Module-I: Introduction to Cyber security

Defining Cyberspace and Overview of Computer and Web-technology, Architecture of

cyberspace, Communication and web technology, Internet, World wide web, Advent of
internet, Internet infrastructure for data transfer and governance, Internet society, Regulation
of cyberspace, Concept of cyber security, Issues and challenges of cybersecurity.

Defining Cyberspace
The term Cyberspace was first coined by William Gibson in the year 1984.
Cyberspace is the environment in which communication over computer networks
occurs.
Cyberspace is the virtual and dynamic space created by the machine clones.
Cyberspace mainly refers to the computer which is a virtual network and is a
medium electronically designed to help online communications to occur.
The primary purpose of creating cyberspace is to share information and
communicate across the globe.
Cyberspace is that space in which users share information, interact with each
other; engagein discussions or social media platforms, and many other activities.
The whole Cyberspace is composed of large computer networks which have
many sub- networks. These follow the TCP or IP protocol.

Concepts Of Cyberspace

1. Virtual Environment : Cyberspace is not a tangible place like a physical location but a
virtual environment. It is a space where digital data and information exist, flow, and
interact.
2. Networked System : It is created by the interconnection of computer systems, servers,
routers, and other network devices. These systems communicate with each other
through data transmission protocols, such as the TCP/IP.
3. Information Exchange : Cyberspace is primarily used for the exchange of information,
including text, images, videos, and other digital content. It enables global
communication and data sharing.
4. Worldwide Scope : Cyberspace is not limited by geographical boundaries. It is a global
domain where individuals, organizations and governments can connect and interact
regardless of their physical locations.
5. Digital Transactions : Online activities like e-commerce, social media, email and web
browsing all take place within cyberspace. It is the platform for various digital services
and transactions.
Overview of Computer and Web-technology
Computer and web technology are integral parts of our modern world, shaping how we
communicate, work, learn, and entertain ourselves.
Computer Technology:
Hardware: Computers consist of physical components like the central processing unit (CPU),
memory (RAM), storage devices (HDD/SSD), input/output devices (keyboard, mouse,
monitor), and more. These components work together to process and store data.
Software: Software includes the operating system (e.g., Windows, macOS, Linux) and
various applications (e.g., Microsoft Office, web browsers, video games) that run on a
computer. Operating systems manage hardware resources and provide a user interface.

Networking: Computers can connect to each other and the internet via wired (e.g., Ethernet)
or wireless (e.g., Wi-Fi) networks. Networking enables data sharing, communication, and
remote access.
Security: Computer security is crucial to protect data and systems from threats like viruses,
malware, and hackers. Antivirus software, firewalls, and encryption are common security
measures.
Processing Power: Moore's Law predicts that the processing power of computers doubles
approximately every two years. This constant improvement drives innovations in various
fields, including artificial intelligence, scientific research, and data analysis.

Web Technology:
Classification of web technology :
• World Wide Web (WWW): The World Wide Web, commonly referred to as the
web, is a global system of interconnected documents and resources linked through
hyperlinks. It is accessed via web browsers.
• Web Browsers: Web browsers like Google Chrome, Mozilla Firefox, and Microsoft
Edge allow users to access and interact with web content.
• Web Servers: Web servers store and deliver web content to users' browsers upon
request. Popular web server software includes Apache, Microsoft IIS.
• Web Page : A webpage is a digital document that is linked to the World Wide Web
and viewable by anyone connected to the internet has a web browser.
• Web Development: Web development involves creating and maintaining websites
and web applications.
Various Components & Concepts of Web technology
1. Web Development Languages and technology :
a) HTML(Hypertext Markup Language) : The standard markup Language used to
structure and format content on web pages.
b) CSS(Cascading style Sheets) : A Stylesheet language used for defining the
presentation and layout of web pages, including fonts, colors and positioning.
c) JavaScript : A scripting Language that enables interactivity and dynamic behavior on
web pages.
d) Backend Languages : Such as PHP, Python, Java and Node.js used for server-side
scripting to process data and manage server operations.
e) Database : MySQL, MongoDB and SQL server for data storage and retrieval.
f) Web Frameworks : Tools and Libraries that simplify web development, such as
Django, Ruby on Rails and Angular.
2. Web Servers and Protocols :
a) HTTP(Hypertext Transfer Protocol) : The foundation of data communication on the
web, specifying how messages are formatted and transmitted between the client and
server.
b) Web Servers: Software or Hardware thar hosts websites and serve web content to
users, including Apache, Nginx, and Microsoft Internet Information services(IIS).
3. Web Design and User Experience (UX):
1. Responsive Design: Designing websites to adapt and function well on various devices
and screen size.
2. User Interface (UI) Design: Focusing on the layout, visual elements and interactive
design to enhance the user experience.
3. User Experience (UX) Design: Concentrating on creating an intuitive and satisfying
experience for website visitors.
4. Content Management System (CMS):
• A content management system (CMS) is a computer program that helps companies
manage the creation, editing, organization, and publication of digital content.
• Platform like WordPress, Joomla and Drupal that facilitate the creation and
management of web content.
5. Web Hosting:
• Web hosting is an online service that allows you to publish your website files onto the
internet.
• Services and Providers that store and make website accessible on the internet.
6. Web Security :
• Web security refers to protecting networks and computer systems from damage to or
the theft of software, hardware, or data.
• Techniques and practices for safeguarding websites and web applications from
security threats and attacks.
7. Web Services and APIs (Application Programming interface) :
• Mechanisms for allowing different software systems to communicate and share data
over web.
 • Web services and APIs are both used to exchange data and communicate between
systems or applications, particularly when those applications can't communicate
directly.
8. Web Standards and accessibility :
• Web standards and accessibility are important for ensuring that websites are accessible
to all users, including those with disabilities.

Architecture of Cyberspace
• Cyberspace refers to the interconnected digital environment where computer system,
networks and data interact.
• Understanding the architecture involves examining the components, protocols, and
interactions that shape the digital landscape.
• The architecture of cyberspace is a conceptual framework that describe the structure
and organization of digital realm, which includes the internet, the world wide web and
various other digital network and systems.
• The architecture comprises several key components ad layers, each playing a distinct
role in enabling the functioning of the digital worlds.

Infrastructure
Physical Infrastructure:
• Data Centers: These centralized facilities house servers, storage systems, and network
equipment that support the processing and storage of vast amount of digital data.
• Network cables and Fiber Optics: Physical connections that enable the transmission
of data between devices and across the internet.
• Satellites and Submarine Cables: Global communication relies on satellites for
wireless transmission and submarine cables for intercontinental data exchange.
Virtual Infrastructure:
• Cloud Computing: Virtualized computing resources, including servers, storage, and
networking, delivered as services over the internet.
• Virtual machines and containers: Technologies that enable the creation and
deployment of isolated and portable computing environments.
Protocols and standards:
• TCP/IP (Transmission control Protocol/Internet Protocol): The fundamental
protocol suite responsible for data transmission across the internet.
• HTTP/HTTPS (Hyper Text Transfer Protocol/Secure): The protocol used for
transmitting web content, crucial for websites and web applications.
• SMTP/POP/IMAP (Simple mail transfer protocol/Post office protocol/Internet
 message access protocol): Protocols for email communications.
• FTP (File Transfer Protocol) : A protocol for transferring files over internet.
• SSL/TLS (Secure socket Layer/Transport layer security) : Encryption protocols
that secure data transmission, commonly used for secure web connections(HTTPS)
• IEEE Standards: The institute of electronic and electrical establishes standards for
various technologies, including networking, wireless communication and
cybersecurity.
• ISO/IEC Standards: International standards that cover a broad range of information
technology areas, ensuring global consistency in practices and products.
DNS (Domain Name System):
• A system for translating human-readable domain names into IP addresses to locate web
servers.
Web and Application Servers:
• These servers host websites, web applications, and other online services. They respond
to user requests, retrieve data from databases, and deliver content to users' devices.
Social Media and Online Communities:
• Cyberspace also includes virtual communities and social media platforms that enable
users to connect, share information, and collaborate online. These platforms have their
own architectures and algorithms for content delivery and interaction.
IOT (Internet of things) :
• IoT devices are connected to cyberspace, enabling them to collect and exchange data
with other devices and systems. They play a role in creating the "smart" aspect of
cyberspace, connecting physical objects to the digital realm.
Cybersecurity Layers:
• The architecture of cyberspace includes various security measures to protect data,
networks, and users. Firewalls, encryption, intrusion detection systems, and antivirus
software are examples of cybersecurity components.
• Cyber Security Layers: 1. Perimeter security
2. Network Security
3. Endpoint Security
4. Application Security
5. Data security

The 3 Layers of Cyberspace?

• The layers of cyber spacing, classified as the physical, logical, and social layers, are
essential in that we require them in our daily activities.
• These layers have been made to interact to create a global network.
• Cyberspace can be viewed as three layers (physical, logical, and social) made up of five
components (geographic, physical network, logical network, cyber persona, and
persona).
Physical Layer
• The physical layer includes the geographic component and the physical network
component. The geographic component is the physical location of elements of the
network.
• While geopolitical boundaries can easily be crossed in cyberspace at a rate approaching
the speed of light, there is still a physical aspect tied to the other domains.
• The physical network component includes all the hardware and infrastructure (wired,
wireless, and optical) that supports the network and the physical connectors (wires,
cables, radio frequency, routers, servers, and computers).

Logical Layer
• The logical layer contains the logical network component, which is technical and
consists of the logical connections that exist between network nodes.
• Nodes are any devices connected to a computer network.
• Nodes can be computers, personal digital assistants, cell phones, or various other
network appliances. On an Internet protocol (IP) network, a node is any device with an
IP address.

Social Layer
• The social layer comprises the human and cognitive aspects, including the cyber
persona and persona components.
• The cyber persona component includes a person’s identification or persona on the
network (e-mail address, computer IP address, cell phone number, and others).
• The persona component consists of the people actually on the network. An individual
can have multiple cyber personas (for example, different e-mail accounts on different
computers) and a single cyber persona can have multiple users.

Communication and Web Technology

1. Email: An email is a communication that happens in real time and can get important
data across to people in various geographies.
2. Instant Messaging and chat: Instant messaging (IM) technology is a type of
synchronous computer-mediated communication involving the immediate transmission
of messages between two or more parties over the Internet or another computer
network.
3. VoIP and Video calls: Voice over Internet Protocol(audio) helps to make the
calls(voice) transmit content over the internet instead of regular phone call.
4. Social media: social media are interactive technologies and digital channels that
facilitate the creation and sharing of information, ideas, interests, and other forms of
expression through virtual communities and networks.
5. Web Conferencing and webinars: Technology that allows the people to meet and
collaborate online in real time.
6. Blogs: Frequently updated web page
7. News and Media: New media are communication technologies that enable or enhance
interaction between users as well as interaction between users and content.
Internet
• The word Internet is derived from the word internetwork, or the connecting together
twoor more computer networks.
• The Internet started in the 1960s as a way for government researchers to share
information.

• Computers in the '60s were large and immobile and in order to make use of
information stored in any one computer, one had to either travel to the site of the
computer or have magnetic computer tapes sent through the conventional postal
system.
• January 1, 1983 is considered the official birthday of the Internet. Prior to this, the
various computer networks did not have a standard way to communicate with each
other.
• A new communications protocol was established called Transfer Control
Protocol/Internetwork Protocol (TCP/IP). This allowed different kinds of computers
on different networks to "talk" to each other.
• The Internet is a vast network that connects computers all over the world. Through the
Internet, people can share information and communicate from anywhere with an
Internet connection.
• It connects millions of computers, webpages, websites, and servers.

ICANN(Internet Corporation for Assigned Names and Numbers) Located in USA,

Manages the internet & protocols related to it like IP Address.

Why is the Internet Called a Network?

• Internet is called a network as it creates a network by connecting computers and servers
across the world using routers, switches and telephone lines, and other communication
devices and channels. So, it can be considered a global network of physical cables such
as copper telephone wires, fiber optic cables, tv cables, etc. Furthermore, even wireless
connections like 3G, 4G, or Wi-Fi make use of these cables to access the Internet.
• Internet is different from the World Wide Web as the World Wide Web is a network of
computers and servers created by connecting them through the internet. So, the internet
is the backbone of the web as it provides the technical infrastructure to establish
the WWW and acts as a medium to transmit information from one computer to another
computer. It uses web browsers to display the information on the client, which it fetches
from web servers.
• The internet is not owned by a single person or organization entirely. It is a concept
based on physical infrastructure that connects networks with other networks to create a
global network of billions of computers. As of 12 August 2016, there were more than
300 crores of internet users across the world.
How Internet Works?

• When you turn on your computer and type a domain name in the browser search bar,
your browser sends a request to the DNS server to get the corresponding IP address.
After getting the IP address, the browser forwards the request to the respective server.
• Once the server gets the request to provide information about a particular website, the
data starts flowing. The data is transferred through the optical fiber cables in digital
format or in the form of light pulses. As the servers are placed at distant places, the data
may have to travel thousands of miles through optical fiber cable to reach your
computer.
• The optical fiber is connected to a router, which converts the light signals into electrical
signals. These electrical signals are transmitted to your laptop using an Ethernet cable.
Thus, you receive the desired information through the internet, which is actually a cable
that connects you with the server.
• Furthermore, if you are using wireless internet using wifi or mobile data, the signals
from the optical cable are first sent to a cell tower and from where it reaches to your
cell phone in the form of electromagnetic waves.
• The data transfer is very fast on the internet. The moment you press enter you get the
information from a server located thousands of miles away from you. The reason for
this speed is that the data is sent in the binary form (0, 1), and these zeros and ones are
divided into small pieces called packets, which can be sent at high speed.

Domain Name & IP Address

• An Internet Protocol or IP address is different than a domain name.
• A domain name is a unique name that appears in email addresses and web
addresses. For example, the domain name for www.example.com is
example.com. Domain names are easier to remember than IP addresses.
• An IP address is a series of numbers that identifies a device's physical location on the
internet. IP addresses are long and difficult to remember. Most IP addresses are written
as four sets of digits, such as 12.34.56.78.
• The Domain Name System (DNS) translates domain names into IP addresses, allowing
people to use words instead of numbers to access websites.

Advantages of Internet
• Online Banking and Transaction: The Internet allows us to transfer money online
through the net banking system. Money can be credited or debited from one account to
the other.
• Education, Online Jobs, Freelancing: Through the Internet, we are able to get more
 jobs via online platforms like Linkedin and to reach more job providers. Freelancing on
the other hand has helped the youth to earn a side income and the best part is all this
can be done via the INTERNET.
• Entertainment: There are numerous options for entertainment online we can listen to
music, play games can watch movies, and web series, and listen to podcasts, youtube
itself is a hub of knowledge as well as entertainment.
• Best Communication Medium: The communication barrier has been removed from
the Internet. You can send messages via email, Whatsapp, and Facebook. Voice
chatting and video conferencing are also available to help you to do important meetings
online.
• Comfort to humans: Without putting any physical effort you can do so many things
like shopping online it can be anything from stationeries to clothes, books to personal
items, etc. You can books train and plane tickets online.
• GPS Tracking and google maps: Yet another advantage of the internet is that you are
able to find any road in any direction, and areas with less traffic with the help of GPS
on your mobile.

Disadvantages of Internet
• Time Wastage: Wasting too much time on the internet surfing social media apps and
doing nothing decreases your productivity rather than wasting time on scrolling social
media apps one should utilize that time in doing something skillful and even more
productive.
• Bad Impacts on Health: Spending too much time on the internet causes bad impacts
on your health physical body needs some outdoor games exercise and many more
things. Looking at the screen for a longer duration causes serious impacts on the eyes.
• Cyber Crimes: Cyberbullying, spam, viruses, hacking, and stealing data are some of
the crimes which are on the verge these days. Your system which contains all the
confidential data can be easily hacked by cybercriminals.
• Effects on Children: Small children are heavily addicted to the Internet watching
movies, and games all the time is not good for their overall personality as well as social
development.

World Wide Web

• The world wide web is a collection of all the web pages, and web documents that you
can see on the Internet by searching their URLs (Uniform Resource Locator) on the
Internet.
• It provides users with a huge array of documents that are connected to each other by
means of hypertext or hypermedia links.
• World wide web is a project which is created by Timothy Berner’s Lee in 1989, for
researchers to work together effectively at CERN.
• It is an organization, named World Wide Web Consortium (W3C), which was
developed for further development in the web.
The Language of the Web
There are three main components to this language to communicate in the Web.
1. Uniform Resource Locators (URLs): URLs provide the hypertext links between one
document and another. These links can access a variety of protocols on different machines or
your own machine.
2. Hypertext Markup Language (HTML): Hypertext Markup Language, a standardized
system for tagging text files to achieve font, colour, graphic and hyperlink effects on World
Wide Web pages.
3. Common Gateway Interfaces (CGI): CGIs provide a gateway between the HTTP server
software and the host machine.

Advent Of Internet
• The Internet started off with research into what was then known as packet switching
as early as the 1960s.
• ARPANET is considered the first known group of interconnected computers aka the
internet. This system was used to transfer confidential data between the Military.
• This data-sharing technology was then opened to educational institutes in the United
States to allow them to access to government’s supercomputer, first at 56 kbit/s, then
at 1.5 Mbit/s, and then at 45 Mbit/s.
• Internet service providers began to arise in the late 1980s and the internet was fully
commercialized in the US by 1995.
• The history of the Internet can be segmented into three phases
o Innovation Phase
o Institutionalization Phase
o Commercialization Phase
Innovation Phase(1961-1974)
• The fundamental building blocks of the Internet—packet-switching hardware, a
communications protocol called TCP/ IP, and client/server computing were
conceptualized and then implemented in actual hardware and software.
Institutionalization Phase(1975-1995)
• large institutions such as the U.S. Department of Defense (DoD) and the National
Science Foundation (NSF) provided funding and legitimization for the fledging
Internet.
Commercialization Phase (1995 to the present)
• The U.S. government encouraged private corporations to take over and expand the
Internet backbone as well as local service beyond military installations and college
campuses to the rest of the population around the world.

Internet infrastructure for data transfer and governance

• Internet infrastructure for data transfer and governance encompasses the physical and
virtual systems, protocols, and regulations that enable the secure, efficient, and reliable
exchange of data across the global network.
• This infrastructure plays a critical role in ensuring data privacy, security, and
compliance with regulations.
• Here are key components and considerations for internet infrastructure related to data
transfer and governance:
1.Network Infrastructure
• Backbone Networks: High-speed, long-distance networks that form the core of the
internet, connecting major data centers and internet exchange points (IXPs).
• Last-Mile Connectivity: The connection from service providers to end-users, including
wired (e.g., fiber-optic, DSL) and wireless (e.g., 5G, Wi-Fi) technologies.
• Data Centers: Facilities that house servers and storage devices, providing the
infrastructure for web hosting, cloud computing, and data storage.
2.Protocols and Standards
• Internet Protocol (IP): The foundation of internet communication, ensuring data packets
can be routed across networks.]
• Transport Layer Security (TLS): Encryption protocol for securing data in transit.
• Hypertext Transfer Protocol (HTTP) and HTTPS: Protocols for web data transfer, with
HTTPS adding a security layer.
• DNSSEC: Enhances the Domain Name System (DNS) by adding a layer of security
through digital signatures.
3.Data Centers and Cloud Services
• Major providers like Amazon Web Services (AWS), Microsoft Azure, and Google
Cloud offer robust infrastructure and tools for data storage and processing.
4.Data Governance and Regulation
• Data Privacy Regulations: Compliance with laws like GDPR (in Europe), CCPA (in
California), and HIPAA (for healthcare data).
• Data Retention Policies: Guidelines for storing and managing data for specific periods.
• Data Access Controls: Systems to restrict and monitor who can access and modify data.
• Data Encryption: Ensuring data at rest and in transit is properly encrypted to protect
against unauthorized access.
5.Cybersecurity
• Robust security measures, including firewalls, intrusion detection systems, and regular
security audits, are essential to protect data during transfer.
6.Internet Governance Bodies
• Organizations like ICANN (Internet Corporation for Assigned Names and Numbers)
oversee domain name system management and policy.
• Multistakeholder governance models involve various stakeholders, including
governments, businesses, and civil society, in shaping internet governance.
7.Content Delivery Networks (CDNs)
• CDNs like Akamai and Cloudflare optimize data delivery by caching content at various
locations worldwide, reducing latency.
8.Quality of Service (QoS)
• Ensuring data transfer meets performance requirements, especially for applications like
video conferencing and online gaming.
9.International Collaboration
• Cooperation among nations is essential to establish international norms and agreements
related to data transfer and governance.
10.Data Transfer Agreements
• Agreements like Privacy Shield and Standard Contractual Clauses facilitate the lawful
transfer of data across borders.

Internet society
• Internet Society (ISOC) A professional membership society that promotes the use and
future development of the Internet. It has individual and organization members all over
the world and is governed by an elected board of trustees. ISOC coordinates various
groups responsible for Internet infrastructure.
• These include
1.The Internet Engineering Task Force (IETF),
2.The Internet Architecture Board (IAB), and
3.The Internet Engineering Steering Group (IESG).
• The IETF develops technical standards for the Internet.
• The IAB has overall responsibility for the architecture and adjudicates on disputes
about standards.
• The IESG, along with the IAB, reviews standards proposed by the IETF

Roles and Objectives of Internet Society

1. Advocacy for an Open Internet
ISOC advocates for policies and practices that support an open and accessible internet. They
work to promote net neutrality, privacy, freedom of expression, and the free flow of
information.
2. Standards and Protocols
ISOC actively contributes to the development and promotion of open internet standards and
protocols through various working groups, such as the Internet Engineering Task Force (IETF).
3. Internet Governance
ISOC participates in internet governance discussions and initiatives, working to ensure that a
multistakeholder approach guides decisions about the internet's future.
4. Capacity Building and Education
The organization provides training, resources, and educational programs to individuals and
organizations to enhance their understanding of internet technologies, policies, and best
practices.
5. Community Building
ISOC brings together a diverse community of stakeholders, including engineers, policy makers,
academics, activists, and users, to collaborate on internet-related issues and initiatives.
6. Global Reach and Chapters
ISOC has a global presence through its chapters, which operate in various countries. These
chapters contribute to local and regional discussions on internet issues and help implement
ISOC's mission at the grassroots level.
7. Internet Hall of Fame
ISOC manages the Internet Hall of Fame, which recognizes and honors individuals who have
made significant contributions to the development and advancement of the internet.

Regulation of Cyberspace
Regulation of cyberspace involves the establishment and enforcement of rules, laws, and
guidelines to govern behavior, activities, and transactions in the digital realm. Given the global
nature of the internet, regulation often involves international cooperation, as well as efforts at
national, regional, and organizational levels. Here are key aspects of regulating cyberspace:
1. Legislation and Laws
Governments enact laws to regulate various aspects of cyberspace, including data protection,
privacy, cybersecurity, intellectual property rights, e-commerce, cybercrime, and freedom of
expression. These laws set the legal framework and establish consequences for non-
compliance.
2. International Agreements and Treaties
International cooperation is crucial to address global cybersecurity challenges. Agreements and
treaties between countries facilitate cooperation in combating cybercrime, sharing threat
intelligence, and establishing norms for responsible behavior in cyberspace.
3. Regulatory Authorities
Regulatory bodies at national and regional levels oversee compliance with laws and regulations
related to cyberspace. These authorities are responsible for enforcing rules, investigating
violations, and imposing penalties on non-compliant entities.
4. Industry Standards and Best Practices
Industry-specific organizations and international bodies develop and promote standards and
best practices for cybersecurity, privacy, data governance, and other relevant areas.
Compliance with these standards often becomes a requirement for organizations operating in
specific sectors.
5. Data Protection and Privacy Regulations
Laws and regulations such as the European Union's General Data Protection Regulation
(GDPR) and the California Consumer Privacy Act (CCPA) define how organizations collect,
use, store, and share personal data, ensuring the privacy and rights of individuals.
6. Cybersecurity Regulations
Governments and industry bodies establish regulations to mandate cybersecurity measures,
incident reporting, risk management, and secure software development practices to enhance
overall cybersecurity posture.
7. Net Neutrality
Net neutrality regulations ensure that internet service providers treat all data on the internet
equally, without discriminating or charging differently based on content, platform, application,
or method of communication.
8. Critical Infrastructure Protection
Regulations aim to protect critical infrastructure sectors (e.g., energy, finance, healthcare) from
cyber threats by setting security standards and requiring compliance to ensure operational
resilience.
9. Internet Governance Organizations
Entities like the Internet Corporation for Assigned Names and Numbers (ICANN) and the
Internet Engineering Task Force (IETF) play critical roles in coordinating and managing
various aspects of the internet, contributing to its stability and security.
10. User Education and Awareness
Governments and organizations often engage in campaigns to educate users about safe online
practices, privacy, and cybersecurity risks, aiming to promote responsible behavior in
cyberspace.

Concept of cyber security

• cybersecurity is the practice of protecting computer systems, networks, and data from
theft, damage, or unauthorized access.
• It encompasses a wide range of technologies, processes, and practices designed to
safeguard digital information and ensure the confidentiality, integrity, and availability
of data.
1.Confidentiality: This principle focuses on ensuring that sensitive information is only
accessible to authorized individuals or systems. It involves encryption, access controls, and
data classification to prevent unauthorized access or disclosure.
2.Integrity: Integrity in cybersecurity means that data and systems are accurate and
trustworthy. Any unauthorized modification or tampering with data or systems should be
detected and prevented. Techniques like checksums and digital signatures are used to maintain
data integrity.
3.Availability: Availability ensures that systems and data are accessible when
needed. Cyberattacks can disrupt services or make them unavailable, so cybersecurity measures
aim to prevent or mitigate such disruptions through redundancy, load balancing, and disaster
recovery planning.
4.Authentication: Authentication is the process of verifying the identity of users, devices, or
systems trying to access resources. This can be achieved through passwords, biometrics, two-
factor authentication (2FA), and multi-factor
authentication (MFA).

Cyber Attacks
• A cyber-attack is an exploitation of computer systems and networks. It uses malicious
code to alter computer code, logic or data and lead to cybercrimes, such as information
and identity theft.
• Cyber-attacks can be classified into the following categories
1.Web-based attacks
2.System-based attacks

Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-
• Injection attacks :It is the attack in which some data will be injected into a web
application to manipulate the application and fetch the required information.
• Session Hijacking :It is a security attack on a user session over a protected network.
Web applications create cookies to store the state and user sessions. By stealing the
cookies, an attacker can have access to all of the user data.
• Phishing: Phishing is a type of attack which attempts to steal sensitive information like
user login credentials and credit card number. It occurs when an attacker is
masquerading as a trustworthy entity in electronic communication.
• Denial of Service:It is an attack which meant to make a server or network resource
 unavailable to the users. It accomplishes this by flooding the target with traffic or
sending it information that triggers a crash.

System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
• Virus: It is a type of malicious software program that spread throughout the computer
files without the knowledge of a user. It is a self-replicating malicious computer
program that replicates by inserting copies of itself into other computer programs when
executed. It can also execute instructions that cause harm to the system.
• Worm: It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often originate from
email attachments that appear to be from trusted senders.
• Trojan horse: it is a malicious program that occurs unexpected changes to computer
setting and unusual activity, even when the computer should be idle. It misleads the
user of its true intent. It appears to be a normal application but when opened/executed
some malicious code will run in the background.

Cyber Threat
• A Cyber threat is any malicious act that attempts to gain access to a computer
network without authorization or permission from the owners.
• It refers to the wide range of malicious activities that can damage or disrupt a
computer system, a network or the information it contains.

Cyber Threat Cyber Attack

A Threat by definition is a condition /

An Attack by definition is an intended action to
circumstance which can cause damage to
cause damage to system/asset.
the system/asset.

Threats can be intentional like human The attack is a deliberate action. An attacker has
negligence or unintentional like natural a motive and plan the attack accordingly.
disasters.
A Threat may or may not malicious. An Attack is always malicious.

Chance to damage or information The chance to damage or

alteration varies from low to very high. information alternation is very high.

Issues and challenges of cyber security

• Cybersecurity faces numerous issues and challenges due to the ever-evolving nature of
technology and the increasing sophistication of cyber threats.
• Some of the key issues and challenges in cybersecurity include:
1.Cyber Attacks: The constant threat of cyberattacks from various actors, including hackers,
cybercriminals, nation-states, and hacktivists, is a significant challenge. These attacks can take
various forms, such as malware, ransomware, phishing, and distributed denial of service
(DDoS) attacks.
2.Data Breaches: Data breaches can have severe consequences for organizations and
individuals. The theft or exposure of sensitive data, such as personal information, financial
records, or intellectual property, can lead to financial losses, reputational damage, and legal
liabilities.
3.Security Vulnerabilities: Software and hardware vulnerabilities are exploited by attackers
to gain unauthorized access or control over systems. Identifying and patching these
vulnerabilities in a timely manner is a constant challenge.
4.Insider Threats: Insider threats, where individuals within an organization misuse their
access and privileges, can be particularly challenging to detect and prevent. This includes
employees, contractors, or partners who intentionally or unintentionally compromise security.
5.Lack of Cybersecurity Awareness: Many individuals and employees lack awareness of
cybersecurity best practices, making them susceptible to social engineering attacks and other
cyber threats.
6.Resource Constraints: Smaller organizations and even some larger ones may lack the
resources and expertise needed to implement robust cybersecurity measures. This can leave
them vulnerable to attacks.
7.Ransomware: Ransomware attacks have surged in recent years, with cybercriminals
encrypting data and demanding a ransom for decryption keys. These attacks can disrupt critical
operations and result in significant financial losses.