Network Security Success Guide (part A)

Back

Related to the class administration..

"What is this? Where is that?"

A lot of the class discussion goes on in Piazza. The files are generally in NYU Classes. If you're reading this now, it's far likely that a lot of the lab assignments are very inclusive. Meaning you don't have to download much, other than the lecture slides and occasional save states like pcaps.

"I need help with something basic."

As a reminder, there is a session or two at the very beginning of the semester. If you (all) ask, you will (all) receive. If you're struggling a lot, try to take a step back and think about what is being asked of you.

"I need help with something advance."

Use the TA's office hours before using professor's office hours. There are definitely some challenging assignments.

"I am getting a 404 with going to the vlab."

Check that it's a NYU address, we don't use the Poly address anymore.

"Something isn't working with the virtual lab OS."

Ask the TA to see if reimaging is needed. Or re-image as needed. Maybe you just need a 10-minute break.

"The virtual lab is slow."

Patience.

"The virtual lab keeps repeating a character over and over again."

Be really patience. Sometimes it lags. Hit the delete / backspace key once. Give it a second or two. Try again.

"Backtrack? Kali? I only have.."

When I took the class, we used Backtrack. I've heard from much older students that they had to build their own lab. You are likely using Kali or some variants. All of the tools needed to do the homework assignments should already be in there.

"The FTP doesn't work."

I know. It's pretty finicky. The only way around this, when I took it, was to write down the code twice. Good practice anyway.

"Tip regarding doing assignment on the virtual lab?"

Absolutely plan for cases where it might crash on you. Do the work early. If it starts bugging out on you and you're doing the assignment a day before deadline, you're in trouble.

"Can I use creative methods instead?"

Depends on what is meant by creative. If cheating, obviously not. But if you are actually creative, this will serve you well in your cybersecurity career. The best answer is, do the homework within the parameter because the professor is trying to teach something foundational.

The reason I mention the cheating thing is because some students struggle with the basics, then look around and find something else that solves the problem. They have a surface level understanding of what they found and want to use that instead of what's provided. It's not very helpful if you don't understand the basics.

If you understand everything, do whatever you want.

"I am getting a "command not found" error."

If you're getting this, you're likely asked to elevate your privilege level in the assignment, either by using sudo or su or some variants of it. Check that first.

"Writing?"

A common complaint might be on the tedium of writing. If there are two experts of equal skills, then the one that can communicate manages the one that can't. Writing is one aspect of this.

Another reason is because it's absolutely important to keep track of where the most likely targets are next on a macro level (big picture perspective). The news is one of the best way to know. For example, as of this writing, cryptocurrencies like Bitcoin is all the rage. 1 Bitcoin is about $17,000 USD.

By following this, you ask yourself a whole bunch of questions that will help you make better decision. "What is Bitcoin and why is it so popular?" "What did Warren Buffet say about Bitcoin?" (I'm telling to look this one up. You may be surprised by his response.)

Then you delve into the more technical aspect of it. "What weaknesses do cryptocurrencies have? Do they all share this weakness or is it just a design weakness limited to only that currency?" "What kind of attacks are they subject to?" "Is it scalable?" "Why are we doing this to ourselves?"

These are common questions with serious impact on decision-makers and you, if you plan on working in the cybersecurity industry one day. These are also questions that don't always have an answer.

I'll give you an example of this. Let's suppose you are wondering how this might impact your organization. Your users regularly use Facebook at work and you allow it because you're nice or it's your company's preferred method of communication. Whatever the reason, your eye caught this report: Browser-Based Cryptocurrency Mining Makes Unexpected Return from the Dead

You found this from reading one of your favorite news site. Say, this one: Cryptocurrency-Mining Malware Targets Facebook Messenger Users. So now, you start reading and panic. What do you do? Do you immediately mount a company campaign to stop users from using Facebook? No, the right answer is you take this class.

By finishing this class, you should have at least enough knowledge to follow along when a security engineer at your team says that they've developed a software that stops this backdoor miner. (The short immediate answer is that stopping users from using Facebook won't really help, as they can just as easily move to another ad network. They being the users and malwares moving to companies like Google. You've plugged one hole with your finger instead of actually patching it up.)