Open in app

Sign in

Write

Sign in

Cyber Security Basics for Beginners

Tamer Hellah
7 min readApr 18, 2024

--

  1. Understanding Cyber, Cyber Security, and Cyberspace
  2. Security Terminology
  3. Domains of Cyber Security
  4. Network Models
  5. Cyber Security Certifications
  6. Cyber Threats

What is “Cyber”?

“Cyber” refers to anything digital, including devices that perform digital tasks. It encompasses all aspects related to the Internet.

How extensive is Cyberspace?

Cyberspace represents digital identities or events within the communication process. For example, websites exist in Cyberspace. Social interactions like posting, sharing images, or messaging also occur there, expanding rapidly. These events don’t occur in physical locations but in Cyberspace. The image shows various interconnected digital devices communicating through the internet, all within Cyberspace.

Photo by Austin Distel on Unsplash

Understanding Cyber Security:

  • Cybersecurity is about protecting online services to keep your digital information safe.
  • It involves using technologies and protocols to shield computers, networks, and data from unauthorized access and internet-based attacks by cybercriminals.
  • Cybersecurity is crucial for safeguarding networks, data, and applications.

The Importance of Cyber Security:

  • Cybersecurity is essential for protecting data from unauthorized access or misuse and for defending systems against viruses.
  • With more people connecting to the internet, the risks from security threats are increasing.

Security Terminologies:

  • Security includes physical security, while Information Security focuses on digital security and protects information.
  • Information Security (IT) covers web and network security, while network security is specifically for protecting networks. System Security involves securing devices like mobile phones and computers.
  • Cybersecurity is about digital security, while IT security includes cybersecurity and also covers the physical security of systems, which cybersecurity doesn’t.

Domains of Cyber Security:

  • Access Control Systems and Methodology
  • Telecommunications and Network Security
  • Business Continuity Planning and Disaster Recovery Planning
  • Security Management Practices
  • Security Architecture and Models
  • Law, Investigation, and Ethics
  • Application and Systems Development Security
  • Cryptography
  • Computer Operations Security
  • Physical Security

Access Control Systems and Methodology:

  • The main goal of Cyber Security is protecting data. So, we’ll explore different access control systems and methods.

Six Dimensions of Data Quality Assessment:

  • Data Quality (DQ) Dimension evaluates data against set standards to measure its quality.

** The six fundamental dimensions of data quality are:

  1. Accuracy: Refers to how well the data reflects the real-world object or event it represents. Accurate data is free from errors and represents reality faithfully.
  2. Completeness: Indicates whether all required data is present. Complete data contains all the necessary information for the intended use without any missing values.
  3. Consistency: Ensures that data is uniform and coherent across different sources or instances. Consistent data does not have contradictions or discrepancies when compared within the same dataset or across multiple datasets.
  4. Timeliness: Refers to whether data is available within an appropriate timeframe for its intended use. Timely data is up-to-date and relevant to the current context.
  5. Validity: Indicates whether data conforms to predefined rules or constraints. Valid data meets the specified criteria or standards for its intended purpose.
  6. Relevance: Considers whether the data is pertinent and useful for the intended purpose. Relevant data provides meaningful insights and contributes to the goals of the analysis or decision-making process.

Data States:

Understanding different types of digital data helps in choosing the right security measures and encryption techniques. Let’s look at three states of data.

  1. Data at rest/storage:
  • This is data stored on physical or backup media like hard disks or mobile devices.
  • It’s inactive and not being used or transmitted.

2. Data in motion/transmission:

  • This data is actively moving over a network or stored in a computer’s RAM, ready for processing.
  • Examples include emails or data transferred via FTP or SSH.

3. Data in process:

  • This data is being actively used and processed by applications.
  • It includes data being generated, updated, or erased.

CIA (Confidentiality — Integrity — Availability):

The CIA triad guides information security policies. Let’s break it down:

  1. Confidentiality:
  • Ensures only authorized users access computer assets, keeping data private.
  • Measures are taken to prevent unauthorized access while allowing access for authorized users.
  • Encryption is commonly used to ensure confidentiality.

Encryption for Confidentiality:

  • Encryption scrambles data, making it unreadable without decryption.
  • Bitlocker offers disk/drive-level encryption, while EFS (Encrypted File System) provides file-level encryption in Windows.

There are two main types: symmetric and asymmetric encryption.

  1. Symmetric Encryption:
  • Uses the same key for both encryption and decryption.
  • For example, password manager applications encrypt data with a user’s personal key.

2.Asymmetric Encryption:

  • Utilises a pair of keys: a public key for encryption and a private key for decryption.
  • It’s commonly used in HTTPS and data signing for secure communication.

Understanding these data states and encryption methods is crucial for effective cybersecurity and protecting sensitive information.

Access Controls:

Access controls determine who can access specific information.

Authentication methods include:

  • Something you know (like passwords)
  • Something you are (biometric scans)
  • Something you have (such as an ATM card)
  • Something you do (like your signature)

Data Integrity:

Integrity ensures that data remains accurate and unaltered.

  • Hashing is a technique used for data integrity.
  • It involves using a Hash Calculator to verify that a file has not been changed.

Practical Implementation:

You can use the Microsoft File Checksum Integrity Verifier, available for download, to demonstrate hashing.

Simple example illustrating hashing for data integrity:

Let’s say we have a text file named “example.txt” with the following content:

Hello, this is a sample text file for hashing demonstration.

We want to ensure the integrity of this file using hashing. We’ll use the SHA-256 algorithm for hashing.

  1. Input (example.txt):
Hello, this is a sample text file for hashing demonstration.

2. Hashing Process: We apply the SHA-256 algorithm to the input file.

3. Output (Hash Value): The resulting hash value (output) is:

a196f771e4e84b31586c5a5020578d9fd91c10479d928876b1b44b702430d476

Now, whenever we want to verify the integrity of “example.txt”, we can recompute its hash value using the same algorithm (SHA-256). If the computed hash value matches the original hash value, it confirms that the file has not been altered. If the hash values do not match, it indicates that the file has been modified.

Data Availability:

Data availability ensures authorized parties can access assets when needed. It aims for high uptime and minimal errors, typically targeting 99.9% uptime with a 0.1% error rate. This is achieved through methods like hardware maintenance, software updates, and network improvements.

A common issue affecting availability is a Denial of Service Attack (DOS).

Service Level Agreement (SLA):

An SLA is a formal agreement between a service provider and a client, specifying service aspects like quality and availability. If the provider fails to meet these terms, the client may impose fines.

Let’s look at some common Denial of Service (DOS) attacks:

  1. Ping of Death: This attack involves sending an oversized or malformed ping packet to crash the target system.
  2. Ping Flood: In this attack, the attacker floods the target system with a large number of ping requests, overwhelming its resources and causing it to become unresponsive.
  3. Smurf Attack: In a Smurf attack, the attacker sends ICMP echo requests (pings) to a network’s broadcast address, spoofing the victim’s IP address. This causes all devices on the network to respond to the victim, flooding it with traffic.
  4. Fraggle Attack: Similar to a Smurf attack, a Fraggle attack involves sending a large number of UDP echo requests to the broadcast address of a network, again spoofing the victim’s IP address and causing network congestion.

These DOS attacks aim to disrupt the availability of a targeted system or network by consuming its resources or causing it to crash.

Network Protocols:

Are essential rules governing the exchange of information, ensuring it’s done smoothly, reliably, and securely across networks. These protocols dictate how data is transmitted, received, and interpreted between devices.

TCP/IP (Transmission Control Protocol/Internet Protocol):

  • TCP/IP is the backbone protocol suite of the Internet and most computer networks.
  • It consists of two main protocols: TCP, which ensures reliable and ordered delivery of data packets, and IP, which handles addressing and routing.
  • TCP/IP operates at the transport and network layers of the OSI model, providing end-to-end communication between devices.

OSI Model (Open Systems Interconnection Model):

  • The OSI Model is a conceptual framework that standardizes the functions of a communication system into seven layers.
  • Each layer has specific responsibilities, from physical transmission to application-level interaction, ensuring interoperability between different systems.
  • The layers include:
  1. Physical Layer
  2. Data Link Layer
  3. Network Layer
  4. Transport Layer
  5. Session Layer
  6. Presentation Layer
  7. Application Layer
  • The OSI Model serves as a guideline for designing and implementing network protocols, facilitating compatibility and communication between various networking devices and systems.

Now that you’ve been introduced to the fundamentals of Cyber Security, you might be wondering what’s next. This article has provided you with a quick overview and a starting point to delve into this field.

Feel free to put your newfound knowledge into practice and experiment further. Whether you’re exploring on your own or seeking guidance, there are numerous resources available to deepen your understanding and skills.

If you’re looking to connect with like-minded individuals or seek professional assistance, you can find me on LinkedIn at Tamer Hellah or on Facebook at Cybersecveillance. Additionally, you can visit my website, Cybersecveillance.com, for more information about my services and expertise in penetration testing, website building, and consultation.

Remember, the journey into Cyber Security is an ongoing learning experience. Stay curious, keep exploring, and never hesitate to reach out for support or collaboration.

#CyberSecurity101 #BeginnerCyberSecurity #CyberSecurityBasics #CyberSecurityGuide #CyberSecurityForBeginners #GettingStartedCyberSecurity

--

--

Tamer Hellah

Written by Tamer Hellah

18 Followers

MSC, OSCP, CRTP, CYSA+

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams