Open in app

Sign in

Write

Sign in

Starting with Cyber Security Basics

Aakash Shinghal
12 min readApr 15, 2022

--

In this article, I will talk about some Cyber Security basic concepts to start with.

Mostly, it will be about basic terminologies used daily in-out in the Security world.

Also, it will cover some of the topics being used in the CEH Certification exam.

1. Define Cyber Security/Information Security

Cyber Security is generally a practice of defending :

  • Computers
  • Servers
  • Mobile devices
  • Electronic systems
  • Networks
  • And data from malicious attacks.

The end goal is to prevent any unauthorized users from stealing and misusing information or services.

2. Essential Security Terminologies

  1. Hack Value: Hack Value is a Notion among hackers that something is worth hackable or is interesting.

2. Vulnerability: Vulnerability is the existence of a weakness (design or implementation error or policy error) that can lead to an unexpected event compromising the security of the system.

3. Exploit — is a breach of an IT system security through vulnerabilities.

4. Payload — is the part of an exploit code that performs an intended malicious action.

5. Zero-day attack -

  • An attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.
  • It is an attack that exploits the computer vulnerability before a software engineer releases a patch.

6. Daisy-chaining — An attack in which hackers gain access to one network/device and then use it to access the next networks/devices.

7. Doxing — Finding and publishing personally identifiable information(PII) about an individual or an organization for malicious reasons.

8. Bot — A software application that can be controlled remotely to execute or automate predefined tasks.

3. Elements of Information Security

CIA Triad
  1. Confidentiality: The information is only accessible by persons authorized to.
  2. Integrity: Means no corruption. Data has not been tampered during the transmission and is still intact in its original form. It ensures the accuracy of the information.
  3. Availability: Ensuring systems availability to authorized person.
  4. Authenticity: One’s identity is created with proof and confirmed by a system. ex:-authentications controls.
  5. Non-repudiation: The sender and receiver can’t deny the messages they sent or received. ex:-digital signature.

4. Defense in Depth

Defense in depth is more like putting multiple layers of protection to help prevent the malicious intent people from coming to us and discourage them so they go someplace else.

In real life, you can consider this as placing security in the house to prevent burglars to steal something from the house. To prevent that, we do adopt various methods like :

  • Fencing around house
  • Dogs
  • Motion sensor alarms
  • CCTV Cameras
  • Door/ Windows locks

In the same way, in terms of an organization, there are three control measures an organization should adopt:

  • Administrative Controls
  • Physical Controls
  • Technical Controls
Defense in Depth

5. Security Levels

  • Functionality: the features of the system
  • Usability: GUI of the system and how user-friendly it is.
  • Security: How the processes of the system are used and who is using them

Any change made to one component directly affects decreases the other two.

Ex: if the system security is increased, then the functionality and usability of the system are decreased

6. Security Threats

Threat means anything that has the potential of causing damage to the system.

Types of Security Threats:

  • Network Threats
  • Host-Based Threats
  • Application Threats

7. Network Threats

An attacker may break into the channel and steal the information that is being exchanged.

Examples of Network Threats:

  • Sniffing attack — interception of data by capturing the network traffic using a packet sniffer.
  • MITM attack — attackers intercept an existing conversation or data transfer, either by eavesdropping or by pretending to be a legitimate participant.
  • DNS Poisoning attack — hackers redirect web traffic toward fake web servers and phishing websites.
  • Password attack — intercept passwords
  • DDOS attack — Denial of Service Attack

8. Host Threats

Host-based attacks are the attacks that try to gain access to information from a system.

Examples of host-based threats:

  • Password-based attacks — cracking system passwords
  • Arbitrary code execution
  • Privilege escalation
  • Physical Securit
  • Back door attacks

9. Application Threats

The exploitation of vulnerabilities that exists in the application itself

Examples of application threats:

  • Improper input validation
  • Security Misconfiguration
  • Broken Session Management
  • Information Disclosure
  • Identity Spoofing
  • SQL Injection
  • XSS attack

10. Security Attacks

Security attacks are attempts to gain unauthorized access to a system or a network.

Attacks = Motives(Goals) + Methods + Vulnerabilities

11. Common motives of attackers

Some common attack motives of the hackers are:

  • Data theft/Deletion/Manipulation
  • Create fear/panic
  • Destroy the reputation of the target
  • Financial loss
  • Interruption of business flow
  • Revenge

12. Attacks Classifications

Some common categories in which any attack can be classified:

  • Passive attacks: Don’t tamper with the target system directly. Only intercept or monitor the network traffic.
  • Active Attacks: Tamper with the target system directly.
  • Close-in Attacks: Performed when attackers are close to physical target systems.
  • Insider Attacks: Performed with a trusted person.
  • Distribution Attacks: Tamper with the hardware or software prior to installation. Attackers tamper with the hardware or software at its source or when it is in transit.
  • Defensive Attacks: Use actions or strategies to defend against attacks.
  • Offensive Attacks: Involve attacks against attackers.
  • Semantic Attacks: Instead of harming a system, it takes over the system while maintaining the perception that it is operating correctly.
  • Smurf attack: Attempt to cause users on a network to flood each other with data. Making It appear as if everyone is attacking each other and leaving the hacker anonymous.
  • Information warfare or info war: Use of Information and Communication Technology to gain competitive advantages over an opponent. Ex: virus, worm, trojan horse, logic bombs, trap doors

13. Attack vectors

An attack vector is a method or pathway used by a hacker to access or penetrate the target system.

Common Attack Vectors are:

  • Ransomware — Restrict access to your files and requires payment to grant access
  • Cloud Threats — Data breaches
  • IoT Threats — Easily accessible Insecure IoT devices
  • APT(Advanced Persistent Threats) — Usually low-and-slow to avoid detection

14. Information Warfare

Information warfare is the use of information and communication technologies for competitive advantages over an opponent

Example:

  • Corporations spy on each other to use each other's technology secrets and patents
  • Governments spy on other governments by using hackers as proxies to gain information about e.g. defense systems.

Some common Weapons used in any information warfare are Viruses, Trojans, Malwares, Trap doors etc.

Common info war strategies:

  • Offensive strategy: To attack an opponent
  • Defensive strategy: Take action/prevent the attacks

15. Lockheed Martin Cyber Kill Chain

Cyber Kill Chain is an efficient way to describe how to attack the target organization.

Also in another sense, it’s a framework for the identification and prevention of cyber intrusions activity.

Cyber Kill Chain Steps:

  1. Reconnaissance — Means gathering as much information as possible
  • IP Information
  • E-Mail addresses of employees
  • Social Media of employees
  • Contracts — Either to use it for better contracts or can be used as a conversation starter

2. Weaponization: Analysing collected data to identify vulnerabilities to exploit to gain access.

Attackers engineers malware based on their needs and the intention of the attack. Eg. Creating phishing emails, creating phishing websites, creating malware loaded removable devices

3. Delivery: The attacker delivers the weaponized malware via a delivery medium like:

  • Phishing e-mail
  • Removable devices(like USB)
  • Social media posts loaded with malware
  • Watering hole attacks.
  • Defensive Action — Detect — Determine whether an attacker is poking around

4. Exploitation: Attackers exploit the target systems by installing tools, running scripts, and modifying security certificates. Eg: Arbitrary code execution, zero-day attacks

  • Defensive Action — Deny — prevent information disclosure and unauthorized access

5. Installation: Creating a back door or remote access trojan is installed by malware that provides access to intruders.

  • Time stomp: Means changing the timestamp of the file to an earlier time to make it look like a file installed with OS
  • Defensive Action — Disrupt — Stop or change outbound traffic (to the attacker)

6. Command and Control: The attacker gains control over the target systems and network. Allows remote manipulation/exploitation of the victim.

  • Defensive Action — Degrade and Deceive — Counter-attack command and control / Interfere with command and control

7. Actions on Objectives: The attacker finally extracts the data from the system. The objective involves gathering, encrypting, and extracting confidential information from the target environment.

  • Defensive action — Contain — Network segmentation to avoid full level attack

16. Threat Identifications

Tactics, Techniques, and Procedures (TTPs)

  • Helpful to analyze threats and profiling threat actors that are used to strengthen the security of the organization.

Tactics:-Guidelines that describe the way attackers perform their attacks from beginning to end. It helps to predict and detect evolving threats in the early stages.

Techniques:-Defines the technical methods that attackers use to achieve their goals. It helps to identify vulnerabilities and implement measures in advance.

Procedures:- Detailed sequence of actions taken by the attacker. It helps to identify what an attacker is looking for.

17. Adversary Behavioral Identification

It involves the activity identification of common ways or techniques followed by an attacker to launch penetration attacks.

Some common behaviors identified:

  1. Internal Reconnaissance
  2. Use of Power Shell
  3. Unspecified Proxy activities
  4. Use of command-line interface
  5. HTTP User-Agent
  6. Command and Control Server
  7. Use of DNS Tunneling
  8. Data Staging — Gather and mix the maximum amount of information

18. Indicators of Compromise

Clues, artifacts, or pieces of forensic data found on the network or operating system of an organization indicates intrusion or malicious activities on the organization’s infrastructure.

IOC Categories into:

  1. E-Mail indicators — eg, Sender’s email address, attachments
  2. Network indicators — ex: Unusual DNS requests, URLs, IP Addresses
  3. Host indicators — ex: Filenames, Registry keys, File hashes
  4. Behavioral indicators — ex: Remote command execution, executing a power shell script

19. What is Ethical Hacking

Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data.

It is also known as White Hat Hacking.

It is performed by security specialists to help companies identify vulnerabilities in their networks and systems.

20. Hacker

An individual, who uses their computer and technical skills to gain access to systems and networks.

Hackers Class or Types of Hackers:

  1. Black Hat Hacker: They attack for illegal or malicious purposes.
  2. White Hat Hacker: Also known as Ethical Hacker. They are authorized to attack the target
  3. Grey Hat Hacker: In between Black and White Hat Hacker. Might break the law, but not for malicious purposes.
  4. Suicide Hacker: Not careful about the consequences of their actions.
  5. Script Kiddies: Inexperienced hackers. Don’t have their own skills. Use tools built by other hackers.
  6. Hacktivist / Cyber Terrorists: Motivated by political or religious beliefs.
  • The only difference between cyber terrorists and hacktivists is that cyber terrorists want to send a message. However, hacktivists want to harm their targets.

8. Nation-State / State sponsored: Recruited by governments

21. Hacking Phases

Hacking involves various steps/phases.

  1. Reconnaissance: Also known as footprinting or information gathering.

Types of Reconnaissance:

  • Active Reconnaissance — The attacker engages with a target system
  • Passive Reconnaissance — attacker works in a stealth mode

2. Scanning :

  • Tries to map the routers and firewalls.
  • Uses tools such as port scanners, vulnerability scanners, etc.

3. Gaining Access:

  • This is an attack stage.
  • Find an open point in the target OS/Application

4. Maintaining Access:

  • Maintain persistent access.
  • Also to keep admin/root privileges so hackers can continue using the system.

5. Clearing Tracks:

  • Do anything and everything to hide their activities
  • The goal is to maintain access but without getting noticed
  • Either clear all tracks as fast as possible or if possible then don’t generate any tracks

22. Risk

  • Risk is like a degree of expectation that an adversary event may cause damage to the system.
  • Risk Mitigation: Taking action to reduce an organization’s exposure to potential risks and reduce the likelihood that those risks will happen again.
  • Likelihood: Likelihood is how probable it is that an event will occur
  • Impact: Estimate the harm that could be caused by an event

23. Risk Matrix

The risk matrix is used to scale risk by considering

  • Probability
  • Likelihood
  • Consequences or Impact of the risk.

24. Risk Management

Risk management is the process of reducing and maintaining risk at an acceptable level.

Risk Management Phases:

  1. Risk Identification — Data Gathering activities — threat identification
  2. Risk Assessment- Scale risk by using a risk matrix
  3. Risk Treatment — Prioritize, fix, and document
  4. Risk Tracking — Track risk until closure
  5. Risk Reviewing — Ensures the right action was taken

25. Cyber Threat Intelligence

It helps the organizations to identify and mitigate business risk by collecting information about unknown vulnerabilities, and adversaries.

Types of Threat Intelligence:-

  1. Strategical:-high-level information on changing risk; consumed by high-level executives and management.
  2. Tactical:-provides information related to TTPs; consumed by IT services and SOC managers, administrators
  3. Operational:-provide information on specific attacks; consumed by security managers and network defenders.
  4. Technical:-provide information on specific IoC; consumed by SOC staff and IR; Incidents Response teams.

26. Threat Modelling

Threat Modelling is an assessment to see how secure an application is

It helps to:

  • Identify the threats
  • Discover application vulnerabilities
  • Improves Security

27. Threat Modelling Process

  1. Identify Security Objectives — Understand your CIA goals
  2. Application Overview — Understand the application’s components, libraries being used, data flows, and trust boundaries.
  3. Decompose application — Document application overview results
  4. Identify Threats — Identify threats for each individual component based on application review.
  5. Identify Vulnerabilities — End with vulnerabilities, overall assessment

28. Difference between Threat, Vulnerability, and Risk

  • Threat: A malicious act, that takes advantage of vulnerabilities present in the system.
  • Vulnerability: Flaw in system’s design, security procedures, and internal controls.
  • Risk: Potential consequence of the loss or damage of assets or data caused by a cyber attack.

29. Incident Management

  • A set of defined processes to identify, analyze, prioritize and resolve security incidents to restore normal services operations as quickly as possible and prevent future reoccurrence of the incidents.
  • Incident Response is a part of Incident Handling, which is part of Incident Management.

30. Incident Handling and Response

Steps for Incident Handling:

1. Preparation for incident handling

  • Tools, Policies, Training, Guidelines

2. Detection and analysis

  • How, where, what, why happened

3. Categorization and Prioritization

4. Notification

  • Notify concerned people who are affected and who can act on it

5. Containment

  • Prevent enlarging the damage

6. Forensic Investigation

  • What happened, why happened

7. Eradication

  • Wipe the threat completely

8. Recovery

  • Restore the system to a working state

9. Post Incident activities

  • Record what happened with final reviews.
  • Take measures to avoid that in future

31. Role of ML and AI in Cyber Security

By connecting machine learning and artificial intelligence to protect against cyberattacks, organizations will be able to:

  1. Password protection and authentication
  2. Phishing detection and prevention
  3. Threat detection
  4. Vulnerability Management
  5. Behavioral analytics
  6. Scan massive amount of data
  7. Optimize and reduce cost…

And the list is endless………

32. Information Security Laws and Standards

Every country and region has its own specific laws related to information security and standards. Some most important ones of them are:

1. PCI DSS — Payment Card Industry Data Security System

Set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.

12 REQUIREMENTS FOR PCI DSS COMPLIANCE:

  • Use and Maintain Firewalls
  • Proper Password protections
  • Protect Cardholder Data
  • Encrypt Transmitted Data
  • Use and maintain Anti-Virus
  • Properly Updated Software
  • Restrict data access
  • Unique ids for access
  • Restrict physical access
  • Create and maintain access logs
  • Scan and Test for vulnerabilities
  • Document policies

2. ISO/IEC 27001:2013

  • Set of worldwide information security standards

3. Health Insurance Portability and Accountability Act (HIPPA)

  • Provides data privacy and protection of medical information.

4. Sarbanes Oxley Act (SOX)

  • Specified IT Controls Audit Requirements
  • Protect investors from fraudulent investing practices

5. Digital Millennium Copyright Act (DMCA)

  • Protect the copyright of your work

6. FISMA — Federal Information Security Management Act

  • Protects government information, operations, and assets against various threats.

Also, if you are interested in learning from the videos, then I have uploaded the video on youtube covering the same.

Part1 — Intro to Ethical Hacking

Part2 — Intro to Ethical Hacking

I hope you enjoyed reading this article, as much as I enjoyed writing it. If you like this article please let me know! But, more importantly, if you disagree with this article please, please, please let me know! I made this with the hope of helping the community so if it is off it defeats the purpose! If you have a suggestion or critique please feel free to drop in any comments.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ceh V11
Security
Ethical Hacking
Cybersecurity
Certification

--

--

Aakash Shinghal
Aakash Shinghal

Written by Aakash Shinghal

15 Followers
8 Following

QA Analyst at ThoughtWorks.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams