Hacking tutorials tricks
learning hacking
msijbkk trick
trick
Cyber Security Network
Cyber Network Security(PART 1)
Module 1: Introduction
Lesson 1.1: Introduction and Overview
Skills Learned From This Lesson: Learning Objectives, Prerequisites, Course Layout
Learning Objectives
● Core Knowledge and the Function of Network Security
● The Application of selected Network Security Concepts
● Network Security Architecture and Building Principles
● How to Apply Security Practices
● How to Apply Network Devices Effectively
Prerequisite
● There are no prerequisites even though basic Networking Concepts will be an advantage.
Module 2: Core Knowledge
Lesson 2.1: The Pillars of Cybersecurity Part 1
Skills Learned From This Lesson: CIA, DAD, Cybersecurity Principles
Learning Objectives
● The CIA and DAD Triangles
● Nonrepudiation
● Identification, Authentication, Authorization
CIA Triangle
CIA Triangle is considered the most fundamental aspect of Cybersecurity. The CIA Triangle consists of Confidentiality, Integrity, and Availability
Confidentiality refers to the ability to not disclose confidential information to unauthorized persons. Integrity is the protection of information from unauthorized modification. Availability is ensuring that a system or data is available for authorized users.
DAD Triangle
The DAD Triangle, reveals the opposite of the CIA Triangle. DAD Triangle stands for Disclosure, Alteration, Denial. Each principle in the CIA triad corresponds to an opposing principle in the DAD triad. Confidentiality or Disclosure. Integrity or Alteration, Availability, or Denial.opposing principle in the DAD triad. Confidentiality or Disclosure. Integrity or Alteration, Availability, or Denial.
Cybersecurity Principles
● Nonrepudiation: refers to a user not being able to deny having sent a message or performed a specific act.
● Access Control: Defines the degree of permission granted to a resource
➔ Identification: Answers the question ‘Who is the subject’, Asserting who you are
➔ Authentication: The proof of identification. The process of identification
➔ Authorization: What can be accessed after authentication
Lesson 2.2: The Pillars of Cybersecurity Part 2
Skills Learned From This Lesson: Authentication types, Authorization models, Multifactor authentication.
Authentication Types
● Something you know: This could be a password, secrete code, pin, etc.
● Something you have: This is a physical object like ID cards, key fobs
● Something you are: Biometrics including fingerprints, iris scans, voice, signature, etc.
Multifactor Authentication. This involves combining two or more of the authentication types (something you know, something you have, something you are). Using two different things for example under something you know (say, a password and a pin) is not multifactor authentication.
Authorization Models: Three of the most important and most common models of authorization are;
● Mandatory: Mandatory Access Control (MAC). This ensures that you have an equal or higher clearance for a file or resource to be able to access it. For instance, you must have a Top Secret clearance to be able to access Top Secret files.
● Discretionary Access Control (DAC): In this case, the owner of a file or resource decides who to give access.
● Role-Based Access Control: This model grants access to a resource based on the role of the individual in the organization. For instance, people in Payroll will not have access to Marketing information and vice versa.
Lesson 2.3: Key Principles of Cybersecurity
Skills Learned From This Lesson: CWE, CVE, Cybersecurity updates
Learning Objectives
● CWE and CVE
● How to stay up to date
Common Weakness Enumeration CWE): Relates to vulnerabilities in design flaws, not specific products or systems (https://cwe.mitre.org)
Common Vulnerabilities and Exposures: Relates to specific vulnerabilities within specific products, not the underlying flaw (https://cwe.mitre.org/)
How to Stay “Plugged” In
It can be very easy for one to get behind regarding what is going on in the Cybersecurity Industry. This can happen as a result of the difficulty in sieving out the most relevant information from tons of information which can be tedious and discouraging. A number of information channels exist to make this simple for everyone. ● Using RSS Feeds (Really Simple Syndication): It helps deliver content directly to users without having to go searching for it.
● INFOSEC INDUSTRY: https://infosecindustry.com/news
● Security.iddici: https://security.didici.cc/news
● Security Tube: http://www.securitytube.net/
Lesson 2.4: Threats, Regulations, and Ethics of Cybersecurity
Skills Learned From This Lesson: Ethics, Laws, Regulations.
Learning Objectives
● Importance of Ethics to cybersecurity
● Laws, Regulations, and Policies
Ethics:
The moral principles which govern a person’s behavior. It differentiates an ethical cybersecurity professional and a malicious user.
Example is the (ISC) Code of Ethics
● Protect society, the common good, necessary public trust and confidence, and the infrastructure.
● Act honorably, honestly, justly, responsibly, and legally
● Provide diligent and competent service to principals
● Advance and protect the profession.
Laws and Regulations
● Congress: https://www.congress.gov
Important Laws and Regulations
● HIPAA - Health Insurance Portability and Accountability Act. It regulates how PHI is collected and used.
● Gramm-Leach-Bliley Act - Requires financial institutions to explain how they protect and share sensitive customer information.
● Homeland Security Act - Mandates the Department of Homeland Security to prevent terrorist attacks, reduce the vulnerability of the U.S to terrorist attacks and to also help the U.S recover from terrorist attacks.
● GDPR - General Data Protection Regulation. Provides individuals of the E.U control over their personal data.
0 Comments:
Post a Comment