DON'T GET A CYBERSECURITY DEGREE

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay okay okay are you ready to watch some clickbait if you're ready to watch some clickbait i'm ready to make some clickbait so let's jump in so anyways i got a lot of questions from the viewers the followers out there and one of the big ones is eli eli should i get a cyber security degree i've heard cyber security is the cool thing and i want to jump on in should i get a cyber security degree and most of the time i tell people no if you're asking me that question the answer for you is no now to be clear it's not that nobody should get a cyber security degree i'm sure there's a lot of people out there that should get a cyber security degree the difference between them and you they're not asking me at that question and that's an important thing to understand right a lot of folks don't understand that cyber security is a specialization in the tech sector and so basically you should have a good idea of what's going on overall within your segment of technology before you get into the specialization of doing something like cyber security so one of the things that i argue is you should go learn to code you should learn to code and once you learn to code and once you learn systems and once you learn all of these things then if you want to get into the whole cyber security world then that would be a good idea and so i've been thinking about this because i'm currently working on uh on this little note about that this little project for silicon do you silicon dosa was reopening the the in person environment was a actually this wednesday it's going to open anyways i'm trying to figure out like little classes little things that people can do in order to learn how technology works and so i am working on this uh kind of like analytics dashboard an intrusion detection dashboard that somebody could create so one of the things that i think about is you know if somebody gets into my environment so let's say one of these zimbabwean hackers oops is this working now oh come on now uh let's say a zimbabwean hacker right uh is able to get into my environment one of the things that i'm concerned about is he's gonna pull out his little raspberry pie with end map on it and the first thing that he is going to do is he is going to do a really nasty ping sweep uh so basically what ping sweep does is you know you ping all of the ip addresses within a subnet and you see who the hell responds to you and then when somebody responds to you you then try to attack the hell out of them so one of the first one of the first steps that you're going to do when you're going to try to compromise an infrastructure is generally do a ping sweep so one of my questions is one of my questions this is that if i know a ping sweep is the the initial component to an attack how can i detect that a ping sweep is occurring on my infrastructure and then if i can detect that a ping sweep is occurring on my infrastructure then can i do something uh with that information to trigger events trigger firewalls to close trigger sms's to get sent out or you know whatever so basically what i've done is i've created this little little crappy php app that shows me what this does is it shows me uh the hackers are basically the people that have pinged uh this particular linux server so i have linux running in a virtual box here so my little virtual box linux here and basically whenever anybody pings that particular server i'm able to grab the ip address they ping from and i'm able to count how many times that somebody is pinged so 192.168.1.13 has pinged the server nine times five has pinged it sixteen uh 56 times and 14 has pinged it 16 times and this is the latest the hackers the latest people to have tried to ping my server if i go over to another computer and i start pinging we will see this will all get updated uh in real time and so this is a way that i can see uh in real time uh basically who is trying to to do something to this particular server now what's interesting about this is i'm just doing a ping request right now again my concern at the moment is that we are doing ping sweeps uh but the cool thing about this is this is actually parsing a values coming out of something called tcp dump and so i could i could see if somebody is trying to ssh into this particular box i can see if people are trying to ftp into this particular box i can see all of those different things and so again when you're thinking about creating something like a honeypot or whatever you you spin up a server on your infrastructure you call it really important server and then you see who tries to ssh to it into it and then again again imagine you have a dashboard like this and instead of pings basically ping uh request uh this says how who's tried to ssh into the server if you see like one count or two counts of people trying to ssh into the server you know maybe that makes sense if you start seeing 10 or 20 counts of somebody trying to ssh into the server then you probably want to track that ip address and figure out what the hell is going on because you most likely have a nefarious zimbabwean hacker on your infrastructure so anyways right so this this is the situation that i'm thinking about again as as a technology professional one of my questions is how can i be alerted in real time near real time to issues going on in my infrastructure uh and then try to to respond to that somehow and so this is kind of a little project that i've created uh just as a simple way to demonstrate how this can be done and again what i'm showing you right now is is ping ping requests right but again that's an important thing right why why is somebody trying to ping this anonymous server on your infrastructure inquiry minds would like to know but again you can do this for ssh you can do this for a lot of different things and the interesting thing is if you know how to code if you know how to code all of this all of this that we're looking at right now these are simply variable values these are actually in an array but these are simply variable values and again once you concern something into a variable value then you can start you know manipulating that variable value and then doing things based off of that if somebody pings uh you know the server over 50 times then i can use the twilio api in order uh to send me an sms message but you have to understand how all of this kind of stuff works and again that's my that's my concern with all the people that are trying to get into cyber security they want to get into cyber security i mean that actually understanding technology so let's explain this a little bit all right let's go over and diagram a little bit about what's going on right here so basically what i have going on right here is i have my little linux box so currently i have a linux box running in a virtual machine um and on that linux box what is what's happening is i have a piece of software or a uh oh an app i suppose uh an app uh called tcp dump right and so basically what tcp dump is doing right now is tcp dump is dumping into a dump file right so there's a dump file essentially called dump file.txt and with tcp dump what this does is this takes all of the network communication that is currently occurring on this particular linux machine so if we go over here we pull up my linux machine oops wherever the hell it is we log in to my linux machine um i can show you tcp dump right so we've got a clear screen here so i do sudo tcp dump i'll hit enter and basically this is all the communication that is currently going on with my little linux machine you can see some ip addresses in there you can see some domain gateway stuff so you see a whole bunch of stuff this is in real time how how this particular computer is communicating and this this has almost all of the information there again if somebody tried to request ssh if somebody try to get into ftp they have all of that kind of stuff there which makes it really cool and really useful uh the thing is the thing is right when it is uh oh when it's simply in a terminal like this i really can't do a whole hell of a lot with it so what we're going to do is we what we do is call pipe you're going to pipe all of that information into a text file so basically i've created this in real time goes over sends this information into a text file and then what i do is i have a php script right and that php script that then reads uh from the dump file and based off of some if else's and some other things that's what then prints out my little web page that shows me the attackers and the stats and everything else and so the interesting thing here is basically i'm taking this off the shelf product that is with analytics dumping the output into the text file and then being able to parse that with php and so why this gets complicated is you know you have to know what you're looking for so again i'm i'm concerned about you know people coming in with nmap having them do ping sweeps so i have to know what nmap is i have to know what ping sweeps are i have to know why this is a concern to my infrastructure i then have to be able to spin up a linux server i then have to understand you know how tcp dump works and what it actually is able to provide i then have to understand how to be able to pipe that data out into something like a text file i then need some kind of um programming language a php or or python or whatever else to then be able to basically be able to parse this dump file so i need to know what's in this dump file to the degree where i can actually have the code read it and then i need to be able to figure out a way to then spit out that information into something that is actually useful for me now for this this is a very simple project here all i'm doing is dumping out to a web page but again uh i could have this trigger an api call this is php here or we'll show i'll show it to you in a second there's if else statements there so one of the things i could say is if the count of something is above 50 we're gonna make an api call to twilio and then send down an sms message look at all this code crap that you need to you need to know what the hell is going on and this is one of the reasons that i get concerned by so many people that want to go into you know cyber security is because so many times with you know people want to go into cyber security they see the the cool stuff the bells the wins the whistles the the lazy james bond i suppose you know they don't think about configurations and you know ownerships and permissions and tcp dumps and that kind of stuff anyways let's go over and actually take a look at this code for a little bit so again so what i have right now is uh i have oh i have tcp dump uh so sudo tcp dump uh this this has a x port to a human readable an ascii text file because it can come out in hex or it can come out and ascii do you know the difference between hex and ascii is again big question there uh what it's going to do is go into output and it outputs to this crappy name called test files fi test files 5.txt because i'm still uh playing around with it so anyways so it's pumping it out right now and we can't see anything on the screen because it's just not there uh if we go over i think text edit uh this is this is what is actually getting pumped out in the file uh so this is oh this is all of the information that um tcp dump pumps out right so i p address this you know says who's talking to what it gives different ip addresses gives acknowledgements gives all kinds of interesting information in here um and so what you're going to have to do is we're going to have to go through all of this and grab the information that we actually care about so that's where we go over and we take a look at the code right so this is the actual code uh that gives us our fancy little uh dynamic webpage that we have going on here uh so the first thing that i have going on uh up at the top here uh is i have this in html and this is a very simple way to basically auto or refresh the page uh every five seconds so that's where if we go uh we see see how that little blue bar every five seconds goes by and basically that's what that gives us the whole dynamic updating component so basically just auto refreshes itself and then we'll see all of the numbers change around and that's just a simple way to do the auto refresh we then go into php then we're going to create an array so we're going to have the array um what this is going to do is we're going to use the file function and so that file that we've created from tcp dump we are going to turn that into an array so so every oh every line uh in that file is going to become one value in the array i'm then going to reverse sort the array uh so this will be chronicle chronological order initially you know from start to end so we want to actually see end to start so we can see the latest things that are occurring and i'm going to create another array called a the attacker array so i can dump information into this attacker array and pull out things such as the count how many times uh somebody has actually tried to compromise my little box we're then going to go through i'm going to step through this first array so this first array is the is every single line from that test files uh 5.txt file so from that we're going to create the value or the variable line so each line is going to go into variable line and then we're going to say if if the line so string position allows you to see if if a word is in a line right and so we're going to look for a request so basically uh what this does is if you go through when you look at the uh tcp dump uh anytime anybody's trying to do like the ping there's the request this is one thing you have to think about when you're coding this might not be perfect i'm gonna have to tweak this at the end there may be other things that do the request but anyways what this does is it says okay if the line that we're currently looking at has request in it then what i want you to do is then we're going to do is we're going to try to grab out the ip address so these next lines of code grab out the ip address so instead of having a big old nasty line we want the ip address so we're going to do this uh this match basically we are going to look for anything with from ip all the way to uh that little arrow thing uh from line and we're going to dump it into a result we're then going to implode a result um then what we're going to do so basically this this result is now going to be another array we are going to uh basically kill the array uh we're then going to so it's now a string we're now going to left trim from what what we have uh the ip away so i p space is going to go away and we're going to right trim from it this little uh thingy that is going to go away and then we're going to push the value that we have now so we have a result we are now going to push that into the attacker array so then we're going to have that third array and the third array so we're going to do some cool things like count so um here what we're going to do is we're going to create a variable count and then array count values is going to go through and it's going to count um all the values in the array so basically you with the array there's 192.168.1.5 and then there's like 20 of these and then you know 30 of these and you know nine of these or whatever else and so what this is going to do is it's going to come back with an array of a named key of the ip address and then give me the count of how many times that i p address has tried to ping the server essentially uh this just prints out this this information uh onto the screen so we can actually see so we have like titles and that type of thing uh and then we're going to come down here and so four each so we're going to loop through uh this this array that we've counted uh for each account as key value so this is a named key array that's an important thing so you're going to print out the key and then the value so what this is the attack stats so the attack stats we're going to print out the array key and then we're going to print out the value which is the number of times uh that has shown up in that particular array uh we're going to go down here so this is basically all printed in a table to make this nice and easy to read we're going to go down here we're going to print the latest attackers then we're going to say four each and we're going to take that attacker array that we we had and we're going to slice it so we only want the last 10. so again having this be like the latest attacker is right if if we didn't limit this somehow this list would just go on and on and on and on forever so i just want to limit this to like the last 10. and so in order to do that we use array slice so array slice from space 0 to space 10 so basically grab only those and then as key value and then we're going to simply print out the value and then that's going to print out these so as it goes through it prints out those again if i go over here i ping the other ping from another box uh we'll see see it then updates and so what's at the bottom that disappears you know then you know as it comes in we can see the latest you know quote-unquote attackers that are trying to compromise uh this particular little box and so this is this is so so that's a deadly eeny meeny weeny this is amy meanwheel this is eeny meeny weeny the type of thing that i would try to teach at silicon dojo to basically people that are vaguely interested in what is the hell is going on but i want you to think about all the stuff that you have to understand to create a project this idiotically simple you have to understand networking you have to understand a bit of protocols you have to understand how to build your own server you have to understand how to how to use linux tools or other types of tools and dump their information into things like text files once they're in the text file you then have to think about how you're going to parse that text file how you're going to grab the information out of the text file once you've grabbed way too much information out of text file then you have to trim down to the exact thing that you're actually looking for and then pass that you need to do all the code blase blase blasting past this like one of the things that you could do one of the things i may do with this just to play around with it is you can then dump those values into a database so right now everything's getting dumped in that big ass text file big ass text files or a pain in the ass to deal with so what i could have is i could have a phcp script and grab out these values and then dump them into a database once in a database that's a much more stable robust way of storing these types of data you have to think about about data cleanup again if i have tcp dump and this thing is running for days and days and days and weeks and weeks and weeks at some point it's going to take up all the resources of this little linux box and one of the questions is how do i clean out that little log file that little dump file that i'm creating how is that actually going to occur again if i want to create this and make it more sophisticated again doing doing things like using uh twilio or sendgrid to send out an sms or send out an email to people i could have this actually do things such as send commands to some of my networking equipment or basically send a command into some kind of file somewhere else that the networking equipment could read so again imagine oh imagine with this if something just starts pinging the hell out of the network a lot for some reason you know in this particular instance uh if i was using like linux based network equipment um you know ip tables or something like that one of the interesting things is i could just i could just turn on a firewall and try to shut down all communication between that particular box and the external world to try to segregate it and compartmentalize it to make sure that we don't have any other problems depending on my networking infrastructure depending on the the software firewalls that i'm using they could all theoretically be reading from some kind of blacklist and as soon as an ip address shows up in that blacklist all of them could reconfigure the their ufw firewalls or such in order to block any communication so imagine imagine you have oh let's see um imagine if you have you know uh 10 servers right so you got a lot of servers so you got your uh oops let's see you got your apache server or if you're one of the cool per people you have engine engine x or whatever you've engine x server oh you have your my sequel server you have some ftp some data store servers maybe you even have an active directory server right right and so let's say that zimbabwean hacker you know they sneak into your infrastructure they start using nmap they start doing a ping sweep and so let's say whatever it is that you're looking for ping or ssh or anything else let's say one server is is the current target of the attack right so let's say they're trying to use ssh into your web server and they are not supposed to do it so when they try to ssh the the apache server that can get dumped into a log file that log file can then be parsed and then it can say uh oh you know 192.168.1.55 is trying to ssh into my apache server so one i want to turn on my firewall for the apache server to no longer respond to 192.168.1.55 because we think he's an attacker then and not only that but currently the attack is against the apache server at any time these attacks could be turned against the my sequel the ftp the active directory server so again if you have some kind of routine where the information can be shared then you go oh okay we all see what this person is doing so i'm going to put firewall i'm going to do the firewall i'm going to do the firewall and then that's a way to segregate this particular user on the network um so there you go you follow along oh boys and girls um you know this is this is some of the things that you need to be thinking about again if you are going to be a real cyber security expert and be a real one i real again a lot of people think i'm like anti-cyber scary no no we need real anti-cyber security experts we don't need more people that just have a piece of paper and that's it and the thing is to be a real cyber security expert in the modern world you need to know how to code you need to know how to deal with databases you need to know how to deal with these systems you need to know how the systems are used in the real world you need to be able to think creatively like an attacker to try to figure out what would be the signals that an attacker is on the network you need to be able to grab again log files that's that's a cool thing nowadays right a lot of people like when they try to code stuff they think they have to reinvent the wheel the reality is is that there is a hell of a lot of software already out there that does exactly what you need that what all you have to do is you just have to be able to basically pull the values coming out of that software into something like a text file so that you can parse it right you do not have to reinvent tcp don't use tcp dump and then take uh the data that's pulled out of tcp dump in order to do the auto configurations on things like firewalls and intrusion detection systems all of that kind of stuff but those are all the kinds of stuff that you really have to think about and you have to know about and why i get really concerned about people trying to get into the whole cyber security world is there's this it's kind of like there's this idea that it's that it's that it's easy right you know again that's a funny that's what i love when people say oh i don't want to learn how to code elon i love technology i love technology eli uh i've wanted to do technology all my life i'm like okay great learn to code well i don't like to code and i think that's one of my big concerns is right there's a lot of people out there a lot of people they love technology but then they look at like some degree in coding or whatever else something that's very code intensive and they go oh i can't do that that's too intimidating and then and then you got the slick one you got the slick sales people hey hey little computer geek do you want to be a do you want to be you know worth a lot of money in the computer world do you do you want to have a respect and responsibility in the computer world but you don't really want to know how to do this coding stuff yeah i do well all you have to do is sign away a hundred thousand dollars and we'll get you a cyber security degree and then you come out with a cyber security degree what do you actually know right if you have a code or if you know how to code if you know how to deal with real technology the rest of this stuff is a hell of a lot easier if you simply know cyber security i know penetration testing great you know do you know how to build a server i think about it uh i was talking with a police officer once and i got my degree in criminal justice and again this was one of the gut checks in life oh the gut check i'm trying to give you folks anyways i was talking this police officer years ago after i got my criminal justice degree and i told him that i got a criminal justice degree and i still remember him looking at me and saying why and i was like what and he said well if you got a degree in anything else if you got a degree in chemistry if you got a degree in computer science if you got a degree in anything else please the agencies and police organizations will hire you all they care about is that you have a four or four year degree but here's the thing if you get a degree in it or chemistry or something else and you decide not to be a cop then you have a degree that allows you to do something else if you get a degree in criminal justice and you decide not to be a cop it's really actually not that valuable and i think that's one of the things i think about a lot with cyber security is like if you really know infrastructure if you know coding if you know data science if you know that you can figure out cyber security you'll be fine learn a little bit of this learn a little bit of that you'll be fine with cybersecurity if you know cyber security like i know a lot of people do yeah you're not necessarily gonna get a job as a coder not necessarily gonna get a job and infrastructure you might get a help desk position so that's just you know some real world things some stuff that i'm working on trying to make a little click big hey we all know we all know my youtube channel is dead my youtube channel i i have a million subscribers on a dead youtube channel anyways i got i got a i gotta milk that somehow gotta milk that at that little uh that little youtube youtube earnings channel somehow so that's it so what do you think about this am i out of my mind am i out of my mind no eli no eli cyber security professionals don't know need to know how to parse things and don't be ridiculous no you like cyber security professionals don't need to understand how infrastructure works ridiculous don't you understand we get paid because we have a piece of paper are you going to make that argument are you going to make that argument to me i don't know make it make it down below again if you like what i do if you like all the things that i actually am doing um you know there's a little donor box link down below you can click on that throw a couple of dollars in we do the tech hours you do tech office hours um usually tuesdays and thursdays um and that's where we do the zoom meetings actually have people come on have conversations and all that and then also silicon dojo is actually opening up don't tell anybody don't tell the wrong people silicon dosa wednesday wednesday we're opening up for actual office hours one to five i'm slowly going to be building up a curriculum and so this is a real hands-on physical education classroom that i've created here in asheville i'm currently working on a curriculum trying to figure out how to teach things again you know creating a product right you have an idea and then you actually have to create the product and so for me it's creating classes so that's why i'm working through some of the stuff trying to figure out again trying to figure out interesting things to do that show people the importance of things so uh you know think about signing up for the meet up on that too if you're in the asheville area you can show up play around with stuff and uh and with that and with that i will go that will go so anyways some things to ponder some things to ponder just to think about this when you think about wanting to be in cyber security and asking yourself if you are going for a cyber security degree what are you learning what problem are you actually solving
Info
Channel: Eli the Computer Guy
Views: 30,772
Rating: undefined out of 5
Keywords: Eli, the, Computer, Guy, Repair, Networking, Tech, IT, Startup, Arduino, iot
Id: egEbwx6Op98
Channel Id: undefined
Length: 29min 37sec (1777 seconds)
Published: Fri Oct 15 2021
Related Videos
DNS for Cybersecurity
Eli the Computer Guy
127K
Honeypot Introduction (Cyber Security Series)
Eli the Computer Guy
17K
Entry-level Cybersecurity Careers. A Dilemma.
Grant Collins
176K
The AI Cybersecurity future is here
David Bombal
152K
5 Fastest Online COMPUTER Degrees for Busy Adults
College Hacked
7K
The worst place to park in Canada: Parking ticket traps, unfair tickets (CBC Marketplace)
CBC News
4.3M
cybersecurity degrees - are they worthless?
Grant Collins
36K
Cybersecurity Architecture: Who Are You? Identity and Access Management
IBM Technology
115K
Is a Cyber Security Degree Worth it? (My Tips)
Colin Kelly
200K
Tour of A Hacker's Backpack (My EDC)
Cole Kraten
2M
What is a Subnet Mask
Eli the Computer Guy
15K
Layered Security Introduction (Cyber Security Part 4)
Eli the Computer Guy
8.8K
Cybersecurity is a great career. (even when it's challenging)
Grant Collins
98K
Cybersecurity IDR: Incident Detection & Response | Google Cybersecurity Certificate
Google Career Certificates
72K
When money isn’t real: the $10,000 experiment | Adam Carroll | TEDxLondonBusinessSchool
TEDx Talks
6.1M
Introduction to Networking
Eli the Computer Guy
2.1M
Why I'm a Millionaire (as a millionaire)
TechLead
1.2M
I graduated university with a Cybersecurity Degree, what's next?
Grant Collins
37K
Cybersecurity Architecture: Endpoints Are the IT Front Door - Guard Them
IBM Technology
54K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.