A Hacker Walked Into My House… And I Learned Cybersecurity
Learning the hidden meaning behind cybersecurity words that protect every organization
Today lets learn about few words and their exact meaning in cyber security field. Words? Meaning? I know the person reading it can just google it or we have dictionaries to look at. But the single word in cyber security carries quite a heavy concept inside of it.
Let me state the big three pillars of cyber security: confidentiality, integrity and availability. These are basically a guide to an organization for information security. In simple manners, when you start a company, startup or a firm the data you store should be confidential that means you cannot share it to your best friend also.
And if you have the data in certain form unauthorized people cannot alter or change it that is maintaining the integrity of the data and finally as a company or organization you are serving public so the data should be available at any moment of need just like you are present at the time of need for your best friend. This is what we call CIA triad.
Now, let me give you simple scenario. An engineer and architecture together designed and build your house. There is two pathway to get inside of your house from the front door itself and the back door attached to the kitchen. But while building your house you requested a basement as well and that basement has a ventilator that is connected to the underground parking of the office infront of your house. The owner(you) never knew about this entry point and nobody checks it during normal security inspections.So if someone enter your house through this tunnel then that person bypasses initial authorization of front or kitchen door. In our cyber sec term we call it a back door.
###When a software is built the developer sometime voluntarily makes the backdoor or sometime mistakenly creates it(as a vulnerability) and that helps the threat actor(hacker) to enter system easily.###
Now this house of yours is fully protected from bio metric authentication and the key-card(master card that bypasses all authentication) is with you(owner) all the time. If the intruder got that card somehow then now there is a privilege escalation. That is now some random person has the access of entire house.
###In cyber security world we call it when an user exploits the system and gets promoted to admin level privilege that is privilege escalation.###
Remember how I said that the whole house is protected by the bio metric authenticator. The main gate itself has a security guard who checks who is allowed to enter and who must stay outside. That security guard is the firewall.
###In our terms, when a software acts as a digital barrier between trusted internal network and untrusted external network, we call it firewalls.###
There is a major concept called network segmentation this is where multiple successful company lacks behind, and the cyber-attack is successful. What is network segmentation? This whole house of yours is bio metrically protected. But the clutch here is a single “same” pin code or body feature scan does not work for the access into every single rooms. You have basically built the security system in a way that The house is divided into separate sections and even if someone gets access to one room, they cannot freely walk into every other room. This way every room is isolated in security manners. That is what exactly is network segmentation.
###When the large network of an organization is segmented (divided or pieced) into smaller isolated networks with its own specific controls and policies.###
We have another term here “insider-threat”. One of the deadliest poisons in cyber-attack.
You know we have a saying in Hindi “घर का भेदी लंका ढाये” from the Indian epic, the Ramayana that means a person from within your own group, family, or circle who knows your internal secrets can cause the most devastating damage or bring your worst downfall.
The cook that works for you in your most guarded and logically built house who knows few passcodes and the partial map of your house betrays you and reveal this information to outsider. Now the security of your own house is in danger.
###In cyber security, when an employee or staff member abuses their legitimate access and steals confidential information and conveys to outside world that individual is now “insider-threat” for the company. ###
And finally we have zero-day attack or zero-day vulnerability. Let’s suppose a person disguises himself as a guest and visits the house in a car. He stops at the main gate and notices a retinal scanner attached to the automatic gate button. The scanner is supposed to verify the identity of every visitor before opening the gate. He stands in front of it and, surprisingly, the gate opens immediately. Unknown to everyone, the scanner contains a defect that accepts any retinal scan without proper authentication. Neither the house owner nor the company that manufactured the scanner knows this flaw exists. Before anyone discovers the bug and creates a fix, the intruder exploits it and enters the house. That is a zero-day attack.
### A zero-day attack occurs when a hacker exploits a previously unknown software or hardware vulnerability before the developer or vendor knows it exists and has a chance to create a patch. ###
