Unit 2: Self-directed learning – Types of Cybersecurity & Ethical Hacking

1. Critical Infrastructure Security

Critical infrastructure security concerns the protection of systems, networks, and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.

With the ongoing trends such as machine-to-machine (M2M) networking and the Internet of Things (IoT), devices in industrial environments are increasingly connected to the internet and capable of exchanging data. Despite these systems’ importance, security is often irrelevant for those not involved in IT.

Critical Infrastructure security is divided into three types:

• Access Control: The prevention of unauthorised users and devices from accessing the network;
• Application Security: Security measures placed on hardware and software to lock down potential vulnerabilities;
• Firewalls: Gatekeeping devices that can allow or prevent specific traffic from entering or leaving the network.

2. Application Security

While application security is a major focus for developers, this type of cybersecurity goes beyond the development and design process. Even if you are only deploying off-the-shelf software and applications, you must continuously ensure they remain secure throughout their lifecycle.

Vulnerabilities are one of the most significant risks because cyberattacks use them to gain access to your environment. There are numerous examples of breaches that showed the potential devastation of exploits. For example, the estimated total damage from the WannaCry ransomware campaign—which exploited a weakness in the Microsoft Windows operating system—climbed into the billions of dollars.

Besides vulnerabilities, other challenges in application security include:

• SQL and other code injections – this refers to a type of attack where an attacker inserts malicious code (such as SQL commands or JavaScript) into a web application or database, with the aim of compromising the system or stealing sensitive data. Code injections can be used to exploit vulnerabilities in the system, such as input validation errors or insufficiently sanitized user input.
  
  
• DDoS attacks – DDoS stands for Distributed Denial of Service, and it refers to an attack where multiple systems (often compromised computers or servers) are used to flood a target website or network with traffic, making it unavailable to legitimate users. DDoS attacks can be difficult to defend against, as they can involve huge amounts of traffic and come from a range of different sources.
  
  
• Weak access controls – this refers to a situation where a system or application does not adequately restrict access to sensitive data or functions, allowing unauthorized users to view, modify, or delete information. This can occur due to a range of factors, such as poor password policies, insufficient authentication measures, or inadequate privilege management.
  
  
• Lack of encryption – encryption refers to the process of encoding information in a way that makes it unreadable to anyone without the correct decryption key. If data is not encrypted, it can be vulnerable to interception and theft by attackers who are able to access the network or system where the data is stored or transmitted.
  
  
• Misconfigurations – this refers to errors or oversights in the configuration of software, systems, or networks, which can leave them vulnerable to attack. Misconfigurations can occur for a range of reasons, such as human error, lack of understanding of security best practices, or miscommunication between different teams or departments. Examples of misconfigurations include leaving default passwords in place, failing to patch known vulnerabilities, or misconfiguring firewalls or other security controls.

3. Network Security

Network security is a broad term that includes the activities and controls designed to protect the integrity of your networking infrastructure — defending the network and the data against threats, unauthorised access, intrusions, breaches, misuse, and so forth. The controls come in three forms:

• Physical, which prevents unauthorised physical access to the network infrastructure, including data centres, routers, and servers;
• Technical, which protects the data within the network, whether stored or in transit;
• Administrative, which includes the security processes and policies that control the network access.

4. Cloud Security

Cloud Security refers to the technology, policies, and processes used to mitigate the security risks of cloud computing, whether using public, private, or hybrid clouds. Unique challenges are following this type of cybersecurity, such as:

• Visibility: The in-house IT or security team has less visibility into the stored data. This is because the services are accessed outside the network and managed by a third-party provider.
• Multi-cloud: Using multi-cloud environments is something that most organisations/ companies/ public and private bodies do. A trend that will continue to grow.
• Compliance: Relying on an outside provider when you use the public cloud adds another layer to your regulatory compliance management process.

5. Internet of Things (IoT) Security

Securing Internet devices and the networks they’re connected to from threats and breaches is the act of Securing in IoT. Protecting, identifying, and monitoring risks while helping fix vulnerabilities from various devices that can pose security risks to your business.