by James Gross, Senior Technical Instructor at LeaderQuest
Scenario 1: You sit down at your desk to log into your enterprise network only to find yourself shut out. A message pops up on your screen demanding you pay a ransom. What do you do? If you are an IT professional you might have a few thoughts on what to do, but are your instincts good? Do you have what it takes to meet the challenge: the right training, the right cyber security certifications?
Scenario 2: You launch a browser and surf over to your favorite news site. The headlines trumpet yet another cyber security attack, such as the ransomware infection that hit Los Angeles Valley College. What is your first reaction? Fear? Amazement that with all the attention being given to these types of attacks that they are still so successful? Do you feel helpless or do you look at it as a challenge? You also hear that with all those attacks, cyber security is growing and pays well. But how does one prepare for a cyber security career?
Believe it or not, training and certification is the answer to the questions posed at the end of both scenarios. Cyber security training and achieving cyber security certification are great ways to help you answer those questions and develop the skills that employers are asking for. You may now be wondering which security certification is the best for you. That is a question that many people who are looking to move into cyber security, either seasoned IT professionals or those new to IT, often ask.
With some of the best cyber security certifications to choose from, including CompTIA Security+, EC-Council’s CND, CEH, and CHFI, and the (ISC)² CISSP, which one will best prepare you for a well-paying cyber security career?
How Can Security+ Prepare You for a Job in Cyber Security?
If you are new to IT or are wanting to move into cyber security from the network or systems IT space, you will need to develop your cyber security know-how. Without a common vocabulary, you will find it difficult to converse with your peers and executives alike. The best place to start is with a foundational IT certification that has breadth with just the right depth. In other words, the CompTIA Security+ certification.
Let’s take a look at a recent attack: the Los Angeles Valley College (LAVC) ransomware attack.
As you may know, LAVC had its network compromised and its systems locked down by a virus that encrypted critical data. From articles written by the San Diego Union Tribune and the LA Times, we can gather the following information: they didn’t have backups of their data, they didn’t have the necessary staff or funding to implement backup and remediation tasks, their files were encrypted, they needed the key to unencrypt (unlock) those files, and their only option was to pay the ransom of $28,000.
Cyber Security Training 101
Given what we know, what might have been done to prevent the attack or at least make it such that you wouldn’t have to pay the ransom? The first thing that most people ask when the topic comes up is wouldn’t a good anti-virus program have stopped the virus? The short answer is maybe. Without knowing whether the virus had been previously discovered, I would say that it might have been a zero-day infection. If it was, the anti-virus program would have been ineffective, as a zero-day infection is one that has never been seen in the wild. Since it is so new, there is no immunity to it.
Since the anti-virus program probably wouldn’t have offered enough protection, what else can you do? [inlinetweet prefix=”” tweeter=”” suffix=””]Simply put, secure data backups are essential.[/inlinetweet] As the articles indicated, LAVC didn’t have the funding for such backups. Had they been able to backup the data, and assuming that the backups weren’t infected as well, they could have wiped the drives clean, reinstalled the operating system, and reloaded the backed up data. Depending on how large the system is, that might have taken just a few weeks to recover completely and they wouldn’t have had to pay the ransom.
We also need to look at what was the likely avenue that the virus used to gain access to the network in the first place. Remember this is merely speculation, but one easy way to get malicious software (malware) onto a target system is through social engineering. Two common social engineering attacks are phishing emails and infected USB thumb drives left in common areas.
The first attack, phishing emails, is often successful since the attacker usually crafts a very convincing email that might have a link or an attachment that the recipient is duped into clicking. Once clicked, the malware gets downloaded, installed, and executed. That can lead to a scenario where the first infected computer acts like a zombie and hunts down other vulnerable systems on the network and infects them. Very effective, indeed.
The second attack, infected USB thumb drives, depends on the finder being both curious and interested in finding the owner of the drive. Since they are typically unmarked drives, one would have to insert it into a computer to see if there are any files on it that might have some contact information that identifies the owner. Once you insert the drive, an autorun feature that is usually enabled by default in Windows allows the malware to run without human interaction. Just as with the phishing attack, the malware infects the first computer and then looks for other computers to infect.
In both cases, the attack is successful because it relied on decency and trust.
Interested in getting Security+ certified? Click the link below to get started!
CompTIA Security+ Certification
Now that we’ve looked at an all too common attack scenario, we can take a look at what CompTIA expects a person to know to receive the CompTIA Security+ certification. All-in-all, CompTIA expects you to have knowledge in six different cyber security domains. Those domains give you an outline to work from to help you develop your knowledge. Here is a short list of what needs to be understood within each domain:
Domain 1.0 – Network Security
- Firewalls and proxies
- NIDS (Network Intrusion Detection System)
- Unified Threat Management (UTM) implicit deny
- Access Control List (ACL)
- Layered Security / Defense in Depth
- IPSEC, WPA/WPA2, and TKIP
Domain 2.0 – Compliance and Operational Security
- Control types
- Risk management, incident management, and Data Loss Prevention (DLP)
- Vulnerabilities and forensic analysis
- Incident response procedures
- Security awareness and training
- Physical security and environmental controls
- Confidentiality, Integrity, Availability (CIA triad)
Domain 3.0 – Threats and Vulnerabilities
- Malware, phishing, man-in-the-middle attacks, password attacks
- Dumpster diving and tailgating
- Social engineering
- Rogue access points
- Replay attacks
- Hardening and network security
- Event logs and protocol analyzer
- Vulnerability scanners
- Code reviews and assessment types
- Penetration tests and vulnerability scanning
Domain 4.0 – Application, Data, and Host Security
- Cross-site scripting prevention (XSS)
- Application hardening and mobile device security
- BYOD and Mobile Device Management
- Operating System Hardening
- Anti-malware and patch management
- Virtualization and cloud storage
- Data encryption
- SCADA, ICS
Domain 5.0 – Access Control and Identity Management
- Authorization and least privilege
- Mandatory access control
- Discretionary access control
- Multifactor authentication
- Account policy enforcement
- Continuous monitoring
Domain 6.0 – Cryptography
- Symmetric vs asymmetric
- Ephemeral key
- Perfect forward security
- AES, RC4, TLS, IPSEC
- Certificate Authority
- Digital certificates and key escrow
Again, this is just a condensed version of what you need to know, so if you are curious about what was left out make sure you visit our CompTIA Security+ course page or the CompTIA website for more information.
As you can see, the six domains cover data security standards that might have helped prevent the need for LAVC to pay the ransom. Of course, [inlinetweet prefix=”” tweeter=”LeaderQUEST_USA” suffix=””]just having the right cyber security training and cyber security certification is useless if there isn’t funding available to implement a strong cyber security program[/inlinetweet], so let’s not be too harsh on LAVC. The lack of funding is a common problem across all industries.
Now, if you read through the domain list and became overwhelmed, don’t be! Success leaves clues and you can follow the path that has proven successful for so many. LeaderQuest instructors cover all the domain objectives. When you integrate the necessary tools you need to master the information, you will be set up for success! The tools and resources we provide include books, practice tests, and virtual lab environments. When combined with good study strategies, the tools and resources have proven to increase the success rates for students in our cyber security training programs and set them on their path to fulfilling cyber security careers.
Interested in Starting or Advancing Your Cyber Security Career?
If the information provided in this blog posting has interested you and you would like to take the next step, then you should consider talking to a Career Training Counselor at LeaderQuest about our available Cyber Security training programs. We are more than happy to help you chart your path to career success!