Cyber Security

The Open System Interconnection (OSI) is a reference model that depicts how data from one computer’s software program travels across an actual channel to another computer’s software application. The OSI model’s objective is to standardize data networking protocols in order to facilitate communication amongst all networking management devices in the world.

OSI refers to Open Systems Interconnection. The OSI model demonstrates the way applications communicate on the network. It is important to understand and isolate the problem source and is commonly used for the purpose of troubleshooting.

It is a theoretical blueprint that helps us understand how data gets from one computer to another. It also helps develop standards so that all our hardware and software talks nicely to each other.

 Introduced in 1983 by representatives of computer and telecoms companies, it was the first standard model for network communications in the early 1980s.

The OSI Model has 7 layers: (All People Seem To Need Data Processing)
1) The Physical Layer – It transfers the raw data by the communication medium.
2) The Data Link Layer – Determines the format of the data and is responsible for encoding and decoding the data.
3) The Network Layer – The responsibility of the Network layer is to provide communication routes.
4) The Transport Layer – It is Responsible for the end-to-end communication across the network. It makes use of UDP and TCP transmission protocols.
5) The Session Layer – It is used for controlling sessions and ports.
6) The Presentation Layer – In this layer, Data encryption is carried out, and it will make sure that the data will be in the usable format.
7) The Application Layer – Applications will have access to network services from this layer.

 7) The Application Layer:
 – Closest layer to the end user. Receives information from users and displays incoming data to users.
 – This layer does not include Applications themselves but it facilitates communications through lower layers in order to establish connections with applications at the other end.
 – Applications will have access to network services from this layer. Web browsers, TelNet, and FTp are examples of communications that rely on layer 7.

 6) The Presentation Layer:
 – In this layer, Data encryption is carried out, and it will make sure that the data will be in the usable format.
 – It represents the preparation or translation of application format to network format or vice versa.
 – This layer presents data for the application or network

 5) The Session Layer:
 – It is used for controlling sessions and ports. When two computers or other network devices need to speak to one another, a session needs to be created and this is done at the Session Layer.
 – Functions at this layer involve setup, coordination and termination between the applications.

 4) The Transport Layer:
 – It is Responsible for the end-to-end communication across the network. It makes use of UDP and TCP transmission protocols.
 – It takes data transferred in the Session Layer and breaks it into segments at the transmitting end.
 – It reassembles the segments on the receiving end, turning it back into data that can be used by the session layer
 – It carries out flow control, sending data at rates that matches the connection speed of the receiving device, and error control, checking if data was received correctly and if not, requesting it again.

 3) The Network Layer:
 – The responsibility of the Network layer is to provide communication routes.
 – This is where the router operates. A router forwards packets of information between computers on a network and it is where an IP address comes from.

 2) The Data Link Layer:
 – Determines the format of the data and is responsible for encoding and decoding the data.
 – It establishes and terminates a connection between two physically-connected nodes on a network.
 – It breaks packets into frames and sends them from source to destination.
 – Has 2 parts:
a. Logical Link Control (LLC) – identifies network protocols, performs error checking and synchronizes frames.
b. Media Access Control (MAC) – uses MAC addresses to connect devices and define permissions to transmit and receive data.

 1) The Physical Layer:
 – It transfers the raw data by the communication medium.
 – It is the electrical and physical representation of the system, e.g. cable type, radio frequency link (WiFi network), layout of pins, voltages, etc

 – Internet Control Message Protocol (ICMP) is a network layer protocol used by routers, intermediary devices and hosts to communicate error information or updates to other routers, intermediary devices and hosts.

 – These messages are sent in scenarios such as if one device sends a message that is too large for the recipient device to process, the recipient will drop that message and send an ICMP message back to the source…. or when the network gateway finds a shorter route for the message to travel on, an ICMP message is sent and the packet is redirected to the shorter route.

– It is also used for network diagnostics, specifically the ping and traceroute terminal utilities.
 DevSecOps (Development, Security, and Operations) is a product development model that evolved from DevOps (Development and Operations) after teams realized that the DevOps model did not sufficiently address security concerns. DevSecOps incorporates hte management of security syn-development (all through the development cycle) and prior to completion.
DevSecOps automates security integration throughout the sotware development cycle, from initial design to integration, testing deployment and software delivery.
 The traceroute utility is used to display the physical routing path between two internet devices communicating with each other. It maps out the journey from one router to another (sometimes called a “hop”)
– It is a tool that shows the packet path. It lists all the points that the packet passes through. Traceroute is used mostly when the packet does not reach the destination. Traceroute is used to check where the connection breaks or stops or to identify the point of failure.
 The Ping utility is a simpler traceroute; it sends out pings (or “echo request messages”) and then measures the amount of time it takes the message to reach its destination and return to the source. These replies are called “echo reply messages”.
  Identity and Access Management (IAM) security is a critical component of total IT security that governs digital identities and user access to data, systems, and resources within an organization.
  IAM Security refers to policies , strategies, and technologies that help businesses mitigate identity-related access threats. IAM programs enable firms to managem risks, enhance compliance and boost overall company efficiency.

Intrusion Detection Systems (IDS) analyzes network traffic in search of signatures associated with known intrusions, while Intrusion Prevention Systems (IPS) not only analyzes packets but if it detects an intrusion it can also prevent packets from being delivered based on the type of attack detected. Thus, it also assists in prevention of attack.

IDS refers to Intrusion Detection Systems. It analyzes and monitors network traffic looking for signals which attackers are trying to infiltrate or steal information from your network with the help of a known cyber threat. It detects various activities like malware, security policy violations, and port scanners comparing the existing network activity to a threat database known.

 IPS refers to the Intrusive Prevention System. It is located in between the internal network and the outside world within the same network zone as a firewall. When a packet represents the known security threat, the IPS will proactively ban network traffic according to a security profile. 

 The main difference between IPS and IDS is that IPS is a control system while IDS is a monitoring system. IDS does not alter network packets, while IPS blocks packet delivery based on packet content, in the same way that a firewall blocks traffic based on the IP address.

 A Web Application Firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic between a web application and the internet. It often safeguards web applications against cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection, among other attacks. A WAF is a protocol layer 7 (in the OSI model) defense that is not intended to fight against all forms of attacks.

 Data Loss Prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users. A DLP software classifies regulated, confidential and business critical data and identifies violations of policies defined by organizations or within a predefined policy pack, typically driven by regulatory compliance such as HIPAA, PCI-DSS, or GDPR.

 Data Loss Prevention (DLP) are technologies and processes that make sure that users do not send sensitive or critical information outside the corporate network. They use business rules to classify and protect confidential and critical information so that unauthorized users cannot accidentally or maliciously share data which would put the organization at risk.

 Data Loss Prevention (DLP) are technologies that perform both content inspection and contextual analysis on data send via messaging applications such as email and instant messaging, in motion across the network, in use on a managed endpoint device, and at rest in on-premises file servers or cloud applications and storage. This solutions respond in accordance with stated policies and standards in order to mitigate the risk of unintended or accidental data leaks or disclosure outside of approved channels.

 A Virtual Machine (VM) allows you to build a computer within a computer. It allows you to run multiple operating systems on the same machine. They are completely independent of the computer on which they run so they cannot access files on your primary computer but can connect to the network.

A Virtual Machine (VM) is a simulated environment created by virtualization. It is a virtual environment that functions as a virtual computer system with it’s own CPU, Memory, network interface, and storage, created on a physical hardware system located off- or on- premises. 

 Endpoint Detection and Response (EDR) aka Endpoint Threat Detection and Response (ETDR) is an integrated endpoint security solution that combimes real-time continuous monitoring and collection of endpoint data with automated response and analysis capabilities based on rules. This are egerging security systems that detect and investigage suspicious hosts and endpoint activities, utilizing a high degree of automation to enable security teams to quickly identify and respond to threats.

 Cloud Security Architecture and controls are a collection of security measures designed to safeguard cloud environments against vulnerability and mitigate the impact of malicious attacks.

 Cloud Security Control is a broad term that encompasses all of the best practices, procedures, and guidelines that must be implemented to secure cloud environments.

 Vendor Risk Management (VRM) is the process of ensuring that the use of service providers and information technology suppliers does not introduce an unacceptable risk of business disruption or a negative impact on business performance.

 Vendor Risk Management (VRM) technologies enable enterprises to assess, monitor, and manage their risk exposure from third-party suppliers (TPSs) who provide information technology products and services or have access to enterprise data.

 A Security Operations Center (SOC) is a facility that houses an information security team that is responsible for continuously monitoring and analyzing an organization’s security posture.  The SOC team’s objective is to detect, analyze, and respond to cybersecurity incidents using a combination of technology and a robust set of processes. An SOC is typically staffed with Security Analysts, Engineers, and Managers responsible for overseeing security operations.
 A Business Continuity and Disaster Response Plan (BCDR) is a collection of processes and techniques that assists an organization in recovering from a disaster and resuming or continuing normal business operations. It is a broaad term that encompasses the roles and responsibilities of both information technology and business in the aftermath of a disaster. BCDR enables organizations to adapt to and recover from disruptions while continuing to operate normally.
Role-based Access Control (RBAC) is a model and practice for restricting netwrok access across an enterpreise based on the roles of individual users. RBAC restricts employees’ access to information to that which is necessary to complete their assigned tasks based on their job roles and prevents them from accessing information that is neither relevant nor necessary to complete their assigned tasks.

 Domain Name Services (DNS) is the application service that converts an IP Address toa a more recognizable and memorable name. When you use the internet, millions of DNS servers convert any Uniform Resource Locator (URL) entered into the location field of any web browser into a specific IP Address. Each website is assigned a unique IP Address.

 Domain Name Services (DNS) is the internet’s system for converting alphabetic names into numeric IP Addresses. It connects URLs with their IP Addresses and makes it possible to type words instead of a string of numbers into a browser allowing people to search for websites and send emails using familiar names. When you search for a domain name in a browser, it sends a query over the internet to match the domain with its corresponding IP. Once located, it uses the IP to retrieve the website’s content.

 Young domains are easily infected with malicious software. You need to use DNS monitoring tools to identify malware.

DNS is essential for accessing so many websites available on the Internet and it is a popular target for hackers. So it’s important to keep a close eye on it to identify and address several different DNS errors, breach types, or malicious attacks on your domains and services.

 Security as a Service (SECaaS) is a cloud-based model for outsourcing cybersecurity services. As with Software as a Service, SECaaS is a subscription-based security service hosted by cloud providers. SECaaS solutions have grown unpopularity for corporate infrastructures as a way to delegate security responsibilities to the in-house security team, scale security requirements as the business grows and avoid the cost and maintenance associated with on-premise alternatives.
 Identity as a Service (IDaaS) is a cloud-based Identity and Access Management (IAM) solution that is hosted and managed by a trusted third party. An IDaaS offering combines all the features and benefits of an enterprise-class identity and access management solution with the economic and operational benefits of a cloud-based service. IDaaS solutions enable businesses to mitigate risk, reduce the cost and complexity of IT infrastructure, and accelerate digital transformation initiatives.
 Software as a service (SaaS) enables users to connect to and use cloud-based applications via the Internet. Email, calendaring, and office tools are all common examples (such as Microsoft Office 365). SaaS enables you to purchase a complete software solution on a pay-as-you-go basis from a cloud service provider. The service provider’s data center houses all the underlying infrastructure, middleware, application software, and application data. The service provider manages the hardware and software and, if a service agreement is in place, will also ensure the app’s availability and security, as well as the security of your data.
 Platform as a service (PaaS) provides developers with a complete environment for developing and deploying cloud-based applications. Developers can use PaaS to create anything from simple mobile applications to complex cloud-based business software. As with SaaS, PaaS environments enable businesses to gain access to cutting-edge, powerful tools they might not otherwise be able to afford.
Infrastructure as a Service (IaaS) platforms are scalable and automated computing resources that enable self-service access to and management of computers, networking, storage, and other services. Instead of shopping for on-premises hardware, the platforms enable businesses to purchase resources on-demand and as-needed. Through virtualization technology, IaaS provides cloud computing infrastructure.
These cloud services are accessed via a dashboard or an API, which provides IaaS customers with complete control over their entire infrastructure.

 Cyber Blue Team: Blue teams evaluate organizational security environments and defend them against red teams during cyber security testing engagements. Blue teams conduct operational network security assessments and provide organizations with relevant mitigation tools and techniques for assessing their defenses and preparing for red team attacks. Blue teams are frequently comprised of an organization’s security personnel, or the organization may select specific team members to form a dedicated blue team within the department.

 Cyber Red Team: During a cyber security testing simulation, the “red team” takes on the role of an adversary, attempting to identify and exploit potential vulnerabilities in the organization’s cyber defenses using sophisticated attack techniques. These offensive teams are typically composed of highly skilled security professionals or independent ethical hackers who specialize in penetration testing using realistic attack techniques and methods.

 Cyber Purple Team: Purple teaming is a type of cybersecurity testing in which a group of experts assumes the roles of both a red team and a blue team in order to provide a stronger, deeper assurance activity that provides more tailored, realistic assurance to the organization being tested.

 There are 65,535 possible port numbers, although not all are in common use. Some of the most used ports, along with their associated networking protocol, are:

Ports 20 and 21:       File Transfer Protocol (FTP). FTP is for transferring files between a client and a server.
Port 22:                      Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network connections.
Port 25:                      Simple Mail Transfer Protocol (SMTP). SMTP is used for email.
Port 53:                    Domain Name System (DNS). DNS is an essential process for the modern Internet, it matches human-readable domain names to machine-readable IP addresses, enabling users to load websites and applications without memorizing a long list of IP addresses.
Port 80:                      Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web possible.
Port 123:               Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process that is essential for encryption.
Port 179:             Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks that make up the Internet
Port 443:                HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web traffic goes to port 443.
Port 500:                   Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting up secure IPsec connections.
Port 3389:                 Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop computers from another device.

 Cybersecurity is about protecting the software, hardware, and data from attackers. Cybersecurity focuses on protecting against cyber-attacks such as access, modification, or destruction of sensitive information.

Cybersecurity refers to the protection of hardware, soyware, and data from attackers. The primary purpose of cyber security is to protect against cyberattacks like accessing, changing, or destroying sensitive information

 Cryptography is a technique that is used to protect information against third parties referred to as adversaries. Cryptography enables both the sender and the recipient of a message to read the details of the message.
 – Threat: A threat is something that has the potential to cause harm to your organization.
 – Vulnerabilities: They are the weak areas of the system which will be able to be exploited by the cyber-criminal.
 – Risk: Risk refers to the damage that exploitation of vulnerabilities can cause to the organization.
 – It is a threat that balances risk exposure ayer finding and eliminating threats.

 – is the risk that remains after controls are accounted for. It’s the risk that remains after your organization has taken proper precautions.

 – Three ways to deal with risk are:
 1. Reduce it
 2. Avoid it
 3. Accept it.
 Man-in-the-middle (MITM) attack is a kind of attack in which an attacker enters in between the communicating parties and steals the information. MITM attacks can be prevented by following these methods:
  • Using VPN
  • Using strong WEP or WPA encryption
  • Using Intrusion Detection Systems
  • Forcing HTTPS
  • Using Public Key Pair Based Authentication
 Port scanning is the technique that is used for identifying open ports and the service available on the host. Port scanning is used by Hackers to search for information that may be useful to exploit vulnerabilities. Port Scanning is also used by Administrators for checking network security policies. Commonly used port scanning techniques include:
a) UDP Ping Scan
b) TCP Connect
c) TCP Half-Open Stealth Scanning
 – Main cyber security elements include:

1) Information security: Information security involves data protection like customer data, employee login data, and any other data that is essential to the business, like intellectual property data and software development codes.

2) Network Security: The aim is to protect your company’s network like Wi-Fi and Internet from hackers. This is also known as perimeter security.

3) Application Security: Companies require a secure application for protection against cyber attacks.

4) End-user education: To have a strong cybersecurity measure in a company, it is essential to educate all employees on cybersecurity. They must be aware of different cyber security threats and the way they can address them.

5) Operational Security: It is used for the protection of the functions of the company and monitors vital information to detect gaps in the current methods. Business continuity planning is the analysis of the way operations could be affected by a cyber-attack and the way companies can overcome that kind of attack without a significant impact on the business operations.

6) Leadership commitment/Business Continuity Planning: Without proper leadership, the development, implementation, and maintenance of a cybersecurity program will become challenging.
 The main objective of cybersecurity is the protection of data. To protect data from cyberattacks, the security department provides a triangle of three related principles. This principle is called the CIA triad. Confidentiality, integrity, and availability are all elements of the CIA model. It is a security paradigm which guides people through numerous aspects of IT security.
The purpose of the CIA model is to assist organizations in developing policies for the architecture of their information security. One or more of the security principles were violated when a security breach was identified.

 CIA refers to Confidentiality, Integrity, and Availability:

1) Confidentiality: Confidentiality is similar to privacy to the extent that it prohibits unauthorized access to the data. The goal is to ensure that data is available only to the authorized users to use it and to restrict access to other people. This prevents essential information from falling into the wrong hands. Encrypting data is an excellent example of privacy.

2) Integrity: This principle guarantees that the data is accurate, genuine, and free from the perpetrators of unwanted threats or unintentional changes by the user. If modifications are done, precautions must be taken to protect sensitive information from loss or corruption and to recover quickly. It also indicates that the source of information should be genuine.It means informatin is in the right format.

3) Availability: This principle guarantees that information is always accessible and useful to the people who have access to it. It makes sure that system failures or cyberattacks do not interfere with such access. Ensure the data and resources are available for users who need them.

 Brute Force is a process to find good references by repeatedly trying all possible permutations and combinations of references. Generally, a Brute force attack will be automated when the software or tool automatically attempts to log in with a list of information. There are several ways you can stop Brute Force attacks. Some are as follows:

1) Increase Password Length: We need to specify a minimum length for the password. The longer the password, the more difficult it becomes to find.
2) Increase Password Complexity: Adding different character formats to the password complicates brute force attacks. The use of alphanumeric passwords, as well as special characters and lowercase and uppercase characters, increases the complexity of the password, which complicates the task.
3) Limiting Login Attempts: Set a limit for the failed login attempts. For instance, the limit for failed login attempts can be set to 3. When there are consecutive login failures for three times, then limit the user to login for a while or send an OTP or email to be used to login next time. Since brute force is an automatic process, restricting attempts to connect will break the brute force process.

There are different options for resetting the BIOS password. A few of them are listed below:

Take away the CMOS battery with the help of the 1) software 2) a motherboard jumper or 3) MS-DOS.

A BIOS (Basic Input Output System) is a software (firmware) stored on a small memory chip on the motherboard. It is the very first software to run on a computer when it is started. It instructs the computer on how to perform basic functions such as booting and keyboard control. It is used to identify and configure the hardware in a computer such as the hard drive, optical drive, CPU, memory and related equipment.

A CMOS (Complementary Metal-Oxide Semiconductor) is a small amount of memory on the motherboard that stores the Basic Input/Output System (BIOS).

 – Penetration testing is also known as pen testing or ethical hacking. It describes the intentional launching of simulated cyberattacks that seek out exploitable vulnerabilities in computer systems, networks, websites, and applications.
 – Vulnerability assessment is the process for detecting faults on the target. The organization knows that its system or network has defects or weaknesses and wants to identify those defects and prioritize them to correct them.

 – The penetration test involves identifying vulnerabilities in the target. Here the organization will implement all possible security measures and would like to test whether there is some alternative way to hack their system or network.
 – Host ID (HIDS) and Network ID (NIDS) are both intrusion detection systems and are used for the same purpose of detection of intrusions. The main difference among them is that the HIDS is configured to a special host or device and monitors the traffic of a specific device, and will stop the system activities while NIDS is established on a network and controls the traffic on all devices within the network.