Cybersecurity Notes

Quick-reference notes for networking, tools, frameworks, and operations.

← Back to Portfolio

Introduction & CIA Triad

  • Confidentiality — only authorized parties access data
  • Integrity — data is accurate and tamper-evident
  • Availability — systems/data are up when needed

Security ≠ only tools. It’s people, process, and technology combined.

Common Threats & Best Practices

  • Phishing & Social Engineering → awareness training, MFA
  • Malware/Ransomware → patching, EDR/AV, least privilege, backups
  • DoS/Network Abuse → rate limiting, firewall policies, monitoring
  • Weak Configurations → secure defaults, hardening baselines
  1. Use strong, unique passwords + 2FA
  2. Keep OS/applications up to date
  3. Back up critical data (3-2-1 rule)
  4. Segment networks; restrict east-west traffic

IPv4 Addressing & Subnetting (Quick Guide)

IPv4 format: four octets, e.g., 192.168.2.3. Each octet is 8 bits (0–255).

  • Class A (1.0.0.0–126.0.0.0), default mask /8
  • Class B (128.0.0.0–191.255.0.0), default mask /16
  • Class C (192.0.0.0–223.255.255.0), default mask /24
  • Private ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

Subnet mask defines the network vs host bits. Example /24 = 255.255.255.0.

What does 192.168.2.3/24 mean? Network: 192.168.2.0, Broadcast: 192.168.2.255, Hosts: 192.168.2.1–192.168.2.254.

Design tip: keep management, servers, users, and IoT on separate VLANs/subnets.

pfSense Essentials

  1. Run setup wizard: set WAN (DHCP/PPPoE/Static), LAN, admin password.
  2. Create VLANs & Interfaces: Interfaces → Assignments → VLANs, then add interface IPs.
  3. Firewall Rules: default-deny; allow necessary LAN→WAN; limit inter-VLAN access.
  4. NAT: automatic outbound usually fine; use port forwards sparingly.
  5. Packages: Snort (IDS/IPS), ntopng (traffic visibility).

Backup config: Diagnostics → Backup & Restore.

Snort (IDS/IPS) Basics

  1. Install Snort package on pfSense; enable on selected interfaces.
  2. Choose rule sets (GPL/ET Open); enable Auto-Update.
  3. Start in IDS (alert-only) mode; review alerts for false positives.
  4. Gradually enable IPS (block mode) on high-confidence rules.
  5. Tune: suppress noisy SIDs; add local rules as needed.

ntopng Traffic Analytics

  • Visualize top talkers, protocols, flows, and hosts.
  • Drill down by interface/VLAN; set alerts for abnormal spikes.
  • Use host reputation data to flag risky destinations.

Splunk Basics (SOC View)

  • Ingest firewall, auth, and server logs.
  • Create dashboards for failed logins, traffic anomalies, and changes.
  • Schedule alerts; document runbooks for common incidents.

ISO 27001 in Practice (Short)

  • ISMS Scope → define boundaries & assets.
  • Risk Assessment → identify, analyze, treat risks.
  • Annex A Controls → select and justify in SoA.
  • Policies & Procedures → access, backup, crypto, etc.
  • Internal Audit & Continual Improvement.

Keep evidence: asset inventory, risk register, training logs, change records.

Incident Response (NIST-ish)

  1. Prepare — contacts, tools, baselines
  2. Identify — triage alerts, verify incident
  3. Contain — isolate hosts/VLANs, block IOCs
  4. Eradicate — remove malware, fix root cause
  5. Recover — restore, monitor for relapse
  6. Lessons — update playbooks, controls

Business Continuity (BCP) & Disaster Recovery (DRP)

  • BIA — identify critical processes and tolerances
  • RTO/RPO — recovery time/point objectives
  • DR Runbooks — step-by-step system restores
  • Testing — tabletop → technical failover

CEH Study Plan (Quick Roadmap)

  1. Networking & Linux/Windows fundamentals refresh
  2. Recon, scanning, enumeration; web app basics
  3. Exploits & payloads (in a lab), post-exploitation
  4. Defensive mapping: how blue teams detect each step
  5. Practice: TryHackMe rooms + notes → flashcards

Keep all lab notes in this page or a linked repo for quick review.