Unit 2: Self-directed learning – Types of Cybersecurity & Ethical Hacking
Types of Cybersecurity
1. Critical Infrastructure Security
Critical infrastructure security concerns the protection of systems, networks, and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.
With the ongoing trends such as machine-to-machine (M2M) networking and the Internet of Things (IoT), devices in industrial environments are increasingly connected to the internet and capable of exchanging data. Despite these systems’ importance, security is often irrelevant for those not involved in IT.
Critical Infrastructure security is divided into three types:
- Access Control: The prevention of unauthorised users and devices from accessing the network;
- Application Security: Security measures placed on hardware and software to lock down potential vulnerabilities;
- Firewalls: Gatekeeping devices that can allow or prevent specific traffic from entering or leaving the network.
2. Application Security
While application security is a major focus for developers, this type of cybersecurity goes beyond the development and design process. Even if you are only deploying off-the-shelf software and applications, you must continuously ensure they remain secure throughout their lifecycle.
Vulnerabilities are one of the most significant risks because cyberattacks use them to gain access to your environment. There are numerous examples of breaches that showed the potential devastation of exploits. For example, the estimated total damage from the WannaCry ransomware campaign—which exploited a weakness in the Microsoft Windows operating system—climbed into the billions of dollars.
Besides vulnerabilities, other challenges in application security include:
- DDoS attacks – DDoS stands for Distributed Denial of Service, and it refers to an attack where multiple systems (often compromised computers or servers) are used to flood a target website or network with traffic, making it unavailable to legitimate users. DDoS attacks can be difficult to defend against, as they can involve huge amounts of traffic and come from a range of different sources.
- Weak access controls – this refers to a situation where a system or application does not adequately restrict access to sensitive data or functions, allowing unauthorized users to view, modify, or delete information. This can occur due to a range of factors, such as poor password policies, insufficient authentication measures, or inadequate privilege management.
- Lack of encryption – encryption refers to the process of encoding information in a way that makes it unreadable to anyone without the correct decryption key. If data is not encrypted, it can be vulnerable to interception and theft by attackers who are able to access the network or system where the data is stored or transmitted.
- Misconfigurations – this refers to errors or oversights in the configuration of software, systems, or networks, which can leave them vulnerable to attack. Misconfigurations can occur for a range of reasons, such as human error, lack of understanding of security best practices, or miscommunication between different teams or departments. Examples of misconfigurations include leaving default passwords in place, failing to patch known vulnerabilities, or misconfiguring firewalls or other security controls.
3. Network Security
Network security is a broad term that includes the activities and controls designed to protect the integrity of your networking infrastructure — defending the network and the data against threats, unauthorised access, intrusions, breaches, misuse, and so forth. The controls come in three forms:
- Physical, which prevents unauthorised physical access to the network infrastructure, including data centres, routers, and servers;
- Technical, which protects the data within the network, whether stored or in transit;
- Administrative, which includes the security processes and policies that control the network access.
4. Cloud Security
Cloud Security refers to the technology, policies, and processes used to mitigate the security risks of cloud computing, whether using public, private, or hybrid clouds. Unique challenges are following this type of cybersecurity, such as:
- Visibility: The in-house IT or security team has less visibility into the stored data. This is because the services are accessed outside the network and managed by a third-party provider.
- Multi-cloud: Using multi-cloud environments is something that most organisations/ companies/ public and private bodies do. A trend that will continue to grow.
- Compliance: Relying on an outside provider when you use the public cloud adds another layer to your regulatory compliance management process.
5. Internet of Things (IoT) Security
Securing Internet devices and the networks they’re connected to from threats and breaches is the act of Securing in IoT. Protecting, identifying, and monitoring risks while helping fix vulnerabilities from various devices that can pose security risks to your business.
Types of Ethical Hacking
Hackers can be classified as white, black, and grey based on their intent of hacking a system. These different terms come from an old Spaghetti Westerns, where the bad guy wears a black cowboy hat, and the good guy wears a white hat.
White hat hackers are ethical hackers who break into systems to prevent cyberattacks. Black hats infiltrate a system or plant malware to exploit the vulnerabilities for personal gain.
White hat Hackers
Ethical hacking, also known as “white hat” hacking, refers to the practice of identifying vulnerabilities in computer systems and networks with the permission and knowledge of the system owner, for the purpose of improving security. Ethical hackers use the same techniques and tools as malicious hackers, but their aim is to identify and report vulnerabilities to the system owner so that they can be fixed before they can be exploited by attackers.
White Hat hackers are also known as Ethical Hackers. They never intend to harm a system. Instead, they try to find weaknesses in a computer or a network system as a part of penetration testing and vulnerability assessments.
Ethical hacking is not illegal and is one of the most demanding jobs in the IT industry. Numerous companies hire ethical hackers for penetration testing and vulnerability assessments.
Black hat Hackers
Black hat hackers, also known as crackers, hack to gain unauthorised access to a system and harm its operations or steal sensitive information.
Black hat hacking is always illegal because of its intent, including stealing corporate data, violating privacy, damaging the system, and blocking network communication.
Grey hat Hackers
Grey hat hackers are a blend of both black hat and white hat hackers. They act without malicious intent, but for fun, they exploit a security weakness in a computer system or network without the owner’s permission or knowledge.
They intend to bring the weakness to the owners’ attention and get appreciation or a little bounty from the owners.
Red Team Hackers
Red team hackers are hired by organisations to simulate real-world attacks on their systems, networks and applications. They test the organisation’s defenses and help identify weaknesses that need to be addressed.
Blue Team Hackers
Blue team hackers work within an organisation’s security team to defend against attacks and protect the organisation’s assets. They may use hacking techniques to identify and fix vulnerabilities, monitor systems for suspicious activity and respond to security incidents.
Bug Bounty Hunters
Bug bounty hunters are individuals who search for security vulnerabilities in systems, networks and applications and report them to organisations in exchange for a reward or bounty.