Name: D.

VIJAY ABHISHEK

Roll no: 20CA231

Register no : 212000263

Topic : Cyper security

CYBERSECURITY:

Cybersecurity refers to the protection of digital devices, networks, and sensitive information
from unauthorized access use and destruction with the rapid advancement of technology and
the increasing reliance on digital devices and networks, cybersecurity has become an
essential aspect of our daily lives, protecting not only personal information but also critical
infrastructure, businesses, and government organizations.

Cybersecurity involves a wide range of measures, including technical controls, policies, and
procedures that are designed to identify, prevent, detect, and respond to cyber threats. These
threats can come from a variety of sources, such as hackers, cybercriminals, nation-states,
and insiders.

Some common cybersecurity measures include:

 Network security: This includes firewalls, intrusion detection/prevention systems,

and other technical controls that are designed to prevent unauthorized access to
networks and devices.
 Application security: This includes secure coding practices, vulnerability
assessments, and penetration testing to identify and mitigate security weaknesses in
software applications.
  Data encryption: This involves the use of cryptographic algorithms to protect
sensitive data by converting it into a format that can only be read by authorized
individuals with the correct decryption keys.
 Identity and access management: This includes the use of strong authentication
methods, such as two-factor authentication and biometrics, to verify the identity of
users and control access to sensitive information.
 Incident response: This involves the development and implementation of procedures
for responding to security incidents, such as data breaches and malware infection.
 Security awareness training: This includes training employees and other
stakeholders to recognize and avoid common cyber threats, such as phishing emails
and social engineering attacks.

The Seven Layers Of Cybersecurity:

1. Mission-Critical Assets:
This is data that is absolutely critical to protect. Whether businesses would like to
admit it or not, they face malicious forces daily. The question is how are leaders
dealing with this type of protection.
An example of mission-critical assets in the Healthcare industry is Electronic Medical
Record (EMR) software. In the financial sector, its customer’s financial records.
2. Data Security:
Data security is when there are security controls put in place to protect both the
transfer and the storage of data. There has to be a backup security measure in place to
prevent the loss of data, This will also require the use of encryption and archiving.
Data security is an important focus for all businesses as a breach of data can have dire
consequences.
3. Endpoint Security:
This layer of security makes sure that the endpoints of user devices are not exploited
by breaches. This includes the protection of mobile devices, desktops, and laptops.
Endpoint security systems enable protection either on a network or in the cloud
depending on the needs of a business.
4. Application Security:
This involves the security features that control access to an application and that
application’s access to your assets. It also includes the internal security of the app
itself.
Most of the time, applications are designed with security measures that continue to
provide protection when the app is in use.
5. Network Security:
This is where security controls are put in place to protect the business’s network. The
goal is to prevent unauthorized access to the network.
It is crucial to regularly update all systems on the business network with the necessary
security patches, including encryption. It’s always best to disable unused interfaces to
further guard against any threats.
6. Perimeter Security:
This security layer ensures that both the physical and digital security methods protect
a business as a whole. It includes things like firewalls that protect the business
network against external forces.
7. The Human Layer:
Despite being known as the weakest link in the security chain, the human layer is a
very necessary layer. It incorporates management controls and phishing simulations
Example;These human management controls aim to protect that which is most critical
to a business in terms of security. This includes the very real threat that humans, cyber
attackers, and malicious users pose to a business.
Cyber Attacks:

A cyberattack refers to any attempt to gain unauthorized access to digital devices, networks,
or data, with the intent to cause harm, steal information, or disrupt normal operations.
Cyberattacks are carried out by malicious actors, such as hackers, cybercriminals, and nation-
states, who use a variety of techniques and tools to exploit vulnerabilities in software,
hardware, and human behaviour.

There are many different types of cyberattacks, including:

 Malware attacks: These are attacks that use malicious software, such as
viruses,worms, and Trojans, to gain unauthorized access to devices and networks and
steal sensitive information or cause damage to systems.
 Phishing attacks: These are attacks that use deceptive emails, messages, or websites
to trick users into revealing sensitive information or installing malware on their
devices.
 Denial-of-service (DoS) attacks: These are attacks that flood a network or website
with traffic to overwhelm its servers and prevent legitimate users from accessing it.
  Man-in-the-middle (MitM) attacks: These are attacking that intercept andmodify
data transmitted between two parties to steal sensitive information or inject malware
into the communication.
 Password attacks: These are attacks that attempt to guess or steal password to gain
unauthorized access to devices networks or account.
 Social engineering attacks: These are attacks that use psychological manipulation to
trick users into revealing sensitive information or taking actions that could
compromise their security.

Cyberattacks can have serious consequences, including financial losses, reputational damage,
and legal and regulatory penalties. Organizations can protect themselves from cyberattacks
by implementing a comprehensive

cybersecurity program that includes measures such as network security, data encryption,
identity and access management, and employee training and awareness. Regular vulnerability
assessments and penetration testing can also help identify and address potential weaknesses
before they can be exploited by attackers.

Cybersecurity Defences:

Cybersecurity defences are the various measures and controls put in placeto protect digital
devices, networks, and sensitive information from cyberthreats.

Cybersecurity defences are an essential aspect of cybersecurity as theyhelp to prevent, detect,

and respond to cyber-attacks.

Some common cybersecurity defences include:

Firewalls: These are network security devices that monitor and controlincoming and
outgoing network traffic based on predetermined security rules.Firewalls help to prevent
unauthorized access to networks and devices.

Antivirus and anti-malware software: These are software programs designed todetect and
remove malicious software, such as viruses, worms, and Trojans from digital devices.
Intrusion detection and prevention systems (IDPS): These are network securitydevices
that monitor network traffic for signs of a potential cyber-attack andcan automatically block
or prevent the attack.

Access controls: Access controls help to restrict access to sensitive informationand systems
to authorized individuals only,examples of access controls includepasswords, two-factor
authentication, and biometric authentication.

Encryption: Encryption is the process of converting sensitive data into a formatthat can only
be read by authorized individuals with the correct decryption keysencryption helps to protect
data from unauthorized access and theft.Incident response planning: Incident response
planning involves developing and implementing procedures for responding to cyber-attacks.
This includesidentifying the type and severity of the attack, containing and mitigating
thedamage caused by the attack, and restoring normal operations.

Employee training and awareness: Employee training and awareness programshelp to

educate employees on the importance of cybersecurity and how toidentify and avoid common
cyber threats, such as phishing emails and socialengineering attacks.

Hacking:

Hacking is the unauthorized access, modification, or manipulation of computer systems,

networks, or software applications. Hacking can be done for a variety of reasons, including
financial gain, political activism, personal entertainment, or malicious intent.

Hacking can also involve stealing sensitive information such as credit card numbers
passwords or personal identification information which can then be used for fraudulent
activities.

Hacking can take various forms including:

1. Malware attacks: Malware, such as viruses, worms, and Trojans, can infect a
computer system and steal sensitive information or damage the system.
 2. Phishing attacks: Phishing attacks involve sending fraudulent emails or text
messages that appear to be from a legitimate source, such as a bank or a government
agency, in an attempt to trick the recipient into revealing sensitive information.

3. Social engineering attacks: Social engineering attacks involve manipulating

individuals into revealing sensitive information or performing actions that can
compromise security.

4. Brute-force attacks: Brute-force attacks involve attempting to guess passwords or

access codes through trial and error.

5. Exploiting software vulnerabilities: Hackers can exploit vulnerabilities in software

applications or operating systems to gain unauthorized access to computer systems or
networks.

Hacking can have serious consequences, including financial losses, damage to reputation, and
legal repercussions. To protect against hacking, organizations and individuals should
implement cybersecurity measures, such as firewalls, antivirus software, encryption, and
multifactor authentication. It is also essential to keep software applications and operating
systems up to date with the latest security patches and to regularly educate employees and
individual on best cybersecurity practices.

Endpoint Security:

Endpoint security refers to the protection of digital devices, such asdesktops, laptops,
smartphones, and tablets, from cyber threats. Endpoints are the devices that connect to a
network and can be vulnerable to attacks such as malware, phishing, and other cyber threats.

Endpoint security solutions aim to secure the endpoints by detecting,preventing, and

responding to cyber-attacks. These solutions typically include a combination of software and
hardware technologies, such as antivirus software, intrusion detection systems, firewalls, and
data encryption.

Some of the key features of endpoint security include:

Antivirus and anti-malware protection:

These solutions are designed to detect and remove malicious software, such as viruses,
worms, Trojans, and spyware, from digital devices.

Firewall protection:

Firewalls help to monitor and control incoming andoutgoing network traffic to prevent
unauthorized access to the device and the network it is connected to.

Intrusion prevention and detection:

Intrusion detection and prevention systems (IDPS) monitor the device and network traffic to
identify and prevent potential cyber attacks.

Data encryption:

Data encryption protects sensitive information on the device from unauthorized access by
encrypting it with a key or password.
Access controls: Access controls such as passwords, two-factor authentication, and biometric
authentication help to restrict access to sensitive information and applications on the device.

Patch management: Patch management involves regularly updating the device's operating
system and software to address known vulnerabilities and improve security.

Incident response planning: Incident response planning involves developing and

implementing procedures for responding to cyber-attacks. This includes identifying the type
and severity of the attack, containing and mitigating the damage caused by the attack, and
restoring normal operations.

Endpoint security is an essential component of any organization's cybersecurity strategy, as

digital devices are often the entry point for cyber-attacks. By implementing endpoint security
solutions, organizations can reduce the risk of cyber-attacks and minimize the impact of
successful attacks.

Zero Trust:

Zero Trust is a cybersecurity approach that assumes that no user, device, or application
should be trusted by default, even if it is within the organization's network perimeter. Instead,
itrequires that every request for access to resources or data be verified and authenticated
before granting access. In other words, the Zero Trust model assumes that all network traffic,
including traffic originating from inside the network, should be treated as untrusted.

The Zero Trust model is based on the principle of "least privilege," which means that users
are only granted access to the minimum number of resources necessary to perform their job
functions. This approach helps to reduce the attack surface of the network and minimize the
impact of successful attacks.

To implement a Zero Trust model, organizations must adopt a range of security controls and
technologies, such as multifactor authentication, network segmentation, encryption, and
continuous monitoring.

Some of the key principles of a Zero Trust approach include:

Verification and authentication: Every request for access to resources or data must be
verified and authenticated before access is granted. This includes user identity, device
identity, and application identity.
Least privilege access: Users are only granted access to the minimum number of resources
necessary to perform their job functions.

 Continuous monitoring: The network and its traffic must be continuously monitored
for suspicious activity, such as unusual login attempts or unusual traffic patterns.
 Network segmentation: The network should be segmented to limit the scope of any
successful attacks and prevent lateral movement.
 Encryption: Data in transit and at rest should be encrypted to protect it from
unauthorized access.

The Zero Trust model is gaining popularity in the cybersecurity community as a way to
providebetter protection against advanced threats, such as insider attacks and sophisticated
external attacks. By implementing a Zero Trust approach, organizations can improve their
security posture and reduce the risk of data breaches and other security incidents.

Hacking vs Ethical Hacking:

Ethical hacking and hacking are two different terms that refer to different activities.Hacking
refers to the unauthorized access, modification, or manipulation of computer systems,
networks, or software applications.

Hacking is generally considered illegal and unethical, as it involves breaking into computer
systems or networks without permission.

On the other hand, ethical hacking, also known as "penetration testing," involves authorized
attempts to hack into a computer system or network to identify security vulnerabilities and
weaknesses. Ethical hacking is done with the owner's permission, and the goal is to help the
owner strengthen their security defences by identifying and fixing vulnerabilities before a
malicious attacker can exploit them.

The primary difference between ethical hacking and hacking is that ethical hacking is a legal
and authorized activity that involves obtaining explicit permission from the owner of the
target system or network before performing any testing or hacking activity. Ethical hackers
follow a strict code of ethics and must maintain the confidentiality and integrity of any data
they access during the testing process.
In contrast, hacking is an illegal and unauthorized activity that violates the privacy and
security of individuals or organizations. Hackers do not have the owner's permission to access
or modify the target system or network, and their actions can have serious consequences,
including financial losses, damage to reputation, and legal repercussions.

In summary, ethical hacking is a legal and ethical activity that helps organizations identify
and fix security vulnerabilities, while hacking is an illegal and unethical activity that involves
breaking into computer systems or networks without permission.