Cybersecurity Basics: Threats, Hardware & Networks

The journey a computer takes the moment you press the power button. Electricity wakes up the components, and the BIOS or UEFI firmware runs a system check, called POST, to make sure the hardware is working. Once everything passes inspection, the firmware loads the operating system from storage into RAM. The OS then activates background services until the login screen or desktop appears, signaling that the system is ready. The slide also notes that attackers sometimes target this stage with hidden malware such as bootkits or rootkits.

The main building blocks of a computer. The CPU is described as the brain that performs calculations and runs instructions, while RAM is portrayed as the short term memory that temporarily holds data in use. Storage, such as an SSD or HDD, is explained as the long-term memory where files and programs are kept. The motherboard is shown as the central circuit board that connects all components, and the network card is highlighted as the gateway that allows the computer to communicate with networks and the internet.

The role of the operating system in keeping everything running smoothly. It explains that the OS schedules tasks by dividing CPU time among applications, manages memory by deciding what stays in RAM, and controls file access and permissions to maintain security. It also notes how applications are structured into processes and threads to handle multiple tasks. Importantly, it highlights how malware can disguise itself as normal processes to avoid detection, showing the constant tug of war between system management and cybersecurity threats.

The difference between a standard user, who can carry out everyday tasks, and an administrator, who has full control to install software, change settings, and access protected files. This power makes admin accounts a prime target for attackers, who often attempt to gain these privileges through a tactic called privilege escalation. Permissions are described as a vital layer of security that controls who can do what, and the slide encourages using standard accounts for day to day work to limit potential damage if something goes wrong.

We tie everything together by showing why understanding the inner workings of a computer matters for security. I explains that attackers rely on users not noticing what is happening behind the scenes, which allows malware such as rootkits, keyloggers, and bootkits to remain hidden. By learning what “normal” looks like, users can better spot unusual activity like slowdowns, errors, or strange network behavior. The message is clear: the more you understand your system, the harder it is for attackers to remain unnoticed or deceive you.

In this demonstration, I use the website BuildCores.com to virtually assemble a computer step by step. Each component is introduced, placed, and explained so the audience can see not only where it physically fits but also what role it plays inside the system. For example, the CPU is highlighted as the “brain” of the computer, RAM as the short-term memory, storage as the long-term memory, the motherboard as the central hub that connects everything, and the power supply as the unit that brings it all to life. By the end of the demo, viewers have a clear visual understanding of how individual parts come together to form a working PC and why each one is essential.

In this demonstration, I use Pranx.com’s BIOS simulator to walk through what the BIOS is and why it matters in the bigger picture of how a computer starts. The demo shows how the BIOS acts as the system’s initial control center, waking up the hardware and preparing everything for the operating system to load. I guide the audience through the different options that appear in a BIOS menu, such as boot order, system information, and hardware settings, explaining what each one does and why a user might adjust them. This helps demystify what is usually a hidden part of the computer, showing how it plays a crucial role in bridging the hardware and the software.

In this demonstration, I introduce the concept of a virtual machine (VM) and explain why it is such a powerful tool in both IT and cybersecurity. A virtual machine is essentially a computer within a computer, created and managed by virtualisation software such as VirtualBox. I explain how VMs allow us to run multiple operating systems on the same hardware, making them useful for testing, training, and isolating risky tasks. From a cybersecurity perspective, ethical hackers use virtual machines as a safe sandbox environment where they can practice penetration testing, experiment with tools, or analyse malware without putting their main system at risk. This separation between the virtual and physical machine shows why VMs are a cornerstone of modern security learning and research.

I defines what an IP address is, describing it as a digital home address that allows devices to find and communicate with each other online. Every device that connects to a network, including phones, laptops, and smart TVs, has an IP address. The document explains there are two main types, IPv4 and IPv6, with IPv6 being introduced to address the depletion of IPv4 addresses. It also clarifies the difference between a public IP, which is visible to the internet, and private IPs, which are used for devices to communicate within a local network.

I discusses ports and protocols. Ports are described as numbered entry points on a device for different types of network traffic, with examples such as web browsers connecting on ports 80 or 443. Protocols are presented as the communication rules or shared languages that ensure devices talk reliably, with HTTP for websites and FTP for file transfers given as examples. The text notes that different services use specific ports, such as websites on ports 80 or 443, email on 25 or 587, and DNS on port 53. It also mentions that one device can run multiple services on different ports without conflict and that ethical hackers use tools like Nmap to scan for open ports and potential security risks.

I explains the function of DNS (Domain Name System), referring to it as the internet's phonebook. It translates easy-to-remember domain names like example.com into numerical IP addresses that computers use. DNS servers help browsers quickly locate websites and also support other internet services like email by resolving domain names for mail servers. To speed up browsing, DNS servers and devices temporarily save recent lookups. The page concludes by noting that features like DNSSEC improve internet reliability and security by verifying responses to prevent hackers from redirecting users to malicious websites.

I outlines the differences between LAN, WAN, and the Internet. A LAN (Local Area Network) is a small, private network typically covering a single building or home, offering faster and more secure connections due to shorter data travel distances. A WAN (Wide Area Network) connects multiple LANs over large distances, used by businesses to link offices in different cities or countries. The Internet is defined as the biggest WAN, a global network that connects millions of LANs and WANs worldwide. Both WANs and the Internet rely on shared public infrastructure like cables and satellites, which can result in varying speeds and security.

I describes the process of a "ping," which is referred to as the "digital echo". When you ping a device, your computer sends a small data packet called an ICMP Echo Request. If the target device is reachable, it replies with an ICMP Echo Reply packet, confirming receipt. The time it takes for this round trip is measured to determine the latency. This process is used to diagnose network connectivity and response times and to identify potential network problems like packet loss.

I lists several tools of the trade for network security. Snort is a tool that monitors network traffic and alerts you to suspicious activity. Suricata, which is similar to Snort but faster, detects and blocks real-time threats . pfSense is a free firewall that controls data entering or leaving a network. AlienVault OSSIM combines multiple tools to provide a comprehensive view of a network's health and threats. Zeek (formerly Bro) observes network activity to spot unusual or malicious behaviour. Finally, Security Onion is a complete package that includes tools like Snort and Zeek for effective network monitoring and protection.

I begin by looking at ICMP traffic by running a simple ping command. You'll see how Wireshark captures these packets and how we can filter the display to see only the ICMP Echo Request and Echo Reply messages. This will show you how ping works to check if a device is online.

Next, we'll demonstrate how to effectively filter traffic. You'll learn how to apply filters by IP address to focus on the traffic to and from a specific device. We'll also apply a filter for a specific protocol, such as HTTP, to isolate all web traffic.

Finally, we'll take a closer look at the content of the packets by inspecting HTTP traffic. You will see how Wireshark can reveal details like the request method, host, and other unencrypted information, highlighting the kind of data that can be seen over a network.