Information Security Concepts

 Information security Overview: Background and current scenario:

• Cyber security is the protection of Internet-connected systems, including
hardware, software, and data from cyber attacks.
• It is made up of two words one is cyber and other is security.
• Cyber is related to the technology which contains systems, network and
programs or data. Whereas security related to the protection which includes
systems security, network security and application and information security.
• It is the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, theft, damage, modification
or unauthorized access.
• It may also be referred to as information technology security.
• We can also define cyber security as the set of principles and practices designed
to protect our computing resources and online information against threats.
• Due to the heavy dependency on computers in a modern industry that store and
transmit an abundance of confidential and essential information about the people,
cyber security is a critical function and needed insurance of many businesses.
• Information Security is basically the practice of preventing unauthorized access,
use, disclosure, disruption, modification, inspection, recording or destruction of
information.
• Information can be physical or electronic one. Information can be anything like
Your details or we can say your profile on social media, your data in mobile
phone, your biometrics etc.
 Goals Of Security
The objective of Cybersecurity is to protect information from being stolen,
compromised or attacked. Cybersecurity can be measured by at least one of three
goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis
of all security programs. The CIA triad is a security model that is designed to
guide policies for information security within the premises of an organization or
company. This model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad to avoid the confusion with the Central Intelligence
Agency. The elements of the triad are considered the three most crucial
components of security.

1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized
disclosure of information. It involves the protection of data, providing access for
those who are allowed to see it while disallowing others from learning anything
about its content. It prevents essential information from reaching the wrong
people while making sure that the right people can get it. Data encryption is a
good example to ensure confidentiality.

Encryption
Encryption is a method of transforming information to make it unreadable for
unauthorized users by using an algorithm. The transformation of data uses a secret
key (an encryption key) so that the transformed data can only be read by using
another secret key (decryption key). It protects sensitive data such as credit card
numbers by encoding and transforming data into unreadable cipher text. This
encrypted data can only be read by decrypting it. Asymmetric-key and
symmetric-key are the two primary types of encryption.

Access control
Access control defines rules and policies for limiting access to a system or to
physical or virtual resources. It is a process by which users are granted access and
certain privileges to systems, resources or information. In access control systems,
users need to present credentials before they can be granted access such as a
person's name or a computer's serial number. In physical systems, these
credentials may come in many forms, but credentials that can't be transferred
provide the most security.

Authentication
An authentication is a process that ensures and confirms a user's identity or role
that someone has. It can be done in a number of different ways, but it is usually
based on a combination of-

o something the person has (like a smart card or a radio key for storing secret
keys),
o something the person knows (like a password),
o something the person is (like a human with a fingerprint).
Authentication is the necessity of every organizations because it enables
organizations to keep their networks secure by permitting only authenticated
users to access its protected resources. These resources may include computer
systems, networks, databases, websites and other network-based applications or
services.

Authorization
Authorization is a security mechanism which gives permission to do or have
something. It is used to determine a person or system is allowed access to
resources, based on an access control policy, including computer programs, files,
services, data and application features. It is normally preceded by authentication
for user identity verification. System administrators are typically assigned
permission levels covering all system and user resources. During authorization, a
system verifies an authenticated user's access rules and either grants or refuses
resource access.

Physical Security
Physical security describes measures designed to deny the unauthorized access of
IT assets like facilities, equipment, personnel, resources and other properties from
damage. It protects these assets from physical threats including theft, vandalism,
fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that
information has not be altered in an unauthorized way, and that source of the
information is genuine.
Backups
Backup is the periodic archiving of data. It is a process of making copies of data
or data files to use in the event when the original data or data files are lost or
destroyed. It is also used to make copies for historical purposes, such as for
longitudinal studies, statistics or for historical records or to meet the requirements
of a data retention policy. Many applications especially in a Windows
environment, produce backup files using the .BAK file extension.

Checksums
A checksum is a numerical value used to verify the integrity of a file or a data
transfer. In other words, it is the computation of a function that maps the contents
of a file to a numerical value. They are typically used to compare two sets of data
to make sure that they are the same. A checksum function depends on the entire
contents of a file. It is designed in a way that even a small change to the input file
(such as flipping a single bit) likely to results in different output value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily
detected and automatically corrected.

3. Availability
Availability is the property in which information is accessible and modifiable in
a timely fashion by those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.
Tools for Availability

o Physical Protections
o Computational Redundancies

Physical Protections
Physical safeguard means to keep information available even in the event of
physical challenges. It ensure sensitive information and critical information
technology are housed in secure areas.

Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and
storage devices that serve as fallbacks in the case of failures.

 Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses
malicious code to alter computer code, logic or data and lead to cybercrimes, such
as information and identity theft.

We are living in a digital era. Now a day, most of the people use computer and
internet. Due to the dependency on digital things, the illegal computer activity is
growing and changing like any type of crime.

Cyber-attacks can be classified into the following categories:

 Web-based attacks

These are the attacks which occur on a website or web applications. Some of the
important web-based attacks are as follows
1. Injection attacks

It is the attack in which some data will be injected into a web application to
manipulate the application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is

introduced into a DNS resolver's cache causing the name server to return an
incorrect IP address, diverting traffic to the attacker?s computer or any other
computer. The DNS spoofing attacks can go on for a long period of time without
being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications

create cookies to store the state and user sessions. By stealing the cookies, an
attacker can have access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user
login credentials and credit card number. It occurs when an attacker is
masquerading as a trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a
large number of guesses and validates them to obtain actual data like user
password and personal identification number. This attack may be used by
criminals to crack encrypted data, or by security, analysts to test an organization's
network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to

the users. It accomplishes this by flooding the target with traffic or sending it
information that triggers a crash. It uses the single system and single internet
connection to attack a server. It can be classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site,
and is measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a
packet.

Application layer attacks- Its goal is to crash the web server and is measured in
request per secon

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated
them to get original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can
make a web server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential

files which is available on the web server or to execute malicious files on the web
server by making use of the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between

client and server and acts as a bridge between them. Due to this, an attacker will
be able to read, insert and modify the data in the intercepted connection.

 System-based attacks

These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer

files without the knowledge of a user. It is a self-replicating malicious computer
program that replicates by inserting copies of itself into other computer programs
when executed. It can also execute instructions that cause harm to the system.
2. Worm

It is a type of malware whose primary function is to replicate itself to spread to

uninfected computers. It works same as the computer virus. Worms often
originate from email attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and

unusual activity, even when the computer should be idle. It misleads the user of
its true intent. It appears to be a normal application but when opened/executed
some malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may

create a backdoor so that an application or operating system can be accessed for
troubleshooting or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network
services. Some bots program run automatically, while others only execute
commands when they receive specific input. Common examples of bots program
are the crawler, chatroom bots, and malicious bots.

 E-Commerce Security
E-commerce security refers to the practices, technologies, and policies designed
to protect online businesses, their websites, and their customers from various
threats, fraud, and unauthorized access. The goal of e-commerce security is to
ensure the safe exchange of data (such as personal information, financial data,
and transaction details) between businesses and customers on e-commerce
platforms.

As e-commerce involves the collection, storage, and transfer of sensitive

information (like credit card details, personal addresses, and transaction
histories), ensuring robust security is essential to prevent data breaches, identity
theft, and financial fraud.
For a safe and secure e-commerce website, several key requirements need to be
met to ensure that both the website and its users are protected from cyber threats,
fraud, and unauthorized access.

Following are the essential requirements for safe ecommerce website:

1. Choose a secure ecommerce platform: Choose a strongly typed higher level

language for the development. If open source tools/libraries are used then ensure
that the frameworks does not create security holes in your application
2. Use a secure connection for online checkout--and make sure you are PCI
compliant: Always use HTTPs protocol for all important transactions.
3. Don't store sensitive data: As part of the website, there is no need to store
sensitive information like CVV number and other credit card information.
4. Set up system alerts for suspicious activity: Build a system that alerts when
an undesired event happens in the system. Multiple requests from the same IP
for long periods of time can indicate malicious intent.
5. Layer your security: Defense in depth is absolutely needed in ecommerce
domain. Security features like multiple passwords and OTP helps in reducing
the risk of hacking.
6. Provide security training to employees: If the employees understand the
importance of security then human error can be avoided
7. Patch your systems: New security loop holes are discovered on a daily basis.
If the system is not up to date then risk of getting hacked increases exponentially
8. Make sure you have a Distributed Denial of Service (DDoS) protection and
mitigation service: Have a mitigation strategy against network denial of service
attack and block IPs that are sending lot of request to the system
9. Disaster recovery plan: Plan for unlikely failure of your system. In case of
system failure ensure that sensitive data is not lost or corrupted by the system.

 Computer Forensics
Computer forensics is the process of collecting, analyzing, and interpreting
data from computer systems, networks, and storage devices in a manner that
preserves the integrity of the evidence. This field combines elements of
computer science and law enforcement to investigate cybercrimes, data
breaches, and digital misconduct.

TYPES
 Disk Forensics: It deals with extracting raw data from the primary or
secondary storage of the device by searching active, modified, or deleted
files.
 Network Forensics: It is a sub-branch of Computer Forensics that involves
monitoring and analyzing the computer network traffic.
 Database Forensics: It deals with the study and examination of databases
and their related metadata.
 Malware Forensics: It deals with the identification of suspicious code and
studying viruses, worms, etc.
 Email Forensics: It deals with emails and their recovery and analysis,
including deleted emails, calendars, and contacts.
 Memory Forensics: Deals with collecting data from system memory
(system registers, cache, RAM) in raw form and then analyzing it for further
investigation.
 Mobile Phone Forensics: It mainly deals with the examination and analysis
of phones and smartphones and helps to retrieve contacts, call logs,
incoming, and outgoing SMS, etc., and other data present in it.

Advantages of Computer Forensics :

 To produce evidence in the court, which can lead to the punishment of the
culprit.
 It helps the companies gather important information on their computer
systems or networks potentially being compromised.
 Efficiently tracks down cyber criminals from anywhere in the world.
 Helps to protect the organization’s money and valuable time.
 Allows to extract, process, and interpret the factual evidence, so it proves
the cybercriminal action’s in the court.

Disadvantages of Computer Forensics :

 Before the digital evidence is accepted into court it must be proved that it is
not tampered with.
 Producing and keeping electronic records safe is expensive.
 Legal practitioners must have extensive computer knowledge.
 Need to produce authentic and convincing evidence.
 If the tool used for digital forensics is not according to specified standards,
then in a court of law, the evidence can be disapproved by justice.
 A lack of technical knowledge by the investigating officer might not offer
the desired result.

APPLICATIONS
 Intellectual Property theft
 Industrial espionage
 Employment disputes
 Fraud investigations
 Misuse of the Internet and email in the workplace
 Forgeries related matters
 Bankruptcy investigations
 Issues concerned the regulatory compliance

 Steganogrphy
A steganography technique involves hiding sensitive information within an
information will then be extracted from the ordinary file or message at its
destination, thus avoiding detection. Steganography is an additional step that can
ordinary, non-secret file or message, so that it will not be detected. The sensitive
be used in conjunction with encryption in order to conceal or protect data.
You can use steganography to hide text, video, images, or even audio data. It’s a
helpful bit of knowledge, limited only by the type of medium and the author’s
imagination.
 Different Types of Steganography
1. Text Steganography − There is steganography in text files, which entails
secretly storing information. In this method, the hidden data is encoded into the
letter of each word.

2. Image Steganography − The second type of steganography is image

steganography, which entails concealing data by using an image of a different
object as a cover. Pixel intensities are the key to data concealment in image
steganography.

Since the computer description of an image contains multiple bits, images are
frequently used as a cover source in digital steganography.
The various terms used to describe image steganography include:

 Cover-Image - Unique picture that can conceal data.

 Message - Real data that you can mask within pictures. The message may be
in the form of standard text or an image.
 Stego-Image − A stego image is an image with a hidden message.
 Stego-Key - Messages can be embedded in cover images and stego-images
with the help of a key, or the messages can be derived from the photos
themselves.
3. Audio Steganography − It is the science of hiding data in sound. Used
digitally, it protects against unauthorized reproduction. Watermarking is a
technique that encrypts one piece of data (the message) within another (the
"carrier"). Its typical uses involve media playback, primarily audio clips.

4. Video Steganography − Video steganography is a method of secretly

embedding data or other files within a video file on a computer. Video (a
collection of still images) can function as the "carrier" in this scheme. Discrete
cosine transform (DCT) is commonly used to insert values that can be used to
hide the data in each image in the video, which is undetectable to the naked eye.
Video steganography typically employs the following file formats: H.264, MP4,
MPEG, and AVI.

5. Network or Protocol Steganography − It involves concealing data by using

a network protocol like TCP, UDP, ICMP, IP, etc., as a cover object.
Steganography can be used in the case of covert channels, which occur in the OSI
layer network model.
  Security Threats and Vulnerabilities
A security threat is any potential danger that could harm or disrupt the
integrity, confidentiality, or availability of a system, network, or data. Threats
can take many forms, ranging from malicious attacks by cybercriminals to
natural disasters or human error. The goal of a threat is typically to compromise
security in some way, whether that means stealing data, causing system
outages, or damaging an organization's reputation.

Types of Security Threats:

1. Malware (Malicious Software):
Malware refers to any type of software that is designed to damage, disrupt, or
gain unauthorized access to a computer or network. There are various types of
malware:
 Viruses: Programs that spread by attaching themselves to other
programs or files, causing damage or unauthorized actions when
executed.

 Worms: Self-replicating programs that spread across networks,

consuming resources and potentially leading to system crashes.

 Trojan Horses: Programs that appear to be legitimate software but

contain malicious code designed to exploit vulnerabilities in a system.

 Ransomware: A type of malware that locks or encrypts a user’s data and

demands payment (ransom) for the release of the data.

 Spyware: Software designed to gather sensitive information from a

system without the user's knowledge.

2. Phishing:
Phishing is a social engineering attack where cybercriminals impersonate
legitimate entities (such as banks, companies, or trusted individuals) to trick
people into revealing personal, sensitive information like usernames,
passwords, and credit card details. Phishing is often done via email, fake
websites, or even text messages.
3. Denial of Service (DoS) / Distributed Denial of Service (DDoS):
 DoS Attack: The attacker attempts to overwhelm a system, server, or
network by sending an excessive amount of traffic, making it unable to
respond to legitimate user requests. This can cause the system to crash
or become unavailable.

 DDoS Attack: A DDoS attack is a scaled-up version, where multiple

systems (often compromised devices) are used to generate the
overwhelming traffic, making it harder to defend against.

4. Man-in-the-Middle (MITM) Attacks:

In a MITM attack, the attacker intercepts and potentially alters communications
between two parties (e.g., between a user and a website). This can allow them
to eavesdrop, steal data (such as login credentials), or inject malicious content
into the communication without either party being aware.
5. Insider Threats:
Insider threats come from people within an organization who either
intentionally or unintentionally cause harm to the system. These can include:
 Malicious insiders: Employees or contractors who intentionally misuse
their access to cause harm, steal data, or sabotage operations.

 Negligent insiders: Individuals who unintentionally cause security

breaches due to carelessness or lack of awareness, such as leaving
sensitive data exposed or falling for phishing attacks.

6. Zero-Day Exploits:
A zero-day exploit refers to an attack that targets a vulnerability in a system
that is not yet known to the vendor or developer. Since the vulnerability is
unknown, there is no patch or fix available, and attackers can exploit it before
the vendor becomes aware of it and releases a solution.
7. Credential Stuffing:
Credential stuffing is a type of attack in which cybercriminals use large volumes of previously
stolen username and password combinations (often from previous data breaches) to try to
gain unauthorized access to a variety of online accounts. Since many people reuse
passwords across sites, attackers often succeed with this method.
8. Social Engineering:
Social engineering involves manipulating individuals into divulging confidential information
or performing actions that compromise security. It often relies on psychological
manipulation, such as creating a sense of urgency, trust, or fear. Examples include:
 Pretexting: The attacker fabricates a scenario to obtain information or gain access.

 Baiting: Offering something appealing (like free software or rewards) to trick victims
into installing malware or revealing personal data.

9. SQL Injection:
SQL injection occurs when attackers insert malicious SQL code into an input field (such as a
login form) to manipulate a database. This can allow them to view, modify, or delete data, or
even take control of the server hosting the database.
10. Cryptojacking:
Cryptojacking is the unauthorized use of someone else’s computer or system resources to
mine cryptocurrency. Attackers often achieve this by infecting a system with malware that
silently uses its processing power to mine crypto, which can significantly slow down the
system and cause wear and tear on the hardware.

Impacts of Security Threats:

 Data Breaches: Compromised personal, financial, or organizational data can lead to

identity theft, loss of intellectual property, and reputational damage.

 Financial Loss: Cyber attacks can result in direct financial losses, whether through
ransom payments, theft of funds, or legal fees.

 Reputation Damage: Organizations that suffer security breaches often face a loss of
customer trust and business opportunities.

 Legal and Compliance Issues: Many industries are subject to laws and regulations
governing data protection. Security threats that lead to breaches can result in legal
action or fines.

 Operational Disruption: Attacks like DDoS or ransomware can disrupt day-to-day

operations, leading to downtime and lost productivity.
  Password cracking :
Password cracking is the most enjoyable hacks for bad guys. It increases the sense of
exploration and useful in figuring out the password. The password cracking may not have a
burning desire to hack the password of everyone. The actual password of the user is not stored
in the well-designed password-based authentication system. Due to this, the hacker can easily
access to user's account on the system. Instead of a password, a password hash is stored by the
authentication system. The hash function is a one-way design. It means it is difficult for a
hacker to find the input that produces a given output. The comparison of the real password and
the comparison of two password hash are almost good. The hash function compares the stored
password and the hash password provided by the user. In the password cracking process, we
extract the password from an associated passwords hash. Using the following ways, we can
accomplish it:
Dictionary attack: Most of the users use common and weak passwords. A hacker can quickly
learn about a lot of passwords if we add a few punctuations like substitute $ for S and take a
list of words.

Brute-force guessing attack: A given length has so many potential passwords. If you use a
brute-force attack, it will guarantee that a hacker will eventually crack the password.

Hybrid Attack: It is a combination of Dictionary attack and Brute force attack techniques.
This attack firstly tries to crack the password using the dictionary attack. If it is unsuccessful
in cracking the password, it will use the brute-force attack.

 What is a Weak Password?

A weak password has very little complexity and is easily guessable. It usually consists of
easy-to-remember words found in the dictionary.
Weak passwords are usually short and easy to crack.
Those who use weak passwords are at a higher risk of having their accounts hacked. They are
also less likely to be able to use the strongest security features available on the internet.Here
are some characteristics of weak passwords:
Short Length: Weak passwords are typically short, often consisting of fewer than eight
characters. Short passwords provide fewer combinations, making them easier to crack.
Lack of Complexity: Weak passwords often lack complexity, containing only lowercase
letters or common words without any special characters, numbers, or a mix of uppercase and
lowercase letters.
Personal Information or User Name: Attackers often use easily obtainable personal
information such as birthdates, names of family members, or pet names as passwords, making
them susceptible to targeted attacks. Also, putting your user name in your password is a big
mistake.
Repeated Characters or Patterns: Passwords that consist of repeated characters (e.g.,
“111111”) or simple patterns (e.g., “abcd1234”) are considered weak because they are easy to
guess or crack using automated tools.
Business or Site Name: Passwords that contain the name of the site or business that the
password accesses.

 What is Strong Password?

A strong password describes a password that is difficult to detect by both humans and
computer programs, effectively protecting data from unauthorized access. A strong password
consists of at least six characters (and the more characters, the stronger the password) that are
a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are
typically case-sensitive, so a strong password contains letters in both uppercase and
lowercase. Strong passwords also do not contain words that can be found in a dictionary or
parts of the user’s own name.
Here are some key characteristics of strong passwords:
Length: This is one of the most important factors. Strong passwords are long, typically
containing 16 characters or more. The longer the password, the more difficult it is to crack, as
it increases the number of possible combinations. This is why passphrases are often
recommended (4-5 unrelated words that have meaning to you.)
Randomness: Strong passwords are not based on easily guessable patterns or personal
information. Instead, they are random combinations of characters that are unrelated to your
personal life or easily guessable information.
Complexity: You can also incorporate a mix of uppercase and lowercase letters, numbers,
and special characters (e.g., !, @, #, $, %). This complexity adds an extra layer of security,
making it harder for attackers to guess or crack the password.
 Tips for Creating Strong Passwords

1. Length. The first thing you want to focus on is length. Your password should be at
least 12 characters long. If you need to remember it, it might be helpful to use a
sentence or a phrase. Don’t use anything from a dictionary, song lyrics, or popular
quotes.
2. Mix It Up. The second thing you want to do is mix up your characters. One common
mistake people make is using only letters. You need a variety of characters, including
numbers and symbols. It’s best if you can’t remember a specific pattern you used.
This will make your password much stronger.
3. Avoid Obvious Words. The third thing you want to do is avoid obvious words. If
you use something like “password,” “12345,” or “qwerty,” you are making it very
 easy for someone to hack into your account. It’s best to use something like
“h0wDoId0ubtth1s!”
4. Avoid Personal Info. The fourth thing you want to do is avoid using personal
information. It might seem like a good idea, but it’s not. If someone gets their hands
on your password, you don’t want them to know your birthday or address.
5. Make It Random. The fifth thing you want to do is make it random. Don’t make the
mistake of putting together a pattern. Instead, just mix up the letters, numbers, and
symbols in a way that seems random.
6. Use a Password Manager. Finally, you can use a password manager. These are
websites and apps that will help you create long, complex passwords. The best part is
that they also store them in a way that makes them almost impossible to crack.

 Insecure Network Connection

 Network Connection?
A network connection allows devices like computers, smartphones, or tablets to
communicate with each other or access the internet. Examples of networks include
Wi-Fi, mobile data, and Ethernet connections.
 Insecure Network Connection?
An insecure network connection is one that does not protect the data being sent
between devices. This means hackers or unauthorized people can intercept, read, or
even modify the information you are sharing.

 How to Identify Insecure Networks


1. No Password Required

What to Look For: If a Wi-Fi network does not ask you to enter a password before
connecting, it is likely insecure.
Why It's Insecure: Open networks do not encrypt the data being sent between your device and
the network. This means anyone nearby can intercept your information, such as login
credentials, messages, or emails.
Examples: Free Wi-Fi at coffee shops, malls, or public parks often does not require a
password and is therefore not safe.
 2. No HTTPS on Websites
What to Look For: When visiting a website, check the address bar of your browser. Secure
websites begin with "https://" and often show a padlock icon. Insecure websites only show
"http://" and no padlock.

3. Why It's Insecure:

HTTPS (Hypertext Transfer Protocol Secure) encrypts the data sent between your
browser and the website, making it hard for hackers to read it. HTTP does not offer
this protection, leaving your information vulnerable to interception.

Example: Logging into an HTTP website could expose your username and password to
hackers.

4. Open or Public Wi-Fi Networks

What to Look For: Public networks that anyone can join, like "Free Wi-Fi" or "Guest Wi-Fi,"
are open networks. They may seem convenient but are often insecure.
Why It's Insecure: On these networks, data is usually unencrypted, and there’s no way to
know if the network is operated by a legitimate source. Hackers can set up fake networks
with names similar to popular ones (e.g., "Airport_FreeWiFi") to trick users into connecting.
Example: A Wi-Fi hotspot named “Starbucks-FreeWiFi” could be set up by a hacker, not the
coffee shop.
5. Unencrypted Networks

What to Look For: When you connect to a Wi-Fi network, your device might warn you with
messages like “This network is not secure” or “Data sent over this network might be visible
to others.”
Why It's Insecure: Networks without encryption send data in plain text, making it easy for
hackers to intercept and view. Secure networks use WPA2 or WPA3 encryption to protect
data.
Example: Older networks using outdated security protocols like WEP are less secure and
more vulnerable to attacks.
  Malicious Code
What Is Malicious Code?
Malicious code, or malware, refers to any program, script, or related software
designed for the purpose of damaging, disrupting, or compromising systems
and information.
 Types of Malicious Code

Understanding the different forms of malicious code is key to developing the necessary
defense mechanisms. Each type works in a different manner and presents different hazards
for organizations as well as for users.Three commonly occurring types of malicious codes
are:
Viruses: Viruses are a form of malware that attach themselves to legitimate files or software
programs. They move when these infected files get executed, either by opening a document
or running a program. Activated viruses can corrupt, alter, or delete data, which translates
into significant data loss and brings operations to a standstill.
Worms: These are self-replicating malware that functions without any user interaction.
Unlike viruses, which require a host file to attack computers, worms can identify network
weaknesses and proactively infect other computers. The more they multiply, the more
bandwidth they can consume and cause congestion and slowdowns or even total system
overloads.
Trojan Horses: Trojan horses also known as Trojan, or Trojan viruses, are a source of
malicious programming that appears to be legitimate software of a completely other
program. It convinces the users to install it under unsuspecting guises as an application or
update. Once they are installed, trojans can cause a variety of harmful actions, for example,
stealing personal data, creating backdoors that enable remote access, or hosting additional
malware. Because they rely on social engineering tactics, user education about the risks of
downloading software from unverified sources is essential to preventing trojan infections.
Ransomware: Ransomware is one of the insidious types of malicious code that encrypts files
in a victim’s system and cannot be accessed by the victim. They demand a ransom for the
decryption key, thereby excluding users from their own data. Loss is very high financially as
well as regarding business operations and also sensitive information. In some instances, this
variant threatens to publish stolen data publicly if the ransom is not paid.
  Programing Bugs:
What is a Programming Bug?

A programming bug is an error, flaw, or mistake in a computer program that can cause
unexpected behavior. In cybersecurity, programming bugs can create vulnerabilities that
hackers exploit to steal data, disrupt systems, or gain unauthorized access.

Why Are Programming Bugs Dangerous in Cybersecurity?

Programming bugs in cybersecurity can:
✔ Allow hackers to steal sensitive data.
✔ Enable malware to infect systems.
✔ Cause system failures and crashes.
✔ Let attackers take control of computers.
✔ Lead to financial and reputational losses for companies.

Types of Programming Bugs in Cybersecurity

1. Buffer Overflow

 Occurs when a program writes more data into a buffer (temporary memory) than it can hold.
 Can overwrite other memory areas, leading to system crashes or allowing attackers to
execute malicious code.

2. SQL Injection

 A vulnerability where an attacker injects malicious SQL queries into a database.

 Can allow attackers to steal, modify, or delete database records.

3. Cross-Site Scripting (XSS)

 Occurs when an attacker injects malicious JavaScript into a web application.

 Can be used to steal user data, cookies, or redirect users to fake websites.

4. Hardcoded Passwords

 Storing passwords directly in the source code is dangerous.

 Attackers can reverse-engineer the code to find the password.

5. Race Condition Bugs

 Occurs when two processes try to access the same resource at the same time.
 Hackers can exploit timing issues to gain unauthorized access.
6. Insecure APIs (Application Programming Interfaces)

 If APIs do not properly verify user requests, hackers can send fake requests.
 This can lead to data leaks, unauthorized actions, and account takeovers.

 Cyber Crime and cyber Terrorism

What is Cyber Crime?
Cybercrime can be defined as illegal activities in which the computer, or the internet is
used as a tool to commit crimes. It could be through various conducts such as identity theft,
online fraud, cyberbullying, and the propagation of malware such as viruses
or ransomware. It can target individuals, organizations, or even government systems,
causing much harm. As the internet has become something essential to use at
workplaces, for shopping, or even to communicate, cybercrime emerged into
being a concern.
 Cybercrime encloses a wide range of activities, but these can generally be
divided into two categories:

1. Cyber Crimes Targeting Computer Networks or Devices

These types of crimes involve different threats (like viruses, bugs, etc.) and
(DoS) denial-of-service attacks.

Malware: This kind ofcyber threat relates to malware viruses, worms, Trojans,
etc. for interfering, damaging, or unauthorized access to computer systems.
For example, ransomware encrypts files and then later demands ransom
for decryption.
Denial-of-Service (DoS) Attack s: Here, the attackers focus on a system and
flood it with high traffic, hence making it inaccessible to the users. Another
dangerous variant of DoS is DDoS, wherein many compromised systems target
one, thus, much difficult to defend against.
Phishing Attacks: These are masqueraded e-mails or
messages claiming tobe from a formal web but only request that the us grant
access to sensitive information like password points for an account or credit
card numbers. Phishing can be described as an outstanding one of the most
common cyber threats
Botnets: A number of hijacked computers can become a “botnet”
of malware that can be used by an attacker for coordinated attacks
or spamming.
Exploits and Vulnerabilities: The typical area through which cyber-
thieves exploit software weakness is the application or operating
system vulnerability in order to access it illegally.

2. Crimes Using Computer Networks to Commit Other Criminal Activities

These types of crimes include cyberstalking, financial fraud, or identity thief.
Cyberstalking: This is considered as that crime in the nature of threatening or
frightening a person on-line and spreading fear and emotional distress. This can
be termed as involving threats, constant monitoring, or receiving repeated unwanted
messages.
Financial Fraud: This is an example of a cybercrook manipulating the victim online
to proceed with stealing money, such as fake investment opportunities,
hacking a business email, and using someone else’s credit card details.
Identity Theft: It is normally the identity of people whose information is stolen
with the intention of only acting like them either to misuse their cash or money from
their account or even to do maliciousreasons. It always lowers the credit score of the victim
and in the worst case scenario, misused the account/loan financially
with incorrect transactions.
Online Harassment and Hate Crimes: When people use the internet to discriminate
against a particular person based on his or her racial background, gender, religion, or
whatever, which can psychologically disturb the harassed person.
Intellectual Property Theft: Intellectual property theft refers to the theft of copyrighted
content or business secrets through the internet, thereby financially and competitively
hurting individuals and companies.

 CYBER TERRORISM:
Definition of Cyber Terrorism
Cyber terrorism refers to the use of digital technologies and the internet to carry out attacks that
cause fear, disruption, or harm to individuals, organizations, or entire nations. The goal of cyber
terrorism is often to cause significant damage to critical infrastructure or destabilize political, social,
or economic systems using cyber tools.

Cyber terrorism is similar to traditional terrorism but differs in that it relies on digital systems and
networks to carry out attacks. It is typically politically or ideologically motivated and aims to create
widespread fear.
Key Components of Cyber Terrorism:

1. Cyber Attacks:
Cyber terrorism involves using malicious software (malware), denial-of-service attacks (DoS),
or other hacking techniques to disrupt or damage computer systems, networks, and data.

2. Targets of Cyber Terrorism:

The targets of cyber terrorism can include:

o Government and Military Systems: Disrupting or spying on national defense

systems, databases, and critical infrastructure.

o Financial Institutions: Attacking banking systems to cause financial instability or

harm.

o Energy Infrastructure: Hacking into power grids or energy systems, leading to

blackouts and loss of essential services.

o Healthcare Systems: Breaching hospital networks, stealing patient data, or

disrupting medical services.

o Communication Networks: Disrupting internet services or telecommunications to

create widespread chaos.

3. Motives Behind Cyber Terrorism:

o Political Ideology: Groups with extreme political views may use cyber terrorism to
spread propaganda or undermine governments.

o Religious Extremism: Terrorist organizations may use cyber terrorism to advance

their religious agenda or attack “enemies” they consider to be a threat to their
beliefs.

o Economic Disruption: Some terrorist groups may target financial institutions, stock
markets, or global trade networks to destabilize economies.

o Psychological Impact: Cyber terrorism creates fear and anxiety among the public by
demonstrating the vulnerabilities of modern society’s reliance on technology.

Methods Used in Cyber Terrorism:

1. Malware and Viruses:

Cyber terrorists may use viruses, worms, and Trojans to infect systems, steal data, or disable
computer networks.

2. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks:

These attacks overwhelm a network or website with excessive traffic, causing it to crash and
become unavailable. A DDoS attack uses multiple compromised computers to create a more
significant impact.
 3. Phishing and Social Engineering:
Cyber terrorists may trick individuals or organizations into revealing confidential information
by pretending to be trusted sources (e.g., email scams or fake websites).

4. Hacking and Data Breaches:

Unauthorized access to databases and sensitive information can be used for espionage or to
expose confidential information to the public to cause damage.

5. Ransomware Attacks:
Cyber terrorists might use ransomware to lock systems or steal sensitive information and
demand a ransom for its release.

Impact of Cyber Terrorism:

1. Disruption of Critical Services:

Cyber attacks on critical infrastructure, like electricity grids or transportation systems, can
paralyze entire cities or regions, leading to chaos.

2. Financial Losses:
Cyber terrorism can lead to billions of dollars in damages, including repair costs, loss of
productivity, and the financial fallout from damaged systems or stolen data.

3. Social and Psychological Effects:

Cyber terrorism can cause widespread panic, fear, and distrust in online systems. This can
affect people's behavior, leading to reduced use of digital platforms or increased surveillance
measures.

4. Loss of Personal Data and Privacy:

Hackers may steal personal information from individuals or organizations, leading to identity
theft, financial fraud, and a breach of privacy.

5. Global Consequences:
Given the global interconnectedness of the internet, a cyber attack can have international
implications, affecting trade, diplomacy, and the stability of global relations.
  INFORMATION WARFARE AND SURVEILLANCE

What is Information Warfare?

Information Warfare (IW) is the use of information technology (IT) to attack, disrupt, or
manipulate an opponent’s information systems and decision-making processes. It is
commonly used in military operations, cyberattacks, propaganda, and misinformation
campaigns.
Example: A country spreads false news on social media to create panic and confusion in
another country.

 Types of Information Warfare

1. Cyber Warfare

 Cyberattacks are launched to disable or destroy digital infrastructure.

 Can be used to attack military systems, power grids, banks, and government networks.

Example: A hacker group launches a DDoS attack (Distributed Denial of Service) on a

country's government website to crash its services.

2. Psychological Warfare (PsyOps)

 The use of fake news, social media manipulation, and propaganda to influence people's
opinions and emotions.
 Can be used to demoralize soldiers or influence public opinion.

Example: During an election, false information is spread about a candidate to mislead

voters.

3. Electronic Warfare (EW)

 The use of electronic signals, radio waves, and electromagnetic pulses (EMP) to jam enemy
communications and radar systems.
 Used in military conflicts to prevent the enemy from receiving or sending messages.

Example: A country disrupts the satellite signals of an opposing country to block their
communication during war.

4. Disinformation & Fake News

 False or misleading information is spread to confuse or manipulate people.

 Often used in politics, warfare, or to damage reputations.

Example: Fake news is spread that a major bank is closing, causing people to panic and
withdraw all their money.
5. Economic Information Warfare

 Attacks on a country’s financial system, stock markets, or economic policies.

 Cybercriminals use ransomware and financial fraud to damage economies.

Example: A hacker group steals billions from a country’s central bank, causing financial
instability.

 What is Surveillance?
Surveillance is the monitoring and collection of information about people, organizations,
or countries. It is used for security, intelligence, and law enforcement.

Example: CCTV cameras in cities help police track criminal activities.

 Types of Surveillance

1.Physical Surveillance:

This involves monitoring individuals or groups through physical observation, often by

law enforcement or intelligence agencies. It includes tactics such as shadowing targets,
placing individuals under watch, or using CCTV cameras to monitor behavior in public or
private spaces.

Example: Police officers tracking a suspect’s movements or monitoring protests using

security cameras.

2.Electronic Surveillance:

 Electronic surveillance involves using technology to monitor communications or

gather intelligence from electronic devices such as phones, computers, or email
systems.
 Examples: Wiretapping phone lines, intercepting emails, or using spyware to track
the activities of targets.

3.Social Media Surveillance:

 Surveillance through social media involves tracking posts, comments, and interactions
to monitor behavior, gather data, or identify trends.
 Governments, corporations, and even criminal organizations use this method to track
individual or group behaviors and predict or influence actions.
 Example: Authorities monitoring social media platforms for signs of protest or
dissent, especially in politically sensitive regions.
4 .Biometric Surveillance:

 Involves using biometric data (fingerprints, facial recognition, voice recognition,

retina scans) to track and identify individuals. This technology is used for security
purposes, but it can also be used to monitor populations.
 Example: Facial recognition cameras in airports, streets, or buildings used for identity
verification and surveillance.

CRYPTOGRHY / ENCRYPTION

 What is Cryptography?

Cryptography is a technique of securing information and communications through the use of

codes so that only those persons for whom the information is intended can understand and
process it. Thus preventing unauthorized access to information. The prefix “crypt” means
“hidden” and the suffix “graphy” means “writing”. In Cryptography, the techniques that are
used to protect information are obtained from mathematical concepts and a set of rule-
based calculations known as algorithms to convert messages in ways that make it hard to
decode them. These algorithms are used for cryptographic key generation, digital signing,
and verification to protect data privacy, web browsing on the internet and to protect
confidential transactions such as credit card and debit card transactions.
Types Of Cryptography
1. Symmetric Key Cryptography
It is an encryption system where the sender and receiver of a message use a single common
key to encrypt and decrypt messages. Symmetric Key cryptography is faster and simpler but
the problem is that the sender and receiver have to somehow exchange keys securely. The
most popular symmetric key cryptography systems are Data Encryption Systems
(DES) and Advanced Encryption Systems (AES) .
2.Hash Functions
There is no usage of any key in this algorithm. A hash value with a fixed length is calculated
as per the plain text which makes it impossible for the contents of plain text to be recovered.
Many operating systems use hash functions to encrypt passwords.

3. Asymmetric Key Cryptography

In Asymmetric Key Cryptography, a pair of keys is used to encrypt and decrypt information. A
sender’s public key is used for encryption and a receiver’s private key is used for decryption.
Public keys and Private keys are different. Even if the public key is known by everyone the
intended receiver can only decode it because he alone knows his private key. The most
popular asymmetric key cryptography algorithm is the RSA algorithm.

 Applications of Cryptography

Computer passwords: Cryptography is widely utilized in computer security, particularly

when creating and maintaining passwords. When a user logs in, their password is hashed
and compared to the hash that was previously stored. Passwords are hashed and encrypted
before being stored. In this technique, the passwords are encrypted so that even if a hacker
gains access to the password database, they cannot read the passwords.

Digital Currencies: To protect transactions and prevent fraud, digital currencies like Bitcoin
also use cryptography. Complex algorithms and cryptographic keys are used to safeguard
transactions, making it nearly hard to tamper with or forge the transactions.

Secure web browsing: Online browsing security is provided by the use of cryptography,
which shields users from eavesdropping and man-in-the-middle assaults. Public key
cryptography is used by the Secure Sockets Layer (SSL) and Transport Layer Security
(TLS) protocols to encrypt data sent between the web server and the client, establishing a
secure channel for communication.
Electronic Signatures: Electronic signatures serve as the digital equivalent of a handwritten
signature and are used to sign documents. Digital signatures are created using cryptography
and can be validated using public key cryptography. In many nations, electronic signatures
are enforceable by law, and their use is expanding quickly.
Authentication: Cryptography is used for authentication in many different situations, such as
when accessing a bank account, logging into a computer, or using a secure network.
Cryptographic methods are employed by authentication protocols to confirm the user’s
identity and confirm that they have the required access rights to the resource.

Cryptocurrencies: Cryptography is heavily used by cryptocurrencies like Bitcoin and

Ethereum to protect transactions, thwart fraud, and maintain the network’s integrity.
Complex algorithms and cryptographic keys are used to safeguard transactions, making it
nearly hard to tamper with or forge the transactions.
End-to-end Internet Encryption: End-to-end encryption is used to protect two-way
communications like video conversations, instant messages, and email. Even if the message
is encrypted, it assures that only the intended receivers can read the message. End-to-end
encryption is widely used in communication apps like WhatsApp and Signal, and it provides a
high level of security and privacy for users.

 DIGITAL SIGNATURE

A digital signature is a mathematical technique which validates the authenticity and

integrity of a message, software or digital documents. It allows us to verify the author name,
date and time of signatures, and authenticate the message contents. The digital signature
offers far more inherent security and intended to solve the problem of tampering and
impersonation (Intentionally copy another person's characteristics) in digital
communications.

 Application of Digital Signature

The important reason to implement digital signature to communication is:

o Authentication

o Non-repudiation

o Integrity

1. Authentication

Authentication is a process which verifies the identity of a user

who wants to access the system. In the digital signature,
authentication helps to authenticate the sources of messages
 2. Non-repudiation

Non-repudiation means assurance of something that cannot be

denied. It ensures that someone to a contract or communication
cannot later deny the authenticity of their signature on a
document or in a file or the sending of a message that they
originated.

3. Integrity

Integrity ensures that the message is real, accurate and

safeguards from unauthorized user modification during the
transmission.

Types of Digital Signature

Certified Signatures
The certified digital signature documents display a unique blue ribbon across the top of the
document. The certified signature contains the name of the document signer and the
certificate issuer which indicate the authorship and authenticity of the document.
Approval Signatures
The approval digital signatures on a document can be used in the organization's business
workflow. They help to optimize the organization's approval procedure. The procedure
involves capturing approvals made by us and other individuals and embedding them within
the PDF document. The approval signatures to include details such as an image of our
physical signature, location, date, and official seal.
Visible Digital Signature
The visible digital signature allows a user to sign a single document digitally. This signature
appears on a document in the same way as signatures are signed on a physical document.
Invisible Digital Signature
The invisible digital signatures carry a visual indication of a blue ribbon within a document in
the taskbar. We can use invisible digital signatures when we do not have or do not want to
display our signature but need to provide the authenticity of the document, its integrity, and
its origin.

 PUBLIC KEY INFRASTUCTURE

What is PKI?
PKI is a set of technologies and policies that facilitate the use of public key
cryptography. This cryptography uses pairs of keys: a public key and a private
key. The public key can be shared with anyone, while the private key is kept
secure. Together, they enable secure communication and data encryption.

 Key Components of PKI

 Public and Private Keys:

o Public Key: This key can be shared publicly. It is used to encrypt

data or verify a signature.

o Private Key: This key is kept secret. It is used to decrypt data or

create a digital signature.

 Digital Certificates:

A digital certificate is an electronic document that proves the ownership

of a public key. It contains information such as the public key, the identity
of the certificate holder, and the digital signature of a trusted entity
(called a Certificate Authority, or CA).
 Certificate Authority (CA):

A CA is a trusted organization that issues and manages digital certificates.

They verify the identity of entities (individuals, websites, etc.) before
issuing certificates.
 Registration Authority (RA):

The RA acts as an intermediary between the user and the CA. It verifies
the user’s identity and requests certificates on their behalf.

 Public and Private Key Pair:

These key pairs are the foundation of PKI. The public key encrypts the
data, and the private key decrypts it. Only the private key holder can
decrypt the data that was encrypted with the matching public key.
 Key Management:

This includes processes for creating, storing, distributing, and revoking

keys.
 How PKI Works (Basic Process)

1. Key Pair Generation: A user or system generates a key pair: a public key
and a private key.

2. Certificate Signing Request (CSR): The user submits a CSR to the CA, which
includes the public key. The CA verifies the user's identity before issuing
the certificate.

3. Certificate Issuance: The CA signs the certificate with its private key,
verifying the user's identity and associating the public key with the user.

4. Encryption and Decryption: If someone wants to send secure information,

they encrypt it using the recipient's public key. Only the recipient, who
has the corresponding private key, can decrypt and read the message.

5. Digital Signatures: A user can sign data (like a document) using their
private key. Others can verify the signature using the sender's public key
to ensure the data hasn’t been tampered with and that it indeed came
from the sender.
6. Revocation: If a private key is compromised or lost, the user can request
the CA to revoke the associated certificate. This is typically managed via a
Certificate Revocation List (CRL).

 Applications of PKI

 Email Security: PKI can be used to encrypt emails and authenticate the
sender using digital signatures.

 Secure Web Browsing (HTTPS): Websites use PKI to establish secure

communication via SSL/TLS certificates, ensuring users’ data (like
passwords and credit card numbers) is encrypted.

 Authentication: PKI is used in systems like smart cards, two-factor

authentication (2FA), and virtual private networks (VPNs) for securely
authenticating users.

 Document Signing: Users can sign documents digitally to prove their

authenticity.

 Advantages of PKI

 Confidentiality: Data can be encrypted, making it unreadable to

unauthorized parties.

 Integrity: Digital signatures ensure that data has not been tampered with.

 Authentication: Users and devices can be securely verified.

 Non-repudiation: The sender cannot deny having sent the message or

signed the document.

Physical Surveillance:
 This involves monitoring individuals or groups through physical
observation, often by law enforcement or intelligence agencies. It
includes tactics such as shadowing targets, placing individuals under
 watch, or using CCTV cameras to monitor behavior in public or private
spaces.

 Example: Police officers tracking a suspect’s movements or monitoring

protests using security cameras.

 Challenges of PKI

 Management: Handling the lifecycle of certificates, key pairs, and

revocation lists can be complex.

 Cost: Acquiring and maintaining PKI infrastructure can be expensive for

organizations.

 Vulnerabilities: If private keys are compromised, security is compromised.