Chat Now

X

hi
Have a question?

Chat with a live agent now.

Need help?

XNo thanks

9 Essential Cyber Security Tools and Techniques

By DeVry University

January 10, 2024
5 min read

If you’re considering a career in cyber security, it's a good idea to develop a firm understanding of the industry terminology as well as many of the cyber security tools and techniques that are used to defend networks, systems and data against cyberattacks, including:

#image

Firewalls

If you've spent any time around IT professionals or even just watched a sci-fi film, you've probably heard about tools for cyber security called firewalls. Firewalls are security systems within networks that monitor the flow of both incoming and outgoing data. They evaluate the data moving along their borders and use a set of predetermined rules to decide what data can and cannot pass through the barrier.

There are a variety of different firewall types, but the 3 most common are:

  • Packet filter: This is the original and most basic type of firewall that cyber security professionals deploy. It inspects packets transferred between computers and permits or denies access based on an access control list. This list tells the firewall what packets need to be investigated and what information should result in a file rejection or deletion. These firewalls are older and cannot fully secure a network on their own, but they are still useful for filtering out low effort cyberattacks.

  • Connection tracking: Connection tracking firewalls, also known as second generation firewalls, perform work in a way that is similar to first generation packet filters. They perform a similar type of packet inspection, but also record the port number each IP address is using to send and receive information. This allows the exchange of data to be examined in addition to the packet content.

  • Application/layer 7: Application firewalls are significantly more powerful than connection tracking or packet filter firewalls. They are capable of understanding various applications such as file transfer protocol (FTP), hypertext transfer protocol (HTTP) and domain name system (DNS). This enables them to recognize non-standard ports or unwanted applications. These are also useful on the internet thanks to their ability to perform web filtering.

Anti-Malware Software

Anti-malware is a type of software-based cyber security tool that prevents malware (malicious software) from infecting a computer and removes existing malware from devices and systems. There are 3 common types of anti-malware software, each with its own method for identifying and removing malware:

 

  • Behavior-based detection: This is a powerful type of software that implements technology like machine learning algorithms to identify malware through an active approach. Instead of examining how the malware looks, it focuses on how it behaves in order to stamp it out more quickly.

  • Sandboxing: Sandboxing is a feature that places dangerous software in an isolated location. It can filter files out before they can cause damage to the system at large. Once isolated, the anti-malware can delete the dangerous software.

  • Signature-based detection: Signature-based detection is most useful for eliminating common malware such as adware and keyloggers. It uses signature detection to identify common malware and delete it. Once it has eliminated a piece of malware, it will remove all types of malware bearing that same signature automatically.

Take the next step in your cyber security journey.

Anti-Virus Software

Anti-virus software is another one of the tools for cyber security that many computer users are likely to be familiar with. It’s generally recommended that everyone install some sort of anti-virus software on their devices  to keep dangerous software from infecting it.

Currently, the most powerful anti-virus software is called “next-gen software.” It has been in use since 2014 and is known by a shift toward signature-less detection. This type of anti-virus software may implement machine learning such as artificial intelligence, behavioral detection and cloud-based file detonation into its programming.

Cyber security professionals need to keep up to date on the latest developments in anti-virus software to protect the companies they work for. Because viruses are constantly evolving, it’s essential that companies are aware of the most effective, cutting-edge anti-virus technology and make upgrades to existing  software when it becomes available.

Penetration Testing

Penetration testing is a cyber security technique that simulates a cyberattack on a system. This may also be known as a pen test or ethical hacking. The test is designed to identify weaknesses within a system and determine the likelihood of a breach. It also helps cyber security professionals determine which parts of the system are strongest and do not currently require improvement.

To perform a penetration test, the ethical hacker will typically go through 6 different phases:

  1. Reconnaissance: The cyber security professional gathers data on the system to better attack it. These tests are usually performed by someone who is not intimately familiar with the system to better simulate a realistic breach scenario.

  2. Scanning: The attacker deploys tools that scan the network and open ports, further increasing the amount they know about the network.

  3. Access gain: The hacker uses the data gathered from the previous 2 phases to break into the network. This could be performed manually or with software.

  4. Access maintenance: Once they have broken into the network, the penetration tester needs to try and maintain their presence within the network to steal as much data as possible.

  5. Evidence removal: After gathering the data and making their escape, the tester covers their tracks to ensure that they cannot be implicated for the attack. This is done by removing evidence on what data was gathered and eliminating log events to maintain anonymity.

  6. Pivoting: Pivoting involves breaking into other machines on the same network. This process repeats steps 2 through 5 to obtain additional data.

Once completed, the ethical hacker compiles a report on how they were able to break into the system. The network administrator or cyber security professionals at the company who owns the network will then use this information to bolster the network's defenses.
 

Penetration testers typically use cyber security tools like Kali Linux, an open-source Linux distribution, as well as Metasploit, Intruder and Core Impact.

Password Auditing and Packet Sniffers

Cyber security professionals use specialized tools to evaluate passwords and monitor networks. They know that weak passwords can jeopardize an entire network and  the critical data that it manages. Using password auditing techniques, system administrators and analysts can monitor passwords and determine their strength against hacking attempts.

  • John the Ripper is a tool used to test the strength of passwords quickly and efficiently, to minimize the likelihood of a weak password putting a network at risk.

  • Hashcat is a password-cracking tool used by penetration testers and system administrators. Password hashing is a method of protecting passwords by converting them into a series of random characters, known as a hash (this process is different from encryption, which is used to conceal information). The software essentially guesses a password, hashes it and compares the hash to the one it’s trying to crack.

A packet sniffer, also known as a packet analyzer, protocol analyzer or network analyzer, is a hardware or software tool used to monitor network traffic. 

  • Wireshark is a console-based cyber security tool (previously known as Ethereal) used to study network protocols and analyze network security in real time.

  • Tcpdump is a network data packet-sniffing program used by cyber security pros to monitor and log TCP (Transmission Control Protocol) and IP (Internet Protocol) traffic that passes across a computer network.

  • Snort is an open-source intrusion protection system that can be used as a packet sniffer (like tcpdump), as a packet logger, or as a fully deployed network intrusion prevention system. This program can be downloaded and configured for either business or personal use.

Network Security Monitoring

Through the use of network monitoring software, administrators can determine if a network is running optimally and proactively identify deficiencies. Network monitoring provides a clear picture of all the connected devices on a network, allowing system administrators to see how data is moving between them and quickly correct any flaws that could undermine network performance or lead to outages.

Types of network monitoring protocols include:

  • SNMP: The Simple Network Management Protocol uses a call and response system to check the status of devices such as switches and printers, and can be used to monitor system status and configuration.

  • ICMP: Routers, servers and other network devices use the Internet Control Message Protocol to send IP operations information and generate messages when devices fail.

  • Cisco Discover Protocol: This protocol facilitates management of Cisco devices by discovering them, determining how they are configured and allowing systems using different network-layer protocols to learn about one another.

  • ThousandEyes Synthetics: An internet-aware synthetic monitoring system that detects modern networked application performance issues.

Vulnerability Scanners

Vulnerability scanners help organizations determine what cyber security threats they may be facing as a result of vulnerabilities detected across their IT infrastructure. Organizations often use multiple vulnerability scanners to ensure they are getting a clear assessment of threats. A sampling of these cyber security tools includes:

  • Acunetix: This web vulnerability scanner features advanced crawling technology that enables it to uncover vulnerabilities to search every type of web page, even pages that are password protected.

  • Nessus: Downloaded more than 2 million times worldwide, Nessus provides thorough coverage and scans for more than 59,000 common vulnerabilities and exposures (CVEs).

  • Burp Suite: With multiple scanning, integration and reporting features, Burp Suite is a vulnerability scanner that integrates with bug tracking systems like Jira and is frequently updated.

  • GFI Languard:  A vulnerability scanner for network and web applications that can automatically deploy patches across operating systems, web browsers and third-party applications.

  • Tripwire IP360: A scalable vulnerability scanning tool that can scan an organization’s total environment, including previously-undetected assets.

Network Intrusion Detection

To improve protection against malicious IP traffic on their networks, organizations often use intrusion detection and protection systems (IDPS) to safeguard against threats that may penetrate their firewalls. Intrusion detection systems (IDS) use software to automate the detection process and intrusion protection systems (IPS) use software to detect and attempt to deter potential data breaches. Once a malicious pattern or violation is detected, the IDS alerts the system administrators so they may take appropriate action. The IPS analyzes IP traffic and blocks malicious traffic, thereby preventing an attack.

According to the National Institute of Standards and Technology (NIST), there are 4 classifications of IDPS technologies:

  • Network-based: These IDPS technologies monitor network traffic for particular network segments or devices and analyze the network and application protocol activity to identify suspicious activities.

  • Wireless: Wireless IDPS technologies monitor and analyze traffic on wireless networks to identify suspicious activity involving wireless networking protocols.

  • Network behavior analysis (NBA): NBA examines network traffic to identify threats generating unusual traffic flows, such as distributed denial of service (DDoS) attacks or certain forms of malware.

  • Host-based: Host-based IDPS technologies monitor the characteristics of a single host (a PC or server, for example) and the events occurring within that host for suspicious activity.

Encryption Tools

Playing an essential role in safeguarding data that is stored or transmitted, encryption is a process that scrambles readable text so it can only be read by the person who has the decryption key. Vast amounts of personal information – bank accounts, credit card profiles, health records and more – are managed online and stored in the cloud or on servers connected to the internet.

Encryption scrambles readable text it into an unreadable format called cypher text. When the intended recipient opens the message, the information is decrypted, or converted back into its readable form. To make this happen, the sender and recipient both have to use an encryption key, which is a collection of algorithms that do the scrambling and unscrambling.

Examples of encryption algorithms in use today include:

  • Triple DES: Strengthening the original DES (Data Encryption Standard), which was established in 1977 and is now considered too weak to protect sensitive data, Triple DES runs encryption 3 times – encrypting, decrypting and encrypting again.

  • RSA: Taking its name from the initials of its 3 computer scientist inventors (Rivest, Shamir and Adleman), RSA uses a strong and widely used algorithm for encryption. It is popular because of its key length and commonly used for secure data transmission.

  • Advanced Encryption Standard (AES): Used worldwide, AES has been the U.S. government standard since 2002.

  • TwoFish: This free encryption software is used in hardware and software. It is considered to be one of the fastest encryption algorithms.

Does Cyber Security Use Hardware or Software?

Cyber security professionals use a combination of both hardware and software to build security. While a good portion of their work does include the use of cyber security tools like anti-virus software or firewalls, using the correct type of hardware to build networks and infrastructure is important, too. Just as they make recommendations for new security software upgrades, a cyber security professional can recommend that a company upgrade its hardware if it’s incapable of supporting the software.

Learn Cyber Security Tools and Techniques at DeVry

If you’re interested in learning how to utilize cyber security tools and techniques to combat cybercrime, we can help. Our Undergraduate Cyber Security Certificate Program  is a great way to get started, or to upskill if you’re already working. Or if you’re looking to learn cyber security techniques in a full-length degree program, our Associate in Cybersecurity and NetworkingBachelor’s Specialization in Cyber Security Programming or Bachelor’s Specialization in Cyber Security can a can help you develop more advanced skills in programming and cyber security. Classes start soon.

Classes start every 8 weeks
Request info

Filter blog post category

Related Posts