment |
||||
|
||||
These measures are focused on stopping the immediate threat by disconnecting affected systems, blocking harmful IP addresses, or temporarily disabling the vulnerable service. However, these steps might result in the loss of valuable incident data, so it is essential to balance these actions against preserving evidence necessary for further investigation. |
||||
|
||||
## Long-term Containment |
||||
|
||||
Long-term containment focuses on implementing more sustainable solutions to address the root cause of the incident, such as updating security patches, configuring firewalls, and implementing access control measures. These actions are taken to prevent reoccurrence and must be performed in parallel with the recovery phase to ensure a comprehensive Incident Response Process. |
||||
|
||||
## Key Steps in Containment |
||||
|
||||
The following are some key steps that you should follow during the containment phase: |
||||
|
||||
- **Isolate** - Segregate the affected systems from the rest of the network to stop the spread of the threat. |
||||
- **Preserve Evidence** - Securely capture relevant logs and data for future analysis and investigation. |
||||
- **Implement Temporary Measures** - Take immediate actions to block the attacker and secure the environment while minimizing disruption. |
||||
- **Update Containment Strategy** - Integrate lessons learned from previous incidents and external resources to continuously improve your containment process. |
||||
|
||||
By properly executing the containment phase of the Incident Response Process, you will be well-prepared to eradicate the root cause of the cyber security threat and recover your affected systems with minimal damage to your organization. |
||||
- [@article@Microsoft security incident management: Containment, eradication, and recovery](https://learn.microsoft.com/en-us/compliance/assurance/assurance-sim-containment-eradication-recovery) |
||||
- [@article@Containment - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/containment.html) |
||||
@ -1,31 +1,8 @@ |
||||
# Core Concepts of Zero Trust |
||||
|
||||
_Zero Trust_ is a modern security framework that addresses the ever-evolving threat landscape in the digital world. It emphasizes the idea of "never trust, always verify". This approach requires organizations to abandon the traditional perimeter-based security models and adopt a more comprehensive, holistic approach to protecting their data and assets. |
||||
The core concepts of Zero Trust revolve around the principle of "never trust, always verify," emphasizing the need to continuously validate every user, device, and application attempting to access resources, regardless of their location within or outside the network perimeter. Unlike traditional security models that rely on a strong perimeter defense, Zero Trust assumes that threats could already exist inside the network and that no entity should be trusted by default. Key principles include strict identity verification, least privilege access, micro-segmentation, and continuous monitoring. This approach limits access to resources based on user roles, enforces granular security policies, and continuously monitors for abnormal behavior, ensuring that security is maintained even if one segment of the network is compromised. Zero Trust is designed to protect modern IT environments from evolving threats by focusing on securing data and resources, rather than just the network perimeter. |
||||
|
||||
## Core Principles |
||||
Learn more from the following resources: |
||||
|
||||
- **Deny trust by default**: Assume all network traffic, both inside and outside the organization, is potentially malicious. Do not trust any user, device, or application just because they are within the network perimeter. |
||||
|
||||
- **Verify every request**: Authenticate and authorize all requests (even for those from within the network) before granting access to any resource. Ensure that each user, device, or application is properly identified, and their access to resources is appropriate based on their role, rights, and privileges. |
||||
|
||||
- **Apply least privilege**: Limit users, applications, and devices to the minimum level of access required to perform their functions. This minimizes the risk of unauthorized access, and reduces the potential attack surface. |
||||
|
||||
- **Segment networks**: Isolate and segregate different parts of the network to limit the potential impact of a breach. If an attacker gains access to one segment, they should not be able to move laterally across the network and access other sensitive data. |
||||
|
||||
- **Inspect and log all traffic**: Actively monitor, analyze, and log network traffic to identify potential security incidents and perform forensic investigations. This provides valuable insights for security teams to continuously improve their security posture and detect early signs of malicious activities. |
||||
|
||||
## Benefits |
||||
|
||||
- **Reduced attack surface**: Limiting access to sensitive resources and segmenting the network makes it more challenging for attackers to compromise systems and access valuable data. |
||||
|
||||
- **Enhanced visibility and monitoring**: By continuously inspecting and logging all traffic, security teams can gain unprecedented levels of visibility, helping them identify potential threats and attacks more effectively. |
||||
|
||||
- **Improved compliance and governance**: Implementing a Zero Trust model reinforces an organization's compliance and governance posture, ensuring access to sensitive data is only granted to authorized users. |
||||
|
||||
- **Adaptability**: A Zero Trust approach can be applied to a wide range of environments and can be tailored to meet the specific security needs and objectives of an organization. |
||||
|
||||
By implementing a Zero Trust framework, an organization can strengthen its security posture, safeguard against internal and external threats, and maintain control over their critical assets in an increasingly interconnected world. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@video@Zero Trust - Professor Messer](https://www.youtube.com/watch?v=zC_Pndpg8-c) |
||||
- [@article@What is a zero trust network?](https://www.cloudflare.com/en-gb/learning/security/glossary/what-is-zero-trust/) |
||||
- [@video@Zero trust explained in 4 minutes](https://www.youtube.com/watch?v=yn6CPQ9RioA) |
||||
@ -1,35 +1,8 @@ |
||||
# CSF |
||||
|
||||
## Cybersecurity Framework (CSF) Summary |
||||
# Cybersecurity Framework (CSF) |
||||
|
||||
The Cybersecurity Framework (CSF) is a set of guidelines aimed at helping organizations better protect their critical infrastructure from cyber threats. Developed by the National Institute of Standards and Technology (NIST), this voluntary framework provides a flexible, risk-based approach to managing cybersecurity risks. |
||||
|
||||
## Key Components of CSF |
||||
|
||||
CSF comprises three key components: |
||||
|
||||
- **Core** - Consists of five functions, each representing a high-level cybersecurity activity: |
||||
|
||||
- Identify: Understand the organization's cybersecurity risks. |
||||
- Protect: Implement safeguards to protect the critical infrastructure. |
||||
- Detect: Identify the occurrence of a potential cybersecurity event. |
||||
- Respond: Develop and implement appropriate actions to address detected cybersecurity events. |
||||
- Recover: Implement plans to restore systems and services after a cybersecurity incident. |
||||
|
||||
- **Tiers** - Provide context for organizations to consider the robustness of their cybersecurity program: |
||||
|
||||
- Tier 1: Partial – Minimal cybersecurity risk management practices. |
||||
- Tier 2: Risk Informed – Risk management practices in place, but not consistently applied. |
||||
- Tier 3: Repeatable – Risk management practices are consistent across the organization. |
||||
- Tier 4: Adaptive – Proactive approach to managing cybersecurity risks. |
||||
|
||||
- **Profiles** - Organizations create profiles to align their cybersecurity activities with their organizational goals, risk tolerance, and resources. A target profile represents desired outcomes, whereas a current profile reflects the current state of cybersecurity programs. |
||||
|
||||
## Benefits of Implementing CSF |
||||
|
||||
- Enhanced understanding of cybersecurity risks and corresponding management strategies within an organization. |
||||
- Improved ability to prioritize cybersecurity investments based on risk assessments. |
||||
- Strengthened communication between different departments and stakeholders regarding cybersecurity expectations and progress. |
||||
- Compliance with industry standards and guidelines, including support for organizations subject to regulatory requirements. |
||||
Learn more from the following resources: |
||||
|
||||
CSF offers organizations a structured approach to improving their cybersecurity posture. By following this framework, organizations can manage their cybersecurity risks more effectively, create a stronger defense against cyberattacks, and maintain the resilience of their critical infrastructure. |
||||
- [@official@NIST Cybersecurity Framework](https://www.nist.gov/cyberframework) |
||||
- [@video@NIST Cybersecurity Framework Explained](https://www.youtube.com/watch?v=_KXqDNVmpu8) |
||||
|
||||
@ -0,0 +1,8 @@ |
||||
# Cross-Site Request Forgery (CSRF) |
||||
|
||||
Cross-Site Request Forgery (CSRF) is a type of web security vulnerability that allows an attacker to trick a user into performing actions on a web application without their consent. It occurs when a malicious website or link causes a user’s browser to send unauthorized requests to a different site where the user is authenticated, such as submitting a form or changing account settings. Since the requests are coming from the user’s authenticated session, the web application mistakenly trusts them, allowing the attacker to perform actions like transferring funds, changing passwords, or altering user data. CSRF attacks exploit the trust that a web application has in the user's browser, making it critical for developers to implement countermeasures like CSRF tokens, same-site cookie attributes, and user confirmation prompts to prevent unauthorized actions. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@video@Cross-Site Request Forgery Explained](https://www.youtube.com/watch?v=eWEgUcHPle0) |
||||
- [@article@Cross-Site Request Forgery](https://owasp.org/www-community/attacks/csrf) |
||||
@ -1,25 +1,8 @@ |
||||
# default gateway |
||||
|
||||
In our journey through IP terminology, we now arrive at the topic of **Default Gateway**. Understanding the role and importance of the default gateway in a network is crucial for grasping the fundamentals of cyber security and data routing. |
||||
A default gateway is a network node, typically a router or a firewall, that serves as the access point or intermediary between a local network and external networks, such as the internet. When a device on a local network needs to communicate with a device outside its own subnet—such as accessing a website or sending an email—it sends the data to the default gateway, which then routes it to the appropriate external destination. The default gateway acts as a traffic director, ensuring that data packets are correctly forwarded between the internal network and external networks, making it a crucial component for enabling communication beyond the local network's boundaries. |
||||
|
||||
## Overview |
||||
Learn more from the following resources: |
||||
|
||||
The default gateway is basically a device (usually a router) on a network which serves as an access point for data traffic to travel from the local network to other networks, such as the internet. This device acts as a "middleman" between your computer and external networks, and is often set up by your internet service provider (ISP) or during the configuration of your own router. |
||||
|
||||
## Role in Networks |
||||
|
||||
In a nutshell, the default gateway plays the following roles: |
||||
|
||||
- **Packet Routing**: It directs the network packets from your local computer or device to their ultimate destination. When a packet with a destination IP address is not on the same network as the source device, the default gateway routes the packet to the appropriate external network. |
||||
|
||||
- **Address Resolution Protocol (ARP)**: The default gateway obtains the physical address (MAC address) of a computer that is located on another network by using ARP. |
||||
|
||||
- **Protection**: In many cases, the default gateway also serves as a layer of network protection by restricting access to certain external networks, as well as regulating traffic from the internet. |
||||
|
||||
## Configuration |
||||
|
||||
To benefit from the services of a default gateway, your device needs to be properly configured. Most devices and operating systems obtain their network settings (including the default gateway address) automatically using DHCP. But you can also configure network settings manually if needed. |
||||
|
||||
**Note**: Each device connected to a network must have a unique IP address. Also, remember that devices on the same network should use the same default gateway address. |
||||
|
||||
In conclusion, recognizing the significance of the default gateway and having a working knowledge of how it functions is an essential part of IP terminology, affecting both cyber security and efficient data routing. Continuing your education on the subject will better equip you to take advantage of your devices' networking features, as well as protect your valuable data from potential cyber threats. |
||||
- [@article@What is a default gateway?](https://nordvpn.com/blog/what-is-a-default-gateway/?srsltid=AfmBOoosi5g4acnT9Gv_B86FMGr72hWDhk8J-4jr1HvxPCSu96FikCyw) |
||||
- [@video@Routers and Default Gateways](https://www.youtube.com/watch?v=JOomC1wFrbU) |
||||
@ -1,23 +1,8 @@ |
||||
# DHCP |
||||
# Dynamic Host Configuration Protocol (DHCP) |
||||
|
||||
**Dynamic Host Configuration Protocol (DHCP)** is a network protocol that enables automatic assignment of IP addresses to devices on a network. It is an essential component of IP networking and aims to simplify the process of configuring devices to communicate over an IP-based network. |
||||
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services. |
||||
|
||||
## Key Features of DHCP |
||||
Learn more from the following resources: |
||||
|
||||
- **Automatic IP Address Assignment**: DHCP eliminates the need for manual IP address assignment by automatically providing devices with the necessary IP addresses, reducing the risk of duplicate addressing. |
||||
- **Network Configuration**: In addition to IP addresses, DHCP can also provide other essential network information such as subnet mask, default gateway, and DNS server information. |
||||
- **IP Address Reuse**: When a device leaves the network or no longer needs an IP address, DHCP allows the address to be reused and assigned to a different device. |
||||
- **Lease Duration**: DHCP assigns IP addresses for a specific period called a "lease." After a lease expires, the device must request a new IP address or get its current address renewed. |
||||
|
||||
## How DHCP Works |
||||
|
||||
The DHCP process consists of four main steps: |
||||
|
||||
- **DHCP Discover**: A device (client) looking to join a network sends a broadcast message known as a "DHCP Discover" message to locate a DHCP server. |
||||
- **DHCP Offer**: Upon receiving the "DHCP Discover" broadcast, the DHCP server responds with a unicast "DHCP Offer" message containing the necessary network configuration information (e.g., IP address) for the client. |
||||
- **DHCP Request**: The client receives the offer and sends back a "DHCP Request" message to confirm the IP address assignment and other network information. |
||||
- **DHCP Acknowledgment (ACK)**: Finally, the DHCP server sends an "ACK" message confirming the successful assignment of IP address and network settings. The client can now use the allocated IP address to communicate over the network. |
||||
|
||||
## Importance in Cyber Security |
||||
|
||||
Understanding DHCP is crucial for network professionals and cyber security experts as it can be a potential attack vector. Adversaries can exploit DHCP by setting up rogue DHCP servers on the network, conducting man-in-the-middle attacks or even conducting denial-of-service attacks. Consequently, securing DHCP servers, monitoring network traffic for anomalies, and employing strong authentication and authorization methods are essential practices for maintaining network security. |
||||
- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg) |
||||
- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top) |
||||
@ -1,23 +1,8 @@ |
||||
# DHCP |
||||
# Dynamic Host Configuration Protocol (DHCP) |
||||
|
||||
**Dynamic Host Configuration Protocol (DHCP)** is a network protocol that enables automatic assignment of IP addresses to devices on a network. It is an essential component of IP networking and aims to simplify the process of configuring devices to communicate over an IP-based network. |
||||
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services. |
||||
|
||||
## Key Features of DHCP |
||||
Learn more from the following resources: |
||||
|
||||
- **Automatic IP Address Assignment**: DHCP eliminates the need for manual IP address assignment by automatically providing devices with the necessary IP addresses, reducing the risk of duplicate addressing. |
||||
- **Network Configuration**: In addition to IP addresses, DHCP can also provide other essential network information such as subnet mask, default gateway, and DNS server information. |
||||
- **IP Address Reuse**: When a device leaves the network or no longer needs an IP address, DHCP allows the address to be reused and assigned to a different device. |
||||
- **Lease Duration**: DHCP assigns IP addresses for a specific period called a "lease." After a lease expires, the device must request a new IP address or get its current address renewed. |
||||
|
||||
## How DHCP Works |
||||
|
||||
The DHCP process consists of four main steps: |
||||
|
||||
- **DHCP Discover**: A device (client) looking to join a network sends a broadcast message known as a "DHCP Discover" message to locate a DHCP server. |
||||
- **DHCP Offer**: Upon receiving the "DHCP Discover" broadcast, the DHCP server responds with a unicast "DHCP Offer" message containing the necessary network configuration information (e.g., IP address) for the client. |
||||
- **DHCP Request**: The client receives the offer and sends back a "DHCP Request" message to confirm the IP address assignment and other network information. |
||||
- **DHCP Acknowledgment (ACK)**: Finally, the DHCP server sends an "ACK" message confirming the successful assignment of IP address and network settings. The client can now use the allocated IP address to communicate over the network. |
||||
|
||||
## Importance in Cyber Security |
||||
|
||||
Understanding DHCP is crucial for network professionals and cyber security experts as it can be a potential attack vector. Adversaries can exploit DHCP by setting up rogue DHCP servers on the network, conducting man-in-the-middle attacks or even conducting denial-of-service attacks. Consequently, securing DHCP servers, monitoring network traffic for anomalies, and employing strong authentication and authorization methods are essential practices for maintaining network security. |
||||
- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg) |
||||
- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top) |
||||
@ -0,0 +1,8 @@ |
||||
# Diamond Model |
||||
|
||||
The Diamond Model is a cybersecurity framework used for analyzing and understanding cyber threats by breaking down an attack into four core components: Adversary, Infrastructure, Capability, and Victim. The Adversary represents the entity behind the attack, the Infrastructure refers to the systems and resources used by the attacker (such as command and control servers), the Capability denotes the tools or malware employed, and the Victim is the target of the attack. The model emphasizes the relationships between these components, helping analysts to identify patterns, track adversary behavior, and understand the broader context of cyber threats. By visualizing and connecting these elements, the Diamond Model aids in developing more effective detection, mitigation, and response strategies. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@The Diamond Model: Simple Intelligence-Driven Intrusion Analysis](https://kravensecurity.com/diamond-model-analysis/) |
||||
- [@video@The Diamond Model for Intrusion Detection](https://www.youtube.com/watch?v=3AOKomsmeUY) |
||||
@ -1,107 +1,8 @@ |
||||
# dig |
||||
|
||||
Dig, short for Domain Information Groper, is a command-line tool used to query Domain Name System (DNS) servers to obtain valuable information about DNS records. Dig is available on most Unix-based systems, including Linux and macOS, and can also be installed on Windows. |
||||
`dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems. |
||||
|
||||
As part of your incident response toolkit, dig helps you to discover essential domain details such as domain's IP addresses, mail server details, name servers, and more. This can be crucial when tracking down a cyberattack or monitoring the DNS health of your own organization. |
||||
Learn more from the following resources: |
||||
|
||||
## Installation |
||||
|
||||
For Linux and macOS systems, dig is usually pre-installed as part of the BIND (Berkeley Internet Name Domain) package. To check if dig is installed, execute the following command: |
||||
|
||||
``` |
||||
dig -v |
||||
``` |
||||
|
||||
If the command is not found, install it using your system's package manager: |
||||
|
||||
- For Debian-based systems (Debian, Ubuntu, etc.): |
||||
|
||||
``` |
||||
sudo apt-get install dnsutils |
||||
``` |
||||
|
||||
- For Red Hat-based systems (RHEL, CentOS, Fedora, etc.): |
||||
|
||||
``` |
||||
sudo yum install bind-utils |
||||
``` |
||||
|
||||
- For macOS: |
||||
|
||||
``` |
||||
brew install bind |
||||
``` |
||||
|
||||
- For Windows, download the BIND package from the [official website](https://www.isc.org/download/) and follow the installation instructions. |
||||
|
||||
## Basic Usage |
||||
|
||||
The basic syntax for using dig is: |
||||
|
||||
``` |
||||
dig [options] [name] [record type] |
||||
``` |
||||
|
||||
Where `options` can be various command-line flags, `name` is the domain name you want to query, and `record type` is the type of DNS record you want to fetch (e.g., A, MX, NS, TXT, etc.). |
||||
|
||||
Here are a few examples: |
||||
|
||||
- To query the IP addresses (A records) of example.com: |
||||
|
||||
``` |
||||
dig example.com A |
||||
``` |
||||
|
||||
- To query the mail servers (MX records) of example.com: |
||||
|
||||
``` |
||||
dig example.com MX |
||||
``` |
||||
|
||||
- To query the name servers (NS records) of example.com: |
||||
|
||||
``` |
||||
dig example.com NS |
||||
``` |
||||
|
||||
By default, dig queries your system's configured DNS servers, but you can also specify a custom DNS server as follows: |
||||
|
||||
``` |
||||
dig @8.8.8.8 example.com A |
||||
``` |
||||
|
||||
Where `8.8.8.8` is the IP address of the custom DNS server (e.g., Google's Public DNS). |
||||
|
||||
## Advanced Usage |
||||
|
||||
Dig offers a variety of options for specifying query behavior, controlling output, and troubleshooting DNS issues. |
||||
|
||||
- To display only the answer section of the response: |
||||
|
||||
``` |
||||
dig example.com A +short |
||||
``` |
||||
|
||||
- To control the number of retries and timeout: |
||||
|
||||
``` |
||||
dig example.com A +tries=2 +time=1 |
||||
``` |
||||
|
||||
- To query a specific DNSSEC (DNS Security Extensions) record: |
||||
|
||||
``` |
||||
dig example.com DNSKEY |
||||
``` |
||||
|
||||
- To show traceroute-like output for following the DNS delegation path: |
||||
|
||||
``` |
||||
dig example.com A +trace |
||||
``` |
||||
|
||||
For a comprehensive list of options, consult the [dig man page](https://manpages.debian.org/stretch/dnsutils/dig.1.en.html) and the [official BIND documentation](https://bind9.readthedocs.io/en/latest/reference.html#dig). |
||||
|
||||
## Conclusion |
||||
|
||||
Dig is a powerful and flexible tool for querying DNS information, making it an essential part of any cyber security professional's toolkit. Whether you're investigating a breach, monitoring domain health, or troubleshooting DNS issues, dig can help you discover critical information about domain names and their associated records. |
||||
- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=3AOKomsmeUY) |
||||
- [@article@How to use Linux dig command](https://www.google.com/search?client=firefox-b-d&q=linux+dig+command) |
||||
@ -1,7 +1,7 @@ |
||||
# Data Loss Prevention (DLP) |
||||
|
||||
Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes used by organizations to ensure that sensitive data is not lost, accessed, or misused by unauthorized users. DLP solutions monitor, detect, and block the movement of critical information outside an organization’s network, helping to prevent data breaches, leaks, and other security incidents. |
||||
|
||||
Visit the following resources to learn more: |
||||
- [@article@What is data loss prevention (DLP)?](https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP) |
||||
- [@article@What is DLP (data loss prevention)?](https://www.cloudflare.com/es-es/learning/access-management/what-is-dlp/) |
||||
# Data Loss Prevention (DLP) |
||||
|
||||
Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes used by organizations to ensure that sensitive data is not lost, accessed, or misused by unauthorized users. DLP solutions monitor, detect, and block the movement of critical information outside an organization’s network, helping to prevent data breaches, leaks, and other security incidents. |
||||
|
||||
Visit the following resources to learn more: |
||||
- [@article@What is data loss prevention (DLP)?](https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP) |
||||
- [@article@What is DLP (data loss prevention)?](https://www.cloudflare.com/es-es/learning/access-management/what-is-dlp/) |
||||
|
||||
@ -1,27 +1,9 @@ |
||||
# DNS |
||||
# Domain Name System (DNS) |
||||
|
||||
**DNS** is a key component in the internet infrastructure that translates human-friendly domain names (e.g., `www.example.com`) into IP addresses (e.g., `192.0.2.44`). This translation process enables us to easily connect to websites and other online resources without having to remember complex numeric IP addresses. |
||||
The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations. |
||||
|
||||
The DNS operates as a distributed and hierarchical system which involves the following components: |
||||
Learn more from the following resources: |
||||
|
||||
- **DNS Resolver**: Your device's initial contact point with the DNS infrastructure, often provided by your Internet Service Provider (ISP) or a third-party service like Google Public DNS. |
||||
|
||||
- **Root Servers**: The authoritative servers on the top of the DNS hierarchy that guide DNS queries to the appropriate Top-Level Domain (TLD) servers. |
||||
|
||||
- **TLD Servers**: These servers manage the allocation of domain names for top-level domains, such as `.com`, `.org`, etc. |
||||
|
||||
- **Authoritative Name Servers**: These are the servers responsible for storing the DNS records pertaining to a specific domain (e.g., `example.com`). |
||||
|
||||
Some common DNS record types you might encounter include: |
||||
|
||||
- **A (Address) Record**: Maps a domain name to an IPv4 address. |
||||
- **AAAA (Address) Record**: Maps a domain name to an IPv6 address. |
||||
- **CNAME (Canonical Name) Record**: Maps an alias domain name to a canonical domain name. |
||||
- **MX (Mail Exchange) Record**: Specifies the mail servers responsible for handling email for the domain. |
||||
- **TXT (Text) Record**: Contains human-readable or machine-readable text, often used for verification purposes or providing additional information about a domain. |
||||
|
||||
As an essential part of the internet, the security and integrity of the DNS infrastructure are crucial. However, it's vulnerable to various types of cyber attacks, such as DNS cache poisoning, Distributed Denial of Service (DDoS) attacks, and DNS hijacking. Proper DNS security measures, such as DNSSEC (DNS Security Extensions) and monitoring unusual DNS traffic patterns, can help mitigate risks associated with these attacks. |
||||
|
||||
- [@article@DNS in detail (TryHackMe)](https://tryhackme.com/room/dnsindetail) |
||||
- [@video@DNS Explained in 100 Seconds (YouTube)](https://www.youtube.com/watch?v=UVR9lhUGAyU) |
||||
- [@feed@Explore top posts about DNS](https://app.daily.dev/tags/dns?ref=roadmapsh) |
||||
- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU) |
||||
- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M) |
||||
- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/) |
||||
@ -1,27 +1,9 @@ |
||||
# DNS |
||||
# Domain Name System (DNS) |
||||
|
||||
**DNS** is a key component in the internet infrastructure that translates human-friendly domain names (e.g., `www.example.com`) into IP addresses (e.g., `192.0.2.44`). This translation process enables us to easily connect to websites and other online resources without having to remember complex numeric IP addresses. |
||||
The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations. |
||||
|
||||
The DNS operates as a distributed and hierarchical system which involves the following components: |
||||
Learn more from the following resources: |
||||
|
||||
- **DNS Resolver**: Your device's initial contact point with the DNS infrastructure, often provided by your Internet Service Provider (ISP) or a third-party service like Google Public DNS. |
||||
|
||||
- **Root Servers**: The authoritative servers on the top of the DNS hierarchy that guide DNS queries to the appropriate Top-Level Domain (TLD) servers. |
||||
|
||||
- **TLD Servers**: These servers manage the allocation of domain names for top-level domains, such as `.com`, `.org`, etc. |
||||
|
||||
- **Authoritative Name Servers**: These are the servers responsible for storing the DNS records pertaining to a specific domain (e.g., `example.com`). |
||||
|
||||
Some common DNS record types you might encounter include: |
||||
|
||||
- **A (Address) Record**: Maps a domain name to an IPv4 address. |
||||
- **AAAA (Address) Record**: Maps a domain name to an IPv6 address. |
||||
- **CNAME (Canonical Name) Record**: Maps an alias domain name to a canonical domain name. |
||||
- **MX (Mail Exchange) Record**: Specifies the mail servers responsible for handling email for the domain. |
||||
- **TXT (Text) Record**: Contains human-readable or machine-readable text, often used for verification purposes or providing additional information about a domain. |
||||
|
||||
As an essential part of the internet, the security and integrity of the DNS infrastructure are crucial. However, it's vulnerable to various types of cyber attacks, such as DNS cache poisoning, Distributed Denial of Service (DDoS) attacks, and DNS hijacking. Proper DNS security measures, such as DNSSEC (DNS Security Extensions) and monitoring unusual DNS traffic patterns, can help mitigate risks associated with these attacks. |
||||
|
||||
- [@article@DNS in detail (TryHackMe)](https://tryhackme.com/room/dnsindetail) |
||||
- [@video@DNS Explained in 100 Seconds (YouTube)](https://www.youtube.com/watch?v=UVR9lhUGAyU) |
||||
- [@feed@Explore top posts about DNS](https://app.daily.dev/tags/dns?ref=roadmapsh) |
||||
- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU) |
||||
- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M) |
||||
- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/) |
||||
@ -1,24 +1,8 @@ |
||||
# DNSSEC |
||||
# DNS Security Extensions (DNSSEC) |
||||
|
||||
DNS Security Extensions (DNSSEC) is a protocol designed to address security vulnerabilities in the Domain Name System (DNS). Here are the key points: |
||||
|
||||
- **Digital Signatures:** |
||||
DNSSEC protects against attacks by digitally signing DNS data. These signatures ensure data validity and prevent tampering. |
||||
|
||||
- **Hierarchical Signing:** |
||||
DNSSEC signs data at every level of the DNS lookup process. For instance, when looking up ‘google.com,’ the root DNS server signs a key for the .COM nameserver, which then signs a key for google.com’s authoritative nameserver. |
||||
|
||||
- **Backwards Compatibility:** |
||||
DNSSEC doesn’t disrupt traditional DNS lookups; it adds security without breaking existing functionality. It complements other security measures like SSL/TLS. |
||||
|
||||
- **Chain of Trust:** |
||||
DNSSEC establishes a parent-child trust chain from the root zone down to specific domains. |
||||
Any compromise in this chain exposes requests to on-path attacks. |
||||
DNS Security Extensions (DNSSEC) is a suite of protocols designed to add a layer of security to the Domain Name System (DNS) by enabling DNS responses to be authenticated. While DNS itself resolves domain names into IP addresses, it does not inherently verify the authenticity of the responses, leaving it vulnerable to attacks like cache poisoning, where an attacker injects malicious data into a DNS resolver’s cache. DNSSEC addresses this by using digital signatures to ensure that the data received is exactly what was intended by the domain owner and has not been tampered with during transit. When a DNS resolver requests information, DNSSEC-enabled servers respond with both the requested data and a corresponding digital signature. The resolver can then verify this signature using a chain of trust, ensuring the integrity and authenticity of the DNS response. By protecting against forged DNS data, DNSSEC plays a critical role in enhancing the security of internet communications. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@DNSSEC: What Is It and Why Is It Important? - ICANN](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) |
||||
- [@article@How DNSSEC Works - Cloudflare](https://www.cloudflare.com/dns/dnssec/how-dnssec-works/) |
||||
- [@article@What is DNS security? - Cloudflare](https://www.cloudflare.com/learning/dns/dns-security/) |
||||
- [@video@What is DNSSEC? - IBM](https://www.youtube.com/watch?v=Fk2oejzgSVQ) |
||||
- [@video@(DNS) 101 Miniseries](https://www.youtube.com/playlist?list=PLTk5ZYSbd9MhMmOiPhfRJNW7bhxHo4q-K) |
||||
- [@article@How DNSSEC works](https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/) |
||||
- [@video@What is DNSSEC?](https://www.youtube.com/watch?v=Fk2oejzgSVQ) |
||||
@ -0,0 +1,9 @@ |
||||
# Denial of Service (DoS) vs Distributed Denial of Service (DDoS) |
||||
|
||||
Denial of Service (DoS) and Distributed Denial of Service (DDoS) are both types of cyber attacks aimed at disrupting the normal functioning of a targeted service, typically a website or network. A DoS attack involves a single source overwhelming a system with a flood of requests or malicious data, exhausting its resources and making it unavailable to legitimate users. In contrast, a DDoS attack amplifies this disruption by using multiple compromised devices, often forming a botnet, to launch a coordinated attack from numerous sources simultaneously. This distributed nature makes DDoS attacks more challenging to mitigate, as the traffic comes from many different locations, making it harder to identify and block the malicious traffic. Both types of attacks can cause significant downtime, financial loss, and reputational damage to the targeted organization. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@video@What is Denial-of-Service attack?](https://www.youtube.com/watch?v=Z7xG3b0aL_I) |
||||
- [@video@What is a DDoS attack?](https://www.youtube.com/watch?v=z503nLsfe5s) |
||||
- [@article@DoS vs DDoS](https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos) |
||||
@ -0,0 +1,10 @@ |
||||
# Extensible Authentication Protocol (EAP) vs Protected Extensible Authentication Protocol (PEAP) |
||||
|
||||
EAP and PEAP are both authentication frameworks used in wireless networks and Point-to-Point connections to provide secure access. EAP is a flexible authentication framework that supports multiple authentication methods, such as token cards, certificates, and passwords, allowing for diverse implementations in network security. However, EAP by itself does not provide encryption, leaving the authentication process potentially vulnerable to attacks. |
||||
|
||||
PEAP, on the other hand, is a version of EAP designed to enhance security by encapsulating the EAP communication within a secure TLS (Transport Layer Security) tunnel. This tunnel protects the authentication process from eavesdropping and man-in-the-middle attacks. PEAP requires a server-side certificate to establish the TLS tunnel, but it does not require client-side certificates, making it easier to deploy while still ensuring secure transmission of credentials. PEAP is widely used in wireless networks to provide a secure authentication mechanism that protects user credentials during the authentication process. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@Extensible Authentication Protocol (EAP) for network access](https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access?tabs=eap-tls%2Cserveruserprompt-eap-tls%2Ceap-sim) |
||||
- [@article@What is Protected Extensible Authentication Protocol (PEAP)](https://www.techtarget.com/searchsecurity/definition/PEAP-Protected-Extensible-Authentication-Protocol) |
||||
@ -1,33 +1,8 @@ |
||||
# Endpoint Security |
||||
|
||||
Endpoint security refers to the practice of protecting individual devices, or "endpoints", that connect to your organization's network from potential cyber threats. These devices include desktop computers, laptops, smartphones, tablets, and servers. With the increase in remote working and the widespread use of personal devices in the workplace, endpoint security has become a critical aspect of a strong cybersecurity strategy. |
||||
|
||||
## Why is Endpoint Security Important? |
||||
|
||||
Endpoint devices serve as potential entry points for cybercriminals to access sensitive data and launch attacks against your organization's network. By securing these devices, you can prevent unauthorized access, reduce the risk of data breaches, and maintain the integrity of your network. |
||||
|
||||
## Key Components of Endpoint Security |
||||
|
||||
To effectively secure your endpoints, consider implementing the following measures: |
||||
|
||||
- **Antivirus and Malware Protection**: Make sure every endpoint device has up-to-date antivirus and anti-malware software installed. This will help to detect and remove malicious files, preventing them from causing harm to your network. |
||||
|
||||
- **Patch Management**: Stay up to date with the latest security patches for your operating systems and third-party applications. Regularly updating your software can help protect against vulnerabilities that cybercriminals may exploit. |
||||
|
||||
- **Device Management**: Implement a centralized device management solution that allows administrators to monitor, manage, and secure endpoints. This includes enforcing security policies, tracking device inventory, and remote wiping lost or stolen devices. |
||||
|
||||
- **Access Control**: Limit access to sensitive data by implementing a strict access control policy. Only grant necessary permissions to those who require it, and use authentication methods such as multi-factor authentication (MFA) to verify the identity of users. |
||||
|
||||
- **Encryption**: Encrypt sensitive data stored on endpoint devices to prevent unauthorized access to the data in case of device theft or loss. |
||||
|
||||
- **Firewall and Intrusion Prevention**: Deploy firewall and intrusion prevention systems to block external threats and alert administrators of potential attacks. |
||||
|
||||
- **User Training**: Educate users about the importance of endpoint security and the best practices for maintaining it. This includes topics like creating strong passwords, avoiding phishing scams, and following safe browsing practices. |
||||
|
||||
By taking a comprehensive approach to endpoint security, you can protect your organization's network and sensitive data from the growing threat of cyberattacks. |
||||
Endpoint security focuses on protecting individual devices that connect to a network, such as computers, smartphones, tablets, and IoT devices. It's a critical component of modern cybersecurity strategy, as endpoints often serve as entry points for cyberattacks. This approach involves deploying and managing security software on each device, including antivirus programs, firewalls, and intrusion detection systems. Advanced endpoint protection solutions may incorporate machine learning and behavioral analysis to detect and respond to novel threats. Endpoint security also encompasses patch management, device encryption, and access controls to mitigate risks associated with lost or stolen devices. As remote work and bring-your-own-device (BYOD) policies become more prevalent, endpoint security has evolved to include cloud-based management and zero-trust architectures, ensuring that security extends beyond the traditional network perimeter to protect data and systems regardless of device location or ownership. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@video@Endpoint Security](https://youtu.be/5d7PCDm_MXs?si=RX3sAdNPLG0tJOaR&t=11) |
||||
- [@course@Manage endpoint security - Microsoft Learn](https://learn.microsoft.com/en-us/training/paths/manage-endpoint-security/) |
||||
|
||||
- [@article@What is Endpoint Security?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/) |
||||
- [@video@Endpoints are the IT frontdoor - Gaurd them!](https://www.youtube.com/watch?v=Njqid_JpqTs) |
||||
@ -1,21 +1,8 @@ |
||||
# Eradication |
||||
|
||||
Eradication is a crucial step in the incident response process where the primary goal is to eliminate any malicious activity from the infected system(s) and halt the attacker's foothold in the network. This step usually follows the detailed analysis and identification of the nature and scope of the incident. Below are some key aspects of the eradication process: |
||||
Eradication in cybersecurity refers to the critical phase of incident response that follows containment, focusing on completely removing the threat from the affected systems. This process involves thoroughly identifying and eliminating all components of the attack, including malware, backdoors, and any alterations made to the system. Security teams meticulously analyze logs, conduct forensic examinations, and use specialized tools to ensure no traces of the threat remain. Eradication may require reimaging compromised systems, patching vulnerabilities, updating software, and resetting compromised credentials. It's a complex and often time-consuming process that demands precision to prevent reinfection or lingering security gaps. Successful eradication is crucial for restoring system integrity and preventing future incidents based on the same attack vector. After eradication, organizations typically move to the recovery phase, rebuilding and strengthening their systems with lessons learned from the incident. |
||||
|
||||
## Delete Malware & Vulnerability Patching |
||||
Learn more from the following resources: |
||||
|
||||
Once the incident has been identified and understood, teams must remove any malicious software, including viruses, worms, and Trojans from the affected systems. Simultaneously, patch any vulnerabilities that were exploited to ensure the effectiveness of the eradication process. |
||||
|
||||
## Enhance Security Measures |
||||
|
||||
After vulnerabilities have been patched, it's essential to boost the organization's security posture. This may involve updating and strengthening passwords, tightening access controls, or employing advanced security mechanisms like multi-factor authentication (MFA). |
||||
|
||||
## System Restoration |
||||
|
||||
In some cases, it may be necessary to restore compromised systems from known backups or clean images to eliminate any lingering threats. Before restoring, verify the integrity and safety of the backups and ensure the security vulnerability is patched to avoid reinfection. |
||||
|
||||
## Retain Evidentiary Data |
||||
|
||||
Be sure to retain any critical artifacts, logs, and other evidence associated with the incident. This information may be needed later for legal or insurance purposes, audit requirements, or continuous improvement of the organization's incident response capabilities. |
||||
|
||||
Remember that each incident is unique, and the eradication strategy must be customized according to the given incident's specifics. Proper documentation and communication should be maintained throughout the process to ensure smooth execution and avoid overlooking critical aspects. After eradication has been completed, it is essential to move forward and strengthen the overall cybersecurity posture to prevent future incidents. |
||||
- [@article@Eradication - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/eradication.html) |
||||
- [@article@What is eradication in Cybersecurity?](https://heimdalsecurity.com/blog/what-is-eradication-in-cybersecurity/) |
||||
@ -0,0 +1,8 @@ |
||||
# Event Logs |
||||
|
||||
Event logs are digital records that document activities and occurrences within computer systems and networks. They serve as a crucial resource for cybersecurity professionals, providing a chronological trail of system operations, user actions, and security-related events. These logs capture a wide range of information, including login attempts, file access, system changes, and application errors. In the context of security, event logs play a vital role in threat detection, incident response, and forensic analysis. They help identify unusual patterns, track potential security breaches, and reconstruct the sequence of events during an attack. Effective log management involves collecting logs from various sources, securely storing them, and implementing tools for log analysis and correlation. However, the sheer volume of log data can be challenging to manage, requiring advanced analytics and automation to extract meaningful insights and detect security incidents in real-time. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@What is an event log?](https://www.crowdstrike.com/cybersecurity-101/observability/event-log/) |
||||
- [@article@What are event logs and why do they matter?](https://www.blumira.com/blog/what-are-event-logs-and-why-do-they-matter) |
||||
@ -0,0 +1,10 @@ |
||||
# Firewalls & Next-Generation Firewalls |
||||
|
||||
Firewalls are network security devices that monitor and control incoming and outgoing traffic based on predetermined security rules. Traditional firewalls operate at the network layer, filtering traffic based on IP addresses, ports, and protocols. They provide basic protection by creating a barrier between trusted internal networks and untrusted external networks. |
||||
|
||||
Next-generation firewalls (NGFWs) build upon this foundation, offering more advanced features to address modern cyber threats. NGFWs incorporate deep packet inspection, application-level filtering, and integrated intrusion prevention systems. They can identify and control applications regardless of port or protocol, enabling more granular security policies. NGFWs often include additional security functions such as SSL/TLS inspection, antivirus scanning, and threat intelligence integration. This evolution allows for more comprehensive network protection, better visibility into network traffic, and improved defense against sophisticated attacks in today's complex and dynamic threat landscape. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@What is a firewall?](https://www.kaspersky.com/resource-center/definitions/firewall) |
||||
- [@article@What is a next-generation firewall (NGFW)?](https://www.cloudflare.com/en-gb/learning/security/what-is-next-generation-firewall-ngfw/) |
||||
@ -0,0 +1,8 @@ |
||||
# Firewall Logs |
||||
|
||||
Firewall logs are detailed records of network traffic and security events captured by firewall devices. These logs provide crucial information about connection attempts, allowed and blocked traffic, and potential security incidents. They typically include data such as source and destination IP addresses, ports, protocols, timestamps, and the action taken by the firewall. Security professionals analyze these logs to monitor network activity, detect unusual patterns, investigate security breaches, and ensure policy compliance. Firewall logs are essential for troubleshooting network issues, optimizing security rules, and conducting forensic analysis after an incident. However, the volume of log data generated can be overwhelming, necessitating the use of log management tools and security information and event management (SIEM) systems to effectively process, correlate, and derive actionable insights from the logs. Regular review and analysis of firewall logs are critical practices in maintaining a robust security posture and responding promptly to potential threats. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@What is firewall logging and why is it important?](https://cybriant.com/what-is-firewall-logging-and-why-is-it-important/) |
||||
- [@video@Reviewing firewall logs](https://www.youtube.com/watch?v=XiJ30f8V_T4) |
||||
@ -1,26 +1,8 @@ |
||||
# FTK Imager |
||||
|
||||
[FTK Imager](https://accessdata.com/product-download/digital-forensics/ftk-imager-version-3.1.1) is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents. |
||||
FTK Imager is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents. |
||||
|
||||
FTK Imager provides users with a variety of essential features, such as: |
||||
Learn more from the following resources: |
||||
|
||||
- **Creating forensic images**: FTK Imager can create a forensically sound image of a computer's disk or other storage device in various formats, including raw (dd), E01, and AFF formats. |
||||
|
||||
- **Previewing data**: It allows analysts to preview data stored on any imaging source, such as a hard drive, even before creating a forensic image so that they can determine if the source's data is relevant to the investigation. |
||||
|
||||
- **Acquiring live data**: FTK Imager can help capture memory (RAM) of a live system for further investigation, allowing you to analyze system information such as running processes, network connections, and file handles. |
||||
|
||||
- **Examining file systems**: It offers the ability to browse and examine file systems, identify file types, view, and export files and directories without needing to mount the disk image. |
||||
|
||||
- **Hashing support**: FTK Imager supports hashing files and capturing evident files, ensuring the integrity of data and confirming that the original data has not been tampered with during investigation and analysis. |
||||
|
||||
- **Mounting images**: Users can mount forensic images, enabling them to view and analyze disk images using various third-party tools. |
||||
|
||||
To use FTK Imager effectively in incident response: |
||||
|
||||
- Download and install FTK Imager from the [official website](https://accessdata.com/product-download/digital-forensics/ftk-imager-version-3.1.1). |
||||
- Launch FTK Imager to create forensic images of digital devices or storage media by following the [user guide](https://ad-pdf.s3.amazonaws.com/Imager%20Lite%204_2%20Users%20Guide.pdf) and best practices. |
||||
- Preview, examine, and export data as needed for further investigation and analysis. |
||||
- Use FTK Imager along with other forensic tools and techniques to perform comprehensive digital investigations during incident response and discovery scenarios. |
||||
|
||||
In summary, FTK Imager is a versatile tool that plays a critical role in incident response and discovery efforts by providing secure and forensically sound digital imaging capabilities, enabling investigators to preserve, analyze, and present digital evidence for successful cyber security investigations. |
||||
- [@official@Create Forensic Images with Exterro FTK Imager](https://www.exterro.com/digital-forensics-software/ftk-imager) |
||||
- [@video@Imaging a Directory Using FTK Imager](https://www.youtube.com/watch?v=trWDlPif84o) |
||||
|
||||
@ -0,0 +1,8 @@ |
||||
# File Transfer Protocol (FTP) vs Secure File Transfer Protol (SFTP) |
||||
|
||||
File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP) are both used for transferring files over networks, but they differ significantly in terms of security. FTP is an older protocol that transmits data in plain text, making it vulnerable to interception and unauthorized access. It typically uses separate connections for commands and data transfer, operating on ports 20 and 21. SFTP, on the other hand, is a secure version that runs over the SSH protocol, encrypting both authentication credentials and file transfers. It uses a single connection on port 22, providing better firewall compatibility. SFTP offers stronger authentication methods and integrity checking, making it the preferred choice for secure file transfers in modern networks. While FTP is simpler and may be faster in some scenarios, its lack of built-in encryption makes it unsuitable for transmitting sensitive information, leading many organizations to adopt SFTP or other secure alternatives to protect their data during transit. |
||||
|
||||
Learn more from the following resources: |
||||
|
||||
- [@article@FTP defined and explained](https://www.fortinet.com/resources/cyberglossary/file-transfer-protocol-ftp-meaning) |
||||
- [@video@How to use SFTP commands](https://www.youtube.com/watch?v=22lBJIfO9qQ) |
||||
@ -1,33 +1,10 @@ |
||||
# FTP |
||||
# File Transfer Protocol (FTP) |
||||
|
||||
**File Transfer Protocol (FTP)** is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today. |
||||
|
||||
## How FTP Works |
||||
FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today. |
||||
|
||||
FTP operates on a client-server model, where one computer acts as the client (the sender or requester) and the other acts as the server (the receiver or provider). The client initiates a connection to the server, usually by providing a username and password for authentication, and then requests a file transfer. |
||||
|
||||
FTP uses two separate channels to carry out its operations: |
||||
|
||||
- **Control Channel:** This channel is used to establish the connection between the client and the server and send commands, such as specifying the file to be transferred, the transfer mode, and the directory structure. |
||||
- **Data Channel:** This channel is used to transfer the actual file data between the client and the server. |
||||
|
||||
## FTP Modes |
||||
|
||||
FTP offers two modes of file transfer: |
||||
|
||||
- **ASCII mode:** This mode is used for transferring text files. It converts the line endings of the files being transferred to match the format used on the destination system. For example, if the file is being transferred from a Unix system to a Windows system, the line endings will be converted from LF (Unix) to CR+LF (Windows). |
||||
- **Binary mode:** This mode is used for transferring binary files, such as images, audio files, and executables. No conversion of the data is performed during the transfer process. |
||||
|
||||
## FTP Security Concerns |
||||
|
||||
FTP has some significant security issues, primarily because it was designed before the widespread use of encryption and authentication mechanisms. Some of these concerns include: |
||||
|
||||
- Usernames and passwords are transmitted in plain text, allowing anyone who can intercept the data to view them. |
||||
- Data transferred between the client and server is not encrypted by default, making it vulnerable to eavesdropping. |
||||
- FTP does not provide a way to validate a server's identity, leaving it vulnerable to man-in-the-middle attacks. |
||||
|
||||
To mitigate these security risks, several secure alternatives to the FTP protocol have been developed, such as FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol), which encrypt data transfers and provide additional security features. |
||||
|
||||
In conclusion, FTP is a commonly used protocol for transferring files between computers over a network. While it is easy to use, it has significant security vulnerabilities that make it a less desirable option for secure file transfers. It's essential to use more secure alternatives like FTPS or SFTP for transferring sensitive data. |
||||
Learn more from the following resources: |
||||
|
||||
- [@article@What Is FTP: FTP Explained for Beginners](https://www.hostinger.com/tutorials/what-is-ftp) |
||||
- [@video@What is FTP?](https://www.youtube.com/watch?v=HI0Oh4NJqcI) |
||||
- [@article@FTP meaning and uses](https://www.investopedia.com/terms/f/ftp-file-transfer-protocol.asp) |
||||
@ -1,69 +1,7 @@ |
||||
# Fundamental IT Skills |
||||
|
||||
Basic IT skills are the foundation for understanding and navigating the digital world, as well as playing a crucial role in cyber security. Given below are some essential IT skills that will help you enhance your experience with technology and better protect your digital assets. |
||||
Fundamental IT skills form the backbone of cybersecurity proficiency and encompass a broad range of technical knowledge. These skills include understanding computer hardware and software, networking concepts, and operating systems (particularly Windows and Linux). Proficiency in at least one programming language, such as Python or JavaScript, is increasingly important for automation and scripting tasks. Database management, including SQL, is crucial for handling and securing data. Knowledge of cloud computing platforms like AWS or Azure is becoming essential as organizations migrate to cloud environments. Familiarity with basic cybersecurity concepts such as encryption, access control, and common attack vectors provides a foundation for more advanced security work. Additionally, troubleshooting skills, the ability to interpret logs, and a basic understanding of web technologies are vital. These fundamental IT skills enable cybersecurity professionals to effectively protect systems, identify vulnerabilities, and respond to incidents in increasingly complex technological landscapes. |
||||
|
||||
## Computer Navigation |
||||
Learn more from the following resources: |
||||
|
||||
Understanding how to navigate a computer's operating system is a vital skill. This includes knowing how to: |
||||
|
||||
- Power on/off the device |
||||
- Manage files and folders |
||||
- Use shortcuts and right-click options |
||||
- Install and uninstall software |
||||
- Customize settings |
||||
|
||||
## Internet Usage |
||||
|
||||
Having a working knowledge of how to navigate the internet will allow you to access information and resources more efficiently. Key skills include: |
||||
|
||||
- Web browsing |
||||
- Internet searching |
||||
- Bookmark management |
||||
- Downloading files |
||||
- Understanding hyperlinks and web addresses |
||||
- Recognizing secure websites |
||||
|
||||
## Email Management |
||||
|
||||
Communication using email is an essential aspect of the modern digital world. Important email management skills are: |
||||
|
||||
- Creating and organizing contacts |
||||
- Composing, sending, and receiving emails |
||||
- Detecting and avoiding spam and phishing emails |
||||
- Managing email attachments |
||||
- Understanding email etiquette |
||||
|
||||
## Word Processing |
||||
|
||||
Word processing is a basic IT skill that is useful in both personal and professional environments. Skills related to word processing include: |
||||
|
||||
- Formatting text (font, size, bold, italic, etc.) |
||||
- Creating and editing documents |
||||
- Copying and pasting text |
||||
- Inserting images and tables |
||||
- Saving and printing documents |
||||
|
||||
## Software and Application Installation |
||||
|
||||
Being able to install and manage software can make your experience with technology more efficient and tailored to your needs. Basic software-related skills include: |
||||
|
||||
- Identifying reliable sources for downloading software |
||||
- Installing and updating applications |
||||
- Uninstalling unwanted or unnecessary programs |
||||
- Configuring applications according to your preferences |
||||
- Updating software to prevent vulnerabilities |
||||
|
||||
## Digital Security Awareness |
||||
|
||||
As the digital world is constantly evolving, so too are cyber threats. Therefore, remaining vigilant and familiarizing yourself with common cyber security practices is crucial. Some fundamental digital security skills include: |
||||
|
||||
- Creating strong, unique passwords |
||||
- Ensuring a secure and updated Wi-Fi connection |
||||
- Recognizing and avoiding phishing attempts |
||||
- Keeping software and operating systems updated |
||||
- Regularly backing up data |
||||
|
||||
By honing these basic IT skills, you will be better prepared to navigate and protect your digital life, as well as making the most of the technology at your fingertips. |
||||
|
||||
- [@video@IT skills Training for beginners | Complete Course](https://www.youtube.com/watch?v=On6dsIp5yw0) |
||||
- [@feed@Explore top posts about Career](https://app.daily.dev/tags/career?ref=roadmapsh) |
||||
- [@article@Top 10 in demand IT skills](https://www.comptia.org/blog/top-it-skills-in-demand) |
||||
|
||||
@ -1,33 +1,7 @@ |
||||
# Google Suite |
||||
# Google Workspace (Formerly G Suite) |
||||
|
||||
Google Suite, also known as G Suite or Google Workspace, is a collection of cloud-based productivity and collaboration tools developed by Google. These tools are designed to help individuals and businesses collaborate more efficiently and effectively. Here is a summary of some of the most popular tools in Google Suite: |
||||
Google Workspace, formerly known as G Suite, is a collection of cloud-based productivity and collaboration tools developed by Google. It includes popular applications such as Gmail for email, Google Drive for file storage and sharing, Google Docs for document creation and editing, Google Sheets for spreadsheets, and Google Meet for video conferencing. From a cybersecurity perspective, Google Workspace presents both advantages and challenges. It offers robust built-in security features like two-factor authentication, encryption of data in transit and at rest, and advanced threat protection. However, its cloud-based nature means organizations must carefully manage access controls, data sharing policies, and compliance with various regulations. Security professionals must be vigilant about potential phishing attacks targeting Google accounts, data leakage through improper sharing settings, and the risks associated with third-party app integrations. Understanding how to properly configure and monitor Google Workspace is crucial for maintaining the security of an organization's collaborative environment and protecting sensitive information stored within these widely-used tools. |
||||
|
||||
## Google Drive |
||||
Learn more from the following resources: |
||||
|
||||
Google Drive is a cloud storage service that allows users to store files, sync them across devices, and easily share them with others. With Google Drive, users get 15 GB of free storage, while more storage can be purchased as needed. |
||||
|
||||
## Google Docs, Sheets, and Slides |
||||
|
||||
These are the office suite tools that include a word processor (Docs), a spreadsheet program (Sheets), and a presentation program (Slides). All of these applications are web-based, allowing users to create, edit, and share documents in real-time with colleagues or collaborators. They also come with a variety of built-in templates, making it easier for users to quickly create and format their documents. |
||||
|
||||
## Google Forms |
||||
|
||||
Google Forms is a tool for creating custom online forms and surveys. Users can design forms with various question types, including multiple-choice, dropdown, and text-based questions. The data collected from the forms can be automatically organized and analyzed in Google Sheets. |
||||
|
||||
## Google Calendar |
||||
|
||||
A powerful scheduling tool, Google Calendar allows users to create and manage individual or shared calendars. Users can create events, invite attendees, and set reminders for themselves or others. Google Calendar also integrates with Gmail, allowing users to create and update events directly from their email. |
||||
|
||||
## Gmail |
||||
|
||||
Gmail is a widely-used email service that provides a clean and user-friendly interface, powerful search capabilities, and excellent spam filtering. Gmail also integrates with other Google tools, making it a seamless part of the overall suite. |
||||
|
||||
## Google Meet |
||||
|
||||
Google Meet is a video conferencing tool that allows users to host and join secure video meetings. With a G Suite account, users can schedule and join meetings directly from Google Calendar. Google Meet also supports screen sharing, breakout rooms, and live captioning during meetings. |
||||
|
||||
## Google Chat |
||||
|
||||
Google Chat is a communication platform for teams that provides direct messaging, group conversations, and virtual meeting spaces. Users can create chat rooms for specific projects or topics, collaborate on documents in real-time, and make use of Google Meet for video chats. |
||||
|
||||
These are just some of the many tools offered by Google Suite. This platform is a popular choice for individuals, teams, and organizations looking for a comprehensive and efficient way to manage their work and communication needs. |
||||
- [@official@Google Workspace Website](https://workspace.google.com/intl/en_uk/) |
||||
@ -1,32 +1,8 @@ |
||||
# GPEN |
||||
|
||||
The **GIAC Penetration Tester (GPEN)** certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications. |
||||
The GIAC Penetration Tester (GPEN) certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications. |
||||
|
||||
## Key Topics |
||||
Learn more from the following resources: |
||||
|
||||
- **Reconnaissance:** Utilize various methods to gather information on a target's infrastructure, services, and vulnerabilities. |
||||
- **Scanning:** Employ tools and techniques to actively probe and evaluate target systems, including Nmap, Nessus, and Metasploit. |
||||
- **Exploitation:** Understand how to exploit vulnerabilities effectively, including buffer overflow attacks, SQL injection, and browser-based attacks. |
||||
- **Password Attacks:** Employ password cracking tools and techniques to bypass authentication mechanisms. |
||||
- **Wireless and Monitoring**: Identify and exploit wireless networks, as well as monitor network traffic to uncover useful information. |
||||
- **Post Exploitation**: Perform post-exploitation activities like privilege escalation, lateral movement, and data exfiltration. |
||||
- **Legal and Compliance**: Understand the legal considerations involved in penetration testing, and follow industry best practices and standards. |
||||
|
||||
## Target Audience |
||||
|
||||
The GPEN certification is primarily aimed at cybersecurity professionals, network administrators, security consultants, and penetration testers looking to enhance their skills and reinforce their credibility in the industry. |
||||
|
||||
## Preparing for the GPEN Exam |
||||
|
||||
To prepare for the GPEN exam, candidates are recommended to have a strong foundation in the fundamentals of cybersecurity, networking, and ethical hacking. GIAC offers a comprehensive training course called "SEC560: Network Penetration Testing and Ethical Hacking" which aligns with the GPEN exam objectives. However, self-study using other resources like books, articles, and online tutorials is also a viable option. |
||||
|
||||
## Exam Details |
||||
|
||||
- **Number of Questions:** 115 |
||||
- **Type of Questions:** Multiple-choice |
||||
- **Duration:** 3 hours |
||||
- **Passing Score:** 74% |
||||
- **Exam Delivery:** Proctored, Online or at a testing center |
||||
- **Cost:** $1,999 USD (Includes one retake) |
||||
|
||||
Upon successfully passing the exam, candidates will receive the GIAC Penetration Tester certification, which is valid for four years. To maintain the certification, professionals must earn plus 36 Continuing Professional Education (CPE) credits every two years and pay a maintenance fee to keep their credentials active. |
||||
- [@official@GPEN Certification Website](https://www.giac.org/certifications/penetration-tester-gpen/) |
||||
- [@article@What is the GPEN Certification?](https://hackernoon.com/what-is-the-giac-penetration-tester-gpen-certification) |
||||
@ -1,32 +1,7 @@ |
||||
# GSEC |
||||
|
||||
The **GIAC Security Essentials Certification (GSEC)** is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices. |
||||
The GIAC Security Essentials Certification (GSEC) is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices. |
||||
|
||||
## Key Features of GSEC |
||||
Learn more from the following resources: |
||||
|
||||
- **Comprehensive coverage of security concepts**: GSEC covers a wide range of cybersecurity topics, including risk management, cryptography, access control, authentication, network security, wireless security, web application security, and incident response. |
||||
- **Hands-on approach**: GSEC focuses on practical, real-world situations and encourages students to develop problem-solving skills through hands-on labs and exercises. |
||||
- **Vendor-neutral**: Unlike other certifications that focus on specific technologies or tools, GSEC is vendor-neutral and teaches concepts and techniques that can be applied in various environments and platforms. |
||||
- **Globally recognized**: GSEC is a widely acknowledged certification among security professionals, and receiving it can help boost an individual's career in the cybersecurity industry. |
||||
|
||||
## GSEC Exam Details |
||||
|
||||
The GSEC exam consists of 180 questions, and candidates have a total of 5 hours to complete the test. The minimum passing score is 73%. The exam covers the following domains: |
||||
|
||||
- Active defense concepts |
||||
- Authentication and access control |
||||
- Basic understanding of cryptographic concepts |
||||
- Incident handling and response |
||||
- IP networking concepts and network security |
||||
- Security policy and contingency planning |
||||
|
||||
## Preparing for the GSEC Exam |
||||
|
||||
To prepare for the GSEC exam, you can use the following resources: |
||||
|
||||
- **GIAC's official training courses**: GIAC offers a comprehensive training course, known as "SEC401: Security Essentials Boot- camp Style," to help students develop the necessary knowledge and skills for the GSEC certification exam. This course is available in various formats, including online, classroom-based, and on-demand. |
||||
- **Study materials**: You can find several study guides, practice exams, and books specifically designed for GSEC exam preparation. These resources can help you deepen your understanding of the GSEC exam objectives and practice your skills through hands-on exercises. |
||||
- **Online forums and study groups**: Participate in online forums and study groups related to GSEC and cybersecurity in general. These platforms can provide valuable insights, tips, and experiences from other security professionals and candidates preparing for the exam. |
||||
- **GSEC Practice Exams**: GIAC offers two practice exams for the GSEC certification, which are an excellent way to assess your knowledge and identify areas that may require further attention. |
||||
|
||||
By obtaining the GSEC certification, you will demonstrate your advanced knowledge and skills in cybersecurity, showcasing your ability to protect information systems and networks effectively. This certification can be a significant asset to your career and help you stand out in the competitive cybersecurity job market. |
||||
- [@official@GSEC Certification Website](https://www.giac.org/certifications/security-essentials-gsec/) |
||||
@ -1,27 +1,8 @@ |
||||
# GuestOS |
||||
|
||||
A Guest OS (Operating System) is an essential component in virtualization. It is an operating system that runs within a virtual machine (VM) created by a host operating system or a hypervisor. In this scenario, multiple guest operating systems can operate on a single physical host machine, sharing resources provided by the host. |
||||
A Guest Operating System (Guest OS) refers to an operating system that runs within a virtual machine (VM) environment, managed by a hypervisor or virtual machine monitor. In virtualization technology, the Guest OS operates as if it were running on dedicated physical hardware, but it's actually sharing resources with the host system and potentially other guest systems. This concept is crucial in cybersecurity for several reasons. It allows for isolation of systems, enabling secure testing environments for malware analysis or vulnerability assessments. Guest OSes can be quickly deployed, cloned, or reset, facilitating rapid incident response and recovery. However, they also introduce new security considerations, such as potential vulnerabilities in the hypervisor layer, escape attacks where malware breaks out of the VM, and resource contention issues. Properly configuring, patching, and monitoring Guest OSes is essential for maintaining a secure virtualized infrastructure, balancing the benefits of flexibility and isolation with the need for robust security measures. |
||||
|
||||
## Key Features of Guest OS |
||||
Learn more from the following resources: |
||||
|
||||
- **Resource Sharing**: The guest OS shares the host's resources, such as CPU, memory, and storage, while having a virtualized environment of its own. |
||||
- **Isolation**: Each guest OS operates independently of others on the same host machine, ensuring that the performance or security of one system does not affect the others. |
||||
- **Customization**: You can install and manage different types of guest operating systems on the same host, catering to specific requirements or user preferences. |
||||
- **Portability**: The guest OS and its associated data can be easily moved to another host machine, simplifying the management of multiple systems for businesses and individuals. |
||||
|
||||
## Use Cases for Guest OS |
||||
|
||||
- **Testing and Development**: By providing a separate environment to experiment with different applications, guest operating systems are appropriate for testing and development. |
||||
- **Security**: Sandbox environments can be created within the guest OS for analyzing malware or executing potentially unsafe applications, without affecting the host machine's performance or security. |
||||
- **Legacy Applications**: Some older applications may not be compatible with modern operating systems. Having a guest OS with an older OS version helps to run these legacy applications. |
||||
- **Resource Optimization**: Virtualization enables businesses to make the most of their hardware investments, as multiple guest OS can share the resources of a single physical machine. |
||||
|
||||
## Guest OS Management |
||||
|
||||
To manage guest operating systems effectively, you must use virtualization software or a hypervisor. Some popular options include: |
||||
|
||||
- **VMware**: VMware provides tools like VMware Workstation and Fusion to create, manage, and run guest OS within virtual machines. |
||||
- **Oracle VirtualBox**: Oracle's VirtualBox is an open-source hypervisor that supports the creation and management of guests operating systems across multiple host OS platforms. |
||||
- **Microsoft Hyper-V**: Microsoft's free hypervisor solution, Hyper-V, is capable of creating and managing guest operating systems on Windows-based host machines. |
||||
|
||||
In conclusion, a guest operating system plays a vital role in virtualization, allowing users to operate multiple OS within virtual machines on a single host, optimizing resources, and providing the flexibility to work with a variety of applications and environments. |
||||
- [@article@What is a Guest Operating System?](https://www.techtarget.com/searchitoperations/definition/guest-OS-guest-operating-system) |
||||
- [@article@Guest Operating System](https://nordvpn.com/cybersecurity/glossary/guest-operating-system/?srsltid=AfmBOop0L-VFCtuYvEBQgHy7dCIa3sfzNVa-Zn6l0SniAYDpftfOgH7N) |
||||
|
||||
@ -1,34 +1,7 @@ |
||||
# GWAPT |
||||
|
||||
The **GIAC Web Application Penetration Tester (GWAPT)** certification validates an individual's ability to perform in-depth web application security assessments and exploit vulnerabilities. GWAPT focuses on using ethical hacking methodologies to conduct web application penetration testing with the goal of identifying, evaluating, and mitigating security risks. |
||||
The GIAC Web Application Penetration Tester (GWAPT) certification validates an individual's ability to perform in-depth web application security assessments and exploit vulnerabilities. GWAPT focuses on using ethical hacking methodologies to conduct web application penetration testing with the goal of identifying, evaluating, and mitigating security risks. |
||||
|
||||
## Key Concepts |
||||
Learn more from the following resources: |
||||
|
||||
The GWAPT certification covers several key concepts and areas, including but not limited to: |
||||
|
||||
- **Web Application Security:** Knowledge of various web application security concepts, such as authentication mechanisms, session management, input validation, and access control. |
||||
- **Testing Methodologies:** Understanding and application of web application penetration testing methodologies, such as OWASP Testing Guide and OWASP ASVS. |
||||
- **Vulnerability Identification and Exploitation:** Identifying, exploiting, and assessing the impact of common web application vulnerabilities such as XSS, CSRF, SQL Injection, and others. |
||||
- **Tools and Techniques:** Mastery of various web application testing tools, such as Burp Suite, WebInspect, and others. |
||||
- **Report Preparation and Presentation:** Ability to document and present findings in a clear, concise manner, which can be understood by both technical and non-technical audiences. |
||||
|
||||
## Certification Process |
||||
|
||||
To attain the GWAPT certification, candidates must: |
||||
|
||||
- Register for the GWAPT exam through the GIAC website (www.giac.org). |
||||
- Prepare for the exam by undergoing various training methods, such as attending the SEC542: Web App Penetration Testing and Ethical Hacking course by SANS, self-study, attending workshops, or gaining hands-on experience. |
||||
- Pass the proctored 75-question multiple-choice exam with a minimum score of 68% within the 2-hour time limit. |
||||
- Maintain the certification by earning 36 Continuing Professional Experience (CPE) credits every four years and paying the renewal fee. |
||||
|
||||
## Who Should Pursue GWAPT Certification? |
||||
|
||||
The GWAPT certification is aimed at professionals who are involved in web application security, such as penetration testers, security analysts, or application developers. Obtaining this certification demonstrates a high level of technical skill and knowledge in web application security testing, making it a valuable addition to any cybersecurity professional's credentials. |
||||
|
||||
## Benefits of GWAPT Certification |
||||
|
||||
- Validates your skills and knowledge in web application security testing. |
||||
- Enhances your professional credibility and marketability in the cybersecurity industry. |
||||
- Provides a competitive edge over non-certified individuals. |
||||
- Demonstrates a commitment to staying current with industry advancements and best practices. |
||||
- Assists in advancing your career by meeting employer or client requirements for certified professionals. |
||||
- [@official@GWAPT Certification Website](https://www.giac.org/certifications/web-application-penetration-tester-gwapt/) |
||||
|
||||
@ -1,35 +1,8 @@ |
||||
# Hashing |
||||
|
||||
In this section, we will discuss the concept of _hashing_, an important cryptographic primitive, and its multiple applications in the realm of cyber security. |
||||
Hashing is a cryptographic process that converts input data of any size into a fixed-size string of characters, typically a hexadecimal number. This output, called a hash value or digest, is unique to the input data and serves as a digital fingerprint. Unlike encryption, hashing is a one-way process, meaning it's computationally infeasible to reverse the hash to obtain the original data. In cybersecurity, hashing is widely used for password storage, data integrity verification, and digital signatures. Common hashing algorithms include MD5 (now considered insecure), SHA-256, and bcrypt. Hashing helps detect unauthorized changes to data, as even a small alteration in the input produces a significantly different hash value. However, the strength of a hash function is crucial, as weak algorithms can be vulnerable to collision attacks, where different inputs produce the same hash, potentially compromising security measures relying on the uniqueness of hash values. |
||||
|
||||
**What is Hashing?** |
||||
Learn more from the following resources: |
||||
|
||||
A _hash function_ is a mathematical algorithm that takes an input (or 'message') and returns a fixed-size string of bytes, usually in the form of a hexadecimal number. The output is called the _hash value_ or simply, the _hash_. Some characteristics of a good hash function are: |
||||
|
||||
- _Deterministic_: The same input will always result in the same hash output. |
||||
- _Efficient_: The time taken to compute the hash should be as quick as possible. |
||||
- _Avalanche Effect_: A tiny change in the input should result in a drastically different hash output. |
||||
- _One-way Function_: It should be computationally infeasible to reverse-engineer the input from its hash output. |
||||
- _Collision Resistance_: It should be extremely unlikely to find two different inputs that produce the same hash output. |
||||
|
||||
**Common Hashing Algorithms** |
||||
|
||||
There are several widely used hashing algorithms with different strengths and weaknesses. Some of the most common ones include: |
||||
|
||||
- MD5 (Message Digest 5): Produces a 128-bit hash value. It is no longer considered secure due to vulnerability to collision attacks. |
||||
- SHA-1 (Secure Hash Algorithm 1): Generates a 160-bit hash value. Like MD5, it is no longer considered secure due to collision attacks and is being phased out. |
||||
- SHA-256 and SHA-512: Part of the SHA-2 family, SHA-256 produces a 256-bit hash value, while SHA-512 generates a 512-bit hash value. Both are widely adopted and considered secure. |
||||
|
||||
**Applications of Hashing** |
||||
|
||||
Hashing is a versatile mechanism and serves many purposes in cyber security, such as: |
||||
|
||||
- _Data Integrity_: Hashing can be used to ensure that a file or piece of data hasn't been altered or tampered with. Comparing the hash value of the original and received data can determine if they match. |
||||
|
||||
- _Password Storage_: Storing users' passwords as hashes makes it difficult for attackers to obtain the plain-text passwords even if they gain access to the stored hashes. |
||||
|
||||
- _Digital Signatures_: Digital signatures often rely on cryptographic hash functions to verify the integrity and authenticity of a message or piece of data. |
||||
|
||||
- _Proof of Work_: Hash functions are employed in consensus algorithms like the one used in Bitcoin mining, as they can solve computational challenges. |
||||
|
||||
In conclusion, hashing is a crucial technique in ensuring data integrity and maintaining security in various areas of cyber security. Understanding and adopting secure hashing algorithms is an essential skill for any cyber security professional. |
||||
- [@video@Hashing Explained](https://www.youtube.com/watch?v=EOe1XUykdP4) |
||||
- [@article@What is hashing and how does it work?](https://www.techtarget.com/searchdatamanagement/definition/hashing) |
||||
@ -1,61 +1,8 @@ |
||||
# head |
||||
|
||||
## Summary |
||||
|
||||
`head` is a versatile command-line utility that enables users to display the first few lines of a text file, by default it shows the first 10 lines. In case of incident response and cyber security, it is a useful tool to quickly analyze logs or configuration files while investigating potential security breaches or malware infections in a system. |
||||
|
||||
## Usage |
||||
|
||||
The basic syntax of `head` command is as follows: |
||||
|
||||
``` |
||||
head [options] [file(s)] |
||||
``` |
||||
|
||||
Where `options` are flags that could be used to modify the output and `[file(s)]` are the input file(s) for which you want to display the first few lines. |
||||
|
||||
## Examples |
||||
|
||||
- Display the first 10 lines of a file: |
||||
|
||||
``` |
||||
head myfile.txt |
||||
``` |
||||
|
||||
- You can change the number of lines to display using `-n` flag: |
||||
|
||||
``` |
||||
head -n 20 myfile.txt |
||||
``` |
||||
|
||||
- To display the first 5 lines of multiple files: |
||||
|
||||
``` |
||||
head -n 5 file1.txt file2.txt |
||||
``` |
||||
|
||||
- Another helpful flag is `-q` or `--quiet`, which avoids displaying file headers when viewing multiple files: |
||||
|
||||
``` |
||||
head -q -n 5 file1.txt file2.txt |
||||
``` |
||||
|
||||
## Application in Incident Response |
||||
|
||||
During an incident response, the `head` command helps to quickly analyze logs and files to identify potential malicious activity or errors. You can use `head` to peek into logs at the early stages of an investigation, and once you have gathered enough information, you can move on to more advanced tools to analyze the data in depth. |
||||
|
||||
For example: |
||||
|
||||
- Check the first 5 lines of the system log for any potential issues: |
||||
|
||||
``` |
||||
head -n 5 /var/log/syslog |
||||
``` |
||||
|
||||
- Analyze the beginning of a large log file without loading the entire file: |
||||
|
||||
``` |
||||
head -n 100 /var/log/large-log-file.log |
||||
``` |
||||
Learn more from the following resources: |
||||
|
||||
In summary, the `head` command is a handy tool for preliminary analysis of log files that can save crucial time during an incident response. However, for more in-depth analysis, other tools and techniques should be employed. |
||||
- [@video@Head and Tail commands](https://www.youtube.com/watch?v=5EqL6Fc7NNw) |
||||
- [@article@The Head and Tail commands in Linux](https://www.baeldung.com/linux/head-tail-commands) |
||||
@ -1,9 +1,9 @@ |
||||
# Host Intrusion Prevention System (HIPS) |
||||
|
||||
A Host Intrusion Prevention System (HIPS) is a security solution designed to monitor and protect individual host devices, such as servers, workstations, or laptops, from malicious activities and security threats. HIPS actively monitors system activities and can detect, prevent, and respond to unauthorized or anomalous behavior by employing a combination of signature-based, behavior-based, and heuristic detection methods. |
||||
|
||||
HIPS operates at the host level, providing a last line of defense by securing the individual endpoints within a network. It is capable of preventing a wide range of attacks, including zero-day exploits, malware infections, unauthorized access attempts, and policy violations. |
||||
|
||||
Visit the following resources to learn more: |
||||
- [@article@What is an Intrusion Prevention System?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips) |
||||
- [@article@What is Host intrusion prevention system (HIPS)?](https://cyberpedia.reasonlabs.com/EN/host%20intrusion%20prevention%20system%20(hips).html) |
||||
# Host Intrusion Prevention System (HIPS) |
||||
|
||||
A Host Intrusion Prevention System (HIPS) is a security solution designed to monitor and protect individual host devices, such as servers, workstations, or laptops, from malicious activities and security threats. HIPS actively monitors system activities and can detect, prevent, and respond to unauthorized or anomalous behavior by employing a combination of signature-based, behavior-based, and heuristic detection methods. |
||||
|
||||
HIPS operates at the host level, providing a last line of defense by securing the individual endpoints within a network. It is capable of preventing a wide range of attacks, including zero-day exploits, malware infections, unauthorized access attempts, and policy violations. |
||||
|
||||
Visit the following resources to learn more: |
||||
- [@article@What is an Intrusion Prevention System?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips) |
||||
- [@article@What is Host intrusion prevention system (HIPS)?](https://cyberpedia.reasonlabs.com/EN/host%20intrusion%20prevention%20system%20(hips).html) |
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue