Lab 1: Cybersecurity at a glance

Student ID 21521717
Full name Phạm Trọng Khanh
Total completion time
Self-assessment grade
Feedback (if any)

A. Threat Identification
Objectives
Explore the security features used by organizations to keep data safe.
Part 1: Exploring the Threat of Cyberattacks
Part 2: CIA Triad

Background / Scenario
The threats posed by the cyber world are real. These threats have the potential to wreak havoc on life in a
computer centric world. Understanding these threats is important to everyone and in order to combat them,
the world needs committed individuals that can recognize threats, and outmaneuver and outsmart cyber
criminals. In order to develop the talent needed, organizations like CompTIA, Cisco Systems and ISC2 have
created programs to educate and certify cyber professionals.

Required Resources
 PC or mobile device with Internet access

Part 1: Exploring the Threat of Cyberattacks

Cyberattacks top the list of threats facing countries around the world. When people think of threats to national
or world security, most people think of physical attacks or weapons of mass destruction. The fact is cyber
threats top the list in over twenty countries around the world. The ranking of cyberattacks in the number one
spot reveals a few things about how society has changed. Computers and computer networks affect the way
we learn, shop, communicate, travel, and live. Computer systems control almost every aspect of our lives.
The disruption of computer systems and computer networks can have a devastating impact on modern life.
Electrical power generation and distribution systems, water treatment and supply systems, transportation, and
financial systems are all targets of cyberattacks. Each of these systems has been a victim of cyberattacks.
Watch the video below. After viewing the video, answer the questions below.

Step 1: Research Threats.

In step 1, you will research threats.
a. Click here to view the video. According to the video, what is the top 10 security threats? In your opinion,
which threat is the most dangerous? Why?
1. The IoT means more DDoS attacks

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9
Lab 1 – Cybersecurity at a glance

2. Date thief is on the rise

3. Web apps are under attack
4. Ransomware is rife
5. Password no longer cut it
6. Flash is letting malware in
7. The threat within
8. Phishing’s got smart
9. Https:// to become the norm
10. Companies lack security skills

In my opinion, “ransomware is rife” is the most dangerous. Because, while many other types of malware and
crypto-ware programs have existed in the past, ransomware has several distinguishing characteristics that set it
apart from the others.

• Ransomware employs unbreakable encryption, making decryption of infected files extremely difficult.

• It can encrypt almost any sort of file, including audio, video, documents, and photographs.

• Ransomware can obfuscate file names, making it difficult, if not impossible, to figure out what files were
impacted.

• This harmful malware might alter the extensions of your filenames, causing them to behave erratically or
not at all.

• Most ransomware-related ransoms include a time constraint. Extending the deadline usually means the
ransom will be increased, or the data will be deleted entirely.

____________________________________________________________________
____________________________________________________________________________________
b. List five ways a cyber-criminal can use computers to break the law. Can any of the crimes you listed
affect you personally? Have you or your family members been affected by these crimes?
1. The invasion of privacy is basically the act of someone attempting to intrude on a person's personal
life. This includes hacking into a person's computer, reading their emails or monitoring online activities.
Many of these specific crimes are punishable under the law
2. A cybercriminal or hacker lures unsuspecting PC users into revealing  sensitive or other personal data
- login credentials, credit card numbers, PINs, etc. This process is usually accomplished through phishing
websites which are designed to mimic a legitimate website in hopes that the unsuspecting computer user
will enter several bits of personal information such as their banking passwords, home address or even
social security number
3. Cybercrooks who may have gained access to your credit card or banking account information may use
that information to make purchases in your name. Identity theft has been a major issue even before the
conception of the Internet but as you may already know, the virtual world has made it much easier for
criminals to utilize and steal your identity
4. Harassment online is usually related to your social lifestyle and if you choose to use a popular social
network such as Facebook or Twitter. Online harassment can consist of threats sent through email,
instant message or through a social network message/post

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 9
Lab 1 – Cybersecurity at a glance

5. Cyberstalkers will go to great lengths to try to monitor a victims online activity. This may include
infecting a person's computer with malware that is able to log computer activity. Cyberstalkers are also
known to continually harass their potential victims
I don’t think cyber-criminal can affect me personally because I already know the way they attack and
have the solution to prevent. For example the crime number 2, you can use a phishing filter feature on
your web browser so that it can actively scan websites that you visit to check if they have been identified
as a phishing website.
Yes, my family members have been attacked by these crimes. My father’s email was received an igconito
mail with a link. He didn’t know that was a threat and he clicked on link in the mail. After that, he lost his
email account
____________________________________________________________________________________
____________________________________________________________________________________
c. Have any of the potential threats portrayed in the video actually happened in Vietnam recently? Give an
example.
Ransomware increases 200 percent in Viet Nam from the beginning. For example in covid-19 cyber-
attackers carry out many attacks, phishing website appear more (fake health ministry’s website, fake
charity website) strengthen network tools, spread, infect malicious code, scam charity, destroy information
of users, as well as organizations.
Here is top 10 country most affected by ransomware. Viet Nam is top 3

____________________________________________________________________________________
____________________________________________________________________________________

Step 2: Explore Recent Attacks.

a. The impact and scope of recent cyberattacks have many business and government officials concerned.
Click here to review the top cyber attacks of 2020
How many users did the Zoom data breach affect?
500.000 users

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 9
Lab 1 – Cybersecurity at a glance

b. Describe the SolarWinds attack of 2020. Who was responsible and what did the cyber criminals steal?
Describe the SolarWinds: The SolarWinds hack was a masterfully orchestrated supply chain exploit that
compromised multiple systems of governments and companies worldwide. This attack was first
discovered by the cybersecurity firm FireEye in December 2020. Analysts at FireEye found unusual data
being sent to a server of unknown origin. However, FireEye has concluded that affected systems may
have been infected as far back as early 2020. Upon further investigation, it was uncovered that one of the
servers that provides access to updates and patches for SolarWinds Orion tools was compromised, thus
allowing the attackers to inject code into the software updates and infect multiple clients at once. This
code allowed data modification and exfiltration as well as remote access to devices that had the software
installed. This malware has since been dubbed “SUNBURST.” Due to the complexity and overall scope of
this attack, it has since been attributed to an Advanced Persistent Threat (APT) actor.
FireEye was responsible and the cyber criminals steal data from governments and companies worldwide
____________________________________________________________________________________
____________________________________________________________________________________
c. What is the 3 most common method of attacks in 2021? Describe and give an example for each method.
The 3 most common method of attacks in 2021:
- Malware: There are many different types of malwares, which are programs or codes created to harm
any device or server in an IT infrastructure or the entire IT infrastructure. Malware attacks that make it
easier to enter the IT infrastructures of institutions through the backdoor can come in the form of
ransomware, computer worm, trojan, spyware, and adware.
It is stated that malware, which can cause the security of sensitive data stacks to be compromised and
disrupt the workflows of institutions, has increased by 800% since the beginning of 2020. On the other
hand, it is worth mentioning that even large companies in the IT sector can be adversely affected by
malware attacks. For example, Microsoft was hit by the WannaCry attack in 2017, which infected over
230,000 machines running Windows operating systems in over 150 countries in a single day.
- Ransomware: Ransomware is a type of malicious software that blocks users in your IT infrastructure
from accessing the system and captures their sensitive data. It is a type of cyber-attack that is quite good
at turning your entire system inoperable in a short period of time. Ransomware attacks, which can also
target servers in the database, encrypt the data they capture, and demand a ransom in exchange for
restoring access. Ransomware attacks, which can cause significant financial losses for companies, can
also damage the corporate image.
- Phishing attacks: Phishing is a type of social engineering attack that tricks victims into sharing critical
data such as passwords and credit card information. In these types of attacks, victims can also be
convinced to download a file by clicking on a link in an e-mail. In all circumstances, privileged accounts in
your institution's IT infrastructure are in serious danger of data breaches. In addition to e-mail, phishing
attacks can also be carried out via SMS, phone, and social media platforms.

Part 2: CIA Triad

Confidentiality, integrity, and availability are the three fundamental cybersecurity principles. These three
principles make up the CIA triad. The elements of the triad are the three most crucial components of security.
All cybersecurity professionals should be familiar with these core principles.

Step 1: Explore the CIA Triad.

a. Click here to view the video. What is data confidentiality? Why is data confidentiality so important to
people and organizations?

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 9
Lab 1 – Cybersecurity at a glance

Confidentiality is about protecting private information, personal details and avoiding date leaks.
Confidentiality builds trust between employer and employee and business owners have an obligation to
keep staff information secure and trusted. When using computer systems, individuals and business are
often required to share very sensitive data. The organizations that collect this data are responsible for its
safety and privacy. In the wrong hands, sensitive information can be misused to commit illegal activity.
____________________________________________________________________________________
____________________________________________________________________________________
b. What is data integrity? Name three ways data integrity or trustworthiness is affected.
Integrity is accuracy, error-free data and learning how to notice violations
3 ways:  Equipment failure, errors, mistakes by people
____________________________________________________________________________
____________________________________________________________________________________
c. What is system availability? What can happen if a critical computer system is no longer available?
System availability is you have the information, systems and resources you need to do your job and
service your customers
When the critical system of a computer is not accessible it may result in loss of data
____________________________________________________________________________________
____________________________________________________________________________________

Step 2: Explore Cyberattacks.

Click here to watch a video. Describe how the Russian hacker break into a computer in minutes. What
method did he use to hack?
We will pretend to be a wireless access point that you normally connect to. If you go to the website that you
would normally use. And you know normally what happens when you go to a website. After that it will ask you
information which you’d normally do and actually we can see your information show up here and so part of
the attack is that it makes you it tries to convince you that you need to do an update. So you’d want to click on
the download button because it's convincing you to do this. When you execute that, you have already have
been exploited
This method is fake connection
_____________________________________________________________________________________
_______________________________________________________________________________________

B. Exploring the World of Cybersecurity Professionals

Objectives
Explore the security features used by organizations like Google and Cisco to keep your data safe.
Part 1: Protecting Your Data
Part 2: Improving your Google Account Security

Background / Scenario
This chapter introduces the student to the cyber world. This cyber world is full of data kingdoms that handle
unimaginable amounts of personal and organizational information. As cybersecurity professionals, it is
important to understand the types of cybersecurity safeguards an organization must implement in order to
protect the data they store, manage, and protect. In this lab, you will explore one of the world’s largest data

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 9
Lab 1 – Cybersecurity at a glance

handling organizations, Google. You will watch two videos and then answer a series of questions. Each video
presents a different aspect of cybersecurity defense at Google. Upon completion, you will have a better
understanding of the security measures and services that organizations like Google take in order to protect
information and information systems.
Videos:
How Google Protects Your Data
Security Key

Required Resources
 PC or mobile device with Internet access

Part 3: Protecting Your Data

As one of the world’s largest personal data repositories, Google stores massive amounts of data. Google
accounts for close to 50% of all internet search activity. To make things even more complicated, Google owns
and operates YouTube, the Android operating system, and many other major sources of data collection. In
this activity, you will watch a short video and try to identify several of the measures the cybersecurity
professionals at Google take to protect your data.

Step 1: Open a browser and view the following video:

How Google Protects Your Data
a. How does Google ensure that the servers they install in their datacenters are not infected with malware
by the equipment manufacturers?
Security personnel are on duty 24 hours a day, seven days a week. Google customer’s data is stored in
multiple locations to help sure reliability. The files that stored the data are given random file names and
are not stored in clear text. For each drive that is received in one of our data centers, Google rigorously
tracks its location and status. When a hard drive fails or begins to exhibit performance problems, it’s
brought to the area where it’s reformatted and retested. If the drive does not pass these tests, it’s
removed from the rotation. The data on the hard drive is then overwritten to help ensure that no customer
date remains on it. The data override is then verified with a complete discrete. This process helps ensure
that there’s no trace of customer data remaining on the hard drive. For hard drive that reach the end of
their life, Google has a destruction process that is designed to further ensure that none of the data on
that drive can ever be accessed the drivers are destroyed in a multi-step process. Google maintain an
extra backup of the data in the data center that is stored on these tapes. This provides a level of
redundancy to help safeguard its customer’s data. Google data centers are connected to the internet via
high-speed fiber optic cable. In each data center, there are multiple redundant connections to protect
against a possibility of a failure
____________________________________________________________________________________
____________________________________________________________________________________
b. How does Google protect against physical access to the servers located in the Google datacenters?
Access to a Google datacenter is tightly controlled. Only authorized personal are allowed to enter. The
security staff works 24 hours a day, seven days a week. The centers are guarded by security personnel
and 24-hour video monitoring. All personnel must check in at the reception area. The team at Google
does not allow outside visitors at its datacenter facilities.
____________________________________________________________________________________
____________________________________________________________________________________
c. How does Google protect customer data on a server system?

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 9
Lab 1 – Cybersecurity at a glance

As the data you create moves between your device, Google services and our data centres, it is protected
by security technology such as HTTPS and Transport Layer Security. We also encrypt email at rest and in
transit by default and encrypt identity cookies by default.
____________________________________________________________________________________
____________________________________________________________________________________

Step 2: Identify data vulnerabilities.

d. As you can see by the video, data in the Google datacenters are well protected, however, when using
Google, not all your data is located in the Google datacenter. Where else can you find your data when
using the Google search engine?
Data still resides at your local machine (computer, laptop, tablet or smart phone). This data must also be
protected.
____________________________________________________________________________________
____________________________________________________________________________________
e. Can you take steps to protect data when using the Google search engine? What are a few measures you
can use to protect your data?
Use strong passwords and/or a two-step login. You can also clear your browser history or cookies
frequently. You can require device authentication to access your account.
____________________________________________________________________________________
____________________________________________________________________________________

Part 4: Improving your Google Account Security

The greatest threat when using web-based services like Google is protecting your personal account
information (username and password). To make things worse, these accounts are commonly shared and
used to authenticate you to other web-based services, like Facebook, Amazon, or LinkedIn. You have several
options to improve the handling of your Google login credentials. These measures include creating a two-step
verification or an access code with your username and password. Google also supports the use of security
keys. In this activity, you will watch a short video and try to identify measures that can be taken to protect your
credentials when using web-based accounts.

Step 1: Open a browser and view the following video:

The Key to Working Smarter, Faster, and Safer
A. What is two-step verification? How can it protect your Google account?
Two-step verification is an enhancement to normal Google account login. Users can create a special ID
number that is provided during login.
____________________________________________________________________________________
____________________________________________________________________________________
B. What is a security key and what does it do? Can you use the security key on multiple systems?
A security key log is registered to your Google account, not a particular computer. You can use your
Security Key on any computer with Google Chrome.
___________________________________________________________________________________
____________________________________________________________________________________
C. Click here for common questions about the Security Key. If you set up your account to use a security key,
can you still get in without having the physical key?

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 9
Lab 1 – Cybersecurity at a glance

Yes. If you are asked for a Security Key and do not have it available, you will always have the option to
use a verification code. Simply click the link at the bottom of the screen that says use verification code
instead.
____________________________________________________________________________________

Step 2: Protect Gmail Account Access.

a. The use of a Gmail account has become extremely popular. Google now has over 1 billion active Gmail
accounts. One of the convenient features of Gmail accounts is the ability to grant access to other users.
This share access feature creates a shared email account. Hackers can use this feature to access your
Gmail account. To check your account, log in to your Gmail account, and click the gear icon in the top
right corner (settings). When the settings screen opens, a menu bar is displayed under the Settings
screen title. (General – Labels – Inbox – Accounts and Import – Filters and Blocked Addresses …)
b. Click the Accounts and Import menu item. Check the Grant access to your account option. Delete any
unauthorized shared users of your account.

Step 3: Check Your Gmail Account Activity.

a. Gmail users can also check the account activity in order to make sure no other users have accessed their
personal Gmail account. This feature can identify who has accessed the account and from what locations.
Use the Last account activity option to determine if someone else has accessed your account. To
access the Last account activity follow these steps:
1) Login to your Gmail account.
2) Select Last account activity: found at the bottom of the page. It will display the last time the
unauthorized user accessed the account and from where.
3) Just below this message is a detail hyperlink. Click the detail hyperlink.
b. View the account activity. If you find an unauthorized user, you can disconnect the unauthorized user by
clicking the button at the top left Sign out all other web sessions. Now change your password to keep
the unauthorized user from accessing the account.

Part 5: extract sensitive information from saved browsers

C. Firewall setting
Part 1. Setting window firewall
1. block program;
- block one apps
- test
- unblock
- delete the rule

2. block ports;

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 9
Lab 1 – Cybersecurity at a glance

block some ports

- test connection for your apps
- unblock;
- delete the rule;

3. block one ip;

vietnamnet.vn
103.229.42.210

4. block domain name

edit the host file

5. dns attack
edit host file

Part 2. Setting your hardware firewall

Modem wifi

© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 9