Cybersecurity Basics
Cybersecurity
Cybersecurity is the comprehensive practice of protecting computer systems, networks, devices, and
programs from digital attacks, unauthorized access, or damage. These cyberattacks are usually aimed at
accessing, changing, or destroying sensitive information, extorting money, or disrupting normal business processes.
1. The Foundation: The CIA Triad
The core principles of information security are modeled using the CIA Triad. Every security policy and architecture is designed to enforce one or more of these three pillars.
The CIA Triad
- Confidentiality: Ensuring that data is accessed only by authorized individuals. (e.g., Encrypting credit card numbers so hackers cannot read them; using passwords).
- Integrity: Ensuring that data is accurate, reliable, and has not been maliciously or accidentally altered during storage or transit. (e.g., Using file checksums to ensure a downloaded file wasn't tampered with).
- Availability: Ensuring that data, network resources, and systems are consistently accessible to authorized users when they need them. (e.g., Using backup generators for server rooms; mitigating DDoS attacks).
Key Takeaways
- The CIA Triad forms the foundational framework for assessing risk and designing security policies.
- Every security measure typically aims to protect at least one of these three principles: Confidentiality, Integrity, or Availability.
2. Common Cyber Threats and Malware
Understanding the types of attacks is critical to defending against them. Attack vectors target vulnerabilities in software, hardware, or human psychology.
Types of Malware and Threats
- Virus / Worm: Malicious code that replicates itself. Viruses attach to legitimate programs, while worms can spread independently across networks without human interaction.
- Ransomware: A highly destructive form of malware that completely encrypts a victim's files or hard drive, demanding payment (ransom, usually in cryptocurrency) in exchange for the decryption key.
- Phishing (Social Engineering): A psychological attack where attackers impersonate a trusted entity (like a bank or IT department) via email or text to trick victims into voluntarily revealing sensitive information like passwords.
- DDoS (Distributed Denial of Service): An attack aimed at destroying Availability. It involves using a "botnet" of thousands of infected computers to simultaneously flood a target server with garbage traffic, overwhelming it and making it crash or become unavailable to legitimate users.
Key Takeaways
- Threats come in many forms, from automated malware (viruses/worms) to human-targeted social engineering (phishing).
- Ransomware targets Confidentiality and Availability, while DDoS purely targets Availability.
3. Cryptography Fundamentals
Cryptography is the mathematical science of secure communication. It involves encrypting data so that only authorized parties holding a specific "key" can understand it, ensuring Confidentiality.
Encryption Concepts
- Plaintext: The original, easily readable message or data.
- Ciphertext: The encrypted, mathematically scrambled, unreadable message.
- Symmetric Encryption (e.g., AES): Uses the exact same key for both locking (encryption) and unlocking (decryption). It is extremely fast for large amounts of data, but safely sharing the single key between two parties over the internet is a major security risk.
- Asymmetric Encryption (Public Key Cryptography, e.g., RSA): Uses a mathematically linked pair of keys: a Public Key (shared openly with everyone) and a Private Key (kept absolutely secret). Anyone can use your Public Key to encrypt a message to you, but only your Private Key can decrypt it. It is slower but brilliantly solves the key exchange problem. It forms the basis of HTTPS/SSL.
3.1 Interactive Cryptography Simulator
Experiment with a basic Caesar Cipher to see how historical encryption algorithms mathematically shifted plaintext into ciphertext.
Caesar Cipher Simulator
Symmetric Key
Encrypting (+3)
Encrypting (+3)
FBEHUVHFXULWB
How it works:The Caesar Cipher is a basic substitution cipher. It replaces each letter in the plaintext with a letter a fixed number of positions down the alphabet. For example, with a shift of 3, 'A' becomes 'D'.
Key Takeaways
- Cryptography ensures Confidentiality by mathematically obscuring data using keys.
- Modern internet security (HTTPS) relies on a combination of Asymmetric Encryption (to securely share keys) and Symmetric Encryption (for fast data transfer).
4. Hashing vs. Encryption
While encryption is a two-way process (can be reversed if you have the key), Hashing is a strict one-way mathematical function. It takes an input of any size (a single password or a 10GB video file) and produces a fixed-size string of gibberish characters (a hash).
Hashing Properties & Uses (Ensuring Integrity)
- It is mathematically impossible to reverse a modern hash back into the original plaintext.
- The exact same input will always produce the exact same hash.
- The Avalanche Effect: Changing even a single letter in a massive document will result in a completely, radically different hash output.
Primary Use: Storing user passwords safely. Databases should never store plain passwords; they store the hash. When you log in, the system hashes what you typed and compares the two hashes. If the database is hacked, the hacker only gets useless hashes.
5. Network and Web Application Security
Organizations use a "Defense in Depth" strategy, layering multiple controls to protect their networks, while developers must protect their code against common web vulnerabilities documented by OWASP (Open Web Application Security Project).
Network Defenses
- Firewall: A hardware or software barrier that monitors and strictly filters incoming and outgoing network traffic based on predefined security rules (e.g., "Block all traffic on Port 23").
- MFA (Multi-Factor Authentication): A system requiring more than one credential category to verify identity: Something you know (password), something you have (a phone app generating a code), or something you are (fingerprint).
Common Web Vulnerabilities (OWASP)
- SQL Injection (SQLi): Occurs when a website takes user input (like a username field) and directly pastes it into a database query without "sanitizing" it. A hacker can type malicious SQL commands to delete the database or bypass login. Defense: Always use Parameterized Queries.
- Cross-Site Scripting (XSS): Occurs when a website allows a user to post text (like a forum comment) without checking it, and then displays that text to other users. A hacker injects malicious JavaScript into the comment, which executes in the victim's browser, often stealing session cookies. Defense: Strictly encode/escape all user input before displaying it.
- Cross-Site Request Forgery (CSRF): Tricks a victim's browser into executing unwanted actions (like transferring funds) on a different web application where they are currently logged in. Defense: Use unique, hidden Anti-CSRF Tokens attached to all forms.
Key Takeaways
- Network security utilizes a defense-in-depth strategy, layering multiple controls like firewalls and MFA.
- Web applications are frequently targeted via SQLi and XSS because they exploit flaws in the programmer's logic rather than trying to break complex cryptography.
- Strict input validation and parameterization are mandatory for secure software development.
Summary
Key Takeaways
- Cybersecurity is the practice of protecting systems and data, governed by the CIA Triad (Confidentiality, Integrity, Availability).
- Threats range from Ransomware and DDoS to psychological Phishing attacks.
- Cryptography (Symmetric and Asymmetric) ensures Confidentiality, while Hashing is a one-way function ensuring Integrity and safe password storage.
- Network Defenses rely on Firewalls and Multi-Factor Authentication (MFA).
- Developers must actively code against top Web Vulnerabilities like SQL Injection and Cross-Site Scripting (XSS).