Unit 1: History of Network Security, Vulnerabilities and Approaches
In this first unit, we were introduced to the topic, discussing best practices and how network security plays a crucial role in the modern landscape.
Network Security
This module focused on the security risks associated with programming, future trends in secure software development and software architecture.
Unit 2: Advanced Persistent Threats: Applying the Cyber Kill Chain Model to a Case Study
For this unit, we looked at the Cyber Kill Chain model proposed by Lockheed Martin, a framework that outlines the stages of a cyberattack by breaking down an attack into sequential phases. We revisited such model and applied it to the interesting case study was the SolarWinds attack, orchestrated by hackers believed to be directed by the Russian intelligence service, the SVR, was a massive cyberattack against America. Attackers compromised SolarWinds' Orion network management system by injecting malicious code into routine software updates. This constituted a sophisticated supply chain attack which worked by bait-and-switch and included novel techniques such as mimicking Orion communication protocols to evade detection.
Unit 3: Vulnerability Assessments
In this unit, we looked at Vulnerability Assessments, which involve various approaches to uncover seciruty weaknesses. Penetration testing (pen-testing) actively attempts to breach IT systems using adversary tactics to assess technical risk. It can be opaque (black-box) with minimal information or transparent (white-box) with extensive knowledge, and may be scenario-driven to find vulnerabilities or test detection capabilities. Fuzz testing specifically targets protocol vulnerabilities by sending malformed inputs to trigger errors. Organisations also conduct internal vulnerability assessments to identify and manage ongoing risks. Analysing results requires a structured report that details findings and assigns severity ratings. Crucially, the organisation retains ownership of risk assessment and solution decisions, not the testing team. Discovered vulnerabilities, especially new ones, demand investigation into how they were missed. Solutions may involve patching, removing unused software, or implementing other controls. For severe incidents like the SolarWinds hack, forensic analysis to secure evidence, collect logs, and trace attack origins is critical, even while attackers might still be present
This week, we also submitted or first assignment which consited in a baseline analysis and plan for a vulnerability audit and assessment.
Unit 4: Breach Analysis and Mitigation
For this unit, we reviewd and evaluated security breaches by using the notions learned though the previous parts of this module, alongside with the suit of tools in the Kali Linux distribution for security assessment and testing.
We also focused our collaborative discussion on the topic of logging, with a focus on its impact on the library Log4j 2. A link to my contribution can be found below.
Unit 5: Logging, Forensics and Future Trends
In this unit, we expanded upon the notions of loggind and forensics. Focusing on the differences between logging on different systems and the important tools used. Furthermore, the collaborative discussion on the topic was furhtered by peer responses.
Unit 6: The Future of the Internet and Generative AI
For the final unit, we reviewed and brought together what we learned during the module. The main question for this unit was "what is the future of the internet?", a question which requires us to consider many layers of the topic, from technical to social, to legal to the privacy challanges, to the AI debate.
I found interesting the debate surrounding AI, and especially the Topic 3 track:
It is our belief that generative AI has the potential to streamline network security operations by automating routine tasks such as threat detection and response, freeing up human resources to focus on more complex security challenges and strategic planning.
Generative AI is poised to revolutionise network security operations by automating fundamental tasks, thereby enhancing efficiency and bolstering defences. This technology excels at analysing vast datasets to identify anomalies and patterns indicative of cyber threats that might elude traditional detection methods. By learning the baseline of normal network behaviour, generative AI can rapidly flag deviations that may signify a security incident. This capability automates real-time threat detection, allowing for a more proactive security posture. Furthermore, generative AI streamlines incident response by automating the creation of playbooks and recommending mitigation strategies. It can prioritise alerts based on potential impact, reducing alert fatigue for security analysts. This automation of routine and time-consuming tasks frees up human cybersecurity professionals to concentrate on more complex and strategic challenges. Instead of being mired in manual data analysis and initial incident response, security teams can focus on sophisticated threat hunting, in-depth investigations, and long-term security planning. Ultimately, by handling the high-volume, repetitive work, generative AI empowers human experts to apply their skills more effectively, leading to a more resilient and intelligent security infrastructure.
This week we also submitted our second and third assignments, which consisted respectively in the vulnerability assessment and plan which was planned for the first submission, and in an individual reflective piece.