Introduction to Cybersecurity

# Introduction to Cybersecurity
## DAY 1
### Kendall Giles
### 20/7/2019

---

---

# LICENSE

Some of this material in this presentation has been adapted and remixed from course materials from the [Virginia Cyber Range](https://virginiacyberrange.org/) by Dave Raymond. Other images and materials are cited accordingly. This course content is provided under an [Attribution-NonCommercial-ShareAlike 4.0 International Creative Commons License](https://creativecommons.org)

---

# WORKSHOP ORIENTATION

DAY 2: *Networking*

DAY 3: *Cryptography*

DAY 4: *Hacking and Your Cybersecurity Future*

---

# TODAY'S SCHEDULE

.small[
| TOPIC      | TIME     |
| :------ | :----------: |
| [Welcome](#5) | 9:30-9:45 |
| [Cybersecurity Overview](#13) | 9:45-10:00 |
| [LAB: Accessing Kali](#19) | 10:00-10:30 |
| [BREAK](#28) | 10:30-10:45 |
| [Introductory Principles](#29) | 10:45-11:15 |
| [Threats and Attacks](#43) | 11:15-11:45 |
| [BREAK](#55) | 11:45-12:00 |
| [LAB: Kali Linux 1](#56) | 12:00-12:30 |
| [LUNCH BREAK](#62) | 12:30-14:15 |
| [Secure Systems](#63) | 14:15-15:00 |
| [BREAK](#74) | 15:00-15:15 |
| [LAB: Kali Linux 2](#75) | 15:15-15:45 |
| [Creating Strong Passwords](#79) | 15:45-16:15 |
| [BREAK](#93) | 16:15-16:30 |
| [LAB: Finding Things](#94) | 16:30-17:00 |
]

???

| [Day 1 Takeaways](#87) | |

9:30 - 12:30PM & 2:15 - 5:00PM

---
class: center, middle

# Welcome

.center[<img src="introduction_to_cybersecurity_assets/img/malicious_urls.png" style="width: 85%" /> 
.small[[2019 Symantec Internet Security Threat Report](https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-executive-summary-en.pdf)]
]

---

# Today's Learning Objectives

* Define cyberspace and cybersecurity
* Understand the security triad of confidentiality, integrity, and availability
* Describe some common threats to information security
* Enumerate basic security defenses
* Operate basic commands in a (Kali) UNIX-based environment
* Perform basic UNIX tasks:
	* Operate the user interfaces
	* Navigate the file system
	* Run commands from the command-line

---

# Benefits of Learning Cybersecurity

1) Protect yourself, protect those you care for

2) Job demand for cybersecurity professionals

3) In 2019+ it is critical that you know how to use computer systems, devices, and networks in a safe and secure manner

4) Internet of Things

5) Mindset: Privacy, Ethics, and AI

---

# Cybersecurity Camp Overview

1) DAY 1: Introduction to Cybersecurity

2) DAY 2: Networking

3) DAY 3: Encryption

4) DAY 4: Hacking and Your Cybersecurity Future

???

# TODAY'S LABS

* Accessing Kali
* Kali Linux 1
* Kali Linux 2
* Bandit Game

---

# CYBERSECURITY OVERVIEW

.center[<img src="introduction_to_cybersecurity_assets/img/web_attacks.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

# Scope of the Security Problem: Businesses

.center[<img src="introduction_to_cybersecurity_assets/img/scope_of_security_problems.png" style="width: 55%" /> 
.small[[2018 Verizon Data Breach Investigations Report](https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf)]
]

---

# Scope of the Security Problem: Geographic Spread of Botnet Breaches

.center[<img src="introduction_to_cybersecurity_assets/img/geographic_spread_botnet_breaches.png" style="width: 100%" /> 
.small[[2018 Verizon Data Breach Investigations Report](https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf)]
]

???

https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf

---

# Scope of the Security Problem: Malware

.pull-left[Frequency of Malware Vectors <img src="introduction_to_cybersecurity_assets/img/frequency_malware_vectors.png" style="width: 100%" /> 
.small[2018 Verizon Data Breach Investigations Report]
]

.pull-right[Frequency of Malware File Types <img src="introduction_to_cybersecurity_assets/img/frequency_malware_file_types.png" style="width: 100%" /> 
.small[2018 Verizon Data Breach Investigations Report]
]

---

# Scope of the Security Problem: IoT

---

# Scope of the Security Problem: Talent Shortage

.center[<img src="introduction_to_cybersecurity_assets/img/security_talent_shortage.png" style="width: 85%" /> 
.small[https://www.cyberseek.org]
]

---

# LAB: Accessing Your Kali Linux VM Environment

.center[<img src="introduction_to_cybersecurity_assets/img/ransomware.png" style="width: 85%" /> 
.small[[2019 Symantec Internet Security Threat Report](https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-executive-summary-en.pdf)]
]

---

# LAB: The Virginia Cyber Range

Your Kali VM environment is hosted on the [Virginia Cyber Range](https://virginiacyberrange.org), Virginia's premier cybersecurity education platform. In fact, as of July 10, 2019, the Virginia Cyber Range has expanded to the entire US: [https://vtnews.vt.edu/articles/2019/07/it-vcr-uscyberrange.html](https://vtnews.vt.edu/articles/2019/07/it-vcr-uscyberrange.html)

.center[<img src="introduction_to_cybersecurity_assets/img/virginia_cyber_range.png" style="width: 70%" />]

---

# LAB: Accessing the Course: Step 1/7

There is a [Student Quick Start Guide](https://vacr.supportbee.com/450/896/1799) for the entire process, but here are the steps to follow to access your account and course:

1) For authentication purposes, you must use an  [OpenID](https://openid.net/what-is-openid/) provider supported by the Range: Google, Facebook, or Microsoft Azure AD. If you already have an account with one of these providers, proceed to the next step. If you do not yet have an account, then you need to create one--I recommend Google. Follow these instructions to create a Google account: [How to Create a Google Account](https://support.google.com/accounts/answer/27441?hl=en).

.center[<img src="introduction_to_cybersecurity_assets/img/create_google_account.png" style="width: 45%" />]

---

# LAB: Accessing the Course: Step 2/7

2) On the Virginia Cyber Range login page, [https://console.virginiacyberrange.net/login](https://console.virginiacyberrange.net/login), click the "Have an invitation code?" link and enter the provided invitation code. If you would like step-by-step instructions as well as a short video, see "Joining a Course via a Registration Code" on  [https://vacr.supportbee.com/450/896/8241](https://vacr.supportbee.com/450/896/8241).

---

# LAB: Accessing the Course: Step 3/7

3) Authenticate using your OpenID provider.

---

# LAB: Accessing the Course: Step 4/7

4) Once logged in, you should see the TechGirls 2019 Cybersecurity Workshop course in your course menu--click the course.

.center[<img src="introduction_to_cybersecurity_assets/img/range_profile_page.png" style="width: 55%" />]

---

# LAB: Accessing the Exercise Environment: Step 5/7

5) You should see one or more Exercise Environments. We will need different exercise environments for different labs -- I will be sure to let you know which one to use. For the correct exercise environment to use, click the exercise environment icon.

.center[<img src="introduction_to_cybersecurity_assets/img/course_profile_page.png" style="width: 55%" />]

---

# LAB: Accessing the Kali VM: Step 6/7

6) On the Exercise Environment page you should see a Power On button on the bottom left of the page.  Click this icon to power up the VM — note that the power-on process takes 30 seconds or so. Once the VM has powered up you should see start and stop buttons. Click the start button to launch the VM in a new window (popups should not be blocked by your browser).

.pull-left[<img src="introduction_to_cybersecurity_assets/img/environment_profile_page.png" style="width: 90%" />]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/exercise_environment_start_stop_buttons.png" style="width: 90%" />]

---

# LAB: Logging in to Kali: Step 7/7

7) The username/password for the Kali login is student/student. Once logged in, you should see the Kali OS.

NOTE: Once you are finished with your Kali session, IN THE BROWSER TAB WITH THE START/STOP BUTTONS (previous slide) click the STOP button.

.pull-left[<img src="introduction_to_cybersecurity_assets/img/kali_login_window.png" style="width: 90%" />]

---

# BREAK

.center[<img src="introduction_to_cybersecurity_assets/img/supply_chain_attacks.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

# Introductory Principles

.center[<img src="introduction_to_cybersecurity_assets/img/malicious_email.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

# What is Cyberspace?

.pull-left[
* Cyberspace is "the notional environment in which communication over computer networks occurs."
    -- Wikipedia
* "Cyberspace" term coined by William Gibson - 1984
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/neuromancer_book_cover.png" style="width: 60%" /> 
.small[Image courtesy of https://en.wikipedia.org/wiki/Neuromancer]]

???

---

# What is Cybersecurity?

.pull-left[
<blockquote>"Computer security, also known as cyber security or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide." -- Gasser, Morrie (1988).
</blockquote>

* Includes *physical* security as well as *online* security
* Includes *personal* security, *home* security, *work/school* security
* Includes *privacy* and *ethics*

--> It's not just about computers!
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/cyborg_engraving.png" style="width: 70%" /> 
.small[Humani Victus Instrumenta: Ars Coquinaria, 1569, Copper engraving, 379 x 277 mm, Private collection]]

???

* Gasser quote from  Building a Secure Computer System. [Online] Available at https://ece.uwaterloo.ca/~vganesh/TEACHING/S2014/ECE458/building-secure-systems.pdf  Retrieved 6 September 2015.

---

# Principles

---

# Principles: Confidentiality

* *Confidentiality*: Protecting information from disclosure to unauthorized entities. You only want approved users having access to the data.

---

# Principles: Confidentiality Scenario

.center[<img src="introduction_to_cybersecurity_assets/img/confidentiality_example.png" style="width: 35%" />]

---

# Principles: Confidentiality Attack

.pull-right[<img src="introduction_to_cybersecurity_assets/img/confidentiality_eve_example.png" style="width: 85%" /> 
.small[Eve image courtesy of the Disney Wiki: http://disney.wikia.com/wiki/The_Disney_Wiki]
]

---

# Principles: Confidentiality Defense

.pull-left[
* Encryption at rest:
 * Encrypt your harddrive
 * Encrypt any thumbdrive
* Encryption in transit:
 * Only use encrypted wireless channels
 * WPA3 (January 2018) is the current WiFi standard
 * Always use https:// (SSL/TLS) in your browser
 * Use encrypted email if possible
]
.pull-right[<img src="introduction_to_cybersecurity_assets/img/confidentiality_eve_encryption_example.png" style="width: 85%" /> 
.small[Eve image courtesy of the Disney Wiki: http://disney.wikia.com/wiki/The_Disney_Wiki]]

???

* Example: You use an unsecured WiFi access point at the airport and Eve is able to see all of your traffic

* Example: You do not use a password on your computer--Eve walks by your desk when you aren't there and is able to gain access to all your information

* Example Defenses: Encryption, passwords, user access control.

---

# Principles: Integrity

* *Integrity*: Ensuring that information is not altered accidentally or by entities unauthorized to make alterations. Includes information in transit.

---

# Principles: Integrity Scenario

.center[<img src="introduction_to_cybersecurity_assets/img/integrity_scenario.png" style="width: 40%" />]

---

# Principles: Integrity Attacks and Defenses

.pull-left[
* Example: You use an unsecured WiFi access point at the airport. You email your friend: "I love you."
  * What if “JFK Airport Wifi” isn’t who you think it is?
  * Eve modifies your message: "I hate you."
* Another example: You do not use a password on your computer--Eve walks by your desk when you aren't there and erases your harddrive.
* Example Defenses: Encryption, user access control, file permissions, version control systems and backups
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/integrity_attack.png" style="width: 80%" /> 
.small[Eve image courtesy of the Disney Wiki: http://disney.wikia.com/wiki/The_Disney_Wiki]]

---

# Principles: Availability

* *Availability*: Ensuring information can be used when and where needed.

.center[<img src="introduction_to_cybersecurity_assets/img/denial_of_service_map.png" style="width: 80%" /> 
.small[http://www.digitalattackmap.com]]

---

# Principles: Availability Attacks and Defenses

.pull-left[
* With a strong wireless signal, Eve can jam legitimate signals in a denial of service (DoS) attack. Eg: Eve is using a microwave with poor shielding and your page request does not go through (client side)
* Eg: Eve is sending so many page requests to the web server that your page request does not go through (server side)
* Eg: You leave your computer on your desk. You return to use your computer but Eve has taken it.
* Eg Defenses: Offsite data storage, backups, redundant hardware and software.
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/availability_attack.png" style="width: 70%" /> 
.small[Eve image courtesy of the Disney Wiki: http://disney.wikia.com/wiki/The_Disney_Wiki]]

---

---

# Threats and Attacks

.center[<img src="introduction_to_cybersecurity_assets/img/formjacking.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

# Important Terms

* *Asset*: Stuff we care about, such as information, software, hardware, bandwidth, reputation, privacy, money, etc.

* *Threat*: The potential for an occurrence that would cause an undesirable effect on an asset. Threats are often evaluated with respect to the CIA triad.

* *Safeguard*: A control implemented to reduce the risk to an asset posed by a threat.

* *Vulnerability*: The absence (or weakness) of safeguards,  allowing a threat to affect an asset.

* *Exploit*: A technique that takes advantage of a specific vulnerability to achieve some effect on an asset.

---

# Threat and Vulnerability

.pull-left[
* Vulnerability: a weakness in a system
* Attack: a human (so far) who exploits a vulnerability
* Threat: a set of circumstances that has the potential to cause loss or harm by exploiting a vulnerability
* Controls or countermeasures: action, device, procedure, or technique to remove or reduce a vulnerability
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/threat_vulnerability.png" style="width: 75%" />]

---

# Threats and Attacks

.pull-left[
* Eavesdropping 
* Denial-of-service
* Alteration
* Masquerading 
* Repudiation
* Correlation and Traceback
* Cryptographic Attacks
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/computer_network_vulnerabilities.png" style="width: 95%" />]

---

# Threats and Attacks: Eavesdropping

.pull-left[
* Eavesdropping: the interception of information intended for someone else during its transmission over a communication channel.
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/eavesdropping.png" style="width: 90%" />]

---

# Threats and Attacks: Denial of Service

.pull-left[
* Denial-of-service: the interruption or degradation of a data service or information access.
]

???

# .pull-right[<img src="introduction_to_cybersecurity_assets/img/eavesdropping.png" style="width: 90%" />]

---

# Threats and Attacks: Alteration

.pull-left[
* Alteration: unauthorized modification of information.
* Example: the man-in-the-middle attack, where a network stream is intercepted, modified, and retransmitted.
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/alteration.png" style="width: 100%" />]

---

# Threats and Attacks: Masquerading

.pull-left[
* Masquerading: the fabrication of information that is purported to be from someone who is not actually the author.
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/masquerading.png" style="width: 75%" />]

---

# Threats and Attacks: Repudiation

.pull-left[
* Repudiation: the denial of a commitment or data receipt.
* This involves an attempt to back out of a contract or a protocol that requires the different parties to provide receipts acknowledging that data has been received.
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/repudiation.png" style="width: 75%" />]

---

# Threats and Attacks: Correlation and Traceback

.pull-left[
* Correlation and traceback: the integration of multiple data sources and information flows to determine the source of a particular data stream or piece of information.
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/correlation.png" style="width: 90%" />]

---

# Kinds of Threats

.center[<img src="introduction_to_cybersecurity_assets/img/kinds_of_threats.png" style="width: 60%" />]

---

# Cost, Benefit, and Risk

* *Principle*: Do not devote more resources than the potential loss

* *Cost of loss*: How much does it cost if I fail to maintain CIA?

* *Cost of prevention*: How much does it cost to provide safeguards?

* *Risk assessment and risk management*: Governments, business, and individuals often have different imperatives for acceptable risks and costs

---

# BREAK

.center[<img src="introduction_to_cybersecurity_assets/img/cryptojacking.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

#  LAB: Kali Linux 1

.center[<img src="introduction_to_cybersecurity_assets/img/cyber_crime.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---
#  LAB: Kali Linux

.pull-left[
+ Linux distro based on Debian Linux
+ Packaged with extensive penetration testing tools
	+ Metasploit /Armitage (exploitation)
	+ Aircrack -ng/Kismet/ Bluesnarfer (wireless attacks)
	+ Burp suite/ Maltego /Paros/ Zaproxy (web app attacks)
	+... see [http://tools.kali.org/tools-listing](http://tools.kali.org/tools-listing)
+ Widely used by security professionals and “hackers”
]

???

.footnote[See http://tools.kali.org/tools-listing.                                  KALI LINUX ™ is a trademark of Offensive Security.]

---
#  LAB: Kali OS Orientation

---
#  LAB: Command-line: Terminal Window

.center[<img src="introduction_to_cybersecurity_assets/img/terminal_window.png" style="width: 50%" />]

* Command Prompt
* A command: .remark-code[ls -F /]
???
* A shell is a program like any other program on your computer. What’s special about a shell is that its job is to run other programs rather than to perform tasks itself. The most popular Unix shell is Bash, the Bourne Again SHell (so-called because it’s derived from a shell written by Stephen Bourne). Bash is the default shell on most modern implementations of Unix and in most packages that provide Unix-like tools for Windows.

* The part that you type, ls -F / in the second line of the example, typically has the following structure: a command, some flags (also called options or switches) and an argument. Flags start with a single dash (-) or two dashes (--), and change the behaviour of a command. Arguments tell the command what to operate on (e.g. files and directories). Sometimes flags and arguments are referred to as parameters. A command can be called with more than one flag and more than one argument, but a command doesn’t always require an argument or a flag.

---

#  LAB: Basics

.pull-left[
+ Logging in
	+ Root  accounts  ( root@system :~# )
	+ User accounts ( username@system :~$ )
+ Getting help with commands
	+ .remark-code[*command* --h] or .remark-code[*command* --help]
	+ .remark-code[man  *command*]
+ Try: .remark-code[uname –a]  
+ Try: .remark-code[date]
+ History: up/down arrows and .remark-code[history]
+ Tab completion
]

---
# LAB: A Few UNIX Commands

* .remark-code[whoami]: current user name
* .remark-code[man *command*]: Gets the manual page for  .remark-code[*command*]
* .remark-code[*command* --help]: *usually* gets some brief help
* .remark-code[pwd]: returns the current working directory path
* .remark-code[ls path]: list files and directories, ls on its own lists current working directory
* .remark-code[cd path]: change current directory
* .remark-code[ps]: list processes

???

+ kill -<signal> <PID>
	+ Terminates the process with process id <PID>

+ .remark-code[gedit *file*] --> edit *file* in GUI text editor

---

# LUNCH BREAK

.center[<img src="introduction_to_cybersecurity_assets/img/cloud.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

# Secure Systems

.center[<img src="introduction_to_cybersecurity_assets/img/iot_logo.png" style="width: 40%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

# Secure Systems

<blockquote>“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”

— Gene Spafford
 </blockquote>

+ We have to make trade-offs between security and usability
	+ CIA: more ‘C’ usually means less ‘A’
+ Security: a process, not a product
+ We cannot make perfectly secure systems, but we can make our systems more defensible

---
#  Types of Attackers

.center[<img src="introduction_to_cybersecurity_assets/img/types_of_attackers.png" style="width: 60%" />]

---
#  Attacker Goals

+ Why are our systems and networks attacked?
	+ Steal our information or gather information
	+ Steal our money
	+ Use our hardware, software, or other assets
	+ Destroy or deny use of our assets (data, information systems, physical resources)
	+ Corrupt our information
	+ Harm reputations, make a statement
	+ Prepare for future action (eg botnets)
	+ Just to see if it can be done
	+ Penetration testing

---

# Attack Phases

Five P’s: Probe, Penetrate, Persist, Propagate, Profit

* *Probe*: passive and active reconnaissance
* *Penetrate*: gain initial access
  + Software vulnerabilities
  + Weak passwords or configurations
  + Credential stealing, social engineering, insiders
* *Persist*: maintain access
  + Compromised accounts, backdoors, rootkits, bots
  + Covering tracks
* *Propagate*: spread up and out
  + Privilege escalation
  + Extend to other systems or networks
* *Profit*: achieve attack goals

???

# Incident Prevention

Preparation is critical:
  Prevent incidents from occurring
  Limit the scope and impact of an incident
  Help during the incident response process
Non-technical preparation:
  Establish and enforce security policies
  Educate users
  Where possible, make the ‘secure way’ the easy and obvious way as well
Technical preparation:
  Harden networks and systems
  Enforce security policy

# Don’t Go It Alone

Best practices guides, books and articles
e.g. NIST CDS Special Publications (800 Series)
20 Critical Controls
Center for Internet Security (CIS) Benchmarks
System hardening checklists
Lockdown tools, scripts and templates
e.g. DISA Gold Disk, Bastille Linux

# Thinking Differently

See things from your adversary’s point of view.
Thinking outside the box?
No. Stack the boxes and use them to climb through that open window.

How does it work? Why does it work? How else can it work? What happens if I do this?
Create you own solutions to problems; don’t wait for someone to tell you how.

---
#  Red Team

.center[
<iframe width="560" height="315" src="https://www.youtube.com/embed/0_ZfuMlNJk8" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
]

???

* Names, mailing addresses, phone numbers, and email addresses for up to 70 million customers were stolen from retailer Target
* This was after malware on their cash registers allowed thieves to steal 40 million credit card account information

???

https://www.welivesecurity.com/2018/12/18/target-targeted-five-years-breach-shook-cybersecurity/

https://krebsonsecurity.com/2014/01/target-names-emails-phone-numbers-on-up-to-70-million-customers-stolen/

https://krebsonsecurity.com/tag/target-data-breach/

"A source close to the investigation told this author that an analysis revealed at least some of Home Depot’s store registers had been infected with a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows."

---
#  Defensible Systems

+ Systems – hosts and networks
+ We want to make our systems harder to attack and easier to defend
+ Four elements for defensibility:
	+ Controls
	+ Defense in Layers
	+ Reduce Attack Surface
	+ Good Hygiene

---
#  Controls

.pull-left[
* To reduce the possibility of harm (risk) from a threat we can implement controls or countermeasures:
  * prevent
  * deter
  * mitigate 
  * detect 
  * recover
]

---
#  Security in Layers

* Layered approach to security: defense in depth
* Must balance the cost and effectiveness of controls with the likelihood and severity of
* Types of controls: physical, procedural, technical
  + Eg. Hardware firewall (on your router) and software firewall (on your laptop), use a VPN when on travel, etc.

???

Compare to a house: auto turn-on lights, locks on doors, security camerias, and a fence.

---

#  Reduce Attack Surface

+ Remove or disable unnecessary:
	+ Services (Bluetooth, WiFi, File Sharing, etc.)
	+ Software
	+ Apps
	+ Accounts
	+ Hardware [modem, wireless NIC, USB ports]
+ Enforce least-privilege
	+ Subjects get only the privileges needed to do their jobs

<blockquote>Complexity is the enemy of security</blockquote>

???

Real world: you are making the target smaller or further from the attacker... graphic should be a target with an arrow in it.
Good practice: remove or uninstall applications you are not actively using.  For instance, on your mobile phone, you might download and install some games in order to spend time at the airport.
But, when you play them, you find some are fun and otehrs are not fun.
In order to reduce your attack surface (and the possibility of a malixious app) uninstall the ones you don't like.
Turn off services you are not using.  Examples are Location Services, Bluetooth, WiFi, File Sharing services.... anything you are not actually using should be disabled.

#  Monitored

+ Logging and auditing
	+ Essential for troubleshooting and security incidents
	+ Determine what should be logged or audited:
		+ User account changes
		+ Login and logout  [success and failure]
		+ Start up and shutdown  [system, services]
		+ Security policy changes
		+ Changes to installed software
		+ Access to important objects
		+ Activities of specific subjects
+ Antivirus and intrusion detection
+ File integrity monitoring

---

#  Good Hygiene

+ Keep executables patched
	+ Operating system
	+ Services
	+ Applications
	+ Drivers
+ Antivirus and intrusion detection systems
	+ Signature and engine updates
+ Software inventory and version checking
+ Automatic updates
	+ Trusted and controlled source for updates
+ Backup plan
	+ Easy, routine, validated and secure

---

# BREAK

.center[<img src="introduction_to_cybersecurity_assets/img/election_interference.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

# LAB: Kali Linux 2

.center[<img src="introduction_to_cybersecurity_assets/img/email_attachments.png" style="width: 50%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---
#  LAB: UNIX File System

+ Directory structure: .remark-code[/   /etc  /usr /var /bin /dev]
+ Home folders:   .remark-code[~ /home]
+ Navigating the directory structure
	+ .remark-code[cd] and .remark-code[pwd]
	+ Absolute and relative paths: .remark-code[./] and .remark-code[../]
	+ List files: .remark-code[ls] and .remark-code[ls –al]
+ Edit files: .remark-code[leafpad &]
+ List file contents: 
  + .remark-code[cat] 
  + .remark-code[head] 
  + .remark-code[tail] 
  + .remark-code[more] 
  + .remark-code[less]
+ Create files and directories: .remark-code[touch] and .remark-code[mkdir]
+ Remove files and directories: .remark-code[rm] and .remark-code[rmdir]

???

Most commands in the Linux Terminal have specifications that can be appended to the command called flags. Let’s have a look at two very useful flags for the ls command.

$ ls -a
	$ ls -l

As you can see, by running these two commands, you output differs from running ls alone. The first, -a, will list all files which are hidden. Files can be hidden in the Linux file system if the first character in its name is contains a period. You will also notice both “.” and “..” is listed in your output – this will be explained in more detail later. For now, just understand that these are directories hidden in your home directory.

Your output for -l is quite different. This flag allows you to list much more information about the content, such as owner and permissions. For the purposes of this lesson, simply notice that the far left of the output includes a “d” which will designate a directory. Everything else is a file, not a directory.

Lastly to note, you can execute a combination of the above two flags into one command!

$ ls -la 
	OR
	$ ls -l -a

+ .remark-code[rm -rf /]  --> What does this do? See man page for rm !

#  LAB: Finding Stuff

* .remark-code[locate]
* .remark-code[whereis]

---
#  LAB: Users and groups

.pull-left[
+ Accounts allow for individual accountability and control of privileges
+ User ID and group ID
+ .remark-code[whoami] and .remark-code[who]
+ Elevating privileges
	+ .remark-code[sudo]
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/image7.png" style="width: 80%" /> .small[https://xkcd.com/149/]
]

???

+ Service accounts
+ Disabled and restricted accounts
	+ E.g. no remote root login
	
+ Elevating privileges
	+ su (Substitute user )
	+ sudo
	+ sudo  su -

#  LAB: Processes

+ View processes : ps ps –aux
+ Terminating processes
	+ kill *<* *pid* *>* , kill -9 *<* *pid* *>* , kill –HUP *<* *pid* *>*
	+ pkill *<name>* , killall *<name>*
+ Pipes and redirection | , > , >>
	+ ps –aux | grep ping

---
#  LAB: Unix/Linux Networking Example Commands

---

# Creating Strong Passwords

.center[<img src="introduction_to_cybersecurity_assets/img/malicious_email_rate.png" style="width: 45%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---
#  Authentication

+ Identification and authentication
+ Authentication factors
	+ Something you know
	+ Something you have
	+ Something you are
+ Password security
	+ Complexity requirements  [passphrase method]
	+ Mandatory changes
+ Password storage
	+ Hashes and salts
	+ Attacks [brute force, dictionary, rainbow tables]
	
---

# Most Common Passwords in 2018

| Rank      | Password     | Change from 2017 |
| :------: | :----------: | :----------: |
| 1 | 123456 | Unchanged |
| 2 | password | Unchanged |
| 3 | 123456789 | Up 3 |
| 4 | 12345678 | Down 1 |
| 5 | 12345 | Unchanged |
| 6 | 111111 | New |
| 7 | 1234567 | Up 1 |
| 8 | sunshine | New |
| 9 | qwerty | Down 5 |
| 10 | iloveyou | Unchanged |

???

https://www.teamsid.com/splashdatas-top-100-worst-passwords-of-2018/

"According to SplashData, the over five million leaked passwords evaluated for the 2018 list were mostly held by users in North America and Western Europe. "

---

# Password Strategy 1: Make Passwords Complex

* Numbers Only:
* Numbers + Lower Case Mix:
* Numbers + Lower Case + Upper Case Mix:
* Numbers + Lower Case + Upper Case + Symbols Mix:

Best Practice: Always create a password using characters from at least three of the above categories

???

https://howsecureismypassword.net/

---

# The simplest password attack: Brute force

Brute force attacks can run billions of calculations per second.

* aaa
* aab
* aac
* aad
* ...
* BBB
* BBC
* BBD
* ...

---

# Password Strategy 2: Make Passwords Long

TEST IT: [https://howsecureismypassword.net/](https://howsecureismypassword.net/)

* 6 characters: jJ9!fK
* 7 characters: jJ9!fK1
* 8 characters: jJ9!fK1*
* 9 characters: jJ9!fK1*E
* 10 characters: jJ9!fK1*Em
* 11 characters: jJ9!fK1*Em3
* 12 characters: jJ9!fK1*Em3&

Best Practice: Always create a password using at least 12 characters (and preferably 16+)

NOTE: The minimum password length will increase over time as computer processing speeds increase...

---

# Password Strategy 3: Do Not Share, Do Not Reuse

* Always use a different, unique password for each account you have.

If one of your accounts is hacked, then attackers won't be able to use that account's password to get into your other accounts.

* Never share your password--not to your friends, not to your boss, not to anyone else

If you share your password, then your friend might reveal the password or they may get hacked, so you are greatly increasing the chances of your account getting hacked.

If someone other than you knows your password, your account is not secure.

---

# Password Strategy 4: Do Not Use Dictionary Words

* Dictionary Attack: choose words from a dictionary/list

* Any word in any language is considered considered a dictionary word

* This includes Names (person names, hometown names, etc.)

* This includes commonly used passwords

* EXCEPTION: a "passphrase" is a password made up of multiple words, such as 'vintage-rainbow-garden-underneath-shadow'

---

# Password Strategy 5: Use a Password Manager

A password manager is a program that stores passwords securely (encrypted)--you just have to remember the password to your password manager.

.center[<img src="introduction_to_cybersecurity_assets/img/1password.png" style="width: 60%" /> 
.small[https://1password.com/]]

---

# Additional Password  Precautions

* Avoid using public computers (at a kiosk, library, hotel, airport, etc) -- these computers often have malware, so entering your password on these machines can result in your account being hacked

--
* Some accounts also ask you security questions in addition to your password. When setting up these accounts *do not use answers that are based on publicly available information*, such as your place of birth, mother's name, school name, etc. You can simply choose answers to these questions that are made up or use information that is not publicly known about you.

--
* Some accounts offer *two factor authentication*. For example, you may have a special app on your smartphone that will give you a one-time code that you must use in addition to your password to log in. This extra layer of protection helps keep your account secure.

--
* If you suspect your account has been compromised or accidently share your password, change your account password immediately--create a new strong password!

---

# Have You Been Pwned?

.center[<img src="introduction_to_cybersecurity_assets/img/pwned.png" style="width: 80%" /> 
.small[https://haveibeenpwned.com/]]

---

# BREAK

.center[<img src="introduction_to_cybersecurity_assets/img/top_email_keywords.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---

#  LAB: Finding Things

.center[<img src="introduction_to_cybersecurity_assets/img/email_attachment_types.png" style="width: 85%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

---
#  LAB: Finding Things

.pull-left[
+ Using your Kali Linux VM, browse to https://kendallgiles.com/intro-unix-command-line/
+ In Section 1.1 Prerequisites, download data-shell.zip to your Desktop
+ From your command line in the appropriate directory, run *unzip data-shell.zip*
+ Work through Chapter 4: Finding Things
+ Read Chapter 5: Final Thoughts
]

.pull-right[<img src="introduction_to_cybersecurity_assets/img/finding_things.png" style="width: 100%" />
]

???

```text
foo
├── archetypes
├── config.toml
*├── content
    └── posts
├── data
├── layouts
├── public
├── static
└── themes
```

???

# DAY 1: TAKEAWAYS

.center[<img src="introduction_to_cybersecurity_assets/img/email_phishing_rate.png" style="width: 40%" /> 
.small[2019 Symantec Internet Security Threat Report]
]

# Cyber!

* There is no one perfect cybersecurity defense or solution
* There are always new vulnerabilities and exploits, so you must actively work to keep your systems and information secure
* Use a strong unique password for each account
* Never share your password
* Kali Linux is a free Linux operating system widely used by security professionals and “hackers”
* Learning how to use your computer's command line interface will be a skill useful throughout your career

.center[<img src="introduction_to_cybersecurity_assets/img/routers_and_cameras.png" style="width: 40%" /> 
.small[2019 Symantec Internet Security Threat Report]
]