Cybersecurity Basics

Questions and Answers

Which of the following actions is the MOST indicative of practicing cybersecurity?

• Enforcing policies that curb cyberattacks.
• Protecting computer systems, networks, and data from cyberattacks. (correct)
• Using readily available technology.
• Adopting various practices to improve technology.

Why is cybersecurity considered important for organizations?

• It reduces the need for innovation.
• It maintains trust and reputation. (correct)
• It simplifies operational processes.
• It ensures sensitive information is available to all employees.

What is the primary focus of network security?

• Managing software updates on individual computers.
• Protecting computer networks from unauthorized access or attacks. (correct)
• Ensuring all employees have access to the network.
• Securing physical access to server rooms.

Which of the following is primarily protected by information security?

The confidentiality, integrity, and availability of data. (A)

What are the three core principles that form the CIA triad model?

Confidentiality, Integrity, Availability. (B)

What does 'confidentiality' ensure in the context of the CIA triad?

Data is protected from unauthorized access. (D)

What does 'integrity' refer to in the CIA triad?

Protecting data from unauthorized modification or destruction. (C)

What aspect of data security does 'availability' primarily address?

Guaranteeing authorized users can access data when needed. (B)

Which of the following BEST describes the difference between cybersecurity and information security?

Cybersecurity is about protecting digital systems and data, while information security protects data in all forms. (C)

What is the PRIMARY objective of cloud security?

To protect cloud-based data, applications, and infrastructure. (C)

In cloud security, what does 'data privacy' primarily ensure?

Keeping data private and safe across cloud platforms. (D)

When selecting a cloud service model, what does choosing SaaS typically imply?

Minimal customization for basic needs. (A)

What is the main function of IoT security?

To protect devices, networks, and data that are part of the IoT. (C)

Which of the following is an example of an IoT security device designed to monitor an environment in real time?

Surveillance camera. (C)

What is the purpose of application security?

To protect applications from cyber threats. (C)

What is the role of a Web Application Firewall (WAF) in application security?

To monitor and filter HTTP traffic between a web application and the internet. (B)

What primary function does endpoint security serve?

Securing devices like laptops and mobile devices from cyber threats. (C)

In the context of endpoint security, what can endpoint security platforms do to manage risky devices?

Identify and block them from accessing a corporate network. (D)

According to the zero trust model, what is the fundamental principle regarding user or device access?

No user or device should be trusted unless explicitly permitted. (C)

Which of the following authentication methods aligns with the principles of zero trust security?

Multifactor authentication. (D)

Which of the following is a common characteristic of cybersecurity threats?

Aiming to access, disrupt, or steal sensitive data. (D)

Which activity is MOST representative of a phishing attack?

Tricking individuals into revealing personal information or money. (A)

What is the main purpose of 'spear phishing'?

To send fraudulent emails to specific individuals or organizations. (B)

Which of the following activities is MOST indicative of malware?

Secretly monitoring user activity and stealing data. (A)

How do computer viruses typically spread from one computer to another?

As attachments to images, audio, or video files. (B)

What distinguishes a 'worm' from a 'virus'?

Worms can spread without attaching to a host file, unlike viruses. (A)

What is a key characteristic of worms related to their spread?

They can spread automatically through networks or email systems. (D)

What BEST describes the behavior of a Trojan horse?

It pretends to be legitimate software to trick users into installing it. (C)

How does a Trojan horse typically provide unauthorized access to a system?

By tricking users into installing or executing a malicious file. (A)

Which of the following describes the primary function of ransomware?

To encrypt user files and demand a ransom for restoring access. (C)

Why do attackers often demand payment in cryptocurrency in ransomware attacks?

Because it offers a degree of anonymity. (B)

What is the primary goal of spyware?

To secretly monitor user activities and collect information. (C)

What type of information can spyware typically track?

Internet browsing habits, keystrokes, and login credentials. (D)

What is the primary function of adware?

To automatically display or download advertising material. (D)

How does adware typically affect a user’s system?

By slowing it down, displaying unwanted ads, and compromising privacy. (B)

What is the main purpose of keyloggers?

To record every keystroke a user types on their device. (A)

What makes keyloggers a severe privacy concern?

They can capture sensitive information like login credentials and credit card numbers. (B)

What is the primary function of rootkits?

To gain privileged access to a computer or network. (D)

Why are rootkits difficult to detect and remove?

They hide their presence and the presence of other malicious software. (D)

What is the main goal of a Denial of Service (DoS) attack?

To disrupt the normal functioning of a target by flooding it with traffic. (A)

What is a key difference between a DoS and a DDoS attack?

A DoS attack is easier to mitigate, while a DDoS attack is harder. (C)

What is the primary action of an attacker in a Man-in-the-Middle (MITM) attack?

To intercept and potentially alter the communication between two parties. (D)

Flashcards

Cybersecurity

Protecting computer systems, networks, and data from cyberattacks using technology, policies, and practices.

Critical infrastructure cybersecurity

Ensuring systems vital to society's functioning are resilient and reliable against cyber threats.

Network security

Protecting computer networks from unauthorized access, use, disclosure, disruption, modification, or destruction.

Cloud security

Protecting data and applications in cloud environments from unauthorized access, data breaches, and cyber threats.

IoT (Internet of Things) security

Protecting internet-connected devices and their data from cyber threats.

Application security

Protecting software applications from unauthorized access, modification, or destruction.

Information security

Protecting the confidentiality, integrity, and availability of data.

Confidentiality

Restricting access to information, including personal and proprietary data.

Integrity

Ensuring the accuracy and trustworthiness of data, preventing unauthorized modification or destruction.

Availability

Ensuring authorized users can access data and systems when needed.

Cloud security

Strategies and technologies that protect cloud-based data, applications, and infrastructure.

Software as a Service (SaaS)

Cloud-based model allowing users to access software applications over the internet, provider manages the software.

Platform as a Service (PaaS)

Cloud service providing a complete environment for developing, managing, and deploying applications.

Infrastructure as a Service (IaaS)

Cloud computing service offering access to computing resources on demand.

Internet of Things (IoT) security

Protection of devices, networks, and data that are part of the Internet of Things (IoT).

Application Security

Set of measures that protect applications from cyber threats, securing code and data during design, development, and deployment.

Endpoint Security

Measures protecting devices like laptops, desktops, and mobile devices from cyber threats.

Zero trust Security

Network security strategy assuming no user or device should be trusted unless explicitly permitted.

Phishing

Attacks that trick people into giving away personal information or money.

Malware

Malicious software designed to infiltrate and damage computer systems.

Worm

A type of malware that replicates and spreads from one computer to another.

Trojan Horse

Malware that pretends to be legitimate to trick users into installing or executing it.

Ransomware

Malware that encrypts a victim's files and demands a ransom for decryption.

Spyware

Malicious software designed to secretly monitor a user's activities without their consent.

Adware

Software that displays advertising material automatically.

Keyloggers

Spyware designed to record every keystroke a user types.

Rootkits

Malware designed to gain privileged access to a computer or network.

Denial of Service (DoS) Attack

Cyberattack making a website or network unavailable by flooding it with traffic.

Distributed Denial of Service (DDoS) Attack

Attack from multiple sources aimed at overwhelming a system.

Man-in-the-Middle (MITM) Attack

Cyberattack where an attacker intercepts and alters communication between two parties.

Study Notes

• Cybersecurity involves safeguarding computer systems, networks, and data from cyberattacks
• This includes utilizing technology, policies, and practices to prevent cyber threats malware, phishing, and ransomware

Importance of Cybersecurity

• Cybersecurity is important for the protection of sensitive information
• Cybersecurity is important prevention of identity theft and fraud
• Cybersecurity is important for maintaining trust and reputation
• Legal compliance is a key benefit of cybersecurity
• Cybersecurity can provide operational continuity after an attack

Network Security

• Network security protects networks, programs, and online systems from digital attacks
• Network security prevents illegal access to user accounts and documents
• Network security secures network integrity

Information Security

• Information Security also known as InfoSec, this protects the confidentiality and availability of data
• Important sensitive information is only accessible to authorized users
• Cybersecurity is an element of information security protecting digital data and systems
• Information security protects data in all forms

CIA Triad Model

• The CIA triad outlines the core principles of information security, including confidentiality, integrity, and availability
• It acts as a framework for developing security policies and procedures

Confidentiality

• Confidentiality restricts access to information, including personal and proprietary data
• Aims to prevent unauthorized access to data
• Focuses on protecting against password theft and computer theft

Integrity

• Integrity ensures data accuracy and trustworthiness
• Integrity prevents unauthorized modification or destruction of data
• Maintains data authenticity

Availability

• Availability ensures authorized users can access data and systems when needed
• Ensures data availability in a timely and reliable manner

Cybersecurity vs. Information Security

	Cybersecurity	Information Security
Focus	Protects digital systems and data	Protects data in all forms, digital and physical
Examples	Firewalls, intrusion detection systems, encryption	Protecting customer account details, financial data, and intellectual property
Goals	Protects systems, networks, and programs from attacks	Protects data confidentiality, integrity, and availability

Cloud Security

• Cloud security is a set of strategies and technologies protecting cloud-based data, applications, and infrastructures

Cloud Security Goals

• Data privacy is a key goal by keeping data private and safe across cloud platforms, applications, and infrastructure
• Compliance ensures that cloud services adhere to legal and regulatory requirements
• Access control manages cloud access to prevent unauthorized entry

Cloud Security Types

• Cloud security types include Software-as-a-Service (SaaS)
• Cloud security types include Platform-as-a-Service (PaaS)
• Cloud security types includs Infrastructure-as-a-Service (IaaS)

Software-as-a-Service (SaaS)

• A cloud-based model enabling users to access software applications via the internet
• The software provider manages the software and its provision in a SaaS model
• Payment subscription-based, with fixed monthly fees based on the plan and number of users
• Example for Enterprise Resource Planning(ERP), Content management system(CMS), Human Resource Management System(HRMS), Office365, Google Apps etc.

Platform-as-a-Service (PaaS)

• A cloud-based service providing an environment for developing, managing, and deploying applications
• PaaS is a pay-as-you-go service, eliminating the need for hardware and software maintenance
• Payment is pay-as-you-go, based on usage of compute resources, storage, and services
• Example for Google Cloud, Microsoft Azure, AWS, IBM Cloud, Red Hat OpenShift, Oracle Cloud Platform (OCP), Heroku, Mendix, Engine Yard, and OpenStack etc.

Infrastructure-as-a-Service (IaaS)

• A cloud computing service providing on-demand access to computing resources
• Payment is pay-as-you-go, based on the amount of virtual server time, storage space, and network utilized

Features of IaaS

• Offers on-demand access, allowing users to request and configure resources for running applications and IT systems
• Payment is pay-as-you-go
• Involves scalability and the IaaS can be scaled up or scaled down to meet changing needs
• Examples: Amazon Web Services (AWS), Elastic Compute Cloud (EC2), Microsoft Azure, Google Compute Engine (GCE), Joyent, Linode, Rackspace, DigitalOcean etc.

Choosing The Right Model

• For basic needs and minimal customization, choose SaaS
• For developing and deploying custom applications, choose PaaS
• For full control of infrastructure and complex deployments, choose IaaS

Internet of Things (IoT) Security

• IoT security focuses on protecting the devices, networks, and data that make up the IoT
• IoT include computers, phones, appliances, and smart devices that connect to the internet

IoT Security Goals

• The main goal is to protect user privacy and data confidentiality
• One goal is to ensure device security and infrastructure security
• A key task is to allow the IoT ecosystem to function smoothly

Iot Security Devices

• Surveillance cameras monitor the environment in real time and are viewed remotely
• Smart locks are controlled remotely and have biometric recognition capabilities
• Smart alarms detect threats like break-ins, fire, and carbon monoxide
• Door/window sensors alert when doors or windows are opened or tampered with
• Smart detectors detect environmental hazards like smoke, gas leaks, and water leaks

Application Security

• Application security uses measures to protect applications from cyber threats
• It secures software code and data during design, development, and deployment

Application Security Tools

• Web Application Firewalls (WAF) monitor/filter HTTP traffic between a web application and the internet
• Multi-factor authentication (MFA) requires users to provide identification before application access
• Anti-virus software removes malicious software from computer systems or applications

Endpoint Security

• Endpoint security applies measures protecting devices like laptops, desktops, and mobile devices
• Endpoint security is also called endpoint protection

Endpoint Security Work

• Endpoint security software, is an endpoint protection platform (EPP), that protects devices from cyber threats
• Endpoint security contains antivirus, anti-malware, and firewall protection
• Endpoint security platforms identify and block risky devices from accessing a corporate network
• Endpoint security platforms monitor the security posture of devices

Zero Trust Security

• Zero trust security operates under the assumption that no user or device is inherently trusted
• Zero Trust Network Access (ZTNA) only connects users to resources they are authorized to access

Zero Trust Examples

• Multifactor authentication requests two or more forms of authentication to sign in
• Zero Trust Network Access (ZTNA) only connects users to the resources they have permission to access

Cybersecurity Threats

• Common cybersecurity threats include phishing, malware, ransomware, DDoS attacks
• Supply chain attacks, social engineering, insider threats, password attacks, IoT attacks, cryptojacking, advanced persistent threats are also risks
• These malcious activity for digital systems through sensitive data access, disruption, or theft

Phishing

• A cybercrime where scammers trick people into revealing personal information or money
• Disguised as legitimate entities, the scammer steals money, gains access, or installs malware

Types of Phishing

• Email phishing sends fraudulent emails
• Spear phishing targets specific individuals or organizations
• Smishing sends text messages
• Vishing uses phone calls
• Clone phishing creates fake messages

Malware

• Intrusive software developed by cybercriminals to steal or damage systems
• Common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware

Malware: Virus

• A virus is a type of malware that alters files and data
• It spreads from computer to computer and enters computers via attachments and downloads
• Severity ranges from mildly disturbing effects to severely damaging data or software
• The first computer virus was Creeper, crafted in 1971 by Bob Thomas
• The message "I'M THE CREEPER. CATCH ME IF YOU CAN!" was shown for Creeper
• The boot sector virus Brain created in 1987 for India
• Brain virus as created by brothers Basit and Amjad Farooq Alvi (Lahore, Pakistan).

Malware: Worms

• A worm is replicates itself from computer to computer without needing to attach to a host file
• Worms can spread automatically through networks, email systems or the Internet without human intervention
• The Morris Worm released in 1988, widely spread on the internet

Key Worm Characteristics

1. Self-Replication: Worms replicate themselves across networks and systems
2. Network Spread: They Exploit security vulnerabilities in operating systems or applications to spread, also spread through email, shared files, or instant messaging
3. Payload Delivery: While the primary purpose of a worm is to spread, many worms carry a payload-a secondary malicious program to cause damage. Data theft, file corruption, or malware installation result
4. Resource Consumption: Consume excessive system resources, like bandwidth and processing power
5. Remote Control: Design creates backdoors into infected systems for remote control/launching further attacks

Famous Worms:

• ILOVEYOU (2000): a very famous email worm, used the subject line "ILOVEYOU," caused global damage
• Blaster (2003): Exploited vulnerability in Microsoft Windows, causing affected computers to repeatedly reboot
• Conficker (2008): Spread through Microsoft Windows by exploiting vulnerabilities and creating a botnet
• Stuxnet (2010): Targeted Iran's nuclear program by damaging industrial control systems

Trojan Horse

• A type of malicious software that appears legitimate
• Gives attackers access to a system, steal information, damage files, or provide a backdoor

Trojan Characteristics

1. Deceptive Behavior: Trojan’s disguise themselves as legitimate software or files
2. No Self-Replication: Trojans don't replicate themselves. The use the users them by open / execute them.
3. Malicious Payload: Once installed, a Trojan can deliver a variety of malicious payloads. This gives attackers control of the system, stealing personal information, or installing other types of malware
4. Backdoor Access: Trojans open a "backdoor" on an infected system Cybercriminals from remotely control or access the system without the user's knowledge.

Famous Trojan Horse

1. Zeus/Zbot (2007): Banking Trojan, designed to steal banking credentials
2. Emotet(2014): Banking Trojan, evolved into a sophisticated malware and spreads through malicious email attachments.
3. SpyEye(2009): Banking Trojan and steals login credentials
4. Dridex(2014): Banking Trojan and steals banking credentials.
5. Trojan-Dropper: Delivers payloads for infection of other types of malware

Other Famous Trojan Horse

6. Red October(2012): Cyber-espionage Trojan and steals sensitive data
7. TrickBot(2016): Banking Trojan, steals financial data and login credentials
8. Kelihos(2008): Used to a create botnet. that steals data
9. Emotet(2014): Primarily used for Malware distribution and delivers other malware,
10. Andromeda/Gamarue(2011): Downloader to install other malware for information theft

Malware: Ransomware

• Encrypts a victim's files or locks them out of their system so they make a payment for data restoration
• Ransomware are known to attacks to cryptocurrency (e.g., Bitcoin for anonymity.
• Ransomeware can financial loss, operational disruption, and data breaches
• The AIDS Trojan in 1989, first documented ransomware attack
• Created by Joseph Popp, a biologist and AIDS researcher
• Examples: CryptoLocker, WannaCry, Locky, Reveton, Police Virus, Sodinokibi, etc.

Malware: Spyware

• Designed to monitor/gather data for user's activities without the user knowing
• Can track track internet browsing habits, keystrokes, login credentials, and sensitive personal information
• Common types of spyware adware, keyloggers, rootkits, and Trojan viruses

Adware

• Software that automatically displays or downloads advertising material
• It is often bundled with other software and can negatively affect a user's system
• Known for Track User Behavior, Annoying Pop-ups, Bundled withFreeware, Privacy Concerns

Keyloggers

• Designed to record all keystrokes a user types on their device
• Can capture sensitive information like login credentials, credit card numbers, emails, and personal messages

Rootkits

• Designed to gain privileged access to a computer or network
• Can hide easily in the operating system and have difficult detection and removal
• Allows attackers long-term access to a system

Comparison of Adware, Keyloggers, and Rootkits

Feature	Adware	Keyloggers	Rootkits
Primary Purpose	Display targeted ads	Record keystrokes	Gain privileged access
Visibility	Often visible	Usually runs invisibly	Hides itself
Impact on System	Slows down the system	Captures sensitive information	Takes control of the system
Privacy Risk	Compromises browsing behavior	Captures usernames and passwords	Provides remote access
Removal Difficulty	Easy to remove	Tricky to remove	Extremely difficult to remove
Example Software	Gator, Zango	Perfect Keylogger, REFOG Keylogger	TDSS, Sony BMG Rootkit

Denial of Service (DoS) Attack

• A cyberattack that makes a website / network unavailable is an overload of traffic
• The goal to disrupt normal functioning
• To does this, A target slows down/ unresponsive, and traffic handles the target

Difference Between DoS and DDoS Attack

• A DoS attackers originates attacks device or a computer system
• A DDoS which more different computers / IoT servers
• DDoS comes compromised spread out on a network

Aspect	DoS Attack	DDoS Attack
Source of Attack	Single source	Multiple sources
Scale of Attack	Limited in scale	Large scale
Complexity	Simple to execute	Complex to execute
Detection & Mitigation	Easier to detect	Harder to detect
Impact on Target	Local impact	Widespread impact
Cost of Execution	Low cost	High cost

Man-in-the-Middle Attack

• A user's communication is cyberattcked is intercepted, and even communication between both parties
• The attacker puts self to sender and receiver to monitor/modify exchange data

Real-World Man-In-The-Middle Attacks

1. Wi-Fi Eavesdropping / Evil Twin Attack : A hacker monitor to Wi-Fi network at airport
2. Phishing with MITM: A hacker is fake and leads back to official