Cyber Security

In today’s society, digital literacy is crucial. Learn about the digital footprints we leave behind, how to protect your privacy online, and potential dangers.

 

 

This course introduces the idea of cyber security, describes the numerous threats that might result in cyberattacks, and expands your knowledge of the potential defences.

Lesson Structure

There are 11 lessons in this course:

1. Introduction to Cyber Security and cyber attacks/defences
   • Importance of cybersecurity
   • Threats – passive attacks, active attacks
   • Common types of attacks – injection, phishing, denial of Service, malware, spoofing, man in the middle, network attacks
   • Layered approach to defense
   • Physical security
   • Software and Operating System Security, Network security
2. Vulnerability Assessment
   • Assessing vulnerabilities
   • Security posture
   • Performing vulnerability assessment – 5 steps
   • Identifying and classifying assets
   • Threats and risk assessment
   • Baseline reporting
   • Penetration testing – techniques, penetration testing versus vulnerability assessment
3. Securing the facilities and networks
   • Securing a data centre
   • Securing the network
   • Hardware level
   • Software PC, Device level
4. Securing your online digital footprint
   • Digital footprints
   • Social media
   • Web browsing
   • Devices used
   • Managing digital footprint
   • Protecting user reputation
   • Sharing personal information
   • Preserving freedoms
   • Preventing financial; losses
   • Privacy risks
   • Developing better online habits
   • Investigating default settings
   • Using privacy enhancing tools
5. Internet Security and Digital Certificates
   • Digital certificates
   • Digital signatures
   • Digital rights management and Information rights management
   • Electronic books and magazines
   • Generating a digital certificate
   • Exchanging and verifying a digital certificate
   • Web browsing
   • TLS and SSL
   • Security issues
   • Secure web browsing using https
6. Wireless Network Vulnerabilities, Attacks and Security
   • Types of wireless data networks
   • NFC and Bluetooth network attacks
   • Wireless LAN attacks
   • Network blurred edges
   • Wireless data replay attacks
   • Wireless DOS attacks
   • Rogue access point
   • Attacks on home LANs – war driving, war chalking
   • Wireless security vulnerability and solutions
   • IEEE wireless security vulnerabilities
7. Firewalls, IDS and IPS
   • Types of firewall protection
   • Packet filtering firewalls
   • Application/proxy firewalls
   • Hybrid firewalls
   • Firewall limitations
   • Formats and firewalls
   • UTM appliance
   • Intrusion detection systems
   • Network intrusion systems
   • Host based intrusion detection systems]
   • Intrusion prevention systems
   • Common detection methodologies
   • Anomaly based IDPS
   • Signature based IDPS
8. Cryptography
   • Definition, terminology and characteristics
   • Common cipher attacks
   • Ciphertext only attacks
   • Known plaintext attack
   • Dictionary attack
   • Bruit force attack
   • Power analysis attack
   • Fault analysis attack
   • Cryptographical algorithms
   • Symmetric encryption
   • MAC function
   • Asymmetric encryption
   • Slipcovering keys
   • Hash algorithms
9. Access Control and Authentication
   • What is access control
   • Definition, terminology
   • Access control models – RBAC, RAC, HBAC
   • Implementation – group policies, ACL, DACL, SACL
   • Authentication and authorisation
   • Securing and protecting passwords
   • Multi factor authentication
10. Cyber attack Disaster Recovery strategies
    • Five stage response
    • Recovery planning
    • Backup procedures
    • cloud storage
    • Monitoring and logging events
    • Containment of attack
    • Assessing damage
    • Recovery procedures – system images SEO, restore data corruption
    • Authorities tracking attackers
    • Data ands security policies
11. Ongoing Security Management
    • Managing security events – events monitoring
    • Centralised versus Distributed data collection
    • Being organised
    • Understanding the workplace
    • Security and decision making
    • Division of responsibilities
    • Time management
    • Networking
    • Attitude
    • Products and services
    • The law

Each lesson culminates in an assignment which is submitted to the school, marked by the school’s tutors and returned to you with any relevant suggestions, comments, and if necessary, extra reading.

Aims

• What is cyber security?
• Describe the objectives and significance of cyber security.
• know key terms in cyber security, and be able to identify several assaults and countermeasures.
• Describe the process of doing a vulnerability assessment.
• Recognize the methods and tools at your disposal.
• Compare and contrast penetration testing with vulnerability scanning.
• Describe the methods for securing networks, data warehouses, data centres, and physical data storage.
• Recognize the consequences of having a sizable digital presence online.
• Recognize the options people have to control their online digital footprint.
• Learn what an intrusion detection system (IDS), an intrusion prevention system (IPS), and a firewall mean in the context of cyber security.
• Describe the significance, purposes, advantages, and security that firewalls, IDS, and IPS systems give in safeguarding both PCs and computer networks.
• Know the basics of cryptography and the significance of data encryption and decryption.
• Describe the basic elements of cryptographic protocols and the accepted practises for encryption and decoding.
• Recognize the significance of digital certificates and signatures in safeguarding web traffic.
• List the many kinds of wireless data transmission networks and describe the numerous ways that each one is vulnerable to attack.
• Describe the available wireless network security standards for protecting wireless networks.
• Learn what Access Control is and the language used in it.
• Recognize the significance of using access control models.
• Know what authentication is and why it’s crucial to use multi- or double-factor authentication, create secure passwords, and define authentication.
• Describe the best practises for building up redundancy and quick recovery techniques before and after an attack has happened and how to minimise the effects on the systems and networks involved.

How You Plan to Act

• Look into the idea of defence in depth and other layered defence concepts.
• Do some research and justify the cyberattack you chose.
• Describe some of the best vulnerability scanners currently on the market.
• Online, look into 4 privacy-enhancing solutions like VPNs, password managers, and encryption programmes.
• Look at the newest firewall products available.
• Look into the newest NIDS and HIDS products available.

---

Find out how to identify, then reduce, vulnerabilities.

Understanding potential vulnerabilities, evaluating those vulnerabilities in a specific context, and then taking steps to close or avoid those vulnerabilities are the first three steps in the cybersecurity process.

Knowledge is equivalent to power when businesses are attempting to secure their assets. Businesses are more exposed to cyber hazards as a result of increasing their reliance on information technology, including placing or transferring data to the cloud, IoT (internet of things) devices, mobile devices, social platforms, and others. A vulnerability management programme, similar to an annual health check, can assist firms in identifying cyber system vulnerabilities before they become issues.

Secure Position

This is the formal name for a comprehensive security strategy. Everything, from basic planning to execution, is included. The typical security posture of an organisation consists of:

• Technical policies
• Non-technical policies
• Procedures
• Controls

A Vulnerability Assessment

Most cyberattacks aim to take advantage of well-known flaws and vulnerabilities. Also, with so many new vulnerabilities being found every year, it is crucial for businesses to maintain ongoing vigilance in order to assess their IT security posture, identify any gaps, and take the necessary action. The key to addressing this increasingly severe threat environment is a rigorous vulnerability assessment programme. This is so because a vulnerability assessment is a rigorous procedure that locates and measures security flaws in networks, hardware, and software used in applications.

A vulnerability assessment for an organisation should result in a clear report with a list of the environmental factors that need to be addressed and where on the priority list each factor falls. The IT departments of organisations constantly update, patch, and apply software patches to their critical systems. However, managing software updates and patches is a difficult task for IT departments because patches are known to occasionally disrupt other software and in some cases, systems needing patches cannot be taken offline. Because of this, a good vulnerability assessment will give the company a prioritised list of vulnerabilities organised by system or software (or others), which the IT department may use as a task list to strengthen the company’s security posture.

A plan of defence against today’s sophisticated cyberattacks, in which attackers programme the attacks to actively search for vulnerabilities in systems and networks and automatically start their attack process as soon as these are found, is crucial for any organisation, even if it is not a high priority target. Knowing the difference between scanning for vulnerability assessments and analysing and prioritising vulnerabilities by incorporating them into a larger “risk management programme” is also crucial.

The five steps listed below are frequently included in a vulnerability assessment:

1. determining the assets that require protection;
2. assessing potential dangers to those assets;
3. conducting a vulnerability assessment to determine how vulnerable the existing method of protection is;
4. evaluating risks (by considering the impact and possibility of any potential weakness being exploited);
5. reducing dangers.