A Beginner's Guide to Cyber Security

Introduction 

 
This article looks at the fundamentals of cybersecurity, including basic terms and terminologies of security, the importance of data, attributes of data. and the CIA triad, confidentiality, integrity, and availability. It also looks at cybersecurity domains and different types of encryption techniques, like asymmetric and symmetric encryption. 
 
We will be covering the following topics:
  • What are Cyber, Cybersecurity, and Cyberspace?
  • Terms and Terminologies of Security
  • Cyber Security Domains
  • Network Models
  • Cyber Security Certifications
  • Cyber Threats

What is meant by the term “Cyber”?

 
Cyber means anything that is digital. It can be your devices that are performing the digital computation. Anything that is related to the Internet falls under the category of Cyber.
 

How big is cyberspace ?

 
While Cyberspace should not be confused with the internet, the term is used to represent identities or events that take place in the communication process itself. For example, think of a website, it also exists in CyberSpace. Whether you share a post, upload a picture, or even send a message, all these social interactions exist in Cyber Space. This Cyber Space is expanding not in minutes but in seconds. These all events are taking place not on their physical locations but "in cyberspace". You can see an image below consisting of various digital devices that are connected through the internet. Their whole communications exist in cyberspace.
 
 

What is Cybersecurity? 

 
The term cybersecurity is used to refer to the security offered through online services to protect your online information.
  • Cybersecurity refers to the technologies and processes designed to protect computers, networks, and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cybercriminals
  • Cybersecurity is important for network, data and application security.
The Need for Cyber Security
  • Cybersecurity is necessary because it helps secure data from threats such as data theft or misuse. It also safeguards your system from viruses
  • With an increasing amount of people getting connected to the Internet, security threats that cause massive harm are increasing as well.

Terms and Terminologies of Security

 
Security vs Information Security
 
Security can be any physical security, it includes everything in security and Information Security can also be any digital security and is bound to information.
 
IT Security vs Network Security
 
Information Security(IT) is of wider scope includes web, network anything related to IT, and network security is bounded to network. System Security includes security of devices like mobile phones, computers, etc.
 
Cyber Security vs IT Security
 
Cyber Security includes digital security and IT security includes cybersecurity and also includes the physical security of systems highest which cybersecurity doesn’t include physical security of systems.
 
Note
InfoSec is short for Information Security and Pentest is short of Penetration Testing.
 

Domains of Cyber Security

 
Below are the domains of Cybersecurity:
  1. Access Control Systems and Methodology
  2. Telecommunications and Network Security
  3. Business Continuity Planning and Disaster Recovery Planning
  4. Security Management Practices
  5. Security Architecture and Models
  6. Law, Investigation, and Ethics
  7. Application and Systems Development Security
  8. Cryptography
  9. Computer Operations Security
  10. Physical Security
Access Control Systems and Methodology
 
The main purpose of Cyber Security is to protect your data. So first, we will get to know more about Data and the various access control systems and methodology.
 
Six Dimensions of Data Quality Assessment
 
A Data Quality(DQ) Dimension is a recognized term used to describe the feature of data that can be assessed or measured against defined standards in order to measure the quality of data.
 
The six core data quality dimensions are:
  1. Consistency
  2. Completeness
  3. Correctness
  4. Accessibility
  5. Timeliness
  6. Accuracy 
 

States of Data

 
Understanding the different states of digital data can be helpful for you to select the different sorts of security measures and encryption techniques to apply to the data. Here we will discuss three states of data. 
 
Data at rest/storage
 
Data at rest refers to the data that has been stored on some sort of physical medium or backup medium like data stored on hard disks or even in mobile devices. What makes its data at rest that data is in an inactive form and is not currently being transmitted or processed.
 
Data in motion/transmission
 
The second phase of data is in motion. Data in motion is currently transmitting on a network or is sitting on a computer's RAM ready to be read, updated, or processed. It can be emails or data transferred through FTP or SSH.
 
Data in process
 
The third phase of data is in process or use. This state of data is not being stored passively on a storage medium. This is the data that is being processed by one or more applications. This is the data currently being generated, updated, appended, or erased.
 

CIA (Confidentiality- Integrity - Availability)

 
Confidentiality, Integrity, and Availability, known as the CIA triad, is a model designed to guide policies for information security within an organization. We will look more in-depth at each of the three.
 
Confidentiality
  • It ensures that computer-related assets are accessed only by authorized parties sometimes called secrecy or privacy Measure undertaken to prevent sensitive information from reaching the wrong people and making sure that an authorized person can access it. 
  • The technique used is Encryption
Encryption to ensure Confidentiality
 
Suppose we want the “HELLO”, we can apply encryption technique to replace every alphabet of HELLO with its neighbor alphabet like H replace with I, E with F, etc which makes the word not meaningful. Then we decrypt with the same technique used on another side.
  • Bitlocker is a disk/drive-level encryption. We cannot apply BitLocker on file.
  • Windows use the NTFS file system. There is EFS(Encrypted File System)-File Level Encryption. Right-click on file (Compress the contents in blue color).
Features of EFS
 
There are two colors that show encryption and decryption.
 
This whole process depends on Policies. To keep backup of data, when an employee resigns, the company formats the system which also loses the BitLocker keys and other stuff.
 

Types of Encryption

 
There are two top-level types of encryption, Symmetric and Asymmetric 
 
Symmetric Encryption
  • Uses the Same Key to encrypt or decrypt data.
  • Consider a desktop password manager application. You enter your password and they encrypted with your own personal key. When the data is to be retrieved, the same key is used, and the data is decrypted
Asymmetric Encryption
  • Uses a Private key and Public Keypair 
  • Either key can encrypt but a single key can’t decrypt its own decrypted data. To decrypt, you need the paired key.
  • Asymmetric encryption is used for things like Transport Layer Security(TLS) used in HTTPS and data signing

Access Controls

 
Access controls authenticate and authorize individuals to access the information they are allowed to see and use.
  1. Something you know - (you know passwords)
  2. Something you are - (biometric scan)
  3. Something you have - (ATM card)
  4. Something you do - (signature style)

Integrity of Data

 
Integrity
 
It means that assets can be modified only by authorized parties or only in authorized ways. Ensures that information is in a format that is true and correct to its original purposes. It involves maintaining the consistency, accuracy, and trustworthiness of data in its entire life cycle.
 
The technique used is Hash
 
Hash
 
Hash Calculator takes a file as input and applies algorithms. The purpose of hashing is to show that the original file is not modified.
 
Let's have a practical implementation of hashing using the Microsoft File Checksum Integrity Verifier. You can download it from the internet.
 
 
You need to open a command prompt in the directory where your file is located. We will check the integrity of a text file. To apply this hashing technique:
 
fciv "filename with the extension" hashing algorithm => fciv readme.txt -sha1
 
 
Here you can see a Hash code generated of that file. Now we will modify the file by adding some letters in the text file and will again apply the hashing technique on the same file.
 
 
Here, you can see the Hash Code has been changed. This shows that the file has been modified and no longer in its original form. If we revert the changes that we made in the file and again apply the hashing technique, let's see what happens.
 
 
Below, you can see a diagram where there is plaintext on which a hash function has been applied. After applying the hash function, it generates a hashed text. This hashing technique is also being used in Cyber Forensics.

Availability of Data

 
This means that assets are accessible to authorized parties at appropriate times. High Availability (99.9%) where 0.1% is error rate and when increased 99.999 uptime 0.0001 error rate. It is implemented using methods such as hardware maintenance, software patching, and network optimization.
 
A classic example of a loss of availability to a malicious actor is a Denial of Service Attack (DOS).
 
SLA
 
Service Level Agreement is a binding document. It is a commitment between a service provider and a client. Particular aspects of service - quality, availability, responsibilities are agreed between the service provider and service user If the service user doesn’t receive files in time then service providers are fined.
 
 
Before discussing the types of DOS attacks, let's have a look at Ping Command.
 
Ping Command
  • Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network. A simple way to verify that a computer can communicate over the network with another computer or network device
  • Ping 127.0.0.1 (127.0.0.1 is a loopback address)
 

Types of DOS Attacks

 
Will discuss a few of the DOS Attacks:
  1. Ping of Death
  2. Ping of Flood
  3. Smurf Attack
  4. Fraggle Attack
Ping of Death
 
A Ping of Death attack is a Denial of Service (DoS) attack, in which the attacker aims to disrupt a targeted machine by sending a packet larger than the maximum allowable size, causing the target machine to freeze or crash.
 
 
Ping of Flood
 
Ping flood, also known as ICMP flood, is a common Denial of Service (DoS) attack in which an attacker takes down a victim’s computer by overwhelming it with ICMP echo requests, also known as pings. Example: Education Board Website.
 
 
Fraggle Attack
 
A Fraggle attack is a type of DOS attack where the attacker sends a large number of spoofed UDP traffic to a router's broadcast address within a network. 
 
 
Note
The first known computer virus appeared in 1971 and was named "Creeper Virus".The virus eventually deleted with a program known as "The Reaper", but it is important to note that the Reaper was actually a virus itself. 
 

TeleCommunications and Network Security

 
It focuses on communications, protocols, and network services, and the potential vulnerabilities associated with each. It involves the practices and policies adopted to prevent and monitor unauthorized access and misuse of a computer network and network-accessible resources.
 
Protocols
 
Network Protocols are a set of rules governing the exchange of information in an easy, reliable, and secure way. There are three types of network protocols which are given below:
  1. TCP/IP
  2. OSI Model
  3. CISCO Hierarchical Model
TCP/IP VS OSI Model
 
 
TCP/IP and OSI models are the two most widely used network protocols. The major difference between them OSI is a conceptual model , where TCP/IP is a practical model used for establishing a secure connection and communicating through the network. 
 

Cisco Hierarchical Model

 
Cisco has developed a three-layered hierarchical model for designing a reliable infrastructure. Each of its layers has its own functionality and features which helps to reduce network complexity. 
 
 
Access Layer
 
Control user and workgroups' access to resources on the network. This layer usually incorporates layer 2 switches.
 
Distribution Layer
 
Serves as the communication point between the access layer and the core layer. This layer usually consists of multilayer switches.
 
Core Layer
 
Also referred to as the Backbone layer, this layer is responsible for transferring huge amounts of traffic quickly. 
 
Contingency Planning
  1. IR (Incident Response)-low level issue, there are multiple tears, first step is identification,contain,investigate(forensics),perform remedy, reporting(document)
  2. DR (Disaster Recovery): high-level issues, major disruption, like floods, earthquakes.
  3. BCP (Business Continuity Planning): when everything is destroyed in the disaster, then how to continue the business
Laws, Investigations, and Ethics
  • One of the more interesting security domains is Law, Investigation, and Ethics. As the name implies, this security domain covers the legal issues associated with computer security.
  • Pakistan Cyberlaw 2016
Cryptography
 
One of the most widely used security techniques today is cryptography, the encryption of data. The Cryptography security domain is designed to help you understand how and when to use encryption.
 
What’s next?
 
This article was meant to give you a quick introduction and getting started guide to Cyber Security Fundamentals. Feel free to experiment.