In this episode, you will learn about defining business risks.

In this episode, you will learn about threat actors and the CIA security traid.

The CIA security triad (confidentiality, integrity and availability) describes how solutions such as encryption, hashing, and data backups can address potential attack vectors that might be exploited by threat actors.

With the ever-changing IT threat landscape, how can you keep up with the latest security issues? Threat intelligence refers to the wide variety of open-source intelligence (OSINT) and proprietary IT security sources that use standards such as STIX and TAXII for cybersecurity intelligence sharing.

A risk management framework aids in identifying and managing risk and is sometimes required for compliance with data privacy regulations such as GDPR and HIPAA. Organization security policies are often influenced by data privacy regulations.

Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM) define what typesQ of security controls to put in place to mitigate risk both on-premises and in the cloud. The specific type of attack vector determines whether managerial, operational, or technical controls should be deployed.

How can you determine whether assets are adequately protected from threats? One way is running periodic risk assessments to address the ever-changing threat landscape to define the likelihood and impact of security incidents.

Is the cost of a security control justified? A quantitative risk assessment uses various calculations against an asset to determine the maximum yearly spend for protecting that asset.

The same risk can have a different impact to various organizations. Qualitative risk assessment use subjective priority ratings for risks rather than dollar values.

Security must be applied to all phases of the information life cycle, from collection to its eventual archiving and deletion. This includes data security techniques such as tokenization and masking while considering how laws apply to data based on its location (data sovereignty).

Digital data resides on physical storage devices. Secure storage media disposal mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, must be put in place to ensure sensitive data cannot be retrieved by unauthorized users.

Threats are executed by a variety of different threat actors, each type having a different motivation for executing attacks. This episode presents a scenario where correct type of threat actor must be selected.

When storage media has reached the end of its useful life, data must be wiped from it in a secure manner which can include using some built-in operating system tools. Linux administrators can use the dd command to wipe disk partitions by overwriting them with random data.

The use of social media platforms has skyrocketed in recent years. Organizations must take the appropriate steps to ensure that sensitive data is not leaked through this mechanism.

Cryptography is the practice of disguising information in a way that looks random. This episode explores the history of cryptography and how it has evolved into the complex systems today.

Hashes provide assurance of data integrity using fascinating mathematical calculations. Passwords are a very common use for hashing.

In this episode, Mike explains how encrypted information is at risk and explores ways to protect it.

Passwords are often stored in hash format but can still be susceptible to attacks. The various password attacks include brute force, dictionary, and rainbow table. Salting and key stretching add another layer of security to hashed passwords.

Dan demonstrates how to use a password cracking tool to turn hashed passwords into cleartext.

Protecting sensitive data can be done using many techniques. In this episode , the viewer is tested on the best security control for a given scenario.

Multifactor authentication should always be used for administrative accounts. In this demo, SSH public key authentication is configured for a Linux host.

Digital cryptocurrencies provide a centralized public way to pay for goods and services. This video explains the relationship between cryptocurrency, public ledgeres and the blockchain.

Physical security matters because all digital IT systems and data rely upon physical equipment somewhere.

This episode covers physical security controls such as door lock types and bollards, as well as encryption of data at rest.

Limited access to network computers can prevent malicious actors from installing components such as hardware key loggers, which can capture all user keystrokes and make them available to an attacker over a Wi-Fi network.

Computing equipment must be kept at the correct temperature and humidity levels to function efficiently. This episode covers air flow management using hot and cold aisles as well as environmental monitoring.

IT systems are greatly affected by physical security. This episode presents a scenario in which only some security controls effectively mitigate a security problem.

A full IT security audit always includes physical security. In this episode, physical security considerations are presented.

Some physical security controls protect physical property which includes harware IT devices. In this episode, IP cameras and CCTV are discussed.

Authorization to access resources occurs after the successful proving of one’s identity through authentication.

Multifactor authentication (MFA) hardens user sign-in by requiring more than one factor, or category of authentication, such as something you know combined with something you have.

What role does authorization play in identity and access management (IAM)? Authorization relates to resource permissions granted to a security principal such as a user or device.

The 3 As – authentication, authorization, and accounting/auditing, play a big role in IT security. Tracking activity through auditing provides accountability for access to resources such as files on a file server or database rows.

Have you ever had trouble remembering usernames and passwords for multiple web apps? Password vaults serve as a protected credential repository in addition to common authentication methods such as one-time password codes, certificate-based authentication and SSH public key authentication.

Controlling access to resources begins with policies governing how credentials are managed. Permissions to use resources can be configured through attribute-based access control (ABAC), role-based access control (RBAC), discretionary access control (DAC), and for high security environments, mandatory access control (MAC).

Accountability for resource access is possible only with people using their own unique user accounts where the principle of least privilege has been applied, ideally through group-assigned permissions. Account policies can determine conditions that allow or deny resource access, such as the location of a user.

Older network authentication protocols such as password authentication protocol (PAP) and challenge handshake authentication protocol (CHAP) have been deprecated in favor of protocols such as Kerberos and extensible authentication protocol (EAP). Variations of the RADIUS authentication protocol are still used to authenticate users and devices to networks.

How can authentication be removed from individual apps? The answer is identity federation, which uses a centralized identity provider that is trusted by resources, such as Web apps, and can also support single sign-on (SSO).

There are a variety of ways in which user authentication can be implemented prior to allowing the user access to the Internet. This question presents a scenario that requires a user to sign off on the terms of agreement before gaining Internet access.

User and group management in Linux can be performed at the command line. This demo makes use of the useradd and groupadd commands to create authentication identities.

Authentication can be configured and managed within a single organization to control access to IT resources. This episode covers identity federation and its relationship to identity and resource providers.

The command-line interface (CLI) allows technicians to interact with Windows, Linux, and macOS systems by typing in commands such as ping and ipconfig. Windows uses a command prompt, macOS uses a terminal shell and Linux can use a variety of shells including bash. Microsoft PowerShell is an object-oriented CLI supported on Windows, Linux, and macOS.

Shells allow technicians to enter commands, such as a Linux bash shell or a Windows command prompt. Reverse shells are the result of infected victim machines that reach out to an attacker station.

The Windows Command line is spawned by cmd . exe. Security technicians can automate tasks using batch file scripts containing commands such as whoami and ipconfig. Powershell.exe can be spawned from a Windows command prompt in order to use PowerShell cmdlets.

Is there a better way to automate operating system commands than through scripts and text manipulation? Yes! Microsoft PowerShell is an object-oriented cross-platform command environment that uses a verb-noun type of syntax, such as with the Get-Service cmdlet.

A Linux shell is a case-sensitive command line environment that supports scripting and comes in various flavors including bash, Korn and C shells.

How do attackers discover networks and hosts? Network scanners such as Nmap are used by attackers as well as legitimate security technicians to perform network reconnaissance.

Nmap is the most commonly used network scanning tool. Scans can be saved as XML files. Nmap can be used at the command line but it also has a frontend GUI named Zenmap.

Network traffic can be captured, saved, and analyzed using a properly placed hardware or software network protocol analyzer such as the free Wireshark tool. Capture analysis can result in identifying indicators of compromise or the use of insecure protocols.

Wireshark is a free open-source network traffic analyzer that can capture, analyze, filter, and save captured network packets.

tcpdump is a built-in Unix and Linux command-line tool that can capture, analyze, filter, and save captured network packets.

Log files can provide valuable insights related to suspicious network, host or application activity, but only if log file integrity can be ensured. Centralized logging in the enterprise on a secured logging host ensures an accurate copy of log files can be used for security and performance analysis.

Network infrastructure and host and application logs can be stored centrally such as with Linux or Windows log forwarding. This can then be fed into a centralized log ingestion and analysis system, otherwise called SIEM.

In this episode you will learn all about cybersecurity benchmark tools.

Centralized Linux log hosts can be configured using the rsyslog daemon on Linux hosts.

Managing Linux host authentication can involve the use of many command-line utilities. This episode focuses on the sequence of steps needed to enable SSH public key authentication.

Shell scripts contain Linux command that can be invoked simply by calling upon the script name. In this demo, a simple utility menu loop is created in a bash shell script.

IT network reconnaissance begins with discover hosts and services on the network. This episode uses the nmap command to map out hosts on the network.

Malware is malicious software that comes in many different shapes and sizes. This episode tackles examples of malicious code and how it related to Visual Basic for Applications (VBA).

Malicious software is referred to as malware and includes various types including ransomware, fileless viruses, worms, keyloggers, and trojan horses. Infected computers that periodically contact command and control servers are called bots or zombies.

A lack of secure configurations for networks, devices, and hosts results in an increased attack surface. Default settings, especially credentials, should not be used. Deprecated security protocols such as WEP and SSL should also be avoided.

Staying up-to-date with the latest types of security attacks is form of attack mitigation. Keeping systems hardened helps protect against zero-day attacks. Software develops must adhere to secure coding practices to ensure deployed code does not contain security flaws.

In this episode you will learn about overflow attacks.

Username and password authentication remains common, as do related dictionary and brute-force attacks. Account lockout threshold can mitigate password attacks other than password spraying attacks.

Distributed Denial of Service (DDoS) attacks use collections of infected bots, or zombies in a botnet, to flood victims hosts or networks. Bots periodically contact a malicious-user controlled command and control server.

Data availability, including through disk redundancy, is an aspect of IT security. There are various RAID levels that organize physical disks together to provide performance and/or fault tolerant benefits.

All IT solutions, in the end, run on hardware somewhere. Restricting physical access to IT hardware such as through locked server rooms and encryption of data at rest provide a layer of security.

In the enterprise, endpoint detection and response solutions report to a centralized SIEM solution when abnormal activity, including malware, is detected on hosts and devices. Intrusion detection and prevention systems (IDS/IPS) are the engine for this type of solution and can be configured with allow/deny lists.

In this episode you will learn about securing data with encrpytion.

Monitoring the network for intrusions is paramount to ensure a timely mitigation. This episode presents a monitoring scenario that requires the view to identify which type of attack took place.

RAID configurations can enhance the performance and availability of stored data, depending on the level of RAID used. In this demo, software RAID level 1 (disk mirroring) is configured in Linux.

In this episode you will learn about secure enclave lab in macOS

Securing hosts properly should involve both a proactive and a reactive approach. This episode discusses what can be done about zero-day attacks.

Data are not all the same. Whether data are at rest, in use, or in transit will affect how you can best secure it.

Data are not all the same. Whether data are at rest, in use, or in transit will affect how you can best secure it.This episode introduces various methods used to protect the critical keys in cryptography that keep communication secure.

In this episode, Mike describes encrypting and decrypting data with the same key. He also covers how symmetric algorithms can either be block or streaming and use various types of ciphers depending on which one is used.

Symmetric block algorithms have limitations depending on which kind of cipher is used. This episode explores the different block modes.

In this episode, Mike describes encrypting and decrypting data with different keys and the magic that happens when key pairs are generated.

Digital certificates are used in many different places to verify the identity of a public key owner. They can also include verification from third parties for an added layer of security.

Web of trust is a mostly outdated method of proving identities, however it is helpful to understand as the predecessor of public key infrastructure (PKI) which is widely used today.

In this episode, Mike discusses public key infrastructure (PKI), used to enable commerce and other secure activities over the Internet.

Mike reviews different types of certificates including Web, e-mail, code-signing, machine/computer, and user.

Mike tours various certificates in this episode.

In this episode you will learn about network architecture planning.

Is there a standard model for describing and mapping network hardware and software? Yes, the 7-layer conceptual OSI model! Understanding network security and selecting the appropriate security solutions requires a solid understanding of the OSI model.

ARP is used to resolve an IP address to a 48-bit hexadecimal hardware MAC address. Attackers with network access can fraudulently send ARP updates to hosts in order to force network traffic through the attacker station.

Layer 2 of the OSI model (Data Link layer) accessing network media and addressing using MAC addresses. MAC address flooding attacks and broadcast storms can be mitigated with network switches configuring with BPDU and STP.

Which security considerations are important when planning your network design? IP addressing and network segmentation using screened subnets can be used for hosting public servers. VLANs can improve network performance and provide network isolation for security purposes.

In this episode you will learn about zero trust network access (ZTNA) 2.0.

Active/active and active/passive load balancing can efficiently route client application requests to backend servers. Load balancing improves application performance and resiliency to a single application server failure.

Securing networks restricts access to the network while securing services on the network. 802.1x network edge devices can limit network access. Rogue DHCP servers can be mitigated with DHCP snooping configurations. Secure remote server management is possible using a jump box/bastion host which has both public and private network connections.

How can malicious attacker and malware activity be monitored without allowing the compromise of production systems? Honeypots are fake decoy systems designed to attract malicious activity for the purpose of logging and tracing activity.

In this episode you will learn about static and dynamic code analysis.

Packet filtering firewalls apply to layer 4 (Transport layer) of the OSI model and examine only packet headers to allow or deny network traffic. Content filtering firewalls apply to OSI layer 7 (Application layer) and can examine packet headers as well as content to allow or deny traffic. A Web application firewall (WAF) protected Web apps from common Web application attacks.

Forward proxies sit between internal user devices and the Internet and fetch Internet content on behalf of internal users. Reverse proxies map public network service IPs to private IPs; they route client requests for a network service to the backend server private IP.

In this episode you will learn about web filtering.

Network address translation (NAT) maps external public IPs to internal private IPs to protect the true identity of servers. Port address translation (PAT) allows multiple internal network clients with private IPs to access the Internet using a single public IP assigned the NAT device public interface.

The IPsec network security protocol suite can be used to secure any type of network traffic through integrity, authentication and encryption. Many VPNs use IPsec to establish an encrypted network tunnel.

In this episode you will learn about SD-WAN and SASE.

VPNs provide an encrypted network tunnel over the Internet to provide secure access to a remote network. Client-to-site VPNs allow individual device access where site-to-site VPNs can securely link branch offices over the Internet or securely link an on-premises network to the cloud through a L2TP or TLS VPN.

Intrusion detection can detect, log, report, and send alerts when suspicious activity is detected on a host or on the network, whereas intrusion prevention can be configured to stop the suspicious activity. Anomaly detection can be signature-based or heuristic/behavior-based. Unified threat management (UTM) solutions combine firewall, IDS, IPS, and other security functions.

Address Resolution Protocol (ARP) is used by the TCP/IP protocol suite. This episode discussed ARP poisonning attacks and potential mitigations.

An Intrusion Detection System (IDS) is designed to detect suspicious network or host activity and then log or notify the incident. In this episode, the Snort IDS is configured and tested in Linux.

Secure Sockets Layer (SSL) has long been used to secure network communication on LANs and WANs. This episode discusses how Transport Layer Security (TLS) supersedes SSL in addition to continued backwards-compatibility support that remains for SSL.

Securing Wi-Fi networks is crucial since physical access is not required to gain network access. In this video Wi-Fi security standards such as WEP, WPA, and WPS are discussed.

While there are many wireless network standards, which ones are designed for close proximity? This video covers RFID, NFC and Bluetooth wireless network communications.

Optimizing Wi-Fi communication means ensuring there is proper coverage over a given area and that there are no wireless interference issues from other transmitting devices. A wireless site survey with a heat map can identify overlapping Wi-Fi channels or wireless dead spots where connectivity may need to be improved.

Is your Wi-Fi network completely invisible if you disable SSID broadcasting? No! Periodic beacon frames are still sent wirelessly with the WLAN name field excluded. Freely available tools can be used to discover and crack WEP and WPA passphrases.

One way to crack WPA2 passphrases is to de-authenticate an existing connected client, then capture and analyze the client re-authenticating. This episode will demonstrate how to perform an offline dictionary attack using a WPA2 authentication packet capture file.

There are many options for securing Wi-Fi networks. Disabling items such as WLAN name broadcast, DHCP, and public network management are the first consideration. Using WPA3 enterprise mode and changing default settings also help harden your Wi-Fi network.

Malicious users will often mimic legitimate services in an attempt to trick unsuspecting victims into connecting to the service. This episode presents a scenario where the viewer must determine what type of attack has taken place.

Wi-Fi Protected Access (WPA) protects Wi-Fi network communications. This episode demonstrates how there are ways to crack a WPA2 using offline attack methods.

Some wireless networking attacks involve deception. In this episode, Mike describes how there are variations of Evil Twin attacks including through DNS.

Public servers offer services to Internet users. These servers should be hardened and placed on an isolated network such as a screened subnet or DMZ so that in the case of compromise, lateral movement by the attacker will not allow access to other sensitive hosts.

Public servers are subjected to many types of attacks that can be mitigated by hardening the network and host using a wide variety of methods. This episode covers common attacks include DDoS, URL hijacking/redirection, session replay, and pass-the-hash.

In this episode you will learn about DDos attacks in the real world.

Modern software development often uses application containers which serve as a logical boundary for app files and settings outside of the operating system. This episode also covers software-defined networking (SDN).

Hypervisors are servers configured to host virtual machine guests. This episode will discuss Type 1 and Type 2 hypervisors as well as hardening.

Virtualization alone does not constitute cloud computing; a number of characteristics such as resource pooling and metered usage must also be involved. This episode discusses public, private, hybrid and community clouds.

Cloud computing services are categorized using the term “as a service” (aaS). This episode discusses IaaS, Paas, SaaS, and where responsibility lies for each type of service.

Cloud security is generally split between the Cloud Service Provider (CSP) and the cloud tenant, depending on which type of cloud service is being used. Security solutions include firewalls, data loss prevention tools as well as a Cloud Access Security Broker which enforces cloud computing security policies.

Public servers can be hosted as virtual machines in the public cloud. In this episode, a scenario is presented where a virtual machine requires access to specific cloud-based resources.

Containerized applications are self-contained boundaries consisting of only application files, not an operating system. This demo shows how to work with Docker containers on the Linux platform.

Virtual machines, often referred to as instances, are widely used both on-premises and in the cloud. This episode tackles issues related to being aware of deployed instances in the interest of reducing the attack surface.