Cyber Security

Fundamentals

Asst.Prof.Jessy julian
Dept.Of computer science
Trinity college, Jalandhar
 Introduction to the
Internet
A network is a group of two or more computer systems
(Multiple gadgets, additionally called hosts), which are related
through a couple of channels for the motive of sending and
receiving data (records/media) in a shared environment.

The Internet is a worldwide interconnected

network of hundreds of thousands of computers
of various types that belong to multiple
networks.
 Working of the Internet :

The internet is a global computer network that

connects various devices and sends a lot of
information and media. It uses an Internet
Protocol (IP) and Transport Control Protocol
(TCP)-based packet routing network. TCP and IP
work together to ensure that data transmission
across the internet is consistent and reliable,
regardless of the device or location. Data is
delivered across the internet in the form of
messages and packets. A message is a piece of
data delivered over the internet, but before it is
sent, it is broken down into smaller pieces known
as packets.
 History of Internet
Talking about the history of internet, the ARPANET (Advanced Research
Projects Agency Network, later renamed the internet) established a successful
link between the University of California Los Angeles and the Stanford Research
Institute on October 29, 1969. Libraries automate and network catalogs
outside of ARPANET in the late 1960s.

• TCP/IP (Transmission Control Protocol and Internet Protocol) is established

in the 1970s, allowing internet technology to mature.
• The development of these protocols aided in the standardization of how
data was sent and received via the internet.
• NSFNET (National Science Foundation Network), the 56 Kbps backbone of
the internet, was financed by the National Science Foundation in 1986.
Because government monies were being used to administer and maintain it,
there were commercial restrictions in place at the time.
 History of Internet
In the year 1991, a user-friendly internet interface was developed.
• Delphi was the first national commercial online service to offer
internet connectivity in July 1992.
• Later in May 1995, All restrictions on commercial usage of the
internet are lifted. As a result, the internet has been able to diversify
and grow swiftly.
• Wi-Fi was first introduced in 1997. The year is 1998, and Windows 98
is released.
• Smartphone use is widespread in 2007.
• The 4G network is launched in 2009. The internet is used by 3 billion
people nowadays. By 2030, there are expected to be 7.5 billion
internet users and 500 billion devices linked to the internet.
 Uses of the Internet
E-mail: E-mail is an electronic message sent across a network from one computer user to
one or more recipients. It refers to the internet services in which messages are sent from
and received by servers.

Web Chat: Web chat is an application that allows you to send and receive messages in real-
time with others. By using Internet chat software, the user can log on to specific websites
and talk with a variety of other users online. Chat software is interactive software that
allows users to enter comments in one window and receive responses from others who are
using the same software in another window.

World Wide Web: The World Wide Web is the Internet's most popular information
exchange service. It provides users with access to a large number of documents that are
linked together using hypertext or hyperlinks.
 Uses of the Internet
E-commerce: E-commerce refers to electronic business transactions
made over the Internet. It encompasses a wide range of product and
service-related online business activities.

Internet telephony: The technique that converts analog speech

impulses into digital signals and routes them through packet-switched
networks of the internet is known as internet telephony.

Video conferencing: The term "video conferencing" refers to the use of

voice and images to communicate amongst users.
 Advantages of the Internet
 It is the best source of a wide range of information. There is no better place
to conduct research than the internet.

 Online gaming, talking, browsing, music, movies, dramas, and TV series are
quickly becoming the most popular ways to pass the time.

 Because there are hundreds of thousands of newsgroups and services that

keep you updated with every tick of the clock, the Internet is a source of the
most recent news.
 Because of virtual shops where you may buy anything you want and need
without leaving your house, internet shopping is becoming increasingly
popular. Recently, virtual shops have been making a lot of money.
 With the emergence of online businesses, virtual stores, and credit card
 Disdvantages of the Internet
Spending too much time on the internet is hazardous for the young
generation's physical and mental health.

Children who use the internet develop an addiction, which is quite

dangerous.

It is now quite easy to decipher someone's chat or email messages

thanks to the hacking community.

With the emergence of online stores, people prefer to order online

rather than going to local stores which results in less social interactions
among people.
 Understanding IP and MAC Addresses

IP Address Basics Role in Networking

An IP address uniquely IP and MAC addresses

identifies devices on a work together for data
network. MAC Address transmission.
Explanation
A MAC address is a
hardware identifier for
network interfaces.
 Internet Protocol (IP) address
An Internet Protocol (IP) address is the unique identifying number assigned to every device
connected to the internet.
An IP address definition is a numeric label assigned to devices that use the internet to
communicate. Computers that communicate over the internet or via local networks share
information to a specific location using IP addresses.

IP addresses have two distinct versions or standards. The Internet Protocol version 4 (IPv4)
address is the older of the two, which has space for up to 4 billion IP addresses and is
assigned to all computers. The more recent Internet Protocol version 6 (IPv6) has space for
trillions of IP addresses, which accounts for the new breed of devices in addition to
computers. There are also several types of IP addresses, including public, private, static, and
dynamic IP addresses.

Every device with an internet connection has an IP address, whether it's a computer, laptop,
IoT device, or even toys. The IP addresses allow for the efficient transfer of data between
two connected devices, allowing machines on different networks to talk to each other.
 How does an IP address work?
An IP address works in helping your device, whatever you are accessing the
internet on, to find whatever data or content is located to allow for retrieval.

Common tasks for an IP address include both the identification of a host or a

network, or identifying the location of a device. An IP address is not random. The
creation of an IP address has the basis of math. The Internet Assigned Numbers
Authority (IANA) allocates the IP address and its creation. The full range of IP
addresses can go from 0.0.0.0 to 255.255.255.255.

With the mathematical assignment of an IP address, the unique identification to

make a connection to a destination can be made.
 Public IP address
A public IP address, or external-facing IP address, applies to the main device people
use to connect their business or home internet network to their internet service
provider (ISP). In most cases, this will be the router. All devices that connect to a
router communicate with other IP addresses using the router’s IP address.
Knowing an external-facing IP address is crucial for people to open ports used for
online gaming, email and web servers, media streaming, and creating remote
connections.
 Private IP address
A private IP address, or internal-facing IP address, is assigned by an office or home
intranet (or local area network) to devices, or by the internet service provider (ISP).
The home/office router manages the private IP addresses to the devices that connect
to it from within that local network. Network devices are thus mapped from their
private IP addresses to public IP addresses by the router.

Private IP addresses are reused across multiple networks, thus preserving valuable
IPv4 address space and extending addressability beyond the simple limit of IPv4
addressing (4,294,967,296 or 2^32).

In the IPv6 addressing scheme, every possible device has its own unique identifier
assigned by the ISP or primary network organization, which has a unique prefix.
Private addressing is possible in IPv6, and when it's used it's called Unique Local
Addressing (ULA).
Static IP address
All public and private addresses are defined as static or dynamic. An IP address that a
person manually configures and fixes to their device’s network is referred to as a
static IP address. A static IP address cannot be changed automatically. An internet
service provider may assign a static IP address to a user account. The same IP address
will be assigned to that user for every session.

Dynamic IP address
A dynamic IP address is automatically assigned to a network when a router is set up.
The Dynamic Host Configuration Protocol (DHCP) assigns the distribution of this
dynamic set of IP addresses. The DHCP can be the router that provides IP addresses
to networks across a home or an organization.

Each time a user logs into the network, a fresh IP address is assigned from the pool of
available (currently unassigned) IP addresses. A user may randomly cycle through
several IP addresses across multiple sessions.
 What is MAC Address?
To communicate or transfer data from one computer to another, we need an
address.
In computer networks, various types of addresses are introduced; each works at a
different layer. A MAC address, which stands for Media Access Control Address, is a
physical address that works at the Data Link Layer.

MAC Addresses are unique 48-bit hardware numbers of a computer that are
embedded into a network card (known as a Network Interface Card) during
manufacturing. The MAC Address is also known as the Physical Address of a
network device.
Format of MAC Address

To understand what is MAC address is, it is very important

that first you understand the format of the MAC Address.
So a MAC Address is a 12-digit hexadecimal number (48-
bit binary number), which is mostly represented by Colon-
Hexadecimal notation.

The First 6 digits (say 00:40:96) of the MAC Address

identify the manufacturer, called the OUI (Organizational
Unique Identifier). IEEE Registration Authority Committee
assigns these MAC prefixes to its registered vendors.
 Types of MAC Address
1. Unicast
A Unicast-addressed frame is only sent out to the interface leading to a
specific NIC. If the LSB (least significant bit) of the first octet of an
address is set to zero, the frame is meant to reach only one receiving
NIC. The MAC Address of the source machine is always Unicast.
Multicast:
The multicast address allows the source to send a frame to a group of
devices.
In Layer-2 (Ethernet) Multicast address, the LSB (least significant bit)
of the first octet of an address is set to one. IEEE has allocated the
address block 01-80-C2-xx-xx-xx (01-80-C2-00-00-00 to 01-80-C2-FF-
FF-FF) for group addresses for use by standard protocols.
Broadcast:
Similar to Network Layer, Broadcast is also possible on the underlying layer( Data
Link Layer). Ethernet frames with ones in all bits of the destination address (FF-FF-
FF-FF-FF-FF) are referred to as the broadcast addresses. Frames that are destined
with MAC address FF-FF-FF-FF-FF-FF will reach every computer belonging to that
LAN segment.
 Why we need to Have Both IP and MAC Addresses?

The reason for having both IP and MAC addresses lies in the way
the Internet works, specifically in the structure of the OSI Model.
This model is a conceptual framework that describes how data is
sent and received over a network. It's divided into seven layers,
each performing specific functions.

Layer 2 uses MAC addresses and is responsible for packet delivery

from hop to hop .
Layer 3 uses IP addresses and is responsible for packet delivery
from end to end .
 Client-Server and P2P Architectures

Client-server and peer-to-peer (P2P)

Client-Server Model
are two fundamental network
A centralized server provides resources and
architectures. In client-server services to multiple clients.
architecture, a central server provides P2P Architecture
resources and services to multiple Direct communication between users, sharing
clients. In P2P architecture, all nodes resources without a central server.

(peers) can act as both clients and Use Cases

servers, communicating directly with Client-server is common in web applications;
each other. P2P is used in file sharing.
 The Client-Server Model is a
distributed application architecture
that divides tasks or workloads
between servers (providers of
resources or services) and clients
(requesters of those services). In this
model, a client sends a request to a
server for data, which is typically
processed on the server side. The
server then returns the requested data
to the client.
Clients generally do not share resources with each other, but instead rely on the
server to provide the resources or services requested. Common examples of the
client-server model include email systems and the World Wide Web (WWW),
where email clients interact with mail servers, and web browsers request
resources from web servers.
How Does the Client-Server Model Work?
Client
When we talk about a "Client," it refers to
a device (usually a computer, smartphone,
or application) that requests and receives
services from a server. The client is the
entity that initiates communication, asking
for data or resources from the server. For
instance, web browsers like Google
Chrome, Mozilla Firefox, or Safari are
common client applications that request
data from a server to render web pages.
Server
A Server, on the other hand, is a remote computer or system that provides
data, resources, or services to clients. It listens to incoming client requests,
processes them, and sends the required information back. A server can
handle multiple client requests simultaneously.

The client sends a request to the server, and the server serves the
request as long as the data or service is available in its system.
 Real-World Examples of the Client-Server Model
1. Email Systems
Client: The user’s email client (e.g., Microsoft Outlook, Gmail App).
Server: The email server (e.g., Gmail Server, Yahoo Mail Server).
How It Works: The email client requests emails from the server, and the server delivers
them. Similarly, when the user sends an email, the client communicates with the server to
send the message.
2. The World Wide Web
Client: A web browser (e.g., Google Chrome, Mozilla Firefox).
Server: A web server (e.g., Apache Server, Nginx Server).
How It Works: The browser requests the web pages from the server, and the server sends
the HTML files back to the client, which are then rendered and displayed.
3. Cloud Storage Services
Client: The user’s device (e.g., smartphone, PC).
Server: A cloud server (e.g., Google Drive, Dropbox).
How It Works: The client uploads files to the server and can download them when needed.
The server stores all the user’s files centrally, ensuring remote access to data.
 Advantages of the Client-Server Model

Centralized Data Management: All data is stored in a centralized server,

which makes it easier to manage, update, and back up.
Cost Efficiency: Since the server handles most of the processing, clients
require fewer resources and can be simpler devices, reducing costs.
Scalability: Both clients and servers can be scaled separately. Servers can be
upgraded to handle more clients, and new clients can be added without
significant changes to the server infrastructure.
Data Recovery: Centralized data storage on the server allows for better data
recovery and easier backup strategies.
Security: Security measures such as firewalls, encryption, and
authentication can be centralized on the server, ensuring that sensitive data
is protected
 Disadvantages of Client-Server Model
Clients Are Vulnerable: Clients are prone to viruses, Trojans, and worms if
present in the Server or uploaded into the Server.
Servers Are Targets: Servers are prone to Denial of Service (DOS) attacks, where
the server is overwhelmed with traffic and made unavailable to legitimate
clients.
Data Spoofing and Modification: Data packets may be spoofed or modified
during transmission if the proper security measures (e.g., encryption) are not
implemented.
Man-in-the-Middle (MITM) Attacks: Phishing or capturing login credentials or
other useful information of the user are common and MITM(Man in the Middle)
attacks are common.
 Peer-to-Peer (P2P) Architecture
Peer-to-peer (P2P) architecture is a
decentralized computing model where
network participants share resources directly
with each other without the need for a
centralized server. In a P2P network, each
node acts as both a client and a server,
enabling distributed sharing of files, data, and
computing resources. This article provides a
comprehensive overview of the P2P
architecture, including its characteristics,
benefits, types, key components,
bootstrapping process, data management,
routing algorithms, challenges, security
techniques, and applications.
 Advantages of Peer-to-Peer (P2P) Networks

Decentralization: P2P networks distribute control and resources among peers,

eliminating the need for a central server. This decentralization increases
resilience and reduces the risk of a single point of failure.
Load Distribution: Workload is distributed across multiple peers in a P2P
network, improving resource utilization and overall performance, particularly
under heavy loads.
Cost Reduction: P2P networks can significantly reduce costs associated with
infrastructure, maintenance, and bandwidth, as they rely on resources
contributed by peers rather than centralized servers.
Content Redundancy and Availability: Content replication across multiple peers
ensures redundancy and continuous availability, even if some peers go offline or
experience failures.
 Characteristics of Peer-to-Peer (P2P) Networks

Decentralization: P2P networks operate without a central authority, allowing nodes

to communicate and share resources directly.
Scalability: P2P networks can be easily scaled to accommodate a large number of
nodes without relying on a centralized infrastructure.
Fault tolerance: P2P networks are resilient to node failure because the absence of a
central server means that the network can continue to function even if some nodes
become unavailable.
Resource sharing: P2P network participants can share files, data, and computing
resources directly with each other.
Autonomy: Each node in a P2P network has autonomy over its own resources and
decisions, which contributes to the overall resilience and flexibility of the network.
 Cloud Computing
Cloud Computing means storing and accessing data and
programs on remote servers that are hosted on the internet
instead of the computer's hard drive or local server. Cloud
computing is also referred to as Internet-based computing. It
is a technology where the resource is provided as a service
through the Internet to the user. The data that is stored can
be files, images, documents, or any other storable document.
 Origins Of Cloud Computing
Mainframe computing in the 1950s and the internet explosion in the
1990s came together to give rise to cloud computing. Since
businesses like Amazon, Google, and Salesforce started providing
web-based services in the early 2000s. The term "cloud computing"
has gained popularity. Scalability, adaptability, and cost-effectiveness
are to be facilitated by the concept's on-demand internet-based
access to computational resources.

These days, cloud computing is common, driving a wide range of

services across markets and transforming the processing, storage,
and retrieval of data
Key aspects of cloud computing:

•On-demand delivery: Users can access resources as needed,

without upfront investments or long-term contracts.
•Pay-as-you-go pricing: Customers are typically billed based on
their actual usage of the resources.
•Scalability: Cloud resources can be easily scaled up or down to
meet changing demands.
•Cost savings: By eliminating the need for on-premises hardware
and IT staff, cloud computing can significantly reduce capital and
operating expenses.
•Flexibility and agility: Cloud services enable businesses to
quickly adapt to new opportunities and challenges.
•Accessibility: Cloud resources can be accessed from anywhere
with an internet connection.
Cloud Computing Services
1 Overview of Cloud 2 Computation as a 3 Storage as a Service
Computing Service
Users can store data
Cloud computing enables This service model allows remotely on cloud servers,
on-demand access to a users to run applications ensuring accessibility and
shared pool of configurable and perform computations security.
computing resources. without needing physical
infrastructure.
 • Infrastructure as a Service (IaaS):
Provides access to fundamental computing resources
like servers, storage, and networking.
•Platform as a Service (PaaS):
Offers a platform for developing, running, and managing
applications, including tools and infrastructure.
•Software as a Service (SaaS):
Delivers software applications over the internet, such as
email, CRM, and office productivity suites.
Information Security Principles

Confidentiality Integrity Availability

Ensuring that sensitive Data integrity guarantees that Ensuring that data and services
information is accessed only by information is accurate and are accessible when needed.
authorized users. Encryption unaltered during storage or This involves implementing
and access controls are transmission. Techniques like redundancy, backups, and
essential measures to maintain checksums and hash functions disaster recovery plans to
confidentiality. are used to verify data integrity. maintain operational continuity.
 1. Confidentiality: This principle ensures that sensitive
information is accessible only to authorized individuals or
systems. It involves implementing measures to prevent
unauthorized disclosure of information, such as access
controls, encryption, and data masking.

Integrity: Integrity ensures that information is accurate,

complete, and has not been altered or corrupted, either
intentionally or accidentally. This involves implementing
measures like data validation, version control, and audit
trails to detect and prevent unauthorized modifications.

Availability: Availability ensures that authorized users have

timely and reliable access to information and resources when
needed. This involves implementing measures like redundancy,
backups, and disaster recovery plans to ensure systems and data
remain accessible during normal operations and in the event of
disruptions.
 Applications in Daily Life
User Experience Design

2
Effective app design enhances
Desktop and Mobile usability and engagement,
Apps ensuring that features are
intuitive and accessible.
Applications are available across
1
platforms, providing users with
functionality for various tasks, Integration with Cloud
from productivity to Services
entertainment.
Many applications now leverage cloud
3
computing for data storage and
processing, allowing for a seamless
user experience.
 Authentication and Authorization

1 Authentication 2 Authorization 3 Importance of Both

After authentication, Proper authentication
The process of verifying authorization determines and authorization are
the identity of a user or what resources a user can essential to protect
device. Common access. Role-based access sensitive information
methods include control (RBAC) is a and prevent
passwords, biometrics, popular method to unauthorized access,
and multi-factor manage permissions forming a critical part
authentication to effectively. of overall
enhance security. cybersecurity.
• Authentication verifies the identity of a user or system
• Authorization determines what resources they are permitted to access.
Data Trails and Cookies

Data Trails Cookies Explained Privacy Considerations

Users leave digital Awareness of cookies

Small files that store
footprints online that and data trails is vital for
user preferences and
can be tracked. privacy.
enhance experience.
 DATA TRAIL
A data trail refers to the record of digital actions and information left behind by a
user or system. It encompasses various forms of data, including browsing history,
online transactions, social media activity, and more. Effectively managing data
trails is crucial for privacy protection, security, reputation management, and legal
compliance.
• A data trail is essentially a digital footprint, a record of online activity.
• It can be both intentional (e.g., posting on social media) and unintentional (e.g.,
cookies tracking your browsing).
• Examples include website visits, emails sent and received, online purchases, and
even location data from mobile devices.
 Cookies
Computer cookies, also known as internet or HTTP cookies, are small text files that
websites store on a user's device (computer, phone, etc.) to remember information
about them. These files help websites personalize the user experience by remembering
preferences, login details, and other data. They enable websites to recognize returning
users, making browsing more convenient and efficient.
Functions of Cookies
•Personalization:
Cookies help websites remember your preferences, like language settings, currency, or
display preferences, so you don't have to reset them every time you visit.
•Session Management:
They keep you logged in to websites, so you don't have to re-enter your username and
password each time you visit.
•Tracking:
Websites use cookies to track your browsing activity across different pages and even
different websites. This information can be used for targeted advertising or to analyze
user behavior.
•Functionality:
Some cookies are essential for certain website features, like keeping items in a shopping
cart or displaying videos.
The Importance of Security
In today's digital landscape, prioritizing security is essential to safeguard sensitive information from theft and
breaches. As threats develop, strong protective measures are vital to maintain user trust and business
integrity.

Emerging Threats
Why Security Matters
Cyber threats are evolving,
Building Trust
Protection of personal and necessitating robust security
organizational data is measures for all internet users. Strong security practices not
paramount to prevent identity only protect data but also build
theft, financial loss, and user trust essential for online
reputational damage. businesses.

1 3