Cyber Security Basic Terms and Concepts for Beginners Part 2
- April 12, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity
The United States is home to the world’s most iconic cybersecurity companies such as Palo Alto Networks, Fortinet, FireEye, CrowdStrike, McAfee, Tanium and I can go on and on but here is the point. Despite being at the cutting edge of cybersecurity technologies, US enterprises and the government get successfully targeted and hacked more often than other countries. Did you ever wonder why is that? Because the US enterprises and the US government are behind both in mindset and cybersecurity technology adoption. We are exactly at the place cybercriminals want us to be. The US government has plowed in so much money into detection systems such as the Einstein, but we still failed to detect intrusions such as the SolarWinds hack. As far as I am concerned, the only way to fix that is to adopt an assume-breach or default-deny zero-trust approach through the security stack. It is going to require a strong cybersecurity regulatory environment. Beyond that, I think we need to ramp up cybersecurity awareness and education and make it a mandatory part of our science and technology degrees and diplomas frankly much like we have been teaching the laws of physics.
RED TEAM, PURPLE TEAM, BLUE TEAM
Red teams are pen testing professionals who are experts in attacking and hacking into systems. Blue teams, on the other hand, are defensive security professionals responsible for maintaining internal network defenses against all cyber-attacks and threats, these are your cybersecurity engineers. Red teams simulate attacks against blue teams to test the effectiveness of the network’s security. The goal of a purple team is to bring both red and blue teams together while encouraging them to work as a team to share insights and create a strong feedback loop.
The difference between the two terms is about the intent where black hat refers to someone breaching a network without consent for illegal purposes. A white hat is a hacker who is penetrating your network or systems to test your infrastructure for vulnerabilities. White hat hackers are also known as ethical hackers or red team hackers. The two most widely used red team tools come from HelpSystems that sells Cobalt Strike and Rapid7 that sells Metasploit. The tools are licensed on a per-user per-year basis and would cost you about $3000 to $5000. One last thing, the difference between the two groups of hackers is not about the tools they use but about the presence or absence of consent.
It is a way to run code where you can observe and analyze the execution aftereffects in a safe and isolated environment. This allows for the isolated executable code to be used for evaluation while preventing any harm or damage to be caused to the production system.
It is a fraudulent attempt to obtain sensitive information or data, such as login credentials, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a transaction. There are many different types of phishing attacks. The most common medium to stage a phishing attack is email. Some of the most high-profile phishing attacks use a technique known as Spear phishing. It is like phishing on steroids where attackers send emails to specific and well-researched targets while pretending to be a trusted sender. The aim is to either infect devices with malware or convince victims to hand over information. The recent Twitter attack utilized spear phishing to successfully get into high-profile accounts of Jeff Bezos, Bill Gates, and Elon Musk. There is another variation of spear phishing which is even more targeted and known as Whaling phishing in which C-level executives are targeted to steal sensitive information. There are other variants of phishing attacks where the attack vectors are either phone or social media as opposed to email. Those are known as Smishing, Vishing, and Angler phishing attacks.
It is about falsifying the identity of the source of data communication. For example, it is common for attackers to spoof their IP addresses when breaching a network.
It is used to refer to a system or host that’s been compromised by a hacker to carry out some action, for example, to participate in a botnet. The compromise could take place via a virus, trojan, malware, you name it.
BRUTE FORCE ATTACK
It is an activity that involves repetitive attempts of trying various passphrases combinations to guess a password to break into a system or a website.
It is the sum of all of the different points where an attacker can try to enter or extract data from a system, so your goal is to minimize the attack surface by hardening the system.
ENCODE DECODE AND ENCRYPT AND DECRYPT
Encoding is about transforming data into another format using a scheme that is publicly available and well-known so the data reversal back to the original format is as per design also known as decode. Encryption on the other hand is about obfuscating code with a key so that it can be made confidential. The only way to decrypt the data is to use the original key that was used to encrypt the data in the first place. The whole point with encryption is to keep the data confidential and limited to a small set of individuals.
It is crucial to understand the difference between encryption and hashing. Encryption is a two-way function, what that means is that so long as I have the key, I can unlock the data. Hashing on the other hand is a one-way function, once a text or plaintext is scrambled via MD5. Unless the hash algorithm has been broken, there is no way to reverse a hashed password back to the original plaintext form. There is one more interesting difference between hashing and encryption. Hash functions produce a fixed string as the output regardless of the size of the input whereas the encryption algorithm produces a variable-length string. The common examples of hashing algorithms are MD5 and SHA, whereas common examples of encryption algorithms are AES, RSA, and 3DES.
THANK you for reading the article, I hope you found it helpful. I’d love to hear your thoughts.
Author:Muhammad Afaq Khan, CCIE #9070
0 (0) Today, we live in a world where there is nothing, and I mean nothing, off the limits for cyberattacks and particularly ransomware attacks. Our hospitals, our universities, oil pipelines, and now even our meat is under cyberattack. The cyberattack that flattened the IT operations at JBS Foods over the weekend turns out was […]
0 (0) Ransomware has been a growing menace for years, but there has been a marked increase, during the recent months, in sophistication and level of innovation in this portion of the cybercrime underbelly. If you didn’t know, cybercrime comes in many different types, such as email and internet fraud, identity theft, financial theft like […]
0 (0) It’s time to check your Pulse. I mean your Pulse Connect Secure VPN appliance. Hackers have been exploiting several previously known and one zero-day vulnerabilities affecting Pulse Connect Secure aka PCS VPN appliances. They are targeting defense, government, and financial organizations around the world. According to FireEye, several threat actors have been exploiting […]
5 (1) OK, we now have another supply chain attack that could become the next big hack. When April fools’ jokes were being published online, one company known as Codecov discovered something that was far from a joke. So, who is Codecov? Codecov is one of the many DevOps tools out there. It provides hosted […]
5 (1) So, what is Ethical Hacking? Well, it is hacking ethically. OK, that was not helpful. There are two types of hacking, white hat hacking, black hat hacking. They use similar tools and have similar goals, so then what is the difference. Well, there is one big difference and that has to do with […]