Cybersecurity: Essential(s) Concepts

Cybersecurity: Essential(s) Concepts by Simone "Simo" Bertulli - Images with the author and the LPI Security Essentials Certificate logo

Over the past 10 to 15 years, technology adoption has virtually exploded, and staying ahead of the curve has become increasingly difficult—for companies as well as individual experts. But it is not just the chase for continued innovation that grips these companies and experts: As the amount of available technology has increased, security threats have also grown.

News of ransomware attacks, intellectual property violations, and malicious disruptions are now commonplace, with associated reputational and economic damage for those involved. Hence the need for companies and institutions to find qualified personnel to deal with the daily challenges in cybersecurity.

But let’s go step by step: What is cybersecurity and what principles is it based?

In general, cybersecurity refers to the protection of infrastructure, systems, networks, software, data, devices, and other assets from attacks and unauthorized access using different types of technologies and processes, with the aim of reducing, mitigating, and preventing risks and threats.

Core Characteristics

The core principles underlying cybersecurity are part of the so-called CIA, an acronym that stands for:

  • Confidentiality
  • Integrity
  • Availability

We’ll look at each characteristic in turn.

Confidentiality

Confidentiality is understood to mean ensuring that data and resources are adequately protected from view by unauthorized parties. Confidentiality must be ensured at every stage of data processing, whether in transit from one destination to another or when physically stored.

To maintain this requirement, it is necessary always to use robust authentication, such as properly implementing a strong password (yes, our dog’s name is not enough to keep us safe 😉 ) combined with MFA (multi-factor authentication).

Also, beware of possible “social engineering” attempts aimed at stealing credentials. These can take place through links in phishing emails or text messages, which diverte you to malicious websites that appear very similar to trusted ones and that invite you to enter your credentials.

Integrity

Integrity is the ability to keep unauthorized parties from altering data. This characteristic is commonly achieved through cryptography and technologies that make it possible to hide data, whether in transit through a VPN or through other mechanisms such as steganography.

Many protocols used on networks use a dedicated field called a “checksum,” contained in the header of transmitted packets, which allows a quick check on the integrity of the data.

Availability

Availability guarantees access to a resource by those who have permission. The resource in question has to be available at all times, avoiding interruptions or instabilities in the service.

To achieve availability, technologies and policies should uphold the principles of high reliability and business continuity, provide disaster recovery plans and risk management if there are any problems, and implement proper backups.

Risk Assessments

To ensure the CIA principles, a risk assessment must be conducted to identify hazards that could have a negative impact on an organization’s ability to ensure critical security prerequisites. These assessments identify salient risks and provide measures, processes, and controls to reduce the impact of these threats on business operations. Risk assessments generally involve the following steps:

  • Identify threats
  • Determine the attack surface and what can be affected
  • Conduct analysis
  • Review and regularly update the assessments conducted

The ultimate goal is to obtain a risk profile based on the type of business and the resources and data included in the organization’s asset. The analysis and review seek to identify the organization’s most sensitive and prioritized points by determining an inherent risk factor.

But not only that: A risk assessment also aims to identify potential control measures that would hopefully offset any negative impact that a successful attack would have on the organization’s business processes or resources.

Security Players

Now that we know all this, it would be interesting to understand who is behind this scenario. Or rather, who are the main players on the security stage?
Well, we can break down players somewhat to see where the “the good, the bad, and the ugly” stand: To each his hat! 🙂

Script Kiddies

These use tools made by others to try to do harm, but often without much result.

Black Hat Hacker

Let’s face it… We’ve pretty much all imagined it: With that fascination worthy of science fiction movies, these characters try to steal sensitive data via ransomware, keyloggers, or social engineering attacks. Typically, the data is then sold on the Dark Web.

White Hat Hacker

They are referred to as “ethical hackers,” because they put their skills and knowledge at the service of communities and companies. White Hats discover new vulnerabilities and patch them for mitigation or resolution.

Grey Hat Hacker

Well, the color speaks for itself: We are talking about people with the same skills already mentioned, but it is their sense of duty that decides what is “right to do,” teetering between convenience and the latest discovered vulnerability… You be the judge 😉

Here we are talking mainly about ethical values, above technical ones.

Hacktivist

These are groups that advocate certain ideals and usually target organizations contrary to the ideas they advocate: Often extremists who seek to harm a third party or exfiltrate sensitive information.

Nation State

These are departments operating on behalf of government institutions or under their indirect command, thus having full technical and financial support to be able to execute very complex cyber plans and attacks with purposes that can have international political and military impacts.

We now know what and who is behind IT security. Please keep in mind that in addition to deep knowledge, it is critical to always keep a white hat on and work on using the knowledge and skills acquired to grow personally and in a professional context.

A White Hat thinks and operates as if they were an attacker, and then intervenes as a defender of the information system.

This makes them seem like a perhaps somewhat controversial professional figure, for although their actions are dictated by good principles and aimed at general security, their work often seems to shade over into “illegal” activity in some operational contexts.

And as is very often the case, appearances are deceiving. The only thing that does not deceive is knowledge, and quoting the ancient philosopher Lao Tzu:

“Knowledge is a treasure, but practice is the key to it.”

 

<< Read the previous part of this series | Read the next part of this series >>

 

If you want to learn more about cybersecurity and how to protect your data and reputation, take a look at Linux Professional Institute Security Essentials.

About Simone Bertulli:

Simone "Simo" Bertulli is a Cyber Security Expert and a Linux Enterprise Specialist; he started working on Linux systems since 2012, then extending his interest to the whole open source world, also creating a community in the Italian reality. Discovering the potential of open source software and the new opportunities they can create in the workplace is a stimulus for this passion, which brings with it the sustainability of technical solutions and professional skills. In the Cyber Security field he works in a SOC and has collaborated with the Packt publisher on the technical reviews of some video courses about blue team activities. In his spare time he takes technical certifications on various IT topics ("never stop learning" is his motto) and he likes to experiment with new technologies about security and virtualization for SOHO & Enterprise environments.

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *