Cybersecurity for Beginners

So full disclosure that I've known Raef for a number of years as a colleague and friend. That fact makes it harder for me to be unbiased about this book compared to a work written by an author that I've never met. That said, I feel that this book is an excellent resource. What sets Raef's coverage apart from others in my opinion is two things: 1) the clarity/transparency of the writing and 2) the case studies that he uses to illustrate the points he makes.First, Raef does an excellent job of making difficult concepts easy to understand through *how* he writes. He's able to write in a manner that is both conversational and approachable, but that doesn't "talk down" to the reader. Moreover, he is careful to ground the topics he covers in "real world" examples that help to explain why the reader should care.This book covers quite a bit of ground: from fundamental security concepts to more advanced and technical topics. For a non-practitioner with an interest in security, this is the perfect introduction. It gives them the fundamentals supported by real-world evidence of why they matter. For the beginning practitioner, this provides a fantastic starting point as it serves as a sort of "gateway" to the security community. A new or more junior practitioner can directly "springboard" from this work into areas where they might need to do more detailed research for their particular job. This book lays out in detail the fundamental concepts that they need to understand to approach that material.All in all a great resource.

Let's consider a few recent examples to better illustrate the universe of cyber warfare. Perhaps the most famous is the Stuxnet worm, which was discovered in 2010 and was considered teh most sophisticated piece of malware ever revealed, until a virus know as Flame, discovered in 2012, claimed that title. Designed to affect a particular type of industrial control system that ran on Windows oeprating system, Stuxnet was discovered to have infiltrated the monitoring systems of Iran's Natanz nuclear-enrichment facility, causing centrifuges to abruptly speed up or slow down to the point of self-destruction while simultaneously disabling the alarm systems. Because the Iranian systems were not linked to the Internet, the worm must have been uploaded directly, perhaps unwittingly introduced by a Natanz employee on a USB flash drive. The vulernabilities in the Windows systems were subsequently patched up, but not until after causing some damage to the Iranian nuclear effort, as the Iranian president, Mahmoud Ahmadinejad, admitted.Initial efforts to locate the creators of the worm were inconclusive, though most believed that is target and the level of sophistication pointed to a state-backed effort. Among other reasons, security analysts unpacking the worm (their efforts made possible because Stuxnet had escaped "into the wild" -- that is, beyond the Natanz plant) noticed specific references to dates and bliblical stories in code that woudl be highly symbolic to Israelis. (Others argued that the indicators were far too obvious, and thus false flags.) The resources involved also suggested government production: Experts thought the worm was written by as many as 30 people over several months. And it used an unprecedented number of "zero-day" exploits, malicious computer attacks while exposing vulnerabilities in computer programs that were unknown to the program's creator (in this case, the Windows OS) before the day of the attack, thus leaving zero days to prepare for it. The descovery of one zero-day exploit is considered a rare event-- and exploited information can be sold for hundreds of thousands of dollars on the black market -- so security analysts were stunned to discover that an early variant of Stuxnet took advantage of FIVE.Sure enough, it was revealed in June 2012 that not one but two governments were behind the deployment of the Stuxnet worm. Unnamed Obama administration officials confirmed to the New York Times journalist David E. Sanger that Stuxnet was a joint U.S. and Israeli project design to stall and disrupt the suspected Iranian nuclear-weapons program.In the book The New Digital Age: Transforming Nations, Businesses, and Our Livesby Eric Schmidt and Jared Cohen | Apr 23, 2013For example, when the CENTCOM (US Central Command)Twitter account was compromised for 40 minutes by the Islamic State in January 2015, the motive was not monetary; it was political. The objective was to create discomfort and a sense of insecurity by openly demonstrating a security gap and sending out political messages through it.In the book Cybersecurity for Beginners by Raef Meeuwisse Second Edition published in March 2017According to Norton Anti-virus website, the previous mentioned Flame doesn't make the list of the 8 most amazing viruses ever. Norton's website listed1) CryptoLocker. Released in September 2013, CryptoLocker spread through email attachments and encrypted the user’s files so that they couldn’t access them.The hackers then sent a decryption key in return for a sum of money, usually somewhere from a few hundred pounds up to a couple of grand.2) ILOVEYOU. 2000. The malware was a worm that was downloaded by clicking on an attachment called ‘LOVE-LETTER-FOR-YOU.TXT.vbs’.ILOVEYOU overwrote system files and personal files and spread itself over and over and over again. ILOVEYOU hit headlines around the world and still people clicked on the text—maybe to test if it really was as bad as it was supposed to be. Poking the bear with a stick, to use a metaphor.ILOVEYOU was so effective it actually held the Guinness World Record as the most ‘virulent’ virus of all time. A viral virus, by all accounts. Two young Filipino programmers, Reonel Ramones and Onel de Guzman, were named as the perps but because there were no laws against writing malware, their case was dropped and they went free.3) MyDoom 2004. MyDoom is considered to be the most damaging virus ever released—and with a name like MyDoom would you expect anything less?MyDoom, like ILOVEYOU, is a record-holder and was the fastest-spreading email-based worm ever. MyDoom was an odd one, as it hit tech companies like SCO, Microsoft, and Google with a Distributed Denial of Service attack.25% of infected hosts of the .A version of the virus allegedly hit the SCO website with a boatload of traffic in an attempt to crash its servers.In 2004, roughly somewhere between 16-25% of all emails had been infected by MyDoom.4)Storm Worm. 2006. Storm Worm was a particularly vicious virus that made the rounds in 2006 with a subject line of ‘230 dead as storm batters Europe’. Intrigued, people would open the email and click on a link to the news story and that’s when the problems started.Storm Worm was a Trojan horse that infected computers, sometimes turning them into zombies or bots to continue the spread of the virus and to send a huge amount of spam mail.5) Sasser & Netsky. 2004. Sasser spread through infected computers by scanning random IP addresses and instructing them to download the virus. Netsky was the more familiar email-based worm. Netsky was actually the more viral virus, and caused a huge amount of problems in 2004.6) Anna Kournikova. 2001. Not sure why this one is on the list. The description says it didn't cause much damage, was created as a joke the author turned himself over to the police. Jan De Wit, a 20-year-old Dutch man, wrote the virus as ‘a joke’. The subject was “Here you have, ;0)” with an attached file called AnnaKournikova.jpg.vbs. Anna was pretty harmless and didn’t do much actual damage, though.7) Slammer. 2003. Slammer is the kind of virus that makes it into films, as only a few minutes after infecting its first victim, it was doubling itself every few seconds. 15 minutes in and Slammer had infected half of the servers that essentially ran the internet.The Bank of America’s ATM service crashed, 911 services went down, and flights had to be cancelled because of online errors. Slammer, quite aptly, caused a huge panic as it had effectively managed to crash the internet in 15 quick minutes.As described in a wired magazine article: An inside view of the worm that crashed the Internet in 15 minutes. "Gah!" Owen Maresh almost choked when the Priority 1 alert popped up on his panel of screens just after midnight on Saturday, January 25. Sitting inside Akamai's Network Operations Control Center, the command room for 15,000 high-speed servers stationed around the globe, he had a God's-eye view of the Internet, monitoring its health in real time. His job was to watch for trouble spots and keep Akamai's servers - and the sites of its clients like Ticketmaster and MSNBC - open for business. This was big trouble.The tiny worm hit its first victim at 12:30 am Eastern standard time. The machine - a server running Microsoft SQL - instantly started spewing millions of Slammer clones, targeting computers at random. By 12:33 am, the number of slave servers in Slammer's replicant army was doubling every 8.5 seconds.8) Stuxnet, described above by Cohen in the New Digital Age.

Not a bad book. It just didn't cover the issues we were looking for. Looks like it would be ok for someone who doesen't have many issues with Cyber security. For those who have a minor amount of saavy regarding the issue you might want to look elswhere. Again, it does say Cybersecurity for Beginners. It was well written with limited emphasis on crucial security issues for chronic attack targets.

I love that the author takes such an immensely technical topic and writes it so it's easy for anyone to understand. There's a dictionary in the book and definitions within the chapters explaining what various acronyms mean and how the vocabulary is applied.

Good book for beginners just starting out in the world of cyber security. I probably doubt you would pass any certifications after reading this, but it does include some modern case studies that were really helpful to bringing this very real problem to light.

The book was informative if you know nothing about cyber security. It is very basic. Good for someone that just needs to know the very entry level info, this book isn’t for someone interested in getting into this field.

I learned so much information and events about cyber security that I once never knew! Very helpful for getting into the field. Covers the basics and informative.

The book is very engaging and intelligently written. Raef Meeuwisse is highly credible and he explains with great detail. I highly recommend this book.

Excellent overview of the need for proper corporate organization and procedures. Very interesting case studies.

It's really a nice book. Gives you a high level view of cybersecurity. Case studies of many infamous cyber attacks have been included to make the reader understand in a easy and better way. Worth purchasing.

Libretto divulgativo sulla cybersecurity scritto in modo semplice e comprensibile. Perfetto per chi approccia il tema della sicurezza digitale. Ha un glossario completo e comprensibile, usa case history per analizzare i problemi e come si poteva evitarli. L'ho trovato molto utile.

Very well laid out, well written and in-depth thesis on the various pertinent aspects of getting cybersecurity right. Some books focus on the background, the history, the abstract, some on various aspects of cyber security like penetration testing. This book introduces cybersecurity as a concept, and then goes in-depth enough to every composite part to educate you so you come away with a comprehensive understanding of what good cyber security is from a personal and a business perspective. The format of the book is very good. Very well structured, with good segmentation ensuring you understand each component before the narrative moves forward. Personally I read this as prep for a really in-depth cyber security job interview, and I got the job. I put that success down in part to the contents and format of this book. Also, importantly, it is up-to-date, which is what you need.

Raef gives an excellent introduction to the important topic of CyberSecurity. It is easy to read and has a relaxed style, which gives the reader the ability to understand the concepts and ideas surrounding this topic, which is expanding into a major industry. If you are somebody who is new to the world of Cybersecurity, or somebody who is working/ wants to work as a CyberSecurity professional, then give this book a try. You won't be disappointed.