Sam Grubb - How Cybersecurity Really Works

San Francisco

HOW CYBERSECURITY REALLY WORKS. Copyright 2021 by Sam Grubb.

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

ISBN-13: 978-1-7185-0128-7 (print)

ISBN-13: 978-1-7185-0129-4 (ebook)

Publisher: William Pollock
Executive Editor: Barbara Yien
Production Manager: Rachel Monaghan
Production Editor: Dapinder Dosanjh
Developmental Editor: Frances Saux
Cover Illustrator: Gina Redman
Interior Design: Octopod Studios
Technical Reviewer: Cliff Janzen
Copyeditor: Anne Marie Walker
Compositor: Craig Woods, Happenstance Type-O-Rama
Proofreader: Rachel Head

For information on book distributors or translations, please contact No Starch Press, Inc. directly:
No Starch Press, Inc.
245 8th Street, San Francisco, CA 94103
phone: 1.415.863.9900; info@nostarch.com
www.nostarch.com

Library of Congress Cataloging-in-Publication Data

Names: Grubb, Sam (Cyber security consultant), author.
Title: How cybersecurity really works : a hands-on guide for total
beginners / Sam Grubb.
Description: San Francisco : No Starch Press, 2021. | Includes index.
Identifiers: LCCN 2021004423 (print) | LCCN 2021004424 (ebook) | ISBN
9781718501287 (paperback) | ISBN 9781718501294 (ebook)
Subjects: LCSH: Computer security. | Computer crimes--Prevention. |
Computer networks--Security measures.
Classification: LCC QA76.9.A25 G78 2021 (print) | LCC QA76.9.A25 (ebook)
| DDC 005.8--dc23
LC record available at https://lccn.loc.gov/2021004423
LC ebook record available at https://lccn.loc.gov/2021004424

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

To Shannon and Elliott, whose love and constant support gives me the confidence to do more than I ever imagined.

Sam Grubb is a cybersecurity consultant and education advocate, as well as a former teacher, librarian, sandwich artist, and military helmet researcher. He currently works with companies and healthcare providers to ensure they are meeting both security and compliance needs. He believes nothing is too difficult to learn; you just need the right teacher. He enjoys reading, writing, and staying as far away from arithmetic as possible. He lives in Arkansas with his wife, son, two cats, and two dogs.

Since the early days of Commodore PET and VIC-20, technology has been a constant companion to Cliff Janzenand sometimes an obsession! Cliff is grateful to have the opportunity to work with and learn from some of the best people in the industry, including S am and the fine people at No Starch Press. Cliff spends a majority of his workday managing and mentoring a great team of security professionals, striving to stay technically relevant by tackling everything from security policy reviews and penetration testing to incident response. He feels lucky to have a career that is also his favorite hobby and a wife who supports him.

Look at any major news source and youre bound to find a story or two about recent cyberattacks. Whether its a new scam spreading across the internet, hospitals or other organizations targeted with ransomware, or even elections disrupted by other countries, adversaries try to circumvent cybersecurity in many ways. You might find these attacks of interest but think they dont have much to do with you. However, as cyberattacks become increasingly common, attackers no longer focus exclusively on big corporations. Theyve begun to target everyday individuals. As a result, you can no longer afford to just read about cybersecurity; its a daily skill you need to learn and practice.

If youve struggled and searched to learn about cybersecurity without first cultivating a deep technical background, look no further: this book is perfect for those who have no background in security, or even computers for that matter.

I created this book to fill a gap. Few resources exist for those who want to understand more than just the basics of computer engineering or administration but arent trying to become full-fledged cybersecurity professionals. Its designed to cover a wide range of topics across the core cybersecurity concepts. Cybersecurity is a vast field with lots of deep valleys that you can easily get lost in. Think of this book as a helicopter tour; youll fly over those valleys to get an idea of where you might explore next.

To provide this overview, this book focuses on how black hats operate and the sorts of attacks that exist. At its core, cybersecurity is about defending against threats, both physical and logical, to technical assets. By focusing on what black hats attempt to do, well link threats to the vulnerabilities that cause them and controls that protect against them.

The only way to learn cybersecurity concepts is to practice them. To that end, every chapter ends with an exercise that helps you apply the concepts you just learned. These exercises are designed to be completed at home and provide some insight into what you can do to make sure your systems are secure every day. They focus on the core concepts while providing practical knowledge you can use when implementing cybersecurity.

The exercises in this book assume youre using the Windows or macOS operating system, because of their widespread use by people and organizations worldwide. To follow along, youll need at least a Windows 10 or macOS X system.

Many cybersecurity professionals and tools use Linux-based operating systems instead. Although this book doesnt cover Linux, with a little research you can easily translate many of the concepts explained in the exercises to a Linux system. If you want to pursue cybersecurity further after reading this book, I encourage you to learn about Linux by using resources like Linux Basics for Hackers by OccupyTheWeb (No Starch Press, 2019).

This book is for anyone whos interested in cybersecurity but isnt entirely sure what cybersecurity means. That includes people without technical backgrounds, although if youre just beginning your technical career or are a new computer science student interested in cybersecurity, this book is definitely a great place to start. The intended audience also includes business leaders, account managers, sales and marketing professionals, or any hobbyist who might want to understand why cybersecurity is so important and what it encompasses.