Back to Subject
Practice MCQ

Unit 3 - Notes

CSE121

Unit 3: Cybersecurity

1. Introduction to Cybersecurity

Definition

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

Importance in the Digital Era

As society transitions to a digital-first approach, the importance of cybersecurity has escalated:

  • Data as an Asset: Data (personal, financial, intellectual property) is the most valuable commodity in the modern economy.
  • Interconnectedness: With the IoT (Internet of Things), physical infrastructure (power grids, hospitals, transport) is connected to the web, making them vulnerable to digital sabotage.
  • Cost of Breaches: Cybercrime costs the global economy trillions annually through theft, fraud, and recovery costs.
  • Trust: Digital trust is the foundation of online commerce; without security, consumers cannot transact online.

2. The CIA Triad

The CIA Triad is the foundational model for information security policies. All security controls are designed to uphold one or more of these three principles.

1. Confidentiality

Ensures that sensitive information is disclosed only to authorized parties.

  • Goal: Prevent unauthorized access.
  • Mechanisms: Data encryption (at rest and in transit), Multi-Factor Authentication (MFA), biometric verification.

2. Integrity

Ensures that the data remains accurate, consistent, and trustworthy over its entire lifecycle.

  • Goal: Prevent unauthorized modification or deletion.
  • Mechanisms: Hashing, checksums, digital signatures, version control, file permissions.

3. Availability

Ensures that information and resources are accessible to authorized users when needed.

  • Goal: Prevent disruption of service.
  • Mechanisms: Redundancy (backup servers), RAID configurations, Disaster Recovery Plans (DRP), protection against DDoS attacks.

3. Cyber Threat Landscape

The source of cyber threats is generally categorized into two origins:

Insider vs. External Threats

Feature Insider Threats External Threats
Origin Originate from within the organization (employees, contractors, partners). Originate from outside the network perimeter.
Types Malicious: Disgruntled employees stealing data.
Accidental: Negligence (e.g., leaving a laptop unlocked, falling for phishing).		 Hackers, organized crime groups, nation-states, hacktivists.
Detection Harder to detect as the user has legitimate access. Detected via firewalls, IDS/IPS (Intrusion Detection Systems).

Malware (Malicious Software) Overview

Malware is an umbrella term for any intrusive software developed by cybercriminals.

  • Virus: Attaches to clean files and spreads uncontrollably, damaging the core functionality of a system.
  • Worms: Standalone malware that replicates itself to spread to other computers (does not need a host file).
  • Trojan Horse: Disguises itself as legitimate software to trick users into downloading it.
  • Ransomware: Encrypts a victim's files; the attacker demands a ransom (usually crypto) to restore access.
  • Spyware: Secretly records information about user activities (keystrokes, browsing habits).

4. Common Cyber-Attacks

Phishing and Social Engineering

Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. It relies on human error rather than technical vulnerabilities.

  • Phishing: Sending fraudulent emails that resemble reputable sources (e.g., banks) to steal passwords or credit card numbers.
  • Spear Phishing: Highly targeted phishing attack focused on a specific individual or organization.
  • Pretexting: Creating a fabricated scenario (a pretext) to gain a victim's trust (e.g., "I'm calling from IT support and need your password").

Password and Brute-Force Attacks

  • Brute-Force Attack: An automated script tries every possible combination of characters until the correct password is found.
  • Dictionary Attack: Uses a predefined list of common words and passwords.
  • Credential Stuffing: Using stolen login credentials from one breach to try and access other unrelated services (relying on users reusing passwords).

Denial of Service (DoS) & Distributed DoS (DDoS)

  • DoS: Floods a target server with fake traffic to exhaust its resources (bandwidth or CPU), making it unavailable to legitimate users.
  • DDoS: Uses a network of compromised computers (a Botnet) to launch a DoS attack from multiple locations simultaneously, making it harder to stop.

Zero-Day Attacks

  • A Zero-Day Vulnerability is a software flaw known to the vendor but has no patch (fix) available yet.
  • A Zero-Day Attack occurs when hackers exploit this flaw before developers can release a fix. It is called "zero-day" because the developers have had zero days to fix it.

5. Case Studies of Recent Cyber Incidents

Case Study 1: SolarWinds Supply Chain Attack (2020)

  • The Incident: Hackers compromised the software update mechanism of SolarWinds (an IT management company).
  • Mechanism: Malicious code was hidden in legitimate software updates sent to 18,000 customers, including US government agencies and Fortune 500 companies.
  • Impact: Demonstrated the danger of Supply Chain Attacks, where attackers target a third-party vendor to breach the ultimate target.

Case Study 2: Colonial Pipeline Ransomware (2021)

  • The Incident: DarkSide (a cybercriminal group) infected the Colonial Pipeline's billing system with ransomware.
  • Mechanism: Compromised a legacy VPN password that lacked Multi-Factor Authentication.
  • Impact: The pipeline was shut down for days, causing massive gas shortages and panic buying across the US East Coast. The company paid a $4.4 million ransom.

Case Study 3: Log4j Vulnerability (2021)

  • The Incident: A critical vulnerability was found in a widely used Java logging library (Log4j).
  • Mechanism: It allowed Remote Code Execution (RCE), meaning attackers could take full control of a server just by typing a specific string of text into a loggable field (like a chat box or login screen).
  • Impact: Affected millions of devices globally, highlighting the risks of Open Source Software dependencies.

6. Personal Cybersecurity Best Practices

Secure Web Browsing

  • HTTPS: Always ensure the URL starts with https://. The 'S' stands for secure (encrypted via TLS/SSL).
  • Public Wi-Fi: Avoid conducting banking or sensitive transactions on public Wi-Fi unless using a VPN (Virtual Private Network).
  • Pop-ups: Do not click on pop-up ads; use ad-blockers where appropriate.

Social Media Security

  • Privacy Settings: Restrict who can see posts and personal details.
  • Oversharing: Avoid posting birthday, mother's maiden name, or pet names publicly, as these are often answers to security questions.
  • Third-Party Apps: Regularly review and revoke permissions for apps connected to social media accounts.

Email Security

  • Verify Senders: Check the actual email address, not just the display name (e.g., support@paypal-security-alert.com instead of support@paypal.com).
  • Attachments: Never open attachments (especially .exe, .zip, .scr) from unknown senders.
  • Links: Hover over links to preview the actual destination URL before clicking.

7. Personal Data Protection and Digital Footprints

Digital Footprints

A digital footprint is the trail of data you leave behind while using the internet.

  1. Passive Footprint: Data collected without the user knowing (IP address, browser history, cookies).
  2. Active Footprint: Data intentionally submitted by the user (social media posts, email forms).

Managing Digital Footprints

  • Cookie Management: Regularly clear cookies and cache. Reject non-essential cookies on websites.
  • Data Minimization: Only provide mandatory information in online forms.
  • De-listing: Request data brokers (people-search sites) to remove your information.

8. Cybersecurity Tools

1. Nmap (Network Mapper)

  • Function: An open-source tool for network discovery and security auditing.
  • Usage: It sends packets to a target network to determine what hosts are available, what services (application name and version) those hosts are offering, and what operating systems they are running.
  • Role: Used by admins for inventory and by hackers for reconnaissance (Port Scanning).

2. Wireshark

  • Function: A network protocol analyzer (Packet Sniffer).
  • Usage: It captures traffic moving through a network interface in real-time.
  • Role: Allows security professionals to inspect the details of traffic to detect malicious activity, troubleshoot network performance, or analyze plain-text data.

3. AI-Based Threat Detection Systems

  • Traditional antivirus relies on signatures (knowing what a specific virus looks like).
  • AI/Machine Learning tools analyze behavior.
    • Example: If a user who normally logs in from London at 9 AM logs in from North Korea at 3 AM and downloads 50GB of data, AI flags this as an anomaly (User and Entity Behavior Analytics - UEBA).

9. Cybersecurity Compliance

Organizations must adhere to legal standards to avoid fines and reputational damage.

  • GDPR (General Data Protection Regulation): EU law. Focuses on data privacy and the "Right to be Forgotten." Applies to any company processing EU citizens' data.
  • HIPAA (Health Insurance Portability and Accountability Act): US law. Protects sensitive patient health information.
  • PCI-DSS (Payment Card Industry Data Security Standard): Security standards for organizations that handle branded credit cards to reduce credit card fraud.

10. Job Roles and Skill Sets

Common Job Roles

  1. Security Analyst: Monitors networks for security breaches and investigates violations (First line of defense).
  2. Penetration Tester (Ethical Hacker): Authorized to simulate cyberattacks on a system to find vulnerabilities before malicious hackers do.
  3. Security Architect: Designs and builds secure network infrastructures.
  4. CISO (Chief Information Security Officer): Executive-level role responsible for an organization’s entire information security strategy.

Required Skill Sets

  • Hard Skills:
    • Operating Systems (Linux/Unix, Windows).
    • Networking (TCP/IP protocols, Routing, Switching).
    • Coding/Scripting (Python, Bash, PowerShell).
    • Cloud Security (AWS, Azure).
  • Soft Skills:
    • Problem Solving: Ability to think like a hacker to anticipate attacks.
    • Continuous Learning: The threat landscape changes daily.
    • Communication: Explaining complex technical risks to non-technical management.