IBM Security Skills & Learning

 View Only

What is Cyber Security?

By Noureldin Ehab posted Tue October 26, 2021 03:56 AM

  

Aloha There

IT (Information technology)


IT stands for information technology, information technology has a lot of fields like  Networking, System administration, Operating systems and last but not least the most awesome field “CYBER SECURITY” the most interesting field of them all no offense to Network engineers and sys admins

Cyber security


Cyber security is a huge field but we can sum it up to 3 main teams
Red team (Offensive) Blue team (Defensive) Purple team (if you add red to blue you get purple which is a team that has offensive and defensive skills).

To say that something got hacked we need to break one of the 3 diagonals of the CIA triad
(Confidentiality, Integrity, Availability)

  • Confidentiality:

prevent sensitive information from unauthorized access attempts.

Ex: Data leakage

  • Integrity:

maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed by not authorized people

Ex: A student changing his grades in the university database

  • Availability:

means information should be consistently and readily accessible for authorized parties (Data can be accessed when we want to)

Ex: DDOS attack (distributed denial-of-service which occurs when someone try to visit a website with a lot of devices until the server cant handle that and it crashes and the data becomes not available)

Blue team (Defensive)


A blue team consists of security professionals who have an inside out view of the organization. Their task is to protect the organization’s critical assets against any kind of threat.

They are well aware of the business objectives and the organization’s security strategy. Therefore, their task is to strengthen the castle walls so no intruder can compromise the defenses.

Job examples:


  1. SOC team:
    The SOC team (security operation center) is the team that monitors everything and make sure that nothing suspicious I happening on the network or the devices

  2. Digital forensics:
    They are like normal forensics, if the organization got hacked there job is to find evidence to be presented to the court the evidence can be from the log file or the temporary memory (RAM) they also make sure that the system is clear and that there are no backdoors that the hackers can use in the future to perform another attack

  3. Malware analysis:
    They are responsible for analyzing the malware and trying to understand how it  works so we can secure the systems from it in the future their job is to reverse engineer the machine language (binary code aka zeros and ones) to a programming language that we can understand (like Assembly and C)
    Fun fact: The national security agency (NSA) made a free open-source tool called ghidra for reverse engineering

              

              There are more jobs in the blue team those are just examples

Red team (Offensive)


The Red team task is to attack the organization but in a legal way so the organization especially the blue team can know their security holes and patch them
So technically the red team are hackers but they are good (Ethical hackers) they are allowed to hack which is sooooo cool

Job examples:


  1. Web Application penetration tester:
    They are people who hack Websites and find vulnerabilities in them

  2. Network penetration tester:
    They are people who hack Networks and find vulnerabilities in them

  3. Mobile applications penetration tester:
    They are people who hack Mobile applications and find vulnerabilities in them

  4. Bug bounty hunters:
    Those people work as freelancers they hack companies and when they find bugs they report those bugs and take money i mean MONEY $$$
    The main difference between bug bounty hunters and penetration testers is that bug bounty hunters are freelancers on the other side pentesters can be employees or can take money per project

                There are more jobs in red team those are just examples

Purple team (Offensive and defensive)


The purple team has skills from both the offensive side and defensive side.
Before diving into the concept of a purple team, it is important to recognize that the term “purple team” is deceiving. The purple team is not a distinct team, but rather an amalgamation, or blend, of red team members and blue team members. The purple team is designed as a feedback loop between the red and blue teams, benefiting from subtle nuances in their approach to be more effective. As mentioned, the purple team doesn’t so much represent a separate team, instead, it’s more of a combined methodology amongst blue and red teams. Think of it as a cybersecurity approach that allows both teams to share security data, in real-time feedback, in order to inspire a superior security posture.

Contacts:


6 comments
52 views

Permalink

Comments

Tue December 14, 2021 11:33 AM

Wow, that's great. Thanks for sharing the link.

Tue December 14, 2021 11:33 AM

Wow, that's great. Thanks for sharing the link.

Tue December 14, 2021 11:18 AM

@Adeola Ogunkola Malware Analysis is soo interesting

Feel free to join my new IBM User Group ("IBM Cyber Security Students")​ i will be sharing a lot of resources

Mon December 13, 2021 10:52 AM

@Noureldin Ehab Thanks for the feedback. Personally,  I will go with the Malware Analyst.​

Mon December 13, 2021 01:25 AM


i think it depends on your perspective
you can look at it as a red teamer or as a malware analyst for example

Sat December 11, 2021 04:42 PM

Nice read. Thanks for sharing.

Just a quick question. Are Downloaders part of the Red Team?