CMU540

Cyber Security Fundamentals & Lab Setup

Session 1

James Williams

jwilliams@staff.newman.ac.uk

Learning Objectives

Understand fundamental cybersecurity concepts
Learn the CIA Triad (Confidentiality, Integrity, Availability)
Explore common security threats and vulnerabilities
Set up the OS³ Newman Cyber Security Lab environment
Understand the course structure and expectations
Explore career opportunities in cybersecurity

What is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.

Key Areas:

Information Security: Protecting data and information
Network Security: Securing network infrastructure
Application Security: Securing software applications
Operational Security: Protecting business operations
Disaster Recovery: Planning for security incidents

The CIA Triad

Confidentiality

Ensuring that information is accessible only to those authorized to have access.

Data encryption
Access controls
Authentication
Privacy protection

Integrity

Maintaining the accuracy and completeness of information.

Data validation
Checksums and hashes
Digital signatures
Audit trails

Availability

Ensuring that information and resources are available when needed.

Redundancy
Backup systems
Disaster recovery
DDoS protection

Common Security Threats

1. Malware

<!-- Types of Malware -->
- Viruses: Self-replicating malicious code
- Worms: Self-propagating malware
- Trojans: Disguised malicious software
- Ransomware: Encrypts data for ransom
- Spyware: Monitors user activity
- Adware: Displays unwanted advertisements

2. Social Engineering

<!-- Social Engineering Techniques -->
- Phishing: Fraudulent emails
- Spear Phishing: Targeted attacks
- Vishing: Voice-based attacks
- Smishing: SMS-based attacks
- Pretexting: False identity attacks
- Baiting: Tempting offers

Common Attack Vectors

1. Network Attacks

<!-- Network Attack Types -->
- DDoS: Distributed Denial of Service
- Man-in-the-Middle: Intercepting communications
- Packet Sniffing: Capturing network traffic
- Port Scanning: Discovering open ports
- ARP Spoofing: Redirecting network traffic
- DNS Spoofing: Redirecting domain requests

2. Application Attacks

<!-- Application Attack Types -->
- SQL Injection: Database manipulation
- Cross-Site Scripting (XSS): Client-side attacks
- Cross-Site Request Forgery (CSRF): Unauthorized actions
- Buffer Overflow: Memory exploitation
- Directory Traversal: File system access
- Session Hijacking: Stealing user sessions

Security Controls

1. Administrative Controls

<!-- Administrative Controls -->
- Security policies and procedures
- Employee training and awareness
- Background checks
- Security audits and assessments
- Incident response plans
- Business continuity planning

2. Technical Controls

<!-- Technical Controls -->
- Firewalls and intrusion detection
- Antivirus and antimalware
- Encryption and access controls
- Network segmentation
- Vulnerability scanning
- Security monitoring and logging

Physical Security

1. Physical Access Controls

<!-- Physical Security Measures -->
- Access control systems
- Security cameras and monitoring
- Biometric authentication
- Security guards and patrols
- Environmental controls
- Equipment protection

2. Environmental Controls

<!-- Environmental Security -->
- Temperature and humidity control
- Fire suppression systems
- Power backup and UPS
- Flood protection
- Earthquake protection
- Electromagnetic shielding

Risk Management

1. Risk Assessment Process

<!-- Risk Assessment Steps -->
1. Asset Identification
  - Hardware and software assets
  - Data and information assets
  - Human resources
  - Physical facilities
2. Threat Analysis
  - External threats
  - Internal threats
  - Natural disasters
  - Human error

2. Risk Treatment Options

<!-- Risk Treatment Strategies -->
- Accept: Acknowledge and monitor risk
- Avoid: Eliminate the risk source
- Mitigate: Reduce risk likelihood/impact
- Transfer: Share risk with third party
Risk = Threat × Vulnerability × Impact

Career Opportunities in Cybersecurity

Entry-Level Roles:

Security Analyst: £25,000 - £45,000
IT Security Specialist: £30,000 - £50,000
Network Security Administrator: £28,000 - £48,000
Security Operations Center (SOC) Analyst: £26,000 - £46,000

Skills Needed: Basic security concepts, Network fundamentals, Problem-solving, Communication

OS³ Newman Cyber Security Lab

What is OS³ Studio?

OS³ Studio is our comprehensive cybersecurity lab environment that provides:

Hands-on vulnerability testing
Secure implementation challenges
Real-world attack scenarios
Industry-standard security tools
Guided learning experiences

Access: Available through university portal

Course Structure Overview

Web Demos and Resources

Learning Resources:

OWASP - Open Web Application Security Project
NIST - National Institute of Standards and Technology
SANS - SANS Institute
CIS - Center for Internet Security
ACSC - Australian Cyber Security Centre

Security Awareness

                    Key Security Principles:
                    Defense in Depth: Multiple layers of security
Least Privilege: Minimum necessary access
Fail Secure: System fails to secure state
Separation of Duties: No single person controls everything
Regular Updates: Keep systems and software current

                

Summary: Cybersecurity Fundamentals

                    Key Concepts Covered:
                    CIA Triad: Confidentiality, Integrity, Availability
Common threats: Malware, Social Engineering
Attack vectors: Network and Application attacks
Security controls: Administrative and Technical
Physical security and environmental controls
Risk management and assessment
Career opportunities in cybersecurity

                

Task 1: OS³ Studio Setup and Configuration

Objective:

Follow the OS³ Studio setup guide to configure your lab environment.

Instructions:

Access the OS³ Studio portal through the university website
Create your student account and log in
Follow the step-by-step setup guide
Configure your lab environment
Test basic connectivity and access
Explore the lab interface and tools
Complete the setup verification checklist
Document any issues or questions

Time: 45 minutes

Focus on following the setup guide carefully and ensuring everything works correctly

Break Time

15 Minutes

Take a break, ask questions, or catch up on the OS³ Studio setup.

Next: Live demo and Task 2

Live Demo: OS³ Studio Overview

Live Demonstration

This section will be covered in a live demonstration by the lecturer.

OS³ Studio interface overview
Basic navigation and features
Available lab environments
Security tools and capabilities
Hands-on examples

Please pay attention to the live demo and ask questions as needed.

OS³ Studio Features

1. Lab Environments

<!-- Available Lab Environments -->
- Web Application Security Labs
- Network Security Testing
- Vulnerability Assessment
- Penetration Testing Scenarios
- Secure Coding Challenges
- Incident Response Simulations

2. Security Tools

<!-- Integrated Security Tools -->
- Nmap: Network scanning
- Wireshark: Traffic analysis
- Burp Suite: Web application testing
- Metasploit: Exploitation framework
- OWASP ZAP: Web app scanner
- Custom vulnerability scanners

Learning Path in OS³ Studio

1. Beginner Level

<!-- Beginner Labs -->
- Basic vulnerability scanning
- Simple web application testing
- Network reconnaissance
- Basic exploit techniques
- Security tool introduction
- Guided tutorials

2. Intermediate Level

<!-- Intermediate Labs -->
- Advanced web application attacks
- Network penetration testing
- Social engineering simulations
- Incident response scenarios
- Secure implementation challenges
- Real-world case studies

OS³ Studio Best Practices

1. Lab Safety

<!-- Lab Safety Guidelines -->
- Only test in designated lab environments
- Never attempt attacks on real systems
- Follow ethical guidelines
- Report any lab issues immediately
- Respect other students' work
- Keep lab environments clean

2. Learning Approach

<!-- Effective Learning Strategies -->
- Start with guided tutorials
- Practice regularly
- Take notes and document findings
- Ask questions when stuck
- Collaborate with classmates
- Challenge yourself with advanced labs

Career Development in Cybersecurity

Next Steps:

Foundation Certifications: CompTIA Security+, Network+
Specialized Training: Ethical hacking, Incident response
Hands-on Practice: OS³ Studio labs, CTF competitions
Industry Networking: Security conferences, meetups
Continuous Learning: Stay updated with latest threats

Resources: CompTIA | SANS | OWASP

Task 2: OS³ Studio Exploration

Objective:

Explore the OS³ Studio environment and familiarize yourself with the available tools and labs.

Instructions:

Access your configured OS³ Studio environment
Navigate through the different lab categories
Try out basic security tools and features
Complete a simple vulnerability scanning exercise
Explore the web application security labs
Test basic network reconnaissance tools
Familiarize yourself with the interface
Document your exploration and any questions

Time: 45 minutes

Focus on exploring and getting comfortable with the OS³ Studio environment

Further Activity: Advanced Exploration

Advanced Students - Additional Exploration:

For students with additional time, explore advanced features:

Advanced vulnerability scanning techniques
Complex web application testing scenarios
Network penetration testing labs
Social engineering simulation exercises
Incident response and forensics labs

Deliverable: Exploration report with findings and questions

Session Summary

                    Key Takeaways:
                    Cybersecurity fundamentals are essential for all IT professionals
The CIA Triad forms the foundation of security
Understanding threats and vulnerabilities is crucial
OS³ Studio provides hands-on learning experience
Career opportunities in cybersecurity are growing
Continuous learning is essential in this field

                