🔒Cybersecurity and Cryptography Unit 1 – Introduction to Cybersecurity

Key Concepts and Terminology

• Cybersecurity involves protecting systems, networks, and programs from digital attacks
• Information security (InfoSec) is a broader term that encompasses cybersecurity and includes protecting data in both digital and physical forms
• Confidentiality ensures that data is only accessible to authorized individuals
  • Achieved through access controls, encryption, and proper disposal of sensitive information
• Integrity guarantees that data remains accurate, trustworthy, and unaltered by unauthorized entities
  • Maintained through checksums, digital signatures, and version control
• Availability ensures that data and systems are accessible to authorized users when needed
  • Supported by redundancy, failover mechanisms, and disaster recovery plans
• Authentication verifies the identity of a user or system
  • Implemented using passwords, biometric data (fingerprints), or digital certificates
• Authorization determines the level of access granted to an authenticated user
  • Based on the principle of least privilege, granting only necessary permissions
• Non-repudiation prevents an individual from denying their actions or transactions
  • Achieved through digital signatures, timestamps, and audit trails

The Cybersecurity Landscape

• The cybersecurity landscape constantly evolves as new technologies and threats emerge
• Cybercriminals, hacktivists, and state-sponsored actors are the main threat actors
  • Cybercriminals are motivated by financial gain (ransomware attacks)
  • Hacktivists are driven by political or social agendas (website defacement)
  • State-sponsored actors conduct espionage or sabotage for national interests (Stuxnet)
• The increasing reliance on connected devices and the Internet of Things (IoT) expands the attack surface
• Cloud computing introduces new security challenges, such as shared responsibility and data sovereignty
• The cybersecurity skills gap makes it difficult for organizations to find and retain qualified professionals
• Collaboration between public and private sectors is crucial for effective cybersecurity
  • Information sharing initiatives (Information Sharing and Analysis Centers)
  • Public-private partnerships (National Cyber Security Centre in the UK)

Common Cyber Threats and Attacks

• Malware is malicious software designed to disrupt, damage, or gain unauthorized access to systems
  • Types include viruses, worms, trojans, and ransomware
• Phishing attacks manipulate users into revealing sensitive information or installing malware
  • Often delivered through fraudulent emails or websites mimicking legitimate ones
• Social engineering exploits human psychology to trick individuals into compromising security
  • Techniques include pretexting, baiting, and tailgating
• Denial-of-Service (DoS) attacks overwhelm systems or networks with traffic, making them unavailable
  • Distributed Denial-of-Service (DDoS) attacks use multiple compromised devices (botnets)
• Advanced Persistent Threats (APTs) are sophisticated, targeted attacks that remain undetected for extended periods
• Insider threats originate from within an organization, either through malicious intent or negligence
• Zero-day exploits target previously unknown vulnerabilities, leaving no time for patch development
• SQL injection attacks manipulate database queries to access or modify sensitive data

Basic Security Principles

• Defense-in-depth employs multiple layers of security controls to provide comprehensive protection
  • Includes firewalls, intrusion detection systems (IDS), and endpoint protection
• Least privilege grants users only the permissions necessary to perform their tasks
  • Minimizes the potential impact of a compromised account
• Separation of duties distributes critical functions among multiple individuals
  • Prevents a single person from having excessive control and reduces the risk of fraud
• Need-to-know restricts access to sensitive information based on an individual's job requirements
• Regular security audits and assessments identify vulnerabilities and ensure compliance with policies
• Incident response plans outline the steps to detect, contain, and recover from security incidents
  • Includes roles and responsibilities, communication channels, and escalation procedures
• Business continuity and disaster recovery plans ensure the availability of critical systems and data
  • Involves regular backups, redundant infrastructure, and failover mechanisms

Introduction to Cryptography

• Cryptography is the practice of securing communication and data using mathematical algorithms
• Encryption converts plaintext into ciphertext, making it unreadable without the proper key
  • Symmetric encryption uses the same key for encryption and decryption (AES)
  • Asymmetric encryption uses a pair of keys: public for encryption and private for decryption (RSA)
• Hashing generates a fixed-size output (digest) from an input of any size
  • Used for data integrity and password storage (SHA-256)
• Digital signatures provide authentication, integrity, and non-repudiation
  • Created by encrypting a hash of the message with the sender's private key
• Public Key Infrastructure (PKI) manages the creation, distribution, and revocation of digital certificates
  • Certificates bind public keys to identities and are issued by Certificate Authorities (CAs)
• Key management involves the secure generation, storage, and exchange of cryptographic keys
  • Includes key rotation and secure key storage (hardware security modules)

Essential Security Tools and Technologies

• Firewalls control network traffic based on predefined security rules
  • Network firewalls filter traffic between networks (packet filtering)
  • Web Application Firewalls (WAFs) protect against application-layer attacks (cross-site scripting)
• Intrusion Detection Systems (IDS) monitor network traffic for suspicious activities
  • Network-based IDS (NIDS) analyze network traffic (Snort)
  • Host-based IDS (HIDS) monitor individual devices (OSSEC)
• Antivirus software detects and removes malware from systems
  • Uses signature-based and heuristic-based detection methods
• Virtual Private Networks (VPNs) create secure, encrypted connections over untrusted networks
  • Commonly used for remote access and site-to-site connectivity
• Security Information and Event Management (SIEM) systems collect and analyze log data from various sources
  • Provides real-time threat detection and incident response capabilities (Splunk)
• Vulnerability scanners identify weaknesses in systems, networks, and applications
  • Helps prioritize patching and remediation efforts (Nessus)

Legal and Ethical Considerations

• Cybersecurity professionals must adhere to legal and ethical principles
• Laws and regulations vary by jurisdiction and industry
  • Examples include GDPR (EU), HIPAA (healthcare), and PCI DSS (payment card industry)
• Ethical hacking involves authorized testing of systems to identify and remediate vulnerabilities
  • Conducted with explicit permission and under strict guidelines
• Responsible disclosure is the practice of notifying vendors of discovered vulnerabilities and allowing time for patching
• Privacy concerns arise from the collection, storage, and use of personal data
  • Organizations must obtain consent, protect data, and adhere to privacy laws
• Intellectual property rights protect the ownership of software, algorithms, and other creations
  • Infringement can lead to legal consequences and reputational damage

Practical Security Measures

• Strong password policies enforce the use of complex, unique passwords and regular updates
  • Implement multi-factor authentication (MFA) for an additional layer of security
• Regular software updates and patching address known vulnerabilities
  • Prioritize critical updates and establish a patch management process
• Employee security awareness training educates users on best practices and common threats
  • Includes identifying phishing emails, handling sensitive data, and reporting incidents
• Network segmentation isolates critical systems and limits the spread of attacks
  • Achieved through VLANs, firewalls, and access control lists (ACLs)
• Data backup and recovery ensure the availability of data in case of incidents or disasters
  • Implement regular backups, test restore procedures, and store backups securely
• Secure configuration management maintains the integrity of systems and applications
  • Involves hardening, disabling unnecessary services, and applying security templates
• Incident response exercises and simulations prepare teams for real-world scenarios
  • Conduct tabletop exercises and live drills to identify gaps and improve response capabilities