IBM Cybersecurity analyst course Notes

Module 1: Introduction to Cybersecurity Tools & Cyber Attacks

Week 1:

• NIST: National Institute of Standards and Technology • The CIA Triad is a fundamental concept in information security consisting of 3 principles 1. Confidentiality 2. Integrity 3. Availability • Confidentiality: Confidentiality means only authorized people can access resources or data. Encryption keeps information secure.

• Integrity: Integrity keeps data accurate. It prevents unauthorized changes. Hash values verify data integrity.

• Availability: Availability means systems always work without issues. Backup plans, recovery strategies, and duplicate systems are important.

• Key Considerations: Information security means keeping systems safe from unauthorized actions while maintaining confidentiality, accuracy, and accessibility. • Best Practices: For availability, keep firewalls, proxies, and computers up-to-date, running 24/7. Have backup plans and recovery strategies. Vulnerability: A weakness or flaw that can be exploited by an attacker. Threat: Potential danger to computer systems or networks from malicious activities Exploit: Malicious action that takes advantage of vulnerabilities in computer systems.

Risk: Probability of potential harm or loss due to cybersecurity vulnerabilities

  • Internal Factors: Internal factors include former employees and current employees. Attacks originating from internal employees are significant and critical for organizations. Former employees who still have access to internal resources pose a threat due to their knowledge of the organization's workings.

  • External Threats: External threats encompass malicious events originating from specific countries, hackers, and crackers. These individuals attempt to exploit vulnerabilities and use attack vectors such as viruses, Trojans, and worms to compromise organizations.

  • Human Factors: Human factors refer to threats that either interact with humans or are developed by humans, such as viruses created by hackers to target specific users. Users themselves can unintentionally compromise systems by accessing infected content.

  • Natural Factors: Natural factors, including lightning, hurricanes, tornadoes, and tsunamis, are also important to consider in designing business continuity plans and disaster recovery strategies. Vulnerability Assessment: A vulnerability assessment involves identifying, analyzing, and ranking vulnerabilities in a specific environment.

    Process: A tool is used to analyze assets, identify associated vulnerabilities, and rank them based on criteria such as exploitability and null vulnerabilities.

    Known and Unknown Security Holes: Many systems are shipped with both known and unknown security holes and bugs, making them vulnerable to attacks.

    Misconfigurations: Misconfigurations, such as default usernames and passwords, can also be considered vulnerabilities. For example, a vulnerability assessment tool can detect a modem with default credentials and flag it as a misconfiguration vulnerability.

    Mitigation: The system administrator can take necessary actions to address the vulnerability, such as changing the username and password to enhance security and prevent unauthorized access.

    Roles in Information Security:

    • Chief Information Security Officer (CISO): Head of the Information Security Division, responsible for supervising and leading the security department.

    • Information Security Architect: Designs and implements security solutions and strategies.

    • Information Security Consultants/Specialists: Provide expert advice and guidance on security matters.

    • Information Security Analysts: Analyze events, alerts, and alarms to identify and respond to threats.

    • Security Auditor: Tests the effectiveness of computer information systems and ensures compliance with standards and regulations.

    • Security Software Developer: Develops and maintains security software and tools.

    • Penetration Tester (Red Team Member): Conducts authorized simulated attacks to identify vulnerabilities.

    • Vulnerability Assessor: Identifies and assesses vulnerabilities in systems and networks.

    • Digital Forensic Analyst (Blue Team Member): Investigates and analyzes security incidents and breaches.

    • SEIM Engineer: Familiar with Security Event Management (SEIM) technologies.

    • War Games and Ronald Reagan:

      • Movie War Games sparked Reagan's interest in cybersecurity.

      • The movie depicted a teenager hacking into the Pentagon's computer system and simulating a war game.

      • Reagan asked advisors if such scenarios were plausible, leading to the creation of the first cybersecurity policy, NSDD155.

    • Impact of 9/11 and Technology:

      • After 9/11, cybersecurity gained more significance to prevent future attacks.

      • Concerns arose regarding potential cyber threats targeting critical infrastructure systems like power grids and transportation.

      • Increased adoption of computers and smartphones expanded the potential for information sharing, theft, and compromise. 9/11 and its Impact on Cybersecurity:

        • 9/11 prompted the US government to consider the potential for cyberattacks on critical infrastructure.

        • Destruction of power plants or networks became a concern alongside physical attacks.

        • Increased accessibility of technology, such as cell phones and computers, expanded the potential for cyber threats.

        • Early Cybersecurity Operations:

          • Clipper Chip operation: NSA's attempt to incorporate a chip into landline phones for communication surveillance.

          • Moonlight Maze operation: Collection of passwords from Unix and Linux servers, believed to be orchestrated by Russians using proxies.

          • Solar Sunrise operation: Attacks on Department of Defense networks, conducted by teenagers from California and Israel.

          • Buckshot Yankee: Significant breach of US military computers, attributed to a worm called Agent.BTZ, potentially originating from China.

        • Cyberwarfare Examples:

          • Desert Storm and Bosnia wars involved cyber components, such as destroying or tampering with radars and spreading fake information.

    • Cyber Vulnerabilities and Weaponization:

      • Post-9/11, cyber vulnerabilities were weaponized by governments and exploited by criminals.

      • The New Freedom Act initiated massive surveillance programs revealed by Edward Snowden.

      • The Stuxnet virus, a result of the new cyber war, targeted Iran's nuclear plants.

    • Cybersecurity Numbers:

      • Increasing software vulnerabilities: Cross-site scripting, SQL injections, privilege collisions, etc.

      • Cyberattacks lead to global losses of nearly $400 billion annually.

      • Cybercrime is a $100 billion business in the US alone.

      • Forbes estimated data losses at 2.1 billion in a single year.

    • X-Force Threat Intelligence Index Report:

      • Frequently targeted industries in 2018: Finance, insurance, healthcare, and energy.

      • Significant increase in vulnerabilities due to the expansion of systems and platforms.

      • Blocked malicious domain categories: Spam (77%), cybercrime and hacking (8%), malware and phishing (5%), and command and control servers (4%).

PreviousResourcesNextHacking tools Github

Last updated