Attack Vs Defence - My Role As a Defender

Personal Experience on CCNA Cyber Ops

 

My journey hasn’t been long in the info sec. community, but I guess this is a high time for me to open up and clear confusions that the newbies might have.

 

Every time I sit down and think of information security, this wonderful movie ‘The Matrix’ pops up in my mind. Information Security it’s like you either take the blue pill or the red pill. Either you attack, or you defend. Either you hack, or you get hacked.

 

The former Cisco’s CEO John T. Chambers once said, “There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.”

 

When I hear this quote, I think of my previous organization and look at my present organization's network. I then think, "Have they already been hacked, or will they be hacked? Was my previous organization secure? Is my present organization secure? Have I been working to tightly secure my organization? Am I acting as a Good Defender?"

 

I then think again, "It should be fun to break inside the computer network, shouldn't it?"

 

Normally, when people think of attacking (or so as to say, “hacking”), most people think of running Kali Linux, port scanning, service enumerating, vulnerability scanning, exploiting, getting the access, gaining superuser privilege, and so on. There is this different thrill of being a hacker and starting up with exploiting simple NetBIOS bug with ‘MS08-067’ exploit is really amazing.

 

Picture1.png

 

At first, it feels like you have achieved something, something big to brag about with friends. Since, before that you had never accessed any system without having to enter a password. Also, knowingly or unknowingly, newbies may be involved in such fun activities and go against the cyber law. There are already many virtual labs to build up your attacking skills.

 

Disclosure: Please be responsible and test only the system you have access and permission to. The author shall not be responsible for people getting excited and breaking anything.

 

In my opinion, until and unless you do not know the hacker mindset, it’s worthless to work on the defensive side of the information security. So, to understand the hacker mindset, Cisco has come up with this new course focusing solely on the defensive side.

 

As stated in their website, “In our digital era, organizations are relying increasingly on cybersecurity to protect themselves, enable trust, move faster, add value, and grow. As the volume and sophistication of cyber-attacks rises, organizations are experiencing a significant shortage of IT professionals with cybersecurity skills. To help close this security skills gap, Cisco is introducing the Global Cybersecurity Scholarship program. Cisco will invest $10 million in this program to increase the pool of talent with critical cybersecurity proficiency.” I feel that this move from a tech giant and such a reputed organization like Cisco is a pretty good one.

 

I am not sure what you relate with the above quote, “To help close this security skills gap,” but as per my guess, there is more of a shortage on the defense and forensic side. Obviously, lots of people have already been in attacking possession. A hacker needs just one vulnerability in any one service, but a defender has to defend all those ports and services that are running in their network. Thus, the defending task is more challenging than attacking. Even though Attacker and Defender have the same pathway, it depends upon each individual if he/she wants to use his/her skill for good or evil.

 

So where are most of the newbies going wrong?

Hitting up with exploit, finding few RFI/LFI, SQLi, XSS from unmanaged websites gave me a superior feeling of being a HACKER. It’s not only me this feeling relates to every individual student or person who got his/her first root/SYSTEM access. But when you have to face any Firewall, WSA, AMP, CWS and many other security products, you come to a dead end. The problem is,

 

“You want to hack a website, but you don’t know how to build one.”

“You want to break inside a network, but you don’t know how the network works.”

“You want to modify the code, but you do not understand what the code does.”

 

This is exactly where most of the students fail. Due to lack of proper guidance and awareness about the cyber security career pathway and other such problems, they all are in a huge dilemma. So, this is my suggestion:

 

“Whatever you want to break in, first learn how to build them and how they work!”

 

While working on my CCNA Cyber Ops, I Personally enjoyed the most while reading and going through the course materials. In fact, this is the second most amazing certification I have gathered. Please don’t ask me about my first one that’s a completely anonymous certification (Giggles!). Since this course was divided into two sections, SECFND and SECOPS, it has a really awesome set of information provided in this course. SECFND gave a more in-depth view about Networking, Security concepts, Cryptography, Host-Based Analysis, Security Monitoring and Attack Methods. SECOPS gave more information about Computer Forensics, Network Intrusion Analysis, Incident Response, Data and event analysis, and Incident Handling. Even after the certification CVSS, NIST, Playbook is revolving around my head.

 

I have never worked for any SOC, but to be frank, while I was going through each lab and course material, that gave me a close view of being a SOC Analyst. Every time I was jumping into the lab from one machine to the other, servers to the SIEM, I was getting more excited. Before I was just running my nmap script to find the open ports and enumerate few services I never realized what’s happening in network. But with the help of Wireshark and Security Onion I have more visibility in my activities.

 

I have never seen such well-managed course material with labs designed for newbies like me. Every video speaks about the technologies, and you can replicate them in the lab. Plus, you always had a mentor to help you and guide you in the right direction. My big shout-out to all the mentors who have been helping us. The course completion exam was quite challenging, as this was v.1 and it hasn’t been long since it was released. But the best part about the exam was Cisco offering a 2nd try for each exam. And to be frank I cleared my SECFND on the 2nd try. So, failure is never an end, folks. Lots of newbies and even my friends were reaching out to me asking what materials I used to prepare for this exam. So, I would like to share a few details here:

 

At first, obviously the E-learning course:

https://learningnetworkstore.cisco.com/ccna-cyber-ops

 

Secondly, if you keep your eyes on the Cisco Press website, then you may find some pretty good deals for every week, and from there I grabbed my e-book + Practice Test:

http://www.ciscopress.com/store/ccna-cyber-ops-secops-210-255-official-cert-guide-premium-9780134609027

 

How can I miss my favorite one, our Cisco Learning Network? Whenever I had any issue, I used to ask my question in the forum. And I am so glad to have our expert around helping with my confusion.

https://learningnetwork.cisco.com/groups/cyber-security-study-group

 

And for more resources, hard work has already been done by CLN mate Spotlight Award winner Phoenix as below. You can find more details about NIST, CVSS, Regex Cheat Sheet and many more:

 

SECFND

https://learningnetwork.cisco.com/docs/DOC-34768

SECOPS

https://learningnetwork.cisco.com/docs/DOC-34764

 

To conclude, either you are on the attacker's side or on the defensive side of security. Make sure you use your knowledge in a good and fruitful way. Always remember, either you take the blue pill or the red pill, and never stop following the white rabbit.

 

We will surely meet in the rabbit hole! Cheers!

 

“My big shout out to shenanigan mate Nitesh aka Neat – White Hat Hacker for helping me with this blog.”