Post

Introduction to Cybersecurity

Entering a new area in computer science is always challenging for me. In this blog post, I’ll introduce you to the essential concepts you need to understand to navigate the world of cybersecurity.

What is Cybersecurity?

Cybersecurity has different definitions by different standards and perspectives. However, I really like the definition of cybersecurity given by CISA1:

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.

Offensive vs Defensive

Generally, cybersecurity roles can be categorized into offensive and defensive. Offensive security simulates the actions of hackers by attempting to break into systems, exploit software bugs, or gain unauthorized access. Conversely, defensive security focuses on investigating compromised systems to understand how they were breached and preventing such incidents.

Based on the definition I gave, do you think the quote below is from an offensive security professional or a defensive security professional?

To beat a hacker, you need to act like a hacker.

Offensive Security

Offensive security involves proactively seeking vulnerabilities in systems and attempting to exploit them. Here are three primary careers in offensive security:

  • Penetration Tester: Tests technology products to find exploitable security vulnerabilities.
  • Red Teamer: Acts as an adversary, attacking an organization to provide feedback from an enemy’s perspective.
  • Security Engineer: Designs, monitors, and maintains security controls, networks, and systems to help prevent cyber attacks.

One of the first steps in offensive security is testing for vulnerabilities. This begins with directory discovery to find hidden pages an application might have. Tools like Gobuster are useful for this purpose.

Defensive Security

Defensive security focuses on two main tasks:

  • Preventing intrusions from occurring
  • Detecting and responding to intrusions

Tasks in defensive security include consulting users about security concerns, setting up logging devices for monitoring, and managing assets effectively. To protect a system, you must first know what you have.

Key topics in defensive security include:

  • Security Operations Center (SOC)
  • Digital Forensics and Incident Response (DFIR)

Security Operations Center (SOC)

A SOC is a team of cybersecurity professionals that monitors networks and systems to detect malicious events. One of their crucial responsibilities is threat intelligence, which involves gathering information about actual and potential adversaries, such as nation-state cyber armies or ransomware groups.

Digital Forensics and Incident Response (DFIR)

Digital forensics involves applying scientific methods to investigate digital crimes. It focuses on analyzing File Systems, System Memory, System Logs, and Network Logs.

Incident response involves four major phases:

  1. Preparation: Training and readiness to handle incidents, with preventive measures in place.
  2. Detection and Analysis: Identifying and analyzing incidents to determine their severity.
  3. Containment, Eradication, and Recovery: Stopping the incident from spreading, eliminating it, and recovering affected systems.
  4. Post-Incident Activity: Producing a report and sharing lessons learned to prevent future incidents.

Malware, short for malicious software, includes various types such as viruses, trojan horses, and ransomware. Malware analysis aims to understand these programs through:

  • Static Analysis: Inspecting the malware without running it.
  • Dynamic Analysis: Running the malware in a controlled environment to monitor its behavior.

Tools like AbuseIPDB and CISCO Talos Intelligence help perform reputation and location checks for IP addresses, aiding in alert investigations and improving internet safety by reporting malicious IPs.

Careers in Cybersecurity

Cybersecurity is an exciting and lucrative career path. You can legally hack systems to find vulnerabilities or work to protect them, all while earning a good salary. Different roles in cybersecurity include:

  • Security Analyst: Explores company networks and provides recommendations to engineers, working with stakeholders to understand security requirements.
  • Security Engineer: Develops and implements security solutions using threat and vulnerability data.
  • Incident Responder: Efficiently responds to security breaches, creating plans and protocols for companies.
  • Digital Forensics Examiner: Investigates crimes and establishes facts to charge the guilty and exonerate the innocent, or analyze incidents in a company’s network.
  • Malware Analyst: Analyzes suspicious programs, discovers their functions, and writes reports on findings.
  • Penetration Tester: Ethically hacks systems to test their security.
  • Red Teamer: Simulates threat actors to test a company’s detection and response capabilities, uncovering vulnerabilities and maintaining access while avoiding detection.

By understanding the differences between offensive and defensive cybersecurity roles, you can better navigate the exciting field of cybersecurity and choose a career path that suits your interests and skills.

Read More

This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.