Cyber Security (CS): Cyber Security is becoming increasingly complex day by day. Many organizations offer resources and information ...

Cyber Security Explained

Monday, January 08, 2024 0 Comments

Cyber Security (CS):
Cyber Security is becoming increasingly complex day by day. Many organizations offer resources and information on the fundamental principles of cybersecurity, including endpoint protection, security services, and different types of cyber attacks.

The practice of defending computers, servers, mobile devices, electronics systems, networks, and data from malicious attacks is known as cyber security.

CS is the protection needed to defend internet-connected devices and services from malicious attacks by hackers, spammers, and cybercriminals.

Wiki CS definition:
The protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, and networks, as well as disruption or misdirection of services they provide.

CS is one of the most significant challenges of the contemporary world, due to the complexity of the information systems and the society they support.

Security Types:
Critical infrastructure security
Application security
Network security
Cloud security
IOT Security

Skills needed:
Problem-solving skills
Technical aptitude
Knowledge of security.
Computer Fundamentals and Forensic Skills
Understanding hacking

Vulnerabilities and attacks:
A vulnerability is a weakness in the design, implementation, operation, or internal control of a computer system.

Threats categories:
Backdoor: a secret method of bypassing normal authentication or security control.

DoS attacks are designed to make a machine or network resource unavailable to its intended user.

Direct access attacks are when an unauthorized user gains physical access to a computer.

Eavesdropping is the act of surreptitiously listening to a private computer conversation, usually between hosts on a network.

Malware, or malicious software, is any software code or computer program "intentionally written to harm a computer system or its user."

Polymorphic attack: a new class of attack combined several types of attack and changed form to avoid cybersecurity controls as they spread, like using the web, email, and applications.

Phishing is the attempt to acquire sensitive information such as a username, password, or credit card information.

Privilege escalation: it describes a situation where an attacker with some level of restricted access is able to, without authorization, reach that level.

Social engineering, the content of computer security, aims to convince a user to disclose secrets such as passwords and credit card information.

Spoofing is the act of pretending to be a valid entity through falsified data such as usernames, IPs, and documents.

Modern Warfare:
Cyberspace will become the next theater of warfare.

An interesting topic about Endpoints
Endpoint Security:
Today's endpoint security must manage the chaos of a never-ending list of endpoint devices all connecting to your organization's infrastructure and accessing sensitive data. This is the challenge that the cybersecurity companies are working to solve it.

It is a form of cybersecurity designed to protect devices, or endpoints, that connect to your system and infrastructure to do work.

Example of an endpoint:
Smartphones/mobile devices
IOT-enabled or connected devices
POS system

All these endpoints are potential targets for malicious activities. Viruses, malware, business email compromise, account takeover—with unsecured endpoints.
Today's most common threats are coming through compromised endpoints. With attacks becoming more sophisticated, it's clear that the current approach to centralized network protection doesn't go far enough. The challenge is defining a constantly shifting security perimeter and then protecting it with layers of security through endpoint protection.

Why is it important?
With the efforts of scientists and engineers to build and interconnect computer networks, The first web server and the first web pages for commercial internet exchange were found in 1991. Since then, the Internet has tremendously impacted human communications and exploration.

Nowadays, businesses of all sizes are at risk of compromised endpoints. By design, endpoints are easy targets for cyber attacks because these devices don't have the same level of protection as on-site devices such as desktop computers. And with the increasing number of remote workers, multiple devices are added to the organizational work, and the security team has to check each device multiple times a day. It is so challenging to know for sure that your data is secure and protected within endpoints.

Endpoints management?
The process of managing and securing all endpoints that access and store data in an organization. The security admin team is the one who has to work around the clock to ensure the best possible security for all the endpoints. Endpoints management involves continuously evaluating, assisting, and overseeing access rights to all endpoints across the entire organization.

Endpoint management is the shared responsibility of a cross-functional team of network administrators and information security professionals.

Endpoint management solutions are:
Control Access
Measure security policy compliance.
Deliver complete visibility.
Control, configure, and maintain.

Endpoint security risks?
Data leakage, loss, and theft can happen, whether at the network or endpoint level.
Unsanctioned access to the device
Malware or ransomware attacks
Access through vulnerability
Endpoints are frequently the door through which attackers gain access to your organization's sensitive data.

Unified endpoint management (UEM) ?
It describes security tools that allow security professionals to manage, secure, and deploy corporate resources and applications on any endpoint from a single console.

Endpoint detection and response (EDR)?
EDR is considered the next evolution of endpoint anti-virus. It focuses on continuously monitoring the security posture of endpoint devices with the goal of detecting and responding to cyber attacks more quickly. Most popular as ransomware and malware protection.
The EDR solution can generate alerts that help security operations analysts uncover, identify, investigate, and remediate issues with the investigation report. EDR is instrumental in shortening response times for incident response teams; it is the best way to stop threats before they happen. EDR is designed to manage and protect entire endpoints, expose the origin of threats, and understand the footprints of attackers.

Difference between EDR and anti-virus?
While both involve monitoring and protecting managed endpoints, they aren't interchangeable terms. Anti-virus applications are often part of the EDR solution. But it is important to understand that not all anti-virus software offers an EDR solution. The main difference is that EDR operates under the assumption that managed endpoints will eventually become compromised. While anti-virus software alone may provide excellent protection against known malware, Especially in the event of a zero-day threat or more sophisticated phishing attacks. An organization that relies on anti-virus alone, without EDR, runs a significant risk of having limited visibility into what is happening with the targeted endpoint in the event of a breach.

Next-gen anti-virus, NGAV?
Next-generation anti-virus employs advanced monitoring to seek out threats of all kinds using different engines. Its defense works even in zero-day attacks. NGAV does not wait until a network threat has been detected to start working. It is continuously on alert.

Endpoint security solutions?
Threat protection
Device management and application control
Automated detection and remediation.
Intelligent alerting and reporting
Extended EDR is called XDR. More advanced form of EDR.
Where EDR is designed to remove threats from endpoints, XDR is designed to extend those threat hunting and response capabilities beyond the endpoint. The more advanced form of cyber protection focuses on your entire infrastructure to quickly and accurately identify trends and threats. EDR is a great solution for protecting endpoints. But each endpoint is only a single facet of the whole framework. If your enterprise's network is compromised by multiple systems, You may need XDR to attain maximum protection.

To stay anonymous:
Only use Tor.
Always use a VPN.
Never use Google—only DuckDuckGo.
Disable JavaScript in your browser.
Never use your real name anywhere unless it is required.
No social media, no LinkedIn, and no free public-facing profile.
Watch all incoming and outgoing network calls regularly and scan for abnormalities.
Encrypt your laptop and any external devices.
Don't buy a domain name.
End-to-end encrypted communication only
Don't use Gmail; use Proton Mail.
Never pay with cards; use cryptocurrency.
Make a developer account on Twilio and buy a number.
Turn off all location services on laptops and mobile devices.
Use only Linux; no Mac or Windows.
Never post your own pictures online.

Time-to-detection is everything when it comes to stopping malware and ransomware attacks on endpoints, especially securing mobile devices beyond the corporate firewall. Traditional endpoint management and anti-virus are not enough. Today's sophisticated threats demand constant vigilance against all types of threats, including zero-day attacks.

Reference:, Wikipedia. Socialmedia.