Kanso Tech

Hardware is the physical part; it is that one that we can touch.That's is probably the simplest way to understand it, because it makes it simple to relate with the things around us. You should probably have a smartphone, a notebook, a tablet, or even had already see that blue cable (maybe other colors) in your company or in your home. But what is the importance of knowing hardware for cybersecurity? Sooner or later you will get yourself studying OSI Model. The initial troubleshooting will probably be related to checking if the computer is working, if the cable is connected or even if the computer is even turned on.

Maybe you could ask me what about the Cloud; if there is nothing physical anymore, there is not much sense on worring about it. But have you ever thought about what is the Cloud? The difference between On Premisse and the Cloud is on the location. You may probably never touch a cable or never see a router face to face, but the knowledge about what they are and how they work will certainly give you a clearer vision about how these things work, even you will only access them remotely, using a terminal.

Beyond these details, if you, just like me, have the curiosity of not just be a user, and get yourself in touch with programming languages, sooner or later you will need some hardware knowledge, even it is just to put your mind into computer's place, to think about the better way to write an algorithm and solve your problems.

The understanding of the physical part, beyond of helping you learn the whole communication path, will let you go deeper in so many areas. When we thing about cybersecurity, sometimes what go to our mind is somebody on a chair, typing commands on some software, but it is also possible to attach, and so to defend, the physical part. Theres is also a premise that there is no security it the attacker can get physical access. It is possible to get a console using a data communication port, be it serial or parallel, and even create a console port, making a jump on the board's router, getting a terminal access. This is also possible to hack a car, a computer and so many other devices. Or you could use the hardware in a simpler way, getting a SBC (Single Board Computer, like a Raspberry Pi), and using it hidden under a desk, with malicious intentions, as a rogue access point.

Speaking about computers, we could quote, as some basic components, the CPU, the memories (like RAM or hard drives) and input/output devices, like serial and parallel ports, the keyboard, network devices and even the little mouse. Routers, switches, servers and also your pocket smartphone, are all computers. Understand how they work will help you to search for points of failure, to attack and defend, in your path through cybersecurity.

Do you want to go back to the Cloud? Ok. One of the improvements on programming languages has been the concern about memory allocation, to avoid the so called buffer overflow attacks. If you never heard about it, in the simplest way to explain, is you put more data in a memory space that it was predicted by the programmer. You burst the predicted allocated space, getting access to other memory spaces, that could take you to getting a remote shell, for example. Is this a logical thing? Yes, but running on a physical device, physically connected to the network and other devices, changing information, possibly inside a public cloud.

I read a text, probably more than 20 years ago, that explained that the better professional to design a safe was the thief. The explanation is very simple: he is the only one that knows every possible way to break into it. Every possible ways: logical and physical.