Hey everyone, 👋 welcome back to Cyber Security 101!
Last week, we talked about Network Security; this week, we're taking a deep dive into System Security. 👮 

We've learned the foundations of cyber security and the basics of Network Security, but who knew like how there are applications and methods to secure our network, we also have the same for System Security.

Get ready to unlock some awesome knowledge and shield those individual systems that keep us connected!

🧑‍🏭 Jobs & Internships

1. Hacken needs a Senior dApp Security Auditor (remote) to find weaknesses in blockchain apps. You'll test them, fix security holes, and advise clients on how to keep them safe.

2. Stryker is looking for Embedded Software Testers (Bangalore/Gurgaon) with 3-6 years of experience. You'll test web apps, APIs, and more using automation tools and manual testing.

3. Become a Cyber Security Intern and gain experience in exciting fields like hacking and forensics. (See listing for specific skills and education required).

DELOITTE
Deloitte offers a variety of professional services but emphasizes its people as its core strength. The company values its employees' experience, diversity, and dedication, considering them the foundation of what makes Deloitte truly great. Interested in joining their team? We've put together a few job listings in the security sector that you might apply to!

1. VAPT Intern: assist with security assessments and penetration testing.

2. Consultant (VAPT+Red Teaming): perform Vulnerability Assessments and Penetration Testing (VAPT) and Red Teaming engagements.

3. Consultant (Splunk Engineer): analyze cyber threats, investigate security incidents, and collaborate on solutions using Splunk SIEM. (2+ yrs SIEM/security experience required.)

4. Consultant (SOC): monitor security incidents, prioritize threats, and lead incident response activities in a 24/7 environment.

🔏 Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. 🛡️

Operating System Hardening:
Securing Configurations & Permissions  

Imagine your computer is a castle. Let’s learn how to make it super secure with system hardening! This is like adding extra high walls, strong gates, and only giving trust-worthy people keys. 🏰🗝️ 

System hardening involves tweaking settings and permissions to make it harder for attackers to sneak in. By reducing the system's "attack surface" (think of it as all the ways someone could try to break in), we make it much tougher for them to find a weakness.

🏠️ User Account Management

1. Grant minimal permissions, and disable unnecessary accounts.

2. Implement the principle of least privilege, granting users only the permissions necessary for their tasks and disabling unnecessary user accounts.

🔐 Password Policies

1. Enforce strong password policies, requiring passwords to be complex, regularly updated, not easily guessable, and implement multi-factor authentication (MFA).

2. Enforce strong passwords and consider multi-factor authentication.

✅ File System Permissions

1. Restrict access to sensitive system files and directories by setting appropriate file permissions.

2. Limit access to critical files and directories.

🌐 Service and Network Configuration

1. Disable unnecessary services, protocols, and network ports to minimize the system's exposure to potential attacks.

2. Disable unused services and configure firewalls.

🩹 Patch Management

1. Regularly apply security patches and updates to the operating system to address known vulnerabilities and mitigate risks.

2. Keep the system updated with security patches.

✍️ Logging and Monitoring

1. Enable logging of security-related events and regularly review logs for signs of suspicious activity or potential security breaches and implement intrusion detection.

2. Enable security event logging and implement intrusion detection.

👮‍♀️ Security Baseline and Standards

1. Establish security baselines and standards for configuring operating systems based on industry best practices and regulatory requirements.

2. Follow industry best practices for system configurations.

📈 Regular Audits and Assessments

Conduct regular security audits and vulnerability assessments to identify weaknesses in the operating system configuration and remediate them promptly.

⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️

Patch management:
keeping software up-to-date and secure

What is patch management? It is basically like giving your computer a super-powered shield 🛡️ . Software companies release patches regularly, which are like little fixes for holes in your system's defenses. So how do we do it?

• Identification: Monitoring for vulnerabilities in software and operating systems.

• Prioritization: Assessing and prioritizing patches based on severity and potential impact on security.

• Deployment: Promptly deploying patches to minimize the window of vulnerability.

• Testing: Testing patches in a controlled environment to ensure compatibility and stability.

• Change Management: Managing patch deployment through a formal change management process.

• Monitoring: Continuous monitoring of systems for missing patches and adherence to patch management policies.

• Automation: Streamlining patch management tasks through automation and dedicated tools.

• Backup and Recovery: Maintaining regular backups of critical systems and data as a precautionary measure.

• User Awareness: Educating users about the importance of patch management and their role in maintaining system security.

• Continuous Improvement: Regularly evaluating and optimizing patch management practices to adapt to evolving threats and technologies.

⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️⚫️ ⚫️

🪲🛡️ Antivirus and Anti-Malware Software 🛡️🪲

I’m pretty sure you’re familiar with Antivirus and Anti-Malware Software. Antivirus and anti-malware software are essential cybersecurity tools designed to detect, prevent, and remove malicious software (malware) from computers and networks. Here’s a rundown of what they do:

Detect: Identify known malware using signature-based detection and unknown threats through heuristic analysis.

Prevent: Provide real-time protection by monitoring system activity and scanning files, emails, and web traffic for malware.

Remove: Quarantine or remove detected malware to prevent further damage to the system.

Update: Regularly update malware signatures and program features to stay effective against evolving threats.

Integrate: Work with other security tools to provide comprehensive protection against various malware threats.

ENROLL FOR FREE

And that's a wrap! Remember, knowledge is your shield in the digital age. Stay tuned next week for more ways to outsmart the cyber-shadows. Until then, keep your guard up! 👋 

Could you take our survey? 😊