Cyber Security Notes Preview

1. Introduction to Cyber Security

Cyber Security refers to the practice of defending computers, servers, mobile devices, electronic systems,

networks, and data from malicious attacks. It's also known as information technology security or electronic

information security.

Major areas covered under Cyber Security include:

- Network Security

- Application Security

- Information Security

- Operational Security

- Disaster recovery and business continuity

- End-user education

Cyber attacks can be aimed at accessing, changing, or destroying sensitive information, extorting money

from users, or interrupting normal business processes. Implementing effective cybersecurity measures is

particularly challenging today because there are more devices than people, and attackers are becoming more

innovative.

2. Types of Cyber Threats

Understanding the types of cyber threats is essential for effective defense.

Common Threat Categories:

- Malware: Includes spyware, ransomware, viruses, and worms. Malware breaches a network through a

vulnerability.

- Phishing: The practice of sending fraudulent emails that resemble emails from reputable sources.

- Man-in-the-middle (MitM) attack: Occurs when attackers insert themselves into a two-party transaction.

- Denial-of-service (DoS) attack: Floods systems, servers, or networks with traffic to exhaust resources.

- SQL Injection: Inserts malicious code into a server that uses SQL, forcing it to reveal protected information.

- Zero-day exploit: A flaw unknown to the party or vendor responsible for the application or system.

- Insider threats: A person within the organization who misuses access privileges to cause harm.
 Cyber Security Notes Preview

3. Cryptography Overview

Cryptography is the technique of securing communication to protect information from third parties or

adversaries.

Core Cryptographic Concepts:

- Confidentiality: Ensuring only the intended recipient can understand the message.

- Integrity: Verifying that the message has not been altered.

- Authentication: Verifying the identity of the sender.

- Non-repudiation: Ensuring a sender cannot deny having sent a message.

Types of Cryptography:

1. Symmetric Key Cryptography: Same key for encryption and decryption (e.g., AES, DES).

2. Asymmetric Key Cryptography: Uses a pair of keys (public and private). Popular algorithms: RSA, ECC.

3. Hash Functions: One-way functions that convert input to fixed-size hash (e.g., SHA-256, MD5).

Applications include digital signatures, SSL/TLS, blockchain, secure messaging, and authentication systems.