The document provides an overview of cyber security concepts including definitions of cyber security, hackers, and types of cyber attacks such as web-based attacks, system-based attacks, and common attack methods like phishing, brute force attacks, and denial of service attacks. It also discusses cyber security defenses, tools, and strategies such as firewalls, antivirus software, intrusion detection systems, access controls, encryption, employee training, and security audits. Key terms like ports, IP addresses, port scanning, security operations centers (SOCs), zero-trust models, and ethical hacking are also defined.
2. CYBER SECURITY
DEFINITION
Cyber security is the practice of protecting
computers, servers, mobile devices, electronic
systems, networks, and data from malicious
attacks.
It's also known as information technology
security or electronic information security.
3. CYBER SECURITY
It is made up of two words one is cyber and other is
security.
Cyber is related to the technology which contains
systems, network and programs or data.
Whereas security related to the protection which
includes systems security, network security and
application and information security.
4. HACKERS
People who carry out cyber attacks are generally
regarded as cybercriminals.
Often referred to as bad actors, threat
actors and hackers, they include individuals who
act alone, drawing on their computer skills to
design and execute malicious attacks.
5.
6. Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems
and networks. It uses malicious code to alter computer
code, logic or data and lead to cybercrimes, such as
information and identity theft.
Cyber-attacks can be classified into the following
categories:
1) Web-based attacks
2) System-based attacks
7. Web-based attacks
These are the attacks which occur on a website or web
applications. Some of the important
web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into
a web application to manipulate the and fetch the
required information.
Example- SQL Injection, code Injection, log
Injection, XML Injection etc.
8. Packet Sniffing ?
When any data has to be transmitted over the computer
network, it is broken down into smaller units at the sender’s
node called data packets and reassembled at receiver’s node in
original format.
It is the smallest unit of communication over a computer
network. It is also called a block, a segment, a datagram or a
cell.
The act of capturing data packet across the computer network
is called packet sniffing. It is similar to as wire tapping to a
telephone network. It is mostly used by crackers and
hackers to collect information illegally about network.
9. Message modification:
In this attack, an intruder alters packet header
addresses to direct a message to a different destination
or modify the data on a target machine.
10. Phishing
Phishing is a type of attack which attempts to steal
sensitive information like user login credentials and
credit card number.
It occurs when an attacker is masked as a trustworthy
entity in electronic communication.
11. Brute force
It is a type of attack which uses a trial and error
method. This attack generates a large number of
guesses and validates them to obtain actual data like
user password and personal identification number.
This attack may be used by criminals to crack
encrypted data, or by security analysts to test an
organization's network security.
12. Denial of Service
It is an attack which meant to make a server or
network resource unavailable to the users.
It accomplishes this by flooding the target with traffic
or sending it information that triggers a crash.
It uses the single system and single internet
connection to attack a server.
13. DDOS
In a distributed denial-of-service (DDoS) exploit,
large numbers of compromised systems
(sometimes called a botnet or zombie army) attack a
single target.
14. Dictionary attacks
This type of attack stored the list of a
commonly used password and validated
them to get original password.
15. Man in the middle attacks
It is a type of attack that allows an attacker to
intercepts the connection between client and server
and acts as a bridge between them. Due to this, an
attacker will be able to read, insert and modify the
data in the intercepted connection.
16. System-based attacks
1. Virus
It is a type of malicious software program that spread
throughout the computer files without the knowledge
of a user.
It is a self-replicating malicious computer program
that replicates by inserting copies of itself into other
computer programs when executed.
It can also execute instructions that cause harm to the
system.
17. 2. Worm
It is a type of malware whose primary function is to
replicate itself to spread to uninfected computers.
It works same as the computer virus. Worms often
originate from email attachments that
appear to be from trusted senders.
18. Bots
A bot (short for "robot") is an automated process that
interacts with other network services.
Some bots program run automatically, while others
only execute commands when they receive specific
input. Common examples of bots program are the
crawler, chatroom bots, and malicious bots.
19. CIA Triad
The CIA Triad is actually a security model that has
been developed to help people think about
various parts of IT security.
20. Confidentiality
It's crucial in today's world for people to protect their
sensitive, private information from unauthorized
access.
Protecting confidentiality is dependent on being able
to define and enforce certain access levels for
information.
In some cases, doing this involves separating
information into various collections that are organized
by who needs access to the information and how
sensitive that information actually is - i.e. the amount
of damage suffered if the confidentiality was breached
21. Integrity
Data integrity is what the "I" in CIA Triad stands for
This is an essential component of the CIA Triad and
designed to protect data from deletion or modification
from any unauthorized party, and it ensures that when
an authorized person makes a change that should not
have been made the damage can be reversed.
22. Availability
This is the final component of the CIA Triad and refers
to the actual availability of your data.
Authentication mechanisms, access channels and
systems all have to work properly for the information
they protect and ensure it's available when it is
needed.
23. PENETRATION TEST
A penetration test (pen test) is an authorized
simulated attack performed on a computer system
to evaluate its security.
Penetration testers use the same tools,
techniques, and processes as attackers to find and
demonstrate the business impacts of weaknesses
in a system.
24. What are web vulnerabilities?
Web application vulnerabilities involve a system
flaw or weakness in a web-based application
25. What is Ethical hacking?
Ethical hacking is also known as White hat
Hacking or Penetration Testing.
Ethical hacking involves an authorized attempt to
gain unauthorized access to a computer system or
data.
26. IP ADDRESS
An IP address is a unique address that identifies a device on
the internet or a local network. IP stands for "Internet
Protocol," which is the set of rules governing the format of
data sent via the internet or local network the full IP
addressing range goes from 0.0.0.0 to 255.255.255.255..
27. PORT
What is a port?
A port is a virtual point where network connections
start and end.
Ports are software-based and managed by a computer's
operating system.
Each port is associated with a specific process or
service.
Ports allow computers to easily differentiate between
different kinds of traffic: emails go to a different port
than webpages, for instance, even though both reach a
computer over the same Internet connection.
There are 65535 ports
28. Ports are used to facilitate the exchange of data
between different computers over a network.
Each port is associated with a specific protocol, which
defines the rules for how data is transmitted and
received.
29. Port 20/21: File Transfer Protocol (FTP)
Port 22: Secure Shell (SSH)
Port 23: Telnet
Port 25: Simple Mail Transfer Protocol (SMTP)
Port 53: Domain Name System (DNS)
Port 80: Hypertext Transfer Protocol (HTTP)
Port 110: Post Office Protocol (POP3)
Port 143: Internet Message Access Protocol (IMAP)
Port 443: Hypertext Transfer Protocol Secure (HTTPS)
30. Port numbers are like extensions to your IP address.
For example,
your computer’s IP address is 192.168.11.1,
while the file transfer protocol (FTP) port number is
20.
Thus, the IP for an open FTP port would be
192.168.11.1:20.
By seeing this address, the server will “understand”
your request.
31. PORT SCANNING
Port scanning, for example, tries all ports at an address
to see which ones are open and listening. Attackers can
use this to find vulnerable services that they can then
attack.
32. SOC A Security Operations Center
(SOC)
An emerging phrase in the cybersecurity world
currently is ‘SOC Analyst’
A Security Operations Center (SOC) is a 24-hour
control center in charge of security and threat analysis
for an organization. It is essentially a structure in place
for large firms and organizations looking to strictly
protect their cyber assets.
Individual IT security tools such as firewalls,
malicious code scanners or intrusion detection
systems are no longer sufficient to guarantee
comprehensive protection.
33. Zero-Trust
A Zero-Trust approach moves businesses away
from the traditional idea of trusting everyone or
everything that is connected to a network or
behind a firewall.
34. Cybersecurity Defences:
Cybersecurity defences are the various measures and
controls put in place to protect digital devices,
networks, and sensitive information from cyber
threats.
Cybersecurity defences are an essential aspect of
cybersecurity as they help to prevent, detect, and
respond to cyber-attacks.
35. Firewalls(Watchman)
These are network security devices that monitor and
control incoming and outgoing network traffic based
on predetermined security rules.
Firewalls help to prevent unauthorized access to
networks and devices.
36. Antivirus and anti-malware
software:
These are software programs designed to detect and
remove malicious software, such as viruses, worms,
and Trojans, from digital devices.
37. Intrusion detection and prevention
systems (IDPS):
These are network security devices that monitor
network traffic for signs of a potential cyber-attack
and can automatically block or prevent the attack.
38. Access Controls
Access controls help to restrict access to sensitive
information and systems to authorized individuals
only.
Examples of access controls include
passwords,
two-factor authentication,
and
biometric authentication.
39. Encryption
Encryption is the process of converting sensitive data
into a format that can only be read by authorized
individuals with the correct decryption keys.
Encryption helps to protect data from unauthorized
access and theft.
40. Employee training and awareness:
Employee training and awareness programs help to
educate employees on the importance of cybersecurity
and how to identify and avoid common cyber threats,
such as phishing emails and social engineering
attacks.
41. Patch management
Patch management involves regularly updating
the device's operating system and software to
address known vulnerabilities and improve
security.
42. Strong passwords and multi-factor
authentication:
Strong passwords are an important component of
cybersecurity because they are the first line of defense
against unauthorized access.
Passwords should be complex and unique, and should
be changed regularly. Multi-factor authentication is an
additional layer of security that requires users to
provide two or more forms of identification in order to
access a system or application.
43. Regular backups:
Regular backups are essential for protecting against
data loss in the event of a system failure, cyber attack,
or other unexpected event.
Backups should be stored in a secure location and
should be tested regularly to ensure that they can be
restored in the event of a disaster.
44. Security audits and vulnerability
assessments:
Security audits and vulnerability assessments are
processes that are used to identify and address security
weaknesses in a system or network.
Security audits involve a comprehensive review of an
organization's security policies and procedures, while
vulnerability assessments focus on identifying
potential vulnerabilities in a system or network.
45. SSL
SSL, or Secure Sockets Layer, is a protocol for securing
online communication between a web server and a
user's web browser.
When you visit a website that uses SSL, your browser
establishes a secure, encrypted connection with the
website's server, ensuring that any data that is
transmitted between the two is kept confidential and
cannot be intercepted by third parties.
46. IAM:
IAM, or Identity and Access Management
IAM can also involve managing authentication and
authorization mechanisms, such as passwords,
biometrics, and multi-factor authentication, to ensure
that only authorized individuals can access sensitive
systems and data.
47. Red Team Testing:
In this approach, a dedicated team of testers, often
called a "red team," is tasked with simulating a real-
world attack on the organization's systems or network.
This approach is often used to test the effectiveness of
an organization's overall security posture and to
identify vulnerabilities that might
be missed by other testing approaches.
48. Honeypot
A honeypot is a type of cybersecurity tool or technique
that is used to detect, deflect, or study attempted
unauthorized access to a system or network.
It is essentially a decoy system or network that is
designed to look and act like a legitimate system or
network, but is actually set up to lure attackers in.
49. Blue Team
Blue Team:
A blue team is a group of security professionals who
are responsible for defending an organization's system
or network against cyber attacks.
50. Purple Team
Purple Team:
A purple team is a combination of red and blue teams
that work together to
improve the organization's security posture.
51. SIEM:
SIEM stands for Security Information and Event
Management. It is a type of security solution that helps
organizations to collect, correlate, analyze, and manage
security event data from various sources in real-time.
SIEM solutions provide organizations with a centralized
platform for monitoring and managing security events,
which helps to improve the organization's overall security
posture.
52. Log Collection: SIEM solutions can collect log data from
various sources, such as network devices, servers, and
applications.
Event Correlation: SIEM solutions can correlate events
from various sources to identify potential security
incidents.
Threat Intelligence: SIEM solutions can leverage threat
intelligence feeds to identify known threats and indicators
of compromise.
Real-time Alerting: SIEM solutions can generate real-time
alerts when potential security incidents are detected.
Reporting and Analysis: SIEM solutions provide reporting
and analysis capabilities to help organizations understand
their security posture, identify trends, and make informed
decisions about their security strategy.