Learn about cybersecurity

Basic knowledge

- Provide details Understand what caused and facilitated the breach

- Apply what was learned from the forensics investigation to ensure similar breaches do not happen in the future

- Ensure all system are clean, no backdoors were installed, and nothing has been compromised

- Educate employees , partners and customers on how to prevent future breaches

Exploit - a program written to take advantage of a known security vulnerability

Project zero - Created by Google, this is an example of a third-party permanent team of researchers that is dedicated to finding software vulnerabilities

Vulnerability exploitation - the use of various methods, including software tools or social engineering, to gain information about a system. This attacker uses this information to find weaknesses that exist in that specific system

Advanced persistent threat (APT) - Multi-phase, long term, stealthy, and advanced attack against a specific target. APTs are complex and require a high level of skill, so the attacks are usually well-funded and target organizations or nations for business or political reasons. They usually involve network-based espionage that uses malware that is undetected on the target systems

Protect your computing devices

- Keep the firewall on

- Use antivirus and antispyware

- Manage your operating system and browser

- Protect all your devices

Tips for choosing a good password:

- Do not use dictionary words or names in any languages

- Do not use common misspellings of dictionary words

- Do not use computer names or account names

- If possible use special characters, such as ! @ # $ % ^ & * ( )

- Use a password with ten or more characters

Tips in choosing a good passphrase:

- Choose a meaningful statement to you

- Add special characters, such as ! @ # $ % ^ & * ( )

- The longer the better

- Avoid common or famous statements, for example, lyrics from a popular song

Two factor authentications

- Physical object(cards)

- Biometric scan (fingerprint ,palm print)

OAuth 2.0

- Open Authorization (OAuth) is an open standard protocol that allows an end user's credentials to access third party applications without exposing the user's password

Private browsing mode

- Microsoft Internet Explorer: InPrivate

- Google Chrome: Incognito

- Mozilla Firefox: Private tab / private window

- Safari: Private: Private browsing

Firewall types

- Network layer firewall (Filtering base on source and destination IP address)

- Transport layer firewall (Filtering base on source and destination ports, and filtering based on connection states

- Application Layer Firewall (Filtering based on application, program or service)

- Context Aware Application Firewall (Filtering based on the user, device, role, application type, and threat profile

- Proxy Server (Filtering of web content requests like URL, domain, media, etc.)

- Reverse Proxy Server (Placed in front of web servers, reverse proxy servers protect, hide, offload, and distribute access to web servers)

- Network Address Translation (NAT) Firewall (Hides or masquerades the private addresses of network hosts)

- Host-based Firewall (Filtering of ports and system service calls on a single computer operating system)

Port-scanning

- A process of probing a computer , server or other network host for open ports

- Scanning of a port generally results in one of three responses

è Open or accepted (host replied indicating a service is listening on the port)

è Closed, denied or not listening (The host replied indicating that connections will be denied to the port)

è Filters, dropped or blocked (there was no reply from the host)

IPS – Dedicated to intrusion prevention

AMP – comes in the next gen and can be also installed as software in host computer

VPN – Designed for secure encrypted tunneling

Router – Has many capabilities besides just routing function , including traffic filtering , encryption and capabilities for secure encrypted tunneling

Firewall – Has all the capabilities of an ISR as well as advanced network management and analytics

Detecting Attacks in Real Time

- Real time scanning from edge to endpoint

è Scan for attacks using firewall and IDS/IPS network devices

- DDos Attacks and Real Time Response

è Extremely difficult to defend against

Protecting Against Malware

- One solution is to use an enterprise- level advanced malware detection solution that offers real-time malware detection

Security best practices

- Perform Risk Assessment

- Create a Security Policy –(Create a policy that clearly outlines company rules, job duties, and expectations.)

- Physical Security Measures (Restrict access to networking closets, server locations, as well as fire suppression)

- Human Resource Security Measures (Employees should be properly researched with background checks.)

- Perform and Test Backups

- Maintain Security Patches and Updates

- Employ Access Controls – (Configure user roles and privilege levels as well as strong user authentication)

- Regularly Test Incident Response –(Employ an incident response team and test emergency response scenarios.)

- Implement a Network Monitoring, Analytics and Management Tool – (Choose a security monitoring solution that integrates with other technologies)

- Implement Network Security Devices –(Use next generation routers, firewalls, and other security appliances.)

- Implement a Comprehensive Endpoint Security Solution – (Use enterprise level antimalware and antivirus software.)

- Educate Users

- Encrypt data

Botnet- a group of compromised or hacked computer bots controlled by individual with malicious intent

NetFlow – collect information about traffic that is traversing the network

Anomalies – Behavior-based analysis involves using baseline information

IDS – Compare packet content to known attack signatures to identify malicious traffic

Snort – Perform real- time traffic and port analysis and can also detect port scans,fingerprint and buffer overflow attacks