Introduction to Cyber Security – Essential Concepts

Section 1 – Understanding Hackers

Types of Hackers
In this video, we're going to talk about

the two different types of hackers, which are black hat and white hat hackers.

There's also gray hat hackers,

which fall somewhere in between the middle of black hat and white hat hackers.

But we're going to focus in solely

on black hat and white hat hackers in this course in this lecture.

So a black hat hacker is a stereotypical bad hacker.

These are going to be our cyber criminals and people that we think about

when we think about hackers. These are people that are illegally

hacking into our IT systems for a variety of different reasons.

And we'll talk about different motivations

that hackers have later on in this section.

But their goal is to cause harm,

to steal data or to ransom that data and to financially extort us.

Then on the flip side,

we have our white hat hackers, and white hat hackers are our good hackers.

These are our ethical hackers,

people that work in the cyber security division of a company,

or they work for a consulting firm, and they perform vulnerability assessments

and penetration tests and security assessments to help increase the security

posture of the organization's IT infrastructure.

So their goal and their role is testing and protecting IT systems.

And so when we think about the dichotomy of hackers, there are black hat hackers
 Introduction to Cyber Security – Essential Concepts

on one side and white hat hackers on the other side.

Like I said, there's also Gray hat hackers that fall somewhere in the middle.

But we're not going to talk about those in this course because I think

for the purpose of this course, understanding that black hat hackers are

the bad hackers and those of you that are aspiring to become ethical hackers, well,

you're aspiring to become a white hat hacker.

So that's the difference between a black hat and a white hat hacker.

What we're going to talk about in the next video are hacker's various motivations.

So there are a variety of different

motivations that motivate hackers to hack into systems.

And we're going to talk about that in the next video.

Hacker Motivations
Alright,

so now that you know the difference between black hat and white hat hackers,

let's take this discussion a bit further and let's talk about black hat hacker

motivations, because not all hackers are the same.

So when we're looking at black hat

hackers, bad hackers, there's a variety of different types

and their level of skill and the reason for hacking into a business or

organization or even a country is going to differ.

They are going to have different motivations and different reasons.

And the first one is going to be our most unskilled type of a hacker.

We call these script kiddies.

These are people that go out onto the web,

typically the dark web, and they pay for and they download
 Introduction to Cyber Security – Essential Concepts

a script or a program and they use that to do something like defacing a website.

They really don't have any sort

of ideology other than they want to do something devious.

There's also hacktivists.

And just like their name implies,

these are going to be hackers that are activists.

So they're hacking for an ideological

reason, such as maybe it's a political reason or an environmental reason.

And a good example of this would be

an environmentalist hacker that's against fossil fuels.

And they hack into a large oil company's

website and they take it down for ideological environmental reasons.

There's also state sponsored hackers.

These are hackers that work for a government.

They could be within a particular governmental agency.

They could be within that government's military.

And they are hacking at the direction

with the support and the training of the government and the military themselves.

So when we talk about state sponsored

hackers, these are what we call persistent threats because they always exist.

And governments are always hacking other

governments for a variety of different reasons.

So those are state sponsored hackers.

Then there are cyber terrorists and these

are going to be cyber-based terrorists who have a goal of harming our

infrastructure, such as our energy infrastructure or civilians themselves.

 Introduction to Cyber Security – Essential Concepts

And then lastly, we have hacking as a service.

So hacking is now becoming a business.

This is where we have black hat hackers

who sell their services for a variety of different attacks for financial gain.

So these are hacking groups in certain countries that are selling their services

to individuals who want them to hack something illegally.

So as you can see, there's a variety of different motivations.

We have unskilled hackers that are just

out there just doing something devious for no particular reason.

There are hacktivists that are doing it for ideological reasons.

There are state sponsored hackers who work

for the government or are part of their military.

There are cyber terrorists who are

terrorists and they're hacking to cause harm.

And then there is hacking as a service.

So those are our typical hacker motivations.

What we're going to talk about in the next video is the hacking methodology.

So let's go ahead and let's get into that.

Hacking Methodology
Alright,

so in this video, we're going to talk about the hacking methodology.

In other words, how hackers hack you and I

and organizations. Now because this is not an ethical hacking course,

we're not not going to get into the weeds.

We're going to keep this very high level.

 Introduction to Cyber Security – Essential Concepts

And I'm going to walk you through the framework of how a hacker goes about

hacking into an IT system and/or a network.

So it all starts off with information gathering.

And in the hacking world, we call this open source information

gathering because hackers, whether they are black hat or white hat

hackers, they're going to take a look first at what's publicly available.

They'll take a look at websites, press releases, anything they can get

their hands on that's publicly available that's going to help them out.

They can then take that and they can perform social engineering.

So, for example, let's say they go to a website and there's

a bunch of contact information, maybe they perform social engineering

where they're impersonating somebody to try to get private information.

Once they do that, and they have a good idea of an entryway

into the network, and then they'll start fingerprinting and scanning the network.

And the whole purpose of doing this is

to fingerprint the network and the systems on the network, to get an idea of the IP

address schema as well as the different operating systems that are on the network.

So it gives the hacker an idea of the architectural layout of the network.

They'll potentially identify what operating systems and the specific

versions of the operating systems on the network.

They'll have a very good idea of the IP address schema,

how the network is designed, and that will give them some additional

information to continue on with their hack.

After they have that,

they'll start performing what we call a vulnerability assessment.

In other words, they're going to scan the network, specifically the devices
 Introduction to Cyber Security – Essential Concepts

on the network, whether that be the switches

and the routers or it be the servers and the end user systems.

They're going to scan them for vulnerabilities.

So they're going to look at those systems.

They'll already have an idea of the operating system.

But they'll go a bit further and they'll

look to identify specific vulnerabilities on those systems.

Once they've identified vulnerabilities,

then they move on to the exploitation phase.

This is where it gets fun

for ethical hackers. This is where we take

a vulnerability and we look for specific exploits.

How can we take that vulnerability and exploit it to get access to that system?

Once they've done that, then we move on to the post exploitation phase.

And this is where things differ depending

upon whether you're a black hat hacker or a white hat hacker.

If this is a black hat hacker,

a bad hacker, well, they're going to try to do various different things.

They may try to cause harm to a specific server or specific device on the network.

They may be looking to steal data. They may be looking to install malware.

They may also be looking to escalate

privileges so they can pivot to other systems on the network.

And lastly, they may be looking to maintain their access,

so whatever they're doing,

they have long term access and they can continue to steal data or pivot over

to other systems and potentially other networks.

 Introduction to Cyber Security – Essential Concepts

So when we think about hacker motivations,

specifically black hat hacker motivations, in regards to what they potentially may

do, it could be a variety of malicious things.

Now let's flip it around and let's talk

about it from the perspective of a white hat hacker, an ethical hacker.

So before an ethical hacker starts hacking

a system or network, well, first off, we need to understand what that is.

So what an ethical hacker will do is

they'll sit down with the stakeholders and they'll have a pre-engagement meeting.

If they're a consulting firm or if they work for the company themselves,

they're going to sit down and determine what's in scope of what we're doing.

What are we allowed to attack?

Do you want us just to do a vulnerability

assessment or do you want us to do a full blown penetration test

we're going to actually try to exploit the vulnerabilities that we find?

And also, are you going to give us any information regarding the network or are

we going to look at it from the perspective of a black hat hacker

where we don't know anything about the network?

And also, are there certain things that are off limits,

such as certain devices, and are we allowed to perform social engineering?

Can we do this during the day?

So what's within scope and what's not within scope?

That's going to be the pre-engagement.

And what happens is with this pre-engagement,

there's going to be contract

that's written up that defines everything that's within scope and everything that's
 Introduction to Cyber Security – Essential Concepts

outside of the scope of whether this be a vulnerability assessment or a full blown

penetration test, where we're going to try to exploit those vulnerabilities.

Now, once all this is done, the ethical hacker will go through all

the steps just like a black hat hacker, all the way to post exploitation.

However, at the end,

what they're going to do is they're going to take all that information and they're

going to write a report that provides their findings.

So if they're just doing a vulnerability scan and a vulnerability assessment

and they're not looking to exploit any of those vulnerabilities,

then the report will include the vulnerabilities and their recommendations.

If they were actually exploiting those

vulnerabilities and doing a full blown penetration test, then they'll talk about

in that report what vulnerabilities they were successfully able to exploit

and their recommendations for remediating those vulnerabilities.

So that's where things differ.

The black hat hacker is looking to cause

harm and do malicious things, whereas the ethical hacker is looking

to perform a vulnerability assessment and if they're looking to exploit those

vulnerabilities, they're doing it so they can provide a report and recommendations

to the organization so they can increase their IT security posture.

So that's the hat hacking methodology, your

10,000 foot introduction to the world of hacking.

So hopefully you found this insightful.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.
 Introduction to Cyber Security – Essential Concepts

Section 2 – Networking 101

What is a Network?
Alright, so we're going to start things

off with this section by defining what a network is in its most simplest form.

So in its most simplest form, a network is nothing more than two

connected computers sharing resources with one and another.

Now this diagram depicts a couple of desktop computers, but in 2022,

when we think about computers, we can think about anything ranging

from a smartphone to a tablet to an IoT device within your home, you name it.

Any two devices that are connected

together to form a network where they're sharing resources with one another,

that could be a file, they could be exchanging data back and forth.

It really comes down to what the specific purpose is of those devices.

In regards to any network, it has two main aspects.

There's going to be a physical connection.

So that's going to be the wires and the cables,

if it's physically connected and if it's

using WiFi, then it's going to be wireless.

And then also there's the logical connection.

That's going to be the actual data

that's going to be going back and forth

across this physical connection, whether it's wired or wireless.

So we need to understand that the physical

connection is what allows the logical connection, meaning it allows the data

to be able to be transported across that physical medium.

 Introduction to Cyber Security – Essential Concepts

Now, in regards to networking, it's a lot more complex than this.

But I wanted to start off with a very basic definition because as we progress

in this course and as you see some various examples of some of the threats and our

countermeasures, you're going to see where this comes into play.

So that's what a network is in its most basic form.

Some Basic Networking Rules

Alright, so let's continue on our discussion by now

talking about some basic networking rules, rules that allow networks to operate.

So when we're talking about a computer network, it could be any computer network

network, every single network within the world,

they have procedures that they have

to follow to allow them to operate, to allow them to send and receive data.

And in the world of IT networking, we call these communication protocols.

And what you're going to learn in this

section is that there's a plethora of different computer networking protocols

that allow networks to work and that allow the Internet to work.

Now, additionally,

in regards to a computer network, when we're sending and receiving data back

and forth, we need to know the addresses of the devices.

So if we have this system over here

on the left that wants to send some data to this system over here on the right,

well, this would be the origin and this would be the destination.

When we're sending data back and forth,

that's going to include the origin and destination addresses.

Because when these devices are communicating back and forth, well,
 Introduction to Cyber Security – Essential Concepts

they need to know where it's coming from and where to reply to.

Just like if you received a piece of mail

in the mail and you wanted to know where it came from and you needed to send it

back, well, you need to know the origin and destination addresses.

In the world of networking, we call these IP addresses and MAC addresses.

And you're going to learn the role

of the IP address and the MAC address later on in this section.

So that's our basic networking rules.

This is going to lay the groundwork for us to continue on our discussion regarding

protocols and IP addresses and MAC addresses.

Computer Protocols
Alright, so let's continue on with our discussion

talking about computer networking protocols.

So like I mentioned in the last lecture,

computer networking protocols, specifically communication protocols.

Those are what allows us to communicate with other devices on a network.

And if we take a step back and we just

talk about protocols in general, protocols are nothing more than rules.

And if we take a look at an example

of driving, let's say that we have traffic on a street.

And let's assume that the cars are our

packets of data going across the network and there's an intersection.

And in that intersection

there's going to be a green light for traffic in one direction and there's

going to be a red light for traffic in the other direction.

 Introduction to Cyber Security – Essential Concepts

Well, what happens if somebody runs a red light and they cause an accident?

Well, that's going to cause a traffic jam.

And if we look at that from the

perspective of a computer network, well, that means that the data is not going

to be able to transport across the network anymore until we resolve that issue.

So what you're going to learn later

on in the section is that there's a lot of different protocols that allow networks

to work, and we need all of them to work properly.

So I know this is just a very simplistic

diagram, but assume that this was more than two computers.

If we had 100 computers on here and a protocol wasn't working, well,

they wouldn't be able to communicate back and forth with one and another.

And in regards to protocols,

there's something that's called the TCP/IP suite of protocols.

This is the protocol suite in which modern networks operate on.

And we're going to talk about that later on in this section.

But to give you an example of a few of them.

So when you're browsing the Internet

on your web browser, you're utilizing the HTTP or the HTTPS protocol.

That's what allows you to browse the internet.

If you are using Outlook to send emails back and forth, you're using email based

protocols such as POP3, SMTP, and IMAP.

And if you're downloading a file from a website and it's not utilizing

HTTP or HTTPS, odds are it's utilizing FTP, which is a file transfer protocol.

So there are hundreds of different protocols.

These are just a few of them.

 Introduction to Cyber Security – Essential Concepts

And the whole purpose of this lecture was to take a little bit of a deeper dive

look at protocols before we take a look at TCP/IP later on in this section.

LANs vs WANs
In this video, we're going to talk about the difference between local area

networks, better known as LANs, and wide area networks, better known as WANs.

So what's the difference?

Well, first off, let's talk about local area networks.

So a local area network is going to be a small network.

It's going to be a computer network that's

going to be within a small geographical region, such as a single room or a single

building or maybe a small group of buildings.

And the hallmark feature of a local

network is that all the devices are going to be directly connected together.

And when we think about that, think about it as being a contained network.

So, for example, a small business,

let's say an accounting firm where they have 20 different computers.

That would be an example of a local area

network. Or your house where you have your Internet connection and a wireless
router

that connects to a network printer and your laptop and your smartphone

and your TV and everything else within your house.

Those are going to be examples of a local area network.

Now, the thing with the local area network

and the definition is that it's fairly broad.

It could be an entire floor in a building.

It could be several different floors

 Introduction to Cyber Security – Essential Concepts

in a building, or it could be the entire building itself.

But understand that when we talk about

a LAN, it's typically going to be a small connected network.

On the flip side, we have wide area networks,

and wide area networks are going to be very big networks.

They're going to be networks that are

going to extend over a very large geographical region.

So it could be, for example, an entire campus at a university where if

we think about each building as being a LAN and when the buildings are

connected together, that's going to be a wide area network.

That would be an example.

Or let's say that we have multiple different Internet service providers

across the city and they're all connected together.

That would be an example of a wide area network.

Or let's say that we work for a very large company, and that very large company
has

multiple different offices across the continental United States.

Well when we connect all them together,

that's going to be an example of a wide area network.

So if we take a look at this diagram and we assume each one of these are

different offices and each office is going to be a LAN and we connect them all

together, then that creates a wide area network.

Now, when we think about the largest wide

area network in the world, that's going to be the Internet.

Now, there are some other definitions

that are sub-types of wide area networks, such as campus area networks

and metropolitan area networks, but we're not going to talk about those.
 Introduction to Cyber Security – Essential Concepts

But if you hear that terminology,

just understand that those are specific types of wide area networks.

So why is it important to understand? Well in this course I may be referring to LANs

and WANs as I talk about different things as it relates to cyber security.

So I want to make sure that you understand

the difference between a local area network and a wide area network.

So if you have any questions, definitely let me know.

If not, thanks for watching and I'll see you at the next video.

Take care.

MAC vs IP Addresses
Alright, so in this video, we're going to continue

on our discussion talking about MAC addresses and IP addresses.

And let's start off by talking about MAC addresses.

So every single computer within the world has a network interface card.

The network interface card is what allows you to connect a device to a network.

It could be a wired network interface card

like we see on the screen, or it could be a wireless one that's

in a tablet or a laptop or a smartphone or an IoT device.

So understand that network interface cards

come in all forms of different form factors, and they can be used and they can

be designed either for a wired connection or a wireless connection.

And within that network interface card,

there's going to be a physical address that's physically burned onto that card

on its ROM chip, and that's going to be its address.

That's going to be the physical address

 Introduction to Cyber Security – Essential Concepts

of that network interface card on that computer or that network device.

And we call that its MAC address.

And so the MAC address then becomes

assigned to the device that's on that network.

And what the MAC address does is that it

allows internetwork communication via switches.

And we're going to talk about switches and routers in the next lecture.

So specifically, when we're talking about

MAC addresses and switches, we're talking about local area network
communication.

And don't worry if this doesn't make too much sense.

Once we take a look at switches

and routers, it's going to make much more sense.

Now let's talk about IP addresses.

Well, IP addresses are not physical

addresses that are burned onto the ROM chip on the network interface card.

An IP address is a logical address.

And what do I mean by a logical address?

Well, I mean that it's logically assigned

within the operating system on that device, and it can be assigned

by the person that owns the device, the IT administrator,

or via something that we call a DHCP server that automatically assigns out IP

addresses when devices connect to a network.

Now, here's the hallmark difference between MAC addresses and IP addresses.

IP addresses are designed to allow network

to network communication via routers, meaning wide area network communication.

So why is this important?

 Introduction to Cyber Security – Essential Concepts

Well, when we're communicating within

a local area network, we're using switches and we use MAC addresses.

But when we're communicating across a wide area network, let's say, for example,

the Internet, we're using IP addresses and we're using routers.

So in the world cyber security, this is really important to understand,

especially if you're planning to work in cyber security.

So let's go ahead and jump to the next

lecture, where we're going to take a look at switches and routers.

Switches vs Routers
Alright, so let's build on our discussion

of talking about MAC addresses and IP addresses.

And now let's talk about switches and routers and the differences between them.

So let's start off by talking about switches.

So what is a switch and what is its purpose?

Well, a switch connects devices together

within a local area network like we see depicted down here with this diagram.

We have a switch, and connected to that switch is a desktop

computer and a laptop and a network printer.

Well, what a switch

does, a switch memorizes the MAC address of each device that's going to be
directly

connected to it via something called its MAC address Table.

So, remember,

every single device on a network is going to have a network interface card,

and on that network interface card is going to be the MAC address that's

physically burned onto the ROM chip on that card.

 Introduction to Cyber Security – Essential Concepts

And so the way that the switch works is

that as these devices communicate back and forth, it's going to memorize their

MAC addresses in the communication process in its MAC address table.

So if the desktop computer wants to send

the Excel file over to the printer, well, it's going to go to the switch.

The switch is going to look in its MAC address table.

It's going to know that the MAC address

for the printer is assigned to this specific physical port with this cable

connected, and it's going to send it to the printer.

So that's what switches do.

Now let's talk about routers.

So routers are a bit different.

Routers are used to connect different networks together.

So we take a look at this diagram.

We have a router in the center, and we have a local area network over here

on the left with a switch into computers, and then another local area network over

here on the right with a switch into computers.

Routers connect LANs together.

So when we look at this diagram, this is a very simple wide area network.

Now, if we assume that these are two

different floors within the building and this is on the first floor,

and then this is on the second floor, we can say that this is the first floor

local area network, and this is the second floor local area network.

And then we have a router connecting those two floors together.

So what the router does is that it routes

traffic between these two networks using IP addresses.

 Introduction to Cyber Security – Essential Concepts

Routers do not use MAC addresses.

They don't forward MAC addresses.

They use IP addresses instead.

And more importantly, they use something called routing

protocols, which are intelligent decisions that allow them to find the best way

to get a packet of information from one network to another.

So let's assume that these networks were

across the country and there were hundreds of different routers between them.

Well, what the routers would do is when

they receive the packet,

they're going to use routing protocols to find the most efficient way to get

the packet onto the next step to get it to its destination.

So if we take a look at this diagram with an Excel file, it's going to go ahead

and it's going to go to the router because it's destined for the other network.

If we assume that this was three or four routers the router is going to use routing

protocols to forward it on and then once it gets to the last router that router is

going to go ahead and deliver it to the end device destination.

So that's the difference between switches and routers. And I just want to take

a minute before we move on to the next lecture to talk about networking

in general. If up to this point some of this stuff really just isn't clicking

100%, don't worry this is a crash course section on computer networking to teach

you the bare bones basics in a minimal amount of time.

If you really want to understand networking my recommendation is to take

a full blown networking course like mine here on Udemy.

A short course like this is going to teach

you the bare bones basics but if you plan on working cyber security, you definitely
 Introduction to Cyber Security – Essential Concepts

want to be very knowledgeable in computer networking.

But again the goal with this is to give you a high level understanding.

I don't expect you to become an expert

in what I'm teaching you in this section so don't worry about trying to become

an expert. Just take the high notes from what I'm teaching in these sections

and as we progress on in the course and I talk about threats and countermeasures

then hopefully it makes sense where this plays a role.

So if you have any questions regarding

switches and routers, definitely let me know.

If not thanks for watching and I'll see you in the next video.

Take care.

TCP/IP Protocol Suite

In this video, we're going to do a very gentle introduction into the TCP/IP

protocol suite, which is the Internet's protocol suite.

So let's start off by talking about it

and giving you a little bit it of historical context to it.

So the TCP/IP protocol suite, it was developed by the Department

of Defense here in the United States in the 1970s.

And what happened is that roughly around a decade later, it became the standard

for military network computing here in the United States.

And then a couple of years later, it began broad adoption.

So companies started adopting it. Companies such as IBM and AT&T and so forth.

So back in the 70s and 80s,

different companies were still developing and determining what protocols they
wanted

to use, specifically what protocol suites they wanted to use.

 Introduction to Cyber Security – Essential Concepts

And TCP/IP ended up becoming the market leader.

And now it's essentially the protocol suite in which the Internet uses.

So it's the most commonly used protocol suite in the world today.

And in regards to its design,

I'm not going to talk about all the different layers and their purpose,

because that's well beyond the scope of this course.

But what you need to understand is

that it's broken up into four different layers, and each layer serves a specific

purpose in networking in regards to the scope and the specific job of that layer.

But what I've done is I've listed off some

of the more popular and more important protocols that are within TCP/IP.

So at the application layer, we see a variety of different protocols.

A lot of protocols are going to live

at the application layer because that's where we interact with our computers,

with applications that interact with these protocols.

So for example, if we open up a web browser such as Chrome

or Firefox, then we're going to use protocols such as HTTP and HTTPS.

If we're going to open up Outlook,

we're going to use a protocol such as POP3.

There's a variety of different protocols within here.

These are just a few of them.

At the transport layer, there's TCP and UDP.

If you are going to end up working in cyber security, you're definitely going

to learn about the differences between these two and how important they are.

We see IP for IP addresses down here, and we also see ARP and ICMP,

which are two other very important protocols, but we're not going to talk
 Introduction to Cyber Security – Essential Concepts

about them because they're beyond the scope of this course.

And then there's ethernet down at the bottom, a very important protocol

related to both the logical aspect and the physical aspect of a network.

So when we're talking about computer networks, whether that be LANs or WANs,

and different devices connecting to computer networks all across the world,

just about everybody is going to be utilizing TCP/IP.

And so from cyber security perspective, these are different attack vectors.

So attack vectors are ways to get into systems and if there are versions

of protocols that are insecure, well, what you're going to find later on in this

course is that that can be a way for a hacker, a malicious user to get

into your network or your device. So that's the TCP/IP protocol suite.

If you have any questions, please let me know.

If not, thanks for watching and see the next video.

Take care.

How The Internet Works?

Alright,

so now let's talk about how the Internet works with a very simple example.

So this is going to be a simplified view of how the Internet works.

So let's say that we have a local area network where there are are two desktop

computers that are connected to a switch which is connected to a router.

And that router is then connected to your

Internet service provider, their specific connection.

And let's assume that we're in the continental United States, in California.

And what we want to do is we want to communicate with a web server all

the way down over here across the continental United States.
 Introduction to Cyber Security – Essential Concepts

So I am on my desktop computer,

I open up a web browser and I type in the address of that website.

So I'm sending over an HTTP request to that web server across the Internet.

Well, how does this work?

Well, it's going to go ahead and it's

going to go to my router because it's not destined for this other computer.

The router is going to go ahead and use a routing protocol and send it over to our

Internet service provider, who's going to have routers within their network.

And their routers are going to use routing protocols to determine where to send it

and they're going to send it on to another router.

And typically it's going to take multiple different router hops.

And so what you're going to see is

that it's going to go from one router to another until it reaches its final

destination all the way across the United States.

And then the web server is going to receive it and then it's going to go

ahead and process that request and it's going to send it back to this device.

But here's the thing.

It may take the same route, it may take a different one.

The thing with routing protocols is that it's going to be based upon the best

route at that millisecond in which it's sending it back.

And as we can imagine, there are millions of different packets

traversing the Internet throughout the day.

So what might have been a good route when I sent the packet to the web server
may

not be the most efficient route going back towards us.

And if you ever wanted to take a look

at the actual router hops, when you're looking to communicate

 Introduction to Cyber Security – Essential Concepts

with the website, you can pull up a simple command.

So this is the Windows version.

This is called trace route.

And what I'm doing here is I'm running a trace route to my website.

This is my poker school website that I run,

microgrinder.com and I'm running a trace route to see what hops my packet is
taking

to reach my website, which is hosted on A2 hosting.

So what you're going to notice is

that there is a total of eleven different hops starting with my router and then

going multiple different hops until we reach the final destination down

here at A2 hosting, you're going to notice that it's going

to say Detroit, Sacramento, Davis a variety of different areas

until it reaches the final destination and when this is occurring,

when it's going from router to router, it's utilizing more than just HTTP. It's

utilizing a variety of different protocols within the TCP/IP protocol suite.

So it's using things such as DNS and TCP and UDP and IP and Ethernet.

It's using a variety of different protocols to allow us to get to the web

server with this communication and to allow the web server to respond

back to us to deliver us that web page that we're requesting.

So that's how the Internet works

in a nutshell from a very simplistic perspective. Hopefully you found this

beneficial and if you have any questions, definitely let me know.

But if not, I'll see you at the next video.

Take care.
 Introduction to Cyber Security – Essential Concepts

Section 3 – Malware Threats

Viruses & Worms

Alright, so the first type of malware that we're

going to take a look at is viruses and worms.

So let's start off by talking about viruses, because viruses are the most

well-known type of malicious code that there is. And if we think about anti

malware software, it started off being called anti-virus

software because when we think about malware, we typically think about viruses

because historically, they were the most common type.

But now in 2022 and beyond,

there is a variety of other different types of malware as well.

So with a virus, it's typically going to be executed when

an application is executed, and there's a variety of different types

of viruses, which is beyond the scope of this course.

But, for example, one of them is going to be a macro-based virus.

If there is an Excel file that has a virus

embedded in it within its macro file, when you open up that Excel file,

let's say it's emailed to you and you open it up and you enable that macro.

Well, guess what?

You've just installed and activated that macro-based virus.

So it needs some sort of an activation trigger to occur.

For example, like I just said, with a macro within Microsoft Excel.

And once that activation trigger has

occurred, it's going to be able to deliver its objective, which is usually malicious.

So it could install spyware.

 Introduction to Cyber Security – Essential Concepts

It could be used to steal sensitive data.

It could be designed to simply corrupt your operating system and your computer.

And historically,

when we think about viruses, the easiest way to get people to open up

and to activate it is with email, either via a link where they click

on a link and it downloads a file which activates it,

or if there's a file attached directly to that email, such as an Excel file or

something else that has a virus embedded in it.

So that's viruses.

Let's now take a look at worms.

So what makes worms different from viruses is that with the virus,

for it to replicate itself throughout a network, it's going to require that end

user to accidentally or unknowingly send it to other people where they do

something, such as open up a file or an attachment in an email to trigger it.

Here's the thing with a worm.

Once the worm gets into your network,

let's say that we had a virus and the virus included a worm.

So we got a virus.

It was attached to our email, we opened that up and it installed a worm.

Well, once that worm is in our network, it's not going to require any further

assistance from either an application or an end user.

And what will happen is that it can replicate on its own hundreds of times or

thousands of times to other systems on the network.

And as that happens, it's going to consume network bandwidth on the network.

And as it continues to replicate, the network performance is typically going

to slow to a crawl, it's going to cause all sorts of network issues.

 Introduction to Cyber Security – Essential Concepts

So the main issue with the worm is that it's autonomous,

it doesn't require any further assistance once it's on the network.

So a worm, once it's on your network, it's going to replicate on its own.

And that's what differs from a virus and a worm.

A virus may carry a worm.

A worm may be introduced with social

engineering such as giving somebody a USB drive that's infected with it,

but once it's in the network, it's going to replicate on its own.

So that viruses and worms in the next

video, we're going to talk about trojan horses and logic bombs.

Trojan Horses & Logic Bombs

Alright,

so in this video we're going to talk about trojan horses and logic bombs.

So let's start off by talking about trojan horses.

And before I talk about all the details

regarding specifically what it is, I want to give you little bit

of historical context regarding trojan horses.

So the term trojan horse goes back to the times of the greeks.

And it's when the greeks were invading and fighting the city of Troy.

Well, they couldn't break through the city of Troy's defenses.

So what they did is they created this gigantic hollow wooden statue of a horse.

And they went ahead and they delivered it to Troy as a peace offering.

However, their goal was to deceive Troy.

Inside that wooden horse was a bunch of soldiers.

So what happened is the city of Troy

 Introduction to Cyber Security – Essential Concepts

brought the statue in and in the middle of the night, the soldiers that were

hidden within the big wooden horse, they got out and they attacked from within.

And so in regards to a trojan horse, from the perspective of malware,

it's software that looks like it's desirable on the outside,

but on the inside it's going to have hidden malicious code.

And a very good example of this would be if you go out onto the Internet,

let's say that you go to Google and you type in free antivirus software or free

computer cleanup software and you go to a site that doesn't really look

that legit, but they're offering free software.

So you download it and you install it.

And when you install it,

it looks like free antivirus software or free computer cleanup software.

However, they've installed malware on your system as well, such as spyware.

That's an example of a trojan horse.

Now, another type of malware is something that's called a logic bomb.

And a logic bomb is when we have a malicious user,

that's a hacker or a programmer, and they're embedding some code within

an application that's going to tell it to execute in regards to a specific event.

And the event could be anything.

It could be on a specific date.

It could be when an end user does a specific thing within that application.

It could be essentially any condition that the programmer wants.

Let's say that we have a disgruntled employee and they're a database

administrator and they're leaving the company.

However, they want to do something devious before they leave.

So let's say that there's a weekly script that runs on Friday.

 Introduction to Cyber Security – Essential Concepts

Well, this disgruntled user,

they modify that script to tell it to delete a specific database table.

And so the next time that somebody comes in after they leave and they run

that script, it's going to go ahead and delete that database table.

That's an example of a logic bomb.

So that's trojan horses and logic bombs.

If you have any questions, please let me know.

If not, thanks for watching.

And I'll the next video. Take care.

Spyware & Adware

In this video, we're going to talk about spyware and adware.

So let's start off by talking about spyware, because in the last video,

I talked about trojan horses and how a trojan horse is a very common way

to have spyware added on and installed on onto your system without your
knowledge.

So spyware is malware that's added onto your system where it's installed without

your awareness or consent, for example, with a trojan horse.

And the thing with spyware is that it's going to quietly run in the background.

So, for example,

let's go back to our example of a trojan horse, where it's a software cleanup tool

and you're running that on, let's say a weekly basis.

And you installed it a month ago.

Well, the thing is, because it's a trojan horse, you also installed spyware.

And so the malicious user that created that trojan horse with that spyware,

they could be doing a variety of different things.

So they could be monitoring your keystrokes.

 Introduction to Cyber Security – Essential Concepts

It could be a keylogger.

They could be taking screenshots of your computer.

They could be trying to capture your authentication credentials.

They could be looking to capture your

personally identifiable information, to steal your identity.

We call that PII information.

And they could be collecting and monitoring your web form data.

And so these are just a few examples.

But in regards to spyware, they could be doing a variety of different things.

And so that's why it's so important that when you go out to the Internet

that you're vigilant about what software you download and install on your computer

because, well, you could be installing a trojan horse with spyware.

So that's what spyware is.

Now let's talk about the annoying adware.

So adware is annoying software.

It's software that's designed to show you

advertisements and to collect marketing data on you.

And just like spyware,

you typically won't know that it's installed and running on your computer

until you start getting those annoying adware

pop ups. So if you've ever gone out to a website

and all of a sudden you're getting all these pop ups that's going to be adware,

adware could also be installed with a trojan horse as well.

So just like spyware, they may choose to install adware as well,

where they're spying on you and collecting marketing data on you.

And they're also sending advertisements to you.

 Introduction to Cyber Security – Essential Concepts

So that's spyware and adware.

In the next video, we're going to talk about ransomware and root kits.

Ransomware & Rootkits

In this video, we're going to talk about

ransomware and rootkits, and we're going to start by talking about ransomware.

So what is ransomware?

Well, ransomware is malware that prevents

a user from accessing their entire system or specific files on that system.

And to get access back to them,

the malicious user is going to be demanding a ransom payment.

So the way that ransomware works is

that the malware encrypts your hard drive, either all of it or a portion of it.

And to be able to decrypt it to get access

to your files, they're going to demand a ransom payment.

And we're going to talk about how

encryption and decryption works later on in the course,

so I'm not going to get into the specifics right now. But I do want to talk about

a specific case study, which is the Wanna Cry ransomware attack of 2017.

And this specific ransomware attack,

it infected close to a quarter of a million computers worldwide.

And for each single computer that was

encrypted with this ransomware, they were demanding a Bitcoin payment of $300.

And the global disruption cost of this

ransomware attack was estimated to be upwards of $4 billion

because not only are we paying for the ransomware ransom,

 Introduction to Cyber Security – Essential Concepts

but also think about the organizational, the governmental and the business

disruptions that occurred because of this ransomware attack.

Once the computer is infected, you can't do anything.

You don't have access to the system or the files.

And to get access, you have to pay for this or you have

to take the system offline and you have to go through the entire process of going

through your backups and getting it up and running and remediating this issue.

So this was a very big ransomware attack globally.

And if you're interested in learning more

about it, I highly recommend doing a little bit of research on your own.

And this is important because in 2021,

as we already covered in the course, ransomware attacks are up 350%.

And not too long ago,

the company Acer that builds computers, they were hit with a $50 million

ransomware attack by the REvil hacker group.

So from a cybersecurity perspective,

ransomware attacks are definitely a type of malware that we have to make sure

that we're watching and monitoring because they're becoming more and more
prevalent.

So that's ransomware attacks.

Now let's talk about rootkits.

So what is a rootkit? Well, a rootkit

is a type of malware that's designed to escalate privileges, where the malware

gets access to the system and via known vulnerabilities,

they look to exploit those vulnerabilities to escalate their privileges up

from a standard user up to a root account, which is our administrator account.

And what a rootkit does is that it modifies core system files.

 Introduction to Cyber Security – Essential Concepts

And what happens is that typically it's going to be invisible to the operating

system, so it allows them to persist without detection for a very long time.

And they're very hard to not only detect but also to remove. And a good example

would be a government spying on another government,

so our state sponsored hackers. Corporate

espionage is another example, and also just black hat hackers looking to hack

into a company's network to steal their customer data.

So that's ransomware attacks and rootkits.

If you have any questions, please let me know.

And also regarding encryption,

remember we're going to talk about that later in the course.

So if you don't understand how encryption

works, don't worry, we're going to cover it later in the course.

So thanks for watching and I'll see you in the next video.

Take care.

How Hackers Deploy Malware?

Alright, so we're going to conclude this section

by talking about some common ways in which hackers deploy malware.

So we covered some of this stuff already,

and some of these we're going to talk about them a bit more later in the course.

But I want to take a few minutes to talk about some of the more common ways

in which hackers are deploying malware onto systems.

So the first one is phishing emails.

And we're going to take a deep dive look

at phishing-based attacks later on in the course.

 Introduction to Cyber Security – Essential Concepts

But just from a very high level perspective, phishing emails are emails

that are designed to trick people into reading them and opening them

and potentially opening attachments or clicking on links that installs malware or

takes them to a site where they provide their personally identifiable information.

So phishing emails,

and not only emails,

but now we have text-based phishing, and we have phone-based phishing.

They've gotten more elaborate.

And we're going to talk about that later on in the course.

There's also something called drive by downloads.

So this is when you visit a website that's been infected with malware,

and when you visit that website, it's going to download and install

that malware onto your system without your knowledge.

There's also removable media.

And so when we're talking about removable

media, we're really honing in and focusing in on USB drives.

This is a social engineering tactic.

And we'll talk about social engineering later on in the course.

But it's a social engineering tactic where a hacker, a malicious user,

maybe a state sponsored hacker or a corporate espionage hacker is going

to hand out USB drives that are infected with malware.

And when the person that they give them

to, once they plug them into their system, it's going to install malware.

So that's removable media.

And there's also trojan horses,

which is something that we talked about in great depth in this section.

 Introduction to Cyber Security – Essential Concepts

But this is also a very common way

for malicious users to install malware onto systems.

And then lastly, there's something that's

called the remote desktop protocol, better known as RDP.

And in regards to RDP, this is a Windows protocol that's on Windows systems.

And the way that it's designed is

that it's designed to allow remote users to remotely connect to a system.

And it's something that I worked

with a lot when I worked at a university and graduate students wanted to be able

to access their campus computer from their home.

Well, the thing is, this is a great tool,

but when it's improperly configured, guess what?

Hackers can use it to gain access to that system and install malware.

So these are some of the more common ways

in which hackers can deploy malicious code.

But this is by no means a fully comprehensive list.

This is just an example of some of the more common ways.

So that's going to go ahead and conclude this lecture. If you have any questions,

please let me know.

If not, thanks for watching and I'll see the next video.

Take care.

Section 4 - Additional Threats & Vulnerabilities

 Introduction to Cyber Security – Essential Concepts

Zero Day Attacks

In this video, we're going to talk about zero day attacks and bug bounty programs.

So what is a zero day attack?

Well, a zero day attack is a cyber attack against a software flaw that's currently

unknown to the software manufacturer factor, which means,

well, there's currently no patches or hot fixes for that flaw.

So if we have a black hat hacker that identifies a vulnerability

that the software manufacturer didn't catch before they released the software,

and they leveraged that to create an exploit to exploit that vulnerability,

well, that's called a zero day attack because

it often occurs on the same day that that weakness is discovered and it's

exploited before a fix can be developed by the software developer.

Now how do software companies, how do software developers get around this
issue?

How do they mitigate this issue?

Well, they create what are called bug bounty programs.

And if we think about a software

vulnerability, a software flaw, if we think about that as a bug,

well, this is a bug bounty program where they're paying white hat hackers to search

for issues within their software and to submit that to them for either

financial compensation or recognition or a combination of both.

When they do that, they create a market for good hackers

to go out and look for issues within their software after they release it and report

it to them so they can create patches and fixes.

And here's an example of a bug bounty program specifically for AT&T.

And I read on the website that the bug

 Introduction to Cyber Security – Essential Concepts

bounty program pays anywhere from $50 all the way up into the thousands of
dollars

depending upon the vulnerability that you identify.

And the goal with bug bounty programs like

AT&T's bug bounty program is that we hope that the white hat hackers that are

part of this program, that they identify the software flaws

and the vulnerabilities before black hat hackers do.

Companies understand that they're not going to find every single issue when they

release software and they know that there are going to be inherent vulnerabilities,

so the hope is that white hat hackers that participate in these programs

identify those issues, submit them to the company before black hat hackers can.

So that's zero day attacks and bug bounty programs.

If you have any questions, please let me know.

If not, I'll see you at the next lecture. Take care.

Buffer Overflows
Alright,

so in this video we're going to talk about buffer overflows.

So what is a buffer overflow?

Well, a buffer overflow is a programming

error that can potentially be leveraged to introduce malicious code.

So it's nothing more than a programming flaw that is a potential vulnerability.

And so to understand buffer overflows, we need to understand how programs work.

So let's say that we have a web based application with a web form and this web

based application is set up for a user to submit their email address so they can

add that to their email marketing list within their database.

So the way that it works is when the user

 Introduction to Cyber Security – Essential Concepts

goes to the web form is they'll go ahead and they'll input their email address.

And what happens is that the program is going to have what we call a buffer.

This is a fixed length block of memory

that's going to be allocated for the program to store this information

in memory as it's adding it to the database.

And so if we have the user type in what it's expecting,

which is the email address, then everything is going to be okay.

Now, a buffer overflow is a bit different. With a buffer overflow,

this is when additional information is

going to be written to adjacent memory locations.

So what we see on the diagram is that we

have the program's memory buffer and then we have the adjacent memory
location.

Well, what can happen is that we can have

a black hat hacker that goes to that web application.

They go to that form and rather than typing in the email address,

they'll type in some malicious code and they'll see if the application takes it.

This could potentially crash the application.

It could potentially tell the application to output information,

it could tell the application to do a variety of different things.

And so here's an example.

Let's say that we have a malicious user

and they type in some malicious web form input.

And specifically this is a SQL statement.

We'll talk about SQL injections later

on the course, but this is a form of a SQL injection.

In this field, we're typing in drop users where 1 = 1.

 Introduction to Cyber Security – Essential Concepts

And what we're telling the system to do is

to drop the users table, in other words, to delete the users table.

And with this statement, one is always going to be equal to one.

So it's going to be a true statement.

And so if this application and the back end database server isn't properly locked

down from an IT security perspective, well then we could potentially tell

the system to drop that table from the database.

And if that's the case, we might be successful as a black hat

hacker and we might potentially delete that table from that database.

So that's an example of a buffer overflow.

But like I said, it could potentially do a variety of different things.

It could crash the system,

it could introduce malware into the system, we could do a SQL injection.

There's a variety of different things

that can occur. Now in regards to protections against buffer overflows,

number one, there's something that's called data input validation.

That's where on that web form or whatever form it is for the application

that you as a programmer, you make sure that that data is validated,

that you're only getting the data that you expect.

So if it's an email address, well,

you're only getting data that's formatted as an email address.

Windows as well also has run-time protections built into it and also this

goes all the way back to secure development practices.

So when this application is being

developed that they're following secure development practices and they're testing

it while it's being developed before it's released.

 Introduction to Cyber Security – Essential Concepts

So that's buffer overflows.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.
Protocol Spoofing (ARP & DNS Spoofing)
Alright,

so in this video we're going to talk about protocol spoofing.

And protocol spoofing is the misuse of a network protocol to initiate some

sort of a cyber attack, either on a system or network.

And to help you to understand this

concept, we're going to take a look at two common spoofing attacks.

We're going to take a look at ARP spoofing and DNS spoofing.

But before we take a look at those, I want you to understand that when we

think about our TCP/IP protocol suite and all the protocols in there, well,

if they have vulnerabilities, they could potentially be spoofed as well.

So this should give you an idea of what

a hacker may be capable of doing by just looking at these two examples.

So let's take a look at ARP spoofing.

And this is also commonly called ARP poisoning in the IT world.

So let's first off, talk about what ARP is.

ARP is the address resolution protocol

and it's designed to resolve IP addresses to MAC addresses.

So if you know the IP address of a device,

but you need to know the MAC address for LAN communication with the switch,

you can send out an ARP request and get that MAC address back.

What ARP spoofing does is that it's going

to modify a network's ARP cache to take over a victim's MAC address.

 Introduction to Cyber Security – Essential Concepts

So let's take a look at an example.

So what's going to happen with this example is that we have a user and they're

connected to a switch which is connected to a file server, and they're going to go

ahead and reach out to the network and ask for the file server's MAC address.

The file server is going to respond and say, my MAC address is BBB.

Now, of course, this is not its real MAC address.

MAC addresses are much longer.

But for this video, this is just a simplification of a MAC address.

And so what's going to happen is this person over here is going to go ahead

and it's going to write in the MAC address of the file server into what's called

their ARP cache, and then they can communicate with the file server.

Now, let's switch this around and let's

look at it from the perspective of ARP spoofing.

So we have a hacker and a hacker gets

access to the network and this person sends out that request again.

But however, the hacker is going to go

ahead and impersonate the server and say, hey, my MAC address is FFF.

And what's going to happen is the user

will go ahead and write that into their ARP cache table on their computer,

and then they think that they'll be communicating with a file server,

but in fact they're communicating with the hacker.

So this allows the attacker to receive the data instead.

So in this example, the victim is twofold,

the end user is a victim as well as a file server.

We have the hacker sitting in here acting as a file server.

And if the hacker wanted to, the hacker could sit here as what's called
 Introduction to Cyber Security – Essential Concepts

a man in the middle and forward on the request to the file server.

So the file server sends back requests to them and they get to see all

the traffic between the end user and the file server.

So that's oARP spoofing, better known as ARP poisoning.

Let's now go ahead and let's take a look

at our second example, which is going to be DNS spoofing.

So let's start off by talking about what DNS is.

So DNS is the domain name service

protocol, and it's utilized to translate domain names into IP addresses.

So, for example, Google.com into its associated IP address.

And it's really important because whenever

we go out to the internet, we type in domain names.

We as humans, we don't memorize and we don't use IP addresses.

If I need to go to a website such

as Yahoo.com or Udemy.com, I'm going to type in that domain name.

However, that doesn't mean

that the computer that I'm on knows the IP address of the web server.

And so we utilize DNS to translate that domain name into an IP address,

because if we think about the actual packets of data and the routers

that the packets are traversing, they utilize IP addresses.

So let's talk about what DNS spoofing is.

So DNS spoofing is when an attacker alters DNS records on a DNS server to redirect

traffic to a fraudulent website,

where further attacks can potentially occur.

So let's go ahead and let's take a look at an example.

We have an end user, there's a DNS server,

 Introduction to Cyber Security – Essential Concepts

and then there's the real web server that they want to communicate with.

Let's say that this person wants to go to my poker school website,

MicroGrinder.com. They send an HTTP request to MicroGrinder.com,

and it's going to go to the DNS server first, because the computer doesn't know

the IP address of the server and the DNS server is going to provide them the IP

address and the request is going to go ahead and go to the real website.

So everything is good here in this example.

Now, let's introduce a black hat hacker into the scenario, and let's say that this

black hat hacker has hacked into the DNS server, and what this black hat hacker
can

do once they hack into this DNS server is they can inject fake DNS entries.

So with DNS servers and DNS in general, DNS servers and the protocol,

they have a variety of different record types, and the primary one is going

to translate a domain name into an IP address.

Well, what this hacker can do is they can

inject a fake DNS entry to route traffic to their fake web server.

So in this example, let's say that this hacker is modifying

and injecting a fake DNS entry for MicroGrinder.com.

So what will happen now is that this end user is going to send the request

and the DNS server is going to give them the IP address of the fake web server.

The fraudulent web server.

And so they think they're communicating with the real website but in fact they've

been sent to the fake website which could be a website where further attacks can
occur.

So that's DNS spoofing and that's going to conclude our two examples of protocol

spoofing where we talked about ARP spoofing and DNS spoofing.

Hopefully you found this insightful and just by looking at these two examples,
 Introduction to Cyber Security – Essential Concepts

you get an idea of how all the different protocols out there on the internet could

potentially be misused by black hat hackers.

So that's going to go ahead and conclude this lecture.

If you have any questions, please let me know.

If not, thanks for watching.

I'll see the next video. Take care.

DoS & DDoS Attacks

In this video, we're going to talk about denial of service and distributed denial

of service attacks, better known as DoS and DDoS attacks.

So let's start off by talking about denial of service attacks.

So what is a DoS attack?

Well, a DoS attack is when we have a black

hat hacker that's going to attempt to make a server or a network device unavailable

by flooding it with a bunch of network requests.

And this can be used with a variety of different attacks.

One of them is called the Ping of Death,

where they're sending a lot of Ping requests to that server or to that device

to the point where they're flooding it with so many requests that it's going

to be overwhelmed and it can't respond to any other requests.

So here's a depiction of that.

Let's say that we have a hacker and we

have a web server, and they're going to go ahead and they're going to start flooding

that server with a bunch of fraudulent requests, such as a Ping of Death.

And over time, the server is just going

to be overwhelmed to the point where it simply just can't respond to requests,

 Introduction to Cyber Security – Essential Concepts

and they're essentially just taking it offline.

And that's why it's called a denial

of service attack, because they're trying to deny service to legitimate users.

Now, in addition to a DoS attack,

there's also something called a distributed DoS attack.

And so what is that?

Well, it's nothing more than a denial of service attack where it's going to be

launched from a large number of machines, not a single machine.

And if we think about it visually,

think about 100 machines or 1,000 machines all sending a Ping of Death to this
Web

server at once, it's going to be a lot more effective at taking it offline

because it's going to be overwhelmed a lot quicker.

Now in regards to DoS attacks

and distributed DoS attacks, what you need to understand

with distributed DoS attacks is that these malicious machines, they may be black
hat

hackers, or it actually could be potentially you.

So what will happen with hackers is

that they'll often install malware on unsuspecting users' computers,

and that computer becomes what is called part of a botnet.

And when they want to launch a distributed

DoS attack on a specific server, they're going to go ahead and activate all

of those unsuspecting users' computers and have them launch attacks on that
server.

So sometimes it's going to be a group

of black hat hackers or potentially hacktivists or state sponsored hackers

that are doing it, or it could be potentially your computer

 Introduction to Cyber Security – Essential Concepts

where you don't even know that it's part of this botnet.

So that's DoS and distributed DoS attacks.

If you have any questions, please let me know.

If not, thanks for watching, and I'll see you the next video.

Take care.
Weak Encryption & Software Vulnerabilities Attacks
In this video, we're going to talk about

encryption and software vulnerability attacks.

And so let's start off by talking about encryption and encryption vulnerabilities.

So if we think about encryption,

there are constantly going to be be hackers out there trying to crack

encryption algorithms, and also there's going to be academic

research groups that are looking to crack them as well.

And over time, as computers get faster

and faster, algorithms potentially are no longer going to be secure.

And sometimes they're cracked.

And once they're cracked,

they're considered to be depreciated and compromised.

And when that happens, we should no longer be using them.

So a very good example is WEP, this is

a wireless encryption standard, and it's one of the first ones that was used.

It was created and implemented in 1995,

but in 2004, it was cracked and considered compromised and therefore

depreciated.

And then we moved on to newer encryption standards for our wireless technology.

Specifically, just giving you some historical context.

The WEP encryption algorithm,

 Introduction to Cyber Security – Essential Concepts

it utilized something called a 24 bit RC4 initialization vector.

And the issue with this is that we sent it

in clear text, which is not something that we want.

We want something to be sent encrypted.

So because the IV,

the initialization vector was sent in clear text, that made WEP susceptible

to passive networking, eavesdropping, and replay attacks.

And right now, in 2022, you can crack it in a matter of minutes.

So if you see WEP as an option for any

of your wireless devices, definitely don't use it.

So now let's talk about software vulnerability attacks.

And so here's the thing with software.

When anybody writes software, whether it be an operating system or be

a specific application, it's almost impossible to catch every

little bug in that software and every potential vulnerability.

So that's why we have patches and hot fixes and bug bounty programs.

The whole purpose of all this is that when we identify a bug or vulnerability is

that we make the software manufacturer aware, and they fix that.

And so here is a very good example of a very well known Windows exploit.

So there was something called the EternalBlue

exploit, and it was rumored that this was developed by the NSA, and, in fact,

this was responsible for the WannaCry ransomware outbreak.

So what this did, the EternalBlue exploit,

is that it leveraged a Windows server block message vulnerability.

So server block message is typically just called SMB.

So it leveraged a Windows SMB vulnerability.

 Introduction to Cyber Security – Essential Concepts

And what SMB does is that it allows systems on a network to share access

to files and printers and other resources on the network.

And so this allowed malicious users to send maliciously crafted packets

and execute commands on target systems by leveraging an exploit in SMB.

And if you remember, I stated that the WannaCry ransomware

attack, that infected almost close to a quarter of million computers.

So that encryption vulnerability

and software vulnerability attacks. If you have any questions, please let me know.

If not, thanks for watching.

And I'll see the next video. Take care.

Web-Based Attacks
In this video, we're going to talk about

web based attacks, and we're going to talk about two specific ones in this lecture.

And the first one that we're going to talk about our SQL injection attacks.

Now, this is something that we already talked about earlier on in the course,

but I would wanted to make sure that we talked about it again in this lecture.

So you have a better understanding of it.

Now, before we talk about the nuances and the details regarding it,

I want to take a step back and talk about web applications.

So when somebody creates a web application, whether it be in WordPress or

PHP or some other programming language, that's going to reside on the web server.

However, more often than not,

a lot of the data is not going to be stored on the web server.

It's going to be stored on a separate database server.

And so when the web server and the database server want
 Introduction to Cyber Security – Essential Concepts

to communicate, they use a specific language, which is called SQL.

And so what we'll do when we create these

web applications is we'll create SQL statements to communicate

with the database server, and we can do a variety of different things.

We can retrieve information

from the database server to have it displayed on the website.

We can update information on the database server.

Let's say, for example, we want to update our user account or our password.

We can create new entries and tables on the database server.

We can delete entries within tables on the database server.

We can create tables themselves within

the database server and also drop tables within the database server.

So we can do a variety of different things.

And that's where SQL injection attacks come into play.

This is where you have a malicious user, a black hat hacker,

where they're going to try to use SQL statements to their advantage.

So what they'll do is they'll go

to the website and they'll try to input malicious SQL statements to get

the database to do something that they wanted to do that it shouldn't be doing.

And this would occur if both the web server and the web application,

as well as the database server aren't locked down properly.

So let's go through an example.

So let's say that we have a hacker and they're connecting to a website

and they're going to a specific form in the website.

And let's say that this form is designed

to input a user's contact information, their name, their address, and so forth.
 Introduction to Cyber Security – Essential Concepts

And let's say that they didn't program in data validation input into those fields.

So this hacker can input whatever they want and submit it to the web server.

And so let's say, for example, that this hacker,

rather than typing in their address, they input this statement instead.

This is a SQL statement where they're

asking it to output everything from the users table.

So specifically, what this states is select *

from users where 1 = 1 and when we say select * we're essentially

saying select everything from that table within the database from the users table

when this condition is true and this is always going to be a true condition

because one is always going to be equal to one and so if the web app isn't locked

down, if they're not performing input validation, if the web server isn't locked

down and if the database server isn't locked down, well,

what may happen is that all of the user records within that table within

that database may be returned to the user on their web browser screen.

So that's how SQL injection works.

So let's now take a look at cross-site scripting.

So what is cross-site scripting?

Well, cross-site scripting is when we have a black hat hacker hack into a website,

specifically the web server in which that website resides and what

they're going to do is they're going to embed malicious code into that website.

It could be JavaScript or something else.

They're going to embed that malicious code into the website's code and it's going

to be designed to be executed when a normal user visits the site.

So if we have a normal user and they

connect to the website, when they connect to the website,

 Introduction to Cyber Security – Essential Concepts

that malicious code that the hacker embedded into it,

that's going to be activated and the hacker can set that up to do

a variety of different things such as sending them directly the user sensitive

content, potentially also their session cookie information and other information.

So as a user connects their personal

information, whatever the hacker wants is going to be sent to them.

So that's cross-site scripting and that's two examples of web based attacks.

If you have any questions please let me know.

If not, thanks for watching and I'll see you the next video.

Take care.

Evil Twin & Rogue Access Points (RAPs)

Alright, so in this video,

we're going to talk about evil twin and rogue access points,

and we're going to start off by talking about the evil twin access point.

So what is an evil twin access point?

Well, an evil twin access point is going

to be a malicious wireless access point that's going to advertise the same SSID as

a legitimate wireless access point, with the goal of tricking people

to connect to it rather than the legitimate real wireless access point.

And when people connect to this rogue

access point, the hacker can listen in on network traffic.

And these are going to be common in places like coffee shops and airports,

because it's very common for airports and coffee shops to advertise free wireless.

And so people are going to go to the airport or go to a coffee shop.

And let's say, for example,

 Introduction to Cyber Security – Essential Concepts

the coffee shop is called Al's Coffee and the SSID is called Al's Coffee WiFi.

If there's two different ones listed on there or at the airport,

if there are two different ones listed on there with the same ID,

people are simply just going to connect to one of them without thinking about it.

And if it's an evil twin rogue access

point, it's an access point that a hackers brought into that coffee shop or

that airport, and they're essentially listing in on all of your traffic.

They can set it up so you can still access the Internet, but everything filters

through their wireless access point rather than the legitimate one.

So that's the evil twin access point.

Now let's talk about the rogue access

point because this is going to be a bit different.

The evil twin access point,

the whole purpose of that is for a black

hat hacker to listen in on your network conversation to get you to connect

to their wireless access point rather than a legitimate one.

But with a rogue access point,

this is simply when there's a wireless access point that's installed on a secured

and private network without any formal authorization from the IT staff.

And the issue with the rogue access point is that it can pose a network security

concern, and it can also cause network issues.

And I have a good example.

So when I used to work at a University, I worked in one of the departments,

and within that department, there's going to be a lot of people

on the academic side of the house and people on the academic side

of the house, they get a lot of their funding from state and federal grants.
 Introduction to Cyber Security – Essential Concepts

So they set up their own research

laboratories that are connected to the campus network.

However, they tend to purchase their own

IT equipment, and we would set it up for them.

Well, what happened in one of these labs is that we had a professor,

and within his lab, he didn't have WiFi. So he wanted WiFi,

so he purchased a wireless router from a store and plugged it directly

into the network and when that happened it caused the network to have issues.

All of a sudden all the devices within his research lab, they couldn't connect

to the campus network anymore so I went in I did a little bit of investigating. I

saw this rogue access point and I unplugged it and everything was fine.

And the reason that this occurred is that this professor didn't understand

that what he plugged in is what we call a SPHO device which is a small office home

office device which includes a router, a firewall, a DHCP server,

a switch and a wireless access point and he didn't understand that when he

plugged it in he was enabling all that and essentially it created DHCP

issues on our network. And so that's the issue with a rogue access point, but if

he had just installed a wireless access point that wasn't a SOHO device and we

didn't know about it and he set it up so he and his graduate students could access

the campus networks from WiFi and let's say that he set it up without a passcode

well, that would be a network security concern for the campus and for us and we

wouldn't know about it unless we went around and we audited the different

research labs. So that's the risk of a rogue access access point and that's

going to go ahead and conclude this lecture.

If you have any questions please let me know.

If not thanks for watching and I'll see you the next video.
 Introduction to Cyber Security – Essential Concepts

Take care.

Section 5 – Social Engineering & Email Based Threats

Social Engineering Attacks

In this video, we're going to talk about social engineering attacks.

And social engineering is going to be the non technical aspect of cyber crime.

So when people tend to think about cyber

security and black hat hackers and malicious users and cyber crimes,

they tend to gravitate towards the technical aspects.

But here's the thing.

Social engineering is a huge aspect

of cyber crime, and it's probably one of the hardest ones to protect ourselves

against because it's the psychological aspect, and specifically the psychological

manipulation aspect of cyber crime, where people are doing things such as

conning people and deceiving people and impersonating other people.

And when people do that,

it's hard to train and educate people to be on the lookout for this.

So social engineering is all about conning people and deceiving people.

And many times when social engineering is

going on, somebody is impersonating somebody else.

An attacker is masquerading as somebody else, such as an IT repair technician,

maybe your credit card company, maybe the tax bureau, maybe even the police.

And when somebody impersonates somebody else's authority, people tend to

comply.

Now, one of the main ways in which social

engineering occurs is via something called phishing.

 Introduction to Cyber Security – Essential Concepts

And when we talk about phishing, historically, we would talk about phishing

emails because that's a primary mode of phishing.

But phishing is all about trying to get information from somebody.

What I've seen lately in 2021 and 2022,

is that phishing has now gone well beyond phishing emails.

We now get phishing based text, and we get phishing based calls as well.

And so when you're getting a text or a call or an email,

they're going to try to trick you into providing sensitive information.

They're going to do it by a variety of means.

And we'll take a look at some examples in this section.

Now, another way in which social

engineering can occur is via something called piggybacking.

This is where you have somebody that's

trying to get physical access into a secure area.

So let's say, for example, that I am an ethical hacker and I'm doing

a full blown security assessment for a company, and I want to get access

into their server room, but I don't have access to it.

So I'll dress up like I'm an employee there, and I'll stand outside of that door

and I'll wait for somebody to come to that door and I'll act like I'm a new

employee, but I left my badge inside and ask if they can scan me in.

And if they allow me in, well, then I just piggybacked in.

I used their credentials to follow them in.

So that's piggybacking.

And then there's also dumpster diving.

And dumpster diving is typically going

to be used in unison with some other type of attack.

 Introduction to Cyber Security – Essential Concepts

With dumpster diving, what we can do,

just like his name implies, is we can go through a business's trash.

You'd be surprised how many businesses

aren't good about securely destroying their sensitive information.

Some people will just ignore those

policies within the organization and just throw things in the trash.

And when the janitor is coming around,

they go ahead and throw them in the dumpster. What somebody can do,

whether you're an ethical hacker doing a full blown security assessment or if

it's somebody performing corporate espionage, they can go through the trash,

they can find sensitive information and use that in combination

with impersonation and deceiving somebody in a phishing email or a phishing call

and try to get some additional information from them.

So that's social engineering in a nutshell.

We're continue on talking about it throughout this section.

So if you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.

Take care.

Email Spam, Spoofing, Phishing, & Scam Websites

Alright,

so in this video, we're going to talk about spam email,

spoofed email, phishing attacks and scam websites.

And we're going to start off by talking about spam email.

So spam email is just like it's implies.

It's unsolicited email that's commonly going to be advertising emails.

 Introduction to Cyber Security – Essential Concepts

And the issue with spam emails is that they simply just clutter up your inbox.

If you run a business, you're going to get a lot of spam email.

What happens is that you have a lot of businesses that will reach out to you

because they want your business, they want you to use their services.

And so this is an example over here of one I just recently received.

I get a lot of things like this where people are trying to sell software to me

because I run online schools and I don't solicit them, I don't reach out to them.

They just send emails to me.

I get numerous every day and I delete them.

And the main issue is that they just clutter up my inbox.

Now, the other thing is that spam email can be a form of phishing email where they

try to make it look like an advertisement, or a scam where they try to make it look

like an advertisement and it may potentially carry malware as well.

So you have to be on the lookout for that as well.

Now, let's talk about spoofed emails or email spoofing.

So what is email spoofing?

Well, email spoofing is a practice of forging an email header.

Well, what do I mean?

Well, when we think about the email

header, it's going to have the from address.

Well we're changing that from address

so we make it look like it's coming

from somewhere else to give it some sense of legitimacy.

That's what email spoofing is,

and it's primarily used for social engineering cyber crime tactics.

So let's go ahead and let's take a look

 Introduction to Cyber Security – Essential Concepts

at one that I received in 2019 to my poker school email address.

So what this shows is that somebody hacked

my account and it shows that it's coming from my email address to my email
address.

And it says down here, you may not know me.

And you're probably wondering,

etcetera, etcetera, etcetera.

I'm a hacker who cracked your email and devices.

And so what this ended up being was

a ransom attack where they wanted money for this attack.

And this was actually just a scam.

They didn't hack my account.

What they did is they spoofed my email.

So what I did is I opened up the email header, which you see right here.

And this shows where it actually came from.

It didn't come from my address.

It came from this address here.

And so this is a classic example of a spoofed email where somebody is

trying to con me and decieve me into giving them money.

But little do they know that I also work

cyber security and IT and I just don't run an online business.

But imagine if this was somebody that's really not that tech savvy,

and they received this.

They may freak out and they may pay that ransom without really thinking about it.

But like I said,

this is an excellent example of a spoofed email where they're using this

in combination with other tactics to try to financially extort me.

 Introduction to Cyber Security – Essential Concepts

So that's spoofed email.

Now let's talk about phishing attacks.

So with phishing attacks, historically,

we used to typically think about just phishing emails.

But now phishing has gone beyond emails to text based phishing,

which we call smishing and voice call phishing, which we call vishing.

So phishing is the practice of sending unwanted messages to users to trick them

into revealing personal information, such as their bank account information or

their Social Security number or their address, anything that is personally

identifiable information that will allow them to do things such as identity theft

or to allow them to get access to their accounts.

So with phishing, like I said, email is a classical example.

And here's a classic example of a phishing email.

And this is one where somebody's trying

to deceive you into providing your name, your age, your marital status,

your address, your job, and your phone number because they're

stating that there's 12.7 million British pounds of money that's been unclaimed.

And if you reach out to them, well, you're going to be entitled to a large sum.

And so this is a very classic example that you're commonly going to see.

I wouldn't be surprised if you have

something like this sitting in your spam folder if you use Gmail.

And so when we look at this email,

a very easy telltale sign is poor grammar and poor punctuation.

I don't know why they're so bad at doing

this with all the software that's out there now like Grammarly.

But if we take a look at that, there's a space between the K and the
 Introduction to Cyber Security – Essential Concepts

comma. There's multiple spaces right here.

There's some additional spaces here, some additional spaces here.

And if we just read it, it's just poorly written.

So that's an example of a phishing email.

Now let's take a look at a text message that I received just this week.

And this one is just short and to the point.

Your bill has been paid.

Here's a little gift for you.

So what does that mean?

What bill did I pay?

Maybe it was a time of the month where people typically pay their bills.

And this could be perceived as one

of those auto replies from one of the bill payment systems.

And they're sending you a free gift because you paid your bill.

Well, guess what?

That link isn't to a free gift.

That's a phishing based attack.

And the last thing that I want to talk about is scam websites.

And this is something that we talked about when we talked about DNS spoofing,

where we're sending somebody to a fraudulent website.

Well, this is something that's commonly used to trick people into providing their

personal information and like I said it can occur with DNS spoofing but it can

also occur with phishing emails or phishing text messages where it provides

somebody the ability to click on a link. So let's say for example we received

a phishing email and it was a fraudulent email from our bank account or for
example

PayPal because this is the example that I have on the screen and it states
 Introduction to Cyber Security – Essential Concepts

that there is an issue with your account and they need you to log in. And you click

the link because everything looks legit on the link but when you get

to the website it looks a little fishy and this is a perfect example. If we take

a look at the URL it's paypal.com.security. alert.confirmation-manager-security.com.

So at first for the unsuspecting person it just looks like it's paypal.com, so

everything's good. But for anybody that knows anything about domain names

this is going to be the primary domain name right here,

confirmation-manager-security.com and this is going to be a sub domain up here.

So

this is a fraudulent website. This is a scam website and it's very easy to make

a fraudulent scam website look exactly like the legitimate website. So just

because the website looks just like it, it doesn't mean that it is. And what I

recommend that you always do is you check the URL. If the URL is incorrect, don't

input your information into that URL

because odds are that you're on a fraudulent website. So that's going

to go ahead and conclude this lecture. In this video we talked about spam email,

email spoofing, phishing attacks and scam websites.

If you have any questions, please let me know.

If not thanks for watching and I'll see the next video.

Take care.
 Introduction to Cyber Security – Essential Concepts

Section 6 – Core Cyber Security Principles

The CIA Triad

In this video, we're going to talk about

the CIA triad, and it's often called the Trinity of IT Security.

So CIA stands for confidentiality, integrity, and availability.

So what is confidentiality?

Well, it's just like its name implies.

It's all about making sure that the data

on our network and our IT systems is secure and confidential.

In other words, it's designed to prevent

the unauthorized disclosure of information on our network and on our IT systems.

And a few examples would be implementing

authentication measures, making sure that people have

to authenticate before they get access to our data.

In addition to that, we have access control measures.

We can do that both from a physical perspective, such as giving somebody

physical access to the server room and also implementing logical access

controls into our servers and our IT systems.

And then also, encryption is a very common

method of ensuring that we have confidentiality in place.

And then we have integrity.

And it's also just like its name implies,

it's all about making sure that we have integrity in place with our data,

meaning that we want to make sure that people that shouldn't have access
 Introduction to Cyber Security – Essential Concepts

to the data aren't modifying it or tampering with it or corrupting it.

And then we have input validation,

which is something that we talked about with our SQL injection attacks.

This is a method to make sure that we have integrity of our data,

where we're implementing it on our web applications to ensure that people are

sending us the type of data and the format of data that we're expecting,

and they're not trying to modify it or tamper it and send us malicious code.

And then we have audit trails.

And audit trails is all about logging activity, logging activity on servers,

logging activity on end user devices, and logging everything that occurs.

That way, we have an audit trail of what has occurred.

And if something has been modified or

tampered with, we can go back and we can check our logs to see where that
happened.

So that's integrity.

And then lastly, we have availability.

And availability is just like its name implies.

It's all about making sure that everything is available to us as a business when we

need it, meaning our servers, our IT systems, and our data.

That everything's available when we need it as a business.

So, for example, if we're a business and we operate from 6:00am

to 6:00pm, we want to make sure that everything is available for us so we

can do business effectively and efficiently.

And so some examples would be redundancy

backups and balancing IT security controls.

So when we're talking about redundancy,

we're talking about redundancy measures, such as having battery backups just
 Introduction to Cyber Security – Essential Concepts

in case the power goes out, having redundant servers in place,

having backup IT systems in place, all that just in case something goes out.

And for backups,

we're talking about backing up our data just in case a server goes out,

we can then back up our data quickly and have everything back up and running

and also balancing our IT security controls.

Because here's the thing, when we add on confidentiality

and integrity security measures, we typically reduce the availability

of our IT systems and our data and so what we have to do is we have to have a bit

of a balancing act because here's the thing, confidentiality and integrity

are really important but availability is also equally important.

When you look at it from the perspective

of a business, you're going to have people within the IT security team and the cyber

security team that want to lock everything down.

But on the other side of the house,

the business operations folks, they want to make sure that everything is

available as they need it to run the business.

And so it's all about having a balancing

act of adding just enough confidentiality and just enough integrity to make sure

that we don't reduce availability too much.

So that's the CIA triad,

it's all about confidentiality, integrity and availability and making sure

that you have the right level of all of them for the organization.

So that's going to go ahead and conclude our introduction into the CIA triad.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.
 Introduction to Cyber Security – Essential Concepts

Take care.

Defense In Depth
So the next core cyber security principle

that we're going to talk about is defense in depth.

And defense in depth is the concept

and approach to IT security where we're layering on our IT security controls.

So if you take a look at the diagram, when we think about it,

we have our data, we have our applications,

we have our end user host systems as well as our servers,

we have our private internal network, we have our perimeter network,

we have the physical security aspect of it all, and we have policies and procedures.

When we're looking at all of this, we want to protect all of it.

And from a cyber security perspective,

what we do is we provide security measures for every single aspect of our IT

infrastructure. We add on and we layer our IT security controls.

And this is fairly straightforward and fairly simple.

And the whole premise of this is that by adding on additional layers,

we make it much harder for hackers to get into our IT infrastructure.

If we only had one thing in place, let's say, for example,

just a perimeter firewall or maybe just antivirus on our systems and nothing else.

Well, the only thing that a hacker has to get past is that one security measure.

But if we add on and we layer multiple different security measures,

we make it much harder for them to get into our network and into our systems.

So, again, this is a fairly straightforward and a fairly simple

concept, but it's a hallmark feature of effective cyber security.

 Introduction to Cyber Security – Essential Concepts

Once we start taking a look at some of our

fundamental countermeasures, you're going to see how this comes into play.

So that's defense in depth, fairly straightforward and fairly basic.

If you have any questions, please let me know.

If not, thanks for watching, and I'll see you the next video.

Take care.

Least Privilege
Alright, so another fundamental cyber security

principle is the principle of least privilege.

And let's start off with a definition.

So least privilege is when a user or

a system or a process or an application is only given the permissions necessary

to complete its assigned tasks or functions, and nothing more beyond that.

So it's all about limiting what people and what systems and what processes

and what applications have access to on our network.

And this is a very fundamental cybersecurity principle,

because if you think about it from a cyber security perspective,

if we give a user or a system or a process or an application access to more things

than it needs access to, that opens up the door for malicious users.

Let's say that a malicious user hacks into a system and they get access

to a user account where they have access to everything on the network.

Well, we went ahead and we just opened

the door for them to get access to everything on our network.

When we implement least privilege, we're essentially limiting what people

have access to and what the systems have access to and what specific processes
 Introduction to Cyber Security – Essential Concepts

and services on the systems have access to, as well as the applications as well.

So now let's talk about some examples.

Let's talk about some examples of implementing least privilege.

So the first example that I have listed here is utilizing Active Directory

security groups by department and/or role.

So Active Directory is commonly used by a lot of large organizations.

And by implementing security groups, we can limit what people do based upon

their specific role or their specific department.

Also, we want to implement account standardization practices.

And so, for example, we can actually link this to the first bullet point.

Let's say that every single new user

that comes into the business, they're added to the appropriate security group.

And also we can add on to that.

And we can state that we're going to limit

the network and building access only to business hours for employees that don't

need to be in the building beyond business hours. We're limiting their physical

access to the building and to the network to only business hours.

Because if you think about it,

let's say that we have a user and they're a disgruntled employee.

Well, what's a good way to get back at the company?

Well, to come in after hours when nobody

is there and to get on to the network and to do mischievous and devious things.

So that would be an example

of implementing least privilege to mitigate that risk.

And then lastly, I have an example of limiting our web

server request to our SQL Server to only select statements.

 Introduction to Cyber Security – Essential Concepts

And so this gets back to our SQL injection

attacks, where we know from a web based perspective that SQL injection attacks
are

definitely a threat that we have to be worried about.

So a way to mitigate that is to minimize the web server's access to our database

server with our SQL statements. And what a select statement is a select statement

is where we can simply only query the database server to pull information,

we can't add information, we can't delete it, we can't drop tables.

We can't do any of that.

We're implementing least privilege to our database server from our web server.

So those are some examples of implementing

least privilege and that's the concept of least privilege.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you in the next video.

Take care.

Risk Management
Alright,

so in this video, we're going to talk about

risk management, and I just want to forewarn

you that this is going to be a lengthy lecture.

And the reason that we're going to be

talking about risk management is that IT security and cyber security is a form of

risk management, so you need to understand the fundamentals of risk

management.

So in this video, we're going to talk about the elements of risk.

We're going to talk about what risk

 Introduction to Cyber Security – Essential Concepts

management is and why we need risk management.

We're going to walk through the risk assessment process.

We're going to take a look at the qualitative risk assessment

process, and we're going to talk about risk response categories.

So with that said, let's go ahead and let's get into it.

And let's start off by talking about the elements of risk.

So the first element of any risk is going to be an asset.

And when we think about an asset,

it's going to be anything of value to an organization.

It's going to be its people, i t's physical properties,

and the information within the organization itself.

So if we look at this from the perspective

of cyber security, take a look at the IT infrastructure.

That's going to be our main focus.

It's going to be our IT infrastructure, our data, our intellectual property rights

within our code, and everything else that's going to be our assets.

And then we have threats.

So we talked about threats quite a lot so far in this course.

But a threat is anything that can exploit a vulnerability, either intentionally or

accidentally, and obtain, damage or destroy an asset.

And the key thing here is that a threat can be intentional or accidental.

We really focused in on intentional threats such as black hat hackers.

But a threat can be accidental as well. Let's say, for example,

that we have a new employee and they accidentally delete a bunch of files.

Well, that's why we have backups in place to mitigate against that type of a threat.

And then we have vulnerabilities, which is something that we've talked about.
 Introduction to Cyber Security – Essential Concepts

A vulnerability is a weakness of an asset that can be exploited by a threat.

So, for example, encryption

vulnerabilities, software vulnerabilities, protocol vulnerabilities,

all those different things that we've talked about so far in the course.

And then we have a risk.

And a risk is a potential for a loss,

damage, or the destruction of an asset when a threat exploits a vulnerability.

So it's the potential. Here's the key thing with risk and risk management.

It's all about being proactive and looking

for potential risks and looking to mitigate them before they happen.

So for example, we want to make sure that we implement defense in depth so we

don't get

hacked because we know there's a threat of potentially getting hacked.

And then we have the basic risk equation.

So from the perspective of IT risk management, a risk equation is going to be

our risk equals our threat times our vulnerability.

And we'll take a look at this when we take a look at our risk assessments.

So that's the elements of risk.

Now let's go ahead and let's take a look at the definition of

risk management. So what is risk management?

Well, the basic definition of risk management is that it's the process

of identifying, assessing, monitoring, and limiting risk to an acceptable level.

And the primary goal here is to reduce

risk to a level that the organization will accept.

So if we go back to the CIA triad, we have to do a bit of a balancing act, right?

We want to implement control measures,

but we want to make sure that we do it to an appropriate level.

 Introduction to Cyber Security – Essential Concepts

When we're looking at cyber security and risk management,

it's all about what's acceptable to the organization because different

organizations are going to have different levels of risk tolerance,

and they're also going to have different budgets, and they're also going to have

different needs and different regulations that they have to follow.

So when we're looking at cyber security and risk management,

it's not about just layering everything on with defense in depth.

It's finding what's the appropriate amount for that organization.

So that's why we're talking about risk management, because we're looking at these

threats and these vulnerabilities and looking at how we can mitigate them.

It's all about doing it to an acceptable level.

So let's continue on with this discussion

and let's specifically talk about why we need

risk management.

So why do we need risk management, specifically in IT

and within cyber security?

Well, number one, it's all about being proactive with our risks.

We want to proactively manage our risks,

which is something that I talked about on the last slide.

Number one, we're reducing our risk to an acceptable level.

That's what it's all about.

It's all about identifying risks and reducing them to a level that's

acceptable for our business and our organization.

Number two, we're preventing our risks from becoming issues.

So an issue is a realized risk.

So let's say, for example, in 2021, we realized that our employees are getting
 Introduction to Cyber Security – Essential Concepts

a lot of phishing emails, and we want to mitigate that risk.

We want to mitigate the risk of them potentially clicking on links

and installing malware or providing sensitive information to hackers.

So what can we do?

Well, we can do a variety of things, such as educating them and training them.

We want to prevent this from becoming an issue.

And then, number three,

we want to reduce our surprises and prevent having to deal with putting

out fires. So people that don't manage their risk proactively do it reactively.

And when you're doing it reactively, that's when surprises pop up and little

fires pop up and you have to put them out on a regular basis.

Additionally, risk management promotes good management.

Number one, it increases our likelihood of success. Again being proactive versus

being reactive when it comes to cyber threats.

Number two, it builds a risk aware culture.

So going back to the example of phishing

emails and providing education and training,

when we provide that education and training,

we're making sure that everybody within our organization is aware of those risks.

So we're building a risk aware culture.

And then number three, we're building an organizational

environment where we're more effectively using our resources.

So when we're not being reactive

and putting out fires, we are going to be able to use our

organizational resources much more effectively.

And then also, when it comes to IT risk management and cyber security,
 Introduction to Cyber Security – Essential Concepts

it may simply just be a legal and/or a regulatory requirement.

So you may be required to do so by law.

And if you're not, you could potentially become legally negligent.

So that's another reason why we want

to make sure that we perform risk management and also cyber security.

And then also when we think about risk

management from a business perspective and from an IT perspective,

it's simply part of our daily business decision making process.

And then also I want to share with you

a quote from James Lam from his book Enterprise Risk Management.

And so he states in his book that the only

alternative to risk management is crisis management and crisis management is

much more expensive and time consuming and embarrassing.

So if we look at this from the lens of IT security and cyber security,

imagine being a large company and having your data breached and a bunch of
customer

data breached out to the public and on to the dark web.

Well, that's going to be expensive.

That's going to be time consuming to deal with, and it's going to be embarrassing.

All we have to do is look at some case

studies of some large companies where this has occurred.

And look at that from the lens of this statement.

It's very true. And I think this statement,

just on his own, really highlights why we need to perform

IT risk management within cyber security.

Alright,

so now let's talk about the risk assessment.

 Introduction to Cyber Security – Essential Concepts

So what is a risk assessment?

Well, the risk assessment is where we go

out and we identify our IT risks and we assess them.

And it's the first step in the risk management process.

And what I want to do on this slide

and in the next is walk you through the process of a risk assessment.

So what we're going to do on this slide is

kind of walk through the steps, and then on the next slide,

we're going to take a look at the qualitative risk assessment process.

So the first thing that you need to do is

you need to go out and identify and categorize your risks.

So as an IT security team within cyber

security want to go out and identify our IT security risks and categorize them.

So, for example, maybe we have an IT operational risk

and we have a network security risk, and maybe we have a cloud computing risk.

So we can go ahead and we can identify all

those risks and categorize them into buckets.

Once we have everything identified and categorized,

then we want to take a look at the probability and the impact of each risk.

What that's going to allow us to do,

it's going to allow us to assign each risk

a specific risk score and then prioritize it accordingly.

And we'll see how all of this works on the next slide.

Once we've done that and we have all

of our risk prioritized, then we can go ahead and respond accordingly.

And we'll also take a look at risk responses in this lecture as well.
 Introduction to Cyber Security – Essential Concepts

So now let's go ahead and let's take

a look at the qualitative risk assessment process.

So what you see on the screen is our basic

risk equation, where risk equals threat times vulnerability.

And also what we have over here is a risk matrix.

So when we're doing a qualitative risk assessment, we take a look at the risk

where we understand the threat and the vulnerability, and we take that,

and then we assess the impact and the probability of a risk.

So the probability is nothing more than the likelihood of the risk,

and the impact is going to be the level of the impact of the risk if it occurs.

So what we want to do is take a look

at the risk and assess its impact and probability.

So what I've done in this matrix table is

I've assigned an impact score of low, moderate, and high.

You could add on additional ones if you wanted to,

but this is a very common implementation

of having a low and a moderate and a high score.

And I've done the same thing for the probability.

And what we can do is, for example, let's say that we have a fictitious risk,

that's a cloud computing risk, and we assessed it, and we've assigned it

a probability and an impact score, both of two.

So what we do is we multiply these

together two times two, and that gives us an overall risk score of four.

So that tells us the severity of the risk.

What you see in this risk matrix is green, yellow, and red.

And so what I'm stating is that anything

 Introduction to Cyber Security – Essential Concepts

in green is going to be a low risk, anything in yellow is going to be

a moderate risk, and anything in red is going to be a high risk.

I can then take all my risks,

run them through this process, assign them a score,

and then based upon the overall severity of the risk, I can go ahead and I can

prioritize them and assign them the appropriate risk response measures.

So that's the qualitative risk assessment process.

Alright,

so now that you know how the qualitative risk assessment process works,

let's now take a look at our risk response categories.

So once we have all of our risks assessed,

we need to determine how we're going to control them.

And there's four different main ways in which we can do so.

We can avoid a risk, we can accept a risk,

we can mitigate the risk, and we can transfer a risk.

So let's talk about these one by one.

So with risk avoidance,

what we're essentially saying is that we're not going to take on that activity.

So, for example, if we're thinking about

moving some of our infrastructure into the cloud,

but we're thinking that the risk makes it a bit prohibitive, we can go ahead and we

can get rid of that idea altogether and just keep everything on premise.

So essentially, we are avoiding the risk by eliminating its source altogether.

That's what risk avoidance is.

And with risk acceptance, it's the exact opposite.

It's where we're saying, well, you know what,

 Introduction to Cyber Security – Essential Concepts

the risk is at such a very low level that we're okay with it.

So we're not going to take any action

at all because from a cost benefit perspective, the cost of mitigating

that risk is going to be so high and the probability and the impact is so

low that we're fine with accepting the risk right now and not doing anything.

And then we have risk mitigation, which is what we're going to do 90% of the time.

This is the process of taking steps to mitigate the impact of a risk.

So when we look at our countermeasures

in the next section, that's all about risk mitigation.

When we're looking at defense in depth

and adding in a variety of security control measures, that's risk mitigation.

So from an IT security perspective and cyber security perspective,

90% of the time you're going to be performing risk mitigation.

And then lastly, we have risk transference.

That's when we're going to transfer

the responsibility of the risk to a third party, such as insurance.

So for example,

let's say that we purchased building insurance for our data center,

and if there's an earthquake or a fire or a flood, they're going to pay for that.

We're going to transfer some of that responsibility to them

so it's not all on us.

That's what risk transference is.

And then also something that you need

to understand is the concept of residual risk.

When you're adding on risk transference

and risk mitigation, you're sometimes going to have residual risk.

 Introduction to Cyber Security – Essential Concepts

This is going to be the risk that remains

after you've mitigated the risk and you transferred it.

And there's still a little bit of risk that you can't get rid of.

In many instances, you're going to have residual risk.

So, for example, let's say that we put a network firewall in place.

We're going to assume that that's going

to be effective at blocking a majority of the network based attacks,

but maybe a small percentage are going to get through.

That's going to be an example of residual risk.

So that's our four different risk response categories and the concept of residual

risk, and that's going to go ahead and conclude our introductory lecture

into IT risk management and the role that it plays in IT security

and cyber security.

Now, I know that this wasn't a fully

comprehensive lecture on all things related to IT risk management but simply

just a 15 minutes crash course into IT risk management to get you the basics.

But for those of you that want to learn

more about this topic, I recommend that you take a look

at my full fledged IT risk management course here on Udemy.

But again getting back to the concept of risk management. IT security and cyber

security is essentially nothing more than IT risk management.

So I hope that you found this beneficial and insightful.

If you have any questions please let me know.

If not, thanks for watching and I'll see you the next video.

Take care.
 Introduction to Cyber Security – Essential Concepts

Section 7 – Fundamental Threat Countermeasures

Multi-Factor Authentication
Alright,

so in this video, we're going to talk about multi-factor

authentication, which is a layered approach

to authentication, a layered approach to logging into a system.

So if we think about historically 5 years,

10 years or 15 years ago, when we logged into a system or an online site,

we typically just had to know our username and our password.

That was single factor authentication.

But as hackers have gotten more

sophisticated, so have software developers and cyber security experts.

And now over the past several years,

a lot of applications, a lot of online sites and services now

require multi-factor authentication, which is going to be a combination

of something that you have, such as a smart ID card or your ATM card

or your smartphone, where they send you a one time code.

And also some places also require

something that you are, which is going to be biometrics.

And the whole goal of this is to combat malicious users who are trying to steal

usernames and passwords to log into systems.

If we require something that you have,

a hacker is not going to get a hold of that very easily.

 Introduction to Cyber Security – Essential Concepts

And if it's something that you are, such as your fingerprint or your palm scan

or your eye scan, that's going to be unique to you,

that's going to be even more difficult for a hacker to try to mimic.

And so to give you some examples of

multi-factor authentication, when I go to log into my Gmail account or

my Outlook account online, I have to type in my username and password.

That's something that you know.

But for those online services, they both send a one time code to my smartphone.

So I have to have my smartphone, which is something that I have.

And then that one time code adds

on an additional layer of something that you know.

And to give you an example of biometrics, when I was in grad school,

to get access to the gym on campus, well, number one, you had to have your
student

ID card with you, and they have these turnstiles at the entrance.

To get past the turnstile, you have to enter PIN,

which is something that you know, and you had to scan your palm,

which is something that you are, which is biometrics.

So that's an example of three factor authentication.

But what you're typically going to find is that a lot of organizations and a lot

of online services, they only require two forms of authentication,

which is typically going to be something that you know, which is going to be

a password, and then something that you have.

So, for example, sending a one time code to your phone or if it's at work,

if you use a smart ID card, that's going to be something that you have

where you plug it into your laptop at work.

So that's multi-factor authentication.

 Introduction to Cyber Security – Essential Concepts

And like I said earlier on in the lecture,

the whole premise of this is to make it harder for hackers to hack into our

systems to bypass our authentication measures.

When we add on something that you have and something that you are to something

that you know, it makes it a lot more difficult for them.

So if you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.

Take care.

Password Best Practices

Alright, so in this video,

we're going to talk about some password best practices,

and we're also going to talk about the importance of password complexity.

So we all know that passwords should be strong.

But why is that?

Well, for example,

we're all told that when we type in a new

password and we submit a new password for an online service or

for an application, it's going to give us a character minimum,

and that's typically going to be anywhere from eight characters.

And also, we're generally going to be told that we need to use a combination

of uppercase and lowercase letters and numbers and special characters.

Well, why is that?

Well, it all comes down to how hackers crack passwords.

The most fundamental way in which a hacker

can crack a password is with a brute force attack.

 Introduction to Cyber Security – Essential Concepts

And what a brute force attack does is that it tries every single combination

of a password until it guesses the right one.

Well, by adding in a lot of different

characters, we make the password much longer and much more complex.

And computationally,

it makes it a lot harder for the hacker to brute force that password.

So to give you an example, let's say that we only require our

passwords to be lowercase letters, and it's going to be an eight character minimum.

Well, an eight character password

that only uses letters, that's going to have roughly around

209,000,000,000 password combinations, that's a lot right.

But when we add in uppercase letters

and numbers and symbols, that increases to almost

514,000,000,000,000 combinations of passwords.

So if you compare 209,000,000,000

to 514,000,000,000,000, that's a drastic difference.

And from the perspective of a hacker brute forcing a password,

it's going to take astronomically longer for them to try to brute force and crack

a password that has 514,000,000,000,000 possible combinations.

So that's why password complexity is so

important, and you should make sure that you create a complex password.

Now let's talk about some general best

practices, which are fairly straightforward.

Well, the first one is that we shouldn't

write down our passwords, and this is often easier said than done.

I've seen that in a lot of companies

 Introduction to Cyber Security – Essential Concepts

and a lot of governmental organizations that there are a variety of systems

that people have access to, and they all don't use the same username and
password.

And so a lot of people end up writing down their passwords.

Well, a solution to that is to utilize

either single sign on or to utilize a password management solution.

And the same thing goes for your personal usernames and passwords.

You shouldn't be writing them down.

And I'd highly recommend utilizing a password management solution because

there's a lot of them out there and some of them are free.

The second thing is that we shouldn't

share our passwords, and this is primarily applicable in a business environment

because your personal passwords, you may share them with your spouse.

And so that's not that big of an issue when you have a joint account.

However, in a business environment we

don't want to share our passwords because it all comes down to audit logging and
we

don't want to share credentials with other users because if they do something
wrong

or something incorrectly or something malicious, it comes back to us.

We should also be changing our passwords

on a regular basis and we also shouldn't be reusing old passwords when we do that.

So in your personal lives,

if you think about websites like Facebook or Twitter or Instagram or Gmail or any

of the different sites that you have to log into on a regular basis,

ask yourself, when is the last time that you change your password?

If it's been longer than 90 days or 120 days, I'd recommend that you change it.

But in a business environment we can make sure that this is done.

 Introduction to Cyber Security – Essential Concepts

We can set up policies and procedures that make sure that our employees change

their password to the various applications that they have access to on a regular

basis and that they don't reuse old passwords. So that's password best

practices and also the importance of password complexity.

If you have any questions please let me know.

If not, thanks for watching and I'll see you in the next video.

Take care.

Endpoint Protection
Alright, so in this video,

we're going to talk about endpoint protection, which is system hardening.

So when we're talking about endpoints,

we're talking about our servers and our end user systems.

And system hardening is specifically

the process of reducing the attack surface of a system.

And when we're talking about the attack surface, we're talking about any means

in which a hacker can potentially get into that system and compromise it.

And the goal with system hardening is to reduce that attack surface,

to make it smaller, because the smaller the attack surface,

the less vulnerable that system is going to be to potential cyber attacks.

So let's talk about some general ways in which we can harden our systems.

Well, the first thing that we can do is block unused ports.

And when we're talking about ports on systems,

we're talking about the physical ports as well as the logical ports.

I'm not going to get into the logical

ports because we haven't covered that, and that is a networking concept.

 Introduction to Cyber Security – Essential Concepts

But in regards to physical ports like USB ports, we can disable them.

We can actually unplug them from the motherboard so they don't work. That way

if we don't want somebody plugging

in external drives into the system, we can disable them all together.

We can also disable any unnecessary

services and protocols within the operating system.

So we talked about the remote desktop protocol, for example,

we know that that is susceptible to potential cyber attacks.

We can disable that service

and the associated protocols to it within Windows, so it's unavailable altogether.

We should also be disabling and deleting any unnecessary user accounts.

And when we look at this from the perspective of a business

environment, this all comes down to account management.

When employees leave the organization, their account should either be disabled or

deleted. And also just looking at the systems,

in general, if there's a guest account or

account that we're no longer using, we should either disable or delete it.

We should also keep our systems up to date.

So this relates to patch management,

and this is something that we're going to talk about in the next section.

We should also be utilizing anti-malware software.

And Windows 10 and the Mac operating system,

they come pre-packaged with anti-malware software.

However, if you're not satisfied

with the built-in anti-malware software, you can also purchase your own as well.

We should also make sure

 Introduction to Cyber Security – Essential Concepts

that the operating system is utilizing a software-based firewall.

Now, we're going to talk about how

firewalls work in a couple of lectures, so I'm not going to get into that right now.

But this is definitely something we want

to make sure that our end user systems and our servers are employing.

And we should also consider utilizing disk encryption.

We can either encrypt the entire hard drive on our system or a specific area

on our system where we house our sensitive data.

This is going to be a very common method

used in business environments and it can also be leveraged in a home environment.

And we're going to talk about how

encryption works in the next lecture. And then lastly which is something that we

already talked about is utilizing complex passwords.

So these are some general guidelines and best practices for endpoint protection.

These are ways in which we can harden our

systems. So that's going to go ahead and conclude this lecture.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.

Take care.

Encryption
In this video, we're going to talk about what encryption is and how it works.

So what is encryption?

Well, encryption is the process of taking some readable data, some readable text,

and scrambling that up so it can't be read.

Specifically,
 Introduction to Cyber Security – Essential Concepts

it's the process of utilizing an encryption algorithm with an encryption

key to encrypt data to make it secure and confidential.

So what we see on the screen here is the plain text, hello world.

I ran that through an encryption algorithm, and here's the output.

And I'm essentially making this file

secure and confidential by encrypting it and making it scrambled.

And it's only going to be able to be decrypted by somebody that is authorized

to do so. By somebody that has the associated key to decrypt it.

So, for example, if I took this file and I encrypted it and I attached it to an email

and I sent it across the Internet and a black hat hacker got a hold of it.

If they opened it up,

they wouldn't be able to actually read what's in that file.

It's just going to be a bunch of garbled and scrambled text.

So with encryption, we're making the data confidential and secure.

Now, in regards to the use case

for encryption, we can use encryption both for data at rest,

which is going to be data that's sitting on our servers and our end user systems

on their hard drives, and also for data in motion,

meaning data going across networks over LANs and WANs and the Internet.

So that's what encryption is.

And now what I want to do is take a look

at symmetric encryption (private key encryption), better known as private key

encryption.

So symmetric encryption uses a single key for both encryption and decryption.

There's also asymmetric encryption where it's a matched pair, where there's one
key

that's used for encryption and another key that's used for decryption.
 Introduction to Cyber Security – Essential Concepts

We're only going to talk about symmetric encryption in this course because talking

about symmetric and asymmetric and all the different associated algorithms is

a bit beyond this course because it is a lengthy and it is a complicated topic.

So with that said, let's talk about how symmetric encryption works.

So with symmetric encryption, both the sender and the receiver are going

to utilize the same key to both encrypt and decrypt all the messages and data

that they're sending back and forth to each other.

So let's go through an example.

So let's say that we have Sally over here, and she has a plain text file that she

wants to send over to Bob, but she wants to make sure that she encrypts it first.

So she's going to use symmetric encryption.

And so she's going to use an encryption algorithm combined with their private key

that both of them are going to use, and she's going to encrypt that file.

It now becomes encrypted data, and it's ready to be sent across the network.

So she'll send it across the network,

and then Bob's going to receive it as an encrypted file.

Well, he's going to use that exact same

key, that private key that they're both sharing to decrypt the file and they'll be

able to decrypt it and open it up as a plain text file.

Now why did I say private key?

Well, as you noticed, at the top of the screen we also call

symmetric encryption private key encryption because between Sally and Bob

here they have a secret encryption key or in other words, a private encryption key

that they're sharing and they're utilizing to encrypt data.

They're not sharing that private key with anybody else, only between both of them.

So if somebody intercepted it, let's say a hacker, it's going to be encrypted.

 Introduction to Cyber Security – Essential Concepts

The hacker is not going to have the key

because it's kept secure and it's kept private.

And so if the hacker opens up the file, it's going to be encrypted.

It's going to be a bunch of scrambled and garbled text.

It's not going to make any sense and so

they're not going to be able to read that data.

And so here's the thing with private key encryption is that it's going to rely

on both of the people in a party to be able to securely exchange that secret key.

So how would Sally and Bob be able to do that?

Well, they have a couple of options they could use asymmetric encryption combined

with symmetric encryption to allow them to exchange that key.

However, another way in which they can do

it if they worked in the same building is simply to put it on a USB thumb drive

and it security exchange it with one and another.

But like I said, there's also asymmetric encryption and asymmetric encryption

utilizes a secret key and a public key where the secret key is kept secure

and security and never shared and the public key is given out and it's public.

But we're not going to go over all the nuances of asymmetric encryption

Because that's where things can get a bit complex and also utilizing symmetric

and asymmetric encryption, it even gets more complex.

So that's going to go ahead and conclude our introduction into encryption and how

it works and also specifically how symmetric encryption works.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you in the next video.

Take care.
 Introduction to Cyber Security – Essential Concepts

Firewalls
Alright,

so in this video, we're going to talk about firewalls.

And firewalls are considered a fundamental

network security device that have been around for quite some time.

And they're considered to be one of the foundational network defense items

in our defense in depth network security strategy.

Because just about every network has a firewall, if not several.

In fact, your home network probably has several as well.

So a firewall is designed to protect your

internal private network from malicious activity out there on the Internet.

And the way that they work is that they prevent unwanted network traffic

on different networks from accessing your private network.

Specifically, what they do is they filter out data packets that go through them.

So what you do with the firewall is that you set up firewall rules.

You determine what you want to allow and what you want to deny.

And based upon your firewall rules, firewalls are going to determine what

packets of data are allowed into your network and which ones are filtered out.

Now, there are multiple different types of firewalls.

There are basic packet filtering firewalls.

There are ones that actually look at your

network sessions to see if a packet of data is part of a valid session.

And there are firewalls that also act as proxy filters.

But I'm not going to get into all the nuances and details of the differences

of these different types of firewalls, because we haven't covered every single

thing there is to know about the fundamentals of networking

 Introduction to Cyber Security – Essential Concepts

to understand the true differences between all those different types of firewalls.

Now, one thing you also need to understand

is that there's going to be network based firewalls and host based firewalls.

Well, what do I mean?

Well, a network based firewall is going

to be an actual network appliance, such as a router or a switch.

We plug it into the network and based upon

where we plug it in, it's going to determine what it protects.

So if we put it on the perimeter of our

internal private network, it's going to protect that entire network,

whereas a host based firewall is going to be software that's installed on your

computer and it's designed to protect only that computer.

And so, for example, on the Windows operating system

and the Mac operating system, we can have a software based host based

firewall installed on that operating system.

And in fact, most operating systems are included with firewall software.

So what this accomplishes is defense in depth.

And that's why I said that your home

network probably has several different firewalls.

So if you have a wireless router on your

network, a SOHO device, which is a small office home office

device, typically that's going to have a router, a firewall, a DHCP server,

and a switch, and a wireless access point, all installed and enabled.

So that's going to be your network firewall.

And then also if you have a desktop

computer or a laptop computer that's running Mac or Windows.

 Introduction to Cyber Security – Essential Concepts

Well, odds are that you have a host based firewall as well. So you're going to have

defense in depth with multiple different firewalls on your home network.

So let's go ahead and let's take a look at a diagram and let's visualize firewalls.

So we have the internet and then we have our internal local area network. That's
our

protected network. Well, we can install a network based or

a hardware firewall on our network protecting our internal LAN, the entire

LAN from the internet and then on top of that we can install host based

firewalls on all of our systems on the network.

So we just deployed defense in depth.

And if we have a hacker out on the Internet and they try to get

into our network, well, our firewall can potentially stop it.

And that's the whole purpose of the firewall. And like I said it all

comes down to the type of firewall and the different firewall rules that we set up.

Firewalls aren't always going to stop 100%

of attacks and malicious packets of data but they're going to stop most of them.

So that's what a firewall is and that's how it works.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you next video.

Take care.

Intrusion Detection & Prevention Systems (IDS & IPS)

Alright, so now that you know how firewalls

operate, now we're going to turn our attention to intrusion detection systems

and intrusion prevention systems, better known as IDSs and IPSs.

And these are considered a more advanced, advanced network security device.

So let's go ahead and let's get into it.

 Introduction to Cyber Security – Essential Concepts

So if we take a look at our diagram,

we have our firewall and we've added in either an IDS or an IPS.

And what an IDS or an IPS is designed to do is they're designed to detect attacks.

And based upon whether it's an IDS or

an IPS, it's either going to respond passively or actively.

So what do I mean?

Well, let's talk about the intrusion detection system first.

So the intrusion detection system, the IDS is passive,

meaning it's going to respond by logging an event and notifying IT staff.

It's not going to do anything beyond that.

So, for example, looking at the diagram, let's say that we have a malicious user,

a black hat hacker out there on the Internet, and they have a malicious

packet of data, and they are going to try to get that into our internal network.

Well, it gets past our firewall, it goes through our IDS,

and then it gets into our internal protected local area network.

Well, what the IDS is going to do is

that it's going to log that and send it up to a monitoring station where it's up

to the IT staff to determine how they want to mitigate this issue.

So that's how an IDS works.

Then we have the intrusion prevention system, better known as the IPS.

This responds in an active manner, meaning it's going to change something

within the network environment to stop that attack, such as potentially changing

an access control list rule or closing down a process or a session or even ports.

It's going to do what needs to be done to stop that attack.

So, for example, we have our black hat hacker again, and this hacker is going

to try to send some malicious data into our network.

 Introduction to Cyber Security – Essential Concepts

Well, it gets past our firewall and gets to the IPS.

Well, because the IPS is active, it's going to stop that attack.

So let's say, for example,

it changes in access control list rule and it's also going to log it and send it

up to that management station where the IT staff is notified as well.

And so you may be asking yourself, well,

why would we ever use an IDS if we could use an IPS?

Because the IPS is going to stop the attack.

Well, it all comes down to the network and the criticality of the network.

On certain networks and within certain organizations,

we don't want any changes on the network

to happen without consulting IT managers and network engineers, because

a change on the network may have unintended consequences.

It may break something on the network.

So in certain instances an IDS is going

to be preferred over an IPS and it all comes down to the design of the network,

the organization themselves and how they want to manage any changes to the
network.

So that's why we would sometimes use a more passive method of logging

and notifying the IT staff with an IDS and in other instances we would use an IPS

and we'd be okay with it changing the network environment on its own.

So that's IDSs and IPSs and hopefully you noticed that we employed defense in
depth.

We didn't get rid of the firewall.

We added in an IDS or an IPS onto our

network to increase our network security posture.

So that's going to go ahead and conclude this lecture.

 Introduction to Cyber Security – Essential Concepts

If you have any questions, please let me know.

If not things we're watching and I'll see you the next video.

Take care.

Utilizing a Network DMZ (Perimeter Network)

Alright,

so in this video we're going to talk about DMZs.

And a DMZ is a Demilitarized zone and it's a perimeter network.

So specifically a DMZ is what we see right here.

And it's perimeter network that's designed

to be securely separated from an organization's internal private network.

In other words our intranet.

So we have our firewall and we have our intranet over here.

And a firewall can have more than one

different interface for different networks.

And so in this example we have what's

called a three legged design with our DMZ where we have a single firewall.

So what we have here is an interface that goes into our private LAN.

We have another interface on the firewall

that goes to our DMZ, and a third one that goes to the Internet.

Now with the DMZ, you can also have a back

to back configuration and that's where you have a firewall, then you have the DMZ

within the firewall, then you have another firewall that protects your intranet.

But in this example we're utilizing one firewall.

And so the DMZ is designed to allow

untrusted users outside of our internal network.

 Introduction to Cyber Security – Essential Concepts

So specifically in this scenario users on the Internet to access specific

services that we want to make available to the public.

And so we do so by putting them

on a different network on our perimeter, our DMZ.

So we can put things such as our public

website, which we see right here with our web server.

If we were a computer software company or

a computer hardware company and we had software or we had drivers that we

wanted

to make available to our customers, we could also put a file server within our

DMZ, specifically a trivial FTP file server.

If we were an email provider such as

Gmail, we could also put a public email server within our DMZ.

And if we also had business partners

that needed to log into a web based portal that we wanted to make available to
them,

let's say that we were a wholesaler and we had customers that purchase from us,

but we didn't want them accessing our intranet,

we could put a private portal within our DMZ as well that they log into.

And so the way that it works is that it's

going to allow this person to communicate with this device within our DMZ.

The firewall is set up to allow Internet users access to the web server,

but it's going to block anything into our internal network.

So this user they can go ahead and they

can communicate with the web server or for example a file server or an email
server.

But if they try to get access into our

internal network, the firewall is going to block them.

 Introduction to Cyber Security – Essential Concepts

And so the whole idea behind a DMZ is

that when we have public services that we want to provide to people that we don't

know on the Internet and that we don't trust, then we're going to put that within

a DMZ rather than putting it within our intranet. So that's what a DMZ

is and that's what it's designed for.

Honeypot Decoys (Decoy Servers)
Alright,

so building on our previous conversation where we talked about DMZs,

let's now talk about honeypots which are decoy servers that we typically place

within our DMZ and they're designed to entice malicious users to attack them.

So what they are is that they look like they're a live production server.

However purposefully, we poorly configured them to make them easier to exploit.

So for example, in this diagram we have

a honeypot decoy server that we place within our DMZ and the purpose is twofold.

Number one, we want to lure hackers away

from our real network and we want to lure them towards our honeypot decoy
server.

And this allows for IT security personnel staff to observe what the hackers are

doing and learn how they are attacking our systems.

So not only does a honeypot lure hackers

away, but it allows us to understand how they're hacking into our systems.

And if we understand how they're hacking into our systems, well guess what?

We're going to be better off at defending ourselves against future attacks.

So that's what a honeypot is and that's the purpose of it.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.

Take care.
 Introduction to Cyber Security – Essential Concepts

Virtual Private Network

In this video we're going to talk about

virtual private networks, better known as VPN.

So what is VPN?

Well, VPN is a technology that allows you and I to remotely connect

to a private network or a specific service or site on the Internet in a secure

and encrypted manner for the purpose of trying to ensure that we have privacy.

if we want anonymity,

it tries to ensure that we have anonymity and also as a means to avoid censorship.

So let's talk about how it works.

So if we take a look at the diagram down here, let's assume that this is you

at home and you work remotely and you're on your work laptop and what your work
has

done to allow you to connect to their internal private network,

they've installed what is called a VPN client.

And on the edge of their network, they have a VPN server.

You're going to connect to the VPN server via the VPN client.

So what's going to happen is that it's going to create what is called a tunneling

protocol, which creates a protected tunnel through the Internet to the VPN server.

And what this essentially means

with tunneling is that we're encapsulating one network protocol within another

to ensure that the transmission of data is going to be encrypted and secure.

And so in this example,

which is very common for people working remotely, is the VPN server is going to be

connected to the edge of your work's network.

So your traffic that is end to end from you and then to your work's network
 Introduction to Cyber Security – Essential Concepts

and back, it's all going to be encrypted and secure.

So everything going across the Internet is secure.

Now there's also another use case for VPN

where we're connecting to some site or some service on the Internet.

And what you probably noticed is that this

tunnel, it's disappeared from the VPN server to the Internet.

When you're using a VPN service such as NordVPN, what it's going to do is it's

going to create this tunnel from your client to the server.

But once it reaches their VPN server, everything from their VPN server to whatever

you want to access on the Internet, that's not going to be protected by that tunnel.

So for example, if you want to go to YouTube or Netflix,

that's not going to be protected by this VPN tunnel.

What's going to be protecting it is

HTTP Secure, which utilizes transport layer security encryption.

So when you're utilizing a VPN service

for accessing services and sites on the Internet,

understand that from the VPN server and to the site and back to the VPN

server, it's not encrypted by the VPN tunneling protocol.

That only occurs from the VPN server to your client machine.

From the VPN server to the site itself, that's going to be encrypted by HTTPS.

But if you're going to a site with HTTP that's not encrypted, well,

everything from here to here, that's going to be unencrypted.

And that's why about 99% of all sites now use HTTPS, which is encrypted.

So keep that in mind.

And so when we think about the use case for this, well, what does this provide?

Well, it provides privacy,

 Introduction to Cyber Security – Essential Concepts

because our ISP is not going to be able to know what we're accessing.

Everything is going to the VPN server.

It's also going to provide a sense of anonymity as well,

because people can't snoop in on us and see what we're doing,

because all they're seeing is traffic to and from the VPN server that's encrypted.

And also it provides a means to bypass

censorship, because as we know, in certain countries, they censor different sites.

If we use a VPN service, that's means to bypass censorship.

So that's VPN.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.

Take care.

Wireless Network Security

In this video, we're going to talk about wireless networking security.

And we're going to start off by talking

about the inherent vulnerability of wireless networking.

And the inherent vulnerability of wireless

networking is that wireless signals emanate over the air.

So the main issue with a wireless network and the reason why we need to use

encryption with wireless networks is that they broadcast over the air.

So unlike a wired network where our data

is going over a network cable that's within our house or within our office

so it's secure, with a wireless network,

these signals are freely emanating throughout the air.

So anybody that has a transceiver that's

 Introduction to Cyber Security – Essential Concepts

tuned to the correct frequencies and channels, they can intercept that data.

And here's the thing, with wireless networking.

IEEE is an organization that standardizes all the frequencies.

So all you simply have to do is know what

those frequencies are and what those channels are, which IEEE has standardized.

So it's very easy to determine

the wireless networks that are out there and to learn a lot about them.

So, for example, here's some software and this is software

that allows us to fingerprint and learn a lot about wireless networks.

So what we see here with this software is

we see the SSID of a bunch of wireless networks.

We see the MAC address of the wireless access point.

We see the signal strength, we see the specific channel that they're on.

We see the 802.11 standard that they're using.

802.11 is the wireless standard for networks.

We see the speed of the network and we see

the encryption type that they're using, as well as if they're using WPS or not.

And down here we can see the channels

for 2.4 GHz as well as 5 GHz and some additional items as well.

And so it's very simple to fingerprint and learn a lot about wireless networks.

And that's why wireless networking security is so important.

So let's talk about encryption and 802.11.

So let's talk about wireless encryption security protocols first.

So there's two of them that you should be

using, and that is Wi Fi Protected access versions two or three.

These are our current standards, and you should be utilizing one or the other.
 Introduction to Cyber Security – Essential Concepts

And the acronyms are WPA2 and WPA3.

And here's an example of both of them.

So here's a screenshot from a TP-Link router.

And what we want to make sure that we're

doing on our wireless router or a wireless access point is we want to make sure

that we're utilizing a security encryption protocol.

In this example, we can see WPA/WPA2,

WPA2/WPA3, and WPA/WPA2 Enterprise.

And you're going to notice that there's personal and enterprise.

And we'll talk about what enterprise means later on in this lecture.

But if you see WEP or just WPA, you don't want to use either of them

because they've both been compromised and we shouldn't use either of them.

So we should only be using WPA2 or WPA3.

So in any scenario where you're using

a wireless router or a wireless access point you want to make sure that you're

enabling and utilizing a wireless encryption security protocol.

Now I want to go a step further and I want to talk about 802.1x

wireless authentication. And this relates directly to enterprise mode.

So when we're talking about personal mode

that's like when you're at home where you type in the passcode for the WiFi and it

gives you access to your wireless network at home.

But with enterprise mode we're utilizing 802.1x

and what does that allow us to do?

Well, it allows us to have all of our

wireless users authenticate to a central authentication server on our network

before they are granted full access to our network.

 Introduction to Cyber Security – Essential Concepts

So for example let's say that we have

a wireless user in the office and they want to connect to the office WiFi. Well,

with their laptop they're going to log into the wireless network with a username

and password that's going to go to an authentication server.

We call this a Radius server and then once

they authenticate they're going to be granted the appropriate network

permissions based upon their user account and the roles on the network.

So these are two methods in which we can

increase our security posture on a wireless network.

Number one utilizing wireless encryption security protocols and number two if we're

in a business environment we can consider setting up and utilizing

802.1x as well.

So that's going to go ahead and conclude

our discussion talking about wireless networking security.

If you have any questions please let me know.

If not thanks for watching and I'll see the next video.

Take care.
 Introduction to Cyber Security – Essential Concepts

Section 8 – Cyber Security in the Workplace

Patch Management & Change Management

Alright,

so in this video, we're going to talk about the role

of patch and change management and specifically what it is and how it

enables us to manage our IT patches and changes effectively.

So let's start off by talking about patch management.

So patch management is going to be the end to end process in which patches and
hot

fixes are tested and deployed and audited to ensure they are successfully applied.

So typically, what we're going to do within an organization is when there's

a new patch, whether that be for a particular software

or for the operating system, we're going to test it on a testing system first.

We're going to update that testing system, and we want to make sure that
everything

works out okay, that there's no unintended consequences where this patch or this
hot

fix or this update doesn't break something on that system within our environment.

So before we push it out to our production

environment, we want to test it on our testing system first.

And once we're able to confirm

 Introduction to Cyber Security – Essential Concepts

that everything worked out okay on that test system, and let's say that we

had multiple different test systems on a test network.

If we push it out to a variety of systems on our test network and everything worked

out okay, then we can schedule it to push it out to our production network.

And after we push it out to our production

network, we want to make sure that it also installed properly.

So we're going to go ahead and audit the installation on the production network.

We may pick a handful of systems just

to make sure that everything was okay, because our goal is to make sure that when

we push it out to our production network through some sort of a semi automated or

automated process, that everything worked out okay.

So that's patch management.

So now let's talk about change management.

So what is change management?

Well, it's the process of ensuring that any sort of a major change to our IT

infrastructure doesn't occur without prior review and approval.

So, for example, let's say that we have

a new project to deploy a new database server to our network.

And this project has been running for six months, and they've reached the point

where they're now ready to deploy that new server to the production network.

Well, typically what they're going to have

to do is they're going to need to go to some sort of a board.

Typically, it's going to be a change control board or a project governance

board, and they're going to present the project, its status and show that it's

completed all of the technical and organizational requirements

for that business and that they're ready to deploy it to the production network.
 Introduction to Cyber Security – Essential Concepts

The board is going to review everything and they're going to determine whether

it's ready to deploy or not. Once they get their final okay,

then the project is ready to deploy it to the production network.

But projects don't always get approved to deploy to the production network.

Let's say, for example,

one of the executives or stakeholders on the board that's a voting member has

some questions concerning some of the IT security requirements for that project.

What they can do is they can go back

to the project and ask for clarity and until they're okay with it it won't

get deployed. And that's the true value of change management.

When we have a change control board or a project governance board and they're

overseeing the progress of major IT projects, is they're ensuring that those

projects are meeting all the requirements, especially their IT security requirements.

And whenever they have any questions or concerns, they can bring those up.

So they act as a control gate and a decision gate for these major IT

changes before they are added to our production environment.

And that ensures that we don't miss anything when they're deployed,

that they're meeting all of the requirements and that there are no

major security concerns. So that's patch and change management.

If you have any questions, please let me know.

If not, thanks for watching and I'll see you the next video.

Take care.

Incident Response
In this video, we're going to talk about

incident response, because incident response plays a major

 Introduction to Cyber Security – Essential Concepts

role in cyber security and cyber security operations.

So when we think about incident response,

we have to think about what an incident is. Well, an incident is going to be

any event that's going to negatively impact an organization.

And from the perspective of IT security and cyber security,

when we think about incident response,

we're thinking about IT security and cyber incidents.

So incidents that relate to cyber security.

And so, for example,

here's an example of what we might consider an incident where cyber security

incident response team is identifying and remediating specific IT security

incidents, such as an employee's computer, such as their laptop being infected

with a virus that's causing at least one person not being able to work.

So I want to walk you through the process

of incident response from the beginning to the end.

So with incident response, we start with detection.

This is going to be the initial detection of the incident that has occurred.

So, for example,

an employee's laptop that's been infected with the virus, or maybe that employee

called the help desk, and the help desk relayed that over

to the incident response team, letting them know that there's a virus

incident that they need to go ahead and take care of.

The second step is then the response step.

So this is going to be the initial response from the incident response team.

They're potentially going to log it

into the system and assign it to a specific person to triage that virus.
 Introduction to Cyber Security – Essential Concepts

After that, we have containment.

This is all about making sure that this virus doesn't spread.

So we're going to contain this virus to that one system.

We want to make sure that it's off

the network and that it's not going to potentially spread to other computers.

We also want to make sure that, however this virus got onto that system,

let's say, for example, via an email that we investigate that as

well, and we make sure that those emails are taken care of as well.

After that, we have the initial reporting.

So after the initial response and containment, we then begin reporting.

Now, this isn't the final reporting, but let's say this is an incident

that rises to the level that a senior manager needs to know.

So we're going to report this up to the appropriate stakeholders.

After that, we're going to begin our recovery processes.

So this is all about taking that system that was infected with that virus

and returning it back to its last known good state.

So maybe we're doing a system restore.

Maybe we're doing a fresh,

clean install where we're formatting the hard drive and starting all over

to make sure there's no remnants of the virus left onto that system.

So this is all about recovering the laptop so it's functional again.

However, this is not remediation.

Remediation is the next step.

So remediation is where we go a step further.

We've contained the virus, we've reported it to the appropriate stakeholders.

We've taken that laptop and recovered it

 Introduction to Cyber Security – Essential Concepts

to its last known good state so that employee can get back to work.

Now, we need to take a look at remediation.

We need to identify what the root cause of this incident is and we need to make

sure that this virus isn't going to spread to other systems on our network. So we
find

the root cause and we remediate that. That way,

this isn't going to be an issue for us

for other systems on our network in the future.

So, for example, since this is a virus,

maybe we need to update our virus definitions on our endpoint protection.

Maybe it's as simple as that.

And then lastly, there's step seven, which is lessons learned.

Now, lessons learned isn't generally

embedded in every single response but let's say that this was a fairly major

incident and there were some issues that occurred throughout either

the containment or the recovery or the remediation or the reporting or any

other step within our incident response process.

Well, this would be the time to sit down

as a team and with management and discuss what went well and what went bad
and how

can we improve on things that didn't go well.

So that's where lessons learned comes into play.

However, when you look at incident

response you're often going to see it excluded.

But I think when we're looking at major incidents this is definitely something

that we want to do on a regular basis. And so incident response is an essential

part cyber security because we're always going to be dealing with cyber incidents.
 Introduction to Cyber Security – Essential Concepts

Whether it be malware or an insider threat or an attack coming

from the internet, there's always going to be incidents

that pop up and we need to deal with them effectively. So that's where incident

response comes into play. So that's going to go ahead and conclude our discussion.

In regards to instant response, if you have any questions, please let me know.

If not, thanks for watching and I'll see you at the next video.

Take care.

Application Development Security

In this video, we're going to talk about

application development security, also known as software development security.

And specifically, we're going to talk about how we can embed

IT security into our programming processes.

So first, let's talk about the software

development lifecycle, better known as SDLC, and how we can secure our SDLC.

So what you need to understand is that historically, when we talk about IT

security, it wasn't a part of the software development lifecycle 20 plus years ago.

And slowly over time,

we started adding it in, and it became more and more robust to now

where we have what we call the secure software development lifecycle.

I remember going back roughly about 20

to 21 years ago when I was doing web app development.

IT security was just a bit of an afterthought.

We really didn't think about it.

And I also remember way back when I was

an undergraduate, when Facebook was available

 Introduction to Cyber Security – Essential Concepts

to my University, when we went to log in, we utilized HTTP, not HTTP secure.

So our credentials were sent in clear text over the Internet.

And so if you think about it,

we've come a long ways going from the early 2000s now to 2022.

And so if we just think about everything

that we've talked about in this course leading up to this is that there are

a variety of security flaws in software that can lead to a lot of major risks.

So things such as missing data encryption,

which I just talked about, SQL injection attacks,

buffer overflow attacks, OS command injection attacks,

cross site scripting, and the list goes on and on and on.

And so here's the thing,

what we do now with software development

lifecycle is we add in security control gates, specifically IT security

requirements, as well as software testing as we're developing the software.

And we'll take a look at software testing in a bit more detail in a second.

So what we've done is we've taken the basic software development lifecycle,

whether that be the waterfall process or agile or something else,

and we're adding on a layer of security by integrating security requirements

and testing into our software development processes.

Now, I'm not going to get into the details

of the different steps within the SDLC or specifically all the different security

requirements, because that's definitely beyond the scope of this course.

But what I want you to understand from cyber security perspective is that if

you work for an organization where they're developing software in house,

you want to make sure that they're utilizing a secure SDLC, and that security
 Introduction to Cyber Security – Essential Concepts

requirements are hard baked into the software development process.

So now let's talk about security testing.

And specifically, let's take a deeper dive

look at it, because software testing is going to be embedded within the SDLC.

So when we're developing software, testing

it is going to be an essential aspect of our development process.

And there are two different categories of testing.

There's static code analysis and there's dynamic testing.

So static code analysis is just like it's

name implies, it's going to be testing the code passively.

In other words, we're debugging the code.

So we're going to take a look at the code line by line and we're going to debug it.

So the person that's programming it may hand it over to somebody else and they're

going to review their work and look for bugs. So it's when the code isn't

running, we're actually looking at the code itself and this would happen during

the development phase. And so then after that once we finish the product maybe
we

have a minimum viable product and we want to go ahead and we want

to move on to the next step that's where dynamic testing comes into play. This is

where we're going to be executing the code and testing it. So this is why we call it

dynamic testing. We're going to examine its run states.

We're going to try to manipulate

the program to discover security vulnerabilities. We're going to try

simulated attacks against the program as well to see how it reacts and to see if

there's any vulnerabilities that we can exploit.

So with dynamic testing the whole purpose is to look at it from the perspective

of an outside attacker and to try what they would try to see if we can find
 Introduction to Cyber Security – Essential Concepts

vulnerabilities and exploit them. And if we do take a look at the diagram,

if our dynamic testing does find vulnerabilities then we're going to send

that back to the developers for them to fix. They're going to do some additional

development, some additional static code analysis, i.e., they're debugging. They're

going to send it back to the testers. They're going to do it again and we're

going to repeat this process until the vulnerabilities are resolved. So

that's application development security in a nutshell. If you have

any questions please let me know.

Security Assessments
Alright,

so in this video, we're going to talk about security assessments.

And security assessments play a very important role in reviewing and assessing

an organization or a company's security posture.

Specifically, their IT and cyber security posture.

So when we look at security assessments, it's very broad.

We can assess a variety of different things to

take a look at the overall security posture of a company or an organization.

And we've already talked about a couple of them earlier on in the course.

When we talk about vulnerability

assessments and penetration tests, those are two forms of security assessments.

Those are two ways in which we can assess an organization's IT security posture.

But we can also do a number of other things as well.

We can take a look at a company's policies

and procedures, specifically the ones that relate to cyber security,

and look at their overall effectiveness and how the company is implementing them.

We can take a look at an organization's change management and configuration

 Introduction to Cyber Security – Essential Concepts

management processes and look at their overall maturity level.

How mature are they?

Are they implementing them with boards or do they just go to a single person or do

they even have those review checkpoints that we talked about?

We can take a look at the network design.

So we can do a network architectural review

where we're taking a look at the network

design and looking for potential areas that could be vulnerable to attacks.

And we could perform a security audit.

And a security audit is essentially what a security assessment is.

We're auditing their IT security measures.

So when we're taking a look at their

policies and procedures or their change management or configuration management

or

their network design, that's all a form of a security audit.

So that's what security assessments are.

And to give you a good example, so

when I worked for the federal government here in the United States,

every year we had to do a several month long FISMA audit.

And FISMA stands for the Federal Information Security Management Act.

And what it does is that it sets forth guidelines and IT security frameworks

that federal agencies here in the United States have to follow.

And there's levels of maturity for the different areas of the audit.

So they'll go in and they'll look

at things such as policies and procedures or change management,

and they'll look at how effective the governmental agency is at implementing

them, per the FISMA guidelines and requirements.

 Introduction to Cyber Security – Essential Concepts

And they'll look for deficiencies,

and they'll provide recommendations for improving where there are deficiencies

and the overall maturity level of that area or that program.

So the whole goal with audits

and assessments is not only to ding an organization for something that they're

deficient in, but also to provide recommendations so they can approve.

It's all about finding holes or finding weaknesses, so we can improve on those.

And so when we do an assessment in the next period or the next quarter or

the next year, hopefully things are better than the previous assessment.

So that security assessments.

If you have any questions, please let me know.

If not.

Thanks for watching and I'll see you next video.

Take care.

IT Risk Management Program

Alright,

so in this video, we're going to talk about the IT risk

management program, which is implementing risk management within an

organization.

So we talked about risk management and what it is.

But understanding and knowing what risk management is is an entirely

different thing from actually standing up and developing and formalizing a risk

management program within an organization or a business.

If we actually want to stand up and develop and utilize a formalized risk

management process within an organization, to have it to be effective.

We really need to have a program in place.

 Introduction to Cyber Security – Essential Concepts

And so let's talk about how this is accomplished.

Well, number one, the organization needs

to develop a risk management plan, better known as an RMP.

And so what does an RMP do?

Well, first and foremost, it's going to establish and formalize

an organized approach for managing risks and mitigating activities.

So specifically,

we're going to be formalizing the approach with a framework and the associated

processes and procedures, all within the RMP.

It outlines specifically how we are going

to handle risks and specific risk mitigation activities.

And digging a little deeper, it's also going to address our risk

management processes, such as our risk assessment process,

our risk review process, our risk escalation process, and so forth.

It's also going to address and discuss

the organizational structure of our IT risk management program.

So is this going to be composed of people that are in charge with risk management

in different departments, or are we going to stand up an entirely new department?

And also, it's going to address

the resources needed to do, so the personnel resources.

It's also going to talk about the schedule in regards to how often are we going to be

reviewing risk, how often are we going to be identifying risk?

How often are we going to take our risk up to some sort of a board or a committee?

And also the overall escalation process for our risks and issues.

And then lastly, and most importantly, the RMP is going to signal management buy

in and support for our IT risk management program plan efforts.

 Introduction to Cyber Security – Essential Concepts

So here's the thing with risk management.

I've seen it implemented from the bottom

up, and I've seen it implemented from the top down.

In fact, I've been involved with both

of them, and it always struggles with a bottom up approach because there's

a negative connotation associated with risk.

However, when we implement it from the top down, where upper management is
signaling

their buy in and support and they want it implemented well, the people down below

them, they're going to have to comply whether they want to or not.

And so that's the thing.

For it to be successful, it needs management buy in and support.

So that's the first thing.

The second thing is standing up a risk

program management office, better known as a risk PMO.

This is going to be the business unit

that's going to be charged with this entire process.

They're going to be charged with ensuring

consistent risk management practices throughout the business.

They're going to be the group that's going to create that RMP.

They're going to be the ones that design

and implement the overall risk management processes throughout the organization.

So, for example, our risk identification

process, our risk assessment process, our risk escalation process, et cetera.

It's going to be their duty to set it up, design it and implement it. And they're

also going to be charged with bringing risk awareness to the organization.

So this involves education, awareness, support and training.

 Introduction to Cyber Security – Essential Concepts

So I said earlier in the course that cyber security is essentially a form of IT risk

management and it is and hopefully you see that.

And so when we think cyber security,

it's essential that we have a formalized IT risk management program in place,

but it's going to look different for every organization.

A very large organization,

such as a governmental organization, they may have more than one PMO,

but a smaller organization, it may just be a small team.

And if we get down to a really small organization, it might just be one person.

So we need to keep that in mind.

But that's the purpose of the formalized

IT risk management program as well as the RMP and the risk PMO.

So if you have any questions, please let me know.

If not, thanks for watching and I'll see if the next video. Take care.

Personnel Policies
Alright,

so in this video, we're going to talk about personnel

policies and specifically the role that they play in IT security

and cyber security.

So it's all fine and dandy to put a bunch

of things in place at your workplace in regards to IT security and cyber security.

But if you don't formalize them

with policies and procedures, and if you don't have your employees read

them and agree to them, then how are you going to hold them accountable?

So what a lot of organizations do, especially large organizations,

 Introduction to Cyber Security – Essential Concepts

is they write everything into formalized policies and procedures that are agreed

upon not only by management, but also by the employees.

Now there's a lot so I'm only going to cover a few of them

to give you an example.

The most common one is going to be the acceptable use policy.

This is typically given to all new employees, and it outlines to them what's

acceptable and what's not acceptable for them to do at work.

And when we're thinking about cyber security,

we're thinking about what we're going

to allow them to do on their company issued computer.

So we're going to outline what's acceptable and what's not acceptable.

So, for example, it's not going to be acceptable to use

your work computer for personal use, to browse the Internet,

for personal email, to watch Netflix, to go to social media and so forth.

And it's also going to outline what

the penalties are for performing these non acceptable activities.

And then there's also the code of ethics, which is related to acceptable use.

But it's a bit different.

What it does is that it outlines what the organization considers acceptable

behavior, in other words, professional behavior.

And if we think about our white hat hackers, there are things that are

considered ethical, and there are things that are considered unethical.

So more often than not, they're going to have to agree to a code

of ethics, but also it's also more generalized.

It's going to outline what we consider

to be professional behavior within the workplace with our co workers.

 Introduction to Cyber Security – Essential Concepts

So, for example, we don't consider it to be professional or

ethical to have arguments with your managers in public or in team meetings.

That's just not professional.

So that's the code of ethics.

And then the third one is the separation of duties.

And this one is related directly to IT

security and cyber security, and also just continuity of services.

So what it states is that with separation

of duties, we want to prevent any one person from being able to complete all

the functions of a critical or sensitive process all on their own.

So let's say our data backups or

potentially managing our data warehouse or our cloud services.

We don't want to give that to a single person for a couple of reasons.

Number one, it poses a cyber security threat.

What happens if they become disgruntled

and they become an insider threat and they do something malicious?

Well, they have the powers to do whatever they want and we don't want that.

The other thing is just continuity of services.

What happens if that person gets a better job and they decide to leave the
company

and we don't have somebody trained to take over what they're doing?

That's going to be an issue from an organizational perspective

and it's also going to pose an IT related risk.

So that's separation of duties.

And like I said, the whole purpose of this policy is to ensure that we minimize

cyber security threats and also continuity of services threats.

So that's a few examples of personnel policies and hopefully you see the role
 Introduction to Cyber Security – Essential Concepts

that they play in managing a business or an organization as well as the role

that they play in minimizing IT and cyber security related risks.

So that's going to go ahead and conclude this lecture.

If you have any questions,

please let me know. If not,

thanks for watching and I'll see you the next video.

Take care.

Training, Education & Awareness

Alright,

so in this video we're going to talk about the importance of awareness and training

within an organization, specifically as it pertains to cyber security.

And so here's the thing with awareness and training, by providing providing

awareness and training to everybody within your organization,

you help all the personnel within your organization to better understand their

responsibilities as it relates cyber security.

And when I'm stating this, I'm talking about everybody because we all

play a role, not just the IT security staff.

So if we think about people in HR,

people within physical security, people within our marketing department,

people within a variety of different departments, they all play a role.

And so what you're typically going to see

within large organizations is that a lot of companies are going to have end user

awareness training for everybody within the organization,

such as social engineering awareness briefings and phishing attack awareness

briefings and insider threat awareness briefings.

 Introduction to Cyber Security – Essential Concepts

You're going to see that within a lot of organizations.

And a lot of organizations are also going

to require everybody within the company to take cyber security awareness training

that may roll all this up into a single briefing.

And so what we want to do is we want to make our organization

aware of the risks that are out there so we can better defend our organization.

So when it comes to awareness and training

as it relates cyber security, just don't think about the cyber security staff.

Think about the entire organization.

But when we're talking about the cyber

security staff, we need to provide them as well as specialized training.

And it needs to be custom tailored

to the specific groups within cyber security department.

So for example, we need to have management specific training.

And a very good example would be the Certified Information Security Manager

training for managers within a cyber security department. Would a technical

subject matter expert within our incident response team

that's a first level responder,

would they need the Certified Information Security Management training?

Probably not.

But what about our executive management staff?

They probably would.

So we need a custom tailored it.

And getting back to our subject matter experts,

they're also going to need training specific to the role within the company.

So let's say, for example,

 Introduction to Cyber Security – Essential Concepts

we had somebody that dealt with our cloud computing within AWS.

Well we'd want to make sure that they had a minimum security training as it

relates to cloud computing, specifically AWS.

So for example, AWS's Security Fundamental training.

So when we're thinking about awareness

and training, it needs to be custom tailored and it needs to be ongoing

because when we think about it, it's constantly evolving.

So when we think about it

from the perspective of it constantly changing and evolving,

we need to make sure that our IT staff and especially cyber security staff are

kept up to date on the latest trends and changes in IT, and especially

the latest vulnerabilities and exploits that hackers are trying to utilize.

And to give you an example of a training requirement.

When I worked for the federal government due to FISMA which is something that we

talked about earlier in the course, due to FISMA we had to complete at minimum 8

hours of specialized cyber security training.

That was a minimum requirement for everybody that was cyber security

specialist. And the goal with that is to ensure that all the cyber security staff

within the agency, that they kept up to date their cyber security skills

and knowledge. And so as somebody in IT or an aspiring IT professional, when you

think

about awareness and training it's not something that you just do on your own

but it also should be something that a company endorses and provides as well.

It's essential to the success of a cyber

security department within organization. So that's awareness and training.

If you have any questions please let me know.

If not thanks for watching and I'll see you in the next video.
 Introduction to Cyber Security – Essential Concepts

Take care.

***End of Course***