Cyber security

there is a need to bolster cybersecurity as government

agencies transition to cloud services.

she served as a cybersecurity adviser to the white house.

cybersecurity is the practice of protecting computers and

networks from digital attacks.

cybersecurity involves measures taken to protect computer

systems against threats such as viruses.

 War Stories Explain why networks and data are attacked.

 Threat Actors Explain the motivations of the threat actors
behind specific security incidents.
 Threat Impact Explain the potential impact of network
security attacks

Threat Actors
• Threat actors are individuals or groups of individuals who perform
cyberattacks. They include, but are not limited to:
• Amateurs
• Hacktivists
• Organized crime groups
• State-sponsored groups
• Terrorist groups
• Cyberattacks are intentional malicious acts meant to negatively impact
another individual or organization.
How Secure is the Internet of Things?
• The Internet of Things (IoT) helps individuals connect things to improve
their quality of life.
• Many devices on the internet are not updated with the latest firmware.
Some older devices were not even developed to be updated with
patches. These two situations create opportunity for threat actors and
security risks for the owners of these devices

Ransomed Companies
Employees of an organization are often lured into opening
attachments that install ransomware on the employees’
computers. This ransomware, when installed, begins the
process of gathering and encrypting corporate data.

Fighters in the War Against Cybercrime

The Modern Security Operations Centre Explain the mission

of the Security Operations Center (SOC). Becoming a
Defender Describe resources available to prepare for a
career in cybersecurity operations
Tier 1 Alert Analyst Monitor incoming alerts, verify that a
true incident has occurred, and
forward tickets to Tier 2, if necessary.
Tier 2 Incident Responder Responsible for deep
investigation of incidents and advise remediation or
action to be taken.
Tier 3 Threat Hunter Experts in network, endpoint, threat
intelligence, malware reverse
engineering and tracing the processes of the malware to
determine its
impact and how it can be removed. They are also deeply
involved in
hunting for potential threats and implementing threat
detection tools. Threat
hunters search for cyber threats that are present in the
network but have
not yet been detected.
SOC Manager Manages all the resources of the SOC and
serves as the point of contact
for the larger organization or customerple in the SOC

the windows operating system

MS-DOS Command Description
dir Shows a listing of all the files in the current directory
(folder)
cd directory Changes the directory to the indicated
directory
cd .. Changes the directory to the directory above the
current directory
cd \ Changes the directory to the root directory (often C:)
copy source destination Copies files to another location
del filename Deletes one or more files
find Searches for text in files
mkdir directory Creates a new directory
ren oldname newname Renames a file
help Displays all the commands that can be used, with a
brief description
help command Displays extensive help for the indicated
command

Linux Networking Commands

ifconfig
- Display network interface information.
Ifconfig
2. ip
- Show/manipulate routing, devices, policy routing,
and tunnels.
ip address show
3. route
- Display or manipulate the IP routing table.
route -n
4. ping
- Send ICMP ECHO_REQUEST to network hosts.
ping google.com
5. traceroute
- Print the route packets trace to network host.
traceroute google.com
and other of commands
 Linux Users Essentials , Linux File System , Linux
Permissions
 Common Threats and Attacks
1-Virus
2-Worm
3-Trojan horse
4-Ransmware
5-Spayware
user’s consent
6-Adware
7-scareware
8- Phishing
9- Rootkits (backdoor)

Security Onion
is an open-source suite of Network Security Monitoring (NSM) tools that
run
on an Ubuntu Linux distribution.
• Security Onion tools provides three core functions for the cybersecurity
analyst such as full
packet capture and data types, network-based and host-based intrusion
detection systems,
and alert analyst tools.
• Security Onion can be installed as a standalone installation or as a
sensor and server
platform.
• Some components of Security Onion are owned and maintained by
corporations, such as
Cisco and Riverbend Technologies, but are made available as open
source.
Detection Tools for Collecting Alert Data

• Security Onion contains many

components. It is an
integrated environment which
is designed to simplify the
deployment of a
comprehensive NSM solution.
• The figure illustrates the way
in which components of the
Security Onion work together.

Types of Security Data

Alert Data
Alert data consists of messages generated by intrusion prevention
systems (IPSs) or intrusion detection systems (IDSs) in response to traffic
that violates a rule or matches the signature of a known exploit.
A network IDS (NIDS), such as Snort, comes configured with rules for
known exploits.
Alerts are generated by Snort and are made readable and searchable by
the Sguil and Squert applications, which are part of the Security Onion
suite of NSM tools.
Network Security Data
Session and Transaction Data
• Session data is a record of a conversation between two network
endpoints.
• It includes the five tuples of source and destination IP addresses, source
and destination port
numbers, and the IP code for the protocol in use.
Session and Transaction Data
Transaction data consists of the messages that are exchanged during
network sessions.
These transactions can be viewed in packet capture transcripts.
The transactions that represent the requests and replies would be logged
in an access log on a server or by a NIDS like Zeek.