CYBER SECURITY NOTES (Units 1 - 5) - In Depth

Prepared for: Hrithick Kumar Sharma

UNIT 1 – Introduction to Cyber Security (Detailed)

What is Cyber Security?
Cyber security is the set of practices, technologies, and controls designed to protect
networks, devices, programs, and data from attack, damage, or unauthorized access. It
covers prevention, detection, and response to threats. A strong cyber security posture
reduces the risk of data breaches and protects the confidentiality, integrity, and availability
of information.

Why is Cyber Security Important?

1. Protects sensitive personal and business data (bank details, medical records). 2.
Preserves privacy and prevents identity theft. 3. Ensures continuity of services (online
banking, e-commerce). 4. Protects national security (critical infrastructure like power
grids). 5. Maintains trust with customers and partners.
Example: If an online store is hacked and customer credit cards are stolen, customers
lose money and trust, and the company faces legal penalties and reputation damage.

Challenges in Cyber Security

• Rapidly evolving threats: Attackers constantly change tactics and develop new malware.
• Human factor: Users click phishing links or use weak passwords.
• Legacy systems: Old software lacks patches and is vulnerable.
• Resource constraints: Small organizations may lack security staff or budgets.
• Supply chain risks: Third-party vendors may be entry points for attacks.
Example: Ransomware spreads to many systems when a widely used but unpatched
service is exploited.

Cyberspace
Cyberspace refers to the global network of digital devices and the data that flows between
them. It includes the internet, private networks, cloud services, IoT devices, and
communication systems. Anything that transmits or stores digital information exists in
cyberspace.

Common Cyber Threats

• Malware (viruses, worms, Trojans): Software designed to cause harm or steal
information.
• Phishing and social engineering: Deceptive messages that trick users into revealing
information.
• Denial of Service (DoS/DDoS): Flooding systems with traffic to make them unavailable.
• Man-in-the-Middle (MitM): Intercepting communications to spy or alter messages.
• Insider threats: Authorized users intentionally or accidentally cause harm.
Example: Phishing email that looks like a bank message asking you to 'verify' your
password; the attacker captures entered credentials.

Cyber Warfare & Cyber Terrorism

Cyber warfare involves state actors attacking another state's digital assets to cause
disruption or gather intelligence. Cyber terrorism uses cyber means to intimidate or cause
panic. Both can target critical infrastructure such as power grids, water systems, or
transportation.
Example: A motivated nation-state may deploy malware to disable power stations,
causing blackouts in another country.

CIA Triad - Core Principles

• Confidentiality: Ensuring only authorized users access data (e.g., encryption, access
controls).
• Integrity: Ensuring data is accurate and unaltered (e.g., checksums, digital signatures).
• Availability: Ensuring authorized users have access when needed (e.g., redundancy,
backups).
Example: An online banking database must be encrypted (confidentiality), records must
not be tampered with (integrity), and systems must be available 24/7 (availability).

Security of Critical Infrastructure

Critical infrastructure includes systems for energy, transport, healthcare, finance, and
water supply. A cyberattack on these systems can have severe real-world impacts.
Protection involves network segmentation, strong access controls, incident response
plans, and specialized monitoring.

Organizational Implications
Organizations must adopt policies, technical controls, and training programs. This includes
incident response planning, regular patching, backups, encryption, user training, least
privilege access, and compliance with regulations. Security is not only technical—it's
cultural and procedural.
UNIT 2 – Hackers and Cyber Crimes (Detailed)
Types of Hackers
• White Hat: Ethical hackers who test systems legally to find vulnerabilities.
• Black Hat: Malicious hackers who exploit vulnerabilities for financial or political gain.
• Grey Hat: Hackers who may break rules but not necessarily for malicious reasons; often
disclose flaws publicly.
• Script Kiddies: Inexperienced attackers using existing tools without understanding how
they work.
• Hacktivists: Hackers motivated by political or social causes.

Hackers vs Crackers
'Hacker' originally implied a skilled programmer or security tester; 'cracker' is often used to
describe someone who breaks into systems with malicious intent. For exams, focus on
intent: ethical (white hat) vs malicious (black hat).

Cyber-attacks and Vulnerabilities

• Vulnerabilities are weaknesses in software, hardware, or processes (e.g., unpatched
servers, default passwords).
• Attacks exploit vulnerabilities: SQL injection, buffer overflow, cross-site scripting (XSS),
and phishing.
Example: An unpatched web server allows an attacker to run arbitrary code and take
control of the server.

Malware Types (in-depth)

• Virus: Requires a host file; spreads when infected files are shared.
• Worm: Self-replicating; spreads across networks without human action.
• Trojan: Disguised as legitimate software; may open backdoors.
• Spyware/Adware: Collects information or shows unwanted ads.
• Ransomware: Encrypts files and demands payment for decryption keys.
Example: CryptoLocker and WannaCry are ransomware examples that encrypted user
files and demanded payment.

Sniffing and Eavesdropping

Sniffing involves capturing packets sent over a network. Tools like Wireshark can capture
traffic; secure networks use encryption (HTTPS, TLS) to protect data in transit.
Unencrypted Wi-Fi hotspots are dangerous because sniffers can capture usernames and
passwords.

Gaining Access and Privilege Escalation

Attackers aim to gain initial access via phishing, stolen credentials, or exploited
vulnerabilities. Once inside, they escalate privileges to gain higher-level access (local
privilege escalation, kernel exploits).
Example: Using an unprivileged shell to exploit a vulnerable service and obtain root or
admin access.

Executing Applications, Hiding Files, and Covering Tracks

Malicious code execution may be automated with scripts. Attackers hide tools and log files
to persist undetected (e.g., using rootkits). Covering tracks includes log tampering and
timestamps modification to avoid forensic detection.

Backdoors
Backdoors provide hidden access points left by attackers or by legitimate developers for
maintenance (the latter is unsafe if discovered). Attackers create backdoors to return to
compromised systems even after password changes or patches.
UNIT 3 – Ethical Hacking and Social Engineering (Detailed)
Ethical Hacking – Purpose and Process
Ethical hackers simulate attacks to find vulnerabilities before malicious actors do. The
process includes: Reconnaissance (passive & active), Scanning (port & vulnerability
scans), Gaining Access (exploits), Maintaining Access (installing backdoors), and
Reporting/Clearing Tracks (responsible disclosure).

Reconnaissance
Gathering information about the target using public sources (OSINT), DNS records, and
social media. Passive recon doesn't interact directly with the target, while active recon
(scanning) does.

Scanning Tools and Techniques

Tools: Nmap (port scanning), Nessus (vulnerability scanning), OpenVAS, Nikto (web
server scanning). Techniques include port scanning, banner grabbing, and fingerprinting
services.

Threats and Attack Vectors

Attack vectors are ways the attacker reaches the target: email attachments, malicious
websites, removable media, insecure APIs. Organizations must identify likely vectors and
mitigate them.

Information Assurance
A discipline ensuring systems meet requirements for confidentiality, integrity, and
availability. It includes risk assessments, implementing controls, and regular testing.

Threat Modeling
Systematic approach to identify threats and prioritize mitigation. Models include STRIDE
(Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of
Privilege) and DREAD. Threat modeling helps design secure systems from the start.

Vulnerability Assessment vs Penetration Testing (VAPT)

• Vulnerability Assessment: Automated scanning to find known weaknesses, producing a
list of findings with severity.
• Penetration Testing: Manual and automated testing that attempts to exploit weaknesses
to demonstrate real-world impact.
Example: An assessment flags an open port; a pen test shows how that port can be used
to gain full system control.

Social Engineering Types (Detailed)

• Phishing: Email spoofed to appear from trusted sources.
• Spear Phishing: Targeted phishing against specific individuals.
• Pretexting: Creating a fabricated scenario to obtain information (e.g., pretending to be IT
support).
• Baiting: Leaving infected USBs to entice victims.
• Quid pro quo: Offering a service in exchange for credentials.
• Tailgating: Physically following someone into a secure area.
Example: An attacker calls the helpdesk pretending to be an employee and asks for a
password reset.
Insider Threats
Insider threats may be malicious (data theft) or accidental (misconfiguration). Mitigations:
least privilege, monitoring, data loss prevention (DLP), and employee education.

Defence Strategies
Combine technical controls (firewalls, anti-malware, IDS/IPS), process controls (patch
management, incident response), and human controls (training, phishing simulations).
Multi-factor authentication (MFA) significantly reduces risk from credential theft.
UNIT 4 – Cyber Forensics and Auditing (Detailed)
Computer Forensics – Overview
Computer forensics is the practice of collecting, preserving, analyzing, and presenting
digital evidence for legal proceedings. It requires careful handling to maintain chain of
custody and to prevent evidence tampering.

Types of Digital Evidence and Storage Media

Evidence can come from hard drives, SSDs, USB drives, mobile phones, cloud services,
email servers, and network logs. Each medium requires different acquisition techniques.
For volatile data (RAM), investigators must capture it quickly before shutdown.

Role of the Forensic Investigator

• Identify potential evidence sources.
• Secure and image devices (create bit-for-bit copies).
• Use write-blockers to prevent changes to originals.
• Analyze images with tools (Autopsy, EnCase, FTK).
• Document and report findings for legal use.

Forensics Investigation Process

1. Identification: Recognize potential evidence.
2. Preservation: Protect evidence integrity (hash values).
3. Collection: Use accepted methods to gather evidence.
4. Examination & Analysis: Search, recover deleted files, timeline analysis.
5. Documentation: Maintain logs of actions and findings.
6. Presentation: Present findings clearly for courts.

Collecting Network-based Evidence

Network evidence includes firewall logs, router logs, proxy logs, and packet captures.
Investigators should preserve logs with timestamps and correlate events across systems
to reconstruct attacks.
Example: Correlating web server logs and IDS alerts to find the source IP and timeline of
a breach.

Writing Computer Forensics Reports

A good report includes executive summary, methodology, tools used, evidence
descriptions with timestamps, findings, and recommendations. It must be clear, factual,
and defensible in court.

Auditing and Planning an Audit

Auditing checks whether the organization follows security policies and controls. Planning
an audit involves scope definition, selecting control frameworks (ISO 27001, NIST),
gathering evidence, testing controls, and reporting. Audits can be internal or external and
should be scheduled regularly.

Information Security Management System (ISMS)

ISMS is a management framework of policies and procedures to systematically manage
an organization’s sensitive data. It involves risk assessment, policy creation, control
implementation, monitoring, and continual improvement.
ISO 27001:2013 Standard
ISO 27001 defines requirements for establishing, implementing, maintaining, and
continually improving an ISMS. Organizations can get certified after third-party audits. It
helps organizations manage risks and protect information systematically.
UNIT 5 – Cyber Ethics and Laws (Detailed)
Introduction to Cyber Laws
Cyber laws regulate digital behavior, define crimes, and set penalties. They ensure legal
recourse for victims and set responsibilities for service providers and users.

E-Commerce and E-Governance

E-commerce refers to buying and selling goods online, requiring secure payment systems,
consumer protection, and secure transaction records. E-governance delivers government
services digitally (tax filing, licenses). Both require confidentiality, authentication, and
non-repudiation.

Certifying Authority (CA) and Controller

CAs issue digital certificates that bind public keys to entities, enabling secure
communications and digital signatures. The controller (under national IT law) regulates
certification practices.
Example: When you sign a PDF with a digital signature, a CA ensures the signature's
validity.

Offences under IT Act (examples)

Common offences include hacking, unauthorized access, identity theft, cyber fraud,
publishing obscene material, and spreading malware. Laws define punishments and fines.
Note: specific sections and penalties may update—refer to the latest legal text for exams.

Computer Offences and Penalties under IT Act 2000 (India)

• Hacking: Penalties can include imprisonment and fines.
• Identity theft and fraud: Penal actions under relevant sections.
• Publication of obscene content: Heavier fines and imprisonment.
• Note: Amendments and related IPC sections may apply. Always check current laws for
precise penalties.

Intellectual Property Rights (IPR) in Cyberspace

IPR includes copyright, patents, trademarks, and trade secrets. In cyberspace, software,
websites, digital images, music, and content are protected under copyright law.
Organizations must ensure licensing compliance and protect their creations.

Network Layer - IPSec (Detailed)

IPSec is a suite of protocols to secure IP communications by authenticating and
encrypting each IP packet. It works in two modes: Transport (only payload encrypted) and
Tunnel (entire packet encrypted and encapsulated). IPSec components: AH
(Authentication Header) for integrity and ESP (Encapsulating Security Payload) for
confidentiality. Uses strong cryptographic algorithms for secure VPNs.
Example: Corporations use IPSec VPNs to connect branch offices over the public internet
securely.

Practical Advice & Exam Tips

• Use diagrams to explain CIA Triad, threat models, and attack steps.
• Give real-world examples (WannaCry, phishing incidents).
• When asked about processes (forensics, pen testing), list clear steps with brief
explanation.
• Remember key terms and their definitions; use them in answers.