Unit 1: Introduction to Cyber Security PDF

Smt. R.O.Patel Women's college CS-27 Cyber Security Unit-1 : Introduction to Cyber Security ❖ Define Cyberspace Cyberspace is termed as a virtual and dynamic domain created by computer clones. Cyberspace best describes the immaterial space where interactions through digital networks, the internet, and computer systems take place. Firstly began by sci-fi pioneer William Gibson writing in his 1984 novel “Neuromancer” and then subsequently looking forward to a virtual reality where users were capable of moving through 3-dimensional digital spaces, cyberspace was initially developed in the early nineties. While the concept has matured over time, its essence remains consistent, an area of making a tiny realm of human faculties prone to technology. Cyberspace is fundamentally dependent on technical advancement and innovation. All digital interactions in this space, including sending emails, visiting websites, and using social media are part of cyberspace. Cyberspace Components of Cyberspace Here are some of the components of cyberspace that are as follows: Prepared By :Ruchita Pandya Page 1 Smt. R.O.Patel Women's college CS-27 Cyber Security Networks: The basis of cyberspace is computer network architecture consisting of access networks, MANs, and WANs that often extend to devices operating as channels through which data are relayed. These networks may involve a great radius as in the case of single buildings or astronomically long distances as is the case with space-based networks. They may employ media as diverse as electrical cables, wirelines to switching nodes and bridges as well as spanning the whole universe. The Internet: Mainly among the various features of this phenomenal space of cyberspace the Internet is undoubtedly the most remarkable, a complex structure of structures essentially used as a communication channel for the distribution of information & also online business platforms. The internet is like a mixture of cyberspace that has websites where messages are sent and stuff for entertainment purposes like online games and social networks. Data: It is data that guarantees the magnetic Connections of the peoples of Cyberspace. Information is rushing over the net at billions of bits per second. Data as a whole has many different formats that can be written, images, videos, or files. It would be virtually impossible to expect any online activity undertaken without data being exchanged or compromised. Digital Platforms: It`s a virtual world that exists in the form of digital as well as online systems that provide services, as well as resources via active interaction. Such a digital suitcase incorporating social media and search platforms as well as cloud storage and online marketplace is the building block of the framework of the digital world. Characteristics of Cyberspace Here are some of the key characteristics of cyberspace, which include: Borderless: While contrasting with real-world areas being strictly separated by geographic boundaries, cyberspace is beyond classifications and does not have consideration of geographic location in its connectivity instantaneously. This borderless condition creates a high level of international cooperation as a positive side and can raise many of the challenges to cybersecurity as a disadvantage. Dynamic: Cyberspace is characterized by high strength, arising from technological innovations, among the people who access it, and the legal frameworks. Culture appears on the scene in a flash, old technologies keep getting updated, and the threat of cyber-attacks continuously renews itself and lays new and new challenges as the digital space changes around the clock. Accessible: The cyberspace idea is the comparison of it with the inhabitants of Earth, in that anyone with an internet connection can gain access to the information and resources that would supposedly go for a long period without others. However, the overall national level of digital infrastructure, social factors, and governmental constraints are the possible issues for reaching the space of cyber for some populations. Prepared By :Ruchita Pandya Page 2 Smt. R.O.Patel Women's college CS-27 Cyber Security Anonymous: The users of the internet cannot be identified in the digital space because the anonymity of virtual presence allows them to know privately without disclosing their real names. Whilst on one side, anonymity can mean privacy and defense, it can also offer a great chance for bad guys to commit web crime like cybercrimes and online harassment. Challenges and Considerations Cyberspace presents an array of challenges and considerations that are as follows: Cybersecurity: The cyber-realm breeds its intensity-in-scale dangers, with the increase in the use of malware, phishing attacks, data leakages, and cyber wars. Shielding the computerized info and Maintaining online safety is still an ongoing issue for people, enterprises, and governments. Privacy: The obtaining and the proper use of personal information not within physical space can be considered the main problem that is connected to privacy. For instance, data tracking, data surveillance, and unauthorized usage of personal data ask for the implementation of necessary data privacy controls. Digital Divide: Unequal access to the net and computer literacy as well as less information contribute to the formation of the chess paradigm meaning that those people who don’t have enough resources and expertise to utilize the cyber world fully are excluded from these processes. Bridging this gap is a foremost priority for giving everyone the same chance to fully benefit from digital opportunities and a more equal platform. Regulation and Governance: The undefinable scope of online activities and access to electronic spaces creates a huge problem for government circles as there are no clear rules to govern them. It is vital, at the same time, to maintain freedom of speech prevailing over the Net, yet some boundaries should be set up with no excessive limitation. Policymakers and digital platforms have a great challenge to fight against the negative content that goes beyond the liberality principle and proscribed acts. ❖ Architecture of Cyber Space The concept of the "architecture of cyberspace" refers to the structural design and organization of the virtual spaces that make up the internet and other digital environments. Unlike physical architecture, which deals with tangible materials and physical spaces, the architecture of cyberspace involves the arrangement and interaction of digital elements, data, and networks. Key aspects of this architecture include: Prepared By :Ruchita Pandya Page 3 Smt. R.O.Patel Women's college CS-27 Cyber Security 1. Network Infrastructure Physical Layer: This includes the hardware components such as servers, data centers, fiber optic cables, routers, and switches that form the backbone of the internet. Network Layer: Protocols like IP (Internet Protocol) and TCP (Transmission Control Protocol) govern the transmission of data packets across networks. 2. Web Architecture Client-Server Model: The interaction between client devices (computers, smartphones) and servers that host websites and applications. HTTP/HTTPS Protocols: Protocols used for data communication on the World Wide Web. 3. Data Architecture Databases and Data Storage: Structured storage systems like relational databases (SQL) and unstructured storage systems (NoSQL, cloud storage). Data Centers: Facilities that house the servers and storage systems. 4.Security Architecture Firewalls and Intrusion Detection Systems (IDS): Protect networks from unauthorized access and cyber threats. Encryption Protocols: Ensure the confidentiality and integrity of data in transit and at rest. 5.Application Architecture Monolithic vs. Microservices: Different approaches to building applications, where monolithic architectures involve a single unified codebase and microservices involve a collection of loosely coupled services. API (Application Programming Interface): Defines the interaction between different software components. 6. User Interface and Experience (UI/UX) Design Front-End Development: Involves the design and development of the visual and interactive aspects of a website or application using HTML, CSS, and JavaScript. User Experience: Focuses on optimizing the usability and accessibility of digital environments. 7. Virtual Environments and Immersive Technologies Virtual Reality (VR) and Augmented Reality (AR): Create immersive digital experiences that blend the physical and digital worlds. Metaverse: Conceptual digital universe combining multiple virtual spaces, often incorporating VR, AR, and other immersive technologies. 8. Cloud Architecture Cloud Computing Models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Prepared By :Ruchita Pandya Page 4 Smt. R.O.Patel Women's college CS-27 Cyber Security Scalability and Elasticity: Cloud services allow for flexible scaling of resources based on demand. 9. Decentralized Architecture Blockchain and Distributed Ledger Technologies: Enable decentralized data storage and transactions, providing transparency and security without a central authority. Peer-to-Peer Networks: Networks where each participant (peer) can act as both a client and a server. 10. Governance and Regulation Internet Governance: Involves policies and rules for managing and operating the internet, including domain name systems (DNS), IP address allocation, and net neutrality. Data Privacy Regulations: Laws and regulations like GDPR (General Data Protection Regulation) that govern the collection, storage, and processing of personal data. ❖ Overview of Computers A computer is an electronic device that accepts data from the user, processes it, produces results, displays them to the users, and stores the results for future usage. Data is a collection of unorganized facts & figures and does not provide any further information regarding patterns, context, etc. Hence data means "unstructured facts and figures". Information is a structured data i.e. organized meaningful and processed data. To process the data and convert into information, a computer is used. A computer performs the following functions – Receiving Input Data is fed into computer through various input devices like keyboard, mouse, digital pens, etc. Input can also be fed through devices like CD-ROM, pen drive, scanner, etc. Processing the information Operations on the input data are carried out based on the instructions provided in the programs.Storing the information.After processing, the information gets stored in the primary or secondary storage area. Producing output The processed information and other details are communicated to the outside world through output devices like monitor, printer, etc. Prepared By :Ruchita Pandya Page 5 Smt. R.O.Patel Women's college CS-27 Cyber Security 1. Components of a Computer Hardware: The physical components of a computer. o Central Processing Unit (CPU): The brain of the computer, responsible for executing instructions. Memory o -RAM (Random Access Memory): Volatile memory used for temporary storage while the computer is running. o -Storage: Non-volatile memory for long-term data storage, such as hard drives (HDDs) or solid-state drives (SSDs). Motherboard: The main circuit board that connects all components. Input Devices: Tools used to input data (e.g., keyboard, mouse). Output Devices: Tools used to output data (e.g., monitor, printer). Software: The programs and operating systems that run on the hardware. o System Software: Includes operating systems (e.g., Windows, macOS, Linux) that manage hardware and software resources. o Application Software: Programs that perform specific tasks for users (e.g., word processors, web browsers). 2. Types of Computers Personal Computers (PCs): Designed for individual use. Desktops: Stationary computers with separate monitors and cases. Laptops: Portable computers with integrated screens and keyboards. Tablets: Touchscreen-based portable devices. Workstations: High-performance computers used for technical or scientific applications. Server: Computers that provide data, resources, or services to other computers over a network. Mainframes: Large, powerful systems used for bulk data processing in enterprises. Supercomputers: Extremely powerful computers used for complex simulations and calculations in research. 3. Computer Architecture Von Neumann Architecture: The traditional model where the CPU, memory, and I/O devices share a single system bus. Modern Enhancements: Multicore processors, parallel processing, and specialized GPUs for graphics and computation. 4. Operating Systems (OS) Manages hardware and software resources. Examples: Microsoft Windows, macOS, Linux distributions, iOS, Android. 5.Networks Local Area Network (LAN): A network covering a small geographic area, like a home or office. Wide Area Network (WAN): A network covering a large geographic area, like the internet. Prepared By :Ruchita Pandya Page 6 Smt. R.O.Patel Women's college CS-27 Cyber Security Protocols: Rules governing data transmission (e.g., TCP/IP). 6. Computer Security Protecting systems from threats like viruses, malware, and hacking. Techniques: Firewalls, antivirus software, encryption. 7.Emerging Technologies Artificial Intelligence (AI): Computers simulating human intelligence. Quantum Computing: Leveraging quantum mechanics for complex computations. -Cloud Computing: Providing services over the internet (e.g., storage, processing). 8.Applications Business: Data analysis, customer relationship management (CRM), enterprise resource planning (ERP). Education: E-learning platforms, research tools. Healthcare: Electronic medical records (EMR), diagnostic tools. Entertainment: Video games, streaming services. Communication: Email, social media, video conferencing. ❖ Overview of Web Technology Web technology refers to the means by which computers communicate with each other using markup languages and multimedia packages. It gives us a way to interact with hosted information, like websites. Web technology involves the use of hypertext markup language (HTML) and cascading style sheets (CSS). Web technology encompasses the tools and techniques used to create and manage websites and web applications. This technology has evolved rapidly, enabling the creation of dynamic, interactive, and visually appealing web experiences. Here's a comprehensive overview: 1.Fundamentals of Web Technology Web: A collection of interconnected documents and resources, linked by hyperlinks and URLs. Internet: The global network of computers that hosts the web. 2. Core Technologies HTML (HyperText Markup Language): The standard language for creating web pages. It structures content using elements like headings, paragraphs, links, images, and more. CSS (Cascading Style Sheets): Used to style and layout web pages. CSS controls the visual presentation, including colors, fonts, and layout. JavaScript: A scripting language used to create dynamic and interactive web content. It can manipulate the HTML and CSS of a page, handle events, and communicate with servers. Prepared By :Ruchita Pandya Page 7 Smt. R.O.Patel Women's college CS-27 Cyber Security 3. Web Development Front-End Development: Focuses on the client side, involving the creation of the user interface and user experience. Frameworks/Libraries: React, Angular, Vue.js Tools: HTML, CSS, JavaScript, WebAssembly Responsive Design: Ensuring websites work well on all devices (e.g., Bootstrap, Flexbox, Grid Layout). Back-End Development: Focuses on the server side, involving database interactions, server logic, and application integration. Languages: Python, Java, Ruby, PHP, Node.js Frameworks: Django, Flask, Spring, Ruby on Rails, Express.js Databases: SQL (MySQL, PostgreSQL) and NoSQL (MongoDB, Redis) 4. Web Servers and Hosting Web Servers: Software that serves web pages in response to requests (e.g., Apache, Nginx). Hosting: Services that provide space on servers for websites (e.g., shared hosting, VPS, dedicated servers, cloud hosting). 5.Protocols and Standards -HTTP/HTTPS (Hypertext Transfer Protocol/Secure): Protocols for transferring web documents. HTTPS includes encryption for security. -REST (Representational State Transfer): An architectural style for designing networked applications using stateless communication. o WebSockets: Protocol for full-duplex communication channels over a single TCP connection. 6. Web Development Tools IDEs (Integrated Development Environments): Software for coding (e.g., Visual Studio Code, Sublime Text, IntelliJ IDEA). Version Control Systems: Tools for managing code versions (e.g., Git, GitHub, GitLab). Package Managers: Tools for managing project dependencies (e.g., npm, Yarn, pip). 7. Content Management Systems (CMS) Platforms for managing website content without extensive coding knowledge. Examples: WordPress, Joomla, Drupal 8. Web Security Protecting websites from threats like hacking, data breaches, and malware. Practices: Secure coding, regular updates, encryption, using secure protocols. Tools: Firewalls, SSL certificates, anti-malware tools. 9. Performance Optimization Techniques to enhance the speed and efficiency of web pages. Prepared By :Ruchita Pandya Page 8 Smt. R.O.Patel Women's college CS-27 Cyber Security Methods: Minification, compression, caching, CDN (Content Delivery Network), lazy loading. 10. Modern Trends Progressive Web Apps (PWAs): Web applications that provide a native app- like experience. Single Page Applications (SPAs): Web apps that load a single HTML page and dynamically update content. Serverless Architecture: Running backend code without managing servers, using services like AWS Lambda. Microservices: Architectural style that structures an application as a collection of loosely coupled services. Web technology is a dynamic field that involves the development, deployment, and maintenance of websites and web applications. It includes a range of technologies from basic HTML/CSS to advanced JavaScript frameworks, server- side languages, and databases. Understanding the core components, development processes, and modern trends is essential for creating efficient, secure, and user-friendly web experiences. ❖ Internet Internet is a global communication system that links together thousands of individual networks. It allows exchange of information between two or more computers on a network. Thus internet helps in transfer of messages through mail, chat, video & audio conference, etc. It has become mandatory for day-to- day activities: bills payment, online shopping and surfing, tutoring, working, communicating with peers, etc. The internet, sometimes simply called the net, is a worldwide system of interconnected computer networks and electronic devices that communicate with each other using an established set of protocols. The Internet is known as “interconnection of computer networks”. The Internet is a massive network of networks. It connects millions of computers together globally, forming a network in which any computer can communicate with any other computer as long as they are both connected to the Internet. The internet is a vast, global network that connects millions of private, public, academic, business, and government networks. It is an interconnected system that allows for the exchange of information and communication between computers and devices worldwide. History of Internet The ARPANET (Advanced Research Projects Agency Network, later renamed the internet) established a successful link between the University of California Los Angeles and the Stanford Research Institute on October 29, 1969. Libraries automate and network catalogs outside of ARPANET in the late 1960s. TCP/IP (Transmission Control Protocol and Internet Protocol) is established in the 1970s, allowing internet technology to mature. The development of these Prepared By :Ruchita Pandya Page 9 Smt. R.O.Patel Women's college CS-27 Cyber Security protocols aided in the standardization of how data was sent and received via the internet. NSFNET (National Science Foundation Network), the 56 Kbps backbone of the internet, was financed by the National Science Foundation in 1986. Because government monies were being used to administer and maintain it, there were commercial restrictions in place at the time. In the year 1991, a user-friendly internet interface was developed. Delphi was the first national commercial online service to offer internet connectivity in July 1992. Later in May 1995, All restrictions on commercial usage of the internet are lifted. As a result, the internet has been able to diversify and grow swiftly. Wi-Fi was first introduced in 1997. The year is 1998, and Windows 98 is released. Smartphone use is widespread in 2007. The 4G network is launched in 2009. The internet is used by 3 billion people nowadays. By 2030, there are expected to be 7.5 billion internet users and 500 billion devices linked to the internet. Key Components of the Internet 1. Networks and Infrastructure: Computers and Servers: Devices that store, process, and exchange data. Routers and Switches: Hardware that directs data packets between networks. Cables and Satellites: Physical and wireless media that transmit data over distances. 2. Protocols: TCP/IP (Transmission Control Protocol/Internet Protocol): The foundational protocols that define how data is packetized, addressed, transmitted, routed, and received. HTTP/HTTPS (Hypertext Transfer Protocol/Secure):Protocols used for transmitting web pages over the internet. 3. Services and Applications: World Wide Web: A system of interlinked hypertext documents accessed via web browsers. Email: A method of exchanging digital messages. FTP (File Transfer Protocol): A protocol for transferring files between computers. VoIP (Voice over Internet Protocol): Technology that allows for voice communications over the internet. How the Internet Works 1. Data Transmission: Data sent over the internet is broken into small packets. Each packet is labeled with the destination IP address and routed through various intermediate devices (routers and switches) until it reaches its destination. Upon arrival, packets are reassembled into the original message or file. Prepared By :Ruchita Pandya Page 10 Smt. R.O.Patel Women's college CS-27 Cyber Security 2. IP Addresses: Each device connected to the internet has a unique IP address, which serves as its identifier. IP addresses can be static (permanent) or dynamic (temporary). 3. Domain Name System (DNS): Translates human-friendly domain names (like www.example.com) into IP addresses. Acts like a phone book for the internet, allowing users to access websites using easily remembered names instead of numeric addresses. Functions and Uses of the Internet 1.Communication: Email, instant messaging, and social media platforms. Video conferencing and voice calls. 2. Information Sharing: Websites, blogs, and online publications. Search engines that index and retrieve information. 3. E- Commerce: E-commerce platforms for buying and selling goods and services. Online banking and digital payment systems. 4. Entertainment: Streaming services for music, movies, and games. Online gaming and virtual reality experiences. 5. Education and Learning: Online courses, e-learning platforms, and educational resources. Virtual classrooms and webinars. Impact and Significance Global Connectivity: The internet connects people across the world, enabling real-time communication and collaboration. Information Accessibility: It democratizes access to information, making knowledge widely available. Economic Impact: It has created new industries, transformed traditional business models, and facilitated global commerce. Social Interaction: Social media and online communities have transformed how people interact and form relationships. Innovation: The internet fosters innovation and the development of new technologies and applications. Challenges Security: Cybersecurity threats, data breaches, and hacking. Prepared By :Ruchita Pandya Page 11 Smt. R.O.Patel Women's college CS-27 Cyber Security Privacy: Concerns over data privacy and surveillance. Digital Divide: Disparities in internet access across different regions and populations. Regulation: Balancing the need for regulation with the principles of free and open internet. Advantages of the Internet: It is the best source of a wide range of information. There is no better place to conduct research than the internet. Online gaming, talking, browsing, music, movies, dramas, and TV series are quickly becoming the most popular ways to pass the time. Because there are hundreds of thousands of newsgroups and services that keep you updated with every tick of the clock, the Internet is a source of the most recent news. Because of virtual shops where you may buy anything you want and need without leaving your house, internet shopping is becoming increasingly popular. Recently, virtual shops have been making a lot of money. With the emergence of online businesses, virtual stores, and credit card usage, purchasing goods without going to the store has never been easier. Disadvantages of the Internet: Spending too much time on the internet is hazardous for the young generation’s physical and mental health. Children who use the internet develop an addiction, which is quite dangerous. It is now quite easy to decipher someone’s chat or email messages thanks to the hacking community. With the emergence of online stores, people prefer to order online rather than going to local stores which results in less social interactions among people. ❖ World Wide Web WWW stands for World Wide Web and is commonly known as the Web. The WWW was started by CERN in 1989. WWW is defined as the collection of different websites around the world, containing different information shared via local servers(or computers). Web pages are linked together using hyperlinks which are HTML-formatted and, also referred to as hypertext, these are the fundamental units of the Internet and are accessed through Hyper text transfer protocol (HTTP) Such digital connections, or links, allow users to easily access desired information by connecting relevant pieces of information. The benefit of hypertext is it allows you to pick a word or phrase from the text and click on other sites that have more information about it. History of the WWW It is a project created, by Tim Berner Lee in 1989, for researchers to work together effectively at CERN. It is an organization, named the World Wide Web Prepared By :Ruchita Pandya Page 12 Smt. R.O.Patel Women's college CS-27 Cyber Security Consortium (W3C), which was developed for further development of the web. This organization is directed by Tim Berner’s Lee, aka the father of the web. CERN, where Tim Berners worked, is a community of more than 1700 researchers from more than 100 country. These researchers spend a few time on CERN, and rest of the time they work at their colleges and national research facilities in their home country, so there was a requirement for solid communication so that they can exchange data. Terminologies related to WWW Web documents can be linked together, and are called "Hypertext". Hypertext systems offer an easy approach to manage huge collections of data, which includes text files, pictures, sounds, movies and more. In a hypertext system, when you view a document or your computer screen, you can also access all the data that is linked to it. To support hypertext documents, web uses a protocol called "Hypertext Transfer Protocol" (HTTP). A hypertext document is a specially encoded file that uses "Hypertext Markup Language" (HTML). HTTP and Links are foundation for WWW. Web page is displayed in the web browser. It is a kind of word processing document which contains pictures, sounds and even movies along with text. Websites :A collection of associated web pages is called "Website". Websites are housed on the web servers. Copying a page onto a server is called "publishing" the page, which is also called "posting or uploading". Key Components of the WWW 1. Web Pages and Hypertext: Web Pages: Documents on the web that can include text, images, videos, and other multimedia content. They are written in HTML (Hypertext Markup Language). Hypertext: Text that contains links (hyperlinks) to other documents or web pages. Clicking on a hyperlink takes the user to the linked document or page. 2. Web Browsers: Software applications used to access and display web pages. Examples include Google Chrome, Mozilla Firefox, Safari, and Microsoft Edge. 3. Web Servers: Computers that store web pages and serve them to users upon request. They use HTTP (Hypertext Transfer Protocol) or HTTPS (HTTP Secure) to communicate with web browsers. 4. URLs (Uniform Resource Locators): Addresses used to locate resources on the web. A URL typically includes the protocol (http or https), the domain name (like www.example.com), and the path to a specific page or file. 5. Search Engines: Services that index web pages and allow users to search for information on the web. Examples include Google, Bing, and Yahoo. Prepared By :Ruchita Pandya Page 13 Smt. R.O.Patel Women's college CS-27 Cyber Security How the WWW Works 1. Accessing Web Pages: A user enters a URL in the web browser or clicks a hyperlink. The browser sends an HTTP request to the appropriate web server. The web server processes the request and sends back the requested web page or resource. The browser displays the content to the user. 2. Hyperlinks and Navigation: Hyperlinks allow users to navigate between web pages and websites seamlessly. Links can point to other pages on the same site (internal links) or to pages on different websites (external links). 3. HTML and Web Development: HTML is the standard language used to create web pages. It defines the structure and content of a page using tags. CSS (Cascading Style Sheets) is used to control the appearance and layout of web pages. JavaScript is used to create interactive and dynamic web content. ❖ Advent (Invention) of internet The internet is an essential infrastructure that reinforces much of modern society, driving communication, commerce, and innovation. Its continuous evolution promises to further enhance its capabilities and impact. The advent of the internet marks one of the most transformative periods in modern history, fundamentally changing how people communicate, access information, and conduct business. Here’s an overview of its evolution: Early Beginnings 1960s: The internet's conceptual foundations were laid during this decade. The United States Department of Defense initiated research to create a robust, fault-tolerant communication via computer networks. ARPANET (1969): Funded by the Advanced Research Projects Agency (ARPA), ARPANET became the first operational packet-switching network and the Prepared By :Ruchita Pandya Page 14 Smt. R.O.Patel Women's college CS-27 Cyber Security progenitor of the global internet. The first message was sent from UCLA to Stanford Research Institute. Development and Expansion 1970s: Key protocols and concepts were developed during this decade. Notable milestones include the development of the Transmission Control Protocol (TCP) and Internet Protocol (IP) by Vint Cerf and Bob Kahn, which became the standard networking protocols. 1980s: o DNS (1983): The Domain Name System (DNS) was introduced, making it easier to navigate the network by replacing numeric IP addresses with human-friendly domain names. o NSFNET (1986): The National Science Foundation Network (NSFNET) was established, providing a major backbone for data exchange between smaller regional networks. World Wide Web 1989-1990: Tim Berners-Lee, a British scientist, invented the World Wide Web (WWW) while working at CERN. The WWW is a system of interlinked hypertext documents accessed via the internet. 1991: The first website went live at CERN. Berners-Lee also developed the first web browser, WorldWideWeb (later renamed Nexus). Commercialization and Global Spread 1993: The Mosaic web browser, developed by Marc Andreessen and Eric Bina at the National Center for Supercomputing Applications (NCSA), was released. It was user-friendly and greatly popularized web browsing. 1995: The commercial potential of the internet began to be realized with the advent of services like Amazon and eBay. Additionally, Microsoft launched Internet Explorer, initiating the browser wars. 1996: The Telecommunications Act of 1996 in the U.S. facilitated the growth and deregulation of telecommunications and internet services. Web 2.0 and Beyond 2000s: The concept of Web 2.0 emerged, emphasizing user-generated content, usability, and interoperability. Social media platforms like Facebook (2004) and YouTube (2005) revolutionized online interaction and content sharing. 2010s: The proliferation of smartphones and mobile internet access expanded the internet’s reach and usage patterns. Cloud computing, big data, and the Internet of Things (IoT) became significant trends. Impact and Current Trends Communication: Email, instant messaging, and social media have transformed personal and professional communication. Prepared By :Ruchita Pandya Page 15 Smt. R.O.Patel Women's college CS-27 Cyber Security Information Access: Search engines like Google have made information readily accessible. Online education and e-learning platforms have democratized learning. Commerce: E-commerce has reshaped the retail industry, while digital payment systems have facilitated new business models. Entertainment: Streaming services for music, movies, and games have changed how media is consumed. Challenges and Future Directions Privacy and Security: Concerns over data privacy, cybersecurity threats, and the regulation of personal information. Digital Divide: Ensuring equitable access to internet technologies across different socioeconomic and geographical regions. Emerging Technologies: The rise of artificial intelligence, blockchain, and quantum computing are expected to further transform the internet landscape. The internet continues to evolve, driving innovation and influencing virtually every aspect of modern life. Its ongoing development promises to further shape the future of communication, commerce, and culture. WWW The World Wide Web (WWW), commonly known as the web, is a system of interlinked hypertext documents and multimedia content that is accessed via the internet. Here are the key aspects and components of the WWW: ❖ Internet infrastructure for data transfer Internet infrastructure refers to the physical systems that provide internet communication. It include networking cables, cellular towers, servers, internet exchange points, data centers, and individual computers. Internet infrastructure for data transfer comprises a complex system of interconnected hardware, software, and protocols that facilitate the movement of data across the globe. Here's a detailed overview of the key components and how they work together: 1. Physical Infrastructure Fiber Optic Cables: High-capacity cables laid under the ground and sea, which use light to transmit data over long distances with minimal loss. Copper Cables: Traditional wiring for shorter distances, often used in older networks. Wireless Technologies: Includes satellite, microwave, and mobile networks (e.g., 4G, 5G) for remote or mobile data transfer. Data Centers: Facilities that house servers and storage systems, processing and storing vast amounts of data. Network Hardware: Routers, switches, and modems that direct data packets along the optimal path through the network. Prepared By :Ruchita Pandya Page 16 Smt. R.O.Patel Women's college CS-27 Cyber Security 2. Protocols and Standards TCP/IP (Transmission Control Protocol/Internet Protocol): The foundational protocol suite for the internet, ensuring reliable and ordered delivery of data packets. HTTP/HTTPS (HyperText Transfer Protocol / Secure): Protocols for transferring web pages and other data on the web. FTP (File Transfer Protocol): Used for transferring files between computers on a network. DNS (Domain Name System): Translates human-readable domain names into IP addresses, allowing users to locate resources on the internet. 3. Network Types LAN (Local Area Network): Connects devices within a limited area, such as a home, school, or office building. WAN (Wide Area Network): Connects devices over larger geographic areas, such as cities or countries. The internet itself is the largest WAN. MAN (Metropolitan Area Network): Spans a city or large campus, larger than a LAN but smaller than a WAN. 4. Internet Service Providers (ISPs) Tier 1 ISPs: Large companies that provide the backbone of the internet, connecting directly to the internet's global routing infrastructure. Tier 2 ISPs: Purchase internet access from Tier 1 ISPs and provide connectivity to regional areas. Tier 3 ISPs: Purchase access from Tier 2 ISPs and provide the final connection to homes and businesses. 5. Content Delivery Networks (CDNs) Purpose: Improve the speed and reliability of delivering content to end- users by caching content at strategically distributed data centers. How It Works: When a user requests a webpage or video, the CDN serves it from the closest possible server, reducing latency and load times. 6. Security Mechanisms Firewalls: Protect networks by controlling incoming and outgoing network traffic based on predetermined security rules. Encryption: Ensures data privacy and security during transmission, commonly implemented through protocols like SSL/TLS. VPN (Virtual Private Network): Provides secure and encrypted connections over the internet, often used for remote access to corporate networks. Prepared By :Ruchita Pandya Page 17 Smt. R.O.Patel Women's college CS-27 Cyber Security 7. Routing and Traffic Management BGP (Border Gateway Protocol): Determines the best paths for data to travel across different networks. Load Balancers: Distribute network or application traffic across multiple servers to ensure no single server becomes overwhelmed. QoS (Quality of Service): Manages data traffic to reduce latency, jitter, and packet loss for high-priority services like VoIP and streaming. 8. Emerging Technologies 5G Networks: Offer higher speeds and lower latency than previous mobile networks, enhancing data transfer capabilities. Edge Computing: Processes data closer to the data source to reduce latency and improve performance for real-time applications. Quantum Computing: Although still in early stages, promises to revolutionize data processing and transfer with vastly increased computational power. The internet infrastructure for data transfer is an intricate and multi-layered system that combines various technologies to ensure seamless connectivity and efficient data movement worldwide. Understanding these components helps appreciate the complexity and robustness of modern internet connectivity. ❖ Internet infrastructure for governance Internet infrastructure for governance refers to the systems, policies, and protocols that ensure the secure, reliable, and equitable functioning of the internet. Governance encompasses various stakeholders, including governments, private companies, non-governmental organizations (NGOs), and international bodies. Here's a detailed overview of how internet governance is structured and functions: 1. Governance Bodies and Organizations ICANN (Internet Corporation for Assigned Names and Numbers): o Role: Manages the global Domain Name System (DNS), including the allocation of IP addresses and domain names. o Structure: A multi-stakeholder organization with representatives from governments, private sector, academia, and civil society. IANA (Internet Assigned Numbers Authority): o Role: Operates under ICANN to coordinate IP address allocation, DNS root zone management, and other protocol assignments. IETF (Internet Engineering Task Force): o Role: Develops and promotes voluntary internet standards and protocols, particularly the standards that comprise the internet protocol suite (TCP/IP). o Structure: An open standards organization with a large international community of network designers, operators, vendors, and researchers. ISOC (Internet Society): Prepared By :Ruchita Pandya Page 18 Smt. R.O.Patel Women's college CS-27 Cyber Security o Role: Promotes the open development, evolution, and use of the internet for the benefit of all people. o Structure: A global organization with individual and organizational members that supports and promotes the work of the IETF and other internet-related initiatives. ITU (International Telecommunication Union): o Role: A specialized agency of the United Nations responsible for issues related to information and communication technologies, including setting international standards and policies. o Structure: An intergovernmental organization with members from the private sector and academic institutions. 2. Policy Development and Implementation Multi-Stakeholder Model: o Principle: Involves the participation of all stakeholders, including governments, private sector, civil society, academia, and the technical community in the decision-making process. o Implementation: Through open forums, public consultations, and collaborative platforms to develop policies and standards. National and Regional Internet Registries (NIRs and RIRs): o Role: Allocate and manage IP address resources within specific regions. o Examples: ARIN (American Registry for Internet Numbers) in North America, RIPE NCC (Réseaux IP Européens Network Coordination Centre) in Europe, APNIC (Asia-Pacific Network Information Centre) in the Asia-Pacific region. 3. Legal and Regulatory Frameworks National Laws and Regulations: o Scope: Encompass data privacy, cybersecurity, content regulation, and intellectual property rights. o Examples: GDPR (General Data Protection Regulation) in the European Union, CCPA (California Consumer Privacy Act) in the United States. International Agreements: o Role: Facilitate cross-border cooperation on issues like cybersecurity, internet freedom, and digital trade. o Examples: Budapest Convention on Cybercrime, WTO (World Trade Organization) agreements on e-commerce. 4. Cybersecurity and Resilience CERTs (Computer Emergency Response Teams): o Role: National and regional teams that respond to cybersecurity incidents and coordinate responses to major cyber threats. o Structure: Often government-affiliated but may include private sector and academic participation. Standards and Best Practices: Prepared By :Ruchita Pandya Page 19 Smt. R.O.Patel Women's college CS-27 Cyber Security o Frameworks: NIST (National Institute of Standards and Technology) Cybersecurity Framework, ISO/IEC 27001 for information security management. 5. Digital Inclusion and Access Universal Service Policies: o Goal: Ensure that all citizens have access to reliable and affordable internet services. o Implementation: Government initiatives, subsidies for infrastructure development in rural areas, and public-private partnerships. Capacity Building: o Focus: Training and education programs to enhance digital literacy and skills, particularly in underserved communities. o Organizations Involved: ISOC, local NGOs, government programs. 6. Content and Platform Regulation Content Moderation: o Responsibility: Platforms like social media companies are responsible for moderating user-generated content to prevent the spread of illegal or harmful content. o Challenges: Balancing freedom of expression with the need to prevent misinformation, hate speech, and other harmful content. Net Neutrality: o Principle: All internet traffic should be treated equally without discrimination or preference. o Debates: Ongoing debates on how to enforce net neutrality and its implications for internet service providers and users. 7. Emerging Issues and Future Directions AI and Internet Governance: o Challenges: Addressing the ethical, legal, and social implications of artificial intelligence on the internet. o Approaches: Developing frameworks and guidelines for responsible AI use. Internet of Things (IoT): o Governance Needs: Ensuring security, privacy, and interoperability among billions of connected devices. o Standards Development: Organizations like IETF and IEEE (Institute of Electrical and Electronics Engineers) working on IoT standards. Internet infrastructure for governance is a multifaceted domain involving various stakeholders and mechanisms to ensure that the internet remains open, secure, and accessible. Through collaborative efforts and regulatory frameworks, internet governance aims to address the evolving challenges of the digital age while promoting innovation and inclusion. Prepared By :Ruchita Pandya Page 20 Smt. R.O.Patel Women's college CS-27 Cyber Security ❖ Internet Society (ISOC) The Internet Society (ISOC) is an American nonprofit advocacy organization founded in 1992 with local chapters around the world. Its mission is "to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world". The Internet Society (ISOC) is an international nonprofit organization that handles Internet standards, education and policy development. Founded in 1992, ISOC’s mission is to ensure open Internet development by enhancing and supporting Internet use for organizations and individuals worldwide. ISOC was created to support the development process for Internet standards, while focusing on promoting key Internet development activities. ISOC leaders address issues confronting the future of the Internet and provide organizational infrastructure for Internet standards groups, including the Internet Architecture Board (IAB) and the Internet Engineering Task Force (IETF). ISOC handles Internet policy planning and deals with terminologies like the Internet Code of Conduct, Internet Law and the Internet Ecosystem. ISOC has regular member meetings, workshops and conferences on Internet use awareness and other topics of interest. The Internet Society (ISOC) is a nonprofit organization dedicated to advocating for an open, globally connected, secure, and trustworthy Internet for everyone. It was founded in 1992 by internet pioneers, and its mission encompasses promoting the open development, evolution, and use of the internet for the benefit of all people throughout the world. Key activities of the Internet Society include: 1. Policy Advocacy: ISOC engages in discussions with governments, businesses, and other organizations to shape policies that support an open internet, freedom of expression, privacy, and innovation. 2. Technical Standards: ISOC supports the development of technical standards that enable the interoperability and resilience of the internet. This includes contributing to organizations like the Internet Engineering Task Force (IETF). 3. Capacity Building: ISOC provides training and resources to individuals and communities around the world to help them understand, build, and maintain internet infrastructure and services. 4. Research and Education: ISOC conducts research on internet-related issues and publishes reports to inform stakeholders about emerging trends, challenges, and opportunities. Prepared By :Ruchita Pandya Page 21 Smt. R.O.Patel Women's college CS-27 Cyber Security 5. Community Building: ISOC fosters a global community of individuals and organizations who share its vision of an open internet. This includes hosting events, conferences, and online discussions. Overall, the Internet Society plays a crucial role in ensuring that the internet remains a global resource that is accessible to all, promotes innovation, and respects the rights and privacy of its users. ❖ The regulation of cyberspace The regulation of cyberspace involves a range of legal, technical, and organizational measures aimed at managing and controlling online activities, ensuring the security and privacy of users, and fostering a safe and fair digital environment. Here are key aspects of cyberspace regulation: 1. Legal Frameworks Data Protection and Privacy Laws: Regulations like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. set strict guidelines on how personal data should be collected, processed, and stored. Cybercrime Laws: Laws addressing online criminal activities, such as hacking, identity theft, and online fraud, are essential for protecting individuals and organizations. Intellectual Property Rights: Ensuring that digital content is protected against piracy and unauthorized use. Content Regulation: Laws governing the type of content that can be shared online, including measures against hate speech, misinformation, and illegal content. 2. Technical Measures Cybersecurity Protocols: Implementation of advanced security measures like encryption, multi-factor authentication, and regular security audits to protect digital infrastructure. Network Neutrality: Ensuring that all data on the internet is treated equally without discrimination or preferential treatment. 3. Organizational Policies Corporate Compliance: Companies must adhere to legal and regulatory requirements, including implementing robust data protection measures and ensuring transparency in data handling practices. User Agreements: Terms of service and privacy policies that clearly outline the rights and responsibilities of users and service providers. 4. International Cooperation Global Standards: Organizations like the International Organization for Standardization (ISO) and the Internet Corporation for Assigned Names Prepared By :Ruchita Pandya Page 22 Smt. R.O.Patel Women's college CS-27 Cyber Security and Numbers (ICANN) work towards establishing global standards for internet governance. Cross-border Collaboration: Countries and international bodies collaborate to tackle global cyber threats, ensuring a unified response to cybercrime and cybersecurity incidents. 5. Ethical and Social Considerations Digital Divide: Addressing disparities in access to digital technologies and the internet to ensure equitable participation in the digital economy. Online Ethics: Promoting ethical behavior online, including respect for privacy, intellectual property, and responsible digital citizenship. Challenges in Regulating Cyberspace Rapid Technological Advancement: The pace of technological change often outstrips the ability of regulators to keep up. Jurisdictional Issues: The global nature of the internet creates challenges in enforcing laws across borders. Balancing Security and Privacy: Ensuring robust security measures while respecting individual privacy rights is a delicate balance. Current Trends and Future Directions Artificial Intelligence Regulation: As AI technologies become more prevalent, regulations around their use, ethical considerations, and impact on society are becoming increasingly important. Cyber Resilience: Developing frameworks to ensure that digital infrastructures can withstand and recover from cyber attacks. Digital Sovereignty: Nations are increasingly focusing on controlling their digital infrastructures and data within their borders, leading to initiatives like data localization laws. Effective regulation of cyberspace requires a collaborative effort among governments, private sector entities, civil society, and international organizations to create a secure, fair, and inclusive digital environment. ❖ Concept of Cyber Security Cyber security The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. Cybersecurity is divided into two phrases one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks, programs, and data. And security is concerned with the protection of systems, networks, applications, and information. In some cases, it is also called electronic information security or information technology security. Some other definitions of cybersecurity are: Prepared By :Ruchita Pandya Page 23 Smt. R.O.Patel Women's college CS-27 Cyber Security "Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access." "Cyber Security is the set of principles and practices designed to protect our computing resources and online information against threats." Types of Cyber Security Every organization's assets are the combinations of a variety of different systems. These systems have a strong cybersecurity posture that requires coordinated efforts across all of its systems. Therefore, we can categorize cybersecurity in the following sub-domains: Network Security: It involves implementing the hardware and software to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization to protect its assets against external and internal threats. Application Security: It involves protecting the software and devices from unwanted threats. This protection can be done by constantly updating the apps to ensure they are secure from attacks. Successful security begins in the design stage, writing source code, validation, threat modeling, etc., before a program or device is deployed. Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. Identity management: It deals with the procedure for determining the level of access that each individual has within an organization. Operational Security: It involves processing and making decisions on handling and securing data assets. Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are unauthorized access, device loss or theft, malware, etc. Cloud Security: It involves in protecting the information stored in the digital environment or cloud architectures for the organization. It uses various cloud service providers such as AWS, Azure, Google, etc., to ensure security against multiple threats. Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event. User Education: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event. Prepared By :Ruchita Pandya Page 24 Smt. R.O.Patel Women's college CS-27 Cyber Security Importance of Cyber Security In today digital era, all aspects of our lives depend on the network, computer and other electronic devices, and software applications. All critical infrastructure such as the banking system, healthcare, financial institutions, governments, and manufacturing industries use devices connected to the Internet as a core part of their operations. Some of their information, such as intellectual property, financial data, and personal data, can be sensitive for unauthorized access or exposure that could have negative consequences. This information gives intruders and threat actors to infiltrate them for financial gain, extortion, political or social motives, or just vandalism. Cyber-attack is now an international concern that hacks the system, and other security attacks could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity strategy to protect sensitive information from high-profile security breaches. Furthermore, as the volume of cyber-attacks grows, companies and organizations, especially those that deal with information related to national security, health, or financial records, need to use strong cybersecurity measures and processes to protect their sensitive business and personal information. Cyber Security Goals The main objective of cyber security is to ensure data protection. The security community provides a triangle of three related principles to protect the data from cyber-attacks. This principle is called the CIA triad. The CIA model is designed to guide policies for an organization's information security infrastructure. When any security breaches are found, one or more of these principles has been violated. We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is actually a security model that helps people to think about various parts of IT security. Let us discuss each part in detail. Confidentiality Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves ensuring the data is accessible by those who are allowed to use it and blocking access to others. It prevents essential information from reaching the wrong people. Data encryption is an excellent example of ensuring confidentiality. Prepared By :Ruchita Pandya Page 25 Smt. R.O.Patel Women's college CS-27 Cyber Security Integrity This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by threat actors or accidental user modification. If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event. In addition, it indicates to make the source of information genuine. Availability This principle makes the information to be available and useful for its authorized people always. It ensures that these accesses are not hindered by system malfunction or cyber-attacks. Types of Cyber Security Threats A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data, gain access to a network, or disrupts digital life in general. The cyber community defines the following threats available today: Malware Malware means malicious software, which is the most common cyber attacking tool. It is used by the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the important types of malware created by the hacker: Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and spreads throughout a computer system, infecting files, stoles information, or damage device. Spyware: It is a software that secretly records information about user activities on their system. For example, spyware could capture credit card details that can be used by the cybercriminals for unauthorized shopping, money withdrawing, etc. Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into downloading and running. Its primary purpose is to corrupt or steal data from our device or do other harmful activities on our network. Prepared By :Ruchita Pandya Page 26 Smt. R.O.Patel Women's college CS-27 Cyber Security Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption. Worms: It is a piece of software that spreads copies of itself from device to device without human interaction. It does not require them to attach themselves to any program to steal or damage the data. Adware: It is an advertising software used to spread malware and displays advertisements on our device. It is an unwanted program that is installed without the user's permission. The main objective of this program is to generate revenue for its developer by showing the ads on their browser. Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data theft without the user's permission. Phishing Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text message with a link to persuade them to click on that links. This link will redirect them to fraudulent websites to provide sensitive data such as personal information, banking and credit card information, social security numbers, usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers to control devices remotely. Man-in-the-middle (MITM) attack A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a cybercriminal intercepts a conversation or data transfer between two individuals. Once the cybercriminal places themselves in the middle of a two-party communication, they seem like genuine participants and can get sensitive information and return different responses. The main objective of this type of attack is to gain access to our business or customer data. For example, a cybercriminal could intercept data passing between the target device and the network on an unprotected Wi-Fi network. Distributed denial of service (DDoS) It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services, or network's regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure with Internet traffic. Here the requests come from several IP addresses that can make the system unusable, overload their servers, slowing down significantly or temporarily taking them offline, or preventing an organization from carrying out its vital functions. Prepared By :Ruchita Pandya Page 27 Smt. R.O.Patel Women's college CS-27 Cyber Security Brute Force A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible combinations until the correct information is discovered. Cybercriminals usually use this attack to obtain personal information about targeted passwords, login info, encryption keys, and Personal Identification Numbers (PINS). SQL Injection (SQLI) SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for backend database manipulation to access sensitive information. Once the attack is successful, the malicious actor can view, change, or delete sensitive company data, user lists, or private customer details stored in the SQL database. Domain Name System (DNS) attack A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data from affected computers. It is a severe cybersecurity risk because the DNS system is an essential element of the internet infrastructure. Latest Cyber Threats The following are the latest cyber threats reported by the U.K., U.S., and Australian governments: Romance Scams The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat through dating sites, chat rooms, and apps. They attack people who are seeking a new partner and duping them into giving away personal data. Dridex Malware It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the public, government, infrastructure, and business worldwide. It infects computers through phishing emails or existing malware to steal sensitive information such as passwords, banking details, and personal data for fraudulent transactions. The National Cyber Security Centre of the United Kingdom encourages people to make sure their devices are patched, anti- virus is turned on and up to date, and files are backed up to protect sensitive data against this attack. Prepared By :Ruchita Pandya Page 28 Smt. R.O.Patel Women's college CS-27 Cyber Security Emotet Malware Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our device. The Australian Cyber Security Centre warned national organizations about this global cyber threat in 2019. The following are the system that can be affected by security breaches and attacks: Communication: Cyber attackers can use phone calls, emails, text messages, and messaging apps for cyberattacks. Finance: This system deals with the risk of financial information like bank and credit card detail. This information is naturally a primary target for cyber attackers. Governments: The cybercriminal generally targets the government institutions to get confidential public data or private citizen information. Transportation: In this system, cybercriminals generally target connected cars, traffic control systems, and smart road infrastructure. Healthcare: A cybercriminal targets the healthcare system to get the information stored at a local clinic to critical care systems at a national hospital. Education: A cybercriminals target educational institutions to get their confidential research data and information of students and employees. Benefits of Cyber Security The following are the benefits of implementing and maintaining cybersecurity: Cyberattacks and data breach protection for businesses. Data and network security are both protected. Unauthorized user access is avoided. After a breach, there is a faster recovery time. End-user and endpoint device protection. Regulatory adherence. Continuity of operations. Developers, partners, consumers, stakeholders, and workers have more faith in the company's reputation and trust. Cyber Safety Tips The following are the popular cyber safety tips. Conduct cybersecurity training and awareness: Every organization must train their staffs on cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be successful. If the staff does unintentional or intentional malicious activities, it may fail the best technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct security training and awareness for staff through seminars, classes, and online courses that reduce security violations. Prepared By :Ruchita Pandya Page 29 Smt. R.O.Patel Women's college CS-27 Cyber Security Update software and operating system: The most popular safety measure is to update the software and O.S. to get the benefit of the latest security patches. Use anti-virus software: It is also useful to use the anti-virus software that will detect and removes unwanted threats from your device. This software is always updated to get the best level of protection. Perform periodic security reviews: Every organization ensures periodic security inspections of all software and networks to identify security risks early in a secure environment. Some popular examples of security reviews are application and network penetration testing, source code reviews, architecture design reviews, and red team assessments. In addition, organizations should prioritize and mitigate security vulnerabilities as quickly as possible after they are discovered. Use strong passwords: It is recommended to always use long and various combinations of characters and symbols in the password. It makes the passwords are not easily guessable. Do not open email attachments from unknown senders: The cyber expert always advises not to open or click the email attachment getting from unverified senders or unfamiliar websites because it could be infected with malware. Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use insecure networks because they can leave you vulnerable to man-in-the-middle attacks. Backup data: Every organization must periodically take backup of their data to ensure all sensitive data is not lost or recovered after a security breach. In addition, backups can help maintain data integrity in cyber-attack such as SQL injections, phishing, and ransomware. Best Practices for Cyber security 1. Regularly Update and Patch Systems: Ensure all software and systems are up-to-date with the latest security patches and updates. 2. Use Strong, Unique Passwords: Employ strong passwords and change them regularly, using multi-factor authentication wherever possible. 3. Educate Employees: Provide regular cybersecurity training to employees to recognize and respond to threats like phishing and social engineering. 4. Implement Least Privilege: Limit access rights for users to the bare minimum permissions they need to perform their work. 5. Conduct Regular Security Audits: Regularly assess and audit security measures to identify and address vulnerabilities. 6. Backup Data: Regularly back up data and ensure backups are secure and can be restored in case of an incident. 7. Develop an Incident Response Plan: Have a well-documented incident response plan in place to quickly respond to and recover from security incidents. Prepared By :Ruchita Pandya Page 30 Smt. R.O.Patel Women's college CS-27 Cyber Security ❖ Issues and challenges of cybersecurity Cybersecurity is a critical concern for individuals, organizations, and governments worldwide. As technology advances, so do the methods and sophistication of cyber threats. Here are some of the primary issues and challenges in the field of cybersecurity: Issues in Cybersecurity 1. Data Breaches: Unauthorized access to sensitive data, leading to the loss of personal, financial, and proprietary information. 2. Malware: Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. 3. Ransomware: A type of malware that encrypts the victim's files and demands a ransom payment to restore access. 4. Phishing: Deceptive attempts to obtain sensitive information by pretending to be a trustworthy entity. 5. Denial-of-Service (DoS) Attacks: Attempts to make a machine or network resource unavailable to its intended users. 6. Man-in-the-Middle (MitM) Attacks: Eavesdropping attacks where the attacker secretly intercepts and relays messages between two parties. 7. Insider Threats: Security risks originating from within the organization, often involving employees or other insiders with legitimate access. 8. Advanced Persistent Threats (APTs): expanded and targeted cyberattacks in which an intruder gains access to a network and remains undetected for an extended period. Challenges in Cybersecurity 1.Evolving Threat Landscape: Cyber threats constantly evolve, requiring continuous updates and advancements in security measures. 2. Lack of Skilled Professionals: There is a significant shortage of skilled cybersecurity professionals to address the growing number of cyber threats. 3. Complexity of Systems : Modern IT environments are complex, often involving a mix of on-premises and cloud-based systems, which complicates security management. 4. Legacy Systems: Older systems that are still in use may not have been designed with modern security threats in mind, making them vulnerable. Prepared By :Ruchita Pandya Page 31 Smt. R.O.Patel Women's college CS-27 Cyber Security 5. Regulatory Compliance: Organizations must navigate and comply with a range of cybersecurity regulations and standards, which can be challenging and resource-intensive. 6. Zero-Day Vulnerabilities: Unknown vulnerabilities in software that are exploited by attackers before the vendor becomes aware and fixes them. 7. Supply Chain Security: Ensuring that all components of the supply chain, including third-party vendors, adhere to strong cybersecurity practices. 8. User Awareness and Education: Human error remains a significant risk factor, necessitating ongoing education and training for users to recognize and respond to cyber threats. 9. Privacy Concerns: Balancing the need for security with the protection of individual privacy rights. 10. Economic Costs: The financial impact of cyberattacks includes not only the direct costs of responding to breaches but also potential fines, legal fees, and damage to reputation. Mitigation (Improvement) Strategies To address these issues and challenges, organizations can adopt several strategies: Implementing Comprehensive Security Policies: Establishing and enforcing strong security policies and procedures. Regular Training and Awareness Programs: Educating employees about cybersecurity best practices and how to recognize potential threats. Advanced Threat Detection Tools: Utilizing tools such as intrusion detection systems, antivirus software, and endpoint protection. Regular Security Audits and Assessments: Conducting regular reviews and assessments to identify and mitigate vulnerabilities. Incident Response Planning: Developing and maintaining an incident response plan to quickly and effectively respond to security incidents. Encryption and Data Protection: Implementing robust encryption methods to protect sensitive data. Collaboration and Information Sharing: Collaborating with other organizations and government agencies to share information about threats and best practices. Investment in Research and Development: Investing in the development of new technologies and approaches to stay ahead of cyber threats. Addressing cybersecurity issues and challenges requires a multifaceted approach, combining technological solutions, skilled personnel, and a strong organizational commitment to security. Prepared By :Ruchita Pandya Page 32

Unit 1: Introduction to Cyber Security PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue