Top 10 Things Cybersecurity Professionals Need to Know

There has been an increase in data breaches over the recent years. With almost 143 million Americans who have had their data compromised in data breaches. These breaches include all sorts of sensitive data, including financial information, election controversies, social security, just to name a few. The role of a cybersecurity professional has become increasingly vital for the health of any small to large organization, whether in the private or public sector.

Understanding the challenges behind a cybersecurity role is fundamental to tackle the problems that may arise when dealing with a security threat first-hand. In this post, we take a look at what cybersecurity professionals should be able to do to prevent exposing their teams, projects, and wider organizations to security attacks.

Contents

Cybersecurity Training with a Real Environment Experience

Cybersecurity issues are more easily learned by doing. With the help of a team of cloud security experts, we’ve identified the most recurring security topics any cybersecurity professional should be able to handle and we’ve built practical training around them to validate your understanding of such challenges, and test your knowledge in enterprise-based scenarios, so you are in a position to prevent such attacks.

With a single click of the “Start Lab” button, each lab is configured in a secure, sandboxed environment. Hands-on Labs are completely managed by Cloud Academy. No AWS, Azure, or Google Cloud Platform account is required. They’re active within seconds and shut down securely and automatically once completed.

Network Mapping and Target Identification

The first step of any network security assessment is to run network mapping which identifies what devices are operating on the network.

The Network Mapping and Target Identification Hands-on Lab tests your knowledge on network mapping. More specifically, you will learn to use different tools in Kali Linux to map out a local network and identify targets by discovering hosts on the network. You will understand how to scan for active network devices using the ARP scanner, Nmap, and Zenmap tools. To complete this lab you should be familiar with working at the command-line in Linux.

Interpreting Security Tool Output

Interpreting reported results and analysis of data can be simplified using the right tools. The Interpreting Security Tool Output Hands-on Lab builds your knowledge on two popular security tools: Nmap and Wireshark. By the end of the lab, you will be confident in performing fast and full port scans of targets using Nmap. You will also know how to analyze network traffic with Wireshark and understand how security tools can communicate over the network. To complete this lab, you should have a basic understanding of Nmap, ARP scanner, and TCP/IP and OSI network models. You can fulfill this lab’s requirements by completing the Network Mapping and Target Identification Lab and the OSI and TCP/IP Networking Models Course.

Security Audit Techniques

Regularly auditing the ports used by your system is part of an efficient security strategy. Unexpected connections and listening ports can be indicators that the system has been exploited and require further investigation to understand the cause. Modern Linux systems use the socket statistics command audit network and other types of sockets. The Security Audit Techniques Hands-on Lab focuses on auditing the network security of Linux hosts. You’ll learn how to use socket statistics to audit a Kali Linux system. A socket is an endpoint for communication. To complete this lab, you should have a basic understanding of TCP and UDP network protocols. You can fulfill the prerequisites by completing the OSI and TCP/IP Networking Models Course.

The video below, taken from the Security Audit Techniques lab, is a live demonstration of how to audit network socket statistic with the ss protocol and gives you a taste of the Cloud Academy lab experience.

Detecting Windows Vulnerabilities

As of 2019, Microsoft’s Windows operating system is by far the most popular operating system used in the world with more than 700 million devices now running on Windows 10. With such a large installation base, Windows systems become increasingly attractive for attackers.

The Detecting Windows Vulnerabilities Hands-on Lab focuses on the vulnerabilities of a Windows host and how to prevent them. In this lab, you will also learn about Windows tools that can help identify system vulnerabilities. To complete this lab, you should have a basic knowledge of working with the Windows operating system.

Cracking Passwords in Linux

As much as we attempt to avoid being password dependent, passwords represent the most common way to authenticate users. In the Cracking Passwords in Linux Hands-on Lab, you’ll be shown some of the frequent password-based challenges. You’ll learn how to launch a password crack attack on Linux system users. You’ll also understand how to crack passwords and how to defend against such attacks. To complete this lab, you should be familiar with working at the command-line in Linux.

Exploiting Vulnerable Network File System (NFS) Share

If you are looking to share files over a network whilst having centralized management of your files, a Network File System (NFS) is the ideal convenient solution. NFS can be exposed to security threats. In the Exploiting Vulnerable Network File System (NFS) Shares Hands-on Lab, you’ll be taken through the security challenges of an insecure NFS file share. You’ll learn the different types of sensitive data attackers may target and what you can do for securing NFS shares and when to use them.

Exploiting Remote Procedure Call (RPC) Services

Remote Procedure Calls (RPCs) are a generic framework for clients to execute procedures on servers. However, RPCs can be vulnerable to prevent overflow attacks that allow attackers to inject malicious code. Furthermore, many RPCs run with high privileges giving attackers complete control over more vulnerable systems. In the Exploiting Remote Procedure Call (RPC) Services Hands-on Lab, you will learn how to scan remote systems for RPC access using Nmap. You’ll also understand the type of sensitive information attackers are more likely to target and what options you have to prevent attacks. To complete this lab, you should have a basic knowledge of the command-line in Linux.

The video below, taken from the lab, is a live demonstration of how to exploit RPC services.

Execute a Stored Cross-Site Scripting (XSS) Attack

Cross-site scripting (XXX) is a security vulnerability of web applications. With XSS, attackers can run scripts on the machines of clients of a targeted web app. This way attackers can steal credentials and sessions from clients or deliver malware. The Open Web Application Security Project (OWASP) has included XSS in its top ten list of the most critical web application security risks. In the Execute a Stored Cross-Site Scripting (XSS) Attack Hands-on Lab you will use a web application that is intentionally vulnerable to illustrate a typical attack. To complete this lab, you should be familiar with HTML and Javascript.

Execute a Reflected Cross-Site Scripting (XSS) Attack

Following from the previous lab on stored XSS attacks, the Execute a Reflected Cross-Site Scripting (XSS) Attack Hands-on Lab focuses on a reflected cross-site scripting attack. Reflected XSS, often described as non-persistent XSS, is one of the most common kinds of XSS. Reflected XSS attacks occur when a user clicks a specially-constructed link that stores a malicious script that an attacker injects. Same as the other lab, you will use a web application that is intentionally vulnerable to illustrate the attack. To complete this lab, you should be familiar with HTML and Javascript language.

Perform a SQL Injection (SQLi) Attack

Injection flaws enable attackers to transfer malicious code through an application to another system. An example of one of such systems is SQL databases. When SQL databases are targets of such attacks they are defined as SQL injections (SQLi). The Perform a SQL Injection Attack Hands-on Lab takes you through an example of an SQLi attack. By allowing user input to form part of the SQL query that is executed, you will be able to extract data you should not have access to. You will use a web application that is intentionally vulnerable to illustrate the attack. To complete this lab, it is preferable you have a basic understanding of SQL.

All these labs are designed for the CREST Practitioner Security Analyst (CPSA) certification examination. But they are beneficial for any security practitioner in general.

If you’re a cybersecurity professional, these hands-on labs will support your continuous training and guidance with real practical examples so you can be sure to keep your cloud environment secure and compliant.

Avatar

Written by

Paola Di Pietro

Paola is passionate about all things digital. Curious at heart, her motto is #neverstoplearning. She's worked in digital marketing in the UK for over 8 years and now loves contributing to the Cloud Academy blog.


Related Posts

Alisha Reyes
Alisha Reyes
— October 1, 2019

New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more

At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • ITIL® 4
  • Jenkins
  • Microsoft 365 Tenant
  • New content
  • Product Feature
  • Python programming
  • TOGAF® 9.1
Avatar
Jeremy Cook
— September 17, 2019

Cloud Migration Risks & Benefits

If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...

Read more
  • AWS
  • Azure
  • Cloud Migration
Joe Nemer
Joe Nemer
— September 6, 2019

Google Cloud Functions vs. AWS Lambda: The Fight for Serverless Cloud Domination

Serverless computing: What is it and why is it important? A quick background The general concept of serverless computing was introduced to the market by Amazon Web Services (AWS) around 2014 with the release of AWS Lambda. As we know, cloud computing has made it possible for users to ...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
Alisha Reyes
Alisha Reyes
— August 30, 2019

New on Cloud Academy: CISSP, AWS, Azure, & DevOps Labs, Python for Beginners, and more…

As Hurricane Dorian intensifies, it looks like Floridians across the entire state might have to hunker down for another big one. If you've gone through a hurricane, you know that preparing for one is no joke. You'll need a survival kit with plenty of water, flashlights, batteries, and n...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • New content
  • Product Feature
  • Python programming
Alisha Reyes
Alisha Reyes
— August 22, 2019

How to Unlock Complimentary Access to Cloud Academy

Are you looking to get trained or certified on AWS, Azure, Google Cloud Platform, DevOps, Cloud Security, Python, Java, or another technical skill? Then you'll want to mark your calendars for August 23, 2019. Starting Friday at 12:00 a.m. PDT (3:00 a.m. EDT), Cloud Academy is offering c...

Read more
  • AWS
  • Azure
  • cloud academy content
  • complimentary access
  • GCP
  • on the house
Avatar
Andrew Larkin
— August 13, 2019

Content Roadmap: AZ-500, ITIL 4, MS-100, Google Cloud Associate Engineer, and More

Last month, Cloud Academy joined forces with QA, the UK’s largest B2B skills provider, and it put us in an excellent position to solve a massive skills gap problem. As a result of this collaboration, you will see our training library grow with additions from QA’s massive catalog of 500+...

Read more
  • AWS
  • Azure
  • content roadmap
  • Google Cloud Platform
Avatar
Andrew Larkin
— August 7, 2019

Disadvantages of Cloud Computing

If you want to deliver digital services of any kind, you’ll need to estimate all types of resources, not the least of which are CPU, memory, storage, and network connectivity. Which resources you choose for your delivery —  cloud-based or local — is up to you. But you’ll definitely want...

Read more
  • AWS
  • Azure
  • Cloud Computing
  • Google Cloud Platform
Orion Withrow
Orion Withrow
— July 24, 2019

How to Effectively Use Azure Management Groups, Subscriptions, and Resource Groups

When used individually, Azure Management Groups, Subscriptions, and Resource Groups are very powerful. But when used together, they can establish the entire organizational structure of Azure. In this article, I will explain Azure Resource Manager, Management Groups, Subscriptions an...

Read more
  • Azure
  • azure management groups
  • azure resource groups
  • azure subscriptions
Alisha Reyes
Alisha Reyes
— July 22, 2019

Cloud Academy’s Blog Digest: July 2019

July has been a very exciting month for us at Cloud Academy. On July 10, we officially joined forces with QA, the UK’s largest B2B skills provider (read the announcement). Over the coming weeks, you will see additions from QA’s massive catalog of 500+ certification courses and 1500+ ins...

Read more
  • AWS
  • Azure
  • Cloud Academy
  • Cybersecurity
  • DevOps
  • Kubernetes
Avatar
Guy Hummel
— June 26, 2019

Running Apache Spark on Azure Databricks

In this article, we’ll cover how to set up an Azure Databricks cluster and how to run queries in an interactive notebook. However, this article only scratches the surface of what you can do with Azure Databricks. If you would like to learn more, including how to create graphs, run sched...

Read more
  • Azure
Avatar
Thomas Mitchell
— June 25, 2019

Understanding the Core Azure Architectural Components

Microsoft Azure relies on a few key architectural components to provide redundancy and high availability. Core Azure architectural components include Azure regions, Azure Availability Zones, resource groups, and the Azure Resource Manager. In this article, we’ll discuss the basics ab...

Read more
  • Azure
Avatar
Guy Hummel
— June 6, 2019

How to Become a Microsoft Certified Azure Administrator

Microsoft Azure is one of the hottest cloud services on the planet, and it’s growing at a phenomenal rate. This rapid growth has created a huge demand for people who know how to administer and manage Azure implementations. To make it easier for employers to verify the skills of Azure...

Read more
  • Azure
  • exam