CYBER SECURITY

  Internet browsers are used by almost everyone. Blocking web browsing completely is not an option because businesses need access to the web, without undermining web security. In this article, I want to look at common HTTP and https exploits for networks.  To investigate web-based attacks, security analysts must have a good understanding of how […]

    In this article, I want to look at some of the facts that you need to know about threats and vulnerabilities for networks. Cybersecurity analysts must prepare for any type of attack. It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify: Assets – […]

Business policies are the guidelines that are developed by an organization to govern its actions. The policies define standards of correct behaviour for the business and its employees. In networking, policies define the activities that are allowed on the network.   This sets a baseline of acceptable use. If the behaviour that violates the business […]

  Information security deals with protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. In this article, I will be talking about CIA Triad in cyber security. Follow me as we are going to look at that together in this article.  CIA Triad As shown in the figure, the CIA […]

Understanding AAA Operation In Cyber Security   A network must be designed to control who is allowed to connect to it and what they are allowed to do when they are connected. These design requirements are identified in the network security policy. The policy specifies how network administrators, corporate users, remote users, business partners, and […]

  Organizations must provide support to secure the data as it travels across links. This may include internal traffic, but it is even more important to protect the data that travels outside of the organization to branch sites, telecommuter sites, and partner sites. In this article, I want to take about the means of securing […]

  There are two classes of encryption used to provide data confidentiality; asymmetric and symmetric. These two classes differ in how they use keys. In this article, I am going to talk about data confidentiality in Cybersecurity. Symmetric encryption algorithms such as Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES) are based on […]

  Internet traffic consists of traffic between two parties. When establishing an asymmetric connection between two hosts, the hosts will exchange their public key information. An SSL certificate is a digital certificate that confirms the identity of a website domain. To implement SSL on your website, you purchase an SSL certificate for your domain from […]

  Host-based personal firewalls are standalone software programs that control traffic entering or leaving a computer. Firewall apps are also available for Android phones and tablets. In this article, I want to talk about some of the facts that you need to know about host-based firewalls in cybersecurity. Host-based firewalls may use a set of […]

  The Common Vulnerability Scoring System (CVSS) is a risk assessment tool that is designed to convey the common attributes and severity of vulnerabilities in computer hardware and software systems. The third revision, CVSS 3.0, is a vendor-neutral, industry-standard, open framework for weighting the risks of a vulnerability using a variety of metrics. These weights […]

Risk management in cybersecurity involves the selection and specification of security controls for an organization. It is part of an ongoing organization-wide information security program that involves the management of the risk to the organization or to individuals associated with the operation of a system. The image is a diagram of the Risk Management Process. […]

An Information Security Management System (ISMS) consists of a management framework through which an organization identifies, analyzes, and addresses information security risks. ISMSs are not based on servers or security devices. Instead, an ISMS consists of a set of practices that are systematically applied by an organization to ensure continuous improvement in information security. ISMSs […]

  Various protocols that commonly appear on networks have features that make them of special interest in security monitoring. For example, Syslog and Network Time Protocol (NTP) are essential to the work of the cybersecurity analyst. In this article, I will be talking about how to use Syslog and NTP protocols effectively.   The Syslog […]

  Many technologies and protocols can have impacts on security monitoring. Access Control Lists (ACLs) are among these technologies. ACLs can give a false sense of security if they are overly relied upon. ACLs, and packet filtering in general, are technologies that contribute to an evolving set of network security protections.   The figure illustrates […]

The tcpdump command-line tool is a very popular packet analyzer. It can display packet captures in real-time or write packet captures to a file. It captures detailed packet protocol and content data. Wireshark is a GUI built on tcpdump functionality. The structure of tcpdump captures varies depending on the protocol captured and the fields requested. […]

The threat landscape is constantly changing as new vulnerabilities are discovered and new threats evolve. As a user and organizational needs change, so also does the attack surface. Threat actors have learned how to quickly vary the features of their exploits in order to evade detection. This article talks about alert evaluation in cybersecurity. It […]

  The primary duty of a cybersecurity analyst is the verification of security alerts. Depending on the organization, the tools used to do this will vary. For example, a ticketing system may be used to manage task assignments and documentation. In Security Onion, the first place that a cybersecurity analyst will go to verify alerts […]

    Now that you have investigated and identified valid alerts, what do you do with the evidence? The cybersecurity analyst will inevitably uncover evidence of criminal activity. In order to protect the organization and to prevent cybercrime, it is necessary to identify threat actors, report them to the appropriate authorities, and provide evidence to […]

  The Cyber Killer Chain was developed by Lockheed Martin to identify and prevent cyber intrusions. There are seven steps to the Cyber Kill Chain. Focusing on these steps helps analysts understand the techniques, tools, and procedures of threat actors.   When responding to a security incident, the objective is to detect and stop the […]