Second Term Reflection

What does a Cybersecurity student study? Niram.org estimates this 1182 word blog will take 6 minutes to read.
Posted by Ewan Taylor on July 24, 2022

Now that I have completed my first year, having come into it with no prior cybersecurity experience, here’s an overview what the second term in Abertay entailed.
Term 1 reflection can be found here.

(If you are worried about your skillset not matching your passion for IT, don't worry - it can be overcome!)

So what modules/classes did I have this term?

There were no online modules this semester meaning my timetable consisted of three in-person modules; 'Introduction to Security', 'Networking 1' and 'Software Design'.

Introduction to Security

A module that really does to what it says on the tin! It, erm ... provides an introduction to many broad aspects of security! This module provided a whistlestop tour of some of the important concepts that all security practitioners encounter in their career; Malware, Open-source intelligence (OSINT), Data protection and security laws (e.g., Computer Misuse Act, GPDR), Digital Forensics, Cryptography, IoT, Brief overview of course and Password vulnerabilities.

Every week would cover a new area of security, with lectures on the topic and practical tasks where we used pieces of software to experiment with these concepts first hand. This would consist of us trialling password-cracking software for example on virtual computers via Azure Labs. Azure Labs funnily enough runs on Microsoft's Azure Cloud infrastructure and provides a virtual safe space for us to experiment with various software related to content being covered in this module. In Lehman's terms - it means if we break something, we haven't caused any damage as everything we have done can be reversed in a click of a button. This module also contained a group presentation, where we investigated the UK and another country’s security laws and a bigger individual project where we were to conduct a practical . It can't be understated how indispensable it is to know computer security laws! Particularly when you are trying to forge a career within IT. You need to know what is legal and illegal, to ensure you don't overstep the line and can identify when individuals/organisations break the law (whether on purpose or accidental) and potentially prevent harm being caused.

Why did you choose Steganography for your project?

I may look back on this blog post in the future and should steganography be a route I specialise in, pinpoint to it all starting with this project!
We were given a blank canvas for our security project, it was designed to be a practical investigation, that was small enough to be completed in the given timeframe, whilst containing enough research and learning opportunity for it to be deemed suitable by our lecturers.
To give you a flavour of the wide range of topics we were suggested to research (because many of us did not have an initial idea for our projects) included; creating a rudimentary DRM application, the decryption process and password hashing algorithms (among many others)! After all, the world of security encompasses a vast array of topics - so there is no shortage of potential projects!
Steganography, personally is something I find fascinating. I always enjoyed the 'Droste effect', where a picture can have another picture within it (hiding in plain sight).
I was keen to explore how much data could be stored in different file types, without impacting the functionality of the file the data is being hidden in (this file is called the carrier file).
I was particularly keen to see what file types would work best, considering how prevalent PDF files are shared on the internet - how easy would it be to store information within PDFs.
The implications this could have on intelligence agencies also piqued my curiosity, as trying to find the correct PDF online would be akin to finding a needle in a haystack! If you want to read more into my project, click here!

Computer Networking

Networking is fundamental within IT. How data is sent from one device defines how computers are used! Any conversation I had with industry professionals at Securi-Tay X re-enforced this (even if this isn't the field you are working in). There are 50 billion devices out there, with the overwhelming majority of these wanting to send and retrieve data via a range of networks!
Then we add into the mix that we are sending data to different devices, which may be on different networks, using different operating systems, with varying internet speeds! So there needs to be a range of protocols to ensure we can send the data we want, so that the data can be received by who we want in the format in which we sent it! How effective is a device that can't send and receive information at all, or isn't configured to do either?
Not very effective I hear you say? Exactly! Also, understanding how data is sent and potentially intercepted is a security concern which may lead to data leaks - so it is vital to develop a thorough understand of this topic! We delved into data is packaged up and sent as packets across a network, and how data doesn't immediately reach its target destination. It is a series of smaller jumps, where at each jump the next place, the packet needs to go is update.

To sum this up in an analogy, think of the device sending the data as the station you get on a bus. Sadly, when sending packets across a network it doesn't often go straight to the desired destination.
The way packets travel across a Wide Area Network, is akin to getting on a series of busses to eventually get to your destination. Imagine asking each bus driver "I need to get here, what stop do I get off at?”, with the driver telling you where your next immediate destination is within your journey" (and then repeating this process several times). This is similar to a packet of data being forwarded to the next place it needs to go (called the next hop).

This module looked in-depth at the TCP/IP and OSI models and how packets of data are sent from one node to another node. We looked at the functions of different pieces of hardware during this journey and how packets of data are prepared when being sent out and how they are translated by the device at the packet's desired destination.
We looked at IP address calculation, subnetting, Python Socket Programming and how to build a smaller network (and make sure they are configured appropriately!).hat we covered
We built networks according to various briefs given to us using Cisco Packet Tracer and used Wireshark so that we can begin analysing network traffic to further our understanding of how what communication looks like between nodes and servers across a network.
Personally, I made my first foray into the world of Python when we looked at Python Socket Programming. We built a server that functioned as a calculator and a word checker, to bolster our knowledge of how clients and servers interact with each other on a network we have built.
A very important module for me to do, certainly the module I found myself with the least prior knowledge. With a bigger learning curve comes greater challenge, but this is where I ensure the lectures were given plenty of questions (more than usual) to help get me up to speed! Although, if I knew everything that I needed to know I wouldn’t need to study at Abertay to develop the knowledge required to forge career within Cybersecurity!

Software Design

This course followed on from Introduction to C++, which I covered in this blog. What the course covered, what were the challenges and what did you enjoy the most.

For someone who enjoys designing solutions using C++, this module was extremely enjoyable! We looked more into Object-Orientated Programming (OOP) and the process of building and planning larger C++ projects.
We explored inheritance, classes, objects, constructors, pointers and public vs private variables (and the advantages and disadvantages to both). This module involved more complex coding tasks that in CMP 104 (Introduction to C++) and therefore required us to further delve into the logic behind our code and look for solutions and algorithms that efficiently solve the briefs we are given.
This is where we investigated UML (Unified Modelling Language) to provide a visual representation of what our C++ solutions will work. This is where you show how variables will (or won't) be linked and whether classes inherit properties from other classes in a diagram. An advantage of this is that it allows your solution to be more thought out prior to writing any lines of code.
It is much less painful to find out your idea won't work during the planning phase on a UML diagram instead of halfway through coding your project! (of course, not many people enjoy planning out their ideas and prefer to go head first, coding away furiously!)

For our project, we had to design a Darts simulator where we had two players play darts against each other a certain number of times - with our software providing information about each player's performance and the frequency of each player winning (and by what score line).
On the surface, this seems straight forward – you may have seen darts being played and it is just two people throwing darts at a dartboard, right? But think about how you would tell a computer what the rules are, how scoring works and perhaps most importantly - how do you store what has happened so far and whether a player has been successful (and if they haven't been successful, then what?)
This module also briefly looked at databases and writing various queries using SQL. This was a very brief tour of SQL, but something I will visit in future years of this course. When our paths meet again, I will provide a more detailed explanation on this topic.