This is an entry-level overview of the process and proceedures, technologies and tools of network security. It is divided into 17 lessons plus a final analysis test.
Analysis tests have no explicit right or wrong answers. Rather, they are intended to make you think about the issues covered in each lesson and apply those issues to come to a solution to the problem presented. There may be multiple "correct" answers but what is most important is how you arrive at your solution. Remember; the most important word in your vocabulary is "WHY". You always want to ask "why" as you think about solving the problem presented to you.
The text we will use is an entry-level text complete with "test yourself" questions along with answers. I suggest that you do these and check to see if you answered correctly. If you did not, try to figure out why not and call on me if you need some coaching. The text and where to get it is in the first lesson.
This is an "at your own pace" course but I suggest that you keep the pace as steady as you can - work schedule permitting, of course - so that you won't forget concepts from lesson to lesson. A lesson does not necessarily follow the chapters in lock-step. I have broken some chapters up to ensure that technical concepts are not coming atyou so fast that you cannot absorb them.
Along with the text and questions, I will write a short lecture for each lecture. These lectures are intended to put the chapter material in context and clarify areas in the text where my experience suggests that students have a challenging time understanding. The lectures do not, however, regurgitate the text. You cannot get by just reading the lectures and skipping the text.
You analysis questions are graded on a 1.0-4.0 scale and the lesson questions are worth 60% of your final grade with the final analysis question being worth 40%. Grades are important. They tell us how we are doing, what we need to focus on a bit more and they give the final outcome credibility. However, don't get hung up on grades. I tend to be pretty liberal when grading. I am looking for your general understanding and thinking process, not for absolute pin-point answers. The analysis questions are part of the overall learning process and they help you apply what you've learned. That helps you see the value of the lesson rather than viewing it as just so much scattered information. If this course does not help you in your day-to-day work with network security we both have wasted our time.
Good luck... and welcome.... glad to have you aboard!!
--Dr. Peter Stephenson, CISSP (ret)
Welcome! This is the first lesson in Introduction to Network Security. Your text is Network Security first-step by Tom Thomas and Donald Stoddard. Its ISBN is 1-58720-410-X and you can find it on Amazon.
Each lesson will have a reading assignment, a short written lecture for you to read that will give you the context for the chapter (read the lecture first to get an idea of what the chapter(s) is/are about) and some review questions for you to answer selected from the chapter. There are answers to those questions so you can "test yourself" to see what you got from the reading.
Finally, I will have a real-world analysis question for you to answer - essay style - and that I will grade on a 1.0 - 4.0 scale.
Feel free to ask questions any time - email to me is usually best - firstname.lastname@example.org.
Your reading assignment in the text for this lesson is Chapter 1 - There be Hackers Here.
This first lesson introduces you to hackers, their motivations and, in general, how they operate. Understanding the adversary is a critical aspect of network security. Sun Tzu, the greatest (arguably, of course) general in history of China gave this advice: "If you know the enemy and know yourself, you need not fear the result of a hundred battles." He followed up with, "To know your Enemy, you must become your Enemy." Of course, this means thinking like the adversary.
Probably the leading motivation for hackers is money. Back in the day hackers hacked for fame - "street creds" - but today that is one of the lesser motivations and, certainly, the bulk of those with this motivation are "script kiddies", generally ill-prepared to be a real threat. That does not mean, however, that they cannot be a real factor in cyber attacks. They are not, usually, the ones who keep us awake at night wondering what nefarious schemes they'll come up with next to worm their way into our enterprises.
There are, indeed, state-on-state actors and this suggests cyber warfare. While this certainly is a fact of our existence, we are more commonly concerned with straight-forward fraud and theft. There are two basic types of adversary, then: the thieves and the espionage agents. The thieves will steal payment cards, email databases, crypto currency - in fact, anything that can bring them revenues on the black market that I will refer to throughout this course as the "computer underground" or, just "underground".
Espionage agents either are state actors (a cyber criminal usually is referred to as an "actor" and we will meet quite a few during this course) or are in the employ of a government as a sort of cyber contractor or mercenary. Generally, we are not too concerned about these folks in the private sector unless we are a government contractor. For example, it has been widely reported that Chinese hackers stole sensitive plans for a Navy underwater weapon system. If true (June 2018) this is cyber espionage and the actors either are Chinese state actors or cyber mercenaries working for the Chinese. We must be cautious about jumping to that conclusion, though, because it is very easy to spoof the attacking location to make it look as if the actor was coming from China.
Here, I am going to clarify the term "hacker" and what I mean by it. "Hacker" is not, of itself, pejorative. A hacker is a clever, skilled computer/network specialist whose strength lies in his or her ability to think creatively, solve complex computing problems and use the most advanced aspects of computing, networking and coding quickly and elegantly. All actors are not hackers and all hackers certainly are not malicious actors.
Targeting is another issue this lesson addresses. Today, except in very specific circumstances, most compromises are the result of finding targets of opportunity. Actors scan the Internet constantly for "low-hanging fruit". These scans are automated and run day and night, probing and poking at IP addresses to find vulnerable systems. Typically, they probe for a specific vulnerability rather than scans of all services running on the computer. When a vulnerability is found the computer becomes a target and further probing continues to qualify it - or not - as worth more attention. The trick for defenders is not to become such a target of opportunity.
The adversary has long known that the easy way to penetrate a system is from the inside rather than beating its door down. The best example of this is phishing attacks where an email blast - much like the constant scanning - goes out somewhat randomly. The email contains the means to compromise the target - an infected file attachment, perhaps, or a malicious link - and the compromise begins from the inside. Perimeter defenses are of no particular use in this case. There are other similar means, of course. For example, "drive-by" attacks use infected web sites to compromise a visitor's browser. Watering hole attacks lure the victim into downloading an infected file. We will discuss the mechanics of malware infections at another time but for now, while most attacks are automated, the malware may or may not be involved or, if it is, it may enter the picture in a later stage of an attack started manually or, more commonly, with some sort of automation or script.
That should get you started for this first lesson. Remember, when you are finished it is useful to answer the practice questions at the end of the chapter and then I will put up the analysis question. Enjoy!!
To be obtained from your instructor.