Cybersecurity: Definition and OSI Architecture

Questions and Answers

Which of the following is the MOST accurate description of cybersecurity?

• Defending computer systems, networks, and data from malicious attacks and unauthorized access. (correct)
• Primarily focusing on securing physical documents and hardware.
• Implementing firewalls to block all internet traffic.
• Exclusively using antivirus software to protect computers.

Which action constitutes an active cyber attack?

• Monitoring network traffic to identify vulnerabilities.
• Eavesdropping on communications to gather sensitive information.
• Analyzing data packets to understand network behavior.
• Injecting hostile code into communications. (correct)

An attacker secretly intercepts communications between two parties. What type of attack is this?

• Denial of Service (DoS)
• Man-in-the-Middle (MitM) (correct)
• Phishing
• Ransomware

Which BEST describes the role of firewalls in cybersecurity?

To block malicious traffic attempting to enter a network. (C)

What is the primary goal of a passive cyber attack?

To learn or make use of information from the system without affecting system resources. (A)

Which security mechanism involves adding extra bits into transmitted data to check for errors at the receiving end?

Bit Stuffing (B)

What is the purpose of 'notarization' as a security mechanism?

To use a trusted third party to mediate communication and reduce conflict. (C)

Which of the following BEST describes the principle of 'Confidentiality' in information security?

Preventing unauthorized disclosure of information. (B)

Which aspect of information security does 'data masking' primarily address?

Data Security (D)

What is the main purpose of 'penetration testing' in cybersecurity?

To simulate cyber attacks and identify weak spots in computer systems. (C)

In the context of information security, what does the principle of 'Availability' primarily ensure?

That authorized users can access the information they need, when they need it. (B)

Which of the following is the MOST accurate definition of 'cyberspace'?

A virtual and dynamic domain where interactions through digital networks take place. (D)

What makes 'netizens' particularly relevant in the context of cybersecurity?

They are the primary targets for various online threats. (B)

What is the main goal of cryptography?

To secure information and communications through the use of codes. (C)

What is the key difference between symmetric and asymmetric key cryptography?

Symmetric key cryptography uses a single key for encryption and decryption, while asymmetric key cryptography uses a pair of keys. (D)

Which of the following is an advantage of using cryptography?

It can be used for access control to ensure only authorized parties have access to resources. (C)

What is the significance of the Information Technology Act, 2000 (India) in cybersecurity?

It provides a framework for dealing with cybercrime and e-commerce. (A)

What is the main function of an Intrusion Detection System (IDS)?

To monitor network traffic for malicious transactions and send alerts. (B)

Which type of intruder is an authorized user who misuses their granted access to steal data?

Misfeasor (C)

Which of the following BEST describes ransomware?

Software that encrypts your files and demands payment to unlock them. (B)

What distinguishes a 'worm' from a 'virus'?

A worm can run by itself and spread quickly over the network, whereas a virus needs a host program. (D)

Which type of malware disguises itself as a desirable operation, like playing an online game?

Trojan Horse (B)

What is the purpose of a 'logic bomb' in cybersecurity?

To activate malicious code when a specific trigger event occurs. (D)

Which authentication system requires a user to enter a username and password?

Single-Factor Authentication (A)

What is the purpose of 'non-repudiation' in security?

To guarantee that participants in a communication cannot deny their involvement. (B)

Which pillar of non-repudiation concerns the ability to prove that users are real?

Verification (A)

Which of the following is a classic security model used for maintaining Confidentiality, Integrity, and Availability (CIA)?

The Bell-LaPadula Model (B)

What is the term used to describe the process of obtaining a password or code to gain illegal access to a computer system?

Cracking (C)

Which type of hacker typically has a malicious motive and aims to steal secret organizational data or funds from online bank accounts?

Black Hat Hacker (A)

What is the primary goal of a 'white hat' hacker?

To defend systems against malicious hackers. (D)

Which type of hacker may infiltrate a system without permission to seek vulnerabilities, but without malicious intent, and may offer to repair the vulnerabilities they find?

Gray Hat Hackers (B)

What is the main aim of 'red hat' hackers?

To stop threat actors from launching unethical assaults. (A)

What is the role of 'blue hat' hackers in cybersecurity?

To test new software and uncover security flaws before release. (B)

What is the term for an ethical hacker who is mandated with similar goals to criminal hackers, but aims to enhance security within an organization?

White-hat (C)

Which activity is a key component of Ethical Hacking methodology?

Reporting test results back to the organization. (A)

What is 'cracking' in the context of computer security?

The process of attempting to gain unauthorized access to a computer system or network with criminal intent. (C)

What is a 'script kiddie'?

An immature, but often dangerous, exploiter of internet security weaknesses. (A)

What is the purpose of an Intrusion Prevention System (IPS)?

To detect and prevent malicious activities immediately. (C)

What is one of the main functions of Public Key Infrastructure (PKI)?

To ensures security in communications. (D)

Flashcards

Cybersecurity

Defending computer systems, networks, and data from malicious attacks and unauthorized access.

Cyber Attack

An attempt to penetrate computer systems with malicious intent, potentially leading to data theft or damage.

Active Attack

Malicious code that alters systems or data via code injection or masquerading.

Passive Attack

An attempt to gain information without altering system resources, like eavesdropping.

OSI Security Architecture

Internationally recognized framework for deploying security measures, focusing on security attacks, mechanisms and services.

Encipherment

Hiding and covering data using mathematical calculations and algorithms to make it confidential.

Access Control

Stops unauthorized access to data sing passwords, firewalls, or PINs.

Notarization

Uses a trusted third party to mediate communication, reducing potential conflict.

Data Integrity

Attaching a value to data for verification by comparing sent and received data.

Authentication Exchange

Ensures identity is known via two-way handshaking at the TCP/IP layer.

Bit Stuffing

Adding extra bits into data to aid in error checking using parity methods.

Digital Signature

Adding digital data to verify the sender's identity electronically.

Information Security

Protecting information by mitigating risks to prevent unauthorized access, modification, or destruction

CIA Triad

Confidentiality, Integrity, Availability

Confidentiality

Ensuring information is not disclosed to unauthorized individuals, entities, or processes.

Integrity

Maintaining the accuracy and completeness of data; preventing unauthorized modification.

Availability

Ensuring information is available when needed by authorized users.

Network Security

Protects networks from unauthorized access using firewalls and intrusion detection systems.

Application Security

Secures applications via code reviews and security patches to fix vulnerabilities.

Data Security

Ensures safety of stored and transferred data via encryption and masking.

Endpoint Security

Secures devices like computers and smartphones with antivirus software and endpoint detection.

Availability (InfoSec Use)

Ensuring authorized users have access to the information they need, when they need it.

Encryption (InfoSec Use)

Ensuring authorized users have access to the information they need, when they need it.

Cyberspace

Virtual domain created by networked computers where digital interactions occur.

Netizens

Internet users or citizens, potentially vulnerable to cyber threats.

Cryptography

Technique of securing information using codes and algorithms to prevent unauthorized access.

Symmetric Key Cryptography

Where sender and receiver use a shared key to encrypt and decrypt messages.

Asymmetric Key Cryptography

Uses public and private key pairs for encryption and decryption, enhancing security.

Computer Security

Protecting computers and related data from unauthorized access and security issues.

Digital Signature

Validates the authenticity and integrity of digital messages using mathematical techniques.

IT Act, 2000 (India)

Indian law addressing cybercrime, digital transactions, and electronic signatures.

Intrusion Detection System (IDS)

Observes network traffic for malicious activity, sending alerts when detected.

Intruders

Hackers, posing security vulnerability.

Malware

Software that enters a system without consent to steal data or cause harm.

Virus

Malicious code that attaches to executable code and spreads when the infected file is exchanged.

Worm

Replicates independently, slowing down networks.

Trojan Horse

Malware that appears benign but performs malicious operations when executed.

Ransomware

Denies access until victim pays.

Adware

Shows unwanted ads/pop-ups. Generates revenue for software companies.

Spyware

Steals private information and sends it to a third party/hacker.

Study Notes

Cyber Security Definition

• Cybersecurity defends computer systems, networks, and data from malicious attacks and unauthorized access.
• It uses technologies, processes, and practices to:
  • Protect sensitive information
  • Maintain data integrity
  • Ensure digital resource availability
• Methods include:
  • Firewalls
  • Encryption
  • Intrusion detection systems
  • Antivirus software
• Development of security policies and conducting vulnerability assessments are also key.
• It includes incident response, breach mitigation, and user education against phishing and social engineering.
• In a digital world, it is vital for safeguarding personal, corporate, and national data.

OSI Security Architecture

• This is an internationally recognized framework for deploying security measures in organizations.
• Focuses on:
  • Security attacks
  • Security mechanisms
  • Security services
• It considers the OSI model a "language" for computer networking
• The model divides communication into 7 abstract layers, each stacked upon the previous one.
  • Physical Layer
  • Data Link Layer
  • Network Layer
  • Transport Layer
  • Session Layer
  • Presentation Layer
  • Application Layer

Cyber Attack Definition

• A cyberattack is when hackers attempt to penetrate computer systems or networks.
• Motives include stealing or damaging information.
• Targets can be companies or government agencies.
• Consequences include stolen data and financial losses.
• Common types of cyberattacks
  • Malware
  • Viruses
  • Ransomware
  • Phishing
  • Denial of Service (DoS)
  • Man-in-the-Middle (MitM)

Active Attacks

• Active attacks involve unauthorized actions that alter a system or data.
• Attackers directly interfere to damage or gain unauthorized access, by:
  • Injecting hostile code
  • Masquerading as another user
  • Altering data
• Includes
  • Masquerade Attack
  • Modification of Messages
  • Repudiation
  • Replay Attack
  • Denial of Service (DoS) Attack

Passive Attacks

• They aim to gather information from a system but do not affect system resources.
• Includes eavesdropping or monitoring transmissions.
• Attackers passively monitor or collect data without altering or destroying it.
• Examples:
  • Eavesdropping on network traffic
  • Sniffing data packets to steal info

Security Mechanisms

• Encipherment hides and covers data for confidentiality using math or algorithms
• Achieved through cryptography and encipherment, with encryption levels based on algorithms
• Access control prevents unauthorized data access through passwords, firewalls, or PINs
• Notarization uses a trusted third party to mediate communication
• Acts as mediator between sender and receiver to reduce conflicts
• Mediator keeps a record of requests
• Data integrity appends a value to data created by the data itself
• Similar to sending a packet of information, it is checked before and after data is received
• Authentication exchange verifies identities, ensuring data integrity

Information Security Definition

• It protects information by mitigating risks to information systems and data.
• Key goals are preventing unauthorized:
  • Access
  • Disruption
  • Modification
  • Destruction
• This includes protecting financial, sensitive, and confidential information in digital and physical forms. Effective information security requires people, processes, and technology.

Principles of Information Security

• The key principles are
  • Confidentiality
  • Integrity
  • Availability, or CIA
• Confidentiality ensures information is not disclosed to unauthorized entities like passwords,
• Integrity maintains data accuracy and completeness of data cannot be altered
• Availability requires information accessible when needed, supported by organizational collaboration

Types of Information Security

• Network Security protects computer networks from attacks by using firewalls, Intrusion Detection Systems (IDS), and Virtual Private Networks (VPNs)
• Application Security secures software applications by fixing vulnerabilities through code reviews and security patches, and Web application firewalls (WAFs) to filter and monitor HTTP traffic.
• Data Security ensures safety during storage and transfer with encryption and data masking, with encrypted emails unreadable without decryption keys.
• Endpoint Security secures devices through antivirus software and Endpoint Detection and Response (EDR)

Uses of Information Security

• Keeping sensitive data confidential and protected from unauthorized access
• This includes data accuracy and consistency
• Ensuring authorized users can access the information they need
• Meeting legal requirements for data privacy and protection
• Identifying and mitigating security threats
• Developing plans to recover from data loss
• Verifying user identities
• Encoding sensitive data into a secure format to prevent unauthorized access
• Protecting networks from unauthorized access and theft
• Securing physical facilities to protect information systems

Cyberspace

• It is a virtual and dynamic domain created by computer clones, where digital interactions occur.
• Includes networks, the internet, and computer systems.
• Digital interactions are emails, website visits, and social media use.

Netizens

• In cybersecurity, "netizens" refers to ordinary internet users in the online world.
• They are the primary targets for online threats like:
  • Phishing scams
  • Malware
  • Identity theft
• Educating netizens on password management, cautious link-clicking, and software updates is key

Cryptography Definition

• Secures info and communications through codes, restricting access to authorized individuals.
• The prefix "crypt" means "hidden," and "graphy" means "writing."
• Involves algorithms to convert messages for data privacy and safe transactions
• It may prevent unauthorized access to information

Symmetric Key Cryptography

• This is an encryption system that uses a single common key for message encryption/decryption
• It is faster and simpler
• Exchanging keys securely between sender and receiver is difficult
• Examples include Data Encryption Systems (DES) and Advanced Encryption Systems (AES).

Asymmetric Key Cryptography

• Uses a key pair for encryption and decryption
• Sender's public key encrypts, receiver's private key decrypts
• The RSA algorithm is most popular

Advantages of Cryptography

• Cryptography helps control access to resources
• For secure communication, transmits private information. over the internet,
• Defends against replay and man-in-the-middle attacks
• Meets legal requirements for data protection

Computer Security

• Defends computers, data, networks, software, and hardware from unauthorized access, misuse, theft, and loss
• The Internet poses security risks
• Rising technology increases these with invaders, hackers, and thieves seeking:
• Monetary gains
• Recognition
• Ransom
• To bully
• To protect systems needs security

Digital Signature

• It is used to validate the authenticity and integrity of messages, software, or digital documents by mathematical technique
• Key Generation Algorithms produces electronic signatures, assuring message sender
• Signing Algorithms will create a one-way hash of electronic data that will be encrypted using a private key
• Encrypted hash and other hashing algorithmic information becomes a digital signature
• Signature Verification Algorithms use a verification algorithm and the public key to process the digital signature

IT Act 2000 (India)

• The IT Act proposed by the Indian Parliament on October 17, 2000, based on UN Model Law with intention to reduce cybercrime
• It has 13 chapters and 94 sections, and the last four deal with revisions to the Indian Penal Code 1860.
• IT Act schedules:
  • First: Documents the Act does not apply to
  • Second: Deals with electronic signature or authentication

Features of the IT Act 2000

• Digital signatures updated to electronic signatures for impartiality
• It clarifies offenses, penalties, and breaches
• Outlines Justice Dispensation Systems for cybercrimes
• It defines cybercafes as any facility offering public internet access
• It created The Cyber Regulations Advisory Committee
• The IT Act is based on the Indian Penal Code, Indian Evidence act and Reserve Bank of India Act, 1934
• The provisions of the Act are set out in Section 81, which has overriding force
• Nothing in the Act limits rights conferred under the Copyright Act, 1957

Intrusion Detection System (IDS)

• It detects unauthorized access.
• Cybercriminals use advanced techniques to avoid detection.
• IDS monitors network traffic for malicious transactions, alerts when observed
• IDS software checks networks/systems for malicious activities
• IDS often records activities centrally using an SIEM system, or notifies administrators
• IDS monitor networks for malicious activity, protect from unauthorized use
• Detector learning task classifies intrusion/attacks and normal connections

IDS Working

• It monitors network traffic to detect suspicious activity.
• Analyzes network data flow to look for abnormal patterns.
• Then compares that Activity to predefined rules and patterns to identify a possible intrusion
• If a match is found, an alert is sent to the system administrator.
• Sys Admin then investigates and takes action to prevent damage

Intruders in Network Security

• Intruders equal hackers.
• These hackers are harmful and have deep knowledge of tech and system
• Hackers can breach user privacy aims to steal data which they misuse for monetary gain

Types of Intruders

• Masqueraders are unauthorized and use techniques allowing them to exploit private user information
• Misfeasors are authorized individuals, but they misuse their access and privileges to attack unethically to steal data/ information.
• Clandestine Users are individuals who have administrative control over a system and misuse that power for financial benefit

Malware

• It enters systems without consent, gaining bank details, passwords, popping up ads, changing system settings
• Includes viruses, worms, Trojan horses, ransomware, and spyware.
• Awareness is critical
• Protection requires antivirus software, updates, and caution with email attachments

Malware Action

• Harms and exploits computers/ networks stealing sensitive data
• Some ransomware encrypts files demanding payment
• Spyware sends information hack
• Additional malware spreads to other devices
• Protect devices with antivirus and be safe with attachments

Types of Malware

• A Virus is a malicious executable code attached to another executable file that is transmitted system to system and becomes activated
• Worms replicates which slows down networks
• Trojans carry out malicious programs
• ransomware encrypts data and requires payment
• Adware displays unwanted ads and pop up
• Spyware steals inform and sends to hack
• Logic bombs do destructive things like destroy coolers and hard drives

Authentication In Computer Networks

• Verifying the identity of a user
• Single-Factor has user enters username and password which prevents Access if information incorrect

Single-Factor authentication Advantages

• Very Straight to use
• Not Costly
• No huge skills needed

Non Repudiation

• A service that is frequently adopted for estimating the author or source of the message and verifying related documents in which one or more participants in an electronic message or operation are not able to dispute something.
• Regular usage in communications, computing, and security of information systems.

Pillars Of Non Repudiation

• Verification users are all real using things like pass word and user names
• Information should be present to be accountable
• Privacy they prevent exposure to sensitive info
• Users can not undo there movements. System tracks operations

Classic Security Models

• Deals with confidentiality
• Integrity
• Availability

What is Hacking?

• An unauthorized attempt to access a computer/network. Hacking finds security holes in IT personal/corporate to get access to personal Info and data.

Things that can be hacked

• System
• Group of systems
• Email Account
• Lan
• Websites
• Social media

Hackers

• Unauthorized Users with gain Access with Malwares.
• Distribute Malware through Spam, Emails and websites.

Types of Hackers

• Black Hat
• White Hat/Ethical
• Grey Hat
• Red Hat
• Blue Hat
• Green Hat

Black Hat Hackers

• Steal and delete data to make money

White Hat Hackers

• The opposite of Black Hat Hackers. Hired to find exploit black hats

Grey Hat Hackers

. Fall in somewhere Hack without the intent of harm

Red Hat Hackers

Eagle eyed that stop threats with illegal or extreme measures

Blue Hat Hackers

Are from outside and find exploits

Green Hat Hackers

• quick learners that are dangerous because they don't realize the implication of their actions

Ethical Hacking

• Testing systems, networks and aps to identify flaws, enhance Security
• Report findings
• With Permission Objective: Find flaws before Attacker

Cracking

• Uses software and hardware to break computer security.
• Used with malicious intent.

Cracking Types:

• Password.
• wireless.
• Network
• Application
• Software

Script Kiddie

• Derogatory term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses

What Penetration Testing Is

• Practice cyber attacks on computer systems to find weak spots. Fix vulnerabilities.

What Is a Threat

• Is intent to steal or damage data. Harm to system and data
• Includes hacking and malware

Threat Categories

• E-commerce Security basically deals with a set of protocols specially designed for E-commerce platforms to process electronic transactions with security.
• E-commerce Security helps to buy and sell goods over the Internet with full protection and security.
• The absence of E-commerce Security leads to the loss of the banking credentials of the customers
• Leaking of private sensitive information of users, attacks, and fraud is common

What is Intrusion Prevention System (IPS)?

• It is an additional layer of security more advanced then Intrusion detection. With detection and prevention of malicious
• It can stop known threats signature, comparison with abnormal traffic
• IDS will only warn while IPS will ban payloads

Digital Certificates

• A governing body that issues public and private keys in order to protect
• Ensure in security of communication