This repository contains materials, solutions, and a project description for the Network and Cyber Security course at Innopolis University. The course covers five hands-on labs and a comprehensive project, providing practical experience in core cybersecurity domains, from security compliance to DevSecOps. Each lab focuses on a specific area to deepen your understanding of key concepts and practices.
- Lab 1: Security Compliance
- Lab 2: Threat Modeling
- Lab 3: Endpoint Security (EDR/SIEM)
- Lab 4: Web Security
- Lab 5: DevSecOps
- Project: Comprehensive Cybersecurity Implementation
Objective:
Understand and analyze security regulations related to sensitive data handling (e.g., personal or financial data).
Key Activities:
- Review regulations such as GDPR, Federal Law 152-FZ, PCI DSS, and Bank of Russia Regulation No. 719-П.
- Summarize their main requirements and applicability.
- Assess their effectiveness and provide recommendations.
Objective:
Conduct a threat modeling exercise to identify and mitigate security threats within a banking infrastructure.
Key Activities:
- Decompose the system into assets, entry points, and trust levels.
- Use STRIDE methodology to identify potential threats.
- Create Data Flow Diagrams (DFD) and attack trees.
- Assess threats using CVSS and suggest countermeasures.
Objective:
Implement and understand endpoint detection and response (EDR) and security information and event management (SIEM) using Wazuh.
Key Activities:
- Deploy and configure Wazuh for endpoint monitoring.
- Monitor file integrity, detect vulnerabilities, and identify cryptominers.
- Analyze alerts and system behavior using Wazuh's dashboard.
Objective:
Explore and address vulnerabilities in web applications through black-box and white-box testing.
Key Activities:
- Identify vulnerabilities in provided Dockerized web applications.
- Document findings and perform static source code analysis.
- Follow OWASP guidelines to recommend security improvements.
Objective:
Integrate security into the software development lifecycle (SDLC) using DevSecOps principles.
Key Activities:
- Secure CI/CD pipelines with automated security checks.
- Perform vulnerability scans and implement remediation.
- Promote collaboration between development, security, and operations teams.
Objective:
Apply cybersecurity principles to address real-world challenges in areas such as application security, SecOps, or SDLC security.
Key Deliverables:
- Identify and mitigate vulnerabilities in applications or infrastructure.
- Deploy tools and frameworks for secure software development or incident response.
- Provide reports, demonstrations, and a repository for future reference.
Implementation Repository:
Access the Full Project Repository
- Clone this repository:
git clone https://github.com/yourusername/Network-and-Cyber-Security.git cd Network-and-Cyber-Security - Explore the lab folders for detailed materials and solutions.
- Access the Project Repository for comprehensive project details.
This repository represents the collaborative efforts of students from Innopolis University. Special thanks to the instructors and teaching assistants for their support and guidance throughout the course.