SEC301: Introduction to Cyber Security™

Overview

Every good security practitioner and every good security program begins with the same mantra: Learn the fundamentals. SEC301 starts by instilling familiarity with core security terms and principles. By the time you leave the classroom after the first day, you fully understand the Principle of Least Privilege and why it drives all security decisions. You will know the Confidentiality, Integrity, and Availability (CIA) method of prioritizing your security program and will have been introduced to the basics of security policy and risk management. You will know the difference between the Windows, Linux, Google Chrome, and Mac operating systems. You will understand essential computer functions such as the role of the operating system & kernel, file system, and Random Access Memory (RAM). You will have knowledge of mobile device security along with solid advice for securing your devices. You will understand the security implications of the Internet of Things and artificial intelligence systems such as ChatGPT. In addition, you can perform conversion of values in decimal, binary, and hexadecimal and can manipulate files using both the graphical and command line interfaces in Windows and Linux.

Exercises

Lab 0 - Using the Lab Environment

• All SEC301 labs occur in a virtualized cloud environment. Students access the environment via a browser to interact with a Windows 10 and Linux computer while Linux servers provide web and other services behind the scenes. Instructions are provided on screen, and in a printed lab guide -- students use whichever they prefer. It is not a difficult environment to use, but understanding how to manipulate the screen and font sizes and how to maneuver between tasks is very helpful. This lab helps the student understand how to use the lab environment so that in later, more complex labs, they can concentrate on meeting the objectives of those exercises and not on the lab environment itself.

Lab 1.1 - Converting Number Systems

• Apply the knowledge learned in course lecture to convert decimal numbers to binary, binary numbers to hexadecimal, binary and hexadecimal numbers to decimal values, and so on. Several pro tips and shortcuts are provided for performing these conversions quickly and easily.

Lab 1.2 - The GUI & CLI

• Use Windows 10's Graphical User Interface (GUI) and Command Line Interface (CLI) to create and manipulate files and directories. In both interfaces, you will generate directory listings, create directories, change directories, create files, rename files, copy files, and move files. You then change to a Linux computer and utilize both the GUI and CLI to perform all the same functions on that platform as well.

Overview

Cryptography is one of the most complex issues faced by security practitioners. It is not a topic we can explain in passing; we spend a full day on it. You do not need a calculator for this day since we do not delve into the math behind crypto. We introduce you to cryptographic terms. You learn what steganography is. You then look at historical examples of cryptography because even the most advanced cryptographic systems today utilize methods of encrypting data that were used hundreds of years B.C. So, we explain the historical examples that are very easy to understand, making it easier for you to understand modern cryptographic methods and principles.

You will understand the "work factor" - the length of time necessary to break cryptography and why understanding this concept is so important. We cover some of the potential attacks against crypto and which ones are viable against modern cryptography and which attacks are nonviable. You learn cryptographic hashing, symmetric & asymmetric cryptography and how each works. You learn how the popular key exchange mechanism called Diffie-Hellman works.

Once we have thoroughly explained how cryptography works, we end the day with a discussion on how we implement encryption in the real-world. How does cryptography secure data on our local computers, networks, and across the Internet? Here you learn email encryption, secure remote system administration, Zero Knowledge implementations, how passphrases can create encryption keys, and three common Virtual Private Network (VPN) scenarios. We also cover digital certificates and Public Key Infrastructure (PKI), including an explanation of the Open Certificate Status Protocol (OCSP) used on the World-Wide-Web.

Again, we do not spend our time on the mathematics behind cryptography, but instead, we are highly process focused. We explain the steps required to make crypto work, the order those steps must occur in, and which key you must use for each step.

Exercises

Lab 2.1 - Crypto by Hand.

• Crypto by Hand: Apply the knowledge and skills we learned via lecture to encrypt information using mono and poly alphabetic ciphers and gain a better understanding of triple encryption (as used by Triple DES).

Lab 2.2 - Visual Crypto.

• Observe the encryption process that occurs by turning plaintext (what you can read) into ciphertext (what you cannot read) in real-time on your computer screen. Increase your understanding of what "randomness in ciphertext" truly means by seeing the randomness happen. See ciphertext turned back into plaintext. Find out what happens if you edit ciphertext and try to decrypt it. Learn what happens if you attempt to decrypt data with the wrong key. See how many cryptographic functions pad plaintext. The lab provides visual proof of many definitive statements made by the instructor throughout the lecture.

Lab 2.3 - Using Crypto.

• Use two open-source tools to implement encryption on a local hard drive. You will use the tools utilizing both the Graphical User Interface (GUI) and Command Line Interface (CLI) to encrypt local files and to create mountable encrypted volumes.

Overview

You begin the third day of class by examining authentication systems. You learn to think of passwords/passphrases in ways you probably have not seen in the past. You learn to create passphrases that are extremely strong, but also easy to remember. You also learn about secure password manager software and password cracking software. You learn common password configurations used by organizations and the associated terminology. You also learn the value of token-based authentication and biometric authentication systems.

Once we know who a user is via authentication, security administrators seek to control what those users can do by implementing authorization controls. You learn the details of how Windows implements permissions using Security ID numbers (SIDs) and Security Access Tokens (SATs). You also learn how those SIDs, and SATs are used by a Windows network to enforce single-sign-on restrictions. You then see how permissions are implemented in a Linux environment, and how to set those permissions using the command line interface.

The day completes with an introduction to networking. You will learn the basics of how information moves across a network -- beginning with a completely non-technical explanation - then moving into slightly more technical examples. You learn about common protocols including the Internet Protocol (IP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). Part of this explanation includes examining the packet headers for each protocol. You will also learn about common necessary protocols such as Dynamic Host Configuration Protocol (DHCP), the Domain Name System (DNS), and Network Address Translation (NAT).

Exercises

Lab 3.1 - Building better passwords: The Haystack

• Use a tool that shows how long it takes to compromise various passwords via a brute force attack. The emphasis of the lab is to show you how to help yourself, your users, your family, and your friends to choose better, stronger, and easier to use passwords/passphrases.

Lab 3.2 - Bitwarden & 2FA

• Use the free Bitwarden password manager to remember your passwords/passphrases on websites you already have an account on as well as any new websites in the future. You will also utilize the Bitwarden passphrase generator to change the password on those sites to something much stronger and have Bitwarden remember the new passphrases for you. Finally, you will set up two-factor authentication (2FA) on those sites, using Bitwarden as the authentication "token".

Lab 3.3 - Linux File Permissions

• Using a Linux desktop computer, you will set the permissions on files using the Linux command line interface. You will set those permissions using both the absolute and symbolic methods that you learned about in lecture.

Lab 3.4 - Networking & Wireshark

• You start this lab by using a Windows command line utility to view the network configuration on the Windows 10 cloud lab computer (information we use in a later lab). We than utilize the popular Wireshark network analyzer to look at several types of traffic including DHCP, ARP, Ping, DNS, and HTTP. You will learn to use simple display filters in Wireshark to aid in analysis and how to enter even complex display filters easily. Finally, you use Wireshark to retrieve data from captured HTTP traffic and save the data to a file.

Overview

Our fourth day in the classroom begins our exploration of cyber security technologies. We begin with wireless network security standards for Wi-Fi to understand the current specifications for both functionality and security. You will learn about 802.11 standards old and new. You will learn about the weakness of antiquated security standards that are still in use and how modern standards improve Wi-Fi security a great deal. You will also learn about security implications of the Service Set Identifier, Pre-Shared Key, Enterprise Level Authentication, Wi-Fi protected setup, wardriving, homemade "cantennas", and rogue access points.

You will learn about Bluetooth standards and security and the operational strength but also the security weakness of Bluetooth's backward compatibility. You will understand Bluetooth's association models and security concerns.

You will dive into social engineering to gain an understanding of phishing, spear phishing, whaling, vishing, smishing, deep fake imposter vishing using AI and more. You will also learn the strategies to mitigate social engineering.

We then move into network attacks with a look at the five phases of an attack. You discuss common attacks including open-source intelligence gathering, port scanning, "living-off-the-land" attacks, remote command and control, machine-in-the-middle attacks, drive-by download attacks, watering hole attacks, lateral movement, buffer overflow attacks, Denial of Service (DoS), botnets and other frequent attacks.

The fourth day ends with a discussion of malware. What is a virus versus a worm or a Trojan horse? What is ransomware, and what is cryptojacking. We then cover both anti-malware and host firewalls that try to counter these problems.

Exercises

Lab 4.1 - Wireless Access Point Configuration

• Configure a Wireless Access Point (A.K.A. Wireless Router). Students go through the steps of configuring a wireless access point from its default insecure state to a locked-down, far more secure state. Industry best practices dictate the final settings. Students can take these lab instructions home or to work and apply them with some necessary modifications given their device manufacturer.

Lab 4.2 - Port Scanning with Zenmap

• Use the Zenmap graphical interface to the extremely popular port scanner Nmap. Conduct several port scans to determine live IP addresses, the ports they are listening on, the operating system of the distant computer, and the software running on those ports.

Lab 4.3 - Malware Scanning with Malwarebytes

• Run the anti-malware scanner "Malwarebytes" on a virtual machine running within the lab environment. Discover active malware and remove it from the system. Also, discover Potentially Unwanted Programs (PUPs) that are, in reality, authorized software. Allow-list the PUPs, so they stop showing up in the scan results.

Overview

The final day of our SEC301 journey continues the discussion of Cyber Security Technologies. The day begins by looking at several security technologies, including compartmentalization, firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), sniffers, content filters, sinkholes, ethical hacking, active defense, threat hunting, allow-listing and more. You will understand the strengths and weaknesses for each of these technologies.

We then take a solid look at Browser and Web security, and the difficulties of securing the web environment. For example, students understand why and how their browser connects to anywhere from 5 to 100+ different Internet locations each time they load a single web page. Students also learn about the common security features of browsers.

We end the day with a look at system security to include hardening operating systems, patching, virtual machines, cloud computing, and backup. We include solid real-world examples of how to implement these.

Exercises

Lab 5.1 - Firewall Builder

• Students utilize an open-source tool called "Firewall Builder" to create a simple yet fully functional firewall configuration. The lab not only explains how to build each of the rules but, more importantly, explains WHY you build each rule. The lab teaches not only the basics of configuring a firewall but also how to read and audit an existing firewall ruleset.