Merge, you bastard

Articles/st01_Introduction.md

@@ -0,0 +1,81 @@
+---
+title:  Introduction
+---
+
+# Introduction
+
+(DG: Note,  Far Too Mych Hyperbole)
+
+Cyber Security is a topic that is rarely out of the news, from
+allegations of state sponsored interference in the democratic process,
+data breaches revealing personal data, and high profile "hacks" of
+mobile apps, millions of people are potentially effected daily.
+
+Cyber Security is focused on protecting computer systems, their
+components and the data stored on them from attack, unauthorised
+access or damage.
+
+Unlike physical security, If we wish to protect an asset we could
+build a big wall around it, and have security guards protecting the
+entry points. Cyber security tends to be more nebulous, the nature of
+the threats is constantly evolving, and our strategies for protection
+need to change to deal with these threats.
+
+Having effective Cyber Security reduces the risk of threats to people
+and organisations, either reducing the change that a system will be
+compromised, or the impact of an attack if (or when) the worst happens.
+
+## Why is it important
+
+The cost of Cyber crime is increasing with new threats discovered
+daily, while businesses are a more obvious target, individuals are
+still at risk.  Action fraud had 332,570 incidents worth £706 Million,
+reported in the 6 months between October 2017 and March 2018.
+
+For organisations, privacy laws can lead to significant fines for
+organisations, GDPR, has a maximum fine of ~£17 Million, or 4% of
+annual turnover.
+
+Finally, was the world becomes more "connected", with the rise of web
+enabled "smart" devices, the number of ways we can be attacked is
+growing. While previously we only needed to worry about our desktop
+computer being compromised, now even our fridge, or TV can be a
+target.
+
+## The Three Pillars of Cyber Security
+
+Effective cyber security is based on Three elements,
+
+**People** Human error is still the leading cause of data breaches.
+Educating users on the dangers they face online is an important factor
+in cyber security.  Computer users should be aware of threats such as
+Phishing, The dangers of weak or shard passwords, and how cyber
+attacks happen.
+
+**Processes** in a business, some processes can be counter productive
+to good security.  Simple things like a poor password policy can
+increase the threat (as people are more likely to reuse, or write
+passwords down).  Additionally, at a higher level, strategies to
+identify, mitigate and respond to cyber threats are vital.
+
+**Technology** is another important factor.  Ensuring that your
+software and hardware is resilient to attack. This can include using
+software such as Antivirus or Firewalls, to protect against attack,
+and ensuring that software is secure and up to date.
+
+## Summary
+
+In summary, cyber security is the process of protecting our computer
+based assets against attack.  Good cyber security is not only
+dependent on getting the latest hardware, but also on the people
+using the system understanding the threats and taking steps to avoid
+exposure.
+
+In the next set of topics we will focus on the specific aspects of
+cyber security.
+
+
+# Links 
+
+http://www.infoguardsecurity.com/the-three-pillars-of-cybersecurity/
+

Articles/st03_StateOfThreats.md

@@ -11,22 +11,30 @@ landscape, and discuss the impact of these threats.
 
 # NCSC Business Threats
 
-The NCSC (National Cyber Security Centre) has an [overview](https://live.ncsc.gov.uk/cyberthreat) of the Top
-threats to businesses from 2017.
+The NCSC (National Cyber Security Centre) has an
+[overview](https://www.ncsc.gov.uk/news/annual-review-2018) of the Top
+threats to businesses from 2018.
 
 This highlights the following issues:
 
 ## Ransomware
 
-Ransomware [I think a brief definition would help here]() attacks were the dominant trend. With the well known
+Ransomware attacks were the dominant trend. With the well known
 WannaCry attack affecting machines worldwide and affecting
 organisations such as the NHS, Nissan, Renault and FedEx.
 
+Ransomware is where the attacker is able to take control of the files
+on a system, and restrict the users access to them.  This is usally
+done by encrypting the files on the target.  The victim is then
+required to pay the attacker for the files to be decrypted.
+
 While WannaCry was well publicised, it is also interesting to note
 that less direct ransom based attacks also increased.  Organisations
-were threatened with DDOS (Distributed Denial Of Service) attacks on
-infrastructure, unless a ransom was paid.  It has been calculated that
-DDOS style attacks increased by 91% over 2017.
+were threatened with DDOS (Distributed Denial Of Service, where the
+attacker overwhelms the infrastructure of the target, shutting down
+access to the vicitms servers) attacks on infrastructure, unless a
+ransom was paid.  It has been calculated that DDOS style attacks
+increased by 91% over 2017.
 
 ## Data Breaches
 
@@ -70,9 +78,11 @@ with some form of Phishing).  We will discuss this in a future section.
 With the rise in a "connected lifestyle" (Estimates of > 11 Billion
 "Things" connected by 2018) there have been some major issues with IoT
 devices.  Domestic items like fridges were discovered to be part of
-botnets.  While this kind of attack is relatively new, as the devices
-increases in number and processing power, they represent a significant
-security threat.
+botnets.  (A botnet, is a collection of comprimised computers, which
+can be used as part of a cyberattack such as Denial of Service) While
+this kind of attack is relatively new, as the devices increases in
+number and processing power, they represent a significant security
+threat.
 
 
 # Your task

Articles/st04_KnowYourEnemy.md

@@ -2,17 +2,8 @@
 title: Know your enemy
 ---
 
-Previously we discussed the NCSC report on cyber threats.  In this
-section we examine these threats in more detail, discussing both the
-most common threats to computer security, and where these threats
-originate.
-
-
-# A Threat Taxonomy
-
-First let's discuss the most common types of threat an organisation or individual may face.
-
-## Malware
+We begin this week by outlining the most common types of threat a
+business or individual may face.
 
 Malware is an umbrella term defining any software that is harmful to
 computers.  It's a very broad brush term that covers a wide range of
@@ -23,17 +14,27 @@ this may be initiated by the user (i.e. the user installs a compromised
 version of a legitimate program), or through some other exploit (for
 example, a worm virus that infects computers over the network).
 
+
+
+Below we discuss the common ways security threats such as Malware occour.
+
+## Phishing and Social Engineering
+
+Hackers are like Vampires, and are usually need to be invited into our
+systems.
+
 Having a user install the malware for us is the most common attack
 vector.  Techniques such as Phishing try to trick a user into
 installing the rogue program.  Phishing is a form of social
 engineering where we try to convince the target we are a legitimate
-account, service or person.
+account, service or person, and install the Malware onto their system
+for us.
 
-> NOTE: It is claimed that around 90% of malware installations are due
-> to Phishing.  Personally I take this to include a broad definition
-> of phishing including setting up fake websites or app-stores in the
-> hope of luring people into installing software, rather than the more
-> targeted approach.
+It is claimed that around 90% of malware installations are due to
+Phishing.  Personally I take this to include a broad definition of
+phishing including setting up fake websites or app-stores in the hope
+of luring people into installing software, rather than the more
+targeted approach.
 
 
 ## Web Based attacks
@@ -72,15 +73,19 @@ data breaches.
 
 Web application attacks affect the operation of a website and can lead
 to exploitation or a data breach. Around 30% of data breaches involve
-vulnerabilities in web applications.  Issues with Web applications can
-involve:
+vulnerabilities in web applications.  Issues with Web applications
+that allow an attacker to comprimise can involve:
 
  - SQL (Structured Query Language) injection. Rated the Number 1 threat by OWSAP  (51%)
  - File Includes vulnerabilities    (35%)
  - XSS (Cross Site Scripting).  Places malicious code on the site itself. (9%)
  - Content Management Systems (CMS). Such as WordPress
    - Newly discovered vulnerability affected ~2million sites.
 
+Each of these attacks can lead either to a data breach, where
+information such as user details is revealed, or a full comprimise of
+the server, allwing the attacker to take control.
+
 Another interesting trend in web application attacks is through
 Phishing.  Compromised versions of software plugins have been used to
 gather information about a sites users.  Two examples of organisations

Articles/st10_WhatCanYouFind.md

@@ -17,7 +17,7 @@ addresses and telephone numbers on their homepage.
 
 Let's use Coventry University as an example:
 
-![Staff Directory](Images/CovStaff.png)
+![Staff Directory](Image/CovStaff.png)
 
 Here we can identify:
 

Articles/st23_the_hackers.md

@@ -1,7 +1,7 @@
 ---
 title: The Hackers
 ---
-
+[LD comment: We introduce ‘Worms’ and ‘Trojan’ when highlighting the first two hacking case studies. I think defining these terms could follow the video (taking the definitions from Week 8, Step 34 – Antivirus)]()
 # Paras Jha, Josiah White, Dalton Norman - Mirai
 
 One of the most publicly discussed security incidents of recent years
@@ -59,6 +59,7 @@ distaste for this type of crime."
 https://www.kentonline.co.uk/deal/news/computer-hacker-jailed-860/
 
 # Activity
+[LD comment: The activity is very text heavy and asking the students to do/consider several things. Can we simplify this/make it more concise?]()
 
 Read the articles linked above and decide if you think the sentencing
 in each case is equitable considering the crime committed.  You might

Articles/st24_the_hacked.md

@@ -15,3 +15,14 @@ cases, but the reports are fantastically useful for seeing how real
 security breaches occur and how they are detected and investigated.
 
 https://www.verizon.com/about/news/lifting-lid-cybercrime
+
+Read through one (or more) case studies on the Verizon site, and write
+a short (~500 worlds) report on the breach.
+
+  - What caused the breach in the first place?
+  - What technical aspects did the hackers use?
+  - What kinds of data or information was targetted?
+
+Discuss your findings in the Forum.
+
+[LD comment: Do we want the students to read all 4 stories linked? Is there anything we want them to do with this reading?]()

Articles/st28_XSS.md

@@ -223,7 +223,7 @@ The image below shows the result of this.  The right hand window is a
 HTTP web server listening for the connection. You can see that the
 cookie has been included as part of the Web request.
 
-![Session Jacking with XSS](Image/Xss_ImageCookie.png)
+![Session Jacking with XSS](Image/XSS_ImageCookie.png)
 
 We can now modify our own cookie, using the information that has been
 sent across and become a different user.

Articles/st33_firewalls.md

@@ -13,7 +13,12 @@ device, a piece of software, or a collaboration between multiple
 instances of hardware or software, and that it has subtly different
 meanings and functions in different contexts.
 
-TODO: put a description of what a firewall actualli IS here
+Broadly speaking, all Firewalls monitor and filter network traffic
+based on a set of rules, and acts as a barrier between networks.  The
+firewall can be configured to allow traffic between the *trusted*
+internal network, and the *untrusted* external network. The method of
+filtering depends on the type and capabliites of the firewall, as
+discussed below.
 
 # Types of Firewall
 
@@ -181,5 +186,3 @@ traffic and protection from threats.
 - https://security.ias.edu/deep-packet-inspection-dead-and-heres-why
 <!--  LocalWords:  WAF
  -->
-
-

Articles/st34_Antivirus.md

@@ -1,7 +1,7 @@
 # Malware and Antivirus
 
 "Antivirus" refers to software used to detect and remove malicious
-software, particularly Worms and Viruses.
+software, particularly Worms and Viruses. [LD comment: If we define ‘Worms’, ‘Virus’ and ‘Trojan’ in Week 6, Step 23 – we can remind students of these terms again, or add them to the glossary.]()
 
 This malicious software, known as "malware", can be installed on a system
 in a number of ways and can have many purposes.  Below, we will look at
@@ -13,7 +13,7 @@ have control over your system to be able to use it in attacks on larger
 targets along with potentially thousands of other infected devices. For
 the past few years, the number of infections that result in nothing more
 than the stealing of CPU time for mining cryptocurrencies
-has been growing steadily - hackers are literally stealing your computing power. 
+has been growing steadily - hackers are literally stealing your computing power.
 
 The total number of individual malware strains is difficult to know
 because new ones are discovered regularly, but published detection rates
@@ -37,7 +37,7 @@ itself into other files on your system so that when you send these to
 another party, they too will become infected.
 
 The virus does not spread without transfer of files, just like a
-biological virus requires host cells to replicate. 
+biological virus requires host cells to replicate.
 
 ## Worms
 

Articles/st40_ProtectIndustry.md

@@ -1,16 +1,64 @@
-# Increasing Companies Resiliance to attack
+# Introduction
 
-When it comes to an organisations security thre
+Hopefully, over the course of this module, you will have realised that
+its difficult to give a "set of rules" for security.  The threat
+landscape is continuously, and the types of vulnerability you will be
+exposed to change over time.  However, understanding why cyber
+vulnerabilities happen does offer some protection.  Keeping up to date
+with the latest trends in security can also help you be aware of
+potential threats.
 
-*  Infrastructe checks and audits, Ie pay some pros to do it.
-*  General awareness for staff, Take an IOC course
-* Boad level
-* Understanding that there is no "Majic kit" to save you.
-* Keeping up to date
-* Large Orgs In-House Red / Blue team
-At the exec level A good first place to start is the NCSC 
+This week we look at some general ways of protecting both yourself,
+and organisations from cyber attack.
 
+# Increasing Companies Resilience to attack
 
+The Governments National Cyber Security Centre (NCSC)
+https://www.ncsc.gov.uk/, offers advice on Cyber security for both
+Organisations and Individuals.  There are Guides available on the NCSC
+website on a wide range of security topics.
+
+When it comes to an organisations security, a great place to start is
+the NCSC's Board toolkit
+https://www.ncsc.gov.uk/collection/board-toolkit this offers up to
+date security advice from GCHQ.  Some other suggestions for cyber
+resilience are:
+
+The first is to make sure you have some!, we saw earlier in the course
+that even large organisations have no spend on cyber security.  Not
+taking care of the security of your systems means you are exposing
+yourself to danger.
+
+One step you can take here is to make use of a professional
+penetration testing company to assess the security of your
+infrastructure.  The companies employ hackers to attack your system,
+and provide an assessment of the risk.  While a large organisation may
+have In-House security teams, it can also be worthwhile getting a
+second opinion.
+
+Organisations like OWASP also offer tools to check the security of
+websites, that you can run in-house
+https://www.owasp.org/index.php/Appendix_A:_Testing_Tools.  These are
+not a substitute for professional testing, but can give some
+indication of major risks.
+
+
+Raising staff awareness of the threats is also needed.  As we saw
+earlier, a large number of data breaches happen through social
+engineering and phishing.  Having your staff aware of these problems
+means that they are less likely to accidental "click that link".  CPD
+courses on cyber security are a good start, and it is worth looking at
+the Cyber Essentials course, from
+NCSC. https://www.cyberessentials.ncsc.gov.uk/
+
+Finally, you should consider that, security is hard.  While we can
+take every piece of advice, there can be little protection against a
+determined hacker or zero day vulnerability.  However, having a high
+level of security in your business can make you a less tempting
+target.  Considering the limitations hardware in your system is also
+important.  While Firewalls, and antivirus systems can help, there is
+no "Magic Bullet" for cyber problems. Having a incident response and
+recovery plan, will help protect you if the worst happens.
 
 
 # Links

Articles/st41_ProtectYourself.md

@@ -109,3 +109,4 @@ days for any site that can use encryption, but it doesn't hurt to
 check.
 
 <!-- LocalWords: unencrypted -->
+