CYBER SECURITY ESSENTIALS
UNIT-I
INFORMATION ASSURANCE FUNDAMENTALS
Information Assurance (IA) is a critical aspect of Cybersecurity that focuses on
protection and management of information systems to ensure reliability,
security, and accessibility.
IA is based on five fundamental principles that ensure the protection,
reliability, and accessibility of information. These principles guide the
development of secure systems and data protection strategies in
cybersecurity.
IA is not just about defending against attacks but also about ensuring that
information remains trustworthy, available, and secure throughout its lifecycle.
1. Authentication
Authentication is a fundamental security mechanism that prevents
unauthorized access and potential cyber threats. It involves verifying
credentials through various methods, such as passwords, biometrics, or
security tokens.
Authentication is the process of verifying the identity of users, devices, or
systems before granting access to resources or data. It ensures that only
legitimate users can access sensitive information.
2. Integrity
Integrity refers to the accuracy and consistency of data. It ensures that
information is not altered, tampered with, or corrupted, either maliciously or
accidentally, throughout its lifecycle.
Integrity is essential for maintaining trust in information systems.
Mechanisms such as cryptographic hashing, checksums, and digital signatures
help verify that data has not been changed.
3. Availability
Availability ensures that information and systems are accessible when needed
by authorized users. This principle is focused on maintaining reliable access to
data and services, preventing downtime or interruptions.
1
�Regular system maintenance, real-time monitoring, and efficient incident
response strategies help prevent and mitigate disruptions.
4. Authentication
Authentication is the process of verifying the identity of users, devices,
or systems before granting access to resources or data. It ensures that
only legitimate users can access sensitive information.
Authentication is a fundamental security mechanism that prevents
unauthorized access and potential cyber threats. It involves verifying
credentials through various methods, such as passwords, biometrics, or
security tokens.
5. Non-repudiation
Non-repudiation ensures that actions or transactions cannot be denied
by the parties involved. It provides irrefutable proof of the origin and
integrity of data, making it impossible for users to deny their actions
after the fact.
Non-repudiation is crucial for accountability in digital transactions, legal
contracts, and secure communications. It prevents individuals from
falsely claiming that they did not send a message, authorize a
transaction, or access a system.
BASIC CRYPTOGRAPHY
Cryptography is the study of keeping information safe from hackers or
unauthorized people. It involves creating and analyzing methods to protect
data so that only the intended person can read it.
Secure communication means that messages shared between two people
cannot be accessed by anyone else. In cryptography, an adversary is someone
who tries to steal or alter the information.
There are 2 types of encryption methods in cryptography
Symmetric encryption, also known as secret-key encryption, is a method of
encrypting data using a single key that both the sender and receiver share. It's
a common and efficient way to secure large amounts of data.
2
�Asymmetric encryption is a method of encrypting and decrypting data using a
public and private key pair. It's a key component of digital security and is used
to protect sensitive information.
SYMMETRIC ENCRYPTION
Symmetric encryption, also known as secret-key encryption, is a method of
encrypting data using a single key that both the sender and receiver share. It's
a common and efficient way to secure large amounts of data.
Working on Symmetric Encryption
These operations are performed to share the message securely over the
network using the symmetric encryption technique
Key Generation
This is the first step in the symmetric encryption technique in which the private
key needs to be chosen and must be securely communicated/ transferred over
the network for the further use.
Encryption
In this step, the plaintext (this is the original message to be sent over the
network) is converted to some bogus, unintelligible text called the ciphertext
using the shared secret key and the some algorithm.
Transfer of CipherText
In this step the ciphertext is transferred over the network, since we have
encrypted the original message even if this ciphertext is intercepted it will be
unintelligible to the interceptor unless and until our shared secret key and
algorithm is also compromised.
Decryption
This is the last step where the receiver uses the reverse encryption algorithm
and the shared secret key to convert the ciphertext back to the plaintext this is
called decryption.
3
�Challenges of Symmetric Encryption
Although symmetric encryption is considered very much because of its speed
and efficiency, it also has some challenges:
- The main challenge is securely sharing the secret key because if this key is
compromised the entire communication is compromised.
- Storing the key securely is also a major challenge for this technique.
- As the number of users is increasing day-by-day, the complexity of
managing and securely sharing these secret keys will increase exponentially.
PUBLIC KEY ENCRYPTION
Public key cryptography is a powerful method for secure communication,
ensuring privacy, authentication, and data integrity. It relies on a pair of
cryptographic keys:
Public Key – Shared with anyone and used for encrypting messages or verifying
digital signatures.
Private Key – Kept secret and used for decrypting messages or signing
documents.
How It Works
When two parties communicate securely, the sender encrypts a message using
the recipient’s public key. The encrypted message, known as ciphertext,
appears random and unreadable. Only the recipient, who has the
corresponding private key, can decrypt it back into plaintext.
Similarly, when a sender signs a document with their private key, anyone with
the public key can verify its authenticity, ensuring the message truly came from
the sender and wasn’t altered.
Why Is It Important?
Public key cryptography is widely used in secure internet communication. It
plays a crucial role in:
4
�✔ Confidential Messaging – Ensures only the intended recipient can read a
message.
✔ Authentication – Confirms the identity of users and websites.
✔ Data Integrity – Verifies that data has not been tampered with.
Characteristics of Public Key Encryption (Simplified)
Secure: It is nearly impossible to figure out the private key just by knowing the
public key and encryption method.
Key Pair Usage: Either the public or private key can be used for encryption,
while the other key is used for decryption.
Easy Sharing: Public keys can be shared freely, allowing anyone to encrypt
messages or verify digital signatures. Private keys, however, must be kept
secret to ensure security.
Popular Algorithm: The most common public-key encryption system is RSA
(Rivest–Shamir–Adleman), which relies on the difficulty of factoring large
numbers for security.
Components of Public Key Encryption
Plain Text: This is the message which is readable or understandable. This
message is given to the Encryption algorithm as an input.
Cipher Text: The cipher text is produced as an output of Encryption algorithm.
We cannot simply understand this message.
Encryption Algorithm: The encryption algorithm is used to convert plain text
into cipher text.
Decryption Algorithm: It accepts the cipher text as input and the matching key
(Private Key or Public key) and produces the original plain text
Public and Private Key: One key either Private key (Secret key) or Public Key
(known to everyone) is used for encryption and other is used for decryption
5
�DOMAIN NAME SYSTEM
DNS stands for Domain Name System.
DNS is a directory service that provides a mapping between the name of the
host on the network and its numerical address.
It translates human-readable domain names into machine-readable IP
addresses.
It enables computers to locate and communicate with each other on the
internet.
DNS is a TCP/IP protocol used on different platforms.
The domain name space is divided into three different sections: generic
domains, country domains, and inverse domain.
Types of domains
Generic Domains
It defines the registered hosts according to their generic behavior.
Each node in a tree defines the domain name, which is an index to the DNS
database.
It uses three-character labels, and these labels describe the organization type.
6
�Country Domain
The format of country domain is same as a generic domain, but it uses two-
character country abbreviations (e.g., us for the United States) in place of three
character organizational abbreviations.
Inverse Domain
The inverse domain is used for mapping an address to a name. When the
server has received a request from the client, and the server contains the files
of only authorized clients. To determine whether the client is on the
authorized list or not, it sends a query to the DNS server and ask for mapping
an address to the name.
7
�Working of DNS
Here is the step-by-step explaination of how DNS works:
1. Domain Name Registration
A user registers a domain name with a registrar , such as GoDaddy or
Namecheap.
2. DNS setup:
The domain owner uses a DNS hosting service that links the domain
name to an IP address.
3. DNS Query
When a user types a domain name into their web browser , the browser
sends a DNS Query to a DNS Resolver(usually provided by user’s OS).
4. DNS Resolver
The DNS Resolver sends the query to a DNS Root Server, which directs
the query to a Top-Level-Domain Server(TLD Server).
5. TLD Server
The TLD Server directs the query to Domain Name Server that is
responsible for the specific domain name.
6. Domain Name Server
The Domain Name Server returns the IP address associated with the
domain name to the DNS Resolver.
7. IP Address
The DNS Resolver returns the IP Address to the user’s web browser
which then connects to the website using the IP Address.
FIREWALLS
A firewall is a network security device either hardware or software-based
which monitors all incoming and outgoing traffic and based on a defined set of
security rules it accepts, rejects, or drops that specific traffic. It acts like a
security guard that helps keep your digital world safe from unwanted visitors
and potential threats.
Accept: allow the traffic
Reject: block the traffic but reply with an “unreachable error”
Drop: block the traffic with no reply
8
�A firewall is a type of network security device that filters incoming and
outgoing network traffic with security policies that have previously been set up
inside an organization. A firewall is essentially the wall that separates a private
internal network from the open Internet at its very basic level.
Need For Firewall
Before Firewalls, network security was performed by Access Control Lists
(ACLs) stored in routers. ACLs are rules that determine whether network
access should be granted or denied to specific IP address. But ACLs cannot
determine the nature of the packet it is blocking. Also, ACL alone does not
have the capacity to keep threats out of the network. Hence, the Firewall was
introduced. Since organizations need internet access, connecting to external
networks can create security risks. So, to protect internal networks by filtering
traffic and blocking unauthorized access, ensuring better security, a firewall is
needed.
Working of Firewall
1. Traffic Enters the Network
o Data packets try to enter or leave your device/network.
2. Firewall Checks the Rules
o The firewall compares each packet against a set of rules. They are:
- Source and Destination Address.
- Port Numbers
- Protocol Type
- Packet Contents and Headers
3. Decision: Allow or Block
o If the packet matches the rules, it is allowed.
o If it violates the rules, it is blocked or dropped.
4. Traffic is Forwarded or Rejected
o Safe traffic passes through.
o Suspicious or unauthorized traffic is stopped.
9
�Advantages:
1. Blocks hackers and unauthorized access.
2. Filters and monitors network traffic.
3. Protects against malware and cyber threats.
4. Improves overall network security.
5. Supports secure remote access.
Disadvantages:
1. Slows down network speed. 2. May block useful traffic.
3. Needs regular updates. 4. Difficult to set up and manage.
5. Cannot stop internal threats.
TYPES OF FIREWALLS
1. Proxy Firewall – Works like a middleman between your computer and the
internet, adding extra security.
2. Packet-filtering Firewall – Checks small pieces of data (packets) and blocks or
allows them based on rules.
3. Stateful Firewall – Remembers past connections to make better security
decisions.
4. UTM Firewall – An all-in-one security system that includes a firewall,
antivirus, and more.
5. NGFW Firewall – A smarter firewall that can check apps, users, and data
more deeply.
6. NAT Firewall – Hides your real IP address to keep your devices safer online.
10
�VIRTUALIZATION
Virtualization is a technology that allows multiple virtual computers (or
environments) to run on a single physical machine. Instead of using multiple
devices, virtualization creates software-based versions of computers,
networks, or storage systems.
In cybersecurity, virtualization is used to isolate threats, improve security, and
test malware safely.
How it works
Virtualization simulates a physical computer as a virtual machine (VM).
A hypervisor service runs between the VM and the physical hardware.
Virtualized security protects the hypervisor, operating system, and each VM.
Virtualized security can be deployed anywhere in the network,
including in the cloud.
1. Hypervisor (Virtual Machine Manager) – This is special software that creates
and manages virtual machines (VMs). Examples include VMware, VirtualBox,
and Microsoft Hyper-V.
2. Virtual Machines (VMs) – Each VM acts like a separate computer with its
own operating system and applications, but they all share the same physical
hardware.
3. Resource Allocation – The hypervisor divides CPU, memory, storage, and
network access among the VMs so they can run independently without
interfering with each other.
Types of Virtualization
1. Server Virtualization – Splits one physical server into many virtual servers,
each acting like its own computer. Saves space, reduces costs, and improves
efficiency.
2. Desktop Virtualization – Allows you to access your desktop (apps and files)
from any device. Great for remote work and security.
3. Storage Virtualization – Combines multiple storage devices into one large
virtual storage unit. Makes management easier and improves performance.
11
�4. Network Virtualization – Creates multiple virtual networks from one physical
network. Enhances security, speeds up data transfer, and improves resource
management.
5. Application Virtualization – Lets you use apps without installing them on
your device. Apps run from a server, making access easier and more secure.
RADIO FREQUENCY IDENTIFICATION (RFID)
- Radio Frequency Identification (RFID) is a wireless technology that uses
radio waves to identify and track objects, people, or animals automatically.
- It consists of small electronic devices called RFID tags, which are attached
to items, and RFID readers, which detect and read the information stored
on these tags without physical contact.
- Unlike barcodes, which require direct scanning, RFID allows data to be read
wirelessly and from a distance, making faster and more efficient.
- It is widely used in access control, inventory management, logistics, toll
collection, and security systems.
Working of RFID System
1. Signal Transmission from RFID Reader
• The RFID reader sends out radio frequency signals through its antenna.
• These signals create an electromagnetic field in the surrounding area.
2. Activation of RFID Tag
• When an RFID tag enters this electromagnetic field:
o If it's a passive tag, it draws energy from the reader’s signal to
power up.
o If it's an active or semi-passive tag, it already has a battery to
power its chip.
• Once activated, the tag is ready to communicate.
12
�3. Data Transfer from Tag to Reader
• The tag contains a microchip with stored data (e.g., a unique ID, product
info).
• It sends this data back to the RFID reader.
4. Reader Receives and Processes Data
• The reader captures the data and decodes the information.
• This data is then sent to a computer system or database for processing
and action.
5. Action Taken Based on Data
• Based on the received data, the system may:
o Display product information
o Update inventory records
o Grant access (in case of RFID cards)
o Trigger an alert (e.g., anti-theft gates)
MICROSOFT WINDOWS SECURITY PRINCIPLES
Microsoft Windows security principles are based on a set of guidelines and
best practices designed to protect systems, data, and users from security
threats. These principles include:
1. Least Privilege Principle: Users and applications should operate with the
minimum necessary permissions to reduce the risk of security breaches.
2. Defense in Depth: Multiple layers of security (firewall, antivirus, access
controls, etc.) are implemented to protect against threats.
3. Authentication and Access Control: Strong authentication mechanisms
such as Windows Hello, Multi-Factor Authentication (MFA), and Active
Directory (AD) are used to secure user identities.
4. Encryption and Data Protection: Features like BitLocker, Encrypting File
System (EFS), and Windows Information Protection (WIP) help
protect sensitive data.
13
� 5. Threat Detection and Response: Microsoft Defender Antivirus, Windows
Defender Advanced Threat Protection (ATP), and Event Logging monitor
and respond to security threats.
6. Secure Boot and System Integrity: Secure Boot, Trusted Boot, and
Measured Boot ensure that only trusted software loads during startup,
preventing malware from hijacking the boot process.
7. Zero Trust Security Model: Access is granted based on identity
verification, device health, and risk assessment rather than assuming
trust within a network.
WINDOWS TOKENS
Windows tokens are a fundamental part of the Windows security model,
playing a crucial role in authentication and authorization. These tokens are
used to manage access to system resources by defining what actions a user or
process can perform based on their identity and privileges.
When a user logs into a Windows system, the operating system creates an
access token that stores security-related information, including user
credentials, group memberships, and assigned privileges. Every process and
thread running on behalf of the user is associated with this token, ensuring
that security policies are consistently enforced.
Windows tokens are essential in privilege management, access control, and
impersonation, but they can also be exploited by attackers for privilege
escalation, lateral movement, and identity theft. Security professionals must
understand Windows tokens to detect and prevent attacks like token theft,
token impersonation, and pass-the-token attacks.
Types of Windows Tokens
1. Primary Token – Used by a process to define its security context.
2. Impersonation Token – Allows a process to temporarily act on behalf of
another user.
14
�3. Restricted Token – A modified token with reduced privileges for security
purposes.
Security Threats and Attacks on Windows Tokens:
Token Theft – Attackers steal tokens to impersonate privileged users.
Token Impersonation – A process runs with another user's token, enabling
privilege escalation.
Pass-the-Token Attack – Attackers reuse stolen tokens to access resources
without credentials.
WINDOWS MESSAGING
1. Windows Messaging is a mechanism in the Windows operating system
that allows applications and system components to communicate with
each other using messages.
2. Windows Messaging is an inter-process communication (IPC) system in
Microsoft Windows.
3. It allows applications and system components to exchange messages,
process user inputs, and send notifications.
4. It operates through the Windows Message Queue and functions such as
SendMessage(), PostMessage(), and PeekMessage().
5. This mechanism is crucial for handling user interactions like mouse
clicks, keyboard inputs, and system alerts.
Security Concerns
While Windows Messaging is essential for system operations, it can be
exploited for cyberattacks:
1. Shatter Attack (Privilege Escalation)
Low-privileged processes can send malicious messages to high-privileged
applications, causing them to execute code with admin rights.
15
�2. Keystroke Logging via Hooks
Attackers can use Windows Hooks (SetWindowsHookEx) to capture keystrokes
and steal passwords.
3. Process Injection Attacks
Malicious code can be injected into another process via Windows messages,
leading to unauthorized execution.
4. Message Spoofing
Attackers can send fake system messages to trick users into clicking malicious
pop-ups or granting permissions.
Mitigations
1. Use User Interface Privilege Isolation (UIPI) – Prevents low-privilege
processes from sending messages to high-privilege applications.
2. Apply the Principle of Least Privilege (PoLP) – Ensures that applications
do not run with unnecessary admin rights.
3. Disable Unnecessary Hooks – Avoid global hooks that allow keylogging.
4. Use Secure IPC Mechanisms – Alternatives like Named Pipes, RPC, or
Secure Sockets are safer for sensitive communication.
WINDOWS PROGRAMS
Windows programs refer to software and tools used for security-related tasks
such as malware analysis, penetration testing, forensic investigations, and
system hardening. These programs help in detecting vulnerabilities, preventing
attacks, and securing Windows systems.
Categories of Windows Programs
1. Security & Protection Tools
Windows Defender – Built-in antivirus & firewall protection.
BitLocker – Full-disk encryption to protect data.
Windows Firewall – Controls inbound & outbound network traffic.
16
�2. Cybersecurity Testing & Penetration Tools
Metasploit – Exploitation framework for security testing.
Nmap – Network scanning & reconnaissance tool.
Wireshark – Packet sniffer for network traffic analysis.
3. Digital Forensics & Incident Response
FTK Imager – Disk imaging tool for forensic analysis.
Volatility – Memory forensics tool to analyze RAM dumps.
Process Explorer (Sysinternals) – Monitors running processes & malware
detection.
4. Windows Security Monitoring & Auditing
Event Viewer (eventvwr.msc) – Tracks security logs & system events.
PowerShell Security Scripts – Automates threat detection & system auditing.
Group Policy (gpedit.msc) – Enforces security policies on Windows systems.
Windows programs play a crucial role in preventing cyber threats, securing
networks, and detecting vulnerabilities. Understanding and utilizing these tools
is essential for cybersecurity professionals and students.
WINDOWS FIREWALL
Windows Firewall is a network security system built into Microsoft Windows
that helps protect a computer by monitoring and controlling network traffic. It
acts as a barrier between a trusted internal network and untrusted external
networks, such as the internet by controlling incoming and outgoing traffic
based on predefined security rules.
Key Features
17
�1. Packet Filtering
Examines incoming and outgoing data packets and allows or blocks them based
on security rules.
2. Traffic Control
Monitors and controls network traffic to prevent unauthorized access.
3. Application Filtering
Blocks or allows applications from sending/receiving data over the network.
4. Inbound and Outbound Rules
Users can configure rules to allow or block specific ports, IP addresses, or
applications.
5. Domain, Private, and Public Profiles
Provides different security settings for different network types.
Domain: Used in enterprise environments.
Private: Used for home or trusted networks.
Public: Used for unsecured networks like public Wi-Fi.
6. Logging and Monitoring
Keeps records of blocked and allowed connections for security auditing.
7. Integration with Windows Defender
Works alongside Windows Defender Antivirus for enhanced protection.
Types of Windows Firewall Rules
1. Inbound Rules – Control traffic entering the computer (e.g., block
unauthorized remote desktop access).
2. Outbound Rules – Control traffic leaving the computer (e.g., prevent
malware from sending data).
3. Connection Security Rules – Enforce authentication and encryption between
devices.
18
�4. Predefined Rules – Windows includes default security rules for common
applications and services.
Windows Firewall is a critical defense mechanism against cyber threats. It
protects against unauthorized access, malware, and network-based attacks.
While it provides basic security, advanced users may use third-party firewalls
for enhanced protection.
19
