Skip to main content

2nd section: Cybersecurity fundamentals

Course 1: Cybersecurity principles

Step 1 - Cybersecurity, what is it?

“It is a group of actions and techniques created to protect systems, softwares, networks and equipment against invasions.” - Cybersecurity & Infrastructure Security Agency

Definition

Focused in avoiding data being leaked or violated in cybersecurity attacks.

By 2022, Brazil is the 2nd country that suffers the most attacks.

The USA is in 1st place with more than 500k attacks per year.

Cybersecurity function

  • Protect software, hardware and networks;
  • Avoid problems with information management;
  • Protect stored data;

Cybersecurity Types

  • Operational Security: part of operational security routines where the company protect its data by defining who can access and the levels of access;
  • Network Security: protects the network against unwanted access and attacks such as Denial of Service;
  • Software Security: avoid threat generation while developing new software by ensuring certain security measurements (protocols, best practices, tests, etc);
  • Disaster Recovery: nothing is fault-proof, so this exists to define actions to be taken in the event of security incidents so it can be recovered soon with the least damage;
  • Final User Education: find and correct user risky behavior, as the human being isn’t something fault proof due to the human factor;

Cybersecurity Pillars

  1. Identify: understand your assets and the risks associated with them
  2. Protect: establish safeguards to protect against cybersecurity events
  3. Detect: identify and continuasly monitor cybersecurity events
  4. Respond: respond quickly and appropriately to contain the impact of events
  5. Recover: restore capabilities and services after cybersecurity attacks

Step 2 - What is hacking?

Generally it means to compromise computer systems, personal accounts, computer networks or digital devices. But it is not quite correct.

Step 3 - Main cybersecurity threats

Step 4 - Cybersecurity best practices

Good practices are a series of actions: from safe systems usage to user behavior. Cracked software is a dangerous threat starting point.
It starts with the users!

The Great Wall of China was useless when the guards inside were corrupt!

Good practices categories

  • People conscientization
  • Critical assets access control
  • Confidential data protection
  • Robust security and network protection
  • Identity management

People conscientization

  • People centered security: unprotected devices, password storage
  • Reduce the employees negligence
  • Make the employees aware about common phishing techniques

Critical assets access control

  • Remote device protection: strong password, disk encryption, anti malware software
  • Safe password handling: special characters, minimal chars requirement, check for leaks
  • Least privilege principle: example, a user shouldn’t have admin access

Confidential data protection

  • Privileged user monitoring: how they manage its password, where it is stored
  • Third-party data access monitoring: how and where the data can be accessed
  • Confidential data protected backup

Robust security and network protection

  • Hierarchical cybersecurity policies: inherited restrictions based on employee roles
  • Protection of the corporate network: take care of physical access points (hubs, APs, etc)
  • Regular cybersecurity audits

Identity management

  • Biometric security: it’s the only way to make sure that the user is actually the person is impersonating
  • Multi-factor authentication

Step 5 - Blue Team vs RedTeam

Due to today’s cybersecurity threats quantity and complexity, the organizations are now utilizing a more strategic cybersecurity approach: Blue and Read Teams uses defence and attack scenarios to predict flaws, how they are going to react and what to do in the event.

RED TEAM BLUE TEAM

  • Offensive security - Defensive Security
  • Ethical hacking - Infrastructure protection
  • Exploiting vulnerabilities - Damage Control
  • Penetration Tests - Incident response
  • Black Box testing - Operational Security
  • Social engineering - Threat Hunters
  • Web App Scanning - Digital Forensics

Red team’s goal is to deploy cyberattack tests using high-skilled professionals.
Blue team’s goal is the opposite, its focus on how to defend and react.

There’s also a hybrid team: PURPLE TEAM
It’s a mix of both teams, as the name suggests.

Certifications

There are plenty of certifications out there, but some of the main are:

  • CEH: Certified Ethical Hacker
  • ECSA: EC-Council Certified Security Analyst

External resources

Github: https://github.com/cassiano-dio