The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading

Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.

This document discusses how three cyber threats - targeted attacks, system exploits, and data theft - are transforming incident response. It provides three case studies: 1) Operation Aurora targeted Google and other companies through a multi-stage attack using custom malware. Cyberforensics tools could have helped identify compromised systems and collect evidence. 2) The Zeus botnet exploits systems by infecting them and forwarding login credentials. Regular scans using cyberforensics tools can establish a baseline and detect any anomalies to address risks. 3) Data loss or theft of regulated/sensitive data from laptops or compromised websites can result in lost revenue and reputation damage. Cyberforensics tools can help find and wipe such data from unauthorized

This document discusses computer security and various cyber threats. It begins by explaining how computer security became increasingly important with the development of modems and personal computers in the late 20th century. It then discusses different methods used to protect computer systems and information, including serial numbers, locks, alarms, and various security strategies to address threats like data theft, vandalism, fraud, and privacy invasion. The document also provides definitions and examples of cryptography, encryption, malware, and other cyber attacks like phishing, watering hole attacks, and cybercrime. It concludes by listing some common reasons for web threats and tips to protect against web service attacks, such as backups, multi-factor authentication, malware scanning, and keeping software updated.

1. Ingress filtering verifies the source addresses of incoming traffic to prevent spoofing, while egress filtering verifies outgoing traffic to prevent internal threats from spreading. 2. Separate filtering helps isolate parts of the network and only allow expected communication patterns between servers, workstations, and the internet. 3. We need to separately filter ingress and egress traffic to harden network security by blocking unauthorized internal and external access and communication, and containing any threats that do arise.

The document discusses e-commerce security challenges and developments over the past decade due to widespread computerization and growing networking. It covers network and internet security issues like confidentiality, authentication, integrity, and key management. It describes security threats like unauthorized access, data theft, and denial of service attacks. It also discusses encryption techniques like symmetric and asymmetric encryption, and cryptography concepts like public and private keys, digital signatures, and digital certificates.

The document provides an overview of cyber security concepts including definitions of cyber security, hackers, and types of cyber attacks such as web-based attacks, system-based attacks, and common attack methods like phishing, brute force attacks, and denial of service attacks. It also discusses cyber security defenses, tools, and strategies such as firewalls, antivirus software, intrusion detection systems, access controls, encryption, employee training, and security audits. Key terms like ports, IP addresses, port scanning, security operations centers (SOCs), zero-trust models, and ethical hacking are also defined.