Tag Archive for: Beginners

Computers For Beginners Part 8-Computer Security

/in



Malware analysis for beginners: Getting started

/in


Staying ahead of hackers and the latest malware requires a knowledgeable security team. Malware, especially ransomware, is constantly in the news, as hacker groups use it to attack companies and government agencies. More than 13 million attempted malware attacks on just Linux systems were detected during the first half of 2021.

The cybersecurity industry is struggling to find qualified infosec professionals to fill all the open positions. About 95% of security professionals say the security skills shortage hasn’t changed over the past few years. Now is a perfect time to get into the cybersecurity industry. So, how to get started?

Dylan Barker, a senior analyst at CrowdStrike, wrote Malware Analysis: Techniques: Tricks for the triage of adversarial software as an introduction to one part of the industry. “I thought it would be great if there was a quick reference out there,” Barker says. “I also wanted to inspire people just getting into the infosec industry. When people enter the infosec industry, they often think the only path for them is either sitting in a SOC [security operations center] and staring at Splunk all day or being a pen tester. There really are more exciting paths out there for blue teams [security analysts within a company] that maybe aren’t quite as popular.”

Barker calls malware analysis exciting and interesting. “We can gather all these IOCs [indicators of compromise] together and weaponize them. This will make life difficult for the adversary — or more difficult than we’ve historically made it. We can also assist coworkers, sys admins and other stakeholders defending a company’s systems.”

To help beginners entering the field of malware analysis, Barker’s book introduces key techniques and software. Readers learn how to set up a malware analysis lab. Barker also covers static and dynamic analysis methods and de-obfuscation techniques.

In this interview, Barker explains malware analysis for beginners looking to enter the field. He breaks down what to know and offers advice on how smaller security teams can succeed against malware attacks.

Editor’s note: The following interview was edited for length and clarity.

How would you recommend someone enter…

Source…

A Beginner’s Guide to Malicious Websites

/in


Malicious websites are a simple way to trick innocent users into stealing their information. They are also a hotbed for malware, a type of malicious program designed to disrupt your device.

With the rise of malicious websites, it’s become increasingly important that you refine your surfing habits. So what exactly is a malicious website? What makes them malicious? And how do you spot and protect yourself from a site with vicious intent?

What Is a Malicious Website?

Source…

Beginner’s Guide To Container Security

/in


Following traditional software development methods, developers had to deal with OS and application dependencies. Container adoption is a result of two factors: a demand for accelerated time-to-market enabled by DevOps, and a desire for application portability across clouds.

Containers are helpful for developing and deploying apps in the cloud since they are effective in managing application infrastructure. As with any new technology, benefits are coupled with new security challenges that put businesses at risk if they are not addressed adequately. In fact, a Forrester report indicates that security is the primary barrier to container adoption.

The rapid adoption of container technologies creates a unique opportunity to shift security left, by integrating security practices into each stage of the application lifecycle and building bridges between development and security teams.

Given the speed and velocity at which containers and cloud operate, DevSecOps is the only viable path forward for security teams. DevSecOps brings DevOps and security teams together and introduces security as early as possible in the container life cycle. Shifting security left important to safeguard the agility of modern app development and deployment processes. The IBM Systems Sciences Institute has found that the cost to fix a bug during the runtime phase is 100 times more costly than fixing the same bug fixed during the design phase.

Container security differs from traditional security methods due to the increased complexity and the ephemeral and dynamic nature of containerized environments. Container security should include anything from the applications they contain to the infrastructure they run on. RedHat recommends building security into the container pipeline by gathering trusted images, managing access, integrating security testing, automating deployment, and continuously protecting the underlying infrastructure.

What are the basic security hygiene measures businesses should adopt to secure their containers? You should adopt the container security triad: build, deploy, run.

Build security

Building security in your container structures means…

Source…