Professional Documents
Culture Documents
4 5865984522339750213
4 5865984522339750213
4 5865984522339750213
FOR BEGINNERS:
A COMPREHENSIVE AND ESSENTIAL GUIDE
FOR EVERY NOVICE TO UNDERSTAND
AND MASTER CYBERSECURITY
LIAM SMITH
Copyright 2022 by Liam Smith- All rights reserved.
The content contained within this book may not be reproduced, duplicated or transmitted without direct written permission from
the author or the publisher.
Under no circumstances will any blame or legal responsibility be held against the publisher, or author, for any damages,
reparation, or monetary loss due to the information contained within this book. Either directly or indirectly.
Legal Notice:
This book is copyright protected. This book is only for personal use. You cannot amend, distribute, sell, use, quote or paraphrase
any part, or the content within this book, without the consent of the author or publisher.
Disclaimer Notice:
Please note the information contained within this document is for educational and entertainment purposes only. All effort has
been executed to present accurate, up to date, and reliable, complete information. No warranties of any kind are declared or
implied. Readers acknowledge that the author is not engaging in the rendering of legal, financial, medical or professional advice.
The content within this book has been derived from various sources. Please consult a licensed professional before attempting any
techniques outlined in this book.
By reading this document, the reader agrees that under no circumstances is the author responsible for any losses, direct or
indirect, which are incurred as a result of the use of information contained within this document, including, but not limited to, —
errors, omissions, or inaccuracies.
ISBN:
Table of Contents
Regardless of the present danger of viruses and malware since the beginning of the PC age,
information network security has been lagging up until the point gradual technological advances
allowed for contextual analysis of infiltrations. These analyses revealed that more and more
computing devices were being exposed to attacks. Many exposed machines utilizing the web
allowed hackers to propel their abilities in infiltration techniques; therefore, taking information
and even shutting down sites.
Considering the number of global users at present is at an expected 3.4 billion clients, there is
enormous potential for cybercrime. Combatting the issue is currently a multi-disciplinary issue
which brings together equipment and programming through strategy and individuals. All of this
has been aimed at the prevention of cybercrime happening in the first place or minimizing its
effects when it does. This is the practice that has now come to be known as Cybersecurity. There
is no “cure all” solution. However, Cybersecurity is continually developing as per the dangers it
is attempting to anticipate.
The main area of concern would be the client accounts and their names and passwords. Usually,
it would be the potential profit or governmental control that drives the cyber black market in a
manner of speaking. As individuals keep on integrating innovation into their lives, the
opportunities for abuse will also grow. Accordingly, the resistances that are utilized to stop them
through instruction and practices of cybersecurity will likewise keep on growing.
Physical Security
This is one of the major elements when it comes to the overall security policy within an
organization. Physical security entails such things as proxy access, building security and the
relevant security measures. When it comes to proxy access, security comprises different
subcomponents which include the key, proxy card control, and access. In the same way as
passwords, the proxy cards and keys have differing levels of access, and they have to be issued
as needed. At the same time, regularly scheduled audits need to be conducted, so as to prevent
access which is not authorized. Then there is building security, which physically prevents people
from accessing the premises’ systems without authorization. This is part of the Intelligent
Building Management System and the networks and devices which make it. Without it, it would
be very easy for outsiders to go around the methods of protection and infiltrate the networks to
their gain. It is crucial that workers are aware of these systems and hence abide by the physical
security policies. Several elements have to be considered when developing policies related to
physical security. Similarly, a full assessment of security and infrastructure is needed before
writing the policy. Security measures for physical security include things like security cameras
with a recording device that gives an external layer of security to the facility. Physical security
should also consider lighting which is essential for safety. The gates, walls, and electrified
fencing add to the reduction of risk of unauthorized personnel of vehicles from entering and
damaging the assets of the building. The employee security training class is essential to the
success of the firm and would be advisable to report on security violations.
Removable media such as hard drives and USB drives should only be utilized with particular
authorization from the agency. Workers cannot be allowed to utilize personal removable media
within the work environment. The employees also have to be forbidden from plugging laptops or
other electronic devices into the equipment of the firm.
Internet
One of the most significant inventions of the 21st century is the internet, which has affected our
lives to a great extent. Nowadays, the internet has crossed every obstruction and has altered the
means we used to chat, work, play games, shop, listen to music, make friends, see movies, pay
our bills, order food, greet our friend on their anniversaries or birthdays, etc. Applications have
been developed to carry out most of the everyday tasks which has facilitated our life to a great
deal by making it comfortable.
Contrary to the past, where one had to stand in a long queue for paying electricity and telephone
bills; now, we can do that online through internet with a click of a button from our office or
home. The technology has stretched to a level that we do not even need a computer for using the
internet. We have smartphones equipped with internet, iPads, and palmtops, etc. using which we
can keep in touch with our family, friends, and office throughout the day. Hence, the internet has
not just simplified our life, but it has also provided a cost-effective solution to numerous
problems.
Just a few years back, we used to make International Subscriber Dialing (ISD) calls or even a
Subscriber trunk dialing (STD) calls, which were quite expensive. Both these methods were
employed to deliver just critical messages, and the rest of the mundane communication was
carried out through letters as it was a comparatively cheap mode of communication (Poe 2010).
Today, we not only have the facility of making audio calls through internet but can also make
video conference calls through various popular applications such as Skype, Viber, etc. at a very
cheap expense to an extent where a 1-hour video call through internet is less costly than the rate
of sending a 1-page document from New Jersey to California through a courier service. Not just
this, the internet has also altered the way we used the typical devices. Now, besides watching our
regular shows and movies on TV, we can use it for making calls, video chats with families and
friends through the internet. Likewise, we can use our smartphones not just to make calls but also
to watch any movie. Irrespective of our location, it is possible for us to keep in touch with the
rest of the world. Working parents can keep an eye on their kids at home from the vicinity of
their offices and can assist them in their homework. A businessman can easily keep an eye on his
office, shop, workforce, etc. with a mere click of a button. It is safe to say that the internet has
facilitated our life in numerous ways. Have you ever reflected on where this internet came from?
Let us have a look at the brief history of the internet and learn how the internet was devised and
how with time, it evolved to a level that it is now impossible for us to think of our lives without
it.
DNS
While browsing any website on the internet, we type something similar to www.uou.ac.in that is,
we do not deal with IP addresses such as 104.28.2.92. However, the truth is that even if we type
http: \\ 106.25.2.82 in the URL, we will be landed on the same webpage. We are quite
accustomed to and comfortable in using and memorizing the names of the websites instead of a
number. Besides, with time, these IP address changes and few of the sites contain more than one
IP address. Furthermore, we can only transfer data over the internet by using IP addresses since
the routing of the packet of data that is sent through the internet, is carried out using the IP
address. There is a server known as Domain Name System (DNS). This server is responsible for
taking care of this translation job to make this process simple and to save us from the trouble of
memorizing these changing IP address numbers. Every time we type an address such as
http:\\www.uou.ac.in, a background procedure known as DNS name resolution is initiated. Our
computers keep the footpath of lately visited websites and locally preserves a database in the
cache of DNS. If the IP address of the website we have requested is not found in the DNS cache
of our local computer, then the subsequent possible place to find it is in the DNS server of our
Internet Service Provider (ISP). These DNS servers of our Internet Service Provider also
maintain the cache of the lately visited webpages. In case the information is not available even in
the DNS server of ISP, it then forwards the query to the root name servers, which publish the
root zone file to both other DNS servers as well as clients on the Internet. The root zone file
designates the location of the authoritative servers for the DNS top-level domains (abbreviated as
TLD). Presently, there are 13 root name servers which are listed below:
Adware
This is software that downloads, gathers, and presents unwanted ads or data while redirecting
searches to certain websites.
Bots
Bots are automatic scripts that take command of your system. Your computer is used as a
"zombie" to carry out attacks online. Most of the time, you are not aware that your computer is
carrying out these attacks.
Rootkits
When a system is compromised, rootkits are designed to hide the fact that you have malware.
Rootkits enable malware to operate in the open by imitating normal files.
Spyware
Spyware transmits data from the hard drive without the target knowing about the information
theft.
Viruses
A virus pushes a copy of itself into a device and becomes a part of another computer program. It
can spread between computers, leaving infections as it travels.
Worms
Similar to viruses, worms self-replicate, but they don't need a host program or human to
propagate. Worms utilize a vulnerability in the target system or make use of social engineering to
fool users into executing the program.
Preventing Malware Attacks
In order to avoid malware, you should:
Network Security
Controlled access to systems on your organization's network and proven technology and
methodology use like using a firewall, IPS, IDS, and remote access only through a VPN
minimize the surface attack you are exposing your organization to. Physical system separation is
usually deemed the last measure for most organizations and is still vulnerable to some attack
vectors.
Use Reputable A/V Software
When installed, a suitable A/V software detects any existing malware on a system and then
removes it. An A/V solution monitors and mitigates potential malware activity and installation. It
is very important to be up-to-date with the vendor's latest definitions and/or signatures.
Perform Routine Security Inspections
Scanning your organization's websites periodically for vulnerabilities such as software with
known bugs and server/service/application misconfigurations will save your organization from
potential malware attacks, protect the data of your users, and protect clients and visitors who use
public-facing sites.
Phishing
A malicious hacker attempts to trick the victim into believing the hacker is a nice and
trustworthy person in order for the victim to do a particular action. Perhaps the famous phishing
scam is the "Nigerian Prince" where the hacker claims to be a wealthy Nigerian prince who
needs your help in transferring funds to his account. In return, he offers you a promise of wealth
once he gets back the access to his accounts. Just in the United States, these scams make over
$700,000 a year! Unfortunately, as long as people keep sending money, hackers will use
phishing scams.
Scan the port range from the given built-in list or any user-defined range.
Review and analyze the responses of connected hosts to the network.
Scan ping and network ports using different IP range.
Meld the list of ports to generate a new one.
Connect to any available or open port.
Update the port descriptions in the port list.
WebInspect
It is a web-based security assessment application that allows developers to detect the known and
unknown loopholes present in the web application layer. It consists of multiple modules that
work together to execute the complete testing process from its initial phase of mapping and
analysis of attack surfaces to find the security loopholes. It is also used to analyze whether the
webserver of a system is properly configured or not by attempting parameters injection, directory
traversal, and cross-site scripting.
LC4
It is a password recovery application used in computer networks. It was also known as
“L0phtCrack” and mostly used for checking the password strength and recovering the Microsoft
Windows passwords by using different directories, hybrid attacks, and brute-force. It consists of
multiple modules that work together to execute the complete testing process from its initial phase
of mapping and analysis of attack surfaces to find the security loopholes.
NMAP
It is known as “Network Mapper” a powerful open-source tool used to discover and audit the
networks. It was mainly developed to scan enterprise networks, maintaining network inventory,
monitoring the network hosts, and upgrading the network service schedules. It is used to induce:
Metasploit
Metasploit is known as one of the most powerful tools used for exploitation. It is available in
different versions depending upon its features. It can be used with command prompt and Web
user-interface to perform such type of tasks:
Burp Suite
Burp Suite is the most popular tool used to perform security tests on web-based applications. It
consists of multiple modules that work together to execute the complete testing process from its
initial phase of mapping and analysis of attack surfaces to find the security loopholes. It has a
user-friendly interface and allows the administrators to apply manual techniques to conduct a
system test.
Angry IP Scanner
It is a cross-platform IP address detector and port scanner used to scan a huge range of IP
addresses. It is easily available on the internet. Administrators use the multithreaded technique
by combining multiple scanners to scan a huge range of Ip addresses. It pings individual IP
addresses to validate it is alive or not? It then analyzes the problem and resolves it by using the
hostname, MAC address, scan ports, etc. All the data scanned and gathered can be stored in
different formats such as TCT, CVS, XML, and IP-Port files.
Cain & Abel
It is an efficient password recovery software used to recover the lost passwords of Microsoft
Operating Systems. It is easy and simple to use, and it offers different types of passwords
recovering services along with the Microsoft Operating Systems. It is most widely used by
security consultants, system penetration testers, and other hackers. Cain & Abel use different
techniques to recover the passwords those techniques are:
Network sniffing.
Cracking of the system encrypted passwords using Brute-Force, Dictionary, and
Cryptanalysis.
VoIP communication reporting.
Decoding of shuffled passwords.
Wireless network keys recovery.
Analyzing routing protocols and uncovering of the cached passwords.
Chapter 8:
CompTIA, the Best Cyber Security Certifications to Boost Your
Career
The cyber security industry is exploding. According to a recent report from Cybersecurity
Ventures, “the job market in cyber security is expected to reach 3.5 million unfilled positions by
2021.” These unfilled positions will likely be due to a significant gap between education and
skills the market needs in the future.
Reasons Why Choose CompTIA Certifications
Here are four reasons why cyber security certifications from CompTIA are great ways to get
ahead of this trend:
• Cyber Security Certifications Can Be Used to Show Off Your Current Skills (and Impress a
Potential Employer!)
If you already have a few years of experience in the cyber security field, having a cyber security
certification shows that you are staying up-to-date with the latest trends. This can be invaluable
in a competitive hiring market when an employer has plenty of candidates to choose from.
Additionally, if you are just starting out in cyber security, having one or more certifications can
show that you have an established foundation on which to build a career.
• They Can Boost Your Salary
A 2015 report by the Cybersecurity Ventures found that salaries for people in the cyber security
field jumped an average of 28% between 2014 and 2015. This is definitely a trend worth
jumping on, but to get ahead of this trend, you need a way to stand out from the crowd. If you
have a CompTIA certification, you can show that you know state-of-the-art skills and are getting
ahead at a faster pace than the industry average.
• They Can Help You Get Hired Faster
In addition to showing employers how skilled you are, cyber security certifications can help
employers see your potential for future growth. This could be the difference between being hired
and passing over in an interview, or being hired and becoming an invaluable asset to the
company.
• They Build Your Professional Reputation
When you have a professional reputation, it is easier to land jobs and contracts. Having a
CompTIA certification shows that you have taken the time to explore the latest trends in
technology and security. Furthermore, when you have many of these certifications, they help
your employer learn more about who you are as a person. This is important because it shows
them that in addition to being a talented technician, you are a person of integrity.
Where to Get the Best CompTIA Cyber Security Certifications
Every year, over 1 million people apply for CompTIA’s certifications. That can be a lot for
employers to evaluate, so we have rounded up the best CompTIA cyber security certification
programs:
CompTIA A+ Certification - This program is for IT technicians and will help you gain hands-on
experience with installing and repairing any PC hardware or software. This certification will
also better prepare you for finding work in IT support roles. It is the most popular CompTIA
certification, and the best CompTIA cyber security certification for beginners. It will help you
gain the skills you need to become an IT professional in any industry.
Sub-Certifications:
CompTIA Network+ Exam - This exam focuses on networking technologies including Ethernet,
Wireless networking, and network cabling. Since this certification is an introduction to
networking, it is a great stepping stone between the CompTIA A+ certification and more
advanced certifications that focus on networking like the CompTIA Cloud Essentials cert or
Network+.
How Long Do You Have to Study for a CompTIA Cyber Security
Certification?
The duration of a cyber security exam varies based on the certification level. All CompTIA
certifications require you to study and pass an exam, but the amount of time you have to study is
contingent on the certification level. That being said, since the CompTIA A+ is the most popular
cyber security certification, it’s a good foundation for beginning your studies and will also
require less time than other exams.
Being online has become very common with children, but it can be dangerous if you do not take
certain precautions. The preventative measures taken to protect computer systems against
unauthorized access or attack is cybersecurity.
Cybersecurity aims to safeguard the lives, property, and images of citizens.
It is essential to be cautious when visiting new websites and downloading content on your
devices. Take the time to read the privacy policies of websites along with asking parents or other
trusted adults about them. Here are some rules to follow so that you are safe while online.
• Keep your personal information private.
Do not share personal information online. Avoid sharing your name, school name, parent name,
address, phone number, social security number, birthdate, passwords, etc. This information can
provide cybercriminals access to your location, home, or school.
Do not enter private information on untrusted websites. All trusted websites should start with
https://. If this is not visible, look for a closed padlock symbol near the left or right of the web
address (URL). If you click on the padlock, a message should display the company name and
something similar to “The connection to the server is encrypted.” If the lock is open, it is an
untrusted website. Other things to check for are counterfeit versions of sites that you often visit.
For example, check for logos that are lighter in color and make sure that the link contains the
correct domain name (e.g., www.disney.com or www.facebook.com). Check the URL of each
website that you visit to make sure that you are on the right site. Fake sites will steal your private
information and email the contents to the cybercriminal. Some counterfeit sites may have extra
characters in the URL (e.g., www.disney1.com). The 1 is not needed.
• Create strong passwords.
Most websites require you to create strong passwords using complex combinations of numbers,
letters, and symbols. You should create passwords with a combination of upper and lowercase
letters, numbers, symbols, and at least eight characters.
Do not use passwords that are easy to guess like your name, pet name, or date of birth, unless
combining it with a complex use of other numbers, letters, or symbols. Do not use all letters or
all numbers, Use a combination of both. Use a password manager if you have trouble
remembering all of your passwords. Do not save passwords using your web browser unless you
have anti-virus software.
• Think twice before you post anything online. Once information is on the internet it is out
there forever.
Only post positive things on your social media pages. A post can reach thousands or even
millions of people. Do not talk about others or share content that talks about others. Do not post
nude photos of you or others. Do not post private information about yourself or others.
Do not post anything illegal. Deleting a post does not mean it cannot resurface. Do not post
anything that you will regret; it may come back to haunt you.
• Speak up.
If you see anything unsuitable, report it to the website and tell an adult that you trust. Most sites
have a report/spam button. Use this every time you see inappropriate content. Once you report
something on a website, the security team will take care of it. Do not stand for bullying or any
other improper activities online or offline.
• Avoid joining clubs or entering contests on unfamiliar sites.
These types of pages usually ask for too much personal information. If you want to double-check
the link to a website, place the cursor over the link (blue underlined words). DO NOT CLICK
IT! It will display the domain name of the site (e.g., www.kidzbop.com/parents would be
legitimate). If it has too many special characters without a familiar domain name or it is a
different URL when you go to the site, it is fake (e.g., www.kid%zbo%p.cOm/~paren!ts).
• Some emails and links are fake.
Some emails and links will pretend to offer you something free or appear to be from a legitimate
source. Do not click on them. It is usually an attempt to get your personal information, such as
social security numbers or credit card information. This fraudulent act is phishing. They look
official, sometimes mimicking a site that you have an account with or one that you have formerly
visited. Legitimate companies will never email you for personal information. They will either
call you or email you to contact them.
We live in a maddening world. Things seem to be going faster and faster, with apparently no
option to keep anything under our control. We’re forced to abandon old ideas, principles and
habits as we’re engulfed by cyberspace. More and more, we’re living online, where large
companies reign and have no intention of relinquishing the throne. In fact, they’re increasingly
seizing what used to be public domain and this goes unnoticed, without mainstream media
fanfare or even a constructive mention in the news.
Smart machines and digital brains decide on whether our behavior is kosher and punish us within
an instant. Any appeal is a formality and protests are memory-holed. Weak and powerless, you
can keep shouting at the void, filled with resentment or you can learn to adapt. The sad truth is
that there’s simply no defeating the tech giants, so we have to wait for them to die a natural
death.
Big companies collude with one another to keep a tight grip on the market and emerging
technologies. As small startups rise to fight them, they too get absorbed and have their potential
added to the conglomerate. Individuals have no say in the matter, as CEOs are insular, detached
from reality and stubbornly dedicated to increasing company revenue. No amount of protesting,
yelling or punishment will make them pay attention to the needs of the little guy. But there is a
ray of light in all of it, a glimmer of hope as that same stubbornness makes them blind to small,
consistent ethical hacking efforts by individuals.
Technology is here to stay but it shouldn’t be adored or glorified it’s just a tool and should be
accepted based on its merits rather than on our emotional vulnerability induced by marketers. By
thinking like an engineer, you’ll see the world around you as a set of constraints that can be bent
just a little bit to extract maximum utility from whatever you happen to be using. It won’t be
pretty, but it will work and, oh, will be it satisfying.
Thanks for your support!