Introduction to Cyber Security

Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Helping others to help themselves...
Published:
Updated:
Many folks reading about this topic struggle with the use of technical terms they don't fully understand. This article seeks to address that problem by providing some basic tips on Cyber Security in plain English. Enjoy and stay safe.
Something many folks don't realise is that Cyber Security does not just consist of securing down computers, iPad's, mobile phones, and tablets. It relates to anything that is connected (and sometimes not connected) to the Internet.

For example, many people don't realise that the wireless (WiFi) baby monitors they buy to listen in on their toddlers and young children can be easily spied on by anyone near enough to pick up on a wireless signal. Even worse if there is an option to talk (send your voice) to the child's room. Imagine some idiot talking to your children after hacking in. Creepy!

I personally tested and hacked a "GE" manufactured child monitor in under 30 minutes a few years ago, despite the manufacturer's claims of how secure it was and that the monitor used encryption. I did not know the SSID or password of the device, as both had been changed. I'm no experienced hacker either.

In fact, all I needed was one of many readily available hacking tools that scan WiFi networks and then uses well-known algorithms to crack through known vulnerabilities that were discovered after the release of the unit I tested. The simplicity of the exercise was an eye-opener.

That's just one example. When dealing with the Internet of Things (IoT) type devices, anything that has a remote control or wireless sending capability is a potential risk. Especially when it connects to your home WiFi network.

IoT can include household items like Microwaves, Refrigerators, Thermostats, Door and House Cameras, Light Fittings operated by sound, voice-operated devices like Alexa, and the list goes on.

To keep costs down, manufacturers of these devices use the minimum WiFi protection needed to be able to make a claim that their device is secure. In reality, it is not. You get what you pay for, and the only way to make these devices safe is to purchase the types with update-able ROM and Firmware circuitry so that they can be patched and kept up to date as new vulnerabilities are discovered.

On the other end of the scale, the truth of the matter is that most people will not be targetted for a hacking attack, but it's mandatory to use at least essential and necessary security measures.

Hackers will always opt for an easy target, so if you use a weak or easily guessed password, then you should expect hackers to knock on your door, so to speak.

The most basic form of protection includes;

Password strength. Don't use anything related to your name, date (or year) of birth, your address or your pets. That includes your spouse and kids details too.

Don't share private details. How much information have you shared about yourself on Social Media over the years? Bits and pieces here and there add up as time goes by, and before you know it, anyone that takes an interest in you can gather enough information about you with little more effort than using Google's search engine. It's not hard.

Don't answer password recovery security questions honestly. Many web sites, banking institutions and so on will ask you to set up 3-5 security questions and answers. These are then used to automatically regain access to your login account if you happen to forget your password. Such password resetting systems are a hacker's wet dream. Why? Let's look at an example.

Q1. What is your pets name?
Q2. What was the name of the primary school did you went to?
Q3. What is your mother's maiden name?

Look at the above questions. The answers to all three are easily obtainable with a bit of research about you if you've shared the information on Social Media. Even if you haven't, there are other ways to find such information out about you.

The best way to prevent hackers from using your information to hack into your accounts is to give totally irrelevant answers to the questions. The automated system doesn't care what the answers are. It only cares that you remember the answer you gave - so to make use of such a system safely, you should always use answers that make no sense to the questions being asked, regardless of what they are.

Decide on three words you will always remember.

Let's say we'll never forget "Cabbage" because we don't like the taste.

We'll not forget the word "Motorbike" because we've never ridden one.

Finally, we'll remember the word "JoeJoe" because that was a nickname we got called in primary school. So let's now apply those answers to the previous questions.

Q1. What is your pets name?
Cabbage
Q2. What was the name of the primary school did you went to?
Motorbike
Q3. What is your mother's maiden name?
JoeJoe
 
You only need to decide on three words, yet the chances of a hacker guessing those answers would be considerably less (if not impossible) than if we answered them with a pets name, primary school, or mothers maiden name.

DO use password managers. A password manager allows you to use long and nonsensical passwords that would take even an expensive supercomputer hundreds of years to crack.

For example, how would you start about guessing the following password: 136m#kvCND%sd5^dR!h.

It would be humanly impossible to use such passwords if you had to remember them all. That's where password managers come to the rescue. An article I've written on Password Managers can be accessed by clicking the following Graphic.


Do use antivirus applications. There are dozens of different ones available, each claiming to be the best. The truth is that none of them will provide perfect protection and nor is there any guarantee that your chosen brand will be the best next year, or even in a few months.

It's important to understand that antivirus applications are always playing catch up - they are 'always' behind the eight ball because new computer virus' are released all the time. That said, any virus protection is going to be better than none, even the free ones.

DON'T use the same password on multiple sites. I'm not even going to bother going into details on this one. Suffice to say just don't do it! If one website account is hacked, you don't want the hacker to automatically know the password to dozens of your other online accounts, right?

DO use 2FA when available. Two-factor authentication (2FA) systems issue a challenge code to allow access to an account, even if the password is known. The simplest form of this type of security is an SMS to your mobile phone. You enter your login name and password to your bank for example, and an SMS arrives with a randomly generated 6 digit code to your mobile. Without that code, you can't get in, but neither can a hacker, so it's also a great alert system for you if someone is trying to gain access to one of your accounts.

DO keep your operating systems and applications up to date. Microsoft Windows, MAC OS and similar get updated all the time. If you don't apply these updates, you're leaving yourself wide open to automated vulnerability seeking bots (programs) that seek out systems and programs that have not been updated to patch known discovered exploits and open doors. It's not a hacker sitting there spending hours trying to see if "you" are vulnerable - it happens automatically, and a list of systems is generated for them to concentrate on later when it's convenient for them. In short, lock your door - don't leave it ajar.

Cyber Security is a vast topic and one that can't be done justice with a simple blog post.

Read the many freely available articles on the topic that have been written by enthusiasts. If you do that, then you're already a step-up above the rest of the world. Education is vital, so educate yourself, and you'll stay safe. It's really not that hard - it just requires a little interest and effort from you.

As mentioned earlier, it's those that are ignorant of Cyber Security technology that are most at risk. Take even the most basic steps, and a hacker will likely move onto the next target rather than waste his time on you. A poorly locked door is much easier to break into than a well-secured one.
2
334 Views
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Helping others to help themselves...

Comments (8)

Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Author

Commented:
Thanks Andy, very much appreciated :)
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
I recently analysed some password hashes (on request) and 78% were revealed in 10 minutes!

Only 2% were not revealed over a period of 24 hours of analysis, and these were believed to be 16 character complex passwords.

The sample size was 6,800.

Conclusion

Your password is not safe anymore.
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Author

Commented:
Wow! 😲

I'd strongly urge you to write an article about how you did that - analysed etc as I think it would be an exceptionally interesting read Andy. If you're willing, I assure you I'd get it published for you asap.

Thanks.
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
I think it would encourage crackers and hackers!

and at present until February 2021, ALL Windoze systems are still exposed to this security flaw which exists in the real world!

The Zerologon vulnerability!!!!
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Author

Commented:
You make a fair point Andy 👍

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community