Cyber Security Basic Terms and Concepts for Beginners (Part 2)

In Cybersecurity


Cyber Security Basic Terms and Concepts for Beginners (Part 2) - read the full article about Cyber security 101, Cybersecurity and Network security and pen testing from Cybersecurity Leadership on Qualified.One
alt
Cybersecurity Leadership
Youtube Blogger
alt

The United States is home to the world’s most iconic cybersecurity companies such as Palo Alto Networks, Fortinet, FireEye, CrowdStrike, McAfee, Tanium and I can go on and on but here is the point.

Despite being at the cutting edge of cybersecurity technologies, US enterprises and the government get successfully targeted and hacked more often than other countries.

Did you ever wonder why is that? Because the US enterprises and the US government are behind both in mindset and cybersecurity technology adoption.

We are exactly at the place cybercriminals want us to be.

The US government has plowed in so much money into detection systems such as the Einstein, but we still failed to detect intrusions such as the SolarWinds hack.

As far as I am concerned, the only way to fix that is to adopt an assume-breach or default-deny zero-trust approach through the security stack.

It is going to require a strong cybersecurity regulatory environment.

Beyond that, I think we need to ramp up cybersecurity awareness and education and make it a mandatory part of our science and technology degrees and diplomas frankly much like we have been teaching the laws of physics.

In this video, I want to discuss 10 Cybersecurity terminologies that you must learn on the road to becoming a cybersecurity professional.

Just so you can relate, I will share a recent Cyber incident as an example for some of the terms.

By the way, this is a follow-up to my previous video on cybersecurity terms.

Let’s GO.

Hi.

My name is Afaq.

Hope you’re doing well.

So, let’s start with some of the most common terms.

RED TEAM, PURPLE TEAM, BLUE TEAM.

Red teams are pen testing professionals who are experts in attacking and hacking into systems.

Blue teams, on the other hand, are defensive security professionals responsible for maintaining internal network defenses against all cyber-attacks and threats, these are your cybersecurity engineers.

Red teams simulate attacks against blue teams to test the effectiveness of the network’s security.

The goal of a purple team is to bring both red and blue teams together while encouraging them to work as a team to share insights and create a strong feedback loop.

WHITEHAT, BLACKHAT.

The difference between the two terms is about the intent where black hat refers to someone breaching a network without consent for illegal purposes.

A white hat is a hacker who is penetrating your network or systems to test your infrastructure for vulnerabilities.

White hat hackers are also known as ethical hackers or red team hackers.

The two most widely used red team tools come from HelpSystems that sells Cobalt Strike and Rapid7 that sells Metasploit.

The tools are licensed on a per-user per-year basis and would cost you about $3000 to $5000.

One last thing, the difference between the two groups of hackers is not about the tools they use but about the presence or absence of consent.

SANDBOXING.

It is a way to run code where you can observe and analyze the execution aftereffects in a safe and isolated environment.

This allows for the isolated executable code to be used for evaluation while preventing any harm or damage to be caused to the production system.

PHISHING.

It is a fraudulent attempt to obtain sensitive information or data, such as login credentials, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a transaction.

There are many different types of phishing attacks.

The most common medium to stage a phishing attack is email.

Some of the most high-profile phishing attacks use a technique known as Spear phishing.

It is like phishing on steroids where attackers send emails to specific and well-researched targets while pretending to be a trusted sender.

The aim is to either infect devices with malware or convince victims to hand over information.

The recent Twitter attack utilized spear phishing to successfully get into high-profile accounts of Jeff Bezos, Bill Gates, and Elon Musk.

There is another variation of spear phishing which is even more targeted and known as Whaling phishing in which C-level executives are targeted to steal sensitive information.

There are other variants of phishing attacks where the attack vectors are either phone or social media as opposed to email.

Those are known as Smishing, Vishing, and Angler phishing attacks.

SPOOFING.

It is about falsifying the identity of the source of data communication.

For example, it is common for attackers to spoof their IP addresses when breaching a network.

ZOMBIE.

It is used to refer to a system or host that’s been compromised by a hacker to carry out some action, for example, to participate in a botnet.

The compromise could take place via a virus, trojan, malware, you name it.

BRUTE FORCE ATTACK.

It is an activity that involves repetitive attempts of trying various passphrases combinations to guess a password to break into a system or a website.

ATTACK SURFACE.

It is the sum of all of the different points where an attacker can try to enter or extract data from a system, so your goal is to minimize the attack surface by hardening the system.

ENCODE DECODE AND ENCRYPT AND DECRYPT.

Encoding is about transforming data into another format using a scheme that is publicly available and well-known so the data reversal back to the original format is as per design also known as decode.

Encryption on the other hand is about obfuscating code with a key so that it can be made confidential.

The only way to decrypt the data is to use the original key that was used to encrypt the data in the first place.

The whole point with encryption is to keep the data confidential and limited to a small set of individuals.

HASH.

It is crucial to understand the difference between encryption and hashing.

Encryption is a two-way function, what that means is that so long as I have the key, I can unlock the data.

Hashing on the other hand is a one-way function, once a text or plaintext is scrambled via MD5.

Unless the hash algorithm has been broken, there is no way to reverse a hashed password back to the original plaintext form.

There is one more interesting difference between hashing and encryption.

Hash functions produce a fixed string as the output regardless of the size of the input whereas the encryption algorithm produces a variable-length string.

The common examples of hashing algorithms are MD5 and SHA, whereas common examples of encryption algorithms are AES, RSA, and 3DES.

THANK you for watching the video, I hope you found it helpful.

I’d love to hear your thoughts and I will see you back here on Monday and Friday sometimes on Wednesday.

I will see you soon.

Wait.

If there is enough interest, I will do another terminology video.

Bye for now.

Cybersecurity Leadership: Cyber Security Basic Terms and Concepts for Beginners (Part 2) - Cybersecurity