Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals (English Edition)

CHAPTER 1

Introduction to Cybersecurity

Internet is a big source of knowledge and easily accessible to all. Interestingly, it has equal opportunities for criminals too. Cybercriminals leverage modern technologies to develop sophisticated tools and techniques, and use them to perform malicious activities aimed at distorting, disrupting and/or stealing sensitive data and information, primarily for financial gains. They are creating barriers to innovation, knowledge sharing, economic growth, and the free flow of information. In this chapter, it is assumed that you have some basic knowledge about computer networks, while the chapter emphasizes on understanding the terms data and information with reference to Cybersecurity.

Structure

In this chapter, we will cover the following topics:

Data and Information

W3 Consortium (W3C)

Networking, W3 and Internet Relationship

Information Security

World Wide Web Security

Network Security

Cybersecurity

Objective

The aim of this chapter is to impart the basic knowledge of Data and Information in readers and making them aware of inherent risks and problems with our digital infrastructure. After reading this chapter, you would understand the necessity to protect digital infrastructure encompassing internet, networking and World Wide Web. You will be familiar with the key motivations behind the cybercrimes and understand the key concepts such as Information security, World Wide Web security, and Network security. Our focus is to introduce you to Cybersecurity and its coverage, and help you understand Vicious Architecture and taxonomies of Cybercrime.

1.1 Data and information

Data can be defined as the facts, measurements, and statistics gathered in real-time environment[1]. This term is associated with scientific research and examined for reasoning, discussion and decision making. Initially, data was represented in text forms, numbers or in combination of both. After the introduction of multimedia, the term data expanded its boundaries and incorporated audio, images, graphics, and video in itself [2]. However, there are various types of data that exist but all get stored in digital form.

Information is the meaning of stored data in some context for its intended receiver(s). Information in any stage becomes data for computers. When data is accurately processed in an organized manner with a specific purpose and it presents some relevant meaning to its user, then it is called information. The information becomes useless if it does not lead a significant increase in end-user knowledge.

1.1.1 Data versus information

Both the terms data and information are often used in the same context by novices, which is technically not true. Data usually refers to raw facts or unprocessed facts, which contain numbers, letters, characters, and multimedia objects. It represents qualitative or quantitative measurements of a particular set of items during a particular time span. When data is processed to find some conclusions, then it is termed as information [3]. The major differences between data and information are as follows:

Data is used as input for computer system to generate information.

Data refers to unstructured and disorganized facts and when these facts are processed in some organized and structured way in a particular span of time, then we get information.

Data is independent in itself, while information needs data for its own existence.

Data is meaningless while information carries relevant meaning and becomes beneficial for end users.

We can perceive data as raw material to generate information like product.

1.1.2 Characteristics of information

Transformation of data into information requires number of steps such as data processing, data cleaning, and data analysis and interpretation. Information remains irrelevant until it adds something new to users’ knowledge. It has five major characteristics:

Accuracy: It is the degree of analysis that provides correct facts to its users. It implies the state of being error free, clear, updated, and having no mistakes.

Completeness: This is another important attribute which ensures that all the necessary data have been collected and processed in a right way to draw a conclusion.

Consistency: It refers to a quality of information that is consistent, but not having conclusions in parts.

Uniqueness: It refers to globally accepted facts in a consistent order without ambiguity.

Timeliness: It enables users to make quick decisions on the basis of information that is delivered.

1.2 Data communication

Computers are basically used to collect data from different sources, convert that data in to meaningful information. Generated information becomes useless until it is delivered to the right person at the right time. It is equally important to transmit information quickly for the benefits of its users across the world. To transfer the information across the world, we use well-connected digitally networked infrastructure. In remote information sharing, communication needs to cover a distance. Data communication refers to exchange of information between two or more computers with the help of some communication medium. This communication medium can be either wired medium or wireless medium.

1.2.1 Data communication model

A data communication model contains five key components:

Source: Source refers to device that generates the information to be transmitted. The source may be in the form of computers, mobiles, telephones, and so on.

Messages: The message is the information that is to be transmitted for destination end. The message may include text, pictures, audio, videos or any combination of these.

Transmission medium: The transmission medium refers to physical path or network connecting source and destination, through which message is transmitted from sender to receiver. The transmission medium path may consist of coaxial cable, twisted pair, fibre-optic cable, and satellite microwave.

Destination: Destination refers to the device that receives the information coming from sender end through transmission medium.

Protocols: A protocol refers to a set of rules and conventions that govern the digital communication between two parties. It represents an agreement between communicating parties in direction to how to proceed the communication.

1.2.2 Data communication system

The effectiveness of data communication system depends upon following characteristics:

Interface: To communicate with the help of communication medium, devices at the sender end and receiver end must have an interface. As all the forms of communication depends upon the generation of electromagnetic signals, the interface in communication at both ends play a key role. Data signals generated from transmitter with its properties like its form and intensity are received by interface at communication end. Here it must be ensured that the channel interface is capable of receiving the signal generated from transmitter in its original form. Similarly, at the time of delivery from the communication channel, the interface should deliver the original signals to its destinations.

Delivery: The system must transmit the information to its authorized receiver or correct destination.

Accuracy: The data must be transmitted accurately from source end and must be received at receiving end in its original form as it was transmitted originally.

Synchronization: The timing of arriving data packets and their order at destination is important. There must be synchronization between transmitter and receiver. In a good communication channel, the receiver knows when signals arrive at communication medium and how long they take to reach at receiving end. This can be easily understood with example of live cricket match. If the cricket match is being broadcasted and the data packets at our television sets are received in an unordered way with delay, we cannot enjoy the cricket match.

Error detection and correction: To check the originality of signals at the receiving end, the communication must have error detection and error correction facility because in data communication the errors (numbers and ordering) cannot be tolerated.

Flow control: Flow control is required to compensate the speed and capacity of transmitter, receiver and communication medium.

Security: It is an essential measure for a good communication medium. The sender of the information will always wish to be assured that the information he is sending would be received only by the intended receiver and nobody else.

1.3 Computer network

A computer network is a set of computers that are connected to each other via wired or wireless medium. A computer in network shares information in its own network group and becomes remotely accessible from other computers existing in same network. Information sharing is the primary requirement for computers to be a part of a network. A computer connected to a network becomes accessible to other computers. Each computer incorporated in network is known as node or terminal. We form computer network for the purpose of data communication and resource sharing. The most common resource shared nowadays is connection to World Wide Web from which we retrieve the information across the world. Organizations are heavily relying on networking in order to share application software and to increase the productivity in limited expanses.

There are many ways in which network can be classified, such as their size, capabilities and geographical area they cover. Some of the most common types of ubiquitous network are detailed here.

1.3.1 Local Area Network (LAN)

This is the smallest and privately owned network that connects two or more computers in a relatively small coverage area like single office, building, and campus. Each computer in LAN has its own identification number through which it is recognized in communication process.

1.3.2 Metropolitan Area Network (MAN)

This is a network that spans in a geographic area larger than Local Area Network (LAN) and smaller than Wide Area Network (WAN). This term makes interconnection across the city and college campus with the help of a single larger network. A Metropolitan Area Network (MAN) is often formed by interconnecting several LANs together to cover an area of several kilometres.

1.3.3 Wide Area Network (WAN)

This type of network connects the computers or other networking devices across a much larger geographical area in comparison to LAN and MAN. Although WAN is not restricted to a particular geographical location, it might be confined to the bounds of a state or country. The networking devices such computers and mobile phones connected to WAN use the public network like telephone system and satellite system to facilitate the large-scale data transfer. A WAN interconnects various smaller telecommunication networks, including several local area networks (LANs) and wide area networks (WANs).

1.3.4 Personal Area Network (PAN)

A personal area network (PAN) is a network in which exchange of information and data occurs within the vicinity of a person. The systems in this network often use wireless technologies and communicate within the range of 10 meters. It allows devices like computers, smartphones and smartwatches to communicate and share the data. In our mobiles, the option smart phone tethering is the example of PAN network that allows the nearby devices to communicate if it is setup as personal hotspot.

1.3.5 Storage Area Network (SAN)

A storage area network (SAN) is a high-speed storage networking architecture that allows enterprises to access shared pools of storages connected to multiple servers. It is used for critical business applications where high throughput is required with low latency. It presents block-based storage and is accessible from all the applications running on any connected servers.

1.3.6 Enterprise Private Network (EPN)

Enterprise Private Network is designed to protect the data and making the resources shareable among different units of company such as offices, production sites, shops, and warehouses. Digital integration of different units ensures the mobility of resources while data protection is achieved through various security measures like encryptions and tunnelling protocols. Routers are programmed to complete registration process and to decide whether a device can access the EPN or not.

1.3.7 Virtual Private Network (VPN)

Virtual Private Network provides private network services to organizations using the public or shared infrastructure like internet. These private network services are encrypted to ensure the delivery of sensitive data to right person sitting in private company safely. It is a controlled segmentation of communications provided to organization with specific needs.

1.4 World Wide Web

The World Wide Web popularly known as W3, was invented by English scientist Tim Berners-Lee in 1989. It is the virtual and borderless collection of web documents. It contains web pages, pictures, videos and other online content that can be accessed with the help of a web browser. It is the collection of network-accessible information that embodies human knowledge. World Wide Web is actually a virtual space where the websites are hosted. Web documents are pointed by Uniform Resource Locaters (URLs). World Wide Web is open to all and whoever wants upload the documents or websites can easily do with the help of File Transfer Protocol (FTP) and with its own domain name. The size of World Wide Web is continuously expanding with time with versatile information. There are few reasons behind its rapid expansion and these are detailed as follows:

The World Wide Web acts as a medium thorough which any person can advertise and popularize their business.

It removes the geographical boundaries and restrictions from distribution of information.

It is used as knowledge sharing platform.

It acts as a platform for freedom of speech.

Advertisement covers the whole world.

Fastest, Hi-tech and reliable medium for advertisement and communication.

Able to convey whole information about the business.

It requires very low cost compared to other alternatives available in the market.

It does not require much human effort.

Although Tim Berners-Lee invented the World Wide Web, whatever size and shape now exists is because of population. All of us enrich the World Wide Web because whatever we upload, whether documents or websites, to the web becomes information for all of us that is retrieved with the help of search engines after posing the appropriate queries. In this way, we can say the functioning of search engines depends on the documents available in the World Wide Web. Another reason behind the popularity of World Wide Web is that as it contains the information for all. People from various fields such as medical, engineering, and research upload the documents to the World Wide Web and these documents become the information for us.

1.4.1 Characteristics of World Wide Web

The major characteristics of World Wide Web are as follows:

Universal Coverage: The tremendous growth of the Internet and W3 represents the most magnificent transformation in information technology. Now, we can experience the emergence of an open, distributed, global information infrastructure that works with the help of Internet and World Wide Web servers. World Wide Web covers all geographical areas where the internet connectivity exists. It is open to all to upload the text, picture, audio, and video and delivers the information when required. Its universal coverage makes it unique as it provides a common platform to share knowledge about various fields from various parts of earths without any intermediary.

Virtual: World Wide Web is a hypertext-based globally scattered information system. In reference to World Wide Web the term virtual refers to qualities of persistence and interactivity. World Wide Web facilitates us with its services and provides us a common platform for knowledge sharing, but it is non-tangible in nature.

Borderless: The construction of internet and World Wide Web empowers citizens to participate in the global digital economy, access knowledge without geographical boundaries and engage in lawful communication with the rest of words, regardless of location or type of device. All the information organized in World Wide Web structure can be thought at a central storage. It does not matter from which country it is being uploaded that means from the various parts of the world documents get uploaded to web and retrieved from this single repository regardless of physical boundaries and restrictions to satisfy searchers needs.

1.5 Internet

Internet is a heterogeneous collection of numerous different small networks, primarily owned and operated by small companies to cover whole geographical area. Small networks are able to interconnect with each other with the help of a common set of protocols explaining how to transform and exchange information. It is assemblage of variety of numerous networks that includes World Wide Web services to function properly. It is a medium through which the World Wide Web contents are made accessible and useful to users.

1.6 W3 Consortium (W3C)

The World Wide Web Consortium (W3C) is an international community that sets rules, regulations and standards to ensure long-term growth of the Web. W3C was formed in October 1994 to promote its expansion and evolution to provide a common world-Wide knowledge sharing platform. It functions under the supervision of its inventor and director Tim Berners-Lee and CEO Jeffrey Jaffe where around 450 organizations, 70 staff and public work together to develop W3 rules and software.

1.6.1 Functions of W3C

W3C mission is to bring the web in such form with which we can use its full potential. W3C creates specifications, guidelines, software and tools to provide a worldwide platform for information, commerce, independent thoughts and collective understanding. W3C performs the following functions:

Universal access: W3C is doing continuous efforts to raise the standard of web as the universe of network-accessible information. This information is made available easily to users through computers, mobiles, television, or some other networked equipment quickly. Its priority is to provide a forum for human communication and opportunities for knowledge sharing to all people. This forum enables users to fetch the information and share what they like independently. It provides freedom to users about their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.

Trust development: The web is a collaborative platform, open to all to share whatever they feel and experience. The personal view of someone can divert the attention of population and create an explosive situation in society. To promote trustworthy environment, W3C efforts to create Web of Trust to maintain confidentiality, confidence, and integrity. It also develops trace back system to make a person accountable about whatever he publishes on the web.

Interoperability: The need for information for all is vital and the web is a huge source of every kind of information freely available to all everywhere. It is a challenge for W3C to meet the requirements and supply the information to all seekers because they are using different platform, infrastructure, and software. All users cannot maintain similarity in software and interfaces. The W3C continuously efforts to adopt changes in its infrastructure so that it can support all kind of software users use to meet their information need.

Evolvability: W3C believes that our knowledge and technology may become insufficient to tackle future problems. It keeps the future needs in its strategies and update infrastructure to adopt changes and meet current and future requirements. It follows basic principle of design and maintains simplicity, modularity, compatibility, and extensibility.

Decentralization: W3C knows its responsibility well and believes that information on the web is the life and breath of Internet. It believes in distributed systems and decentralize the web for its safety and effective controlling. The web is partitioned and fragmented under single controlling system for better communication and quick maintenance, and to reduce the chances of vulnerability of web as whole.

1.7 Networking, W3 and internet relationship

The