DEV Community

loading...
Cover image for A Friendly Introduction to Cybersecurity

A Friendly Introduction to Cybersecurity

lordghostx profile image LordGhostX Originally published at lordghostx.hashnode.dev ・6 min read

What is Cybersecurity?

Cybersecurity is the protection of internet-connected systems such as hardware, software, and data from cyber-threats and attacks. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.

Cyber Threats?

This is popularly known as cyber-attacks or hacks, a cyber-threat is an attempt to expose, alter, disable, destroy, steal, or gain unauthorized access to or make unauthorized use of an asset.

133-1338824_transparent-robber-png-cyber-crime-cartoon-png-png.png

Forms of Cyber Attacks

There are various ways cyber-attacks are carried out depending on the nature of what is being attacked. Some of which include:

Phishing Attacks

This form of attack involves an attacker cloning the login page of a website and sharing it with victims in an attempt to steal their login credentials.

Malware Attacks

This form of attack involves the creation and distribution of malware. Examples of malware are viruses, trojan horses, network worms, ransomware, etc.

SQL/NoSQL Injection

This form of attack is targeted at databases. They attempt to steal or clone the database content of a website, or app if the queries constructed from user input are not properly sanitized.

Cross-Site Scripting Attacks

This form of attack involves embedding malicious JavaScript code on websites that do not sanitize user input before rendering. They can be used to steal sensitive data from users and send it to an attacker.

DOS/DDOS Attacks

This form of attack seeks to overload a web server by sending more requests than it can handle within a short period of time.

Brute-force Attacks

This form of attack involves a user trying every possible combination of passwords for a user account on a website.

Man-in-the-middle Attacks (MITM)

This form of attack is common in networks and occurs when an attacker intercepts requests sent outside a network. An example of this is an attacker seeing form data being submitted on websites and even changing their values (the data can include passwords and credit card information).

Zero-day Exploits

This form of attack is a newly discovered, or developed vulnerability for a system, platform, or application that the creator of the software has not had time to patch or fix.

Social Engineering Attacks

This form of attack involves an attacker attempting to get access to a system via the users themselves.

Cross-Site Request Forgery Attacks

This form of attack allows an attacker to perform actions on websites that a user is authenticated on without their consent or knowledge.

Insider Threats

This form of attack involves attacking a system with inside help. This could be an employee who decides to destroy a system and not an unknown outside attacker.

238-2382036_cyber-attack-clipart-hd-png-download.png

Effects of Cyber-attacks

Cyber-attacks cause various damages to businesses, companies, and individuals some of which include but not limited to:

  • Loss of corporate information.
  • Loss of money and financial information.
  • Disruption of business operations and possible bankruptcy.
  • Reputational damage to a company or business.
  • Legal consequences of a data breach.

G8.png

Fields in Cybersecurity

There are various paths to take in Cybersecurity, all of which have different areas of specialization. Some of the fields include:

  • Application Security
  • Penetration Testing
  • Reverse Engineering
  • Digital Forensic Analysis
  • Systems Administration
  • Malware Analysis
  • Cryptography

cyberattacks.jpg

Categories of Hackers

There are different categories of hackers, the categories are based upon the end goal of the hacker. Some report, some exploit, others do it for fun. The categories include:

White Hat Hackers

This set of hackers break into a system, then report vulnerabilities found in the system and work with the development team to fix the flaws found.

Black Hat Hackers

This set of hackers break into a system, then exploit it for their own personal gain or to destroy a company, or business. These are the set of people referred to as cybercriminals.

Grey Hat Hackers

These set of hackers are the hobbyists and people who practice hacking for the fun of it. They break into systems and either report or exploit or even do nothing about it. They have no definite aim, just on the fence between good and bad.

Hacktivists

This set of hackers target corporate and governmental platforms intending to take down their systems, expose information, or just making their voices heard.

The Reds vs The Blues

Red teams are offensive security professionals who are experts in attacking systems and breaking into defenses while Blue teams are defensive security professionals responsible for maintaining internal network defenses against all cyber-attacks and threats.

red-blue.jpg

A little bit about Penetration Testing

Penetration testing also called pen testing or ethical hacking is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.

Penetration-Testing_Pen-Testing-Model.jpg

Penetration Testing Stages

pen-testing.jpg
Penetration testing steps gotten from imperva.com

1. Planning and reconnaissance

The first stage involves:

  • Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used.
  • Gathering intelligence (e.g network and domain names, mail server) to better understand how a target works and its potential vulnerabilities.

2. Scanning

The next step is to understand how the target application will respond to various intrusion attempts. This is typically done using:

  • Static analysis - Inspecting an application’s code to estimate the way it behaves while running. These tools can scan the entirety of the code in a single pass.
  • Dynamic analysis - Inspecting an application’s code in a running state. This is a more practical way of scanning, as it provides a real-time view of an application’s performance.

3. Gaining Access

This stage uses web application attacks, such as cross-site scripting, SQL injection, and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic, etc., to understand the damage they can cause.

4. Maintaining Access

The goal of this stage is to see if the vulnerability can be used to achieve a persistent presence in the exploited system long enough for a bad actor to gain in-depth access. The idea is to imitate advanced persistent threats, which often remain in a system for months to steal an organization’s most sensitive data.

5. Analysis

The results of the penetration test are then compiled into a report detailing:

  • Specific vulnerabilities that were exploited.
  • Sensitive data that was accessed.
  • The amount of time the pentester was able to remain in the system undetected.

stages.jpg

Cybersecurity Roadmap

  • Learn Linux (Parrot OS or Kali).
  • Familiarising yourself with pen-testing tools on your distro.
  • Joining cybersecurity communities.
  • Following cybersecurity researchers on Twitter.
  • Playing CTF.
  • Getting Certifications.

Common Cybersecurity Certifications

  • Certified Ethical Hacker (CEH)
  • CompTIA Security+
  • Certified Information System Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • NIST Cybersecurity Framework (NCSF)
  • Certified Cloud Security Professional (CCSP)
  • Computer Hacking Forensic Investigator (CHFI)
  • Cisco Certified Network Associate (CCNA) Security

Why learn Cybersecurity?

  • High paying salary up to $90k annually.
  • You're learning and building a skill that only a small percentage of people have.
  • High demand for cybersecurity experts.
  • Cybersecurity is an evergreen industry where its personnel is needed in every single company operating in the digital space.
  • Unlimited career growth options.
  • Opportunities to work with high profile agencies.
  • It's filled with a lot of fun and interesting moments.

pepe.jpg

Conclusion

In this article, we walked through what Cybersecurity is, saw forms of Cyber Threats and the effects they have on a business, company, or individual. We also explored fields in Cybersecurity, went over different categories of hackers, and learned about Red and Blue Teams. We took a deep dive into penetration testing and explored processes in it then saw a Cybersecurity roadmap, looked at a couple of Cybersecurity certifications, and why people should have Cybersecurity skills.

I also plan to start a series that goes in-depth into explaining forms of cyber-attacks, how they are carried out, and show how to protect your application from them. Subscribe so you don't miss out on this. If you have any questions, don't hesitate to hit me up on Twitter: @LordGhostX

Discussion (0)

pic
Editor guide