UNIT -1

Cybersecurity

• Cybersecurity is the prac0ce of protec0ng computer systems, networks,

and data from digital a;acks, unauthorized access, the=.
• It encompasses a range of technologies, processes, and prac0ces
designed to safeguard informa0on and prevent cyber threats.
• This includes protec0ng hardware, so=ware, and data from hackers and
ensuring confiden0ality, integrity, and availability of informa0on.
• Cybersecurity measures can include encryp0on, firewalls, an0virus
so=ware etc.

Importance of Cybersecurity:
Protec.ng Sensi.ve Data:
With the increase in digitaliza0on, data is becoming more and more valuable.
Cybersecurity helps protect sensi0ve data such as personal informa0on,
financial data, and intellectual property from unauthorized access and the=.

Preven.on of Cyber A8acks:

Cyber a;acks, such as Malware infec.ons, Ransomware, Phishing,
and Distributed Denial of Service (DDoS) a;acks, can cause significant
disrup0ons to businesses and individuals.

Maintaining Business Con.nuity:

Cyber a;acks can cause significant disrup0on to businesses, resul0ng in lost
revenue, damage to reputa0on, and in some cases, even shuHng down the
business. Help preven0ng or minimizing the impact of cyber a;acks.

Preserving Privacy:
In an era where personal informa0on is increasingly collected, stored, and
shared digitally, cybersecurity is crucial for preserving privacy. Protec0ng
personal data from unauthorized access is very imp
Cryptography
• Cryptography is the study of conver0ng plain text(readable format) to
ciphertext(non-readable format), also called encryp0on. Cryptography
using secret key
• so that only those persons for whom the informa0on is intended can
understand and process it.
• Thus preven0ng unauthorized access to informa0on.
• The prefix “crypt” means “hidden” and the suffix “graphy” means
“wri0ng”.

Cryptanalysis
• Cryptanalysis is the study of conver0ng ciphertext(non-readable
format), to plain text(readable format) to also called decryp0on using
secret key.
• Reverse process of cryptography.
• various methods such as mathema0cal analysis, sta0s0cal techniques,
computa0onal power, are used to decipher encrypted messages with or
without the knowledge of the encryp0on key.

Cryptology
• Cryptology is the study of both cryptography (conversion of data from
plain text to cipher text) and cryptanalysis (the determina0on of how to
access the data without the necessary cryptographic key).
• Study of securely transferring of msg from sender to receiver.
• so that only those persons for whom the informa0on is intended can
understand and process it.
• Thus preven0ng unauthorized access to informa0on.

objec.ves of cybersecurity , various security concept in

cyber security

The objec0ves of cybersecurity can vary depending on the context and the
specific needs of an organiza0on or individual, but they generally revolve
around the following key goals:

1. Confiden.ality: Protec0ng sensi0ve informa0on from unauthorized

access, ensuring that only authorized users have access to the data they
are permi;ed to view.
2. Integrity: Ensuring that data remains intact and unaltered during
transmission, storage, or processing. This involves detec0ng and
preven0ng unauthorized modifica0ons, dele0ons, or inser0ons of data.
3. Availability: Ensuring that informa0on and services are available and
accessible when needed, preven0ng disrup0ons caused by cybera;acks,
system failures, or other incidents.
4. Authen.ca.on: Verifying the iden00es of users and en00es accessing
the system or data, ensuring that only legi0mate users are granted
access and preven0ng unauthorized access a;empts.
5. Authoriza.on: Controlling and restric0ng access to resources based on
the permissions and privileges assigned to users or en00es, ensuring that
users can only access the data and services that they are authorized to
use.
6. Non-repudia.on: Providing proof of the origin or delivery of data and
ensuring that users cannot deny their ac0ons or transac0ons. This helps
in establishing accountability and trust in digital communica0ons and
transac0ons.
 7. Privacy: Safeguarding personal and sensi0ve informa0on from
unauthorized access, use, or disclosure, ensuring compliance with
privacy regula0ons and protec0ng individuals' rights to privacy.
8. Threat Detec.on: Cybersecurity involves implemen0ng tools and
processes to detect poten0al threats and security breaches in a 0mely
manner. This includes monitoring network traffic, analyzing logs, and
using intrusion detec0on systems (IDS) and intrusion preven0on systems
(IPS).
9. Security Awareness: Educa0ng users and employees about cybersecurity
best prac0ces, poten0al threats, and their roles and responsibili0es in
maintaining security, fostering a culture of security awareness and
accountability.
10. Firewalls: Firewalls are security devices or so=ware that monitor and
control incoming and outgoing network traffic based on predetermined
security rules. Firewalls help protect against unauthorized access,
malware, and other network threats.

roles of cybersecurity:
Cybersecurity plays a cri0cal role in protec0ng computer systems, networks,
and data from unauthorized access, cyber a;acks, and other threats. Its
primary objec0ve is to ensure the confiden0ality, integrity, and availability of
informa0on and systems.

Here are some key roles of cybersecurity:

1. Protec.on: Cybersecurity measures aim to safeguard systems and data

from various threats such as malware, phishing a;acks, ransomware, and
other forms of cyber a;acks.

2. Detec.on: Cybersecurity involves implemen0ng tools and processes to

detect poten0al threats and security breaches in a 0mely manner. This
includes monitoring network traffic, analyzing logs, and using intrusion
detec0on systems (IDS) and intrusion preven0on systems (IPS).
3. Response: In the event of a security incident or breach, cybersecurity
professionals play a crucial role in responding quickly and effec0vely to
contain the damage, mi0gate the impact, and restore systems and data
to normal opera0on.

4. Preven.on: Cybersecurity strategies involve proac0ve measures to

prevent security incidents from occurring in the first place. This includes
implemen0ng security best prac0ces, conduc0ng regular security
assessments and audits, and educa0ng users about cybersecurity
awareness.

5. Compliance: Cybersecurity also involves ensuring compliance with

relevant laws, regula0ons, and industry standards related to data
protec0on and informa0on security. This may include regula0ons such as
GDPR, HIPAA, PCI DSS, and others depending on the industry and
geographic loca0on.

6. Risk Management: Cybersecurity professionals assess and manage risks

associated with poten0al security threats and vulnerabili0es. This
involves iden0fying, priori0zing, and mi0ga0ng risks to minimize the
likelihood and impact of security incidents.

7. Security Architecture: Cybersecurity involves designing and

implemen0ng secure architectures for networks, systems, and
applica0ons. This includes defining security controls, protocols, and
policies to protect against unauthorized access, data breaches, and other
security threats.

8. Security Awareness Training: Cybersecurity professionals play a key role

in educa0ng employees and users about security best prac0ces and
raising awareness about poten0al threats such as phishing scams, social
engineering a;acks, and password security.

9. Trust Maintenance: Cybersecurity professionals work to establish and

maintain trust by ensuring that systems and data are protected against
unauthorized access, data breaches, and other security threats.
Cyber security Common attack types & different
cyber attacks
Certainly! Here are some common types of cyberattacks:

1. Phishing: Phishing a;acks involve sending decep0ve emails, messages,

or websites designed to trick individuals into providing sensi0ve
informa0on such as login creden0als, financial details, or personal
informa0on.
2. Malware: Malware, short for malicious so=ware, refers to any so=ware
designed to cause damage, steal data, or gain unauthorized access to
systems. Common types of malware include viruses, worms, Trojans,
ransomware, and spyware.
3. Denial of Service (DoS) and Distributed Denial of Service (DDoS): DoS
and DDoS a;acks aim to disrupt the availability of online services by
overwhelming target systems or networks with a flood of traffic,
rendering them inaccessible to legi0mate users.
4. Ransomware: Ransomware a;acks encrypt files or en0re systems and
demand payment (usually in cryptocurrency) for the decryp0on key.
Vic0ms may lose access to their data or face data leaks if they refuse to
pay the ransom.
5. Online Scams: Online scams include various fraudulent schemes
conducted over the internet, such as advance fee scams, romance scams,
investment scams, and lo;ery scams, aimed at deceiving vic0ms and
stealing their money or personal informa0on.

6. Click fraud: Also known as UI redressing, a;ackers trick users into

clicking on hidden or disguised bu;ons or links on web pages by
overlaying them with legi0mate content, redirec0ng users to malicious
websites or performing unintended ac0ons.
7. Social Engineering: Social engineering a;acks exploit human psychology
to manipulate individuals to give sensi0ve informa0on, such as
passwords or account creden0als, or performing ac0ons that
compromise security.
 8. Cross-Site Scrip.ng (XSS): XSS a;acks inject malicious scripts into web
pages viewed by other users, poten0ally allowing a;ackers to steal
session cookies, deface websites, or redirect users to malicious sites.

9. Click fraud: Also known as UI redressing, a;ackers trick users into

clicking on hidden or disguised bu;ons or links on web pages by
overlaying them with legi0mate content, redirec0ng users to malicious
websites or performing unintended ac0ons.
10. Brute Force A8ack: A;ackers a;empt to gain unauthorized access to
user accounts or encrypted data by systema0cally trying all possible
combina0ons of passwords or encryp0on keys un0l the correct one is
found.

Cyber Crime
• Cybercrime or a computer-oriented crime is a crime that includes a
computer and a network.
• The computer may have been used in the execu0on of a crime or it may be
the target.
• Cybercrime is the use of a computer as a weapon for commiHng crimes such
as commiHng fraud, iden0ty the=, or breaching privacy.
these can generally be divided into two categories:
1. Crimes that aim at computer networks or devices. These types of crimes
involve different threats (like virus, bugs etc.) and denial-of-service (DoS)
a;acks.
2. Crimes that use computer networks to commit other criminal ac0vi0es.
These types of crimes include cyber stalking, financial fraud or iden0ty
the=
different cyber crime preven.on technique
1. Strong Authen.ca.on: Implemen0ng strong authen0ca0on mechanisms
such as mul0-factor authen0ca0on (MFA) can significantly reduce the
risk of unauthorized access to accounts and systems.
2. Regular SoSware Updates : Keeping so=ware, opera0ng systems, and
applica0ons up to date with the latest security patches helps to save
from that cybercriminals.
3. Firewalls and Intrusion Detec.on/Preven.on Systems: Deploying
firewalls and intrusion detec0on/preven0on systems (IDPS) helps to
monitor and control network traffic, detect suspicious ac0vi0es, and
block poten0al threats.
4. Secure Network Configura.on: Configuring networks securely by
segmen0ng them, restric0ng access based on the principle of least
privilege, and using encryp0on for sensi0ve data transmission helps to
prevent unauthorized access and data breaches.
5. Data Encryp.on: Encryp0ng sensi0ve data at rest, in transit, and in use
data add an extra layer for protec0on, making it more difficult for
cybercriminals to intercept and exploit data.
6. Security Awareness Training: Educa0ng employees and users about
cybersecurity best prac0ces, such as how to recognize phishing emails,
create strong passwords, and secure their devices, helps to reduce the
likelihood of successful cyber a;acks.
7. Access Controls : Implemen0ng access controls, role-based access
control, and ensuring that only authorized individuals have access to
sensi0ve informa0on and resources.
8. Backup and Disaster Recovery Planning: Regularly backing up data and
implemen0ng robust disaster recovery plans helps to minimize the
impact of ransomware a;acks, data breaches, and other cyber incidents.
9. Strong password: own words
 Threat Vulnerability Risks

1 Represents weaknesses Combines the likelihood of

Def : Refers to poten0al
in systems, processes, a threat exploi0ng a
dangers
or designs vulnerability create risk

2 Control ; Generally, can’t

Can be controlled. Can be controlled.
be controlled.

3 Origin :It may or may not Generally,

Always inten0onal.
be inten0onal. uninten0onal.

4 Vulnerability can be
Safety measures:Can be Risk can be managed by
managed by process of
blocked by managing the using best security
iden0fying the
vulnerabili0es. prac0ces
problems

5 Can be detected by
iden0fying mysterious
Detec.on : Can be Can be detected by
emails, suspicious pop-
detected by an0-virus penetra0on tes0ng
ups, observing unusual
so=ware and threat hardware and many
password ac0vi0es, a
detec0on logs. vulnerability scanners.
slower than normal
network, etc.

7 Examples include
Examples include financial
malware, phishing Examples include
loss, reputa0onal damage,
a;acks, DDoS unpatched so=ware,
legal liabili0es, and
(Distributed Denial of weak passwords
opera0onal disrup0ons.
Service) a;acks

8 Can be controlled Can be managed through

control:Cannot be
through proac0ve risk management
directly controlled,
measures strategies
Cross site scripting
• Cross-site scrip0ng is also known as XSS.
• In this harmful JavaScript is loaded by a hacker in any website ,when user
open that site using browser, then cross-site scrip0ng will occur.
• the code will be run within the browser of the vic0m.
• In this the a;acker does not fully control the site. Instead, the harmful code
is a;ached on the top of a valid website by the bad actor.
• Whenever the website is loaded, the malware will be executed, and this will
load to trick the browser.
Types of Cross-site scripting attacks
Reflected XSS: In a reflected XSS a;ack, the a;acker cra=s a harmful URL or
input field that contains a script.
• When a user clicks on the harmful link or submits the form with the
manipulated input,
• The server then includes the script in the response, reflec0ng it back to the
user's browser.
• The browser executes the script in the context of the current page, allowing
the a;acker to steal cookies, session tokens, or other sensi0ve informa0on.

Stored XSS: In a stored XSS a;ack, the a;acker injects a malicious script into a
web applica0on
• typically through user-generated content such as comments, posts, or
profile pages.
• The injected script is then stored permanently on the server,
• wai0ng for execu0on whenever a user accesses the affected page,
• the script executes automa0cally.
• allowing the a;acker to steal cookies, session tokens, or other sensi0ve
informa0on.

Preven.on from cross site scrip.ng

1. Filter and Sani.ze Input: always filter and clean any input from users,
like comments or form submissions, to remove any poten0ally dangerous
code.
2. Use Proper Output Encoding: When your website sends something back
to the users, make sure it's safe to read Use encoding techniques to
convert special characters into harmless ones,
3. Set Secure HTTP Headers: Think of HTTP headers as your website's
bodyguards. They can tell browsers to be extra cau0ous and protect
against certain types of a;acks.
 4. Implement Security Policy : This is like giving your website a strict set of
rules to follow. It tells browsers which scripts are allowed to run on your
site and which ones should be blocked.
5. Keep Everything Updated: you need to keep your website's so=ware up
to date. This includes your web server, and any plugins or libraries

What is Firewall?
A firewall is a network security device that prevents unauthorized access to a
network.
It is either hardware or so=ware-based, which monitors all incoming and
outgoing traffic and based on a defined set of security rules accepts, rejects, or
drops that specific traffic.

• Accept: allow the traffic

• Reject: block the traffic but reply with an “unreachable error”
• Drop : block the traffic with no reply
This security policies that have previously been set up inside an organiza0on.
A firewall is essen0ally the wall that separates a private internal network from
the open Internet at its very basic level.
use of firewall
1. Blocking Unwanted Traffic: a firewall checks data packets to make sure
they're safe to enter your network. If it detects anything suspicious, like a
known hacker or a malicious program, it blocks it from geHng through.
2. Protec.ng Against Cyber A8acks: Hackers are always trying to find ways
to break into computers and networks. A firewall acts as a barrier
between your devices and the internet, making it harder for hackers to
gain unauthorized access.
3. Filtering Content: Firewalls can also be set up to filter out certain types
of content or websites. For example, you can block access to adult
websites or social media sites during work hours to improve produc0vity.
4. Monitoring Traffic: Firewalls keep a close eye on the traffic coming in and
going out of your network. They can log this informa0on and alert you if
they detect any suspicious ac0vity.
how firewall can be implemented

Firewalls can be implemented in various ways depending on your needs and

the complexity of your network. Here are some common methods:

SoSware Firewalls: So=ware firewalls are programs installed on individual

computers or devices to monitor and control network traffic.
• They provide protec0on at the device level and can be configured to block
specific applica0ons or types of traffic.
• Opera0ng systems like Windows and macOS come with built-in firewall
so=ware that can be enabled and configured.

Hardware Firewalls: Hardware firewalls are standalone devices that sit

between your network and the internet,
• ac0ng as gatekeepers to filter incoming and outgoing traffic.
• They are typically deployed at the perimeter of a network, such as between
a router and the internet connec0on.
• Hardware firewalls offer robust security features and can handle high
volumes of traffic efficiently.
Cloud-Based Firewalls: With the increasing adop0on of cloud services and
infrastructure,
• cloud-based firewalls have become popular for securing cloud environments.
• These firewalls are hosted and managed by cloud service providers
• It offer scalable security solu0ons on pay as you go or subscrip0on basis

Virtual Firewalls: Virtual firewalls are so=ware-based firewalls that run on

virtualized environments or cloud plaforms.
• They provide security for virtual machines (VMs) and cloud instances,
• allowing organiza0ons to extend their security policies across virtualized
infrastructure

Open-Source Firewalls: Open-source firewall solu0ons, such as pfSense,

OPNsense, and iptables (Linux), offer customizable and cost-effec0ve op0ons
for implemen0ng firewalls.
• They provide robust security features and are widely used by individuals and
organiza0ons looking for flexible firewall solu0ons.

CIA Triad
When talking about network security, the CIA triad is one of the most
important models which is designed to guide policies for informa0on security
within an organiza0on.
CIA stands for :
1. Confiden0ality
2. Integrity
3. Availability
These are the objec0ves that should be kept in mind while securing a network.

Confiden.ality
• Confiden0ality means that only authorized individuals/systems can view
sensi0ve or classified informa0on.
• The data being sent over the network should not be accessed by
unauthorized individuals.
• .The a;acker may try to capture the data using different tools available on
the Internet.

• A primary way to avoid this is to use encryp0on techniques to safeguard

your data so that even if the a;acker gains access to your data, he/she will
not be able to decrypt it.
• Encryp0on standards include AES(Advanced Encryp0on Standard)
and DES (Data Encryp0on Standard).

Integrity
• Integrity means that data has not been modified while transferring of data .
• To check if our data has been modified or not, we make use of a hash
func0on.
• We have two common types: SHA (Secure Hash Algorithm) and
MD5(Message Direct 5). Now MD5 is a 128-bit hash and SHA is a 160-bit
hash are generally used.
• Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A
hash func0on will run over the data and produce an arbitrary hash
value H1 which is then a;ached to the data. When Host ‘B’ receives the
packet, it runs the same hash func0on over the data which gives a hash
value of H2. Now, if H1 = H2, this means that the data’s integrity has been
maintained and the contents were not modified.

Availability
• This means that the network should be readily available to its users.
• To ensure availability, the network administrator should maintain hardware,
make regular upgrades, and prevent bo;lenecks in a network.
• A;acks such as DoS or DDoS may unavailable the network by overwhelming
network resources by making false requests.
• That the actual user of that network can’t use the network effec0vely.That
the actual user of that network can’t use the network effec0vely.
• That the actual user of that network can’t use the network effec0vely.
what is authentication
• Authen0ca0on is the process of verifying the iden0ty of a user or system.
• It ensures that the en00es interac0ng with a system are who they claim to
be.
• Authen0ca0on mechanisms commonly involve providing creden0als, such as
usernames and passwords, biometric data, cryptographic keys, These
creden0als are then validated against records stored in a database.
• Authen0ca0on plays a crucial role in cybersecurity and access control,
helping to prevent unauthorized access to sensi0ve informa0on or resources.

authorization
• Authoriza0on is the process of determining what ac0ons or opera0ons a user
or system is allowed to perform within a given system or resource.
• Unlike authen0ca0on, which verifies the iden0ty of users,
• authoriza0on focuses on determining the permissions and privileges
associated with that iden0ty.
• Authoriza0on typically follows authen0ca0on, meaning that once a user or
system has been authen0cated, the system then checks what ac0ons they
are permi;ed to perform based on their iden0ty
• Authoriza0on mechanisms can vary widely depending on roles, groups, or
permissions assigned to users or en00es.
• For example, in a file system, authoriza0on might involve specifying which
users or groups have read, write, or execute permissions on specific files or
directories.
• In a network environment, authoriza0on might involve determining which
users have access to certain network resources or services.