Reflecting on National Cybersecurity Awareness Month 2023: A Call for Continued Vigilance

October is recognized as Cyber Security Awareness Month and as we come to the end of the month, so does National Cybersecurity Awareness Month (NCSAM) 2023. This annual observance, dedicated to promoting cybersecurity awareness, provides a valuable opportunity to reflect on the critical issues surrounding digital safety, the history of NCSAM, and the imperative of continued vigilance in the face of evolving cyber threats.

The History of National Cybersecurity Awareness Month

NCSAM is celebrated every October, and it was established in 2004. This initiative originated as a joint effort between the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) and has since expanded to include participation from government agencies, educational institutes, businesses, and individuals around the world.

The primary objective of NCSAM is to increase awareness about the importance of cybersecurity and to promote the adoption of best practices to protect individuals, businesses, and national security interests. Over the years, the campaign has focused on themes such as “Stop. Think. Connect.” and “Own IT. Secure IT. Protect IT.” These themes emphasize the need for responsible online behavior and the safeguarding of personal and sensitive data.

The Importance of Cybersecurity Awareness

With the conclusion of NCSAM in the next few days at the end of October, it is important to remember that cybersecurity awareness is a year-round commitment. Cybersecurity touches every aspect of our digital lives, from safeguarding personal information to protecting the economy and national security. As technology advances and cyber threats become more sophisticated, our vigilance must remain constant.

Here are three critical aspects of cybersecurity that deserve ongoing attention:

  1. Multifactor Authentication (MFA)

One of the most effective ways to bolster online security is through the use of multifactor authentication (MFA). MFA requires users to provide two or more forms of identification before granting access to an account or system. This additional layer of security significantly reduces the risk of unauthorized access, even if a password is compromised.

Individuals and organizations should embrace MFA for their online accounts, email, social media, and work-related applications. The ease of implementation and the considerable improvement in security make MFA a simple but powerful tool in the fight against cyber threats.

  1. Phishing Awareness

Phishing awareness is a critical component in the defense against cyber attacks, benefiting both individual users and businesses. For individual users, understanding the tactics employed by cybercriminals in phishing attacks can make them more alert and watchful when interacting with emails, websites, and messages. By recognizing the characteristics of phishing, such as suspicious email addresses, grammar errors, and urgent requests for personal information, users can avoid falling victim to scams that can compromise their personal and financial information. This awareness allows individuals to take practical steps in protecting themselves and their families from the devastating consequences of identity theft and financial fraud.

As it relate to businesses, phishing awareness is vital for safeguarding sensitive corporate data and preserving the integrity of operations. Employees who are well-informed about the dangers of phishing are less likely to click on malicious links, share sensitive data, or download harmful attachments. This not only reduces the risk of data breaches but also helps maintain the company’s reputation and customer trust.

  1. Closing the Cybersecurity Workforce Gap

The cybersecurity workforce gap is a growing concern globally, and the United States is no exception. The demand for skilled cybersecurity professionals far outpaces the available talent. Closing this gap is essential to protecting our digital infrastructure and national security.

To address this issue, we must encourage educational programs that prepare the next generation of cybersecurity experts. Public and private sectors should work together to create incentives for individuals to pursue careers in cybersecurity. As technology continues to advance, the need for a strong cybersecurity workforce is only set to increase.

 

Conclusion

In conclusion, as National Cybersecurity Awareness Month comes to an end in October, it is essential to recognize that our commitment to cybersecurity must persist throughout the year. Cyber threats do not adhere to a calendar; they are a constant and evolving challenge. By employing practices such as multifactor authentication, phishing awareness campaigns and addressing the cybersecurity workforce gap, we can better protect our digital lives, the economy, and national security. Let NCSAM be a reminder that cybersecurity awareness is not limited to a month but is a commitment that must remain a priority in our ever-connected world.

Comprehensive Guide to CISSP: A Review of “CISSP All-in-One Exam Guide, Ninth Edition” by Shon Harris and Fernando Maymi

Rating: ★★★★★

The Certified Information Systems Security Professional (CISSP) certification is a prestigious credential sought after by professionals in the field of cybersecurity. To navigate the complexities of the CISSP exam, candidates often turn to trusted study resources. “CISSP All-in-One Exam Guide, Ninth Edition” by Shon Harris and Fernando Maymi has long been considered a go-to reference for CISSP aspirants. In this comprehensive review, we will explore the book’s content chapter by chapter.

Chapter 1: Introduction to the CISSP Certification The authors kick off the book by providing an overview of the CISSP certification and the domains it covers. They explain the exam format and set the stage for the journey ahead.

Chapter 2: Security and Risk Management This chapter delves into fundamental concepts of security and risk management. Harris and Maymi do an excellent job explaining key principles and frameworks, such as confidentiality, integrity, availability (CIA), and risk assessment.

Chapter 3: Asset Security The authors explore the protection of assets in this chapter, covering topics like data classification, ownership, and data retention policies. They also discuss physical security measures and the importance of asset management.

Chapter 4: Security Architecture and Engineering This section provides insights into security architecture, system design, and secure development practices. It’s a critical chapter for those wanting to understand the design principles of secure systems.

Chapter 5: Communication and Network Security Communication and network security are crucial in today’s interconnected world. Harris and Maymi guide readers through the essentials of network security, including protocols, devices, and best practices.

Chapter 6: Identity and Access Management Access control is a fundamental aspect of cybersecurity. This chapter explores identity management, authentication, authorization, and access control models in depth.

Chapter 7: Security Assessment and Testing For a secure system, continuous testing is essential. This chapter covers various assessment and testing methodologies, including vulnerability assessment and penetration testing.

Chapter 8: Security Operations This section delves into security operations, incident response, disaster recovery, and business continuity planning. It provides a holistic view of how organizations should handle security incidents and maintain business continuity.

Chapter 9: Software Development Security Secure software development is a key concern in the digital age. The authors discuss secure coding practices, secure development life cycles, and common software vulnerabilities.

Chapter 10: Security and Risk Management The final chapter revisits the security and risk management domain, summarizing key concepts and emphasizing their importance in the CISSP exam.

Appendices and Additional Resources The book also includes valuable appendices that provide supplemental information, such as a glossary, exam tips, and practice questions. It’s a great resource for reinforcing your knowledge.

In conclusion, “CISSP All-in-One Exam Guide, Ninth Edition” by Shon Harris and Fernando Maymi is a comprehensive and well-structured resource for CISSP aspirants. The chapter-by-chapter breakdown ensures that readers can approach each domain with clarity and depth. The authors’ expertise shines through in their clear explanations and practical insights. However, it’s important to note that this book is an excellent study guide but should be supplemented with real-world experience and additional practice exams. If you are serious about earning your CISSP certification, this book should be a key component of your study plan.

Basic Linux Commands

  1. ls – List files and directories in the current directory. Example: ls Explanation: This command will display a list of files and directories in the current location.
  2. pwd – Print working directory. Example: pwd Explanation: This command shows the path of the current directory you are in.
  3. cd – Change directory. Example: cd /home/user/documents Explanation: This command changes the current directory to “/home/user/documents”.
  4. mkdir – Make directory. Example: mkdir new_folder Explanation: This command creates a new directory named “new_folder” in the current directory.
  5. rmdir – Remove directory. Example: rmdir empty_folder Explanation: This command deletes an empty directory named “empty_folder” from the current directory.
  6. cp – Copy files or directories. Example: cp file.txt /path/to/destination Explanation: This command copies “file.txt” to the specified destination path.
  7. mv – Move or rename files or directories. Example 1: mv file.txt /path/to/destination Explanation 1: This command moves “file.txt” to the specified destination path. Example 2: mv old_file.txt new_file.txt Explanation 2: This command renames “old_file.txt” to “new_file.txt”.
  8. rm – Remove files or directories. Example 1: rm file.txt Explanation 1: This command deletes the file named “file.txt”. Example 2: rm -r folder Explanation 2: This command deletes the “folder” directory and all its contents recursively.
  9. touch – Create an empty file or update the file’s timestamp. Example 1: touch new_file.txt Explanation 1: This command creates a new empty file named “new_file.txt”. Example 2: touch existing_file.txt Explanation 2: This command updates the timestamp of the “existing_file.txt” without changing its content.
  10. cat – Concatenate and display the content of files. Example: cat file.txt Explanation: This command displays the content of “file.txt” on the terminal.
  11. more / less – Display the content of files page by page. Example: less large_file.txt Explanation: This command allows you to view the content of “large_file.txt” page by page, making it easier to read large files.
  12. head – Display the beginning of a file. Example: head file.txt Explanation: This command shows the first few lines of “file.txt”.
  13. tail – Display the end of a file. Example: tail file.txt Explanation: This command shows the last few lines of “file.txt”.
  14. grep – Search for a pattern in files. Example: grep "keyword" file.txt Explanation: This command searches for the word “keyword” in “file.txt” and displays matching lines.
  15. echo – Print a message or value to the terminal. Example: echo "Hello, World!" Explanation: This command prints the message “Hello, World!” to the terminal.
  16. chmod – Change file permissions. Example: chmod +x script.sh Explanation: This command adds the executable permission to “script.sh”, allowing it to be run as a script.
  17. chown – Change file ownership. Example: chown user:group file.txt Explanation: This command changes the owner and group of “file.txt” to the specified user and group.
  18. ps – Display the currently running processes. Example: ps aux Explanation: This command shows a list of all running processes on the system along with additional details.
  19. kill – Terminate a process. Example: kill PID Explanation: This command sends a termination signal to the process with the specified PID (Process ID).
  20. top – Display dynamic real-time information about running processes. Example: top Explanation: This command provides a live view of the system’s processes, updating regularly.

These are just some of the most basic Linux commands. The Linux command line offers a plethora of powerful utilities and options to explore and master.

Top 5 Open Source Vulnerability Security Scanning Tools

  1. Nmap: Nmap is a powerful open source network exploration and security auditing tool that can help identify vulnerabilities in a system. It is widely used for port scanning, version detection, and network mapping. Nmap can also be used for vulnerability scanning by detecting known vulnerabilities in software and services running on a system.
  2. OpenVAS: OpenVAS is an open source vulnerability scanner that can be used to scan for known vulnerabilities in software and services on a network. It is a powerful tool that can perform comprehensive scans of networks, identify vulnerabilities, and generate reports.
  3. Metasploit Framework: Metasploit is a popular open source penetration testing framework that can be used to identify and exploit vulnerabilities in systems. It can also be used for vulnerability scanning by running exploit modules that detect known vulnerabilities in software and services.
  4. Nikto: Nikto is an open source web server scanner that can be used to identify vulnerabilities in web servers and web applications. It can perform comprehensive scans of web servers, identify vulnerabilities, and generate reports.
  5. Lynis: Lynis is an open source security auditing tool that can be used to scan for security vulnerabilities in Linux and Unix systems. It can identify vulnerabilities in the system configuration, installed software, and system security settings. Lynis is lightweight and easy to use, making it a popular choice for security professionals.

These tools are popular among security professionals because they are open source, free to use, and can be customized to meet specific security needs. They are also regularly updated by their communities, which ensures that they are kept up-to-date with the latest threats and vulnerabilities. Additionally, they are user-friendly and come with detailed documentation and tutorials, making them accessible even to non-experts.

The Benefits of Sock Puppets in Open-Source Intelligence (OSINT)

A Sock Puppet is fake persona, or an alternative online identity used to collect and investigate open-source information on a target.  The main goal of the Sock Puppet is to not have the profile linked back to the investigator.

This is vital as to provide operational security (OPSEC) to protect the investigator from retaliation or to prevent bringing awareness to the target that they are being investigated by a specific entity.

Maintaining and managing a sock puppet also requires a detailed understanding of the many different platforms the investigator will used to create accounts for the fake persona.  As these policies change, so can the information that is disclosed or shared publicly.

To effectively create and use a functional sock puppet here are a few recommendations:

  1. To anonymize the account so that it does not record the original IP address or location, the use of a VPN or TOR while creating the account is highly recommended. In addition, it is recommended doing so from a public Wi-Fi connection.
  2. Certain social media platforms such as Facebook may prevent individuals from creating an account from a VPN or TOR connect. In that case, using a public Wi-Fi is recommended.
  3. When logging to the sock account, be sure to always use a VPN, TOR or public Wi-Fi, under no circumstances should the creator use a direct IP address that may link back to them.
  4. Make the account as legitimate as possible by producing daily activities, using it for a long period of time and making online connections.
  5. When creating a name for the account, it is recommended using a fake name generator. In doing so, the investigator will be provided with an identity of a person that has never existed.  The identity will have a name, address, mother’s maiden name, weight, height, date of birth, in addition to many other useful information need to create a person.  Female accounts then to have more success when creating a sock puppet.
  6. Now that an identity has been created, providing an image is highly recommended. The creator has two options, using a cartoon avatar or providing an image of a human that does not exist through the use of artificial intelligence.  Never use a real person’s face as individuals can use tools such as Google identify the photo’s original owner.
  7. When creating an email account for the sock puppet, it is recommended using any email provider such as gmail.com, mail.com or yahoo.com to name a few. As previously stated, be sure the IP address cannot be link to the creator.
  8. Obtain a burner cell phone and SIM card that can be used account verification. Be sure to not have the phone linked back to the investigator by paying with cash or a privacy-based credit card.
  9. Having more than one sock puppet is highly recommended in case something goes wrong, the investigator will have an active back-up.

Sock Puppets are important for the protection of the investigator, things change fast in the online world, and it is important the investigator keep up with the changes.

The Open-Source Intelligence (OSINT) Cycle

Open-source intelligence, or OSINT, refers to the process of collecting information from public and legal data sources to serve a specific function. Some open sources components might include social media, videos, blogs, news, and the web (surface, Deep and Dark Web).

OSINT encompasses 5 phases in its process. The following diagram shows the OSINT cycle.

  1. Source Identification – It is the initial phase of the OSINT process. The OSINT investigator (Black Hat or White Hat) identifies the potential sources from which information will be gathered.
  2. Data harvesting – In this phase, the OSINT investigator collects and harvests information from the select sources and other sources that are discovered.
  3. Data processing and information- During this phase, the OSINT investigator processes the harvest information for actionable observation by searching for information that may assist in the enumeration.
  4. Data analysis – In this phase, the OSINT Investigator performs data analysis of the processed information using OSINT analysis tools and techniques.
  5. Results delivery – It is the final phase in the OSINT analysis and findings are reported to the stake holders.