Professional Documents
Culture Documents
UNIT IV - Day 14 18.04.2024
UNIT IV - Day 14 18.04.2024
Cyberspace: A metaphor for describing the non-physical terrain created by computer systems.
Cybersecurity: The technologies and processes designed to protect computers, networks, and data
from unauthorized access, vulnerabilities, and attacks delivered via the internet by cybercriminals.
Page 1 of 13
Figure 3: Pictorial representation of Cyber Crime
Cyber forensics: The application of scientifically proven methods to gather, process, interpret, and
use digital evidence to provide a conclusive description of cybercrime activities.
Page 2 of 13
Figure 6: Pictorial representation of Cyber Forensics
Cybernetics: The science of communications and automatic control systems in both machines and
living things.
Cyber security
Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems,
networks, and data from malicious attacks. It is also known as information technology security or
electronic information security. The term applies in a variety of contexts, from business to mobile
computing, and can be divided into a few common categories.
Network security is the practice of securing a computer network from intruders, whether targeted
attackers or opportunistic malware.
Application security focuses on keeping software and devices free of threats. A compromised
application could provide access to the data it is designed to protect. Successful security begins in
the design stage, well before a program or device is deployed.
Information security protects the integrity and privacy of data, both in storage and in transit.
Page 3 of 13
Operational security includes the processes and decisions for handling and protecting data assets.
The permissions users have when accessing a network and the procedures that determine how and
where data may be stored or shared all fall under this umbrella.
Disaster recovery and business continuity define how an organization responds to a cyber-security
incident or any other event that causes the loss of operations or data. Disaster recovery policies
dictate how the organization restores its operations and information to return to the same
operating capacity as before the event. Business continuity is the plan the organization falls back
on while trying to operate without certain resources.
End-user education addresses the most unpredictable cyber-security factor: people. Anyone can
accidentally introduce a virus to an otherwise secure system by failing to follow good security
practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB
drives, and various other important lessons is vital for the security of any organization.
Cybersecurity/Security Threats
A cybersecurity threat is the threat of a malicious attack by an individual or organization attempting to
gain access to a computer network, corrupt data, or steal confidential information. Such threat threats
are acts performed by individuals with harmful intent, whose goal is to steal data, cause damage to or
disrupt computing systems. The attacks involve in this scenario is called Network Attack, they are:
Malware: Malware is software that performs malicious actions on a device or network such as
data corruption or taking over a system. Malware makes its way into the system through a
Page 4 of 13
malicious link or email that a user clicks. Once malware is in the system, it can block access to
critical components of your network, gather sensitive data, and damage the system.
Phishing: When a hacker attempts to bait (lure) individuals into disclosing critical information such
as personally identifiable information (PII), banking details, and passwords, it is known as phishing.
An email can trick the email recipient into providing confidential information or downloading
malware into the system by clicking on a hyperlink in the email.
Spear Phishing: The fraudulent practice of sending emails ostensibly from a known or
trusted sender in order to induce targeted individuals to reveal confidential information.
Page 5 of 13
Figure 11: Pictorial representation of Spear Phishing
Note: Just remember the name of these MitMA as an example, no need to elaborate them.
A Denial-of-Service (DoS) attack overloads the target system with a large volume of traffic,
hindering the ability of the system to function normally. An attack involving multiple devices is
known as a Distributed Denial-of-Service (DDoS) attack.
Page 6 of 13
Figure 13: Pictorial representation of DoS
Injection Attacks exploit a variety of vulnerabilities to directly insert malicious input into the code
of a web application. Successful attacks may expose sensitive information, execute a DoS attack
or compromise the entire system. The injection attack includes SQL injection, Code injection, OS
command injection, LDAP injection, XML eXternal Entities (XXE) Injection, Cross-Site Scripting
(XSS)
Note: Just remember the name of these injections as an example, no need to elaborate them.
Page 7 of 13
Identifying Secure Websites
When visiting a website that asks for sensitive information such as credit card numbers or
other social security number, the first step we can take to securing your privacy is creating a
strong password. Equally important is verifying that any information we enter on this site is
transmitted and stored properly. Once your information is entered online, it is transmitted as
plain text for anyone to intercept. To avoid this, make sure that the website is encrypted over
a secure connection.
HTTPS
One such sign to look for is in the URL of the website. A secure website’s URL should begin
with “https” rather than “http”. The “s” at the end of “http” stands for secure and is using an
SSL (Secure Sockets Layer) connection. Your information will be encrypted before being sent
to a server.
Another sign to look for is the “Lock” icon that is displayed somewhere in the window of your
web browser. Different browsers may position the lock in different places, but a few examples
of what it may look like can be found here:
Google Chrome
Clicking on the Lock icon will give you detailed information on the security status of this website
Mozilla Firefox
With Firefox, the Lock icon may not be displayed directly. Clicking on the site’s icon next to the URL should reveal the
Lock icon and the secure verification
Microsoft Edge
Clicking on the Lock icon will give you detailed information on the security status of this website
Be sure to click on the “lock” icon to verify that a website is trustworthy. Do not simply look for
the icon and assume a website is secure! The web browser will have detailed information on
the website’s authenticity if you click on the icon, be sure to read this carefully before entering
any of your information on the site.
Page 8 of 13
1. Cryptography and Associated Terminology
Cryptography is the practice and study of techniques used to secure communication and protect
information from unauthorized access or potential attackers. It involves the use of mathematical
algorithms and principles to encode information in a way that can only be understood by those who
possess the appropriate decryption key. The primary goal of cryptography is to ensure confidentiality,
integrity, authenticity, and non-repudiation of data.
1.0 Cipher
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption, a series of
well-defined steps that can be followed as a procedure. An alternative, less common term
is encipherment. To encipher or encode is to convert information into cipher or code. In common
parlance, "cipher" is synonymous with "code”.
Types of ciphers:
Shift Cipher
Caesar Cipher
Substitution Cipher
Transposition Cipher
Block Cipher (not in syllabus)
Stream Cipher (not in syllabus)
Vigenère cipher (not in syllabus)
Page 9 of 13
Subsitution Cipher Transposition Cipher
https://youtu.be/J-utjSeUq_c?si=wORFtffUXIJiea5z
1.1 Encryption
Encryption is the process of converting plaintext (original, readable data) into ciphertext (encoded,
unreadable data) using a specific algorithm and an encryption key. The idea is that even if unauthorized
individuals gain access to the encrypted data, they won't be able to understand its content without the
decryption key.
1.2 Decryption
Decryption is the reverse process of encryption. It involves using the decryption key to convert the
ciphertext back into plaintext, making the data readable again for authorized users.
1.3 Key
In cryptography, a key is a piece of information used as an input to the encryption or decryption
algorithm. The security of cryptographic systems often relies on the secrecy of the key.
Page 10 of 13
Figure1.2: Concept of keys
Page 11 of 13
Figure 1.4: Asymmetric key Cryptography
2. Message integrity: The recipient should be able to determine if the message has been
altered.
Page 12 of 13
3. Sender authentication: The recipient should be able to verify from the message, the
identity of the sender, the origin or the path it travelled (or combinations) so as to
validate claims from emitter or to validated the recipient expectations.
4. Sender non-repudiation: The remitter should not be able to deny sending the
message.
***
Page 13 of 13