BSIT380-T301 System Hardening and Network

In System Hardening and Network Resilience this week, I learned how important it is to respond to incidents quickly to limit the damage caused by cyberattacks. I knew that breaches happen, but I didn't fully understand how structured and organized the response process needs to be before this week. When something bad happens, incident response isn't just about reacting to it. It's also about having a plan in place before anything happens. I really liked the idea that being ready is just as important as finding things. The incident response lifecycle, which includes preparation, detection and analysis, containment, eradication, recovery, and lessons learned, was one of the most important things I learned. The containment phase had a big effect on me. This is when teams move quickly to stop the threat from spreading, like by isolating infected systems or shutting down accounts that have been hacked. I learned how important it is to find a balance between speed and strategy at...

This week really drove home how important automation is in today's cybersecurity work. One of the most important things I learned is that attackers are already using automation to launch network-speed attacks on a large scale. If defenders only use manual processes, they will automatically fall behind. Security Operations Centers (SOCs) use tools like SIEM and SOAR to find, connect, and respond to threats much faster than a person could do it alone. Automation doesn't take the place of analysts, but it does make them better at responding quickly and effectively. I also learned that playbooks and orchestration are very important for making sure that responses are always the same. Instead of responding to each alert in a different way, businesses can set up structured workflows that automatically collect logs, add information, isolate endpoints, or let the right teams know. This cuts down on alert fatigue and makes responding to incidents more consistent. It's important to t...

I learned in Week 7 that proactive threat hunting is an important part of modern cybersecurity because it looks for threats before they can do a lot of damage. Threat hunting is when security teams actively look for strange behavior on networks, systems, and endpoints instead of waiting for automated tools to send them alerts. This method assumes that attackers may already be inside the environment and that regular defenses aren't enough to stop advanced or hidden threats. One important thing I learned this week was how threat hunting works as a planned activity. Usually, it starts with making a guess based on threat intelligence, past attacks, or known methods used by attackers. After that, analysts gather and look at logs, authentication records, network traffic, and endpoint activity to find signs of a breach. I learned that this process depends a lot on human thought and experience, not just tools, because automated systems may not always have the right context to see unusual ...

This week, we learned how data analysis can help us keep an eye on security by not only finding threats but also predicting them. It really showed that modern security isn't just about firewalls; it's also about looking through a lot of data to find the signal in the noise. Here are some important things to remember from the readings and discussion: Sentiment Analysis as Intelligence: Using Natural Language Processing (NLP) for threat intelligence was one of the most interesting ideas. It's crazy to think that we can figure out when hackers will attack by looking at the "tone" of their forums. Since I'm interested in AI, it was cool to see it used to track emotional trends on the dark web. The Whitelisting Problem: We also talked about whitelisting. A "deny-all" approach is the safest way to go, but it makes things very difficult to run in environments that change all the time. It's hard to find a balance between strict security and the need f...

This week made me realize that security isn't just about making the operating system stronger; it's also about protecting everything from the code to the firmware and hardware. My biggest lesson about software was that security needs to be built in from the start, not added on later. That's why it's important to have a good SDLC and follow safe coding practices, like checking input, using the least amount of privilege, and testing early. It also made sense why third-party libraries and tight deadlines can be a problem: one weak spot can become a real vulnerability. I learned why firmware is so important on the hardware side: it controls low-level functions and is found in almost every device, such as servers, embedded systems, and IoT. If firmware isn't kept up to date and managed properly, it can break everything else. I also learned how hardware can help with a "root of trust," which is useful for things like secure boot and checking the system's in...

This week's lessons were about how businesses use layered security controls and countermeasures to keep important infrastructure safe. The idea of air-gapped systems really stuck with me. Firewalls, intrusion detection systems, and endpoint protection are all useful, but they don't protect systems completely because networks and endpoints often need to connect to the outside world in some way. Air-gapping eliminates that risk by keeping systems completely separate from all outside networks, even the Internet. This extreme approach shows how important it is to control attack surfaces, especially for systems that are very important or sensitive, like industrial control systems or important government networks. The readings also made it clear that air-gapping alone is not enough to fix the problem. Chapman and Maymi say that security should depend on a number of different countermeasures working together, like access controls, monitoring, change management, and endpoint hardening...