5 takeaways from the book: Cybersecurity — Attack and Defense Strategies
I’ve been given a review copy of this book, and here’s 5 takeaways:
1. Malware can lie dormant for years before being active.
The Iranian nuclear facility was infected by Stuxnet, a malicious computer worm. It was discovered in 2010 after residing within the facility’s network for a year.
It’s method of operation is pretty sophisticated. It was injected and spread around with USB thumb drives, since there wasn’t internet connection. It runs on Windows and targets only a specific type of SCADA control software by Siemens.
2. Kali Linux is a must-have toolkit.
Kali Linux is an operation system that comes pre-installed with different programs for reconnaissance, exploitation, and privilege escalation.
Popular tools are: Tcpdump, Nmap, Hydra, Wireshark, Metasploit, and Aircrack-ng.
3. Red Team for cyber attack strategies, Blue Team for cyber defense strategies
The Red Team will perform an attack and penetrate the environment in order to find vulnerabilities and exploit them in order to gain access to the company’s assets.
Members of the Red Team must be composed of highly trained individuals with different skill sets and be fully aware of the current threat landscape for the organization’s industry. They must have coding skills to create their own exploit and customize it to better exploit relevant vulnerabilities that could affect the organization.
The Blue Team needs to ensure that the assets are secure and if the Red Team finds a vulnerability and exploits it, they need to rapidly remediate and document it as part of the lessons learned.
The Blue Team members should also have a wide variety of skill sets and should be composed of professionals from different departments.
The Blue Team and the Red Team’s work doesn’t end when the Red Team is able to compromise the system. There is a lot more to do at this point, which will require full collaboration among these teams to provide a comprehensive report on the method of exploitation used and risks to the organization’s assets.
4. Vulnerability management using network scanners
Use vulnerability management tools to scan for vulnerabilities on both on-premise and cloud platforms. Here are some popular tools:
Nessus — most popular commercial network vulnerability scanner developed by Tenable Network Security.
OpenVAS venerability scanner — a free, full-featured vulnerability scanner.
Acunetix — leverages the OpenVAS scanner to provide comprehensive network security scans.
InsightVM — uses advanced analytics to discover vulnerabilities in a network, pinpoint which devices are affected, and prioritize the critical ones that need to be attended to.
5. Always be prepared
Your systems are not considered secured unless you have performed the following actions:
- Reviewed your security policy, on both human and non-human assets.
- Treated your networks as zero trust networks.
- Installed intrusion detection and prevention systems in place.
- Leveraged threat intelligence tools to investigate suspicious activities.
- Threat hunting and investigating compromised systems.
This book is available for purchase on Amazon.
As an Amazon Associate I earn from qualifying purchases.
