Cybersecurity Fundamentals PDF

**Cybersecurity Fundamentals** Cybersecurity - The action of protecting systems, networks, and data from digital attacks, theft, and damage. Cybersecurity actions include information security, network security, and application security The practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks **Core Definitions** - Cybersecurity: Protecting systems, networks, and data from digital attacks - Scope: Includes information, network, and application security **Hackers** - Hacker---anyone who unlawfully breaks into a computer system. Types of Hackers 1. White hat: Ethical hackers testing system vulnerabilities 2. Black hat: Malicious system breakers for illegal gain 3. Grey-hat: Break into systems to demonstrate expertise **Packet analyzer (sniffer**) is a program deployed by hackers that looks at (or sniffs) each packet as it travels on the Internet. Trying to see what kind of data is traveling looking for sensitive data **Keylogger** is a program that captures all keystrokes made on a computer Common Cybersecurity Threats 1. Malware - Viruses, worms, Trojans, spyware - Designed to damage or exploit systems 2. Phishing - Attackers impersonate trusted entities - Goal: Steal sensitive information - Techniques: Deceptive emails, fake websites 3. Ransomware - Encrypts victim\'s files - Demands payment for decryption - Distributed via phishing, downloads 4. Other Threats - Denial-of-Service (DoS) Attacks - Man-in-the-Middle Attacks - SQL Injection - Zero-Day Exploits - Social Engineering Personal Security Best Practices 1. Strong Passwords - 14+ characters - Mix of numbers, symbols, upper/lowercase - Unique for each account 2. Two-Factor Authentication (2FA) 3. Regular Software Updates 4. Secure Connections 5. Phishing Awareness 6. Privacy Settings Management 7. Data Backups 8. Antivirus Software **Organizational Security Best Practices** 1. Comprehensive Security Policies 2. Employee Training 3. Access Controls 4. Incident Response Planning 5. Regular Security Audits 6. Data Encryption 7. Patch Management 8. Network Security ***Cybersecurity Tools*** 1. Antivirus/Anti-Malware 2. Firewalls 3. Intrusion Detection Systems 4. Encryption Tools 5. Patch Management Systems 6. Security Information Management 7. Virtual Private Networks (VPNs) 8. Multi-Factor Authentication Solutions ***Current Cybersecurity Trends*** 1. AI-Powered Attacks 2. IoT Vulnerabilities 3. Supply Chain Attacks 4. Ransomware as a Service 5. Zero Trust Architecture 6. Cloud Security Improvements 7. Quantum Computing Preparedness 8. Expanding Regulatory Compliance 1. **Malware** - viruses, worms, Trojans, and spyware, which can damage or exploit systems 2. **Phishing** - attackers pose as reputable entities via email or other communication to steal sensitive information 3. **Ransomware** - encrypts a victim\'s data and demands payment for the decryption key. 4. **denial-of-service (DoS) attacks** - overwhelm systems with traffic to disrupt services. Loads up work in system 5. **Man-in-the-Middle (MitM) Attacks**: MitM attacks involve attackers intercept and alter communication between two parties without their knowledge 6. **SQL Injection:** These exploit vulnerabilities in web applications to execute malicious SQL statements. Trying to get to database 7. **Zero-Day Exploits:** Target software vulnerabilities unknown to the software provider and not yet patched 8. **Social Engineering:** Tactics that manipulate individuals into divulging confidential information or performing actions that compromise security The impact of this: - financial loss - reputational damage - legal ramifications - - Cybercrime - is any criminal action perpetrated primarily using a computer. - Scam - identity theft - non-auction/non-delivery of merchandise - advance fee fraud - hacking - blackmail **Malware** Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Types: viruses, worms, Trojans, ransomware, spyware, adware Security measures: using strong passwords, backing up data **Phishing** A cyber-attack method where attackers act as trustworthy entities to steal sensitive information Types: Deceptive emails, fake websites, and phone calls used to lure victims into providing personal information. Security measures: two factor authentication **Virus** A program that attaches itself to another program and spreads itself to other computers ( host program) - Viruses are hidden within the code of a host program **Ransomware** type of malware that encrypts a victim's files and demands payment for the decryption key Types: phishing emails, malicious downloads, and exploiting vulnerabilities Security measures: regular system updates with latest security **SPAM or SPIM** Spam -- unwanted or junk email Spim - Unsolicited instant messages **Cookies** small text files received when visiting a website assign an ID number to your computer, stored in a cookie file - Help companies determine the effectiveness of their marketing - They do not search a hard drive for personal information - May invade your privacy - Pose some privacy risks but low security threat - Each time you log in to the site it notes the visit and keeps track of it in a database **Scareware and Hoaxes** Scareware - malware that attempts to convince you that something is wrong and to pay money to fix it Hoaxes - attempt to make someone believe something that is untrue - Target large audience ***Personal Security Practices*** a. Strong Passwords: Use complex and unique passwords for different accounts, incorporating a mix of letters, numbers, and special characters to enhance security b. Two-Factor Authentication (2FA): add an extra layer of protection, requiring a second form of verification in addition to the password c. Regular Updates d. Secure Connections: Use secure connections (SSL/TLS) e. Phishing Awareness: Be cautious of unsolicited emails and messages Key Takeaways - Cybersecurity is everyone\'s responsibility - Continuous learning and adaptation are crucial - Proactive protection matters more than reactive measures

Cybersecurity Fundamentals PDF

Document Details

Tags

Related

Summary

Full Transcript