Introduction to Cyber Security
Cyber Security refers to the practice of protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks, damage, or unauthorized access.
Importance of Cyber Security
- Protection of sensitive data: Prevents unauthorized access to personal and organizational data
- Business continuity: Ensures uninterrupted operation of business processes
- Regulatory compliance: Meets legal and regulatory requirements
- Reputation management: Maintains trust with customers and stakeholders
- Financial protection: Prevents financial losses from cyber attacks
Cyber Security Domains
- Network Security
- Application Security
- Information Security
- Operational Security
- Disaster Recovery
- End-user Education
Cyber Security Principles
These fundamental principles form the foundation of effective cyber security practices.
CIA Triad
- Confidentiality: Ensuring that information is accessible only to authorized individuals
- Integrity: Maintaining the accuracy and completeness of data
- Availability: Ensuring that systems and data are accessible when needed
Additional Security Principles
- Authentication: Verifying the identity of users
- Authorization: Granting appropriate access rights
- Non-repudiation: Preventing denial of involvement in communication
- Accountability: Tracking user actions and access
Exam Tip: The CIA Triad is fundamental to information security. Be prepared to explain each component with examples.
Cyber Security Threats
Cyber threats are potential dangers that can exploit vulnerabilities in computer systems.
Types of Cyber Threats
| Threat Type | Description | Examples |
|---|---|---|
| External Threats | Originate from outside the organization | Hackers, Cyber criminals |
| Internal Threats | Originate from within the organization | Disgruntled employees, Human error |
| Structured Threats | Organized attacks with specific objectives | Organized crime, State-sponsored attacks |
| Unstructured Threats | Random attacks without specific targets | Script kiddies, Amateur hackers |
Warning: Internal threats are often more dangerous than external ones because insiders already have some level of access to systems.
Common Cyber Attacks
Cyber attacks are deliberate attempts to breach information systems.
Major Types of Cyber Attacks
- Phishing: Fraudulent attempts to obtain sensitive information
- DDoS Attacks: Overwhelming systems with traffic to disrupt service
- Man-in-the-Middle: Intercepting communication between two parties
- SQL Injection: Injecting malicious code into database queries
- Zero-day Exploits: Attacks on undiscovered vulnerabilities
- Cross-site Scripting (XSS): Injecting malicious scripts into web pages
- Social Engineering: Manipulating people to divulge confidential information
Attack Prevention Measures
- Regular software updates and patches
- Strong password policies
- Employee security awareness training
- Network monitoring and intrusion detection
- Data encryption
- Multi-factor authentication
Malware Types
Malware (malicious software) is any software intentionally designed to cause damage to computers, servers, or networks.
Common Malware Categories
| Malware Type | Description | Characteristics |
|---|---|---|
| Virus | Self-replicating code that attaches to clean files | Requires user action, spreads slowly |
| Worm | Standalone malware that replicates itself | Spreads rapidly without user action |
| Trojan Horse | Disguised as legitimate software | Does not replicate, creates backdoors |
| Ransomware | Encrypts files and demands payment | Financial motivation, causes operational disruption |
| Spyware | Secretly monitors user activity | Steals information, privacy invasion |
| Adware | Displays unwanted advertisements | Annoying but less dangerous |
Note: The key difference between viruses and worms is that viruses require human action to spread, while worms can spread automatically.
Cryptography
Cryptography is the practice of secure communication in the presence of adversaries.
Cryptography Concepts
- Plaintext: Original readable message
- Ciphertext: Encrypted unreadable message
- Encryption: Process of converting plaintext to ciphertext
- Decryption: Process of converting ciphertext to plaintext
- Key: Secret value used for encryption and decryption
- Algorithm: Mathematical procedure for encryption/decryption
Types of Cryptography
| Symmetric Cryptography | Asymmetric Cryptography |
|---|---|
| Single key for both encryption and decryption | Two different keys: public and private |
| Faster processing | Slower processing |
| Key distribution problem | No key distribution problem |
| Examples: AES, DES, 3DES | Examples: RSA, DSA, ECC |
Encryption Algorithms
Encryption algorithms are mathematical procedures used to transform data into unreadable format.
Symmetric Key Algorithms
- DES (Data Encryption Standard): 56-bit key, now considered insecure
- 3DES (Triple DES): Applies DES three times with different keys
- AES (Advanced Encryption Standard): 128, 192, or 256-bit keys, current standard
- Blowfish: Fast, unpatented, variable key length
Asymmetric Key Algorithms
- RSA (Rivest-Shamir-Adleman): Based on factorization of large numbers
- DSA (Digital Signature Algorithm): Used for digital signatures
- ECC (Elliptic Curve Cryptography): Provides same security with smaller keys
- Diffie-Hellman: Used for secure key exchange
Exam Tip: Understand the differences between symmetric and asymmetric cryptography and when each is appropriate to use.
Network Security
Network security involves measures to protect the usability, reliability, integrity, and safety of network infrastructure.
Network Security Components
- Firewalls: Control incoming and outgoing network traffic
- Intrusion Detection Systems (IDS): Monitor networks for malicious activities
- Intrusion Prevention Systems (IPS): Actively block detected threats
- Virtual Private Networks (VPN): Secure remote access to networks
- Access Control Lists (ACL): Define permissions for network resources
Defense in Depth Strategy
Multiple layers of security controls are placed throughout an information system to provide redundant protection.
- Physical Security
- Network Security
- Application Security
- Data Security
- User Awareness Training
Security Protocols
Security protocols are established procedures for securely transmitting data over networks.
Common Security Protocols
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
Provides secure communication between web browsers and servers. Used for HTTPS.
IPSec (Internet Protocol Security)
Protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet.
SSH (Secure Shell)
Network protocol for operating network services securely over an unsecured network.
PGP (Pretty Good Privacy)
Data encryption and decryption program that provides cryptographic privacy and authentication.
Note: SSL is the older version and has known vulnerabilities. TLS is the modern, more secure replacement.
Firewalls and IDS
Firewalls and Intrusion Detection Systems are critical components of network security.
Types of Firewalls
- Packet Filtering Firewall: Examines packets and blocks based on rules
- Stateful Inspection Firewall: Tracks the state of network connections
- Application-level Gateway: Works at application layer of OSI model
- Next-generation Firewall: Integrated with other security features
IDS vs IPS
| Intrusion Detection System (IDS) | Intrusion Prevention System (IPS) |
|---|---|
| Monitors and detects threats | Monitors, detects, and prevents threats |
| Passive approach | Active approach |
| Alerts administrators | Automatically blocks threats |
| Out-of-band deployment | In-line deployment |
Authentication Methods
Authentication is the process of verifying the identity of a user, process, or device.
Authentication Factors
- Something you know: Passwords, PINs, security questions
- Something you have: Smart cards, security tokens, mobile devices
- Something you are: Biometrics (fingerprint, retina, face recognition)
- Somewhere you are: Location-based authentication
- Something you do: Behavioral biometrics
Multi-factor Authentication (MFA)
Using two or more authentication factors for enhanced security.
Common MFA Examples
- Password + SMS code
- Password + biometric scan
- Smart card + PIN
- Mobile app approval + fingerprint
Exam Tip: Remember that multi-factor authentication significantly improves security compared to single-factor authentication.
Cyber Laws and Regulations
Cyber laws are legal frameworks that govern digital activities and address cyber crimes.
Important Cyber Laws in India
- Information Technology Act, 2000: Primary law dealing with cyber crime and electronic commerce
- IT Amendment Act, 2008: Updated provisions for data protection and cyber terrorism
- Personal Data Protection Bill: Proposed legislation for data privacy
Key Provisions of IT Act
- Legal recognition of electronic records and digital signatures
- Penalties for cyber crimes like hacking, data theft
- Regulation of certifying authorities
- Establishment of Cyber Appellate Tribunal
Important: Section 66 of IT Act deals with computer-related offenses with punishment up to 3 years imprisonment or fine up to ₹5 lakhs.