Fortinet NSE 1 Cert | Course Notes




These are notes from Fortinet's NSE Network Security Associate (NSE 1) course, it's entitled "Information Security Awareness". you can find out the full course at training.fortinet.com.

If you have any questions about Fortinet's courses and certification program, please refer to the Network Security Expert (NSE) Program site. 

You can also join the Fortinet User Community, where you can connect and network on common topics of interest with other Fortinet users in the community.

The course is divided into five obligatory lessons followed by three additional lessons

Lesson 1: bad actors

1/ The explorer:

Motivations:

  •  looking for vulnerabilities

Used techniques: 

  • phishing
  • create a look-alike web server, send an email with a link that redirects the victim to my fake webserver

2/ Hacktivist:

Motivations:

  • political, social, or moral disagreements

Used techniques:

  • DDoS
  • using botnets (command & control), executables in email attachments
3/ Cyber terrorists:

Motivations:

  • not well-funded groups, attack high profile targets, infiltrate systems, steal sensitive data, expose personal data

Used techniques:

  • Spear phishing
  • targeted phishing emails (CEOs, and CFOs)
4/ Cybercriminals: 

    Motivations:

    • in most cases, they're motivated by money

      Used techniques:

      • credentials stealing using existing malware
      • ransomware

      5/ Cyber warriors: 

        Motivations:

        • espionage, extortion, and embarrassment

          Used techniques:

          • use unpatched systems
          • always looking for zero-day exploits

          -> Now that we know the risks, we can be more careful and better prepared for cyber threats


          Lesson 2: Data Security perspectives

          Information security: divided into two aspects:

          1. Cybersecurity: protecting networks, devices, data from unauthorized access
          2. Physical security


          Vulnerabilities:

          are flaws in the software, firmware, hardware which can be exploited to perform unauthorized actions on a targeted system.

          Attacks:

          actors who exploit vulnerabilities in systems for their own game

          Attack surface:

          exposed area in the environment that can be used to gain entry to, or extract assets

          Malware: 

          unwanted file or program that can cause harm to systems or compromise data 

          example of malicious code classification:

          virus, worm, botnet, trojan horse, DDoS, ransomware

          NB: malicious data files are non-executable, instead the code could be attached with pdf, doc, jpg files and sent via emails for example

          social engineering:

          obtain the victim's trust and ask him for sensitive information, relying on the publicly available information (OSINT), stress on curiosity, urgency, and intimidation

          NB: human error accounts for nearly all data breaches

          Protect yourself against cyberattacks:

          • recognize potential cyber risks
          • be more vigilant to your sensitive information such as PII -Personally Identifiable Information- like Full name, birthday, biometrics, passport, ID, credit card, phone numbers, home/email addresses
          • regulatory industries and government such as the General Data Protection Regulation(GDPR) in Europe have prioritized new laws and compliance standards
          • ask your company privacy office if you have any questions


          Best practices: 

          • be suspicious of any sort of communication requesting sensitive info
          • hover over hyperlinks and confirm their sources
          • use multistep verification
          • ensure all your systems are updated
          • never reuse passwords across multiple accounts
          • lock your screen device when away
          • follow company policy, ask if you don't know

          Lesson 3: password perspectives

            Better password and authentication

            • use a combination of seemingly random upper and lowercase letters, numbers, and special characters that is easy to remember but difficult to guess even for someone who knows your personal details
            • change your passwords at least two times a year
            • use a different password for each account 
            • hard to remember them all; use a password management application, just be aware of where it stores your passwords
            • use multi-factor authentication MFA, that uses something you know (password, Q&A) with something you have (hardware/software token, fingerprint, iris)
            • password-protect your data backups, integrated encryption is a good addition to the formula


            Lesson 4: internet threat perspectives

            Technology has emerged significantly with many new things appeared in today's world such as AI, machine learning, 5G, quantum computing, cloud, autonomous vehicles, and IoT devices

            all these targets must be protected against compromise as the cyber threat landscape continues to increase

            Common threats

            • Social engineering
            • juice jacking: use charging stations available in public spaces such as airports, train stations, conference areas, and coffee shops using malware deployed inside of them waiting for a portable device to be plugged in
            • emails scums: phishing, spearphishing, whaling, CEO fraud, Business Email Compromise (BEC)
            • often spam is combined with domain spoofing to be more convincing
            • ransomware

            Don't fall for spam:

            • if you find an email suspicious mark it as spam and block the sender
            • disable displaying graphic images in your email settings




            Mobile security:

            more than half of all internet traffic is generated by mobile devices

            mobile app activities that can be targeted:

            • banking
            • social networking
            • emails
            • calendars
            • contacts
            • mobile e-commerce
            • GPS information
            technology layers of a mobile device:

            • Hardware > Firmware > mobile OS > Application


            Protect your phone:
            • secure your WI-FI network by avoiding public, open, and unknown WI-FI networks, check the name of it (BSSID)
            • avoid using public charging stations (use power banks) 
            • use MFA
            • back up your data
            • avoid opening files, clicking links, or calling numbers from unsolicited messages
            • change default username and password
            • disable features not currently in use like Bluetooth and wi-fi
            • encrypt your sensitive data
            • enable lock screen, using password or PIN
            • follow your company policies and data handling guidelines
            • maintain up-to-date software and OS
            • power down your device prior to storing it
            • set Bluetooth to non-discoverable
            • turn off automatic connect when not in use

            Lesson 5: insider threat perspectives

            human error is the root cause of almost every single data breach
            to increase physical security awareness:

            • follow your company policies and data handling guidelines
            • backup sensitive data
            • be aware of shoulder surfing
            • don't write or leave passwords on notes or your desk
            • lock your computer screen and cell phone
            • report broken doors, windows, lack of security personnel
            • report suspicious activities or packages
            • shred and destroy all documents that contain sensitive and critical information
            • treat all devices that contain sensitive data carefully
            • use your badge to enter your workspace and do not allow tailgaters

            an insider: is someone who has access to the organization's resources such as personnel, equipment, facilities, networks, and systems

            an insider threat: is the risk that the insider can use his authorized access to harm the company either willingly or unwillingly, it can be:

            • accidental: an employee falling for phishing emails
            • negligent: an employee not following the company's policy to complete his work faster)
            • malicious: distraction, theft, exploitation of data, in most cases this is done by former employees, but it can be done by anyone


            >>> be vigilant, give proper training for your employees, identify critical resources and protect them

            Optional lessons

            1/ CIO perspectives
             the CIO is responsible for controlling the company information technology resources by overseeing: people, processes, and technologies to:
            • ensure delivering the company goals
            • guarantee the management of end-user computing, enterprise apps, data & voice communication systems
            • decide the company's broader IT direction
            • working closely with other C-level executives to understand business priorities
            • design and analyze the IT infrastructure to align with the business objectives
            Goals:
            • streamline business processes
            • improve overall experience
            • increase the productivity of employees
            • create a competitive advantage

            the CIO aims to maximize these effects while showing how these investments deliver measurable results

            nowadays, cybersecurity become a big part of the CIA's job

            Challenges:

            • different security products for each technology (cloud, network, web, mobile, computer ...)
            • implementing all solutions would make the infrastructure and its management more complicated and expensive
            • with big companies, can you identify the: existence, scope, location, cause (inside/external) of breaches
            • deploying new technologies mean more things to protect
            • third-party investigations, regulatory filings, lawsuits, and fines    



            Comments

            Post a Comment

            Popular posts from this blog

            OpenVas: Vulnerability Scanning | Installation Guide

            Image
              Introduction: OpenVAS is a vulnerability scanner that analyzes endpoints and web apps to uncover and detect flaws. Corporations frequently employ it as part of their mitigation strategies to initially identify any weaknesses in their operational or testing servers and apps. This isn't an ultimate solution, but it can assist in the elimination of any common weaknesses that may have sneaked through the gaps. Installation: There are three methods to install GreenBone openVas: 1- Install from Kali/OpenVas repositories:  This way varies in difficulty because of the needed configurations, you can simply install it with apt. sudo apt-get update -y &&  sudo apt-get upgrade -y &&  sudo apt-get dist-upgrade -y sudo apt-get install openvas sudo gvm-setup sudo gvm-check-setup 2- Install from source (Manually): This way is not the best for beginners due to prerequisite installations and error handling can be challenging. github.com/greenbone/openvas-scanner 3- Run from docker:
            Read more

            Nmap | TryHackMe Walkthrough

            Image
              An in-depth look at scanning with Nmap, a powerful network scanning tool. This room was created by DarkStar  and  MuirlandOracle , as it provides a great way to learn and start practicing nmap. I encourage you to give it a try by yourself since the hands-on practice will give you more understanding of the topic (take advantage of the manual page man nmap ). Task2: What networking constructs are used to direct traffic to the right application on a server? Ports How many of these are available on any network-enabled computer? 65535 [Research] How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task) 1024 Task3: What is the first switch listed in the help menu for a 'Syn Scan' (more on this later!)? -sS Which switch would you use for a "UDP scan"? -sU If you wanted to detect which operating system the target is running on, which switch would you use? -O Nmap provides a switch to detect the version of the
            Read more

            Azure Sentinel: Use Microsoft's SIEM to map global attacks

            Image
             in this tutorial, we will display attacks from all over the globe on a world map using Microsoft cloud SIEM (Security Information and Event Management) this is a step-by-step guided lab so it will be a long tutorial. Project steps this project needs multiple stages to be completed, when you finish this guide you will be able to: create and configure a Virtual Machine using Azure configure a cloud network security group and create firewall rules create and configure a Logs Analytics Workspace collect data from Virtual Machines into Azure get familiar with PowerShell scripting and APIs use (KQL) Kusto Query Language (the Azure data exporter language)  Let's get started First of all, go ahead and create a free Azure account at  https://azure.microsoft.com/en-us/free/   When you're done with that go to your dashboard at  https://portal.azure.com/ Ps: Just a quick note before we begin, you will notice in Azure as in GCP or AWS that the search bar is your b
            Read more