Cybersecurity Fundamentals

Introduction
Unit 1: Computing Security Concepts and Problems 1
Upon completion of this unit, you will be able to:

 Define cybersecurity and the responsibilities of cybersecurity professionals

 Identify types of hackers and their motivations

 Explain how vulnerabilities are identified and addressed

This unit contains the following learning activities:

Video Lectures
(mm:ss) indicates the time for video lectures

 Defining Cybersecurity (4:01)

 Vulnerabilities (3:57)

 Personal Security (2:50)

 Who are the Hackers? (3:21)

 Data Breaches (6:30)

 Rising Cybersecurity Threats (2:46)

Additional Resources

 Computing Security Concepts and Problems 1

 Data Breaches

 The TCP/IP Guide: This free online guide to the basic communication language and protocol of
the internet contains clear information on many of the concepts covered in this course.

 Breaking: Ransomware

Activity and Discussion

 Survey: Your cybersecurity habits

 Word Cloud: Where are threats coming from?

 Discussion: Your role in cybersecurity

 Cyberthreat Maps

Graded Unit Quiz

Computing Security Concepts and Problems 1 Quiz

>> If you know the enemy, and know yourself, you need not fear the result of 100 battles.

If you know yourself, but not the enemy, for every victory gained, you'll also suffer defeat.

If you know neither the enemy nor yourself, you will succumb in every battle.

These ideas come from Chinese General and Philosopher, Sun Tzu's, The Art of War,

ADDITIONAL RESOURCES
These news stories and articles can give you more detail on many of the topics covered in the videos.

General
World's Biggest Data Breaches, Information is Beautiful

11 Steps Attackers Took to Crack Target, CIO.com

Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid, Wired

2017 Cyber Risks to Intensify as Hackers Become More Cunning: Report, Energi

Defining Cybersecurity
The Security Mindset, Schneier on Security

Cybersecurity unemployment rate at zero, SC Media

Vulnerabilities
Network live IP video cameras directory, Insecam.org
This website lets you view video from unsecured cameras around the world

For each story I mentioned in the video:

Hackers Remotely Kill a Jeep on the Highway—With Me in It, Andy Greenberg, Wired

With 'recall,' Fiat Chrysler makes its car hack worse, Colin Neagle, Network World

Florida man wins over 1 million miles for hacking United Airlines, Jack Corrigan, WGN TV
Computer hackers can now hijack toilets, Sarah Griffiths, Daily Mail

Baby monitor hacker delivers creepy message to child, CBS News

It’s Insanely Easy to Hack Hospital Equipment, Kim Zeller, Wired

It’s Way Too Easy to Hack the Hospital, Monte Reel and Jordan Robertson, Bloomberg

Personal Security
Here's What We Know About the Massive Cyber Attack That Took Down the Internet on Friday, Peter Dockrill,
Science Alert

How the Dyn DDoS attack unfolded, Tim Greene, Network World

Who are the Hackers?

MEECES to pieces, Deborah Radcliff, Network World

ADDITIONAL RESOURCES: DATA BREACHES

More information on recent data breaches mentioned in the video.

Anatomy of the Target data breach: Missed opportunities and lessons learned, Michael Kassner, ZD Net

Two-Factor Snafu Opened Door to JPMorgan Breach, Michael Mimoso, Threatpost

Home Depot: Massive Breach Happened Via Third-Party Vendor Credentials, Tara Seals, Infosecurity Magazine

Home Depot Hacked After Months of Security Warnings, Benjamin Elgin, Michael Riley, and Dune Lawrence,
Bloomberg

Sony Pictures hack: the whole story, Edgar Alvarez, Engadget

Inside the Cyberattack That Shocked the US Government, Brendan I. Koerner, Wired

What to know about the Ashley Madison hack, Robert Hackett, Fortune

'I was sent a video of my wife having sex': Ashley Madison members and their heartbroken spouses reveal the
devastating impact last year's hack had on their lives, Martha Clifford, Daily Mail

This basic security mistake led to the Houston Astros hack that shook baseball, Andrea Petersen, The
Washington Post

Kaspersky Lab cybersecurity firm is hacked, BBC

The LastPass security breach: What you need to know, do, and watch out for, Ian Paul, PC World
How Hacking Team got hacked, J.M. Porup, Ars Technica

This big U.S. health insurer just got hacked, Claire Groden, Fortune

Anthem Hacking Points to Security Vulnerability of Health Care Industry, Reed Abelson and Matthew
Goldstein, The New York Times

Premera health insurance hack hits 11 million people, Jose Pagliery, CNN

Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid, KimZetter, Wired

Ukraine’s Power Grid Gets Hacked Again, a Worrying Sign for Infrastructure Attacks, Jamie Condliffe, MIT
Technology Review

How a Typo Stopped Hackers from Stealing $1 Billion from Bank, Swati Khandelwal, The Hacker News

SWIFT Banking System Was Hacked at Least Three times This Summer, Reuters, Fortune

Hackers are trading millions of Gmail, Hotmail, Yahoo logins, Nathan Ingraham, Engadget

Hack Brief: Your Old Myspace Account Just Came Back to Haunt You, Brian Barrett, Wired

LinkedIn Urges Users To Change Passwords: Hacker Puts 117 Million Accounts Up For Sale, Dave Calpito, Tech
Times

Yahoo says 500 million accounts stolen, Seth Fingerman, CNN

Yahoo Says 1 Billion User Accounts Were Hacked, Vindu Goel and Nicole Perlroth, The New York Times

The Download on the DNC Hack, Krebs on Security

‘Guccifer 2.0’ Releases Documents From DCCC Hack, Tom Winter, Alex Seitz-Wald and Phil Helsel, NBC
News

Hillary Clinton's campaign got hacked by falling for the oldest trick in the book, Ben Gilbert, Business Insider

DNC chief Podesta led to phishing link ‘thanks to a typo,’ Lisa Vaas, Naked Security

Why Clinton’s Private Email Server Was Such a Security Fail, Andy Greenberg, Wired

BREAKING: RANSOMWARE
In the unit's last video, recorded months ago, I predicted something like this. Less than two weeks before
this course opened, it happened!

Here are some articles about the WannaCry ransomware attack and its aftermath.
 U.K. Hospitals Hit in Widespread Ransomware Attack, Krebs on Security

 Massive ransomware attack hits UK hospitals, Spanish banks, Sebastian Anthony (UK), Ars Technica

 WannaCry ransomware attack, Wikipedia

 WannaCry ransomware: Everything you need to know, Ian Sherr, CNET

 What you need to know about the WannaCry Ransomware, Symantec Security Response, Symantec Connect

 How an Accidental ‘Kill Switch’ Slowed Friday’s Massive Ransomware Attack, Lily Hay Newman, Wired

 WannaCry hackers still trying to revive attack says accidental hero, Samuel Gibbs, The Guardian

 WannaCry: Smaller businesses are at great risk, Andrew Stuart, (IN)SECURE Magazine

 WannaCry Hit Windows 7 Machines Most, Kelly Jackson Higgins, Dark Reading

 A WannaCry Flaw Could Help Some Victims Get Files Back, Andy Greenberg, Wired

 WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom, Swati Khandelwal,
The Hacker News

 Why WannaCry won’t change anything, Fredric Paul, Network World

Indicate the color of "hat" worn by each type of hacker by typing the appropriate letter
next to the definition.

W = White, G = Gray, B = Black

B
Hacks into systems with malicious intent correct
B or Black or Black hat
Hacks into systems, without permission, and requests payment to fix vulnerabilities
W
incorrect
G or Gray or Gray hat or Grey or Grey hat
 Hacks into systems, with permission, to uncover vulnerabilities so they can be fixed
G
incorrect
W or White or White hat

Unit 2: Computing Security Concepts and Problems 2

Upon completion of this unit, you will be able to:

 Use the CIA and AAA models to explain cybersecurity activities

 Explain the balance between security and availability

This unit contains the following learning activities:

Video Lectures
(mm:ss) indicates the time for video lectures

 The CIA Model (2:34)

 The AAA Model: Authentication (4:31)

 The AAA Model: Authorization (1:18)

 The AAA Model: Accounting (1:30)

 Security vs. Availability (1:15)

 Threat Agents (4:30)

Additional Resources

 Computing Security and Concepts 2

Activity & Discussion

 Survey: Balancing priorities

 Discussion: Serving internal and external customers

 Activity: Assessing Cybercrime Incidents

Graded Unit Quiz

Computing Security Concepts and Problems 2 Quiz
Additional Resources
Bookmark this page

ADDITIONAL RESOURCES

Authentication

'Bob' outsources tech job to China; watches cat videos at work, Jaikumar Vijayan, Computerworld

10 Reasons Why Biometrics Won’t Replace Passwords Anytime Soon, Tom, Dashlane

NIST declares the age of SMS-based 2-factor authentication over, Devin Coldewey, TC’s Crunchboard

NIST Denounces SMS 2FA - What are the Alternatives?, Kevin Townsend, Security Week

Standards body warned SMS 2FA is insecure and nobody listened, Darren Pauli, The Register

Exploits

Microsoft Security Bulletin MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code
Execution (958644), Microsoft

The Inside Story Behind MS08-067, John Lambert, Microsoft

Non-Human Threat Agents

Squirrels outrank hackers as threat to U.S. electrical grid, Martin Anderson, The Stack
 Grid Confronts a Threat from Mother Nature, Matthew L. Wald, The New York Times

Power grid cyber security 'in chaos' | State ponders ways to guard against attacks by humans as well as Mother
Nature, Hartford Business Journal

The Verizon Data Breach Investigations Report

Each year, Verizon publishes its Verizon Data Breach Investigations Report (DBIR), which lists and examines
thousands of incidents from around the world. Verizon uses that data to create the Data Breach Digest,
detailed case studies of cybercrimes that illustrate many of the common or emerging cyberthreats.

You will use the Data Breach Digest to delve into a cybercrime case study in a discussion in section 2.3.

Unit 3: Cryptography
Upon completion of this unit, you will be able to:

 Describe the encryption process

 Explain how hashing algorithms protect data

This unit contains the following learning activities:

Video Lectures
(mm:ss) indicates the time for video lectures

 Introduction to Cryptography (4:15)

 Kerckhoffs's Principle (1:37)

 Types of Encryption (1:52)

 Hashing (4:55)

 Hashing Demo (4:48)

 Certificate Authority (1:19)

 Website Demo (4:28)

Additional Resources
Cryptography

Cryptography in the News

 Activity & Discussion

 Activity: Using the XOR Cypher

 Discussion: Using hashes to check integrity

 Discussion: Apple and the FBI

Graded Unit Quiz

Cryptography Quiz

Additional Resources
Bookmark this page

ADDITIONAL RESOURCES

Kerckhoff's Principle

Kerckhoffs's principle, Wikipedia

Encryption

This video explains how the RSA public key and private key are created to be fully dependent on each
other. The first part of the video explains the concepts with paint and colors. The second part contains
heavy duty math, which may not be as easily understood:

Public Key Cryptography: RSA Encryption Algorithm (video), Art of the Problem (16:30)
Watching this video may help you understand the XOR Activity in Section 3.3.

Heartbleed

These links detail the Heartbleed bug from 2014. This vulnerability shows that even though data is
protected both in transit and at rest with encryption, data that is being processed is not protected. The
encrypted data needs to be decrypted before it’s processed, and therefore is vulnerable at this stage.

Heartbleed, Wikipedia

Heartbleed Explanation, xkcd

Heartbleed, xkcd

What should you do about “HeartBleed?,” LegacyTalk

About the browser's trusted root certificate store

Who your browser trusts, and how to control it., CertSimple

CRYPTOGRAPHY IN THE NEWS

Here are some recent news stories that relate to what we've been looking at in this unit.

Google is fighting with Symantec over encrypting the internet, Kate Conger, TechCrunch

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs, Dan Goodin, Ars Technica

Google slaps Symantec for sloppy certs, slow show of SNAFUs, Simon Sharwood, The Register

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates, Swati Khandelwal, The
Hacker News

Bang! SHA-1 collides at 38762cf7¬f55934b3¬4d179ae6¬a4c80cad¬ccbb7f0a, Paul Ducklin, Naked Security

Cyberespionage groups are stealing digital certificates to sign malware, Lucian Constantin, PCWorld

Attackers Stole Certificate From Foxconn to Hack Kaspersky With Duqu 2.0, Kim Zetter, WIRED

How Attackers Steal Private Keys from Digital Certificates, Hiroshi Shinotsuka, Symantec Connect

Malware is being signed with multiple digital certificates to evade detection, Val S, Symantec Connect
 Unit 4: Networking 1

Introduction
Bookmark this page

Networking Introduction
Upon completion of this unit, you will be able to:

 Describe how information finds its way through the internet

 Parse IP and MAC addresses

This unit contains the following learning activities:

Pre-Reading
Networking Pre-read

Video Lectures
(mm:ss) indicates the time for video lectures

 Introduction to Networking (1:52)

 MAC and IP Addresses (3:03)

 Subnet Masks (4:48)

 Local Communication (2:28)

 Remote Communication (5:16)

 The Routing of a Packet (5:15)

 MAC and IP Addresses Used Together (2:38)

 Binding IP Addresses to MAC Addresses (3:48)

Additional Resources
Before watching the videos for this unit, you should review material contained in The
TCP/IP Guide. There will also be additional content to read following some of the
videos.

Networking
 Activity & Discussion

 Activities: Finding Device Addresses and Sending Network Traffic

 Discussion: Your Personal Network

Graded Unit Quiz

Unit 4 Quiz

Networking 1: Additional Resources

Bookmark this page

ADDITIONAL RESOURCES

Here are some additional topics that take what we’ve learned even further, depending on how deep you
want to explore. They are optional, but highly recommended.

FROM THE TCP/IP GUIDE

Types and Sizes of Networks

 Local Area Networks (LANs), Wireless LANs (WLANs) and Wide Area Networks (WANs) and Variants
(CANs, MANs and PANs)

 Segments, Networks, Subnetworks and Internetworks

 The Internet, Intranets and Extranets

 Backgrounder: Data Representation and the Mathematics of Computing

 Binary Information and Representation: Bits, Bytes, Nibbles, Octets and Characters

 Decimal, Binary, Octal and Hexadecimal Numbers

 Decimal, Binary, Octal and Hexadecimal Number Conversion

 Binary, Octal and Hexadecimal Arithmetic

 Boolean Logic and Logical Functions

 Bit Masking (Setting, Clearing and Inverting) Using Boolean Logical Functions

OSI Reference Model Layer Mnemonics

OSI Reference Model Layer Summary

TCP/IP Protocol Suite and Architecture

 TCP/IP Overview and History

 TCP/IP Services and Client/Server Operation

 TCP/IP Architecture and the TCP/IP Model

 TCP/IP Protocols

Additional Topics

 Private Addressing

 Subnetting

 NAT

 IPv6

OTHER SOURCES

VLAN

 Cisco IOS Switching Services Configuration Guide, Routing Between VLANs Overview

 AlliedWare Plus™ OS, Overview of VLANs (Virtual LANs)

 Firewll.cx, The VLAN Concept - Introduction to VLANs

 STP

 Cisco ONS 15454 SONET/SDH ML-Series Multilayer Ethernet Card Software Feature and Configuration Guide,
Release 4.1.x, Chapter 6, Configuring STP and RSTP

 Cisco, Understanding Rapid Spanning Tree Protocol (802.1w)

Unit 5 Networking 2 Introduction

Upon completion of this unit, you will be able to:

 Describe how data travels within a network or an Autonomous System

This unit contains the following learning activities:

Video Lectures
(mm:ss) indicates the time for video lectures

 Ports (4:55)

 TCP and UDP (4:47)

 How Switches Work (5:02)

 Autonomous Systems (4:04)

 Dynamic Routing (4:11)

Additional Resources

 More on ICMP from the TCP/IP Guide

 More on OSPF from the TCP/IP Guide

 More on EIGRP

 More on BGP from the TCP/IP Guide

Activity & Discussion

 Activity: Tracing a Network Route

 Activity: ARP Cache

 Discussion: Identifying Network Problems

 Graded Unit Quiz
Networking 2 Quiz

Additional Resources
Bookmark this page

ADDITIONAL RESOURCES

MORE ON ICMP FROM THE TCP/IP GUIDE

ICMP Concepts and General Operation

 ICMP Overview, History, Versions and Standards

 ICMP General Operation

 ICMP Message Classes, Types and Codes

 ICMP Message Creation and Processing Conventions and Rules

 ICMP Common Message Format and Data Encapsulation

MORE ON OSPF FROM THE TCP/IP GUIDE

Open Shortest Path First (OSPF)

 OSPF Overview, History, Standards and Versions

 OSPF Basic Topology and the Link State Database

 OSPF Hierarchical Topology, Areas and Router Roles

 OSPF Route Determination Using SPF Trees

 OSPF General Operation and Message Types

 OSPF Message Formats

MORE ON EIGRP

 Enhanced Interior Gateway Routing Protocol (EIGRP) (TCP/IP Guide)

 Enhanced Interior Gateway Routing Protocol (EIGRP) Informational RFC Frequently Asked Questions (Cisco)

 Implementing EIGRP (Cisco Press)

 Fundamental EIGRP Concepts (Cisco Press)

MORE ON BGP FROM THE TCP/IP GUIDE

BGP Fundamentals and General Operation

 BGP Overview, History, Standards and Versions

 BGP Topology, Speakers, Border Routers and Neighbor Relationships (Internal and External Peers)

 BGP Autonomous System Types, Traffic Flows and Routing Policies

 BGP Route Storage and Advertisement, and BGP Routing Information Bases (RIBs)

 BGP Path Attributes and Algorithm Overview

 BGP Route Determination and the BGP Decision Process

 BGP General Operation and Messaging

BGP Detailed Messaging, Operation and Message Formats

 BGP Message Generation and Transport, and General Message Format

 BGP Connection Establishment: Open Messages

 BGP Route Information Exchange: Update Messages

 BGP Connectivity Maintenance: Keepalive Messages

 BGP Error Reporting: Notification Messages