UNIT IV

B. Sc. (Hons.) – II Semester

Course Title: Fundamental of IT (CABSVO2005)
Under VOC Category of FYUP
Dr. Shabbir H. DAY-14 Date: 18.04.2024

What is mean by CYBER?

In the late 1940s, the term cybernetics was coined by mathematician Norbert Wiener. It is defined as the
study of control systems and communication between people and machines. Weiner used the ancient
Greek word cyber, which is related to the idea of governing.

Associated Terminology with Cyber

 Cyberspace: A metaphor for describing the non-physical terrain created by computer systems.

Figure 1: Pictorial representation of Cyberspace

 Cybersecurity: The technologies and processes designed to protect computers, networks, and data
from unauthorized access, vulnerabilities, and attacks delivered via the internet by cybercriminals.

Figure 2: Pictorial representation of Cyberspace

 Cybercrime: Any crime carried out using IT or which targets IT.

Page 1 of 13
 Figure 3: Pictorial representation of Cyber Crime

 Cyberattack: The unauthorized access of private or confidential information contained on a

computer system or network.

Figure 4: Pictorial representation of Cyber Attack

 Cyber Bullying: Any form of online harassment.

Figure 5: Pictorial representation of Cyber Bullying

 Cyber forensics: The application of scientifically proven methods to gather, process, interpret, and
use digital evidence to provide a conclusive description of cybercrime activities.

Page 2 of 13
 Figure 6: Pictorial representation of Cyber Forensics

 Cybernetics: The science of communications and automatic control systems in both machines and
living things.

Figure 7: Taxonomy of Cybernetics

Cyber security
Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems,
networks, and data from malicious attacks. It is also known as information technology security or
electronic information security. The term applies in a variety of contexts, from business to mobile
computing, and can be divided into a few common categories.

 Network security is the practice of securing a computer network from intruders, whether targeted
attackers or opportunistic malware.

 Application security focuses on keeping software and devices free of threats. A compromised
application could provide access to the data it is designed to protect. Successful security begins in
the design stage, well before a program or device is deployed.

 Information security protects the integrity and privacy of data, both in storage and in transit.

Page 3 of 13
  Operational security includes the processes and decisions for handling and protecting data assets.
The permissions users have when accessing a network and the procedures that determine how and
where data may be stored or shared all fall under this umbrella.

 Disaster recovery and business continuity define how an organization responds to a cyber-security
incident or any other event that causes the loss of operations or data. Disaster recovery policies
dictate how the organization restores its operations and information to return to the same
operating capacity as before the event. Business continuity is the plan the organization falls back
on while trying to operate without certain resources.

 End-user education addresses the most unpredictable cyber-security factor: people. Anyone can
accidentally introduce a virus to an otherwise secure system by failing to follow good security
practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB
drives, and various other important lessons is vital for the security of any organization.

Cybersecurity/Security Threats
A cybersecurity threat is the threat of a malicious attack by an individual or organization attempting to
gain access to a computer network, corrupt data, or steal confidential information. Such threat threats
are acts performed by individuals with harmful intent, whose goal is to steal data, cause damage to or
disrupt computing systems. The attacks involve in this scenario is called Network Attack, they are:

Figure 8: Taxonomy of Cyber Security

 Malware: Malware is software that performs malicious actions on a device or network such as
data corruption or taking over a system. Malware makes its way into the system through a

Page 4 of 13
 malicious link or email that a user clicks. Once malware is in the system, it can block access to
critical components of your network, gather sensitive data, and damage the system.

Figure 9: Examples of Malware

 Phishing: When a hacker attempts to bait (lure) individuals into disclosing critical information such
as personally identifiable information (PII), banking details, and passwords, it is known as phishing.
An email can trick the email recipient into providing confidential information or downloading
malware into the system by clicking on a hyperlink in the email.

Figure 10: Pictorial representation of Phishing

 Spear Phishing: The fraudulent practice of sending emails ostensibly from a known or
trusted sender in order to induce targeted individuals to reveal confidential information.

Page 5 of 13
 Figure 11: Pictorial representation of Spear Phishing

 A Man-in-The-Middle Attack (MitMA) involves intercepting the communication between two

endpoints, such as a user and an application. The attacker can eavesdrop on the communication,
steal sensitive data, and impersonate each party participating in the communication. The MitMA
includes Wi-Fi eavesdropping, Email hijacking, DNS spoofing, IP spoofing and HTTPS spoofing.

Note: Just remember the name of these MitMA as an example, no need to elaborate them.

Figure 12: Pictorial representation of MitMA

 A Denial-of-Service (DoS) attack overloads the target system with a large volume of traffic,
hindering the ability of the system to function normally. An attack involving multiple devices is
known as a Distributed Denial-of-Service (DDoS) attack.

Page 6 of 13
 Figure 13: Pictorial representation of DoS

 Injection Attacks exploit a variety of vulnerabilities to directly insert malicious input into the code
of a web application. Successful attacks may expose sensitive information, execute a DoS attack
or compromise the entire system. The injection attack includes SQL injection, Code injection, OS
command injection, LDAP injection, XML eXternal Entities (XXE) Injection, Cross-Site Scripting
(XSS)

Note: Just remember the name of these injections as an example, no need to elaborate them.

Figure 14: Pictorial representation of Injection Attack (SQL)

Page 7 of 13
Identifying Secure Websites
When visiting a website that asks for sensitive information such as credit card numbers or
other social security number, the first step we can take to securing your privacy is creating a
strong password. Equally important is verifying that any information we enter on this site is
transmitted and stored properly. Once your information is entered online, it is transmitted as
plain text for anyone to intercept. To avoid this, make sure that the website is encrypted over
a secure connection.

 HTTPS

One such sign to look for is in the URL of the website. A secure website’s URL should begin
with “https” rather than “http”. The “s” at the end of “http” stands for secure and is using an
SSL (Secure Sockets Layer) connection. Your information will be encrypted before being sent
to a server.

 THE LOCK ICON

Another sign to look for is the “Lock” icon that is displayed somewhere in the window of your
web browser. Different browsers may position the lock in different places, but a few examples
of what it may look like can be found here:

Google Chrome

Clicking on the Lock icon will give you detailed information on the security status of this website

Mozilla Firefox

With Firefox, the Lock icon may not be displayed directly. Clicking on the site’s icon next to the URL should reveal the
Lock icon and the secure verification

Microsoft Edge

Clicking on the Lock icon will give you detailed information on the security status of this website

Be sure to click on the “lock” icon to verify that a website is trustworthy. Do not simply look for
the icon and assume a website is secure! The web browser will have detailed information on
the website’s authenticity if you click on the icon, be sure to read this carefully before entering
any of your information on the site.

Page 8 of 13
1. Cryptography and Associated Terminology
Cryptography is the practice and study of techniques used to secure communication and protect
information from unauthorized access or potential attackers. It involves the use of mathematical
algorithms and principles to encode information in a way that can only be understood by those who
possess the appropriate decryption key. The primary goal of cryptography is to ensure confidentiality,
integrity, authenticity, and non-repudiation of data.

Figure 1.1: Taxonomy of Cryptography

Here are some key concepts within cryptography

1.0 Cipher
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption, a series of
well-defined steps that can be followed as a procedure. An alternative, less common term
is encipherment. To encipher or encode is to convert information into cipher or code. In common
parlance, "cipher" is synonymous with "code”.

Types of ciphers:
 Shift Cipher
 Caesar Cipher
 Substitution Cipher
 Transposition Cipher
 Block Cipher (not in syllabus)
 Stream Cipher (not in syllabus)
 Vigenère cipher (not in syllabus)

Page 9 of 13
 Subsitution Cipher Transposition Cipher

Shift Cipher Ceaser Cipher

https://youtu.be/J-utjSeUq_c?si=wORFtffUXIJiea5z

1.1 Encryption
Encryption is the process of converting plaintext (original, readable data) into ciphertext (encoded,
unreadable data) using a specific algorithm and an encryption key. The idea is that even if unauthorized
individuals gain access to the encrypted data, they won't be able to understand its content without the
decryption key.

1.2 Decryption
Decryption is the reverse process of encryption. It involves using the decryption key to convert the
ciphertext back into plaintext, making the data readable again for authorized users.

1.3 Key
In cryptography, a key is a piece of information used as an input to the encryption or decryption
algorithm. The security of cryptographic systems often relies on the secrecy of the key.

Page 10 of 13
 Figure1.2: Concept of keys

1.4 Symmetric Cryptography

In symmetric cryptography (also known as private key cryptography), the same key is used for both
encryption and decryption. This type of cryptography is generally faster, but it requires a secure method
for exchanging keys between parties.

Figure 1.3: Symmetric Key Cryptography

1.5 Asymmetric Cryptography

Asymmetric cryptography (also known as private key cryptography) uses a pair of related keys: a public
key for encryption and a private key for decryption. Messages encrypted with a public key can only be
decrypted with the corresponding private key, providing a way to securely share encrypted data without
needing to exchange secret keys beforehand.

Page 11 of 13
 Figure 1.4: Asymmetric key Cryptography

2. Common Goals in Cryptography

There are four main goals in cryptography: confidentiality, integrity, authentication, and non-
repudiation: they are:

1. Message confidentiality (or privacy): Only an authorized recipient should be able to

extract the contents of the message from its encrypted form. Resulting from steps to
hide, stop, or delay free access to the encrypted information.

2. Message integrity: The recipient should be able to determine if the message has been
altered.

Page 12 of 13
3. Sender authentication: The recipient should be able to verify from the message, the
identity of the sender, the origin or the path it travelled (or combinations) so as to
validate claims from emitter or to validated the recipient expectations.
4. Sender non-repudiation: The remitter should not be able to deny sending the
message.

***

Page 13 of 13