Cyber Security for Beginners: How to Protect Your Devices from Malicious Attacks Using Risk Management, Social Engineering, and Information Security (2022 Guide for Newbies)

By Adrian Gildon

Everyone has to address and be aware of cyber security today; anybody or everything that accesses the Internet is a target.

 

Do you ever wonder how cyber security per

• Language: English
• Publisher: Adrian Gildon
• Release date: Jul 31, 2022
• ISBN: 9783986539832

Book preview

Introduction to NIST Cybersecurity Framework

There are numerous threats to your network's security. But how do you defend against all of them? That, after all, is the subject of this book. Adequate time and resources are rarely allocated to the most critical steps in network security. In this book, I'll walk you through 21 steps, including the most important ones. As a result, you'll be certain to cover everything. Similarly, you'll ensure that you don't waste time on steps that don't add much value. Who is this book intended for? Anyone who needs to secure a network, such as an engineer or security analyst, or a manager with limited technical knowledge, would most likely be hired as an engineering security manager. The owner of a SOHO, which is a small business with a small office/home office, and anyone else interested in learning more about network security. This book is based on my over a decade of hands-on experience in information technology. The majority of it was spent as a security analyst and network engineer. Let's get specific about what we'll cover. We'll begin with fundamental concepts, where you'll learn the fundamental theories required to understand the fundamentals. Then we'll go over how to write a security policy, how to educate end-users and IT staff, how to implement physical security and perimeter security, and what constitutes good password management. Following that, we will examine the elimination of unnecessary services, the implementation of good patch management, antivirus measures, and access control. Following that, we'll look at how to secure data in transit, what firewalls, IDS, and IPS systems are, how to backup your data, and what kinds of automated solutions are available today. Now let's get started.

Chapter 1

Basic Cybersecurity concepts

image001

Before we proceed to the first step, we must first grasp a few fundamental network security concepts.

This will provide you with the necessary background to feel confident about the steps you should take to create a solid security policy.

The CIA triad is the first concept.

This is one of the most fundamental information security principles. The acronym CIA stands for confidentiality, integrity, and accessibility.

In general, all data that you want to keep secure must be confidential, maintain integrity, and be accessible. Confidentiality simply means keeping data private. Secret from those who are not authorized to see it, that is. Data integrity refers to preventing unauthorized or accidental changes to data.

The availability of information means that it is available when you need it.

The following concept is aaa, which is often pronounced as triple a, which stands for authentication, authorization, and accountability.

Authentication entails demonstrating that you are who you claim to be. So, if you log in as John and enter John's password, the system will most likely authenticate you. After you've been authenticated, authorization refers to the actions you can take.

Typically, this determines which files you can read, write, or modify.

Accountability is the third concept.

Users are held accountable for their actions on the system as a result of this. It is usually accomplished through logging and auditing.

One thing you'll notice a lot with accountability is that if you're paying for the amount of time you spend on the network, it will be recorded.

The following concept is defense-in-depth, also known as multiple layers of security.

To protect network resources, multiple layers of security are used. The idea is that if one layer of security fails, another layer will still protect you.

A server in a locked room is a simple example. Even if an intruder successfully breaks into the server room, the intruder does not have access to the server's data without a password.

The principle of least privilege is the next concept we'll look at, which states that you should only have access to information that is necessary.

A user should only be able to access information on the network that is required for their job.

Similarly, a process should only be able to access the network resources that it requires to perform its legitimate services.

The following concept is good faith.

If you inquire about good faith, you should be able to obtain it. "In contract law, the implied covenant of good faith and fear and fair dealing is a general presumption that