Cyber Security

Unit-1

Introduction to Cyber Security:

Cybersecurity refers to the practice of protecting computer systems, networks, and data from
unauthorized access, use, disclosure, disruption, modification, or destruction.
It involves implementing various measures, technologies, and processes to prevent cyber threats and
ensure the confidentiality, integrity, and availability of information.
1. The technique of protecting internet-connected systems such as computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks is known as cyber
security.

2. We can divide cyber security into two parts one is cyber, and the other is security.

a. Cyber refers to the technology that includes systems, networks, programs, and data.
b. Security is concerned with the protection of systems, networks, applications, and information.

3. The another name of cyber security is electronic information security or information technology
security.

4. designed to protect networks, devices, programs, and data from attack, theft, damage, modification
or unauthorized access.

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems.

o Network Security: It involves implementing the hardware and software to secure a computer
network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an
organization to protect its assets against external and internal threats.

o Application Security: It involves protecting the software and devices from unwanted threats. This
protection can be done by constantly updating the apps to ensure they are secure from attacks.
Successful security begins in the design stage, writing source code, validation, threat modeling, etc.,
before a program or device is deployed.

o Information or Data Security: It involves implementing a strong data storage mechanism to

maintain the integrity and privacy of data, both in storage and in transit.

o Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.

o Operational Security: It involves processing and making decisions on handling and securing data
assets.

o Mobile Security: It involves securing the organizational and personal data stored on mobile devices
such as cell phones, computers, tablets, and other similar devices against various malicious threats.
These threats are unauthorized access, device loss or theft, malware, etc.

o Cloud Security: It involves in protecting the information stored in the digital environment or cloud
architectures for the organization. It uses various cloud service providers such as AWS, Azure,
Google, etc., to ensure security against multiple threats.
o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring,
alerts, and plans to how an organization responds when any malicious activity is causing the loss of
operations or data. Its policies dictate resuming the lost operations after any disaster happens to the
same operating capacity as before the event.

o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization
responds when any malicious activity is causing the loss of operations or data. Its policies dictate
resuming the lost operations after any disaster happens to the same operating capacity as before the
event.

Importance and Challenges in Cyber Security:

Cybersecurity is crucial in today's interconnected world as cyber threats continue to evolve and pose
significant risks to individuals, organizations, and even nations.
The importance of cybersecurity lies in safeguarding sensitive information, protecting privacy,
preventing financial losses, maintaining trust in digital systems, and ensuring the smooth functioning
of critical infrastructure.
However, there are several challenges in achieving effective cybersecurity. These challenges include
the constantly evolving nature of cyber threats, the increasing sophistication of cyber attacks, the
shortage of skilled cybersecurity professionals, the complexity of modern technology systems, and
the rapid pace of technological advancements.
Cyber Security Goals
1. Cyber Security main objective is to ensure data protection.
2. The security community provides a triangle of three related principles to protect the data from
cyber-attacks.
3. This principle is called the CIA triad.
4. The CIA model is designed to guide policies for an organization's information security
infrastructure. When any security breaches are found, one or more of these principles has been
violated.
We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is
actually a security model that helps people to think about various parts of IT security.
Confidentiality
Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves
ensuring the data is accessible by those who are allowed to use it and blocking access to others. It
prevents essential information from reaching the wrong people. Data encryption is an excellent
example of ensuring confidentiality.
Integrity
This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily recover
from such an event. In addition, it indicates to make the source of information genuine.
Availability
This principle makes the information to be available and useful for its authorized people always. It
ensures that these accesses are not hindered by system malfunction or cyber-attacks.
ADVANTAGES
- Cyber security will defend us from critical cyber- attacks.
- It helps us to browse the safe website.
- Cyber security will defend us from hacks & virus.
- The application of cyber security used in our PC needs to update every week.
- Internet security processes all the incoming & outgoing data on our computer.
- It helps to reduce computer chilling & crashes.
- Gives us privacy.

DISADVANTAGES
- It was expensive; most of the users can’t afford this.
- A normal user can’t use this properly, requiring special expertise.
- Lack of knowledge is the main problem.
- It was not easy to use.
- It makes the system slower.
- It could take hours to days to fix a breach in security.

Malware
Malware means malicious software, which is the most common cyber attacking tool. It is used by the
cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the
important types of malware created by the hacker:

o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and
spreads throughout a computer system, infecting files, stoles information, or damage device.

o Spyware: It is a software that secretly records information about user activities on their system.
For example, spyware could capture credit card details that can be used by the cybercriminals for
unauthorized shopping, money withdrawing, etc.

o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do other
harmful activities on our network.

o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering
them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption.

o Worms: It is a piece of software that spreads copies of itself from device to device without human
interaction. It does not require them to attach themselves to any program to steal or damage the data.

o Adware: It is an advertising software used to spread malware and displays advertisements on our
device. It is an unwanted program that is installed without the user's permission. The main objective
of this program is to generate revenue for its developer by showing the ads on their browser.

o Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals

to control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data theft
without the user's permission.

Cyberspace:

Cyberspace refers to the virtual domain created by interconnected computer systems and networks.
It encompasses all the digital platforms, communication channels, and online environments where
information is exchanged, stored, and processed.
 1. Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services.

2. It is maintained by the worldwide distribution of information and communication technology

devices and networks.

3. With the benefits carried by the technological advancements, the cyberspace today has
become a common pool used by citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to induce clear boundaries among
these different groups.

4. The cyberspace is anticipated to become even more complex in the upcoming years, with the
increase in networks and devices connected to it.

Cyber Threats:
Cyber threats are malicious activities or events that aim to compromise the security of computer
systems, networks, and data.
Common cyber threats include malware (such as viruses, worms, and ransomware), hacking attacks,
social engineering, phishing, identity theft, denial-of-service (DoS) attacks, and insider threats.
A Cyber Threat or a Cyber Security Threat is a malicious act performed by hackers to intentionally
steal data or other assets, misuse them, or simply cause disruption in digital life in general. Cyber
Threats can come from remote locations by unknown parties or even within an organization by trusted
users.

Common Sources of Cyber Threats

• Nation states—hostile countries can launch cyber attacks against local companies and
institutions, aiming to interfere with communications, cause disorder, and inflict damage.

• Terrorist organizations—terrorists conduct cyber attacks aimed at destroying or abusing

critical infrastructure, threaten national security, disrupt economies, and cause bodily harm to
citizens.

• Criminal groups—organized groups of hackers aim to break into computing systems for
economic benefit. These groups use phishing, spam, spyware and malware for extortion, theft
of private information, and online scams.

• Hackers—individual hackers target organizations using a variety of attack techniques. They

are usually motivated by personal gain, revenge, financial gain, or political activity. Hackers
often develop new threats, to advance their criminal ability and improve their personal
standing in the hacker community.

• Malicious insiders—an employee who has legitimate access to company assets, and abuses
their privileges to steal information or damage computing systems for economic or personal
gain. Insiders may be employees, contractors, suppliers, or partners of the target organization.
They can also be outsiders who have compromised a privileged account and are
impersonating its owner.

Cyberwarfare:
Cyberwarfare involves the use of cyber attacks by one nation-state against another for political,
military, or economic purposes.
It includes activities such as disrupting critical infrastructure, conducting espionage, stealing sensitive
information, and launching coordinated cyber attacks against an adversary's computer systems.
Cyber Warfare is typically defined as a set of actions by a nation or organization to attack
countries or institutions' computer network systems with the intention of disrupting, damaging,
or destroying infrastructure by computer viruses or denial-of-service attacks.

Cyber warfare can take many forms, but all of them involve either the destabilization or destruction
of critical systems. The objective is to weaken the target country by compromising its core systems.

This means cyber warfare may take several different shapes:

1. Attacks on financial infrastructure

2. Attacks on public infrastructure like dams or electrical systems

3. Attacks on safety infrastructure like traffic signals or early warning systems

4. Attacks against military resources or organizations

CIA Triad:

The CIA Triad is a fundamental concept in cybersecurity that stands for Confidentiality, Integrity,
and Availability.
Confidentiality ensures that information is accessed only by authorized individuals and remains
protected from unauthorized disclosure.
Integrity ensures that information is accurate, complete, and unaltered during storage, processing,
and transmission.
Availability ensures that information and systems are accessible and usable when needed by
authorized users.

Cyber Terrorism:

Cyber terrorism refers to the use of cyber attacks by terrorist organizations or individuals to cause
widespread disruption, fear, and damage.
It involves targeting critical infrastructure, government systems, financial institutions, and public
services to create chaos, instill fear, and undermine societal stability.
1. Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the
loss of life or significant bodily harm, in order to achieve political or ideological gains through
threat or intimidation.

2. Acts of deliberate, large-scale disruption of computer networks, especially of personal

computers attached to the Internet by means of tools such as computer viruses, computer
worms, phishing, malicious software, hardware methods, programming scripts can all be
forms of internet terrorism.

3. Cyberterrorism can be also defined as the intentional use of computers, networks, and public
internet to cause destruction and harm for personal objectives.

4. Experienced cyberterrorists, who are very skilled in terms of hacking can cause massive
damage to government systems and might leave a country in fear of further attacks.
Cyber Security of Critical Infrastructure:

Critical infrastructure refers to the essential systems and assets that are vital for the functioning of a
society and its economy, such as power grids, transportation networks, healthcare systems, and
financial institutions.
Ensuring the cybersecurity of critical infrastructure is crucial as a successful cyber attack on these
systems can have severe consequences, including economic disruption, loss of life, and societal
chaos.
Protecting critical infrastructure involves implementing robust cybersecurity measures, conducting
regular risk assessments, establishing incident response plans, and promoting collaboration between
public and private sectors.
Critical infrastructure security is the area of concern surrounding the protection of systems, networks
and assets whose continuous operation is deemed necessary to ensure the security of a given nation,
its economy, and the public's health and/or safety.
The UK internet industry and Government recognized the need to develop a series of Guiding
Principles for improving the online security of the ISPs' customers and limit the rise in cyberattacks.
Cybersecurity for these purposes encompasses the protection of essential information, processes, and
systems, connected or stored online, with a broad view across the people, technical, and physical
domains.
These Principles recognize that the ISPs (and other service providers), internet users, and UK
Government all have a role in minimizing and mitigating the cyber threats inherent in using the
internet.
These Guiding Principles have been developed to respond to this challenge by providing a consistent
approach to help, inform, educate, and protect ISPs' (Internet Service Provider's) customers from
online crimes. These Guiding Principles are aspirational, developed and delivered as a partnership
between Government and ISPs. They recognize that ISPs have different sets of customers, offer
different levels of support and services to protect those customers from cyber threats.
Some of the essential cybersecurity principles are described below-
 1. Economy of mechanism

2. Fail-safe defaults

3. Least Privilege

4. Open Design

5. Complete mediation

6. Separation of Privilege

7. Least Common Mechanism

8. Psychological acceptability

9. Work Factor

10. Compromise Recording

1. Economy of mechanism

This principle states that Security mechanisms should be as simple and small as possible. The
Economy of mechanism principle simplifies the design and implementation of security mechanisms.
If the design and implementation are simple and small, fewer possibilities exist for errors. The
checking and testing process is less complicated so that fewer components need to be tested.
Interfaces between security modules are the suspect area which should be as simple as possible.
Because Interface modules often make implicit assumptions about input or output parameters or the
current system state. If the any of these assumptions are wrong, the module's actions may produce
unexpected results. Simple security framework facilitates its understanding by developers and users
and enables the efficient development and verification of enforcement methods for it.

2. Fail-safe defaults

The Fail-safe defaults principle states that the default configuration of a system should have a
conservative protection scheme. This principle also restricts how privileges are initialized when a
subject or object is created. Whenever access, privileges/rights, or some security-related attribute is
not explicitly granted, it should not be grant access to that object.

Example: If we will add a new user to an operating system, the default group of the user should have
fewer access rights to files and services.

3. Least Privilege

This principle states that a user should only have those privileges that need to complete his task. Its
primary function is to control the assignment of rights granted to the user, not the identity of the user.
This means that if the boss demands root access to a UNIX system that you administer, he/she should
not be given that right unless he/she has a task that requires such level of access. If possible, the
elevated rights of a user identity should be removed as soon as those rights are no longer needed.

4. Open Design

This principle states that the security of a mechanism should not depend on the secrecy of its design
or implementation. It suggests that complexity does not add security. This principle is the opposite
of the approach known as "security through obscurity." This principle not only applies to information
such as passwords or cryptographic systems but also to other computer security related operations.

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a cryptographic
algorithm that protects the DVD movie disks from unauthorized copying.

5. Complete mediation

The principle of complete mediation restricts the caching of information, which often leads to simpler
implementations of mechanisms. The idea of this principle is that access to every object must be
checked for compliance with a protection scheme to ensure that they are allowed. As a consequence,
there should be wary of performance improvement techniques which save the details of previous
authorization checks, since the permissions can change over time.

Whenever someone tries to access an object, the system should authenticate the access rights
associated with that subject. The subject's access rights are verified once at the initial access, and for
subsequent accesses, the system assumes that the same access rights should be accepted for that
subject and object. The operating system should mediate all and every access to an object.

Example: An online banking website should require users to sign-in again after a certain period like
we can say, twenty minutes has elapsed.

6. Separation of Privilege

This principle states that a system should grant access permission based on more than one condition
being satisfied. This principle may also be restrictive because it limits access to system entities. Thus,
before privilege is granted more than two verifications should be performed.

Example: To change to root, two conditions must be met-

• The user must know the root password.

• The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms allowing resources shared
by more than one user should be minimized as much as possible. This principle may also be restrictive
because it limits the sharing of resources.

Example: If there is a need to be accessed a file or application by more than one user, then these
users should use separate channels to access these resources, which helps to prevent from unforeseen
consequences that could cause security problems.

8. Psychological acceptability

This principle states that a security mechanism should not make the resource more complicated to
access if the security mechanisms were not present. The psychological acceptability principle
recognizes the human element in computer security. If security related software or computer systems
are too complicated to configure, maintain, or operate, the user will not employ the necessary security
mechanisms. For example, if a password is matched during a password change process, the password
changing program should state why it was denied rather than giving a cryptic error message. At the
same time, applications should not impart unnecessary information that may lead to a compromise in
security.
Example: When we enter a wrong password, the system should only tell us that the user
id or password was incorrect. It should not tell us that only the password was wrong as
this gives the attacker information.

9. Work Factor

This principle states that the cost of circumventing a security mechanism should be compared with
the resources of a potential attacker when designing a security scheme. In some cases, the cost of
circumventing ("known as work factor") can be easily calculated. In other words, the work factor is
a common cryptographic measure which is used to determine the strength of a given cipher. It does
not map directly to cybersecurity, but the overall concept does apply.

Example: Suppose the number of experiments needed to try all possible four character passwords is
244 = 331776. If the potential attacker must try each experimental password at a terminal, one might
consider a four-character password to be satisfactory. On the other hand, if the potential attacker
could use an astronomical computer capable of trying a million passwords per second, a four-letter
password would be a minor barrier for a potential intruder.

10. Compromise Recording

The Compromise Recording principle states that sometimes it is more desirable to record the details
of intrusion that to adopt a more sophisticated measure to prevent it.

Cybersecurity - Organizational Implications:

Cybersecurity has significant organizational implications for businesses and institutions.

Organizations need to prioritize cybersecurity as a strategic objective and integrate it into their overall
risk management strategies.

This involves developing robust security policies and procedures, conducting regular security
awareness training for employees, implementing strong access controls and encryption mechanisms,
and regularly assessing and monitoring the effectiveness of security measures.

Organizations should also establish incident response plans to effectively handle cyber incidents,
establish partnerships with cybersecurity vendors and experts, and stay updated with the latest threats
and vulnerabilities.