Cyber Security tutorials are designed to help cyber security beginners and ethical hackers in Pakistan.
What is Cyber Security?
The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks, programs, and data. And security is concerned with the protection of systems, networks, applications, and information. In some cases, it is also called electronic information security or information technology security.
Types of Cyber Security
Every organization’s assets are the combinations of a variety of different systems. These systems have a strong cybersecurity posture that requires coordinated efforts across all of its systems. Therefore, we can categorize cybersecurity in the following sub-domains:
- Network Security: It involves implementing the hardware and software to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization to protect its assets against external and internal threats.
- Application Security: It involves protecting the software and devices from unwanted threats. This protection can be done by constantly updating the apps to ensure they are secure from attacks. Successful security begins in the design stage, writing source code, validation, threat modeling, etc., before a program or device is deployed.
- Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit.
- Identity management: It deals with the procedure for determining the level of access that each individual has within an organization.
- Operational Security: It involves processing and making decisions on handling and securing data assets.
- Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are unauthorized access, device loss or theft, malware, etc.
- Cloud Security: It involves in protecting the information stored in the digital environment or cloud architectures for the organization. It uses various cloud service providers such as AWS, Azure, Google, etc., to ensure security against multiple threats.
- Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event.
- User Education and Training: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event.
Types of Cyber Security Threats
A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data, gain access to a network, or disrupts digital life in general. The cyber community defines the following threats available today.
Malware means malicious software, which is the most common cyber attacking tool. It is used by the cybercriminal or hacker to disrupt or damage a legitimate user’s system. The following are the important types of malware created by the hackers.
- Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and spreads throughout a computer system, infecting files, stoles information, or damage device.
- Spyware: It is a software that secretly records information about user activities on their system. For example, spyware could capture credit card details that can be used by the cybercriminals for unauthorized shopping, money withdrawing, etc.
- Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into downloading and running. Its primary purpose is to corrupt or steal data from our device or do other harmful activities on our network.
- Ransomware: It’s a piece of software that encrypts a user’s files and data on a device, rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption.
- Worms: It is a piece of software that spreads copies of itself from device to device without human interaction. It does not require them to attach themselves to any program to steal or damage the data.
- Adware: It is an advertising software used to spread malware and displays advertisements on our device. It is an unwanted program that is installed without the user’s permission. The main objective of this program is to generate revenue for its developer by showing the ads on their browser.
- Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data theft without the user’s permission.
Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text message with a link to persuade them to click on that links. This link will redirect them to fraudulent websites to provide sensitive data such as personal information, banking and credit card information, social security numbers, usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers to control devices remotely.
Man-in-the-middle (MITM) attack
A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a cybercriminal intercepts a conversation or data transfer between two individuals. Once the cybercriminal places themselves in the middle of a two-party communication, they seem like genuine participants and can get sensitive information and return different responses. The main objective of this type of attack is to gain access to our business or customer data. For example, a cybercriminal could intercept data passing between the target device and the network on an unprotected Wi-Fi network.
Distributed denial of service (DDoS)
It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services, or network’s regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure with Internet traffic. Here the requests come from several IP addresses that can make the system unusable, overload their servers, slowing down significantly or temporarily taking them offline, or preventing an organization from carrying out its vital functions.
A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible combinations until the correct information is discovered. Cybercriminals usually use this attack to obtain personal information about targeted passwords, login info, encryption keys, and Personal Identification Numbers (PINS).
SQL Injection (SQLI)
SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for backend database manipulation to access sensitive information. Once the attack is successful, the malicious actor can view, change, or delete sensitive company data, user lists, or private customer details stored in the SQL database.
Domain Name System (DNS) attack
A DNS attack is a type of cyber attack in which cyber criminals take advantage of flaws in the Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data from affected computers. It is a severe cybersecurity risk because the DNS system is an essential element of the internet infrastructure.
Cyber Security Incident Response
What is an Cyber Security Incident
An Incident can be classified as something adverse, a threat, to our computer systems or networks. It implies harm or someone attempting to harm the organization. Not all Incidents will be handled by an IRT (Incident Response Team) as they do not necessarily have an impact, but those which do the IRT is summoned to help deal with the incident in a predictable and high quality manner.
The IRT should be closely aligned to the organizations business objectives and goals and always strive to ensure the best outcome of incidents. Typically this involves reducing monetary losses, prevent attackers from doing lateral movement and stopping them before they can reach their objectives.
Incident Response Team
An IRT is a dedicated team to tackle Cyber Security Incidents. The team may consist of Cyber Security specialists only, but may synergize greatly if resources from other grouping are also included. Consider how having the following units can greatly impact how your team can perform in certain situations:
- Cyber Security Specialist – We all know these belong on the team.
- Security Operations – They might have insights into developing matters and can support with a birds eye view of the situation.
- Network Operations
Classification of Incidents
Incidents should be classified according to their:
Depending on the incidents classification and how it is attributed, the SOC might take different measures to solve the issue at hand.
The category of incident will determine how to respond. There exists many kinds of incident and it is important for the SOC to understand what each incident type means for the organization. Example incidents are listed below:
- Inside Hacking
- Malware on Client workstation
- Worm spreading across the network
- Distributed Denial of Service Attack
- Leaked Credentials
The criticality of an incident is determined based on how many systems is impacted, the potential impact of not stopping the incident, the systems involved and many other things. It is important for the SOC to be able to accurately determine the criticality so the incident can be closed accordingly. Criticality is what determines how fast an incident should be responded to.
Should the incident be responded to immediately or can the team wait until tomorrow?
Sensitivity determines who should be notified about the incident. Some incidents require extreme discretion.
Cyber Security Security Operations (SOC)
Cyber Security Operations is often contained within a SOC (“Security Operations Center”). Terms are used interchangeably.
Typically the SOC’s responsibility is to detect threats in the environment and stop them from developing into expensive problems.
SIEM (Security Information Event Management)
Most systems produces logs often containing important security information. An event is simply observations we can determine from logs and information from the network, for example:
- Users logging in
- Attacks observed in the network
- Transactions within applications
An incident is something negative we believe will impact our organization. It might be a definitive threat or the potential of such a threat happening. The SOC should do their best to determine which events can be concluded to actual incidents, which should be responded to.
The SIEM processes alerts based on logs from different sensors and monitors in the network, each which might produce alerts that are important for the SOC to respond to. The SIEM can also try to correlate multiple events to determine an alerts.
SIEM’s typically allow events from the following areas to be analyzed:
Events from the network is the most typical, but least valuable as they don’t hold the entire context of what has happened. The network typically reveals who is communicating where, over which protocols, and when, but not the intricate details about what happened, to whom and why.
Host events give more information in regards to what actually happened and to whom. Challenges such as encryption is no longer blurred and more visibility is gained into what is taking place. Many SIEM’s are enriched with great details about what happens on the hosts themselves, instead of only from the network.
Events from application is where the SOC typically can best understand what is going on. These events give information about the Triple A, AAA (Authentication, Authorization and Account), including detailed information about how the application is performing and what the users are doing.
For a SIEM to understand events from applications it typically requires work from the SOC Team to make the SIEM understand these events, as support is often not included “out-of-the-box”. Many applications are proprietary to an organization and the SIEM does not already have an understanding of the data the applications forward.
What is Ethical Hacking?
Ethical hacking is an authorized practice of detecting vulnerabilities in an application, system, or organization’s infrastructure and bypassing system security to identify potential data breaches and threats in a network. Ethical hackers aim to investigate the system or network for weak points that malicious hackers can exploit or destroy. They can improve the security footprint to withstand attacks better or divert them.
Ethical hackers aim to investigate the system or network for weak points that malicious hackers can exploit or destroy. They collect and analyze the information to figure out ways to strengthen the security of the system/network/applications. By doing so, they can improve the security footprint so that it can better withstand attacks or divert them.
The role of an ethical hacker is important within the Pakistani cybersecurity industry. Ethical hackers are tasked with the knowledge, skills, and experience to perform risk assessments and test systems for security related issues. These tests are conducted against all possible security breaches, exploits and vulnerability scenarios that protect organizations from attacks.
Ethical hackers are hired by organizations to look into the vulnerabilities of their systems and networks and develop solutions to prevent data breaches. Consider it a high-tech permutation of the old saying “It takes a thief to catch a thief.”
They check for key vulnerabilities include but are not limited to:
- Injection attacks
- Changes in security settings
- Exposure of sensitive data
- Breach in authentication protocols
- Components used in the system or network that may be used as access points
Ethical hacking often involves many different facets of the information security field. This role requires a lot of knowledge and expertise, from coding and programming to penetration testing and risk assessment. There is a lot to learn within the ethical hacking career, but it’s a high-demand field that will only continue to grow the more technology is used in our world. To get more information about ethical hacking and bug bounty hunting join the largest Hackers Community in Pakistan.
What Skills Are Required to Become an Ethical Hacker ?
An ethical hacker should have in-depth knowledge about all the systems, networks, program codes, security measures, etc. to perform hacking efficiently. Some of these skills include:
- Knowledge of programming – It is required for security professionals working in the field of application security and Software Development Life Cycle (SDLC).
- Scripting knowledge – This is required for professionals dealing with network-based attacks and host-based attacks.
- Networking skills – This skill is important because threats mostly originate from networks. You should know about all of the devices present in the network, how they are connected, and how to identify if they are compromised.
- Understanding of databases – Attacks are mostly targeted at databases. Knowledge of database management systems such as SQL will help you to effectively inspect operations carried out in databases.
- Knowledge of multiple platforms like Windows, Linux, Unix, etc.
- The ability to work with different hacking tools available in the market.
- Knowledge of search engines and servers.
Top 5 Cybersecurity Skills
1. Networking and System Administration
- An in-depth understanding of networking is required to start a career in cybersecurity. Learning networking will help you understand data transmission’s technical aspects, which will help you secure your data. Taking up networking certifications like CompTIA Security+ and Cisco CCNA is advisable.
- Another skill that will be beneficial for you is to master system administration. It is all about configuring and maintaining computers. You must be curious to know every aspect of your computer features and settings and play around a bit.
2. Knowledge of Operating Systems and Virtual Machines
- A cybersecurity professional must have a strong knowledge of operating environments such as Windows, Linux, and Mac OS. As a cybersecurity expert, you should be comfortable working on any OS. VMs allow you to train and research in an isolated environment and help you maximize your skills.
- The next point to remember is to know Kali Linux as it is the most widely known Linux distribution for ethical hacking and penetration testing. It comes with several hundred tools related to Penetration Testing, Malware Analysis, Security research, Computer Forensics, and so on.
3. Network Security Control
- Network Security Control refers to the different measures which are employed to enhance the security of a network. You need to know how your network works, how routers, firewalls, and other devices work. A firewall is a hardware or software that blocks outgoing or incoming traffic from the internet to your computer. As a cybersecurity expert, you must leverage a firewall to filter and prevent unauthorized traffic onto the network.
- Additionally, you must know about Intrusion detection systems, Intrusion Prevention Systems, Virtual Private Networks (VPNs), and remote access. For example, you should operate the IDS and recognize any security policy violations and malicious traffic on the network.
- Having zero coding knowledge may limit your cybersecurity opportunities in the future. Hence, it is advised to acquaint yourself with a few coding languages.
- Given below are the list of a few coding languages you can learn to have a successful career in cybersecurity:
- C and C++: C and C++ are low-level programming languages you need to know as a cybersecurity professional.
- Python: It is a well-known high-level programming language that is becoming popular among cyber experts today. It will help you identify and fix vulnerabilities.
- PHP: Most websites are created using PHP, learning it will help defend against intruders.
- HTML: HTML is yet another language cybersecurity professionals should understand, as most websites use it, and it is one of the easiest languages to learn.
- Go lang: It is great for cryptography; you can solve various cybersecurity problems with it.
- SQL: Attackers use this language to damage the stored data; one example is the SQL injection attack. Hence, having a good understanding of SQL(Structured Query Language) is beneficial.
- Assembly Language: Assembly will help you understand how malware functions work and thereby help you defend against it.
5. Cloud Security
- Companies are looking for professionals with security skills applicable to public and hybrid cloud platforms such as AWS and Azure. More organizations look to cloud infrastructure to store data and run applications. This includes the implementation of policies and technologies that protect cloud-based systems and devices.
- Like Application Development Security, Cloud Security also involves building secure systems from the start. People with the experience and knowledge in managing big platforms, such as Microsoft Azure, AWS, and the Google Cloud Platform, are in high demand.
6. Blockchain Security
- Blockchain’s popularity is increasing, thanks in part to the level of security it offers. Consequently, cybersecurity professionals should become familiarized with blockchain and how it handles security issues. Consider it preparing for the future.
- Blockchain will likely make security inroads into areas like Internet of Things devices (more on this later), network control, supply chain integration, identity control, and mobile computing.
- Blockchain’s complex nature makes it difficult for intruders to compromise. For a cybercriminal to corrupt or destroy a blockchain, they would have to eliminate the data found on each user’s computer that’s connected to the targeted global network.
7. The Internet of Things (IoT)
- According to Statista, there will be over 30 billion Internet of Things devices connected worldwide by 2025. With such a huge number of devices comes many more opportunities for security vulnerability. Therefore, IoT security will become a higher priority in the near future, and an essential part of maintaining the integrity and security of the overall Internet system.
- Many IoT devices are sensors that collect personal data, which raises the stakes in maintaining secure networks and preserving consumer confidence.
- IoT security emphasizes protecting connected devices and networks over the Internet, especially since most of these devices access networks without human intervention or oversight. Therefore, it becomes important to make sure that proper security measures are in place so that IoT devices can be left alone to perform their functions automatically, without cybersecurity experts having to be concerned about keeping out unauthorized intruders.
8. Artificial Intelligence (AI)
- Like blockchain, Artificial Intelligence is a relatively young innovation that’s been enjoying widespread use. AI is perfect for the cybersecurity sector, as it brings reliability and consistency to cybersecurity measures, as it helps security professionals identify suspicious activity and impart a greater understanding of the cyber environment.
- AI brings a level of automation and support that is unmatched by human capabilities, catching threats that may otherwise go unnoticed and unaddressed.
- Artificial Intelligence can also be trained to learn and evolve, making it better equipped to handle new emerging threats and hacking techniques.
Are You Ready to Become a Cybersecurity Professional?
Cybersecurity professionals are in great demand today, and this demand will only continue to grow in the future. After reading this tutorial, you would have an idea about the top cybersecurity skills you have to possess to start or grow your cybersecurity career. Tier3 Cyber Security course and training in Pakistan is a right choice for you to kick start your career in this rapidly growing domain.