Cybersecurity Fundamentals: 20 Essential Concepts Defined
Cybersecurity Fundamentals: 20 Essential Concepts
1. Defining Cyber Security
Cyber Security refers to the practices, technologies, and processes designed to protect computers, networks, programs, and data from unauthorized access, attacks, and damage.
2. The CIA Triad Explained
The CIA Triad is the core model of information security and cyber defense, focusing on three critical components:
- Confidentiality: Protecting sensitive data from unauthorized access and disclosure.
- Integrity: Ensuring that data is accurate, complete, and has not been tampered with or changed without authorization.
- Availability: Guaranteeing that systems, data, and services are accessible to authorized users when needed.
3. What is Malware? Types of Malicious Software
Malware (malicious software) is designed specifically to harm, disrupt, or gain unauthorized access to computer systems.
Examples of Malware include:
- Virus
- Worm
- Trojan
- Ransomware
- Spyware
4. Virus vs. Worm vs. Trojan: Key Differences
- Virus: Attaches itself to legitimate files or programs and requires user action (e.g., opening the infected file) to execute and spread.
- Worm: A standalone malicious program that self-replicates and spreads across networks without requiring any user interaction.
- Trojan: Appears legitimate and harmless but contains hidden malicious code designed to compromise the system once executed.
5. Understanding Phishing Attacks
Phishing is a social engineering attack where malicious actors send fraudulent communications (often emails or messages) disguised as a trustworthy entity to trick users into revealing sensitive information, such as passwords, credit card numbers, or bank details.
6. What is Social Engineering?
Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information, rather than attacking systems directly through technical means.
7. Cryptography: Securing Information
Cryptography is the practice and study of techniques for secure communication in the presence of adversaries. It involves converting information into an unreadable format (encryption) and converting it back (decryption). Cryptography ensures confidentiality, integrity, and authentication.
8. Symmetric vs. Asymmetric Encryption
Encryption methods differ primarily in how they use cryptographic keys:
- Symmetric Encryption: Uses a single, shared secret key for both encryption and decryption (e.g., AES, DES). It is generally faster.
- Asymmetric Encryption: Uses a pair of mathematically linked keys—a public key for encryption and a private key for decryption (e.g., RSA). It is essential for digital signatures and secure key exchange.
9. Role of a Network Firewall
A Firewall is a network security system (hardware or software) that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.
10. Denial of Service (DoS) Attack Definition
A DoS (Denial of Service) attack is an attempt to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the internet, typically by overwhelming it with traffic.
11. Distributed Denial of Service (DDoS) Attack
A DDoS (Distributed Denial of Service) attack involves multiple compromised computer systems (often referred to as a botnet) sending massive amounts of traffic simultaneously to a single target, causing a shutdown or severe performance degradation.
12. Man-in-the-Middle (MITM) Attack
In a Man-in-the-Middle (MITM) attack, the attacker secretly intercepts, relays, and potentially alters the communication exchange between two parties who believe they are communicating directly with each other.
13. What is SQL Injection?
SQL Injection (SQLi) is a vulnerability that occurs when an attacker inserts malicious SQL queries into input fields (like login forms) to access, view, or manipulate data within a database.
14. Authentication vs. Authorization
These are two distinct security processes:
- Authentication: The process of verifying a user’s claimed identity (e.g., checking a password or biometric scan).
- Authorization: The process of determining what specific resources or actions an authenticated user is permitted to access or perform.
15. Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) is a security method requiring users to provide two different verification factors to gain access to a resource. This typically involves something the user knows (password) and something the user has (e.g., a one-time password or OTP sent to a phone).
16. Defining a Digital Signature
A Digital Signature is a mathematical scheme used to demonstrate the authenticity of a digital message or document. It ensures message integrity (it hasn’t been altered) and non-repudiation (the sender cannot deny sending it) using cryptographic keys.
17. IDS and IPS: Detection and Prevention Systems
These systems are crucial for network defense:
- IDS (Intrusion Detection System): A monitoring system that detects suspicious activity or policy violations and alerts administrators.
- IPS (Intrusion Prevention System): A proactive security system that detects malicious activities and automatically takes action to block or prevent them from succeeding.
18. What is Cyber Crime? Examples
Cyber Crime refers to any illegal activity that involves a computer, networked device, or the internet. It can be used as the tool of the crime or the target of the crime.
Examples include:
- Hacking
- Identity Theft
- Cyberstalking
- Data Theft
- Financial Fraud
19. The IT Act 2000 (India)
The Information Technology Act, 2000 (IT Act 2000) is India’s primary law dealing with cyber law and electronic commerce. It provides legal recognition for electronic transactions, digital signatures, and establishes penalties for cybercrimes.
20. Steps of Incident Response
Effective incident response follows a structured process to manage and mitigate security breaches:
- Identification (Detecting the incident)
- Containment (Limiting the damage)
- Eradication (Removing the cause of the incident)
- Recovery (Restoring affected systems)
- Lessons Learned (Reviewing the incident and improving defenses)