CS

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Denial of Service

A Denial of Service (DoS) is a special type of attack that overwhelms a network resource, like a website or even a router, with fake visitors and crowds out legitimate traffic, so the server becomes overloaded and can no longer function, thus denying service to users. And because DoS attacks on wireless networks don't leave behind any real evidence, they are hard to detect and easy to execute.

Wireless Guard Dogs

When it comes to wireless networks, passwords and personal behavior are only half the battle. Choosing the right amount of encryption for your device is equally important. Most wireless access points can enable one of these three encryption standards:

CAN-SPAM Act

For anyone who relies on email to do business, this act is an important one. As a law, it set the rules for commercial email, established requirements for commercial messages, and gave recipients the right to refuse certain digital communications. It spelled out tougher penalties for violations and established users rights as a priority. But it doesn't just apply to bulk messages—it covers all electronic communications which the law defines as a primary mode of commercial promotion and advertisement. Specifically, it outlined these email requirements: Don't use false or misleading header information. Don't use deceptive subject lines. Always identify when messages are advertisements. Messages must include a valid physical address. There must be a way to unsubscribe. Always honor opt-out requests. Monitor what others are doing on your behalf. If you are wondering why these three pieces of legislation focused on regulating legitimate entities instead of would-be hackers, the answer is simple: You can only change what you can control. Placing legal measures on cyber attackers is futile because they do not subscribe to the world of rules and regulations. Government and corporate ventures, however, are still beholden to the laws of the land, and that is where effective regulations can make a difference. And many people agree that companies will not make sufficient security improvements unless they are forced to do so by a government mandate. Promoting integrity, trust, and compliance among the big fish on the internet trickles down to the user through improved security, more transparency, and increased honesty about how sensitive data is handled. When consumers offer up their information to these major platforms, they need to trust that they will not be abused. And while this effort certainly doesn't clean up all cybersecurity issues, it does wonders for promoting confidence and creating a sense of unity among digital do-gooders. As testament to just how challenging this has become, there is no single piece of comprehensive U.S. legislation that handles all areas of cyber-related crime. Federal agencies have certainly created centers to address certain threats—from defending users to taking complaints to monitoring customs and immigration—but policymakers still struggle with how to handle all the dangerous and illicit information on the web. For example, would-be terrorists can now learn how to make a lethal bomb just by visiting a website; drug addicts can purchase all sorts of illegal pills from fake online pharmacies; and dangerous individuals can easily purchase a gun using underground networks. While most national government agencies can't really limit their citizens' use of the internet, democratic societies must find a way to balance personal freedom with crime control.

Cybersecurity: A Reality Check

Now, before you brush over the concept of authenticity without much thought, stop and consider what the real-life consequences for mishandling it might be—because they can be crippling. As was demonstrated by the Equifax Data Breach of 2017, now recognized as one of the single largest data hacks in history, the loss of some valuable authentication information can spell disaster for a business and create a serious security nightmare for customers. When the personal information of 143 million Americans—including social security numbers, tax IDs, credit card account details, birthdates, full legal names, driver's license numbers, physical addresses, phone numbers—was exposed during an online security breach of Equifax's massive database, this credit reporting giant was forced to admit the loss of sensitive authentication information that could easily be used to launch additional attacks against other businesses and the private citizens whose information was compromised. Just four days after the breach, Equifax faced a $5.3 billion loss in market gains—almost a third of their total revenue—and the possibility of another $20.2 billion in the near future. If fully realized, the losses would exceed its overall value by at least $8 billion, not to mention bring about a massive wave of personal fraud and financial maleficence. And this death spiral only gained momentum during the 23 class-action lawsuits and $70 billion in damages that resulted from the situation, all of which had to be individually addressed and resolved. And the craziest part is—and really, the part that paints the best picture of just how critical cybersecurity practices have become in our world—that Equifax could have prevented all of this heartache and loss if they had just followed standard security procedures. Hackers were able to gain access through a bug in the system and steal all of this valuable information by exploiting a tiny coding flaw in the open-source software being used. And because Equifax did not update its software components and apply the necessary patch in a timely manner. Lesson. Learned.

Encryption, Cryptography, and Cryptology

If the word encryption gives you a mysterious feeling, you already have a sense of what it means. The ancient Greek practice of cryptography relates to "hidden" or "secret" writing used to communicate in the presence of a third party. Within cybersecurity, encryption is the process of encoding messages or information in such a way that only authorized people can easily access it. While encrypting data does not deny interference, it "codes" or transforms the text in a way that makes it hard to crack. As a valuable security layer, encryption also prevents data from being read just in case it is accidentally divulged by a user or stolen by a hacker. And it is, hands down, one of the biggest players on the forefront of cybersecurity today. Encryption is important to ensuring the integrity and transfer of data because it disguises the true nature of the information. As a result, this coded representation leaves it inaccessible to anyone without authorization or authentication. It can be done through disk encryption, which protects information by converting it into unreadable code, or through device encryption, which keeps data stored safely. And, in some cases, volume encryption is used, which only codes a single part of the drive. Although authentication and authorization are both security concepts—and encryption is technically just a control measure—they all work well together to create the necessary layers of a durable security system. For example, students at some colleges are required to authenticate before they can access one of the institution's online resources. However, once they are in that privileged area, they still need to authorize their access to their own private information. In this way, they are allowed on the website but cannot see anyone's data but their own. Computers not only communicate, but they also share social norms. Yes, in the world of telecommunications, an automated process known as a "handshake" occurs when devices agree on certain protocols that allow them to exchange information. This initial process must happen before anything else, so computers can "meet" and make sure they are going to work successfully together. Certain protocols are used in the encryption process to protect all data exchanged between the user and the server. That means when your social security number or personal information moves over the internet, it has much less risk of being intercepted. When software uses a public key infrastructure (PKI) to encrypt a message, the communication is coded especially for the recipient. This is the set of roles, policies, and procedures needed to manage public key encryption. For example, suppose you received this encrypted note: wUwDPglyJu9LOnkBAf4vxSpQgQZltcz7LWwEquhdm5kSQIkQlZtfxtSTsmawq6gVH8SimlC3W6TDOhhL2FdgvdIC7sDv7G1Z7pCNzFLp0lgB9ACm8r5RZOBiN5ske9cBVjlVfgmQ9VpFzSwzLLODhCU7/2THg2iDrW3NGQZfz3SSWviwCe7GmNIvp5jEkGPCGcla4Fgdp/xuyewPk6NDlBewftLtHJVf=PAb3 Right now, it's a jumbled mess of random characters. But when you use the private key (in the form of a passcode) to open the message, you give the computer permission to decrypt the text and present it in a readable way, like this: "I'll see you tomorrow for lunch at one o'clock, sharp! Talk about a real-life decoder ring! But how does this technology really work? Cryptography uses the application of mathematical principles and formulas to create a cipher, or algorithm for performing encryption. An algorithm is a series of well-defined steps followed as a problem-solving procedure. Computers follow directions, and a cipher simply gives them a protocol to use when making decisions. Because the data is basically scrambled by the algorithm, the information can only be read if it's somehow decrypted and broken out of its code-like form. By creating keys made from long strings of bits (or binary numbers), the algorithm hides the true nature of the information while also giving the proper machines a way to recompile the information in a human-readable format. In cryptography, key size is the number of bits a key uses to create a cipher, and its length usually equals its level of overall security. In cryptography, there is also a concept known as the web of trust (WOT) that allows compatible systems to establish the necessary authenticity between a public key and its owner. This is a decentralized trust model that stands in contrast to the centralized one of the PKI. There are as many independent WOTs as there are networks, which means any user can participate and connect multiple webs.

Management (Administrative) Controls

Management (administrative) controls are the rulebook of environmental controls. They represent the policies, standards, procedures, and official guidelines set up to handle physical problems.

Switches

Switches are a bit different because they aren't really designed for security. Instead, they support a network by providing a central point where devices can connect, much like a bridge. In this way, they offer performance optimization by giving security methods a way to function more effectively. A switch receives, processes, and forwards data to the destination device by using a table of addressable memory, called a bridge forwarding table, to determine where a packet should go. That said, an organization can easily increase its overall cybersecurity by performing some basic configurations of its switches. This can be as simple as creating a protective "hard shell" for its switches by setting up passwords or enabling all discovery and safety features. Firewalls, routers, and switches can be integrated to create secure access, but typically, business networks are more comfortable using these devices separately. Using an integrated router, switch, and firewall can be difficult to troubleshoot—which translates into more manpower, time, and money. When these three security dynamos are working as separate systems, however, it can be easier to isolate problems and assess overall performance. Also, using these devices separately allows users to take advantage of many more features, thereby enhancing their overall effect as virtual guard dogs.

Symmetric encryption

Symmetric encryption uses the same key to scramble and unscramble the data. This means that both the encrypter and the decrypter need access to the same key, which then begs the question: Where will that key be safely stored until the decryption program needs it? Both parties have access to the secret key, which can be one of the main drawbacks of this type of encoding. Symmetric algorithms are used in Bluetooth technology.

Critical Infrastructure Security

When it comes to the basic physical and organizational structures and facilities we depend on in the world, otherwise known as infrastructure, control can become a powerful weapon. The fundamental systems that supply our country with roads, pipelines, electricity, public water, sewage treatment, railroads, internet, and other forms of communications are the backbone of civilization and the structures we rely on for everyday life. Without them, the world would be a much colder, darker, and more forbidding place. So, when we think about the notion of control and how it affects cybersecurity, we must consider those areas of infrastructure that have gone digital and, as a result, are now most vulnerable to attack. These systems are so powerful and important, a loss of control in any one area could spell disaster—which is precisely why they sit on the forefront of our modern cyber concerns. A hacker targeting the digital industrial control system of any automated or mechanized instrument, regardless of the industry, could feasibly gain authority over anything from one elevator, to the air ventilation system of an entire shopping mall, to the flight trajectory of a 735,000-pound jumbo jet. Because a great number of businesses and organizations rely on digital industrial control systems, including government and military entities, they also share the same vulnerabilities. As a result, attackers have a juicy menu of exploitable items to choose from. What they choose to access and control depends on what they hope to accomplish. In today's world, this hypothetical is often viewed through the lens of terrorism and how it can be enabled by the exploit of certain digital assets. Traditional terrorism relates to the use of violence and intimidation against people in the pursuit of a political agenda, and cyberterrorism is no different—it simply utilizes computers and information technology (IT) to spread this fear. Although there is no real consensus about what qualifies as an act of cyberterrorism, these types of premeditated attacks tend to target vital infrastructure in an effort to disrupt and harm the livelihoods they uphold. From financial to social to political to physical, cyberterrorism is about terrorizing victims through the use of technology. Counterterrorism efforts, or those made to prevent such attacks, are always in progress, as governments around the world work to identify, monitor, and apprehend cyber terrorists. And two of the most troublesome activities plaguing the internet today are cyber warfare and cyberterrorism. Let's do a comparison: Cyber Warfare: This occurs when a state or nation conducts criminal activity online to penetrate another nation or state's computers or networks for the purpose of causing damage or disruption. This could include disabling the defense of the Pentagon in order to halt military action against another country. As the name suggests, this cybercrime is associated with war and the desire to either initiate, disrupt, or stop it. Cyberterrorism: Cyberterrorism involves a cyberattack using or exploiting computer or communication networks to cause enough destruction to create fear or intimidate a society into an ideological goal. This type of digital crime can result in violence, destruction, death, and the propagation of terror for the purpose of forcing a government to change its policies. So, how real is cyber terrorism? Unfortunately, this modern crime is very, very real and has far-reaching social, political, and economic effects. For many people, cyber terrorism is particularly destructive in the way it combines a natural fear of random, violent victimization with the distrust and outright fear of computer technology. Many people don't completely understand the internet, and yet it somehow has the power to threaten their security and privacy. Not a good combination. For hackers and cyber terrorists, the secrecy of the crime makes it an attractive option and one that allows them to cause considerable damage while never even stepping outside—or being identified. As a result, it creates powerful fear and has been called the greatest current threat to the United States, if not the world. And given the continuing growth of the internet, these attacks are probably here to stay, changing only in scope and sequence. That is exactly why cybersecurity has become such a priority in the online world—it's the only real defense we have against this ongoing threat. Cyber terrorists commit digital crimes for:

Block ciphers

break down information into fixed-size blocks before encrypting it. The downside to block ciphers is that, depending on the amount of text carried in one block, hackers can look for patterns and start to guess the nature of these blocks based on a user's routine. Web applications typically use HTTPS, which encrypts data using both block and stream ciphers. That said, block ciphers are mainly used as building blocks for other cryptographic methods like hash functions and stream ciphers.

mobile device

s simply a portable computer like a smartphone or tablet, able to access the internet from the convenience of your hand. The reality is, basically everyone around you, in any place and at any time, has some kind of personal device on their person—that is, if it's not glued directly to their face. Smartphones now collect and compile an increasing amount of sensitive information, all of which must be protected through new forms of access control. So, it is disturbing to hear how the majority of digital security experts agree mobile devices have now become the new frontier for cyber risk and privacy violations.

screw you

screw you

2002 Homeland Security Act (HSA)

As one of the more well-known pieces of legislation, this act was introduced on the heels of the terrorist attacks of 9/11 and the subsequent mailing of anthrax spores. It boosted oversight of how the U.S. government discloses cyber weaknesses to the private sector. Some federal agencies were accused of "stockpiling" digital vulnerabilities for their own intelligence purposes, rather than sharing them openly with vendors as a way to strengthen the overall environment. Many critics claim the government's desire to keep vital secrets to themselves rather than apply them to the greater good is what led to the massive success of the WannaCry attack.

Authentication, Authorization, and Accounting (AAA)

Authentication, Authorization, and Accounting (AAA) is a term describing the framework for controlling access to computer resources, managing usage, and enforcing procedures. Together with the process of identification, these methods are considered to be the foundation for effective network management and security. Authentication confirms the identity of a user by asking them to enter some kind of validating information, like a special username with a password or even a thumbprint. It is the first major step in access control and must be properly met before anything else can happen. If it's not—access denied! Authorization gives a user permission to do certain things. Once you have been authenticated, you are allowed into a system where you can issue commands, make changes, or access data. The authorization process simply determines where you, the user, have the right to move around in this cyberspace. The boundaries of this movement are dictated by the user's level of privilege. For example: Administrators are the top dogs—or bosses—who run the show and make the larger decisions regarding the movement and privilege of the other users. They create files and folders on the root level, establishing all of the safety parameters and settings. They mandate security controls, like login verification or minimum password length. Power users would typically be employees in this scenario. They have a great deal of access to advanced features and privileged information but only insomuch as it affects their specific work roles. They can also be assigned administrative rights if deemed necessary and appropriate. Standard users are usually business partners of the company like customers or vendors. They have limited access to advanced features and typically can't share folders, files, links, or privileged information. Accounting is the process that measures the overall access of users, from the amount of information they access, to the resources they consume, to the number of hours they spend on a session. It is what keeps them answerable and accountable for their actions. Within a network, everyone's movements are visible, and this offers watchdogs the chance to continually assess what is happening. This process is performed through computer-generated functions and can offer information on who did what, where, when, and why. In terms of security, this ability can help track a user's activity during an incident investigation.To illustrate this point, let's look at how a user at a company—let's call him Sam—might be granted access to perform his duties. As soon as Sam is hired into the organization, he will be added to the proper access control list (ACL)—which identifies what online material he can see—so he can do his job. An access request is initiated by his boss, and Sam supplies a bunch of personal information, like passwords and such, which are approved by an administrator. Once Sam is cleared and all set up, the information is passed along to a security access coordinator who follows up with a documented procedure for granting access. There are times, however, when people need access to information on a network, but they just don't have the clearance to get it. Sam will tell you—gaining unauthorized entrance to data requires the permission of a system administrator who can grant the necessary privilege. While this sounds fine, it can pose problems in a busy work environment where the boss needs something yesterday. In this way, access control can tie your hands as much as it can offer security. But this problem can be relieved by a group policy feature which enables administrators to centrally manage policies for users and computers within their own directory. This ability gives the boss some flexibility to grant access more quickly when needed, without holding up progress.

Conclusion

Experts say the world will go from having 15 billion internet-connected devices to over 200 billion in the next three years, and that exponential growth will likely challenge our ability to protect our most precious asset—information. Right now, the ongoing race between cyberattacks and cybersecurity effort is neck and neck, and we will need to utilize our best resources and expertise if we hope to vanquish digital threats down the line. In the great scape of history, the battle for dominance in cyberspace has just begun, and it is clear the digital revolution is now at our front door. If we hope to face the tremendous challenges on the horizon with strength and efficacy, we will need to change the way we think about access, control, and our legal system. Staying on the defensive while employing preventative measures has never been more critical. Regardless of what has come before, the future is going to demand more than just "smart" devices—it's going to require much smarter users as well, users who can change with the times and adapt to new challenges. That is the way of nature, the way of the future, and the way of the internet.

Types of Encryption

Types of Encryption Encryption technology comes in many forms, and the key size and strength are usually what distinguish them from one another.

Service Set Identifier

Let's say you are a small business owner or just someone looking to set up a secure LAN at home. There are certain precautions you will need to take in order to boost your overall cybersecurity. Once you identify your network needs in terms of ports and routers, you can situate your hardware near a convenient power source. This will essentially become the epicenter of your home access. One of the main pieces of hardware you will need is a cable / DSL modem, which can direct traffic between your internet provider and your network. Remember, a broadband connection is a high-speed, high-capacity transmission medium used to carry signals from different networks. As you may recall, this can be done with a coax or fiber-optic cable and can transmit data, voice, and video over long distances. Phone lines are now used to create DSL connections through a modem which carries this broadband connection to your computer. Even so, most home network modems are not very secure. If you are concerned with increased protection, make sure your modem is not set to use a default password like "admin" or "password," which can be easily guessed and give a crafty hacker access to your configuration page. Always take time to ensure any hardware installed on your LAN is properly secured and guarded by unique, multi-character passwords. Although this may sound overly cautious, bits of information like the service set identifier (SSID) of your wireless router can actually be "sniffed" out by hackers. To be clear, an SSID is a unique set of alphanumeric characters set at the header of the data packets being sent out over the wireless network, not a password. Even though this code acts like a password when a mobile device tries to connect, it is still considered to be a fairly weak form of security. By default, a router will broadcast its SSID in beacons, so all users within range can see the network on their personal device or computer. For this reason, many people say you should prevent your router from broadcasting this information, thereby rendering it basically invisible to anyone outside your network. Although detecting the name of an SSID or a hidden network alone isn't much of a prize, it brings an attacker one step closer to a clearer understanding of your digital landscape and how it might be compromised. Now, it is worth noting here that things are always changing in the cybersecurity world, which is one of the reasons it is such an exciting area. But as a result, experts in the field are constantly updating and tweaking their perspectives in response to ever-changing factors, and these shifts can sometimes leave users feeling confused about the right approach to security. So, while some pros will tell you to hide your SSID, others will say it's a waste of time. Preventing your router from broadcasting might sound great, but some devices—including PCs running Windows 7 or later—will still see all the networks in action, even if they can't identify them by name. Further, attempting to hide your SSID may actually achieve the opposite effect by attracting the interest of nearby Wi-Fi attackers who see it as a sign of potentially sensitive information in need of extra protection. Yes, hiding your SSID will shield your network from the average Joe, but it's likely not going to give you the level of security you need in the face of a bona fide cyberattack.

Ransomware

Now, if you haven't already realized it, the cyberattacks of today are no laughing matter—and they're predicted to get worse. Because 2017 was dominated by news of data breaches, corporate hacks, and other cyber threats, it stands to reason that we will see more of the same in the future, with special attention paid to high-value targets like business, finance, government, politics, and other influential public spheres. One of the digital landscape's most dominant threats is ransomware, which is essentially malware designed to block user access to a computer system until a certain sum of money is paid to the attacker. Although light on specifics, the intention behind ransomware is perfectly clear—to lock up a system until a ransom is received. Ransomware can be contracted in all the ways we have discussed: clicking weird links, visiting compromised websites, or even opening unknown emails. The modern form of "crypto-ransomware" is one of the biggest, most dire threats in the cybersecurity world, as it has the ability to take many forms and the power to do significant damage to incredibly valuable systems. By performing an unauthorized encryption of files stored on a computer or mobile device, attackers scramble the contents and render data unreadable. For information to be restored, a decryption key is needed to decode the scrambled text—and of course, this key comes at a high monetary price. Crypto-ransomware essentially takes files hostage, demands a ransom (often in the form of untraceable cryptocurrencies like bitcoin) in exchange for a key, and then restores them only when the ransom is received. Unlike other threats, this exploit is not subtle, clever, or hidden. Instead, it blatantly uses shock and fear to scare consumers into cooperating. Cybercriminals continually update their malware to evade detection and sneak around any attempt to break the encryption, often using social engineering strategies to target victims. This means attackers use deception as a way to manipulate users into revealing personal information—which they, of course, then use for their own purposes. The key to a successful socially engineered attack is a full understanding of current trends, along with how to creatively skirt them, and the ways people respond to specific situations. We will discuss this concept more in the future. But aside from the actual ransom itself, anyone threatened by this exploit will also have to deal with the cost of containment, downtime, and recovery. And the worst part is, there is no guarantee access will actually be restored after the agreed upon sum is paid. Yes, you've heard it before, but it bears repeating. Here's how to combat ransomware: Backup all data Don't click unknown links or attachments Always patch systems and employ software updates Use a layered defense with advanced security in place Consider breaking network into "segments" that can reduce the spread of malware

Attack of the Smart Devices

With the establishment of the IoT, and its endless entrance points, the world's attack surface has essentially grown almost beyond comprehension. Most people have no idea how vulnerable IoT devices have become recently, and even more disturbing, how they are already caught up in the middle of a digital war. Just think about it, you have hackers out there looking for access to data. And every time a smart device is added to the pool of user information (which is basically every minute), access opportunities increased tenfold. No matter where you are—home, work, airport, restaurant, hospital, church—there are enough devices in the area to implement a classic DDoS attack, which overwhelms a system and renders its services unusable. In fact, IoT-powered DDoS attacks have now reached a massive scale, especially because it's far too simple for hackers to gain control of poorly configured devices. And to make matters worse, many of these internet-connected devices no longer receive regular security updates, which makes a malicious actor's job even simpler. Of course, we all know our mobile devices—and many of the seemingly innocent ones we also use—are susceptible to threat, but we often don't think about the next boundary of digital threat until it actually happens. The envelope is always being pushed just a little further day after day. Any emerging technology we can visualize and develop is destined to become part of the IoT and sure to become part of the hacking landscape. A team of security experts in Texas just proved this truth in spades when they created a flying drone capable of tracking and "sniffing" out data from devices connected to the internet. The drone was custom built to fly over Austin, Texas, for 18 minutes, and during that time it found 1,600 IoT devices, of which 453 were made by familiar companies like Sony and Philips. The process was simple and straightforward. When the IoT devices communicated over a wireless protocol at the network level, they would send out beacon requests. These requests were "captured" by the drone who could then access some data as well. If hackers were able to hijack any smart home or internet-enabled appliances remotely, it would allow them to take control of all connected devices on a network, including door locks, alarm systems, garage door openers, and even the lights in your bedroom.

computer patch

A computer patch is a piece of software designed to update a computer program by fixing bugs or improving overall function. This includes repairing vulnerable spots, sensing new ones, and even repairing old patches that have failed. A patch can also remove components which are outdated or no longer licensed. Patch management is critical to an effective security plan and is part of application lifecycle management (ALM), or the governance, development, and maintenance of computer programs. It handles software management, testing, requirements, and integration. It is the big picture from start to finish, across the entire lifecycle of a product. The term patch is not to be confused with a hotfix, however, which is a collective, single package of information (usually in the form of files) that handles a software problem or bug. Hotfixes are designed for specific system issues and do not span the life of the product—instead, they usually work quickly and precisely.

1996 Health Insurance Portability and Accountability Act (HIPAA)

Although most of this act relates to the availability of health insurance, there is a piece specifically dedicated to the prevention of digital fraud in the industry which could jeopardize the privacy and safety of individuals. As a law, it has established civil and criminal penalties for cyber violations and regulated the way health care information is distributed and used on computing systems.

VoIP

Another secure option is Voice over Internet Protocol (VoIP), a technology that allows you to make voice calls using an internet connection instead of a regular phone line. This can be done through a personal computer, a special VoIP device, or a basic telephone, as long as they are attached to a special adapter. It can also be done wirelessly where "hot spots" are available in airports, parks, or cafes. Examples of VoIP software that you've probably heard of include Skype, WhatsApp, and Google Hangouts. Even though this process (and the development of laws) can provide a level of protection against a breach like wiretapping, attacks on VoIP are common and relatively easy to perform.

1999 Gramm-Leach-Bliley Act (GLBA)

As a financial piece of legislation passed by Congress, the GLBA established rules for banking, securities, and insurance industries, which must explain their information sharing practices to customers and educate them on the right to "opt out" of giving their data to third parties. This act essentially forced certain corporations to be more transparent in their movements while empowering consumers to take some responsibility for their own data access.

The Internet of Things

Before this discussion goes any further, you need to reflect on how connected we have all become. On the one hand, we continue to come together in much the same way we always have: We share photos, have phone conversations, talk face-to-face, and make plans for the future. But now we share these same photos, conversations, and plans using the digital resources of the internet. All of our personal devices have the ability to bring us together in increasingly powerful ways, and with these new relationships come both benefits and problems. Yes, this technology offers us more social engagement and opportunity, but it also renders us more vulnerable to attack because our personal information is stored in the cloud—just out there waiting to be found. And found it can be, by anyone willing to exploit these connective avenues. But it's not just our phones and networks that connect us to each other and the larger world anymore—it's a vast system of interrelated computing devices known as the Internet of Things (IoT). This far-reaching technological structure does not only relate to the usual suspects, like software and laptops, but also to anything that can become "smart" through the sending and receiving of data. And in the modern world, complete with wireless magic, this includes a lot of everyday objects you may not expect. We now have smart locks, smart clocks, smartphones, even smart friends named "Alexa" who never sleep. We have cars with built-in sensors, pets with embedded identification chips, and heart monitors that sustain life through machinery. Because all of these things contain data transferring tools, they have been assigned an internet protocol (IP) address and are an official part of the computer landscape. And now that we can transfer data over a network without the need for human-to-human or computer-based interactions, we have arrived at a new digital frontier, where all physical entities can be linked together through a unique identifier and are able to communicate and share endless amounts of data at all hours of the day, all days of the week, and all weeks of the year. The IoT is the future in motion and the ultimate symbol of the information age we now live in. But these new privileges do a lot more than just make life easier; they generate a crazy amount of information, all of which can be remotely accessed at any time. So just remember, if you are able to reach your information from afar, it stands to reason a hacker can as well. It's also important to remember that the IoT is not just about basic objects likes cars, thermostats, and Bluetooth speakers—it greatly affects the public sector as it relates to major pieces of infrastructure like road sensors, traffic lights, smart meters for energy, and the like. From the biggest government project to the smallest physical object embedded in a computer, the IoT has created a broad universe that leads directly to a "smarter" future. Everything these days can be sensorized and connected somehow, which means keeping this technology safe has never been more critical. And while the IoT, at both the federal and local levels, promises more efficient and advanced abilities, it also creates a high level of perceived risk. For governmental use of IoT projects to be successful—and more importantly, safe—we will need to focus on increasing our strategic leadership, funding for IT infrastructure, and our ability to process, use, and protect the massive amount of data it generates. If it's connected, it needs to be protected.

Discretionary Access Control (DAC)

DAC is a type of control that is defined as "a means of restricting access to objects based on the identity of subjects and/or groups to which they belong." If individuals have a certain level of access permission, they are capable of passing that authorization to someone else—directly or indirectly—unless, of course, it is forbidden by a MAC. This is obviously a more relaxed mode of security and empowers the user to determine access privileges.

Hacked While Airborne: A Horror Story

If there's one thing you can count on in the cybersecurity world, it's this: hackers are a crafty lot. When you think about unsecured networks, you probably don't think about airplanes—and yet, it turns out your mobile devices are just as vulnerable to attack when traveling 40,000 feet in the air. A newspaper columnist recently claimed to have been hacked while flying American Airlines and using its in-flight internet service. Just like coffee shops and airport restaurants, airplane cabins are also ideal environments for "sniffing" out unsecured Wi-Fi users. Because the inside of a plane can feel like a smaller, more secure location, passengers often don't realize the network they're using is still "public," unsecured, and open to whoever happens to be on that plane. A hacker can sit for hours on a laptop without drawing attention to herself, all the while targeting passengers sitting just a few feet away. Using a nifty little device called a "Wi-Fi Pineapple," a hacker can send out a commonly used SSID to lure unsuspecting users into connecting with a false network, thereby ensnaring them in a cyber trap. Even more insidious are the ways this Pineapple device can use a trusted network to fool users. When your PC or mobile device is turned on but not connected, it is still sending out signals and probing for trusted networks. If one of these searches hits on a Wi-Fi Pineapple in use, the hacking hardware will mirror one of your trusted network names and cause your computer to automatically connect because it doesn't know any better. And once the Pineapple has you in its clutches, your information is in serious danger. To be fully protected in these situations, be sure to turn off the Wi-Fi connectivity of your device before entering any untrusted areas. This will also turn off any probing functionality and render that pesky Pineapple useless. Better luck next time, hackers.

Ransomware Can Make You WannaCry

If you really want to grasp the severity of a ransomware attack, you need only look back to May of 2017 when a crypto worm known as WannaCry was unleashed on the world. First uncovered by the National Security Agency, this nasty bit of malware targeted computers running a Microsoft Windows OS by infecting and "scrambling" their data through encryption and then demanding a bitcoin ransom for its safe return—to be paid directly to a digital cryptocurrency "wallet," of course. Although Microsoft had released some system patches around the time of the exploit, the organizations who were hit by WannaCry had not applied their hotfixes yet and were using older Windows systems with porous backdoors. As a result, 200,000 computer systems—from Russia to China to the United Kingdom to the United States—were victimized by this malware, as users around the globe were locked out of their own data. And not just any data, but vital information from hospitals, banks, and telecommunication companies. One of the agencies hit the hardest was the National Health Service of England and Scotland, who suffered damage to 70,000 devices, including essential life-sustaining ones like blood storage refrigerators and MRI scanners. Ambulances had to be diverted to other hospitals and non-critical emergencies sent elsewhere for care. The attack was finally stopped after a few days when Microsoft released a series of emergency patches, and a safety mechanism known as a kill switch, which could shut down a system instantly, was discovered by a tech. As a countermeasure, this switch offers a single point of control for anyone looking to stop internet traffic immediately. But even this security feature was not enough to save hundreds of millions, to billions, of dollars that were lost during the breach, setting a new standard for online threats and new expectations for cybersecurity professionals. WannaCry was eventually traced back to an initial infection in Asia through a tiny, unassuming SMB port connected to a single vulnerable system. And through this one little portal, the world's worst ransomware attack on record infected the international landscape and managed to cripple computers in 150 countries, a cybercrime with a $4 billion price tag. In cyber land, even small things have power.

Layer Two Tunneling Protocol (L2TP)

L2TP is an extension of PPTP used by an internet service provider to allow a VPN to function over the internet. Without getting too technical, it creates a form of encapsulation that enables packets to transmit over level one and two of a computer's random-access memory (RAM). This configuration allows the cache memory and Point-to-Point Protocol to exist on the same network access server and tunnel data from a user's end over an IP network, which makes them more transparent and easier for large infrastructures to share and manage. While it does not provide encryption or confidentiality on its own, it can be used with an encryption protocol for added security.

Point-to-Point Tunneling Protocol (PPTP)

PPTP is the set of communication rules allowing corporate networks to extend through private tunnels while on the public internet. As a result, a company does not need to find its own lines for widespread contact but can securely use a public network to achieve this goal. That said, this protocol is not used anymore, as it offers too many vulnerabilities.

Secure Use and Disposal

Once upon a time, information was scarce. Looking back just 500 years ago, people didn't even understand the shape of the world or how the continents fit together. These days, as the world of technology booms, we seem to be experiencing the opposite problem—more information than we can handle. For example, when the Sloan Sky Survey began observing the stars in 2000, its sophisticated telescope amassed more data in two weeks than had ever been seen in the entire history of astronomy—a whopping 140 terabytes of information. Facebook alone holds over 40 billion images online, and the giant retailer Walmart handles more than one million customer transactions an hour. When viewed this way, one thing becomes clear: the world is filled with an incredible amount of information, all in need of protection and management. While threats of a data breach are always present, we also know there are many resources available to minimize them. Just like a chain, cybersecurity is only as strong as its weakest link, and for most modern businesses out there today, this is a major point of concern. If someone you are working with doesn't handle your data safely, it has the potential to be compromised by an exploit. It then becomes important to fully understand where your data lives, who has access to it, and what security measures can be taken to safeguard it. That said, not all data is the same. Some pieces of information are more valuable than others, and it's important to classify them accordingly. To gain a sense of this framework, ask yourself why the data matters: Would it take forever to recreate? Would it put your finances in jeopardy? Maybe you wouldn't really miss it at all. By assigning this kind of value to your data, you can store and handle it more efficiently, from beginning to end. The approach known as data lifecycle management (DLM) is what oversees your information throughout its lifecycle: Phase I: Data is created Phase II: Data is stored Phase III: Data is used Phase IV: Data is shared Phase V: Data is archived Phase VI: Data is destroyed Yes, just like you, your data has a birth, a life, and a death. A lot of the data we generate has the ability to reflect back on us in various ways. Personally identifiable information (PII) refers to the kind of data that can be specifically used to find someone and distinguish him or her among different individuals. It is classified in two general ways: Non-sensitive PII is typically unencrypted and doesn't pose a real threat if it's passed around. This type of information can be easily gathered through any public record, directory, or website; it's not hard to find. Sensitive PII, on the other hand, could result in harm to an individual if exposed. Medical information, biometric data, and financial records would all fall into this category. To keep this kind of private information safe, it is often encrypted in transit and stored carefully. Although there is a clear difference between these two levels of severity, it's important to remember how hackers can use non-sensitive information to patch together a serious breach. True, your zip code alone is not enough information to threaten your security; however, if this information were paired with, say, your age, race, and gender, you may become easier to identify. If this profile were then combined with your physical address or your place of work, an even more developed portrait would emerge. In this way, someone looking to compromise your data only needs to find several pieces of non-sensitive information in order to construct a larger understanding of who you are.

Honeypots

One of the most fascinating aspects of cybersecurity is how it merges the practical, modern world of technology, components, and code with good, old fashioned methodology. Even though its doors, portals, tunnels, locks, and keys exist in a virtual landscape, the ideas and strategies behind those inventions are purely human and based on our knowledge of survival in the natural world. This phenomenon is particularly visible in the use of honeypots. To a malicious hacker, a honeypot looks like a sweet server left open or carelessly unprotected—the perfect target for a cyberattack. But just like a honey trap could be used to bait a bear looking for a yummy score, a honeypot is, in fact, nothing but a diversion from the live network. It can be made to look just like a live web server with fake data in the form of files and folders, all containing fake credit card transactions or personal information. This little treasure trove is so attractive to a hacker that he or she wastes time and energy trying to gain access, even though there is nothing of value there. In this way, honeypots represent a brilliant form of security because they do not overtly fight the attacker. Instead, they rely on cunning and creativity to best their enemy. Honeypots use minimal security for obvious reasons, and not only do they lure hackers away from the real assets, but they provide a way for personnel to observe the criminal in action while gathering intelligence on their tactics and possible location. Users can also employ honeynets where a group of virtual servers are, in fact, all honeypots. Of course, any adept attacker is always modifying their methods, but in many cases, this baiting strategy gives security professionals the chance to learn more about brand new offensives in the ever-changing world of exploits. As the Chinese military strategist, Sun Tzu, once said, "Know your enemies." Even though he lived well over 2,000 years ago, it appears his advice is still relevant.

Role-Based Access Control (RBAC)

RBAC is a method of regulating access to a network or resources based on the role of a user and their authorization to perform a certain task. In this way, a person within a company can view, create, or modify a file according to their job authority and level of responsibility—their role dictates the access control. RBAC allows users to do all sorts of tasks through a set of flexible functions, communications, and restrictions. In this way, roles are created for people and can be easily changed to meet the ever-changing needs of the business at hand. This process lends itself well to a looser security system and one that experiences regular transitions and growth, as it does not have to constantly update privilege or work around mandatory protocols.

The Advanced Encryption Standard

The Advanced Encryption Standard (AES) is a symmetrical block cipher developed in 2001 to decipher code and offer various levels of security. AES was created to be an improvement on a previous algorithm that had become vulnerable to brute force attacks. Developers worked on making the AES harder to crack by creating longer keys, faster encryption, and a stronger algorithm. The algorithm they designed allows for keys of 128, 192, or 256 bits; data that gets encrypted in this process goes through 10, 12, or 14 encryption rounds, respectively. That's a whole lot of scrambling of the text and possibilities for the rearrangement of cipher keys! Most in the field agree the smallest 128-bit keys are generally safe from brute force attacks by normal computers, in which case cracking the largest private key of 256 bits would be a serious feat. Doable? Perhaps. Using the world's fastest supercomputer and the largest data storage, it would be possible to comb through this astounding amount of code and search for patterns and weaknesses. But at what cost? This would involve a price tag of $40 million, 65 megawatts of electricity, and well over 300 dedicated scientists per year. Using rough estimates, it would also take about 0.65 billion years to crack a 256-bit key. That said, Moore's Law of the 1970s suggests the overall processing speed of computers doubles every two years, in which case, 59 years from now it would only take about 1.13 years to break the world's biggest private key. For those interested in cybersecurity and online privacy, this number is a startling reminder of how quickly even the greatest technological challenge can be conquered by time.

Homomorphic Encryption

The only problem with all this encrypted data is that, sooner or later, it has to be decrypted. Keeping valuable information cryptographically scrambled using a secret key is smart, but when you want to actually use those files, they will have to be unlocked. However, a crypto system known as homomorphic encryption seeks to avoid this security hole by allowing computations to be performed on data without the need for decoding. The term comes from the Greek words meaning "same structure," a definition that essentially explains its basic principle. When pre-encrypted plaintext is coded into ciphertext, it is often unreadable until it's reversed or decrypted. But with homomorphic encryption, the data which has been converted to ciphertext can still be analyzed and worked with as if it were in its original form.

access control

There is a security technique known as access control which is used to regulate who or what can utilize the resources of a computer system. As we know from our earlier discussion, the physical access control restricts entry to actual places like rooms, offices, buildings, or campuses, while logical access control limits privileges related to computer networks, systems, files, and data. But what does "accessing" really mean? Just seeing information? Copying it? In truth, access refers to many forms of entering, using, consuming, or taking data or assets in some way or another.

Natural / Environmental

These are based on the whims of Mother Nature. Any sort of phenomena like blizzards, earthquakes, floods, storms, fires, hurricanes, or snow and ice—you name it—can threaten a digital environment.

The Importance of Physical Security

While much of our digital life requires the protection of virtual systems through things like network protocols and access control, it's important to also remember the physical threats and vulnerabilities out there. When we take action to protect our hardware, software, networks, and data from environmental harm, we are engaging in a type of physical security that can minimize loss or damage to our most valuable assets. This approach also includes thinking about threats from nature in the form of fire, flood, and other natural disasters, along with burglary, vandalism, or even terrorism—any environmental threat with the ability to compromise a computing system. That said, there are two main threats to physical systems:

Stream ciphers

encrypt pieces of information one at a time, bit by bit. While the pieces are smaller and faster than those of block ciphers, they can become vulnerable if the same key stream is used too often because they become easy to identify and then attack or modify, even if the attacker doesn't know the exact data inside. This technology is great for cases where the amount of data is either unknown or continuous.

network access control (NAC)

is a central component to cybersecurity. As an online safety tool, it helps users monitor and control their networks with integrity. NAC employs a potent combination of network security practices like antivirus software, system authentication, and vulnerability assessment, all of which provide enhanced endpoint security. Essentially, this means NAC has special rules in place to guard access to network nodes, much like a sports goalie who is always on the lookout for the opponent's next scoring attempt. Because the connection of personal devices such as laptops, tablets, and smartphones create different pathways for cyberattack, endpoint security ensures all online players are following a clear set of policies and standards. Like a yard monitor on duty at recess, these rules are enforced to avoid trouble and make sure no one gets hurt. Let's look at some of these nifty NAC rules:

virtualization

relates to the actual process where a device or resource is created to provide more than one framework for the resource. In simple terms, virtual computing makes a kind of real version of something—like an OS, a server, network resources, or a storage device—to stand in place of the actual thing. For example, through virtualization, it is possible to run two or more OSs on one computer in order to test new configurations or drop back to an older version of software that no longer works on your actual OS. Each virtual system you create thinks it is a real computer and isn't aware of the other devices in the same system, virtual or otherwise. Virtualization There are three components involved in running a virtual OS: Let's look: The host OS is the original OS installed on a computer that interacts directly with the underlying hardware. The guest OS is the software installed on the virtual machines running on top of the host OS. In a virtualized environment, the guest OS can be different from the host OS. The hypervisor, or virtual machine monitor (VMM), is the software that allows the running of virtual devices. It is a function which isolates an OS and its applications from the underlying computer hardware. This ability to separate the host machine from the virtual computer is key to making them work cooperatively. At this point, you may be wondering how this thing called virtualization affects the world of cybersecurity. There is some good news and bad news on this front. First, the good news. Because the guest OS is virtual instead of actually existing within your machine, it has the added bonus of being separate from your OS—so any viruses you accidentally acquire while browsing within your virtual OS cannot access your overall system. That means, in the event of an infection, you can always just go back to a saved version on your virtual machine before you contracted the virus, and presto! All clean.

virtual machine (VM) escape

that gives cyberattackers access to the host OS and all the running guest OSes. Remember, anything that happens to the main platform also happens to the virtual systems running on top of it. VM escape is considered to be the most serious threat to virtualization. The main thing to remember is this: The security of a virtualization layer is only as good as the platform it relies on. If the physical resources of the actual system are strong and well secured, it stands to reason that the virtual versions will benefit from the same level of strength.

Electromagnetic Shielding

A great example of a commonly used security control is electromagnetic (EM) shielding, or the practice of surrounding electronics and cables with magnetic or conductive materials to create a barrier from outside frequencies. EM shielding uses physical materials like wire mesh to prevent electromagnetic interference (EMI) from affecting the functionality of systems, much like the radiation shield in your mobile phone. It is also particularly effective in protecting an air-gapped system that is physically isolated from the internet and only able to pass data along via removable media, like a USB flash drive. These are popular among secretive entities like the military, the government, or financial giants like the stock exchange, and they are sometimes used by reporters or activists who regularly work with sensitive information. Now, if you are paying attention, you may be asking yourself why an air-gapped computer needs the physical security of EM shielding when it is not even hooked up to the internet. How can you hack a computer that isn't connected? Isn't the physical distance between the hardware and the network enough to guarantee safety? Not necessarily. Although there is some discussion in the computing world about whether a type of malware known as acoustic infection could actually use a compromised computer to hack another system using nothing but sound, there are only a couple of confirmed ways to breach an air-gapped system.

proof-of-concept (PoC)

Although proof-of-concept (PoC) is just a method or idea used to prove something can be done, it is the best example of how sound could feasibly be "hacked." Using infrared-equipped closed-circuit television cameras decked out with night vision, researchers have been able to steal confidential information from air-gapped systems. But how? If a computer is fully isolated from a network, how can it be breached? The scenario only works if we assume both the outside network and the targeted one are already infected with malware, in which case the malware on the air-gapped system could read and send data by emitting Morse code-like patterns to transmit files into binary form. The information taken from the video camera can be transmitted to an attacker sitting at a distance of 30 feet away, even in total darkness. The second way to breach an air-gapped system is through human interference. All you need to do is gain the trust of a certain employee and then ask them to attach a USB into a sensitive port—voilà, you have unauthorized data from a physically protected system. To guard against both human and unknown threats, experts continue to recommend some degree of physical control like EM shielding which protects against whatever or whomever might be coming through that (hopefully locked) door.

Cybersecurity Regulations

And just like crime is handled in the real world, plenty of forces are looking to thwart these intentions through various well-targeted cybersecurity regulations. These directives have been created to teach companies and organizations how to protect their own IT systems through safeguarding and preventing cyberattacks like viruses, worms, and phishing exploits. The upkeep of these regulations includes the usual players like firewalls, antivirus software, and encryption, but they also involve collaborative efforts between governments and private sectors to educate the public and specialized professionals on how to improve existing systems. The Computer Fraud and Abuse Act (CFAA) was enacted by Congress in 1986 as an amendment to an existing computer fraud law set up two years earlier. Before this point, the U.S. criminal code had not been revised since the early 1900s! This movement came in response to increased concern about computer-related crimes and the need for more federal oversight. If you recall, this was just a few years after Captain Zap shocked the computer world by breaching AT&T's online system. Since then, the Act has been amended four different times by the USA Patriot Act and the Identity Theft Enforcement and Restitution Act. And as recently as 2015, there have been recommendations to tighten up internet activity even more; however, the case of Aaron Swartz and Aaron's Law have served as reminders of what it means to become overly strict with punishments for digital crimes. But these regulations have led to an increased understanding among users, more adoption of proper digital tools, and a stronger show of cybersecurity strength. For countries like the United States, who worry about national threat levels, these efforts have woven digital security into an economy that now depends largely on the e-commerce (aka shopping online) sector and made it a critical part of emergency response to infrastructure protection. As we know, a cyberattack on internal systems like power grids can prove devastating to public safety, which is precisely why they must be dealt with through aggressive and highly-organized legislation. In the United States, three main federal cybersecurity regulations were enacted around the same time to address vulnerabilities in specific industries. Let's look closer:

Wired Equivalent Privacy (WEP):

As the first process or set of rules—also known as an algorithm—designed in the late 1990s, WEP had one goal in mind: prevent hackers from snooping around wireless data as it moved from user to endpoints. There proved to be too many flaws in these standards, however, and it was basically phased out in 2009 when a massive cyberattack on T.J. Maxx was traced back to vulnerabilities exposed by WEP's incompetence.

Wi-Fi Protected Access 2 (WPA2):

As the last standard in the development of encryption, WPA2 built on its predecessor and soon became known as the most secure wireless security standard available. Its encryption and authentication standards were more vigorous, and it introduced more fluid roaming by allowing users to move easily from one IP to another on the same network without the need for constant re-authentication.

Technical (Logical) Controls

As the watchdog of environmental controls, technical (logical) controls monitor the physical area and react accordingly if an incident comes on the radar. This category includes systems that can detect adverse elements like moisture, humidity, smoke, or heat.

Regulating Cybercrime

As they say, don't do the crime if you can't do the time. And in the case of cybersecurity, there appear to be plenty of malicious actors out there who have no problem living on the edge. As the world becomes more and more concerned about digital threats, the underbelly of the web becomes a more and more sophisticated and dangerous place. And as both the good and bad sides of the digital landscape become increasingly well-defined over time, so too does their classic web battle. The threat from cybercriminals and their role in the cybersecurity environment has never been more pressing than it is right now, and the wisdom of users has never been greater. But despite these shared evolutions, the conflict between the two has also grown in scope and size, essentially creating an arms race among digital players. A hacker finds an exploit, a cyber expert fixes it. A hacker finds a new method for unauthorized encryption, a cyber expert decodes it. Tit for tat. And in this brave new digital world, the existence of cybercrime has taken on new meaning as more than just a nuisance—it has become a weapon to be wielded by anyone willing to pay for it. For just a few hundred dollars, it is possible to take over a Facebook account, bring down a website, or mess with personal accounts. There are now paid underground courses for hackers who are looking to learn the ropes of cybercrime and find practical knowledge about how to breach protected systems.

A quick look at the history of physical controls:

As we know, all of our security ideas stem from real-world experiences, reaching as far back as the Middle Ages. A physical control used in the 17th and 18th centuries to protect entrances to prisons and castles came in the form of a small room with two doors. Visitors would be allowed to enter the fortress through one enclosed port, or vestibule, where the door would then lock behind them. Once their credentials could be verified (likely through a string of personal questions back then), they were allowed to enter the premises through the second door. But if they were suspected of being a fake—or worse, an enemy—they were ejected back out the first door or trapped in the holding area where they would be arrested without incident. This technique of either clearing, rejecting, or apprehending people based on their authentication is known as a mantrap and is still utilized today in many high-security buildings with super-valuable assets, like diamond dealers in New York City. But unlike those medieval days when doors were wrought iron gates and guards were burly men with broadswords, today's mantraps use authorization techniques like smart cards, key fobs, or biometric identification. Depending on the sophistication of the operation, they may also use thermal imaging technology, so only one person can pass through the mantrap at a time. Mantraps can also prevent against something known as tailgating, which occurs when someone covertly follows another person into a restricted area. During their time in the holding room, visitors are weighed by a sensitive scale, and if their weight changes upon exit, they are investigated.

Tunneling

As we know, information flowing over the internet, or between two digital devices, must use protocols. When a message is sent, the protocol divides it into two different parts—the data being transmitted and the information about the rules of that transmission. Because without rules, a computer knows nothing and can do nothing. For the connection to work, both sides must understand and use the same communication protocol. A tunneling protocol, on the other hand, allows a user to access a network service that is not supported by the underlying system. Just like a tunnel burrowing deep beneath a building, information that travels though it is concealed from the people above. Similarly, a tunneling protocol allows data from a private network to travel across a public network in a safe, compressed (and invisible) way. Although the term conveys the image of packets traveling through secret channels, the truth is they are really hiding in plain sight. The process of tunneling allows travelling information to appear public in nature when, in fact, it's private and looking only to pass through the landscape undetected. This is the magic behind the privacy of a VPN. There are two other methods of tunneling to remember:

restore point,

As we know, one of the strongest ways to protect a digital system is through preventative measures, such as a system backup. By creating a restore point, or a saved "snapshot" of your computer's data at a specific time, you can protect the condition of your OS and your data, so the system can be easily restored in a time of crisis. In other words, your computer makes a backup copy of all the information available at that time. There are a few different types of restore points to keep in mind: Manual restore points are created by the user. System checkpoints are scheduled and executed by your computer. Installation restore points are automatically created when you install certain programs. Creating these types of restore points before you make potentially problematic changes is always a good idea. But even if you don't manually create these restorations, you can still use automatic ones that predate the difficulty, selecting them to undo changes and reinstate old information. This essentially gives you a way to pop back into the past, to a time when all was well, and restore your system to what it should be—kind of like a really cool digital "do-over." Backing up your computer is also a very, very important part of system hardening. In the simplest terms, this involves making an exact copy of the files on your laptop, desktop, or external drive. By backing up your original content, you essentially have your data saved in two places—just make sure those two places aren't on the same device, otherwise a crash could cause you to lose both. Your device likely stores all sorts of things from photos to iTunes movies to data to music—all in one vulnerable place—so you will need to take some preventative measures to keep it safe. And because you can't really know what is in the foreseeable future, being as prepared as possible is your only option. You don't know when you might catch the flu, but you still take precautions by washing your hands and not sharing the same straw with friends—or at least, you're supposed to. Protecting your data is the same.

Routers

As we know, routers are hardware devices that provide the gateway of connectivity and serve as the backbone of the internet. They can read IP addresses and direct traffic, creating effective communication between networks. But they also play an important role in security. A router works on the network layer of the OSI model and therefore relies on various network protocols to function. Because the router links most devices to the outside world, it is arguably the most important electronic device in a home or office. It uses its knowledge of an IP address to look for suspicious behavior on the network and alert the user. A router filters packet information and demands its adherence to certain rules of identification. This prevents hackers from "IP spoofing" or committing other tricks to get into the system and harm the web server. In this way, a router with an access control list (which determines who has permission to access the system) and packet filtering capabilities is essentially a firewall in and of itself. Configuring a router allows users to communicate with the network and completes the overall system. This is done through connecting the router, creating a password, enabling the firewall, setting a service identifier, adjusting privacy settings, and assigning an IP address. Although it sounds detailed, this configuration is clearly explained by the manufacturer's instructions. But as reinforcement, let's look at the ways to keep your router from becoming low-hanging fruit for hackers. Avoid using the router supplied by your internet service provider, as they are typically less secure. Always change the default admin password once you connect to the management interface. Consider using a virtual private network (VPN) to establish a secure channel to the local network before accessing the router's interface. (Don't worry, we will explore this option in more detail soon.) Restrict which IP addresses can manage the router, as there should only be one with access. Always use privacy modes or settings when working on the router, if available. If possible, change the router's assigned LAN IP address to a personal one you can remember. And choose a complex Wi-Fi password and strong protocol.

Asymmetric encryption

Asymmetric encryption uses two different keys, a public one for scrambling and a private one for unscrambling. This requires that fewer people keep a secret key, but the downside is that asymmetric encryption can be vulnerable to a man-in-the-middle attack, where one of the parties thinks they are talking to the appropriate party when really someone is posing as the appropriate party on the other end. Because it is a bit more complex, this type of encoding is usually used only for small blocks of data. This public key encryption is often employed to secure communications over an open network, like the internet.

Layered Security

Back to Sam. Once his personal username and password are in the system, he is assigned a special code that grants him "approved access." And the ACL protects the system further by limiting the number of times Sam can enter his authenticating information before he is locked out of the account—just in case someone is attempting to guess his credential information using pieces of information. Sam's actions going forward will be woven into the larger security process. And to boost safety further, he may be given physical access as well in the form of a special badge or picture ID to show at the entrance of the building. Together, the combination of Sam's secret information and his security token constitute two-factor authentication (2FA) because his identity is only fully confirmed after he presents two separate pieces of evidence, one he knows and one he physically possesses. This is considered to be "layered" security because it demands the fulfillment of a few levels before access is granted. At the moment, Sam is irritated because his coworker Jane is approved on the access control list to enter the secret laboratory, but he is not. However, if Sam steals Jane's key fob and uses it to open the locked door, he can gain entry. This kind of single factor transaction only has one layer of security—the physical key fob. This is precisely why 2FA was created—to minimize the chance of a breach when one factor is compromised. If Jane's access also relied on a retinal scan, pesky Sam never would have made it into the secret lab because he would not have the proper biometric input. This is simply the use of physical human characteristics (like Jane's eyeball) as a way to identify a user as themselves and not an unwanted intruder. Even though it sounds a bit like something out of a James Bond movie, biometric inputs are becoming more and more common in today's world. In fact, the most recent iPhone X has excited consumers with its use of a facial identification feature. In all likelihood, you are already using a biometric input every time you open your phone by pressing your thumb on the home button. So, even though Sam is able to steal Jane's key fob, he will have a much harder time getting past the retinal scan at the door because only she can present that unique personal feature. Better luck next time, Sam. Just remember, authenticating information can be something a user knows, like a password; something a user has, like a smart card; or something a user is, like a fingerprint.

Mobile Risk

Because individuals these days expect to work from anywhere and at any time, they often conduct all sorts of important business using their personal devices, sending contracts and critical communications using nothing but a smartphone. But what they are also doing is connecting to unsecured networks without fear and putting their own information—both personal and work-related—in jeopardy. And when you throw the idea of corporate risk into the mix, suddenly a possible breach of a mobile device becomes a pretty serious thing. The process of identifying, assessing, and controlling threats to an organization's cybersecurity is called risk management, and it uses many strategies to keep digital enterprises safe. New countermeasures are being constantly developed to address this reality, from software layers to downloadable applications to the development of OSs. A wireless connection allows us to access a network from just about anywhere in civilization by connecting our computers to one another through the use of radio waves. While these wireless networks provide incredible convenience, the truth is they are not totally secure. In fact, hackers can now monitor mobile communications through the use of a radio receiver, which picks up nearby sound frequencies. This is a great example of how security in the modern world has shifted from the physical to the virtual, as these signal "waves" are completely invisible to the eye and yet entirely useful for attack purposes. Yes, safeguarding passwords and keeping your service-set identifier private are both excellent precautions, but in order to safely navigate the waters of wireless networks, you will need to know more about everything you can't see.

Firewalls

Build a wall, and people will be forced to stay out—or that's the idea anyway. In this case, we know a firewall provides a virtual barrier between a trusted network and an untrusted one. The technological term was coined in the late 1980s and originally came from the firefighting effort to form a barricade to isolate fire and prevent it from spreading. But a firewall in computer networking is a bit different because it's not a complete blockade—it's more like a porous and spongy shield—with tiny bits of access here and there—that keeps out the harmful stuff, while still letting in the things users need and want. Firewalls can be implemented with hardware, software, or a combination of both. They are used to prevent unauthorized internet users from accessing personal and private networks. But how does a firewall know if the data it sees going back and forth is from a hacker or just a package update on those cool sneakers you ordered? It doesn't, which is why a firewall must rely on protocols to control incoming and outgoing traffic for either hardware or software-based systems. A computer network cannot think by itself; it is only as strong as the rules we give it. By following these protocols without questioning them, a network can create a boundary and prevent offending traffic from accessing its channels. Before this method was established, the only real form of network security was an access control list (ACL), or table, that advised the OS how to function with way less precision. It's important to remember, however, that no firewall—whether it's guarding thousands of servers for a Fortune 500 company or connecting your grandmother's new laptop to the wireless network of her retirement home—will make a computer entirely impervious to attack. What it will do is make gaining that precious access a whole lot harder for anyone looking to breach a system.

Remote Protocols

But even remote access policies need security. Remember switches? Well, they offer the ability to connect devices safely and find the right process through a remote authentication dial-in user service (RADIUS). This is simply a protocol (along with software) designed to help remote access servers communicate with a central server. Because remote requests demand cybersecurity, dial-in users and other clients must have their request authorized before they are granted access to the network. These policies are usually applied to ports on access-layer switches to keep unapproved devices from joining the computer party. In this way, remote network protocols specifically offer administrators a secure way to access a computer from a different location. For example, Secure Shell (SSH) is a remote protocol that provides powerful authentication and encrypted data communication between two devices trying to connect over a potentially insecure network. Users can manage systems and applications remotely as a result, and they can do things like move files around and execute commands from a computer located elsewhere. It gives them remote power. One available option for this type of configuration policy is known as 802.1x, which is the default action enabled on a switchport. Don't be confused by the techie-sounding name—it simply refers to the process (enabled on a switchport) requiring a user to provide their credentials for verification. If the authentication is approved by the RADIUS, the device is granted remote access to the network. This standard offers a way for a central authority to validate a user and thereby enhances the security of a wireless LAN. When a family of related protocols are all handling this remote authentication process and issuing remote access to a network, they are referred to as a Terminal Access Controller Access-Control System, pronounced by the cool kids as "tack-axe."

Application Security

Crazy as it may seem, security was once an afterthought in software design. These days, it's not only a focal point, it is an essential way to create zone security on every layer of a network. Everything you do on the computer requires both hardware and software, as they work together to provide the full experience. And through application security, software and hardware are used in combination with certain procedural methods to protect applications from external threats of all kinds. These countermeasures, or actions taken to ensure application security, often come in the form of firewalls, routers with the ability to prevent a user's IP address from appearing on the internet, anti-virus programs, spyware detectors, and authentication systems. Through a process known as threat modeling, application security can optimize its procedures. By clearly identifying certain objectives and vulnerabilities, such as defining the role of each application, creating a profile for everyone, and carefully documenting every problematic situation, threat modeling allows the user to assess and handle risk and exploits more effectively. As the issue of cybersecurity continues to grow, an increasing number of experts agree on the need for competent application security programs. As a result, both management and engineers are taking on the responsibility of developing application security software by learning more about the process and the code needed. By using strategies such as patch management and application hardening, all parties can work together on the best ways to protect the application level of a network.

The Power of the Professional

Cybersecurity professionals are not always easy to find, which is why they have become such a valuable commodity in today's market. This is also why becoming one is a great idea. The job demands a combination of several different skills—from technical to administrative to social—all of which must be used together to unlock problems and create solutions. Obviously, a foundational knowledge of technology is key for any cybersecurity expert; however, truly successful ones must also find ways to think creatively, predict problems, and communicate effectively. Because what lurks behind a typical cyberattack is more than just a thoughtless bot or emotionless algorithm—it is real human effort with the goal of real harm. Think about social engineering. To unravel this complex criminal hybrid, it takes an expert who understands all the trends and tactics of the field. Stepping back for a minute and examining the role from afar, a cybersecurity skill set requires the ability to: Examine security from a holistic view with attention paid to all areas, including threat modeling, implementation, testing, and vulnerability assessment. Don't just see the attack, see the whole environment. Understand security issues related to OSs, networks, applications, and virtualization. Visualize the architectures of various systems and networks, identifying the existing strengths and weaknesses of each. Identify best practices for system hardening and locating vulnerabilities in the larger landscape. Understand the interworking of software development security principles, practices, and problems. Organize and coordinate technical vulnerability assessments in the areas of testing, analysis, engineering, infrastructure, and implementation of security solutions. Recommend an effective technical direction for managing security, based on the information at hand. Demonstrate in a forensic way how attacks from the internet are carried out. Obviously, there are lot more skills involved in the job of a cybersecurity expert, but these are certainly a solid indication of what to expect. While it may all sound a little overwhelming, the good news is becoming a cybersecurity professional is entirely doable with the right education, training, and determination. Because generalized approaches to system security no longer provide sufficient protection, information security certifications come in many forms and offer would-be experts the chance to develop just the right skills for their industry. Just as there many different threats out there, there are also many different avenues for security to explore. For those looking to get started in the field of cybersecurity, here are a few of the must-have certifications:

Degaussing

Degaussing removes or reduces the magnetic field of a storage disk or drive which holds the bits of data. Without this field of retention, the information is lost. A specialized degaussing machine rearranges the magnetic structure of the drive and renders data irrecoverable. Advantages: The. Data. Is. Gone. End of story. And this can be reassuring to the user if the information is especially sensitive. Disadvantages: Effective degaussing machines are expensive and heavy, and they can also introduce strong electromagnetic fields into the immediate environment. Degaussing can damage hard drives and certain media types to the point of no return, which is always a risk. And because it is run by a human-powered machine, there is always room for error. Physical Destruction Physical Destruction of data is also an option. Shredding, melting, or generally stomping on a disk can render it permanently gone. Advantages: Well, there's no doubting its complete and utter annihilation—you have the evidence right in front of you. Disadvantages: It can be a costly way to handle the situation, given the price of what you are destroying. The process also needs to be total and complete, so as to avoid leaving data behind in some unaffected spaces. In general, it's not a smart move financially, nor is it a sustainable method of removal. Although there are reliable ways to wipe away unwanted data from servers, removing your own information from the internet is not so easy. In fact, disappearing off the internet is almost impossible, as nothing is really all-the-way deleted. For example, anything you "delete" from Facebook is really just archived in storage, not actually erased. So, while it may be possible to eliminate old data from larger servers, all that private information you send out via social media isn't going anywhere.

Challenges and Demands

Despite their focus on future security, these recent legislative movements did not specify exactly how such measures should be implemented, only that a "reasonable" amount of security be put in place. And so, the discussion among information security professionals (and the authorities) continues. And while the challenges of the digital landscape are always shifting, experts agree some of the most pressing ones have stayed pretty consistent. Here are some of the biggest and baddest: High impact cyberattacks Evolving malware with greater capabilities Increasing vulnerability of mobile devices Monitoring of cloud configuration and security Overuse of security controls and unnecessary alerts Well-organized and highly motivated hacking groups Implementation of mechanisms that ensure better data protection Considering the negative impact breached cybersecurity can have on real systems and the safety of real people, many of the challenges on the horizon lie at the feet of law enforcement. The cyber world brings global connections to local settings, changing the way we interact with one another—and the way police must interact with their communities. While the internet has provided an unbelievable platform for sharing information, goods, and services, it has also provided a virtual playground for a totally new breed of criminal. And thanks to the power of this open network, these criminals are now able to operate on a much grander scale, launching attacks that can feasibly affect thousands of people, thousands of miles away. Hackers have essentially redefined what it means to fight crime, rendering many age-old strategies ineffectual. Just one person or a small group of cybercriminals can now bring about as much damage as it once took a whole army to cause. In years past, a criminal was usually present when a crime was being perpetrated, but these days really bad stuff can happen while the guilty party is relaxing on an entirely separate continent. This reality has introduced new challenges for those hoping to combat cybercrimes because the boundaries of the old world have been replaced by much trickier digital ones. Local police must realize organized crime on the internet spans national and ethnic boundaries, which means all lines of communication and ports of access—both physical and virtual—must be protected. And because law enforcement, regardless of its strength and ability, simply cannot be everywhere at once, new emphasis must be placed on preventative intelligence to locate sources of potential cyber threat and their targets.

Hashes and Hashing

Devices find all of these keys through a process called hashing, which is the transformation of data into a shorter string, or "hash" unit, using a mathematical algorithm. The hash of a string represents the original string like a fingerprint. It has three important qualities: The same data will always produce the same hash. It's impossible to reverse a hash back to the original data. The hash is unique to that data set. Another string of data will not create the same hash, no matter how similar they are to one another. Even the tiniest change in input—like one tiny comma or dot—will result in a completely different hash value. Hashes allow a computer to verify your password without carrying around your unencrypted password in a way that someone could reach out and snatch it. Instead, the moment you type in your password, it's hashed, and the system checks if the given hash of the password you just typed matches the stored hash of your password. Because of the three qualities of a hash, if it matches, it has to be your unique password. If it matches, you are granted access to whatever you were logging into. If it doesn't match, you receive that generic message about having an invalid username or password. This is another security step; by not telling you whether it's your password or your username that's incorrect, the system is preventing someone from trying a whole bunch of usernames and figuring out which one of those work before going after the passwords. Hash functions can also be used to authenticate messages on both ends. The message stays locked up tight, but the key goes through a transformation on the receiving end so it can be used as a deciphering tool. Devices on both ends will always have the same public and private keys—these never change between messages. The only key that changes is the randomly-generated one produced by the sending device. It's a disposable key created for one-time use, thrown away once the message is decrypted. This enhances its security considerably. And when the receiving device wants to return the message (and become the sender), it employs precisely the same process. In this way, both sides are continually making special, top-secret keys to be used and then destroyed, so no evidence or trail remains.

Wireless and Mobile Attacks

Here's a tricky question. If a wireless LAN doesn't have any wires, how does it establish its network boundaries? In fact, setting up these parameters is a major task and involves performing a radio frequency site survey that tests specific access point locations as the basis for creating a general range. Remember those invisible sound waves? The radio signal searches for nearby things it can ping from, like a wall or a building or a tree, and uses them to create range boundaries, or the general circumference of the network. These access points are then assigned certain numbers and locations, essentially becoming the invisible borders of the network and, you guessed it—the invisible points of access. These virtual "ports" into your wireless network can then feasibly become a breeding ground for breaches. There are three main types of attacks against wireless networks, all of which have different shapes and consequences. Wireless LANs are particularly vulnerable to some attacks because of the way different OSI layers interact with one another. An attack using the physical layer is easier to execute because there are no real wires, just air established around a particular access point. Hackers don't need to gain access to a building or tap into wires—they can just drive up to the general area and begin their attack from a car, a nearby café, or hanging out in a tree across the street. It doesn't matter, just as long as they are in the general vicinity of the access point. Turns out what you don't know can hurt you. These attacks can also effectively target the data link layer through the manipulation of diversity antennas, or in layman's terms—messing with the space around a wireless network. Attackers can spoof access points, capture network traffic, and with time, discover the WEP key used to authenticate and encrypt traffic on the wireless LAN. Here are the top two enemy attackers for wireless networks:

Personal Gain

In 1997, a group known as the Chaos Computer Club was discovered stealing money from various bank accounts using an active control to fool the accounting program Quicken into making unauthorized withdrawals. Any big business using Quicken software became instantly vulnerable to this hack, making it a powerful weapon for financial gain—money that could easily be used to fuel a terrorist agenda.

Corporate Malfeasance

In case you didn't know, your privacy is under attack. Corporate marketers already observe massive amounts of consumer behavior, gathering information to be used for the purpose of targeted sales and advertising. And as the IoT turns your home into a storefront of data, with connected devices filling every room, companies will gain even more visibility into what you do, how that information can be captured, and the ways it can be monetized or profited from. Experts predict corporations will become more aggressive in their collection efforts, assuming penalty fines as the cost of doing business and pushing the boundaries of consumer privacy.

remote access.

In our era of modern convenience, access to a computer network is pretty crucial, no matter where you are. And fortunately for us, we are able to access our technology regardless of our physical location through a process known as remote access. This ability allows us, as users, to work and interact from anywhere in the world, at any time. In business settings, accessing a network remotely allows individuals who work offsite or travel a lot to stay in touch with their systems, data, and responsibilities. Everything you have learned about up until this point—networks, protocols, servers, authentication—all have remote options as well. Because people live and work all over the world, we are always using remote access to enter our cyber landscape. This can happen in a number of ways, including a dial-up connection, a cable modem, wireless access, or even a dedicated line between a computer or a remote LAN and the central network. A remote access server (RAS) is the device or software capable of handling this process, sometimes called a communication server. To maintain security, a RAS will often employ a firewall and/or router that can forward all requests to another part of the network. And of course, a remote-access virtual private network (VPN) allows people to establish secure connections with an off-site computer network by using a RAS to secure the same network resources it would have if plugged right in to a server. In this way, distance does nothing to diminish progress.

A Brief History of Code:

In the early 20th century, German engineer Arthur Scherbius invented the Enigma Machine, which could send coded messages back and forth without fear of being read. The Enigma Machine became a pivotal player in WWII because the German forces were able to generate and send communications to their allies without fear of discovery. To maintain the highest level of security, the Germans changed the code system daily, which made it nearly impossible for the enemy to understand the code of the messages they were constantly sending. A British man named Alan Turing used a form of cryptanalysis, or the art of deciphering encoded messages, to crack the code by creating his own machine called the "Bombe" that could closely analyze the text of the information. As a result, the British were able to read orders sent from generals on the battle fronts—including from Hitler himself—as well as information regarding the location of submarines and troops. In June 1941, Turing's team was able to break especially secure communications between German submarines and their bases. Turing helped win the war for his side, not by raising a rifle but by using the powerful weapon of technology.

checksum

It's still possible that hackers could get access to keys and then gain access to your data, but they must have considerable skill and precise technological resources to do so. There are other steps in encryption protocol that watch for this. A checksum seeks to calculate and compare data on either end of a network to see if it matches. The checksum represents the sum of the correct digits in a piece of digital data, and it provides a helpful method of comparison when looking for errors. If the data has been modified, the checksum will not match, and other security features will be triggered. This is an algorithmic version of an old-fashioned physical control, where people were actually weighed after leaving sensitive areas like prisons or bank vaults to ensure they hadn't stolen anything, or "modified" themselves while on the premises. See? Computer functions are just digital symbols of the life we already know.

Unsecured Networks

Let's spend some time thinking about the notion of an unsecured network. Anyone using this kind of open network can access the internet without offering a password or any sort of login credentials, like when you connect through a hotspot or public Wi-Fi. We've all been in this situation. You are sitting in a cafe, maybe a hotel lobby, or some other public place with internet services, and you want to check your Facebook page. You scan the available networks in the area and jump on the first public connection you find. In most cases, you will be warned that you're entering an "unsecured network," but most people, in their haste to connect with the outside world, don't give this message much thought. So, what does it really mean? And should you care? While the majority of these public networks are safe, it's worth understanding exactly how they can quickly become unsafe. Let's say there is a hacker sitting in a car outside the Starbucks where you are innocently sipping your chai iced tea and taking in some much-needed social media. It is entirely possible this would-be attacker is waiting for someone just like you to connect to this public network, so they can see your virtual movements and sneak away with any personal information you entered while logged on, like passwords, usernames, or even the credit card number you used to make that quick online purchase. And you thought no one knew. . . even more likely is the chance that this attacker has established a fake hotspot which looks and feels like the real Starbucks network but is really just a trap for anyone who connects to it. This process of searching for Wi-Fi wireless networks while on the fly—typically in a moving car using a smartphone or laptop—is known as wardriving, and the software to conduct this kind of operation is freely available on the internet. But before you give up on using these public (and often highly convenient) services, remember you can protect yourself by limiting the amount of personal data you share while on an unsecured network—or even better, by turning on your computer's VPN so you can shop safely without fear of being monitored. True, these networks are considered generally safe, but being a cybersecurity expert requires being constantly aware of the possibility of threat, even if it's not yet present.

Mandatory Access Control (MAC)

MAC is a security tactic where only the administrator manages the usage and policies concerning security access. The rules cannot be modified by end users, are strictly enforced by the OS, and cannot be changed by an individual resource owner. Due to the severe nature of MAC, it is often employed in government and military situations where access control is assigned through different levels of classification, like confidential, secret, and top secret. If people try to go beyond their security realm, the OS or security kernel will check their credentials and decide if they can gain entry. While this measure of vigilance can provide the most secure setting, it does require careful attention and regular monitoring to ensure it runs smoothly and doesn't become out of date. This area of control is subject to a hacking technique known as MAC spoofing, where the factory-assigned MAC address of the network interface is intentionally masked by a hacker in order to bypass access control lists on servers and routers. Because the MAC address is hard-coded and really can't be altered, a hacker must "spoof" it in order to appear legitimate. This spoofing action makes it easier to hide a computer on a network or impersonate another network device.

Ports and Services

Now that we understand some of the key practices for NAC security, let's get down to access. How does a network manage and control its traffic, so all of these safety features can run properly? Yes, application control can define even the smallest access policy, but the main mechanism in managing network traffic is known as ports and services. Remember how a port is a point of entry to unload data? Well as such, it's also a point of vulnerability. Ports exist in two modes: open and "listening" or closed and "blocked." For example, if your mail server is ready to receive SMTP traffic, that can be referred to as "listening on port 25." That means port 25 is open and ready for business. Firewalls specifically protect you from outsiders who might try to gain unauthorized access to such open ports. Some applications on your network will even open ports without your permission or your knowledge, which makes those open doors instant security holes. That is, unless you take steps to block them. Port blocking refers to the action of preventing hackers from sending you an experimental code to see if any of your ports are open. This is often done through the use of a port scanner application that searches your network for such vulnerabilities. Because some ports are consistently open, like ports 21, 22, and 23, they are also consistently abused by hackers. By blocking as many ports as you can, you lower your threat risk considerably. This can be done through managing your firewall properly, running commands to examine your ports and services, and even blocking whole ranges of ports you will never use. Once you understand ports and how they can be used to breach your privacy, you can move on to monitoring network traffic, denying service, and establishing a regular time to scan the network for vulnerable ports. Just make sure you don't block a port connected to a service you really enjoy.

A Digital Arms Race

Now that you understand what a ransomware attack looks like, it will be easier to visualize some of the predicted cybersecurity trends on the horizon. And brace yourself because they are not for the faint of heart. Experts agree the cyber earth is poised to see a frightening evolution in ransomware, as hackers continually innovate and adjust to the movements of defenders. This simultaneous effort to outsmart the other has essentially created a neck-and-neck digital arms race between the classic entities of good and evil. While it's obviously more complicated than that, current trends in cybercrime do suggest competition between attackers and defenders will become more dramatic in the near future, especially as machine learning becomes increasingly accessible to both sides. And lest we forget, what lies in the balance is our very livelihood. Here are some predicted trends to consider:

Private Branch Exchange

One of the more traditional ways to intercept data is through wiretapping, or the secret monitoring of telephone, fax, or cellular communications. A monitoring device, also known as a bug, can be placed on a wire to record what is being sent. To avoid wiretapping, users can employ a private branch exchange (PBX), or a set of private phone lines, to separate networks for voice and data communications. Private branch exchanges are what you see in offices, where each desk has their own phone, and employees can call one another on an internal system. A PBX system also allows for call distribution, call transfer, conference calls, and detailed records of incoming and outgoing calls. Have you ever entered an automated phone system where you were asked if you knew your party's extension? Then you've come in contact with a PBX!

security controls

Otherwise known as technical or administrative safeguards to counter or lessen the possibility of threats, security controls lower the risk of loss. And while these controls are referenced all the time in cybersecurity, they are rarely defined. In fact, the word "control" is one of the most generic terms in the security world. It can be used in so many different ways, it sometimes seems almost meaningless. The best way to think about this security term is to place the word "control" in front of whatever task is happening at the moment—then you have a valid way of explaining it. Access control. Data control. Memory control. See? It's easy. To clarify the practice of control, the National Institute of Standards and Technology (NIST) has created three different categories of control types—technical, operational, and management—for users to follow when setting up a security policy or a plan to protect a company's physical and digital assets.

Physical Harm

People often assume digital crimes don't have physical consequences, but they are wrong. Consider the mob boss who was shot by an enemy gang but managed to survive. Even though he was quickly transported to the hospital where he was promptly treated, his enemies did not lose sight of their objective—namely, his death. With all the nurses and police officers around, they were not able to gain physical access to the mobster, which meant they would have to find another way. So, they turned to the hacking world for a solution. By breaking into the hospital's computer network and changing his medication to a lethal dose, they were able to fool the system into giving him a deadly injection. And when the deed was done, the hackers went back into the system and covered their tracks, making it look like the nurse had actually made the error. The truth of what happened did not come out until an IT expert was able to dig around in the system and find the digital evidence of outside interference. And how real is cyber warfare? Over the past few years, there have been many shocking and unique moments in cyberspace where the old rules no longer seemed to apply. With a whole new world comes a whole new set of laws. The challenge to protect our physical, financial, institutional, and ethical assets from cyber warfare is considerable and shouldn't be taken lightly. But before you pull the covers over your head and wish for a better tomorrow, remember that cybersecurity has the power to be just as targeted and effective as any criminal.

Little Fish

Perhaps the most vulnerable entity in the digital landscape are children. Yes, they are guaranteed an amazing collection of gadgets and services in life, but they are also facing tremendous risk to their digital safety as time goes on. The majority of children don't yet understand the importance of social boundaries or the value in maintaining privacy. Rather, they see the virtual world as an exciting opportunity to constantly connect and share—everything from their images to their activities to their physical location. In this modern age, most parents don't think twice about handing a kid a smartphone, even though the technology itself can essentially access the world. Consumers will need to step up their overall data protection efforts and exert their rights as private citizens if they hope to keep their own devices, and those of their children, secure. This large-scale gathering of personal information, and that of innocent children, opens up more opportunity for data misuse and compromise. In their quest for the almighty dollar, irresponsible service providers can take advantage of certain vulnerabilities and abuse the trust placed in them by consumers of all ages. It's best to view all of this, not as a horror story, but as a cautionary tale. Threats are always present in life, no matter who you are or where you are. It's just a fact. But the good news is that they can be greatly minimized through knowledge and best practices. So, a big part of being a vigilant arbiter of cybersecurity is understanding and accepting this reality while still looking for meaningful ways to fight against it. That is the survival instinct and one that must be applied across all platforms of digital life if we want to win the arms race against hackers.

Physical Controls

Physical Controls include old-fashioned security devices like locks, doors, walls, and blockades—anything that offers control over physical access to prevent an intruder from tampering with a computing system. These measures are also employed to keep out natural threats like fire and water which can lead to serious loss

Bigger Fish

Ransomware will evolve from extorting traditional personal devices to targeting the IoT. As hackers expand their objective from individual extortion to greater damage and disruption, the threat could grow considerably more terrifying. As we know, the IoT relates to almost all areas of human life, not just a few files on a computer, and some of it has the ability to paralyze and destroy vital sectors like water utilities, healthcare entities, power grids, and major financial institutions. As ransomware grows more sophisticated, these areas of infrastructure will become increasingly vulnerable to attack and unable to guard against any number of resulting disasters. And if this isn't bad enough, attackers now have the option to sell compromised data to enemy parties who are then free to mobilize their own sinister agendas against the victimized entity. On an international scale, this could lead to massive failure in critical systems, increased terrorism, loss of trust in large-scale entities, a frozen government, and the onset of real-life war.

Man-In-The-Middle Attack

Similar to the DoS, a Man-In-The-Middle (MITM) attack on a wireless network is easy to mount because it typically involves eavesdropping and/or manipulation. When hackers eavesdrop, they simply listen in on the transmissions between people without being detected. Manipulation attacks build on eavesdropping by taking this unauthorized data stream and changing its contents to suit the attacker's purpose, like spoofing an IP address or pretending to be someone they're not. When attackers mess with this information or alter communications between users, they are putting themselves "in the middle" of a conversation where they don't belong. In general, the same safety precautions we use online are typically enough to keep our mobile devices safe, but it's worth noting the differences. When it comes to your mobile device, applications are life. They enrich your interface with various services and can provide tons of information, convenience, and even entertainment. But while there are at least two million apps out there just waiting to download onto your smartphone, there are also some threats to be aware of. Carelessly built apps can "go rogue" when they are breached and repackaged to include malware that makes use of your personal data. These rogue apps usually exist only on unofficial store sites or are distributed through email links. They rarely appear on well-known vendor platforms like the Apple App store or Google Play. That's why it is critical to always download apps from reliable locations. All organizations should implement a serious vetting process before launching an app, even though it can be expensive and time consuming to implement such security. To really understand how a hacker might infiltrate an app, consider the idea of reverse engineering. This refers to the duplication of another person's product in an attempt to disassemble it and thereby master its composition. If you really, really, really want to know how that clock on the mantle was put together using lots of little springs, gears, and coils you should take it apart—and then painstakingly put it back together. That is called learning through the art of reverse engineering, and it works pretty darn well. When applied to computing, this reverse process allows someone to better understand the basic working principles and structure of a program or network. And we all know, once a hacker fully grasps a system, they are better equipped to harm it.

The Coding Horror of Y2K

Some of you may be too young to remember the Y2K bug, but back in the late 90s everyone was freaking out about the impending millennium, primarily because they believed the numerical value of the year 2000 might cause a coding nightmare. Turns out they were partially right. Up until that point, most computer programs listed four-digit years in an abbreviated version—so, 1990 read 90, 1991 was written as 91, and so on. By shortening four digits to just two, coders had saved valuable memory and made life easier. But it turned out that computers were unable to recognize the shortened version of 2000 as simply 00. And to make matters more confusing, it was a leap year, which meant certain software applications would not account for the extra day. The countdown was on to find a solution. Modern civilization panicked as the millennium drew closer, and the problem was still not solved. They feared Y2K would bring down computers and electronics around the globe and mark the exciting new year with technological failure. Companies began slapping "Y2K Compliant" stickers on their DVD players and digital cameras to calm consumer panic. Businesses scrambled behind the scenes to ensure their own readiness, while the clock ticked down... 5, 4, 3, 2, 1. Happy New Year! The computers did not crash. And life did not end. But considerable time and money was spent in preparation for this peaceful ringing in. Across every industry, the estimated cost of changing the code to accommodate the year 2000 came in around $300 billion. Talk about an expensive celebration. Y2K has since been noted as one of the worst coding disasters in history!

Publicity

Terrorists need publicity in order to be heard. Otherwise, their objectives cannot be realized. And they will go to any length to make sure this is accomplished, especially if it gives them an opportunity to show off their cyber skills. They may use IT warfare techniques like Trojan horse viruses and network worms to damage system resources, racking up endless costs of time and money for their targets.

Wi-Fi Protected Access (WPA):

The WPA standard was developed as an improvement to WEP. It had more separate modes for personal use and far stricter authentication protocols. It enhanced encryption considerably by using an array of stiffer security measures, like functions to improve LAN reliability, a unique key identifier for each packet, and a message integrity checker.

Your Computer Is Your Castle

The art of protecting yourself demands balance. The goal is to create technology that offers data security while still keeping it extremely usable. Just think about it. If you are trying to protect your castle from enemy attack, putting a giant metal lock on the front gate is probably a great idea. But if the lock is too heavy and difficult to manage, it may prevent you (and your horse) from riding easily through this access point when you need to get to safety fast. Security locks—both physical and virtual—need to be effective but not overemployed if you want them to be successful. In practical terms, the more secure a device becomes, the less usable it becomes—and herein lies the challenge. The ultimate goal of cybersecurity then is to create safety measures that don't compromise the overall functionality of what they're trying to protect. Can you secure the castle gate while still allowing yourself the ability to ride in and out on the heels of battle? Quality protection comes in layers, which should work together to create a depth of defense. This process of using varied approaches as security layers is known as the hardening of a computer system. Some techniques for hardening include: Keeping software updated Installing an appropriate firewall Backing up the computer's hard drive Utilizing encryption wherever possible Installing virus and malware protection Shutting down dangerous or unused ports Creating strong passwords and other authentication practices Staying current on all security bulletins related to the OS and applications Disabling any unnecessary programs, services, or user accounts from the computer Uninstalling unused applications because they may become outdated and vulnerable

Man-Made

These are based on the whims of people. From disgruntled employees to industrial espionage to arson to vandalism to theft and to terrorism, there is no shortage of human-based threats to the digital environment. To understand the importance of establishing proper environmental controls over digital resources, think about what a threat to critical supply systems could mean for the world. Computer breaches that bring about terrifying problems like power distribution failure, a communications interruption, or a nuclear meltdown are entirely possible if environmental controls are not well established, monitored, and maintained. Even a single control failure, like a malfunctioning smoke detector, could spell disaster for vital assets like servers and data centers, not to mention the lives of those using them. While it's true environmental controls are as varied as the disruptions they seek to prevent, these three categories are key to an organized and efficient response:

Technical (or Logical) Controls

These controls handle security and can provide automated protection from unauthorized access or misuse. User authentication and antivirus software are both good examples of technical controls. These controls deal with how information is accessed, authenticated, and secured within a network topology. All security controls can be deterrent, preventive, detective, or compensating—it can avoid, prevent, find, and clean up problems—and may include things like firewalls and internet protocols. Organizations use technical controls to make sure the proper people are accessing the information they need, and only that information.

Management (or Administrative) Control

This control is associated with the security policies, protocols, guidelines, and procedures of a system. If a network is infiltrated, who is notified first? Who is called second? Who freaks out last? The list of steps to be followed in the event of such a crisis is what makes up an administrative control. While it's true this security function won't stop a determined hacker, it does set standards for behavior that will help users recover quicker when an incident or disaster occurs. In this way, management control is designed to heighten security awareness and encourage anyone within the environment, including attackers and employees, to make the right decisions.

Operational (or Physical) Control

This control relates to the protection of actual things like hardware, personnel, networks, software, and data from actions and events that could bring about serious damage or loss. It also refers to any kind of geographical access control. Operational control functions like an international border guard: If you don't have the right credentials, like a passport, a visa, or proper travel documents, you don't get in. This focus includes a prevention plan for natural disasters like fire and flood, as well as theft, vandalism, and terrorism. Not all threats to systems are technical; some involve brute force and minimal technical knowledge on the part of the attacker. That's why solid, physical obstacle protection like fences, locks, motion detectors, and video surveillance are important tools of operational security and a valuable partner to online measures. We will talk more about the importance of physical security soon.

Serverless Applications

This term refers to third-party services, like the Cloud, that manage data and other resources. Although technically servers are backing the technology, there is little to no administrative oversight. Serverless computing and applications have helped organizations bridge the gap between rapid development and current demand, giving developers the power to build great apps without having to deal with little problems and OS issues. But while serverless applications save users time and money, they also provide more platforms for attack and make data in transit more vulnerable. In simple terms, each serverless vendor used increases the number of security precautions that must be taken because there is no longer a barrier provided by the server-side application. This criminal evolution will likely be combated by more range in computing abilities and the use of sophisticated encryption and VPN services.

Tokenization

Tokenization is a process that allows sensitive information to be replaced with unique identification symbols that retain all the essential characteristics of the data without compromising its safety. It is based on randomness instead of a mathematical formula, which means it eliminates the use of keys by replacing sensitive data with random tokens. Because the token can be read but not exploited, the data can't be used by hackers, even if they did manage to get it. In fact, tokenization has become so effective, it has become an inherent part of industry standards and government regulations. For example, a credit card company would be crazy to store all their account numbers on a retailer's point-of-sale terminal or in its database once a transaction is completed. That would be like storing all your gold in one measly, old shed. Merchants need to utilize (or outsource) sophisticated end-to-end encryption systems that can provide a tokenization option for converting sensitive card numbers into random "tokens" of value.

Council Certified Ethical Hacker (CEH)

Training: Seek out and identify potential security risks with an organization's IT and networking architecture. Prerequisites: Candidates must have at least two years of information security-related experience. Advantages: It is a great starting point for anyone interested in becoming a security analyst or joining an organization where CEH-type certifications are required. The course teaches valuable skills through hands-on testing and experience. CompTIA Security+ Training: Build a foundational understanding of information security. Prerequisites: A CompTIA Network+ certification and two years of systems administrative experience, preferably with a security focus. Advantages: Great for entry-level professionals who are looking to build a larger skill set. It is a globally recognized certification, approved by the U.S. Department of Defense, that offers the minimum requirements for anyone entering the field. Certified Information Systems Security Professional (CISSP) Training: Design, engineer, and implement information security systems in the workplace. Prerequisites: At least five years of paid experience working in a related field to the CISSP exam subject matter and a common body of knowledge. Advantages: Offers a solid foundation in digital security and is recognized as a significant career boost with regards to hiring and salary. Certified Information Security Manager (CISM) Training: Learn about security management principles and the duties of a system manager. Prerequisites: Five years of related work experience, with three years as an information security manager. Advantages: Because managerial roles are plentiful and necessary, this certification offers candidates a smart way to get a leg up in the hiring process while learning all the necessary skills for the workplace. Certified Information Systems Auditor (CISA) Training: Audit, control, and monitor information technology and business systems through managerial skills. Prerequisites: Five years of related work experience performing duties specifically related to auditing, control, assurance, and/or security. Advantages: Improved employment opportunities and greater influence in the workplace. A highly beneficial certification for anyone working in IT and responsible for monitoring and assessing related systems. All these certifications have different fees and exam requirements. If you are interested in learning more about how you can become an information security professional with the right background, visit some online learning institutions that offer services in these areas.

Cloud Computing

Virtualization is the fundamental technology behind cloud computing, or the delivery of on-demand computing services, from application to storage to processing power. It's a pay-as-you-go internet-based service that uses a network of remote servers to store, manage, and process the data your local server or personal computer would normally handle. So instead of using the hardware and software of your own desktop computer, you can pay for a service that does the same thing in a seamless way, a service that lives somewhere up there in the mysterious "Cloud" that the internet represents. And as an internet explorer yourself, you likely use it all the time. To see this super-techie idea more clearly, let's pretend you are sitting at your desk doing some research. You type a question into the Google browser and wait for the search engine superpower to spit out a speedy and accurate response. But in reality, the results you are waiting for are being accessed and presented by a computer sitting in a faraway city like Dublin, Tokyo, or Moscow. But this perceived sense of distance doesn't affect you, so it's not really a big deal. This is the power of cloud computing: elevated convenience you didn't even know you needed. So, if your own computer can complete these functions well enough, why use the Cloud? Because as a computing service, it provides users and businesses with the ability to store and process their information in data centers around the globe, accessing their data again from any location and saving businesses money and time. In this way, the Cloud offers flexibility for growing businesses, disaster recovery, automatic software updates, increased collaboration among employees, and the ability to work from anywhere.

Killing Data

We now know how to hide our data through encryption and offer it secure passage through networks, but how do we safely destroy it? If certain files and folders have outlived their usefulness, how do we ensure no one ever sees them again? Failure to handle this properly can lead to serious security breaches of information and privacy. When it comes to data, permanently getting rid of something can be trickier than it sounds. Simply dragging a file to the "trash" icon on your desktop is not going to be enough. What about emptying the trash? Nope. Because computers are so comprehensive, data is never completely removed without some extra effort. And because hackers are so determined, your data is never completely safe until it's truly destroyed. Just like an old-school paper shredder, certain strategies must be used to securely wipe it away—for good. Let's look: Overwriting Overwriting is the most common way to get rid of data without leaving behind a residue of information. It simply overwrites the existing media with new data through the use of software. Advantages: Usually a single pass is enough to thoroughly remove it all, as software can be configured to clear specific areas, files, or areas of storage. In this way, it is precise and effective. Disadvantages: It can take a long time to overwrite an entire drive, and it may not address more inaccessible host-protected areas. No real security measures are in place during the deletion process, which means it takes on a level of vulnerability during this period. All in all, it is not foolproof.

Trends and Targets and fads

When there is general movement towards a certain way of thinking or living, it is known as a trend. Shifts in the social process and how people perceive the world around them contribute to the how trends emerge and the shapes they assume. These tendencies or inclinations can affect a zillion different things, from how we act to what we wear to what we eat—and you guessed it, how we approach our digital citizenship. This is an important term to remember because it refers to how someone uses information technology to engage with society, organizations, the government, and other outside entities. For those who use the internet regularly, this responsibility also translates into a code of conduct for how one should behave online, manage personal data, and protect valuable assets. And given the breakneck pace of technological advancements in today's world, this is not always an easy job. As soon as you recognize a boundary in digital security, it moves and has to be reassessed all over again. This makes keeping up with security a challenge, to say the least. And while it's true many people are working hard to become better digital citizens, there are plenty of other individuals who seek only to use emerging technological trends for criminal exploits. Unlike fads, a trend typically affects many people over a longer period of time, essentially carving out certain cultural norms and practices in the process. And for this reason, trends in cybersecurity are particularly important to recognize, mostly because they directly affect the types of attacks on the horizon and the available methods of digital self-preservation. It's also worth noting, however, that these trends are constantly shifting in scope and size, which means they can become outdated in the blink of an eye. So, if we don't assume an offensive position in developing our own cybersecurity, we will soon find ourselves on the defensive.

Controls at Work

Within your computing system, there are many controls at work, the majority of which are configured to provide automated functions. That said, these controls do exist in various "states" of activity which dictate their overall readiness to take on work. In a nutshell: An enabled service control is configured to start when the system boots. A disabled service control is configured to not start when the system boots. An active service control is running and ready to go. An inactive service control is not running but may become active if something tries to use its service. Now that we understand different types of environmental controls, let's spend some time thinking about security tactics. How do they accomplish their tasks? These are the six main methods for safeguarding physical property, data, systems, or other related assets: Deterrent controls discourage possible attackers by putting on a conspicuous show of security. Example? A big, threatening sign on the gate! Preventative controls hinder threats from locating points of weakness, thereby avoiding exploits. Example? The security gate! Detective controls identify when a threat has emerged and is present in the environment. Example? Motion sensors! Corrective controls lessen or remove the effects of a threat before it can do harm. Example? Automated sprinkler systems Compensatory controls take over when the original ones are in trouble or fail; they accomplish as much of the task as possible. Example? A backup generator! Recovery controls return the environment to a normal operating state. Example? Automated refueling of any corrective controls! Together, these approaches establish the basic toolkit for any comprehensive physical security system. They can be mixed and matched to carry out just about any safety objective by using people, processes, and technology to make these controls a reality.

virtual private networks (VPNs)

and the many cool ways they can boost your online privacy and protection. When you access the internet, you are entering a network filled with all kinds of people looking to accomplish all sorts of things—and not all of them are good. A VPN creates an encrypted tunnel through this dodgy territory, so you can move about with confidence and privacy. Normally when you jump online, you are first connected to your Internet Service Provider (ISP) who then links you to whatever website or internet resource you wish to visit. As a result, all of your internet traffic passes through your ISP's servers and can therefore be viewed by your ISP (and a lot of other people). But a VPN allows a user to first connect via encryption to a private server, which means all their data is traveling in hidden form. Encryption will be explored further in coming units—but for now, just remember it is the method of encoding plaintext and other types of data so it cannot be read without an authorized decryption key. First developed as a way to provide remote users with secure access to applications and other resources, a VPN is now available to the average person who doesn't have a private network but still wants increased privacy and protection. As a service, it essentially extends this privilege by enabling users to send and receive data across shared or public networks through a secure connection. In the simplest terms, this creates a safe path between your computer and the remote server of the VPN. And in this way, the user benefits from the protection of this private network and can: Safeguard communications Keep internet activity private Access some restricted resources Evade censorship from outside forces Camouflage their geographical location Use public Wi-Fi hotspots without fear of an untrusted network Protect personal information from exposure to unknown entities But even the most well-defended fortress in the world has vulnerabilities, so it's important to understand the limitations of any safeguard. While a VPN will certainly increase a user's privacy and security, it cannot guarantee complete anonymity, because the provider still knows who you are. Although the service may claim to use "no logs"—otherwise known as what you get up to on the internet— it's hard to really know for sure how much monitoring goes on. Just remember, anything you do on the internet requires a certain level of trust—that's what it's all about. Anytime you shift your trust from one entity to another, you must reassess the integrity of that new medium or platform. And as a result, you need to choose your VPN provider carefully, as many services are not nearly as private or trustworthy as they appear.


Set pelajaran terkait

Counseling Research Midterm Review

View Set

LOS1/16reported speech&passive voice MODERNno true perfect CHART SEPARATING IMPERFECT SUBJUNCTIVE TENSE FROM fluentu.com's summary reviewing past perfect subjunctive -separating MODERN#20STATES=?studyspanNEAR future & SIMPLE #99studyspanish=MODERN51STATES

View Set

NUR 316 | Chapter 57: Drugs Affecting GI Secretions

View Set

fin 240 kaplowitz worksheet 20.3: contracts for the international sales of goods

View Set

INS312 Chapter 7-Variable life insurance

View Set

OB exam #2 (chapters 17,18,23,24,15,16)

View Set

Knopman Ch. 2 - The Nasdaq Stock Market

View Set

ASCL Possible Interview Questions

View Set

Essen Nutrition Ch 3-5 Questions Exam

View Set