Studying Cybersecurity - How to Learn New Concepts

-

 Learning cybersecurity or any "specialty" within IT can be challenging. Whether you're a Sysadmin, Security Analyst, Network Engineer, or Database Administrator, there's a lot of learning involved. So how do you get started? And what can help you along? There are two concepts that I often find myself coming back to: Black Boxes and Elephants.

Black Boxes - Focusing on What's Important

When I'm learning something I frequently ask why or how. I usually have to ask (and find out) or I have trouble focusing on the actual subject I'm trying to learn. As you can imagine, this can be both a good and bad thing. Go too far down the rabbit hole? You've lost your way and have become distracted. Be inquisitive and learn some of the details behind new concepts? Now you have a deeper understanding of a topic. This is where Black Boxes come in. Try to recognize when you've strayed too far from the original path, mark it for later reading, and let that area function without you understanding what's happening. At least until you've learned what you set out to learn originally.

The good side: Say you're brushing up on your networking knowledge and are learning about VLANs. You can either accept that broadcast messages do not reach nodes on another VLAN despite being connected to the same switch...or you can find out why. This is a great opportunity to learn a bit about Ethernet frames and 802.1Q, Access vs Trunk ports, etc.

The bad side: Say you're learning some of the finer details of TLS/SSL. Public Key Infrastructure, Certificate Authorities, web browser certificate stores, and the asymmetric vs symmetric encryption steps are all crucial. I've personally placed a Black Box on the mathematical process of how a key can be used to encrypt something but not decrypt it (in the case of asymmetric encryption). There is some very complicated math involved there and I'm willing to trust that the process just works. But everything "before" that? Fair game. Insecurities in SSL, improvements made in TLS 1.3, why SHA-256 hashes should be used in TLS 1.2 and not MD5, and the pros/cons of using ECC vs RSA...all good things to explore because they're actually relevant to what you were originally trying to learn. At least if you ever have to create a certificate and secure traffic to a website.

Knowing where and when to place a Black Box can be extremely helpful and keep you focused. Understand that there is a process that takes place, you're given some output from it that you need, and can carry on with what you're trying to do.

Elephants - How to Learn When There's Too Much To Learn

This one is an extremely popular saying, but I want to include it because it really does help me in the learning process: "How do you eat an elephant? One bite at a time."

It has since been revised, but when I took the CCNP it was comprised of three tests -- Routing, Switching, and Troubleshooting. When combined, this was an elephant of information. Thankfully Cisco broke the subjects down into their own tests which helped, but even within those tests there was a TON of information to learn. Dividing the material into categories, learning a topic at a time, and making regular progress is the only way to tackle something like that.

This is true for other certifications (CISSP comes to mind), but it's also important when implementing a new product, managing just about any project, learning to program, or more relevant to the title of this article, learning cybersecurity. Like with any subset in IT, there are subsets of subsets -- you can go down the paths of encryption research, compliance, security operations, reverse engineering of malware, secure coding, penetration testing, incident response, and a plethora of other subjects. These all have their own elephants and often require knowing a little about each of the other areas too.

Methodical progress is key. The rate will vary from person to person, but eat irregularly and your food goes bad. Eat too much at once and you get sick. Take it a bite at a time.

Summary

These concepts go hand-in-hand and have become increasingly useful to me over time. They relieve the feeling of being overwhelmed and help me stay focused on what's important. If you have any advice for what you do when learning something new leave a comment below or feel free to reach out on Twitter!

Comments

Post a Comment

Popular Posts

Hashcat - Cracking MD5 and NTLM Hashes

-
Image
Today we'll be exploring Hashcat -- "the world’s fastest and most advanced password recovery utility". This, along with similar tools, should be used only for password recovery, pentest engagements, CTFs, etc and never for illegal purposes. I could write an entire series about the capabilities Hashcat provides, but we will cover a few basic examples for now ( besides, Hashcat does a pretty good job of that themselves ): Crack MD5 hashes using the rockyou.txt wordlist. Crack NTLM hashes using the rockyou.txt wordlist. Crack NTLM hashes using a mask attack (modified brute force). I'll be using Kali Linux as Hashcat comes pre-installed, but Hashcat can run on Windows, macOS, and other Linux distributions as well. As you'll see, I'll be using some lists of hashes I made previously. Tools to generate hashes using dozens of algorithms are available online -- just save the output as a text file if you want to follow along. Cracking MD5 Hashes Using rockyou.txt Wordl
Read more

Configuring Secure Ciphers Suites and TLS

-
Image
Hey everyone, today we're back on cipher suites. If you want a refresher of TLS and secure cipher suites overall, check out my previous post . There are many instances in which you'll need to edit cipher suites on a system -- compliance efforts, CIS benchmarks, or simply ensuring your system doesn't use insecure suites. There are a few ways to go about this and I'll detail two of them now: IIS Crypto and the Windows registry. IIS Crypto My favorite way of editing TLS versions and cipher suites is using IIS Crypto . IIS Crypto allows you to select your desired TLS/SSL version, cipher suites, and backup the registry, all with a few mouse clicks. Only downside is that it's Windows only (even the command line version). This is what IIS Crypto will look like on an unmodified Windows 10 system. Note the separate  Server Protocols  and  Client Protocols  sections. These are important to keep straight depending on what system is listening for connections and what system is
Read more

Configuring SSH Key Based Authentication

-
Image
Overview Most personal computers and many organizations running Linux servers utilize password-based authentication. This is what most of us are used to -- you enter a username and password in order to authenticate your account and gain access to a system. While straightforward and commonplace, this isn't the best solution in most cases. Today I'll be explaining why key based authentication is more convenient, more secure, and allows for automation of tasks without saving credentials in plain-text in a text file. Key based authentication involves the use of private and public keys ( public-key cryptography ). The private key is stored on the client and the public key is stored on the server in a special file ( ~/.ssh/authorized_keys ). This allows any system with the corresponding private key to login to the server where we just stored the public key. Our steps are: Generate key pair (public / private key). Transfer public key and add it to the authorized_keys file on the remot
Read more