CYBERSECURITY FOR BEGINNERS: Essential Skills and Best Practices to Safeguard Your Digital World (2024 Guide)

By CLIFFORD GILL

Enter the critical realm of cybersecurity with "Cybersecurity for Beginners." This comprehensive guide is tailored for those new to the field, providing you with the knowledge and tools needed to protect your digital assets from cyber threats. Whether you're a student, professional, or simply someone who wants to stay safe online, this book demy

• Language: English
• Publisher: CLIFFORD GILL
• Release date: Jun 13, 2024
• ISBN: 9783689441937

CLIFFORD GILL

Clifford Gill is a seasoned cybersecurity professional with over 15 years of experience in the industry. Based in New York, he has worked with numerous Fortune 500 companies to enhance their cybersecurity measures and protect their digital assets. Gill is passionate about educating others and has authored several books and articles on cybersecurity, aiming to make the field accessible to beginners and experts alike.

Book preview

1

Chapter 1 Confidentiality

We shall refer to the combined concepts of secrecy, integrity, and availability as the CIA. You may have heard the name CIA used in a number of security plans. To explain privacy,honesty, availability, and let’s start discussing confidentiality.

The word confidentiality is frequently associated with encryption, and when we discuss encryption, we’re discussing the capacity to conceal or privateize our data. Occasionally, we may refer to a virtual private network (VPN) network, with the intention of maintaining privacy. There are a number of encryption methods at our disposal.

We’ll discuss algorithms and other related topics when we get into cryptography principles, but for the time being, it would be helpful to discuss them in a little more detail now. We may utilise 56-bit encryption, often known as Data Encryption Standard, or DES.

Another encryption standard that we have access to is 3DES, which uses 168-bit encryption. Additionally, there is Advanced Encryption Standard, or AES. AES has encryption options of 128 bits, 192 bits, or 256 bits and we still adhere to those principles now.

These days, 3DES and AES are more suitable than DES. As DES has become less capable of providing high levels of security, you’re probably not going to want to use it anymore. Our data is hidden using various encryption techniques, and doing so requires the usage of a key.

Prior to discussing keys, it is important to recognize that there are two distinct kinds of keys. We possess both an asymmetric and symmetric key. Symmetric keys refer to the usage of the same key for encryption as well as decoding. A symmetric key can be used for real-time exchange for specific algorithms since it can happen fast.

Assuming, for illustration, that we have a VPN tunnel, we should first set up a PC to reside behind our VPN gateway. We have some sort of link out on the internet, and the VPN gateway may be a Cisco firewall. On the other end, there can be an additional Cisco firewall, and On that side, we wish to communicate with a server using our PC.

Our plan is to have the firewalls construct encryption on our behalf. This will include creating a tunnel between them and encrypting our data in real time. That data will be sent in plain text or accurate data, but We will have encrypted data once it reaches the firewall’s interface.

The encrypted data is then transferred in real-time over the network. When it reaches the firewall on the other end, the symmetric key is used to decode the data, allowing us to communicate with the server with clear data once more. Usually, we utilize this.

If we are discussing asymmetric algorithms, we should be discussing the Rivest, Shamir, and Adleman algorithm (RSA) or simply the RSA algorithm. In this instance, we employ a public and private key pair. Public and private, and it’s critical to recognize the distinction because of this.

While asymmetric algorithms are useful for encrypting data and perhaps decrypting it at a later time, they are not always the best choice for real-time encryption. RSA algorithms are another option we have for authentication. This concludes our high-level summary of secrecy.

We may offer secrecy using various encryption techniques, and we’ll soon go deeper into the ideas of cryptography, but for now this is only a general summary of what secrecy offers for us.

2

Chapter 2 Integrity

Ensuring that data has not been altered is the goal of integrity, and more especially, data integrity. We must be able to confirm the accuracy of our data. Typically, we employ a hash function of some kind to confirm the accuracy of our data. Essentially, there are two key protocols that we would examine. We have Secure Hash Algorithm, or SHA, and Message Digest 5, or MD5. While SHA is a 160-bit hash if we’re using SHA-1, MD5 is a 128-bit hash; nevertheless, we have access to more SHA techniques.

Let’s say we have our data and we wish to confirm that it hasn’t been altered. We wish to confirm the data’s integrity. Thus, this is what we can accomplish. We take the information and duplicate it. We accept that a copy of the data, which we will then subject to a hash method.

It may be compared to a funnel, and the funnel could be MD5 or SHA. Following that, we run it through any hash technique we’re using, and when it’s finished, the date will appear with this huge jumbled collection of almost absurdity. This is due to the fact that it is a hash, which is unreadable. The actual data is now associated to the hash, allowing us to transfer it across the network. Next, we take that hash and attach it to the original data. They can confirm the data’s integrity there. We get data that comes across the network from the other side, and whether it is encrypted or not, it has a hash. The method we’ll be utilizing is known to the other party, therefore The key is already with them. For the purposes of this example, let’s assume that the other side already possesses those keys. We will talk about the specifics of the key exchange process later.

Our network use MD5 or SHA as well. What occurs is that they take the data, replicate it, and run the copy through the hash algorithm. Finally, they take the hash we supplied and see if it matches the hash that they produced. If so, we can confirm that no changes have been made to the data while it has been in transit.

Here’s another way we might explain how this operates. Consider that you are sending a pal a box. Let us imagine that we have this parcel, that we are going to package it and deliver it to our friend via a shipping firm. Transport mechanisms will exist regardless of the firm we select, and once we give the product to this mode of transportation, we have no control over it. Since we are unable to view the package, we are unaware of the state of the data. As a result, we grab the box and place it on the scale. We know how much it weighs when it departs since our scale indicates that it weighs 10 kg. We Print a shipping label that includes the weight and the TO and FROM addresses in addition to the other information.

We can now assume that this weight represents the integrity hash. I can determine that it weighs 10 kg since we have a scale. After applying a sticker on the exterior of our box, we fixed that. Next, our shipment guy arrives, and After he scoops it up, it is on its way. Now that it has reached the other side, this box is delivered. After I mailed this box to my buddy, he calls to let me know that it arrived, yet just getting there is insufficient. I have to be certain that integrity is still unbroken. How then do I go about doing that? My friend will examine the shipping label and see that the package weighs ten kilograms.

He is going to take the box that I just delivered, weigh it on his scale, and determine whether it weighs 10 kg. If not, he will be aware that something went wrong with this box while it was in route. Now let’s

claim that the crate weights just 5 kg when it arrives. That certainly is a serious issue. We would now realize that there was some sort of difficulty during transportation and that the shipment is no longer legitimate because we lost 5 kg along the route.

In the context of data networking, if the integrity hash fails and the package is a VPN, we will discard it. We’re not going to read it and we don’t want to interact with it because it’s not what we anticipated that it would be. That’s what we call integrity. Ensuring data integrity simply involves having a mechanism of confirming that the data hasn’t been altered.

3

Chapter 3 Availability

Availability, To put it simply, the business cannot function if our systems are unavailable. That’s how easy it is. Ensuring that our devices are accessible within the network is the essence of availability. That implies Because in order to offer redundancy for high availability, we must both maintain our hardware and have a strategy in place for a partial failover.

A variety of factors are related to availability. In order to ensure that we are utilizing reliable software without any related hazards, it is imperative that we do tasks such as upgrades and adhere to a vendor’s upgrade route.

Cisco, for instance, does a great job of informing us about risks that are now active or when a certain software version needs to be updated. Consequently, ensuring that we implement system upgrades as necessary.

Ensuring that a network has the necessary bandwidth also contributes to its availability. even essential to confirm that bottlenecks are being avoided. The overabundance of data can also cause issues if it causes a decline in traffic causing the network to go down.

To put it plainly, availability refers to the fact that we ensure the network is available since without it, we are unable to carry out operations. When we discuss some of the network dangers later on, some of these threats will focus on a network’s availability.

A denial of service attack is one instance of it. An attempt to stop the network or devices on it from offering the required services would be known as a denial of service attack. Now that we have a solid understanding of availability, confidentiality, and integrity, let’s go on and examine SIEM technology.

4

Chapter 4 Security Incident Events and Monitoring

Before we talk about SIEM, or Security Incident Events, and monitoring technologies, let’s talk about logging for a moment. A secure network must include logs as they are essential for recording information for troubleshooting or for Auditing policy compliance has advantages.

There will always be some kind of policy in place in a secure network, and we must audit it to make sure we’re adhering to its requirements. Logging, then, is what makes this possible for us. The majority of our security devices include logging, so we can utilize the data we collect to identify attacks that are ongoing and determine when they began. Let’s take an example where we have a firewall that can transmit log data to many locations. It can communicate it by console cable, TELNET, or SSH, often known as secure shell, to our CLI, or command-line interface.

We receive logging notifications, but unless we’re in the thick of troubleshooting, we usually don’t want that. Additionally, logs can be sent to the buffer, which is an internal storage area. Should we provide information to the internal storage location, our available storage space is one factor to take into account. Some of the older logs will need to be overwritten if that buffer fills up. We can also transmit data to Flash, another site for storage, although storage issues still arise there as well. The other two possibilities available to us are distant options.

utilizing a Syslog server is one method; utilizing SNMP, or Simple Network Management Protocol, is the other. These would be distant choices where we would transmit the data to a server, and we frequently Give them the name log collector server. Your data may be being collected by a log collector and displayed on a particular Syslog server. We also have our firewall, which has data-sending capabilities. However, we also have more networking hardware, such switches, routers, and security hardware like Cisco ACS and Cisco ISE.

Although Cisco ACS is no longer maintained, many businesses are still utilizing the ACS server, as far as I can tell. In any case, we have a large number of devices, but the majority of them often have the same kind of logging capabilities. However, One thing to keep in mind while using these logging features is that while the structure is same, the log messages are typically not. Thus, for instance, the logging messages you receive from the Cisco ASA Firewall, a Cisco ASR router, or a Cisco 9300 switch will differ significantly from those from the Cisco ISE. This implies that this Log collection server will include several files, or at the very least, a wide variety of message kinds.

Rather than categorizing all those distinct output types, we may utilize SIEM technology to gather all that information from separate SNMP or Syslog services. The SIEM system will then correlate the information to provide us with the capacity to use such knowledge. With SIEM technology, we could log all of the data in one place and take appropriate action from there. SIEM is able to aggregate data and issue alerts for specific purposes. Generally speaking, we may configure various