Embedded Files
Testing and Planning
These tasks were to teach us the basics of cybersecurity, through the common attacks, common defenses, and common terms used in both.
We started by taking notes, going clockwise from the top left, starting with the CIA Triad, moving to common vulnerabilities, then CVE lists.
We also learned about social engineering attacks, such as:
Phishing: Online messages meant to gain access/information
Spear Phishing: Targeted emails/texts meant to gain access/information
Pretexting: Creating a story to help a scam
Baiting: A reward is offered
Tailgating: A malicious attack immediately following a trusted source
In order to test our understanding of the attacks and defenses, we used these attack/defend cards. the attacks, in red demonstrate common mistakes in cybersecurity, for example weak passwords. The defense cards in green represent fixes that could be done before/during/after an attack, for example using a stronger password or 2 factor authentication.
Technical Development
During development, we learned how to detect and prevent common attacks, including learning how to to:
Check for outdated software
Update outdated software
Turn on/off the firewall
allow/disallow ports through the firewall
Software Versions
If software is old, there is a security risk to it. An example is windows 8, which had an issue for a bit that would cause any version connected to the internet to instantly get compromised and have important data leaked. The newer windows versions don't have this problem, but they do have "rolling" updates to keep them incredibly up to date. However, some software on these operating systems may also have security issues. By learning how to check versions and update them, we can prevent risks to our computer
The easiest way to keep most software up to date is
sudo apt update && sudo apt upgrade -y
This will update all the base packages in the system.
On an app by app basis, checking the version (-v, -version --version), and then updating the app helps to keep it up to speed, or some might auto update on launch (firefox)
Firewall Configuration
The firewall is what controls outside access to ports of a computer. Using it, we can deny or allow access, or completely disable it for testing purposes. Using the ss -tuln command, we learned how to view the open ports, and in Testing and Evaluation we turned on and off the ports.
Testing & Evaluation
Software Versions
Checking the software shows how much is outdated. If it was marked not installed, its not real and cant hurt me, but if its outdated theres a chance that there is an active vulnerability that is putting my computer at risk. Particularly risky for this computer is an old openSSH and python install. Both of these are processess that will commonly run in the background, meaning I probably not just had a risk of hack if I run a program, but an actively running maybe compromised program. These also commonly run with admin privliges (or superuser in linuxs case), and therefore could absolutely rock my computer if an attacker used it.
Firewall Control
Using the UFW command class, we were able to control the Universal Fire-Wall. This means that we can control outside access to our computer, which is required for applications like: Remote Desktop needs a udp port (fast) and tcp port (reliable) to establish and run connections.
Our Ubuntu started with the firewall off
We then turned on the firewall
And added our own custom rules
File Encryption
Using the LSBLK -F command, We could see the status of our drives. To see if a drive is encrypted, it would show a CRYPTO_LUKS where the fat32, or ext4 on the bottom left. CRYPTO_LUKS is essentially a shell that can be unlocked and contains one of the standard file systems, so the full identifiefer for it would be CRYPTO_LUKS ext4.
Reflection
These notes combined with the practical applications we did were a good introduction into cybersecurity, ports, and the threats we could face online. The CIA triad helped teach the very basics of cybersecurity: confidentiality, integrity, and availability. Moving on from that, we started to focus on the vulnerabilities of computers. We learned about ports, which when left open can allow nefarious activity. We also learned about firewalls, which also act as a wall against any malicious behavior, helping prevent a open port. And smaller but still serious vulnerabilities like behind software updates, and social engineering. I've experiences some attacks onto vulnerabilities in my own time, including a Minecraft server (which requires port 25565 to be open) having random people join. I also have had multiple social engineering attacks such as phishing and even targeted phishing.
Page updated
Report abuse