Basic concept: Security should not be an afterthought; it should be considered at the very start of all IT-related activities.
The term "shift left" refers to moving security considerations earlier in any process - whether that's software development, system design, or business planning.
Technology alone cannot provide complete protection. Organizations must also focus on:
Security awareness training: Regular education about current threats and best practices Clear policies: Well-defined security policies that are communicated and enforced Incident reporting: Encouraging employees to report suspicious activities Continuous improvement: Regular review and update of security practices
Software developers:
Let's take a look at the security alerts for this application:
*Note: Only instructor can see this - has to be logged in.
System administrators:
You may hear the term application architecture in the context of a software system. This refers to how all of the pieces that make up the overall application fit together.
Some examples of incorporating security at the system architecture level include:
Business analysts:
Principle of Least Privilege = Users and systems should be given only the minimum levels of access needed to perform their job functions.
Examples:
Two fundamental cryptographic technologies that serve different purposes in cybersecurity.
| Aspect | Hashing | Encryption |
|---|---|---|
| Purpose | Verify integrity | Protect confidentiality |
| Reversible | No | Yes (with key) |
Purpose: Verify the integrity of data (ensure it hasn't been changed).
How it works: Converts data into a fixed-length string (hash) that uniquely represents the original data. The process cannot be reversed.
Use cases:
Hashing Demonstration
# Create two files with very similar content
echo "Data to be hashed." > file1.txt
echo "data to be hashed." > file2.txt
# Generate MD5 hashes - note how different they are
md5sum file1.txt
md5sum file2.txt
# Show that even identical files produce identical hashes
cp file1.txt file1_copy.txt
md5sum file1.txt file1_copy.txt
Key takeaway: Even tiny changes in data produce completely different hashes, making it easy to detect if data has been modified.
Purpose: Protect data from unauthorized viewers during storage or transmission.
How it works: Converts readable data (plaintext) into unreadable data (ciphertext) using a key. The process can be reversed with the correct key.
Use cases:
Encryption Demonstration
# Create a sample file
echo "This is confidential data." > confidential.txt
# Encrypt the file using GPG
gpg -c confidential.txt
# Remove the original unencrypted file
rm confidential.txt
# Show that the encrypted file is unreadable
cat confidential.txt.gpg
# Decrypt the file back to readable format
gpg -o confidential.txt -d confidential.txt.gpg
cat confidential.txt
Key takeaway: Encryption makes data unreadable without the proper key, but it's reversible.
Digital signatures are a way to verify the authenticity of data - whether the data was created by the person or entity that claims to have created it.
Tokens are a way to pass data between the client (web browser) and server (web application). The token is essentially a message that has a tampering detection mechanism built in.
Imagine that you have a website that requires a login. Here's how it works:
The server might then, as with Role Based Access Control, check the token to see if the user has the appropriate permissions to access the requested page.
Key point: Only the server with the secret key can create a valid signature and check whether its original contents have been tampered with.
Daily Quiz 1: JSON Web Tokens
In this exercise we will visit jwt.io. We will create a JWT token and see how tampering detection works.
{
"id": "123",
"name": "Awesome User",
"admin": false
}
Copy the text from the "JSON WEB TOKEN" area on the right. This is the signed token that was generated with the server's secret key in the "SECRET" area.
What this is showing is that the client can send this token to the server, and it can both reassemble the original information and tell that nothing has been changed. We see the message "Signature Verified".
Take a screenshot of this section.
The snippet below is an altered version of the original token that
sets the
admin field to true. This represents a
malicious user trying to gain elevated privileges.
Copy and paste this into the "JSON WEB TOKEN" area on the "JWT Decoder" tab.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEyMyIsIm5hbWUiOiJBd2Vzb21lIFVzZXIiLCJhZG1pbiI6dHJ1ZX0._tStqR0CWzn2KzGKA-NGyJGIN92dasCzQoarfR4mEnE
Note that the "DECODED PAYLOAD" section shows the tampered information; however the "Signature Verified" message is now "Invalid Signature".
This is because the web server again uses its secret key to verify the signature. It can tell that the information, when hashed with its secret key, does not match the signature in the token. Even a tiny change to the data creates a completely different hash, just like we saw in our earlier hashing demonstration.
Take a screenshot of this section.
File and directory permissions are a fundamental security control that determines who can access what resources.
When might we want to make a file read-only? Read/write? Executable?
Permissions Demonstration
The Linux permissions model breaks the permission for each file into three parts:
Windows also has the concept of "read-only" files. We can check if a file is read-only by right clicking on it and selecting "properties".
# Create a sample file and check its permissions
echo "Sensitive company information" > sensitive.txt
ls -l sensitive.txt
# Make the file read-only for everyone
chmod r--r--r-- sensitive.txt
ls -l sensitive.txt
# Try to modify the file - this should fail
echo "Additional data" >> sensitive.txt
# Restore write permissions to demonstrate the concept
chmod rw-r--r-- sensitive.txt
echo "Additional data" >> sensitive.txt
cat sensitive.txt
Key takeaway: Proper permissions prevent unauthorized access and modifications to critical files.
Threat intelligence = Evidence-based knowledge about current and emerging security threats, including their context, mechanisms, indicators, implications, and action-oriented advice.
The Cybersecurity and Infrastructure Security Agency (CISA) provides free threat intelligence and security advisories to help organizations stay informed about current threats.
Daily Quiz 2: CISA Advisory Analysis
Do this on your own, then we will discuss the answers together.
Analyze the following advisory: ICS-25-196-03
Device/System Type: What kind of device or system is targeted by this vulnerability? (e.g., personal computing devices, corporate computing systems, industrial control systems, etc.)
Vulnerability Description: What is the actual vulnerability (the problem with the software/device)?
Exploit Difficulty: Which part(s) of the advisory tell us how difficult it would be for an attacker to exploit this vulnerability?
Attack Consequences: What are the potential consequences if this vulnerability is successfully exploited?
Mitigation Strategy: What is one mitigation strategy listed that could defend against this attack?
Effective cybersecurity requires multiple layers of protection:
Physical layer: Secure facilities, locked server rooms, badge access Network layer: Firewalls, intrusion detection systems, network segmentation System layer: Antivirus software, system hardening, patch management Application layer: Secure coding, input validation, application firewalls Data layer: Encryption, access controls, data classification Human layer: Security training, awareness programs, clear policies
Continuous monitoring is essential because:
Effective cybersecurity defense requires:
Remember: Security is not a destination but an ongoing process that requires constant attention, adaptation, and improvement.