Cybersecurity has become a popular term and you must have heard of it one day, and as is known, cybersecurity is a term used when talking about protecting devices and networks. But in this topic, we will take you deeper than that and we will clarify all the important things that you need to know if you want to start your field in cybersecurity.
Contents
Definition of cyber security
Cybersecurity is a specialized field that aims to protect operating systems, communication networks, software, data, and information from theft, damage, or any unauthorized intrusions.
Cybersecurity is a branch of computer science and technology concerned with protecting individuals, businesses and communities from cyber attacks and electronic threats. The goal is to ensure the confidentiality and integrity of information, including prevention of hacking and malware, encryption, digital signature, authentication, identity management and other measures and technologies that aim to enhance cybersecurity.
What is the difference between information security and cyber security?
Although cybersecurity and information security overlap in many aspects, they focus on different aspects of protecting information and technology.
Cyber Security:
Cybersecurity focuses on protecting computer systems, networks, and digital infrastructure in general from cyber attacks and electronic threats. In addition, it includes technologies such as encryption, firewalls, intrusion detection systems, authentication, and vulnerability analysis. Cybersecurity may also include some non-technical aspects such as security awareness, security policies, and employee training on methods of prevention and avoidance of potential threats.
Information Security:
While information security focuses on protecting the information itself, including the confidentiality, integrity, and availability of information, whether stored digitally, on paper,r or in any other medium, information security also includes techniques such as access management, data classification, security policy implementation, incident response, and others to protect information.
Cybersecurity can be said to be part of a broader field of information security, which deals with the technical aspects of protecting systems and networks, while information security is concerned with protecting the data itself, regardless of the means used to store or transmit it.
Types of CyberSecurity
In a world where technology is accelerating, the need for cybersecurity has become indispensable to maintain the integrity of information and data. This includes a set of key specializations that include the following:
Network Security
Network security aims to protect network infrastructure from hacking, unauthorized access, and illegal use.
Network security techniques include data encryption, firewalls, intrusion detection, malware prevention, and more.
To begin understanding network security and delve into this field, you need to learn networking concepts, such as protocols, routing techniques, and devices used in building a network. In addition, you should learn about common attacks and ways to defend networks against these attacks.
Learning programming and encryption is also essential to understanding security processes and developing security tools that will help you in the field of network security.
System Security
System security is a set of policies and techniques designed to protect computer systems and information infrastructure from cyber threats and malicious attacks. It aims to ensure the integrity and efficient operation of the system while maintaining the confidentiality of data and information.
System security techniques include the use of strong passwords, access settings, intrusion detection tools, security software updates, encryption, and other preventive measures.
To understand system security, you should learn about operating systems and system administration tools, including system security settings and identity and access management. You should also gain knowledge of common attacks targeting systems and how to counter them using appropriate security tools.
A of the applications (Application Security)
Application security is the field concerned with protecting computer applications from security threats and cyber attacks. It aims to ensure the integrity of applications and protect data and user information from hacking and unauthorized access.
Application security strategies include a variety of practices such as vulnerability scanning, penetration testing, encryption, identity and access management, and developing applications with security standards from the earliest stages.
To understand application security, you should learn about software development and the basic concepts of designing secure applications, including handling sensitive data and protecting it from attacks. You should be able to analyze potential security vulnerabilities in applications and apply security remediation and enhancement techniques.
Data Security
Data security is concerned with protecting data from unauthorized access, unlawful use and manipulation. It aims to ensure the confidentiality and integrity of data at its various stages of collection, storage, processing and transmission.
Data security strategies include using encryption techniques to encrypt stored and transmitted data, implementing access policies to control who can access data, and performing regular backups of data to ensure availability and recovery in emergencies.
To understand data security, you need to learn about the different types of data, their importance, and how to protect them. You should be familiar with data protection legislation and regulations, such as GDPR and HIPAA, and the protection technologies available to implement in current environments.
Cloud Security
Cloud security is about protecting data, applications, and resources stored and used in cloud environments. It aims to ensure the integrity, security, accessibility, and confidentiality of data and information hosted on the cloud.
Cloud security strategies include a range of technologies and practices such as encryption, identity and access management, threat monitoring and detection, and ensuring compliance with security legislation and standards.
To understand cloud security, you need to learn about the working principles of cloud and its model types such as public, private, and hybrid cloud. You need to understand how to secure cloud environments and implement appropriate security measures to protect data, applications, and resources in the cloud from potential cyber threats.
Cyber Security Basics
1. The most important terms in the field of cybersecurity
Bug
A bug in the code can (but does not necessarily) lead to a security vulnerability.
Backup
A copy of data stored in a secure environment that can be used to restore data if the original is compromised or deleted. Backups are typically stored on a different or separate physical device or in cloud storage. If there are not multiple backups, the loss of backup data will result in permanent data loss (assuming the original data has been deleted or compromised).
Antivirus
A program used to find and remove malware from a device that has antivirus software installed. The methods used for detection can vary, from signature-based detection to newer techniques such as artificial intelligence or malware pattern recognition.
Authentication
The process of proving that an individual is who they claim to be. Authentication can be accomplished by providing multiple identity verification factors such as usernames, passwords, tand wo-factor authentication (2FA) codes.
Access Control (AC)
Selective restrictions on user access to a particular platform, application, or software.
Asset
Assets are anything that a cybersecurity strategy must protect. These assets can be physical and digital assets ranging from physical computers to software and data that must be protected.
Blue Team
A team of experts with the goal of defending and protecting the organization from cyber attacks. They constantly analyze the organization’s security and implement new measures to improve its defenses.
Red Team
A group of cybersecurity experts perform offensive security exercises on a company to test its security. The goal is to act as an attacker and discover as many potential vulnerabilities as possible that could compromise the organization’s system or assets.
Black Hat
A black hat hacker is someone who violates computer security for personal gain. The hacking carried out by a black hat hacker is in many cases done with malicious intent and in all cases without authorization.
White Hat
A white hat hacker or ethical hacker is someone who uses hacking skills to identify security vulnerabilities in hardware, software, or networks and does not exploit these vulnerabilities but rather reports them.
Vulnerability
A flaw in the software code or system that weakens the overall security of that system.
Social Engineering
Social engineering is the term used to describe a wide range of malicious activities that occur through human interaction. Social engineering is used in one of the biggest threats on the Internet: phishing attacks.
Penetration Testing
A security assessment in which a penetration tester performs multiple measures and scans using different tools to detect a bug or vulnerability in a system. Once the penetration test is complete, the penetration tester submits a report to the organization revealing all the things he or she found during the test.
Sandboxing
The process of isolating a system or application aims to define a completely separate and independent environment for conducting tests.
Virtual Private Network VPN
A virtual private network (VPN) is a communication link between systems that is encrypted to provide a more secure and private connection in communication.
Security Update Patch
An update is used to fix a previous bug or defect in code or a system. A patch may also be referred to as the implementation of new features and capabilities.
Encryption Key
An encryption key is a random string of bits that is generated to encrypt and decrypt data. It is designed to be unpredictable and unique.
Firewall
A firewall is a security tool that can be hardware or software, used to filter traffic. A firewall is controlled by a set of rules that determine what traffic will be allowed and what traffic will be blocked. There are different types of firewalls such as host-based firewalls or network-based firewalls.
Honeypot
A deliberately infected system used to trap black hat hackers. It is a fake system created as a trap for a hacker to fall into. It is used to trick an attacker into exploiting a trap called a “honeycomb,” which can alert security experts to a potential threat.
Malware
Malware or malicious software is code written with the intent to cause harm and compromise the security of a system. There are many types of malware such as RATs, Keyloggers, Trojans, Rootkits, Backdoors, and adware.
Phishing
Phishing is a social engineering attack that tricks a target into giving away confidential information such as usernames and passwords without their knowledge. Phishing attacks are the biggest threat on the Internet and in most cases occur via email, phone numbers, or social media.
2. The most important tools used in the field of cybersecurity
Wireshark
Wireshark is a free and open-source packet analyzer. Wireshark is the most widely used packet sniffing tool in the world.
Tcpdump
It is a useful tool for extracting data packets in networks. It helps in monitoring and recording TCP/IP traffic that is going through the network. Tcpdump is preinstalled on most Linux systems and can be run from the command prompt (Terminal).
Nessus
Nessus is one of the best vulnerability scanning and assessment tools out there. Nessus offers 3 different versions: Essentials, Professional, and Expert.
Metasploit
It contains an excellent set of tools that are ideal for penetration testing. It is often used to achieve a variety of security goals, such as discovering vulnerabilities in systems and networks and designing strategies to improve a company’s cybersecurity defense.
Burp Suite
It is used to perform security testing of web applications. It offers many functions from simple proxy functions to various scanning tools, even advanced options like spider, repeater, and decoder.
Nmap
Nmap (Network Mapper) is a free and open-source tool used for network scanning and security auditing. It offers a variety of options from basic port scanning to advanced software and operating system testing. It can also be used as a vulnerability scanner with the help of scripts.
Aircrack-ng
It is a complete set of tools for assessing the security of Wi-Fi networks. You can do many things with Aircrack-ng from monitoring to attacking and cracking the password of the access point.
3. Important points when writing reports on cybersecurity
Key Findings
The key findings are the most important part of the report, what was actually discovered. Attention should be paid to the most critical or destructive vulnerabilities, and these should be addressed first. After listing the critical vulnerabilities (if any were found), you can list less critical vulnerabilities or reveal information that may not have a significant impact.
Proof of Concept
In addition to listing the vulnerabilities found, it is also recommended to explain how these vulnerabilities were discovered and provide a step-by-step tutorial (if possible) on how someone else can replicate, exploit, or use these vulnerabilities to their advantage.
Simplicity
How you write your report depends on your target audience. If you are writing a cybersecurity report or a penetration testing report for a large company with a blue team, the report can be technical in detail. However, if the report is for someone who is not familiar with security concepts and terminology, you should make sure to simplify or simplify the information and explain it in a way that is easy for them to understand. Usually, it is enough to inform them of the risks of the discovered vulnerabilities and point them in the right direction on how to improve their security.
Negative and Positive
When writing the report, it is a good idea to mention both negative and positive findings. The organization’s weaknesses should be prioritized and findings related to security threats should be mentioned first, but its strengths should also be mentioned.
When mentioning positive points, the following can be highlighted:
- Strengths of the organization’s current security architecture.
- Good practices were identified during the evaluation.
- Any previous improvements or advances made in the area of security.
This helps balance the report and provide a comprehensive picture of the organization’s security status, enabling management to better understand the positives and negatives and take appropriate actions to enhance security.
Confidentiality
The cybersecurity report will contain sensitive information, so it mustn’t be leaked, stolen, or sent to the wrong person. It is also important that you transfer the report securely when presenting it to the client. If the cybersecurity report falls into the wrong hands, it could pose a security threat.
To secure the report, several actions can be taken:
- Files or messages sent can be encrypted using trusted encryption protocols such as SSL/TLS to secure the transmission.
- Files can be protected with a strong password to ensure that they are only accessed by authorized people.
- Secure communication protocols such as SFTP or HTTPS can be used to transfer the report securely.
- Email and cloud storage services that offer advanced security features and data protection should be used.
By following these procedures, the report can be submitted in a secure manner and sensitive information can be protected from unauthorized leaks or breaches.
The importance of cyber security
Cybersecurity has become vital in the modern era, as cyber threats are constantly increasing and becoming more sophisticated. Cybersecurity is essential to protect the sensitive information and personal data of individuals and organizations from hacking, theft, and manipulation. In addition, cyberattacks can cause significant financial losses to companies and damage their reputation, leading to a negative impact on operations and customer relationships. Therefore, cybersecurity should be a top priority for all organizations, as they need to take effective preventive measures to maintain data integrity and effectively combat cyber threats.
How to Start Learning CyberSecurity
Starting the journey of learning cybersecurity requires specific steps and a well-thought-out strategy. First and foremost, the learner must be motivated and committed to achieving his goals in this dynamic field. The first step involves understanding the basics of cybersecurity, such as the types of threats, attacks, and protection techniques.
Beginners can start with free online educational resources, such as cybersecurity courses available on platforms like Coursera, Udemy, and LinkedIn Learning. Then, they can move on to specialized cybersecurity books, news sites, and blogs on technical topics.
There is also the importance of practical application, where learners can install a local sandbox or use virtual tools to test vulnerabilities and safely experiment with security techniques. Finally, connecting with technical communities and specialized forums helps in exchanging experiences and knowledge and getting support and guidance from professionals in the field of cybersecurity.
Some books that may help you understand the field and delve deeper into it:
- Cybersecurity for Beginners by Rafay Baloch
- The Basics of Cyber Safety: Computer and Mobile Device Safety Made Easy by John Sammons
- Cybersecurity Essentials by James Graham, et al
- Cybersecurity – Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics by Yuri Diogenes and Erdal Ozkaya
- Hacking: The Art of Exploitation by Jon Erickson
- Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson
Useful websites for you regarding cybersecurity:
- TryHackMe ( tryhackme.com )
- HackTheBox ( hackthebox.com )
- Burp Suite ( portswigger.net/burp )
- Metasploit ( metasploit.com )
- OWASP ( owasp.org )
- VirusTotal ( virustotal.com )
Linux Distributions/OSes for Cybersecurity:
Metasploitable Demo System
Metasploitable is an experimental system designed to be a target for penetration testing and vulnerability testing. Metasploitable is used as a victim device to apply penetration testing and security testing techniques. It is designed to contain many vulnerabilities and exploits that can be used for training and learning in cybersecurity.
Metasploitable provides an ideal environment for cybersecurity learners and professionals to test various tools and techniques such as vulnerability testing and exploitation using Metasploit Framework and other penetration testing tools. Metasploitable can be used as a means to understand how to protect systems from cyber attacks and threats by hands-on experience in a secure environment and simulating real attacks.
You can install the Kali Linux distribution on a virtual system inside Windows, as well as install the Metasploitable environment and start learning penetration testing practically.
