Deciphering Cybersecurity Essentials

Green Font . Running Text . Hooded Figure

These might be the first things that might come to one’s mind when asked to describe what a person working in cybersecurity looks like. The look and feel of the above image might be the reason why some choose to get into the field of cybersecurity, but why I find the field of cybersecurity interesting is multifaceted.

Firstly, it is ever evolving. Like any of you, I find doing mundane and repetitive tasks extremely mind-numbing and unsatisfying. But the practices of cybersecurity are always being disrupted by newer and disruptive cybersecurity threats. Cybersecurity requires one to be extremely up-to-date. Secondly, the increase in demand for individuals with a background in cybersecurity. I have attached a few screenshots to supplement this point.

Before we understand any cybersecurity essentials, it is prudent to understand what cybersecurity really is. Cybersecurity is a field that deals with ways to protect systems and services from malicious online entities such as spammers, hackers, and cybercriminals.

Now that we have a firm understanding of what cybersecurity is, let's understand the different subdomains of cybersecurity.

Cybersecurity Sub Domains:

Web Security: Web security refers to the practice of protecting computer networks and computer systems from cyber threats such as SQL injection, Password Breaches, Data Breaches, etc. Web Security experts keep up with the OWASP standards as those help them match industry-level web security expectations.

Network Security: Network Security is any practice that involves the protection of an organization’s network and data. Practices such as Firewalls, Access Control, etc., help in preserving the security of a network.

Cloud Security: Cloud Security typically focuses on the practice of encrypting data while it is at rest, in motion as well as in use. Solutions such as Identity Access Management [IAM], Data Loss Prevention [DLP], and many more help in withstanding cloud-based cyber-attacks.

Application Security: This subdomain deals with preventing vulnerabilities such as unwanted access or modification from taking place. The different types of application security methods are authentication, authorization, encryption, logging, etc.

Types of Cyber Attacks

Understanding the different tracks of cybersecurity is not enough to get a full picture. Hence let’s look at some of the most popular types of cyber attacks.

Malware

Malware is a term used to describe malicious software including spyware, ransomware, viruses, and worms. This is probably the most common type of cyber attack that you have heard of or might have even encountered.

Ransomware is one of the most commonly used forms of malware as it stops a user from accessing his/her system files unless the ransom is paid. They restrict access by encrypting the user’s files and the only easy way to gain access to those files is by paying the ransom and getting the decryption key.

Man in the Middle [MiTM]

Man-in-the-middle attacks usually take place when an attacker tries to place himself between a user and an application. The main objective of this kind of attack is to gain the personal information of a user such as usernames, passwords, credit card numbers, etc.

Denial of Service

Denial of service attacks are attacks that flood a network, service, or system to exhaust its bandwidth/resources. When these kinds of attacks are done through multiple devices it is known as a distributed denial-of-service [DDoS].

SQL Injection

A SQL injection happens when an attacker inserts ill-intentioned code into a server that uses Structured Query Language [SQL]. This is done to obtain information from the server which it usually would not share.

Zero-day Exploit

Zero-day is a special type of cyber attack that relies on the window of the announcement of a network vulnerability and the arrival of a subsequent patch/solution.

A common question that might pop into your head after understanding the different types of cyber threats is — “How does one/an organization prepare against such threats ?”. The most common method that is used is the CIA triad which stands for Confidentiality, Integrity, and Availability. The CIA triad is also commonly referred to as the three pillars of security and most of the security policies of an organization are built on these three principles.

The CIA Triad

Confidentiality

One of the most important pillars of the triad is confidentiality which deals with the secrecy of data. Confidentiality can be achieved by granting access to only intended individuals. Some methods of achieving confidentiality are encryption, access controls, 2FA, etc.

Different controls must be implemented for data in its different stages such as in storage, in transit, or in process. Cyber attacks that might compromise confidentiality are Man-in-the middle, session hijacking, DNS poisoning, etc.

Integrity

The two major factors that should be kept in mind for maintaining integrity are that unauthorized entities should not be able to make changes to the product and that authorized users should not be able to make unauthorized changes to the data.

Integrity is built on the backbone of nonrepudiation. What repudiation means is that nobody can deny the occurrence of an event. This can only be achieved with proper access and action logs.

Integrity breaches can be caused by file modification, file deletion, altering configuration, etc.

Availability

Availability refers to the constant access to data. Availability is also closely linked to the reliability of a system. Availability also accounts for the availability of the ancillary infrastructures such as networks and communication.

Security controls must provide good identification and authorization to prevent cases of interruptions and deal with them at the earliest. Cyber attacks that might put availability in jeopardy are Denial of Service [DoS] attacks or Distributed Denial of Service [DDoS] attacks.

Various Tracks in Cybersecurity

The major careers that are available in cybersecurity can be broadly divided into three major tracks namely defensive, offensive, and research.

Defensive

The defensive side of cyber security mainly deals with preventing cyber attacks from happening and when intrusions inevitably take place, detect them and respond to them at the earliest.

• Blue Teamer: The blue team is mainly responsible for responding to cyber attacks when they take place.
• Security Operations Center [SOC]: The security operations center [SOC] mainly consists of individuals who continuously monitor the network and its systems for any cyber attacks/threats.
• Cyber Forensics: The individuals that are a part of Cyber Forensics mainly look at the attack at hand as well as the cyber actor involved. They are mainly responsible for the analysis of a cyber attack after it has taken place.

The defensive track of cybersecurity also consists of Secure Software Developer, Security Architect, Incident Response, etc.

Offensive

• Red Teamer: The red team rigorously attacks the organization’s services, network, and systems as any cyber criminal would and provides constructive criticism for improving the security measures of the said organization.
• Penetration Tester: The job of a penetration tester is to find the vulnerabilities in the company’s products, services, and infrastructure.

The offensive track of cybersecurity also consists of Cloud Auditor, Bug Bounty Hunter, Application Security Expert, etc.

Research

Threat Analysis, Malware Analysis, Security Trend Analysis, etc., all fall under the research track of cybersecurity.

Penetration Testing

Penetration testing is an extremely important part of testing any software or system as it provides insights into security vulnerabilities. These can be used to strengthen the security measures of the product.

Depending on the amount of access given to the pen testers, penetration testing can be roughly divided into; opaque box, semi-opaque box, and transparent box. These can be easily understood by equating the access given to the testers to the amount of light materials with the same properties would allow in real life.

1. Opaque Box: In this scenario, the testers are not acquainted with the internal structure of the structure. Under the said circumstances the testers act as any black hat hackers would and try to find any external vulnerabilities.
2. Semi-Opaque Box: The team has some knowledge of the target’s inner data structures, code, and algorithms. They then can formulate detailed test cases to break the target’s security measures.
3. Transparent Box: The testers have complete access to the system and it’s working. This approach is considered highly effective as it replicates the highest level of access any wrong actor can have while committing a cybercrime.

Phases of Penetration Testing

1. Reconnaissance: Involves the gathering of any auxiliary information about the target from both public and private sources alike. This is used to lay down the foundations of the attack strategy.
2. Scanning: Penetration testers decide upon methods based on the information gathered during the reconnaissance stage. These methods are then used to scan the system for any vulnerabilities.
3. Gaining Access: This is the stage where the attack strategy is executed. The testers try to use various cyber attack strategies to gain access to the target system.
4. Maintaining Access: This step is equally as important as the previous stage as it is important to maintain access till the objective of the intrusion is achieved. The objectives can be data theft, data modification, etc.

Phew! That was a lot of information. But the point of this blog has been to give you a holistic view of the whole cybersecurity space. Some topics are very important to the subject of cybersecurity, which have been left out such as CTfs, information security, different types of hackers, frameworks, cryptography, etc. These topics have been intentionally left out for the reader to go and research them from here on. I sincerely hope that this blog has got you extremely excited about the wondrous world of cybersecurity. Keep learning and cheers!