CYB-201

Introduction to cyber security

and strategy.
Mr. Achor Shedrach Sunday
 The techniques for identifying,
detecting, and defending against
cybersecurity threats, attacks and
protecting information assets;
 Firewalls
Firewalls are security systems within networks that monitor
the flow of both incoming and outgoing data. They evaluate
the data moving along their borders and use a set of
predetermined rules to decide what data can and cannot pass
through the barrier.
There are a variety of different firewall types, but the 3
most common are:

1. Packet filter: This is the original and most basic type of

firewall that cyber security professionals deploy. It inspects
packets transferred between computers and permits or denies
access based on an access control list. This list tells the firewall
what packets need to be investigated and what information
should result in a file rejection or deletion. These firewalls are
older and cannot fully secure a network on their own, but they
are still useful for filtering out low effort cyberattacks.
2. Connection tracking: Connection tracking firewalls, also
known as second generation firewalls, perform work in a way
that is similar to first generation packet filters. They perform a
similar type of packet inspection, but also record the port
number each IP address is using to send and receive
information. This allows the exchange of data to be examined in
addition to the packet content.
3. Application/layer 7: Application firewalls are
significantly more powerful than connection tracking or
packet filter firewalls. They are capable of understanding
various applications such as file transfer protocol (FTP),
hypertext transfer protocol (HTTP) and domain name
system (DNS). This enables them to recognize non-
standard ports or unwanted applications. These are also
useful on the internet thanks to their ability to perform
web filtering.
 Anti-Malware Software
Anti-malware is a type of software-based cyber security tool
that prevents malware (malicious software) from infecting a
computer and removes existing malware from devices and
systems. There are 3 common types of anti-malware
software, each with its own method for identifying and
removing malware:
Behavior-based detection: This is a powerful type of software
that implements technology like machine learning algorithms to
identify malware through an active approach. Instead of examining
how the malware looks, it focuses on how it behaves in order to
stamp it out more quickly.
Sandboxing: Sandboxing is a feature that places dangerous
software in an isolated location. It can filter files out before they
can cause damage to the system at large. Once isolated, the anti-
malware can delete the dangerous software.
 Signature-based detection: Signature-based
detection is most useful for eliminating common
malware such as adware and keyloggers. It uses
signature detection to identify common malware and
delete it. Once it has eliminated a piece of malware, it
will remove all types of malware bearing that same
signature automatically.
 Anti-Virus Software
Anti-virus software is another one of the tools for cyber
security that many computer users are likely to be familiar
with. It’s generally recommended that everyone install some
sort of anti-virus software on their devices to keep dangerous
software from infecting it.
Currently, the most powerful anti-virus software is called
“next-gen software.” It has been in use since 2014 and is
known by a shift toward signature-less detection. This type of
anti-virus software may implement machine learning such as
artificial intelligence, behavioral detection and cloud-based
file detonation into its programming.
Cyber security professionals need to keep up to date
on the latest developments in anti-virus software to
protect the companies they work for. Because viruses
are constantly evolving, it’s essential that companies
are aware of the most effective, cutting-edge anti-
virus technology and make upgrades to existing
software when it becomes available.
 Penetration Testing
Penetration testing is a cyber security technique that
simulates a cyberattack on a system. This may also be
known as a pen test or ethical hacking. The test is designed
to identify weaknesses within a system and determine the
likelihood of a breach. It also helps cyber security
professionals determine which parts of the system are
strongest and do not currently require improvement.
To perform a penetration test, the
ethical hacker will typically go
through 6 different phases:
• Reconnaissance: The cyber security professional
gathers data on the system to better attack it. These
tests are usually performed by someone who is not
intimately familiar with the system to better
simulate a realistic breach scenario.
• Scanning: The attacker deploys tools that scan the
network and open ports, further increasing the
amount they know about the network.
Access gain: The hacker uses the data gathered from the
previous 2 phases to break into the network. This could
be performed manually or with software.

Access maintenance: Once they have broken into the

network, the penetration tester needs to try and maintain
their presence within the network to steal as much data
as possible.
• Evidence removal: After gathering the data and making
their escape, the tester covers their tracks to ensure that
they cannot be implicated for the attack. This is done by
removing evidence on what data was gathered and
eliminating log events to maintain anonymity.

• Pivoting: Pivoting involves breaking into other

machines on the same network. This process repeats
steps 2 through 5 to obtain additional data.
Password Auditing and Packet Sniffers
Cyber security professionals use specialized tools to
evaluate passwords and monitor networks. They know
that weak passwords can jeopardize an entire network
and the critical data that it manages. Using password
auditing techniques, system administrators and analysts
can monitor passwords and determine their strength
against hacking attempts.
John the Ripper is a tool used to test the strength of
passwords quickly and efficiently, to minimize the likelihood
of a weak password putting a network at risk.
Hashcat is a password-cracking tool used by penetration
testers and system administrators. Password hashing is a
method of protecting passwords by converting them into a
series of random characters, known as a hash (this process is
different from encryption, which is used to conceal
information). The software essentially guesses a password,
hashes it and compares the hash to the one it’s trying to crack.
A packet sniffer, also known as a packet
analyzer, protocol analyzer or network
analyzer, is a hardware or software tool used
to monitor network traffic.
Wireshark is a console-based cyber security tool (previously known
as Ethereal) used to study network protocols and analyze network
security in real time.
Tcpdump is a network data packet-sniffing program used by cyber
security pros to monitor and log TCP (Transmission Control Protocol)
and IP (Internet Protocol) traffic that passes across a computer
network.
Snort is an open-source intrusion protection system that can be used
as a packet sniffer (like tcpdump), as a packet logger, or as a fully
deployed network intrusion prevention system. This program can be
downloaded and configured for either business or personal use.
 Network Security Monitoring
Through the use of network monitoring software,
administrators can determine if a network is running optimally
and proactively identify deficiencies. Network monitoring
provides a clear picture of all the connected devices on a
network, allowing system administrators to see how data is
moving between them and quickly correct any flaws that could
undermine network performance or lead to outages.
 Types of network monitoring protocols include:

SNMP: The Simple Network Management Protocol

uses a call and response system to check the status
of devices such as switches and printers, and can be
used to monitor system status and configuration.
ICMP: Routers, servers and other network devices use the Internet
Control Message Protocol to send IP operations information and
generate messages when devices fail.

Cisco Discover Protocol: This protocol facilitates management of

Cisco devices by discovering them, determining how they are
configured and allowing systems using different network-layer
protocols to learn about one another.

ThousandEyes Synthetics: An internet-aware synthetic monitoring

system that detects modern networked application performance
issues.
 Vulnerability Scanners
Vulnerability scanners help organizations determine
what cyber security threats they may be facing as a
result of vulnerabilities detected across their IT
infrastructure. Organizations often use multiple
vulnerability scanners to ensure they are getting a clear
assessment of threats. A sampling of these cyber
security tools includes:
Acunetix: This web vulnerability scanner features
advanced crawling technology that enables it to
uncover vulnerabilities to search every type of
web page, even pages that are password
protected.

Nessus: Downloaded more than 2 million times

worldwide, Nessus provides thorough coverage
and scans for more than 59,000 common
vulnerabilities and exposures (CVEs).
Burp Suite: With multiple scanning, integration and
reporting features, Burp Suite is a vulnerability
scanner that integrates with bug tracking systems
like Jira and is frequently updated.

GFI Languard: A vulnerability scanner for network

and web applications that can automatically deploy
patches across operating systems, web browsers
and third-party applications.
Tripwire IP360: A scalable vulnerability
scanning tool that can scan an
organization’s total environment,
including previously-undetected assets.
 Network Intrusion Detection
To improve protection against malicious IP traffic on their
networks, organizations often use intrusion detection and
protection systems (IDPS) to safeguard against threats that may
penetrate their firewalls. Intrusion detection systems (IDS) use
software to automate the detection process and intrusion
protection systems (IPS) use software to detect and attempt to
deter potential data breaches. Once a malicious pattern or
violation is detected, the IDS alerts the system administrators so
they may take appropriate action. The IPS analyzes IP traffic and
blocks malicious traffic, thereby preventing an attack.
According to the National Institute of Standards and
Technology (NIST), there are 4 classifications of IDPS
technologies:

Network-based: These IDPS technologies monitor network

traffic for particular network segments or devices and analyze
the network and application protocol activity to identify
suspicious activities.

Wireless: Wireless IDPS technologies monitor and analyze

traffic on wireless networks to identify suspicious activity
involving wireless networking protocols.
Network behavior analysis (NBA): NBA examines
network traffic to identify threats generating
unusual traffic flows, such as distributed denial of
service (DDoS) attacks or certain forms of
malware.

Host-based: Host-based IDPS technologies

monitor the characteristics of a single host (a PC
or server, for example) and the events occurring
within that host for suspicious activity.
 Encryption Tools
Playing an essential role in safeguarding data that is stored or
transmitted, encryption is a process that scrambles readable text so it
can only be read by the person who has the decryption key. Vast
amounts of personal information – bank accounts, credit card profiles,
health records and more – are managed online and stored in the
cloud or on servers connected to the internet.
Encryption scrambles readable text it into an unreadable format called
cypher text. When the intended recipient opens the message, the
information is decrypted, or converted back into its readable form. To
make this happen, the sender and recipient both have to use an
encryption key, which is a collection of algorithms that do the
scrambling and unscrambling.
Examples of encryption algorithms in use today include:

Triple DES: Strengthening the original DES (Data Encryption

Standard), which was established in 1977 and is now considered
too weak to protect sensitive data, Triple DES runs encryption 3
times – encrypting, decrypting and encrypting again.

RSA: Taking its name from the initials of its 3 computer scientist
inventors (Rivest, Shamir and Adleman), RSA uses a strong and
widely used algorithm for encryption. It is popular because of its
key length and commonly used for secure data transmission.
Advanced Encryption Standard (AES): Used worldwide,
AES has been the U.S. government standard since 2002.

TwoFish: This free encryption software is used in

hardware and software. It is considered to be one of the
fastest encryption algorithms.
Any question