Cybersecurity Fundamentals Explained
By Brian Mackay
()
About this ebook
The issue of Cybersecurity is of paramount importance in the digital age. With near-continuous revelations about incidents and breaches in the media, organizations and individuals are faced with the challenge of finding the balance between risk, innovation, and cost. At the same time, the field of cybersecurity is undergoing dramatic changes, demanding that organizations embrace new practices and skill sets.
In this book, I will explore the basics of Cybersecurity and discuss how ordinary people and organizations can best ensure the safety and security of their data. By examining numerous studies, reports, and surveys, I will argue that organizations must embrace a comprehensive approach to cyber security that considers the ever-changing nature of the threat landscape. In the following chapters, it explains the fundamentals of Cybersecurity, and then discuss several case studies on the more prominent security breaches in the last few years to show what can happen to a business.
Brian Mackay
Brian is a cybersecurity professional, graduated with a Masters degree in Cybersecurity and Digital Forensics from Edinburgh Napier University in 2019. He is a Cybersecurity consultant with the Scotcoin Project since his University days in 2016. Brian has worked in IT industry since 1997 when he worked as a first line support at BT Internet helpdesk.
Related to Cybersecurity Fundamentals Explained
Related ebooks
CompTIA CySA+ Certification The Ultimate Study Guide to Practice Questions With Answers and Master the Cybersecurity Analyst Exam Rating: 0 out of 5 stars0 ratingsCyber Security From Beginner To Expert Cyber Security Made Easy For Absolute Beginners Rating: 0 out of 5 stars0 ratingsCC Certified in Cybersecurity The Complete ISC2 Certification Study Guide Rating: 0 out of 5 stars0 ratingsComplete Guide to Building an Information Security Program Rating: 0 out of 5 stars0 ratingsCertified Ethical Hacker (CEH) Rating: 0 out of 5 stars0 ratingsClient-Side Attacks and Defense Rating: 0 out of 5 stars0 ratingsAnti Hacking Security: Fight Data Breach Rating: 0 out of 5 stars0 ratingsPenetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems Rating: 0 out of 5 stars0 ratingsDefending the Digital Perimeter: Network Security Audit Readiness Strategies Rating: 0 out of 5 stars0 ratingsStay Safe!: A Basic Guide to Information Technology Security Rating: 0 out of 5 stars0 ratingsCyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsSecurity Technology Convergence Insights Rating: 0 out of 5 stars0 ratingsMobile Malware Infringement and Detection Rating: 0 out of 5 stars0 ratingsIT GRC A Complete Guide Rating: 0 out of 5 stars0 ratingsDigital Forensics A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsAVIEN Malware Defense Guide for the Enterprise Rating: 0 out of 5 stars0 ratingsLearn All About Cyber Safety Rating: 0 out of 5 stars0 ratingsInternet of Things Complete Self-Assessment Guide Rating: 1 out of 5 stars1/5Common Windows, Linux and Web Server Systems Hacking Techniques Rating: 0 out of 5 stars0 ratingsVulnerability Scan Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsCyber Security Incident A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing Services Procurement Guide Rating: 0 out of 5 stars0 ratingsIT Disaster Recovery Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsUltimate Splunk for Cybersecurity Rating: 0 out of 5 stars0 ratingsImplementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines Rating: 0 out of 5 stars0 ratingsSecuring Critical Infrastructures Rating: 0 out of 5 stars0 ratingsVPN Third Edition Rating: 0 out of 5 stars0 ratingsOverview of Some Windows and Linux Intrusion Detection Tools Rating: 0 out of 5 stars0 ratingsHack Attacks Testing: How to Conduct Your Own Security Audit Rating: 0 out of 5 stars0 ratings
Security For You
Hacking For Dummies Rating: 4 out of 5 stars4/5Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMake Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsHow to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5
Reviews for Cybersecurity Fundamentals Explained
0 ratings0 reviews
Book preview
Cybersecurity Fundamentals Explained - Brian Mackay
Table of Contents
INTRODUCTION
PART 1 – THE FUNDAMENTALS OF CYBERSECURITY
PART 2 NETWORK SECURITY
Hardening
Data encryption
DNS security
Passwordless authentication
Quantum cryptography
Mobile security Fundamentals
Public Wi-Fi Security
Zero trust security strategy
Endpoint security Fundamentals
An air-gapped network
Bitcoin security
PART 3 - APPLICATION SECURITY
PART 3.1 OPERATIONAL SECURITY
PART 3.2 - DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING
Biometric security
PART 4 INFORMATION SECURITY
4.1 Storage security
4.2 Email security
4.3 – Perimeter Security
PART 5 - CYBERSECURITY TECHNOLOGIES AND BEST PRACTICES
PART 6 – SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
PART 7 – COMMON AND NOT SO COMMON ATTACKS AND THREATS
Threat Actors Overview
Ethical hacking
7.1 – RANSOMWARE
7.2 – BOTNETS
7.3 – DENIAL OF SERVICE ATTACK
7.4 – BOOTKIT AND ROOTKIT MALWARE
7.5 – EMAIL SPOOFING
7.6 – EMAIL BOMBING OR FLOODING
7.7 – MAN IN THE MIDDLE ATTACK
7.8 – A BACKDOOR THREAT
7.9 – ADVANCED PERSISTENT THREATS
7.10 ARP ATTACK
7.11 – A HONEYPOT
7.12 – SPEAR PHISHING
7.13 – SMISHING
7.14 – PHARMING
7.15 – SCAREWARE
7.16 – VISHING
7.17 – DATA DESTRUCTION
7.18 – BUFFER OVERFLOW ATTACKS
7.19 – DATA INTERCEPTING AND SESSION HIJACKING
7.20 – MALFORMED URL ATTACKS
7.21 – QUISHING OR QR CODE ATTACKS
7.22 – HOT-MIKE ATTACKS
7.23 – SUPPLY-CHAIN ATTACKS
7.24 – AI-POWERED CYBER ATTACKS
7.25 – KEYLOGGERS
8. CYBER SECURITY STRATEGIES
8.1 Cyber Kill Chain Model
8.2 – Penetration testing
9 – TOR AND THE DARK WEB
9.1 – TOR
9.1 – THE DARK WEB
10 – CRYPTOCURRENCY
10.1 - Cryptocurrency Overview
10.2 - Ethereum Security
10.3 - Cryptocurrency Security Best Practices
10.4 - Hardware wallet security
10.4.1 – Why use a hardware wallet?
INDEX
INTRODUCTION
A close-up of a blue screen Description automatically generatedThe issue of Cybersecurity is of paramount importance in the digital age. With near continuous revelations about incidents and breaches in the media, organizations and individuals are faced with the challenge of finding the balance between risk, innovation, and cost. At the same time, the field of cyber security is undergoing dramatic changes, demanding that organizations embrace new practices and skill sets.
In this book, I will explore the basics of Cybersecurity and discuss how ordinary people and organizations can best ensure the safety and security of their data. By examining numerous studies, reports, and surveys, I will argue that organizations must embrace a comprehensive approach to cyber security that considers the ever-changing nature of the threat landscape.
In the following chapters, I will first explain the fundamentals of cyber security, then discuss several case studies on the more prominent security breaches in the last few years to show what can happen to a business.
PART 1 – THE FUNDAMENTALS OF CYBERSECURITY
Cybersecurity fundamentals refer to the core principles and practices that are essential for protecting computer systems, networks, and data from unauthorized access, cyber threats, and data breaches. These fundamentals form the basis of a strong cybersecurity posture and are crucial for individuals and organizations alike. Here are some key cybersecurity fundamentals:
Confidentiality: Confidentiality ensures that sensitive information remains private and accessible only to authorized individuals. It involves implementing measures such as encryption, access controls, and secure communication channels to prevent unauthorized disclosure.
Integrity: Integrity ensures the accuracy, consistency, and trustworthiness of data and systems. It involves implementing mechanisms to prevent unauthorized modification, tampering, or corruption of data and ensuring that data remains intact and unaltered.
Availability: Availability ensures that systems, networks, and data are accessible and operational when needed. It involves implementing measures to prevent service disruptions, such as implementing backup and disaster recovery solutions, redundancy, and proactive monitoring to detect and address potential issues.
Authentication: Authentication verifies the identity of users, systems, or devices attempting to access a network or system. It involves the use of strong passwords, multi-factor authentication (MFA), biometrics, and other techniques to ensure that only authorized individuals or systems gain access.
Authorization: Authorization determines what actions or resources an authenticated user or system can access. It involves assigning appropriate permissions and privileges based on user roles and responsibilities to prevent unauthorized access or misuse of resources.
Risk Management: Risk management involves identifying, assessing, and mitigating potential cybersecurity risks. It includes conducting regular risk assessments, implementing security controls and safeguards, and developing incident response plans to minimize the impact of security incidents.
Security Awareness: Security awareness is about educating and training individuals to recognize and respond to potential cyber threats. It includes promoting good security practices, such as strong password hygiene, avoiding phishing emails and suspicious links, and being vigilant against social engineering tactics.
Vulnerability Management: Vulnerability management involves identifying and remediating security vulnerabilities in systems and software. It includes regularly patching and updating software, conducting vulnerability assessments and penetration testing, and promptly addressing identified weaknesses.
Security Monitoring: Security monitoring involves continuously monitoring systems, networks, and data for potential security breaches or anomalies. It includes implementing intrusion detection and prevention systems, log monitoring, and security information and event management (SIEM) solutions to detect and respond to security incidents in a timely manner.
Incident Response: Incident response is a planned approach to addressing and managing security incidents. It involves establishing an incident response team, developing incident response plans and playbooks, and conducting regular drills and exercises to ensure an effective response in the event of a security breach.
These fundamentals provide a solid foundation for implementing a comprehensive cybersecurity strategy. However, it is important to note that cybersecurity is a rapidly evolving field, and staying updated with the latest threats, technologies, and best practices is crucial for maintaining a strong security posture.
Here are some basics of cybersecurity that you should know:
Passwords: Using secure passwords is important to protect your personal and sensitive information from unauthorized access. Here are some tips for creating and using secure passwords:
- Use a strong password: A strong password should be at least twelve characters long and include a combination of uppercase and lowercase letters, numbers, and Special characters.
- Avoid using personal information: Don't use your name, birthdate, or other personal information in your password, as it can be easy for someone to guess.
- Use different passwords for different accounts: Don't use the same password for multiple accounts. If one password is compromised, it can put all of your accounts at risk.
- Don't share your password: Never share your password with anyone, including friends and family.
- Use two-factor authentication: Many websites and services offer two-factor authentication (2FA), which requires you to enter a code generated by an authenticator app such as Google authenticator or a code sent to your smartphone or email in addition to your password giving you an extra layer of security.
- Use a password manager: A password manager such as Nordpass can help you create and remember strong passwords for all of your online accounts saving them in a very secure vault.
1.7 – Use of random words in a password – this can make it more secure against hacking attempts. Here are some tips on using random words effectively:
Use a long passphrase rather than a short password. For example, correct horse battery staple
is more secure than Tr0ub4dor&3
.
Choose words randomly rather than a known phrase. Avoid common phrases, quotes, or song lyrics.
Use a mix of