Cyber security Theory

 OSI Layers - Open Systems Interconnection Reference Model

1. Application  - Provides application connection HTTP, FTP, SMTP, SNMP etc., 
2. Presentation - Data formatting  and encryption takes place - known as syntax layer - ASCII encoded to EBCDIC Or vice-versa
3. Session
4. Transport -  connects low level communication hardware in level 1 through 3 with higher level software in levels 5 through 7 - TCP, UDP - Communicates in segments
5. Network - Sends and receives in Packets (Chunk of data) 
6. Datalink

Sends and receives frames (a sequence of 64 to 1518 bytes). Two sub-layers:-  

1. MAC - Media Access Control

2. LLC - Logical link Control (Used by network switches)

    7. Physical - Data transmitted in bits. Cable and radio spectrum

Hint:-  Please Do Not Tell Sales People Anything to remember OSI layers

Network topology

1) Bus - No central device - only T connector 

2) Ring - No central device - only T connector 

3) Star - Central device connects each device

4) Mesh - Every device connects to each other

5) Wireless Mesh

Hybrid Topology

2 or more network topology

Point to point communication

Point to multi-point

CIA - Confidentiality Integrity Availability

Risk Identification

Risk Assessment

Quantitative Risk Analysis Vs Qualitative Risk Analysis

Asset Value

Exposure Factor

Single Loss Expectancy = Asset Value (AV) x Exposure Factor (EF)

Annualized Rate Of Occurrence

ALE = SLE x ARO

CVSS (Common Vulnerability Scoring System) Calculator

https://first.org

Risk Response (Take Decision) - Evaluating Counter measures - Provide a proposal - Adjusting the finding 

Risk Treatment - Avoid (You can do but are not doing - Ignore) / Accept (You cannot do anything - Accept the existence of vulnerability and move on) / Mitigate (Fix the vulnerability) / Transfer (Risk to the supplier, eg: Cloud Provider to take care)

Goal of Risk Management - Minimise the risk in the org and maintain the same

Residual Risk - Risk which remains after counter-measures (Never Eliminated but lesser in-nature)

Risk Monitor - Contiuous monitoring of the risk - Qualsys , Nessus

Key Performance Indicator (KPI) - How well a process is progressing towards a intends goal

Key Risk Indicator (KRI) - Metrics , which defines risk threshold of an organisation - how many denial of service (DoS) - How many acceptable and not acceptable - eg:- Quantity of unauthorized software , no-antivirus

KPI and KRI are SMART metrics

KPI - underperforming KRI - Early Warning

SMART - Specific Measurable  Attainable Relevant Time-Bound 

Security Controls: - Policies to protect CIA of the asset - Administrative Controls - no impact to work , security training - Technical Controls - Firewall in-place , Physical Controls - CCTV 

Control Types - Detective (sensor) , Preventive (lock) , Deterrant (violating company policies) , Corrective , Recovery Control (Backup) , Compensating (Alternative - Intent , similar level of defense)

Control Selection - High Security in Jewellery Shop , Bank. College - Normal Security

Risk Management Frameworks: NIST , CIA

NIST - National Institute Of Science and Technology (United States Federal Govt) 

1. Prepare
2. Categorize
3. Select
4. Implement
5. Assess
6. Authorize
7. Monitor

NICE - National Initiative for Cybersecurity Education

1. Identify
2. Protect
3. Detect Respond 
4. Recover

    

Overview of Web Development - React.js and Node.js

Creating vital system data for display over web

Learn a front-end / back-end programming eg:- React.js (Front-end) and Node.js (Back-end)

Concepts of React.js / Node.js

• Pre-requsites:
• node.js  - server component to compile javascript
• visual studio code - IDE
  
• bind - Connecting Java script with HTML
• npm - modules required to run the react application
• react - major module
• react-dom/client  - useful in rendering the application
• react-scripts - running , building , test application
• ECMA - A programming language adopted by the European Computer Manufacturer's Association as a standard for performing computations in Web applications
  
• ES5 
  
•  Arrow Function

function App (){
return <h1> React training </h1>
}

• ES6 
• Arrow Function

const App (){
return <h1> React training </h1>
}

• code:
• import REACT from 'react';
• JSX - End goal of any component (REACT) is, it has to return something.
• All your application are wrapped in DOM mode
• render will create bind 
  
• react.strictmode  - suggestion / practices
• 3 types of components in React:
1. Class components
• logical components
• used for calling APIs
• can maintain state
• Class component will call API --> API will return data --> To the functional component --> Functional Component will render (or) display the data
  
2. Functional components
• dumb components
• used for display purpose
• (Also started to make API calls)
• Directly returns JSX
  
3. Hooks components 

 

 

 

 

SCRUM - User Stories

Definition:

• A user story describes the desired functionality  from the user (customer) perspective.
• A good user story also describes who wants it , and how and why the functionality will be used.
• A larger user story is sometimes called an epic.
• A set of related user stories combined and treated as single entity for estimating or release planning is called a theme.

Evaluating user stories:

Independent:

• Can the user story be built without requiring other stories before we can see and test functionality.?

Negotiable:

• Can specific details of story be resolved through conversation so we can maximize the benefit while minimizing development costs.

Valuable:

• Does the story add value to the software for either or both the user and business.

Estimable:

• Do we know enough about the story to estimate the time to construct the software.?

Small:

• Is the story as small as it can be but still valuable.?

Testable:

• Can others easily verify that the story is complete.? 

Scrum - Roles and Responsibilities

Scrum - An Intro:

• Scrum is an agile process which is used for managing complex projects; where it is difficult to predict everything that occur.
• It Offers a framework and set of practices that keep everything visible. 
• Keep the art of possible in mind.
• Focus on what can be done rather than be frustrated by what can't be done.

Scrum Roles:

The Product Owner:

• The person responsible for managing the product backlog as to maximize the value of the project.
• The product owner represents all stakeholders in the project.

The Scrum Master:

• The person responsible for the scrum process, its correct implementation and the maximization of the benefits.
• Provide leadership guidance and coaching to the team.
• Heads the scrum project.

The Scrum Team:

• A cross functional group of people that is responsible for managing itself to develop software every sprint.

Product Owner Responsibility:

• Product owner is responsible for prioritizing the product backlog in such a way that maximizes the RoI for the organization.
• Redefines and Reprioritize the product backlog as per the needs from sprint to sprint.
• Participates in sprint planning and sprint review meetings and provides support to team as required.
• Product owner is responsible for participating in the estimation meeting to provide answers and clarifications for the stories.

Scrum Team Responsibility:

• Cross functional:

Developers, Testers, UI Designers , Business Analysts, Technical Writers etc.,

• Self-Managing and Self Organizing
• Selects work for each sprint.
• Everyone commits to all the task necessary during the sprint.
• Teams have a velocity.

SCRUM FRAMEWORK OUTLINE (SDLC Methodology)

 

SCRUM - A Framework for Project Management

 

Scrum Overview

Cloud Computing

 

%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22%26lt%3Bfont%20style%3D%26quot%3Bfont-size%3A%2018px%26quot%3B%26gt%3BCloud%20Computing%26lt%3Bbr%26gt%3B%26lt%3B%2Ffont%26gt%3B%26lt%3Bul%26gt%3B%26lt%3Bli%20style%3D%26quot%3Btext-align%3A%20left%26quot%3B%26gt%3B%26lt%3Bfont%20size%3D%26quot%3B3%26quot%3B%26gt%3BDelivery%20of%20computing%20Services%26lt%3B%2Ffont%26gt%3B%26lt%3B%2Fli%26gt%3B%26lt%3Bli%20style%3D%26quot%3Btext-align%3A%20left%26quot%3B%26gt%3B%26lt%3Bfont%20size%3D%26quot%3B3%26quot%3B%26gt%3BOffer%20-%20Faster%20Innovation%20%2C%20Flexible%20Resources%26lt%3B%2Ffont%26gt%3B%26lt%3B%2Fli%26gt%3B%26lt%3Bli%20style%3D%26quot%3Btext-align%3A%20left%26quot%3B%26gt%3B%26lt%3Bfont%20size%3D%26quot%3B3%26quot%3B%26gt%3BPay%20for%20only%20the%20cloud%20service%20you%20use%26lt%3B%2Ffont%26gt%3B%26lt%3B%2Fli%26gt%3B%26lt%3Bli%20style%3D%26quot%3Btext-align%3A%20left%26quot%3B%26gt%3B%26lt%3Bfont%20size%3D%26quot%3B3%26quot%3B%26gt%3BHelps%20Lowering%20operating%20cost%26lt%3B%2Ffont%26gt%3B%26lt%3B%2Fli%26gt%3B%26lt%3B%2Ful%26gt%3B%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22330%22%20y%3D%22180%22%20width%3D%22400%22%20height%3D%22400%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3CmxCell%20id%3D%223%22%20value%3D%22Servers%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22430%22%20y%3D%2240%22%20width%3D%22160%22%20height%3D%22160%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3CmxCell%20id%3D%224%22%20value%3D%22Software%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22380%22%20y%3D%22520%22%20width%3D%22160%22%20height%3D%22160%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3CmxCell%20id%3D%225%22%20value%3D%22Database%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22710%22%20y%3D%22300%22%20width%3D%22160%22%20height%3D%22160%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3CmxCell%20id%3D%226%22%20value%3D%22Intelligence%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22230%22%20y%3D%22150%22%20width%3D%22160%22%20height%3D%22160%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3CmxCell%20id%3D%227%22%20value%3D%22Storage%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22620%22%20y%3D%22130%22%20width%3D%22160%22%20height%3D%22160%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3CmxCell%20id%3D%228%22%20value%3D%22Networking%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22620%22%20y%3D%22470%22%20width%3D%22160%22%20height%3D%22160%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3CmxCell%20id%3D%229%22%20value%3D%22Analytics%22%20style%3D%22ellipse%3BwhiteSpace%3Dwrap%3Bhtml%3D1%3Brounded%3D0%3Bshadow%3D0%3Bdashed%3D0%3Bcomic%3D0%3BfontFamily%3DVerdana%3BfontSize%3D22%3BfontColor%3D%230069D1%3BfillColor%3D%23f5f5f5%3BstrokeColor%3D%23666666%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22200%22%20y%3D%22380%22%20width%3D%22160%22%20height%3D%22160%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E

Configuration Management Tools

 

Building an base image (Amazon Machine Image (AMI)) using Packer

 Requirement:

Create and upload a new ubuntu image (AMI) in amazon cloud using packer and version control.

Steps Involved: 

1. Create a free-tier account with aws.amazon.com
2. Install packer in your local system
3. Configure the aws user account to authenticate from packer
4. Define and Create the base config for building a base image using package HCP format
5. Run the packer utility and pass the config file.
6. Validate the first base image in was management console.

How to install brew command-line utility in macOS

Requirement:

In order to install packages in macOS , we use "brew" command-line utility.

Installation Steps:

For installing "brew" utility follow below steps:

1. (As a normal user) Download the install.sh script
• curl -O https://raw.githubusercontent.com/Homebrew/install/master/install.sh
2. (Provide execute permission to the downloaded script file install.sh)
• chmod +x ./install.sh
3. (Start the script execution)
• ./install.sh
4. (Add the default Homebrew install path to default .zprofile)

• echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/$USER/.zprofile

• eval "$(/opt/homebrew/bin/brew shellenv)"

Finally execute the command brew help and test the installation