Cybersecurity Overview PDF
Document Details
Tags
Summary
This document provides a comprehensive overview of cybersecurity, from definitions and key aspects to types of hackers, high-profile attacks, and mitigation strategies. It touches upon the role of governments and the private sector in combating cybercrime, and the importance of protecting networks and data.
Full Transcript
Cybersecurity Overview Definition: The practice of protecting systems, networks, and programs from digital attacks aimed at accessing, changing, or destroying sensitive data, extorting money, or disrupting operations. Key Aspects of Cybersecurity: 1. Confidentiality: Information is accessible...
Cybersecurity Overview Definition: The practice of protecting systems, networks, and programs from digital attacks aimed at accessing, changing, or destroying sensitive data, extorting money, or disrupting operations. Key Aspects of Cybersecurity: 1. Confidentiality: Information is accessible only to authorized individuals. 2. Integrity: Ensuring the accuracy and reliability of information. 3. Availability: Authorized users have reliable access when needed. Common Motivations Behind Cyberattacks: 1. Financial Gain: Ransomware, data theft, fraud. 2. Espionage: Corporate or government espionage. 3. Disruption: Hacktivism, infrastructure attacks. Types of Hackers: 1. White Hat Hackers: Defend systems for organizations. 2. Black Hat Hackers: Attack systems for personal gain. 3. Script Kiddies: Inexperienced hackers using existing tools. Examples of High-Profile Cyber Attacks: 1. Facebook Data Leak: Exposed personal data of over 530 million users. 2. Microsoft Exchange Breach (2021): Hackers exploited vulnerabilities to install malware. 3. Twitter Bitcoin Scam (2020): Hackers gained access to high-profile accounts. Impact of Cyberattacks: On Individuals: Identity theft, privacy invasion, financial loss. On Organizations: Operational disruption, reputation damage, financial loss. On Governments: National security threats, public trust erosion, economic consequences. Vulnerabilities, Threats, and Exploits: Vulnerability: A weakness in a system that attackers can exploit. - Example: Outdated software without security patches. Threat: Potential danger that exploits vulnerabilities. - Example: Cybercriminals attempting phishing attacks. Exploit: Method used by attackers to breach security. - Example: A zero-day exploit targeting unpatched software. Mitigation Strategies: 1. Firewalls: Monitor and control network traffic. 2. Intrusion Detection Systems (IDS): Detect malicious activities. 3. Patch Management: Regularly update systems to fix vulnerabilities. Cybersecurity Professionals: Ethical Hackers: Identify vulnerabilities to strengthen security. Security Analysts: Monitor networks and implement security measures. Incident Responders: Mitigate and recover from cyberattacks. International Cybersecurity Organizations: 1. INTERPOL Cybercrime Directorate: International cooperation against cybercrime. 2. Computer Emergency Response Teams (CERTs): National/regional organizations managing cybersecurity incidents. Role of Governments in Combating Cybercrime: Legislation and Regulation: Define cybercrimes and penalties. National Cybersecurity Agencies: Protect infrastructure and coordinate responses. International Cooperation: Joint operations and information sharing. Private Sector’s Role: Innovation and Technology Development: Developing cybersecurity technologies. Public-Private Partnerships: Collaboration for threat intelligence sharing. Corporate Responsibility: Companies must protect customer data and secure networks. Importance of Protecting Networks and Data: 1. Safeguard Sensitive Information: Ensure data privacy and confidentiality. 2. Ensure Business Continuity: Maintain operational stability and disaster recovery. 3. Prevent Financial Loss: Reduce the cost of breaches and protect reputation. 4. Legal Compliance: Meet regulatory standards and be audit-ready. 5. Mitigate Threats: Protect against cyberattacks and enhance threat intelligence. 6. National Security: Protect critical infrastructure and prevent espionage. 7. Enhance Trust: Build customer confidence and maintain competitive advantage. Access Control Lists (ACLs) Overview Definition: ACLs are sets of rules that determine the permissions granted to users and systems for accessing resources. Purpose: Protect critical assets by defining who can access them and what actions they can perform. Types of ACLs 1. Discretionary ACLs (DACLs): Control access to an object based on user permissions (e.g., allowing specific users to read or modify a file). 2. System ACLs (SACLs): Used for auditing access to an object, recording access attempts and actions performed. Managing ACLs in Windows Tools: Use tools like icacls, Windows Explorer, or PowerShell to create and manage ACLs on files, folders, and registry keys. Example: The icacls command can set read-only access for a user on a specific folder. Windows Security Features User Account Control (UAC): Limits applications to standard user privileges unless explicitly elevated. BitLocker: Encrypts drives to protect data from unauthorized access. Windows Defender: Provides real-time protection against malware. Windows Firewall: Controls network traffic using ACLs to filter based on IP addresses, ports, and protocols. Linux Security Features Distributions: Examples include Ubuntu, CentOS, and Red Hat. Security Tools: o SELinux: Enforces mandatory access control policies. o AppArmor: Provides security through application confinement. o iptables: A command-line tool used to configure the netfilter firewall, handling network traffic filtering. Managing ACLs in Linux Tools: o setfacl: Command-line tool to configure granular ACLs. o iptables: Used to manage IPv4 ACLs for allowing or denying traffic based on IP addresses, ports, or protocols. Comparing ACLs in Windows and Linux Windows: Managed primarily through graphical interfaces and PowerShell. Linux: Offers more granular control and is managed via command-line tools. Cybersecurity and Protecting Your Data 1. Securing Your Devices Firewall: Ensure it's turned on. Antivirus/Antispyware: Install and regularly update. Operating System & Browser: Keep them updated. Password Protection: Set up strong passwords and lock screens. 2. Password Security Bad Practices: o Do not reuse personal passwords. o Avoid storing passwords in emails, notes, or on sticky notes. Good Practices: o Use a password manager for secure storage. o Consider using USB fingerprint readers for offline access. 3. Strong Password Guidelines Avoid using dictionary words, names, or misspellings. Use more than 10 characters. Include special characters like !@#$%^&*(). Don’t use computer or account names. 4. Risks of Public Wi-Fi Common Attacks: o Evil Twin Attack: Hackers create fake hotspots to intercept data. o Man-in-the-Middle (MitM): Eavesdropping on data between your device and the Wi-Fi router. o Password Cracking: Using software to guess router passwords. o Packet Sniffing: Capturing and extracting data sent over insecure Wi-Fi. Mitigation Steps: o Validate Wi-Fi hotspots. o Use only sites with "https". o Avoid auto-connecting to networks. o Use VPN for safer browsing. 5. Encryption Converts readable data into a scrambled form using an encryption key. Only authorized users with the key can decrypt the data. Encrypt data using tools like Windows' Encrypting File System (EFS). 6. Types of Encryption Symmetric Encryption: Same key for encryption and decryption. Asymmetric Encryption (Public Key): Different keys for encryption and decryption.