A Beginner’s Guide to Cyber Security

Saad Aslam
Analytics Vidhya
Published in
10 min readApr 30, 2020

--

We will be covering the following topics:

  • What is Cyber, Cyber Security and Cyber Space
  • Terms and Terminologies of Security
  • Cyber Security Domains
  • Network Models
  • Cyber Security Certifications
  • Cyber Threats

What is meant by the term “Cyber”?

Cyber means anything that is digital. It can be your devices that are performing the digital computation. Anything that is related to the Internet falls under the category of Cyber.

How big Cyber Space is?

While Cyberspace should not be confused with the internet, the term is used to represent identities or events that take place in the communication process itself. For Example, think of a Website, it also exits in CyberSpace. Social interactions whether you do a post, upload a picture or even share a message, these all social interactions exist in Cyber Space and this Cyber Space is expanding not in minutes but in seconds. These all events are taking place not on their physical locations but “in cyberspace”.You can see an image below consisting of various digital devices that are connected through the internet. Their whole communications exist in cyberspace.

What is Cyber Security?

The term cybersecurity is used to refer to the security offered through on-line services to protect your online information

• Cybersecurity refers to the technologies and processes designed to protect computers, networks, and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cybercriminals

• Though, cybersecurity is important for network, data and application security

The need for Cyber Security:

• Cybersecurity is necessary since it helps in securing data from threats such as data theft or misuse, also safeguards your system from viruses

• With an increasing amount of people getting connected to the Internet, the security threats that cause massive harm are increasing also.

Terms and Terminologies of Security

Security vs Information Security:

Security can be of any physical security, it includes everything in security and Information Security can be of any digital security and is bounded to information.

IT Security vs Network Security:

Information Security(IT) is of wider scope, it includes web, network anything related to IT, and network security is bounded to network. System Security includes security of devices like mobile phones, computers, etc.

Cyber Security vs IT Security:

Cyber Security includes digital security and IT security includes cybersecurity and also includes the physical security of systems highest which cybersecurity doesn’t include physical security of systems.

Note:

InfoSec is short for Information Security and Pentest is short of Penetration Testing.

Domains of Cyber Security

Below are the domains of Cybersecurity:

  1. Access Control Systems and Methodology
  2. Telecommunications and Network Security
  3. Business Continuity Planning and Disaster Recovery Planning
  4. Security Management Practices
  5. Security Architecture and Models
  6. Law, Investigation, and Ethics
  7. Application and Systems Development Security
  8. Cryptography
  9. Computer Operations Security
  10. Physical Security

1-Access Control Systems and Methodology:

The main purpose of Cyber Security is to protect your data. So first will get to know more about Data and what are the various access control systems and methodology.

Six Dimensions of Data Quality Assessment:

A Data Quality(DQ) Dimension is a recognized term used to describe the feature of data that can be assessed or measured against defined standards in order to measure the quality of data.

The six core data quality dimensions are:

1. Consistency
2. Completeness
3. Correctness
4. Accessibility
5. Timeliness
6. Accuracy

States of Data:

Understanding the different states of digital data can be helpful for you to select the different sorts of security measures and encryption techniques to apply on the data. Here we will discuss three states of data.

1- Data at rest/storage:

Data at rest refers to the data that has been stored on some sort of physical medium or backup medium like data stored on hard disks or even in mobile devices. What makes its data at rest that data is in an inactive form and is not currently being transmitted or processed.

2-Data in motion/transmission:

The second phase of data is in motion. Data in motion is currently transmitting on a network or is sitting on a computer’s RAM ready to be read, updated, or processed. It can be emails or data transferred through FTP or SSH.

3- Data in process:

The third phase of data is in process or use. This state of data is not being stored passively on a storage medium. This is the data that is being processed by one or more applications. This is the data currently being generated, updated, appended, or erased.

CIA( Confidentiality- Integrity — Availability)

Confidentiality, Integrity, and Availability also known as CIA triad is a model designed to guide policies for information security within an organization. We will look into more depth in each of the three.

1-Confidentiality:

• It ensures that computer-related assets are accessed only by authorized parties sometimes called secrecy or privacy

Measure undertaken to prevent sensitive information from reaching the wrong people and making sure that an authorized person can access it.

• Technique used is Encryption

Encryption to ensure Confidentiality:

Suppose we want to word “HELLO” , we can apply encryption technique to replace every alphabet of HELLO with its neighbor alphabet like H replace with I, E with F, etc which makes the word not meaningful. Then we decrypt with the same technique used on another side

Bitlocker is a disk/drive-level encryption. We cannot apply BitLocker on file.

Windows use the NTFS file system. There is EFS(Encrypted File System)-File Level Encryption. Right-click on file (Compress the contents in blue color).

Features of EFS: There are two colors that show encryption and decryption.

This whole process depends on Policies. To keep backup of data. When an employee resigns the company formats the system which also loses the BitLocker keys and other stuff.

Types of Encryption

There are two top-level types of encryption. Symmetric and Asymmetric

1-Symmetric Encryption :

  • Uses the Same Key to encrypt or decrypt data.
  • Consider a desktop password manager application. You enter your password and they encrypted with your own personal key. When the data is to be retrieved, the same key is used, and the data is decrypted

2-Asymmetric Encryption:

  • Uses a Private key and Public Key pair
  • Either key can encrypt but a single key can’t decrypt its own decrypted data. To decrypt, you need the paired key.
  • •Asymmetric encryption is used for things like Transport Layer Security(TLS) used in HTTPS and data signing

Access Controls:

Access controls authenticate and authorize individuals to access the information they are allowed to see and use

  1. Something you know — (you know passwords)
  2. Something you are — (biometric scan)
  3. Something you have — (ATM card)
  4. Something you do — (signature style)

Integrity of Data:

Integrity: It means that assets can be modified only by authorized parties or only in authorized ways. Ensures that information is in a format that is true and correct to its original purposes. It involves maintaining the consistency, accuracy, and trustworthiness of data in its entire life cycle.

The technique used is Hash

Hash: Hash Calculator which takes a file as input and applies algorithm. The purpose of hashing is to show that the original file is not modified.

Let’s have a practical implementation of hashing using the Microsoft File Checksum Integrity Verifier. You can download it from the internet.

You have to open a command prompt in the directory where your file is located. We will check the integrity of a text file. To apply this hashing technique :

fciv “filename with the extension” hashing algorithm => fciv readme.txt -sha1

Here you can see a Hash code generated of that file. Now we will modify the file by adding some letters in the text file and will again apply the hashing technique on the same file.

Here you can see the Hash Code has been changed, this shows that the file has been modified and no longer in its original form. If we revert the changes that we made in the file and again apply the hashing technique, let’s see what happens.

Below you can see a diagram, there is plaintext on which a hash function has been applied and after applying hash function it generates a hashed text. This hashing technique is also being used in Cyber Forensics.

Availability of Data:

It means that assets are accessible to authorized parties at appropriate times. High Availability(99.9%) where 0.1% is error rate ,and when increased 99.999 uptime and 0.0001 error rate.It is implemented using methods such as hardware maintenance, software patching, and network optimization.

A classic example of a loss of availability to a malicious actor is a Denial of Service Attack(DOS).

SLA: Service Level Agreement is a binding document. It is a commitment between a service provider and a client. Particular aspects of service — quality, availability, responsibilities are agreed between the service provider and service user If the service user doesn’t receive files in time then service providers are fined.

Before discussing the types of DOS attacks, let’s have a look at Ping Command.

Ping Command:

• Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network.A simple way to verify that a computer can communicate over the network with another computer or network device

Ping 127.0.0.1 (127.0.0.1 is a loopback address)

Types of DOS Attacks:

Will discuss a few of the DOS Attacks

1- Ping of Death

2- Ping of Flood

3-Smurf Attack

4-Fraggle Attack

1-Ping of Death:

A Ping of Death attack is a Denial of Service (DoS) attack, in which the attacker aims to disrupt a targeted machine by sending a packet larger than the maximum allowable size, causing the target machine to freeze or crash.

2-Ping of Flood:

Ping flood, also known as ICMP flood, is a common Denial of Service (DoS) attack in which an attacker takes down a victim’s computer by overwhelming it with ICMP echo requests, also known as pings. Example: Education Board Website.

Fraggle Attack:

A Fraggle attack is a type of DOS attack, where the attacker sends a large number of spoofed UDP traffic to a router’s broadcast address within a network.

Note:

The first known computer virus appeared in 1971 and was named as “Creeper Virus”.The virus eventually deleted with a program known as “The Reaper”, but it is important to note that the Reaper was actually a virus itself.

TeleCommunications and Network Security:

• Focuses on communications, protocols, and network services, and the potential vulnerabilities associated with each. It involves the practices and policies adopted to prevent and monitor unauthorized access and misuse of a computer network and network-accessible resources.

Protocols:

Network Protocols are a set of rules governing the exchange of information in an easy, reliable, and secure way. There are three types of network protocols which are given below:

  1. TCP/IP
  2. OSI Model
  3. CISCO Hierarchical Model

TCP/IP VS OSI Model

TCP/IP and OSI models are the two most widely used network protocols. The major difference between them OSI is a conceptual model , where TCP/IP is a practical model used for establishing a secure connection and communicating through the network.

Cisco Hierarchical Model:

Cisco has developed a three-layered hierarchical model for designing a reliable infrastructure. Each of its layers has its own functionality and features which helps to reduce network complexity.

1-Access Layer:

Control user and workgroups’ access to resources on the network. This layer usually incorporates layer 2 switches.

2-Distribution Layer:

Serves as the communication point between the access layer and the core layer. This layer usually consists of multilayer switches.

3- Core Layer:

Also referred to as the Backbone layer, this layer is responsible for transferring huge amounts of traffic quickly.

Contingency Planning:

  1. IR(Incident Response)-low level issue, there are multiple tears, first step is identification, contain, investigate(forensics),perform remedy, reporting(document)
  2. DR(Disaster Recovery): high-level issues, major disruption, like floods, earthquakes.
  3. BCP(Business Continuity Planning): when everything is destroyed in the disaster, then how to continue the business

Laws, Investigations, and Ethics

• One of the more interesting security domains is Law, Investigation, and Ethics. As the name implies, this security domain covers the legal issues associated with computer security.

• Pakistan Cyberlaw 2016

Cryptography

One of the most widely used security techniques today is cryptography, the encryption of data. The Cryptography security domain is designed to help you understand how and when to use encryption.

What’s next?

This article was meant to give you a quick introduction and getting started guide to Cyber Security Fundamentals. Feel free to experiment along.

Lets get Connected…

Facebook : https://www.facebook.com/saad.aslam.7355

LinkedIn: https://www.linkedin.com/in/saad-aslam-a83889152/

--

--

Saad Aslam
Analytics Vidhya

Microsoft Student Partner || Founder Tech Tology ||Cyber Enthusiast