Scribd
Upload
181 views5 pages

Section 1: Basic Introduction To Cyber Security and Information Security

The document provides an overview of cyber security, information security, and related topics. It defines cyber security and information security (InfoSec), explaining that InfoSec deals with protecting all types of data while cyber security specifically deals with digital data. It also outlines some key protocols (TCP, FTP, SMTP, etc.), types of hacking (ethical, network, password, etc.), common attacks (phishing, DOS, SQL injection, etc.), malware types (viruses, worms, trojans, etc.), and defenses (antivirus, firewalls, encryption, 2FA, honey pots, DMZ).

Uploaded by

nada
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
181 views5 pages

Section 1: Basic Introduction To Cyber Security and Information Security

The document provides an overview of cyber security, information security, and related topics. It defines cyber security and information security (InfoSec), explaining that InfoSec deals with protecting all types of data while cyber security specifically deals with digital data. It also outlines some key protocols (TCP, FTP, SMTP, etc.), types of hacking (ethical, network, password, etc.), common attacks (phishing, DOS, SQL injection, etc.), malware types (viruses, worms, trojans, etc.), and defenses (antivirus, firewalls, encryption, 2FA, honey pots, DMZ).

Uploaded by

nada
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Section 1: Basic Introduction to Cyber Security and Information Security

Definition of cyber security: Keeping everything you do online safe.


Definition of information security “denoted by InfoSec”: authorizing only people
belonging to an organization to access its information.
Difference between cyber security and InfoSec:
InfoSec deals with protecting all types of data but cyber security deals digital or
electronic data.
Principles of cyber security:
There are three principles of cyber security that are defined by a relation called “CIA
Triad”

Availabilty
refers to authorization

CIA
Triad
Confidentiality Integrity
referes to privacy refers to accuracy

Protocol: digital language through which we communicate with others on the internet.
Types of Protocols:
1. TCP: transmission central protocol
Data is broken down into packets then sent to destination used for communication over
network.
2. FTP: file transfer protocol
Basically used for transferring files to different networks in a quicker way than other.

1
3. SMTP: simple mail transfer protocol
Manages the transmission and outgoing mail over the net.
4. HTTP: hypertext transfer protocol
Used for the connection between the web client and the web server.
5. ARP: address resolution protocol
Used to find a hardware address of a device from IP. It’s used when a device wants to
communicate with some other device on a local network.
6. DNS: domain name protocol
Maintain directory of domain name and translate them to IP address.
7. SSL: Secure Sockets Layer
Establishes encrypted connection between a web server and a browser in an online
connection.
8. TLS: Transport Layer Security
Provides privacy and data integrity between two communicating applications.
9. HTTPS: Hypertext Transfer Protocol Secure
It is a secure version of HTTP. It is often used to protect highly confidential online
transactions like online banking or online shopping…
10. SSH: Secure Socket Shell
Gives system administrators a secure way to access a computer over an unsecured
network.

Section 2: Some Basics about Hacking


What is hacking? Hacking refers to an unauthorized intrusion into a computer or
network.
Types of hacking:
1. Ethical Hacking: It is a legal type where it is done to find weakness in a computer or
network system for testing purpose

2
2. Network Hacking: Gathering information about a network with the intent to harm its
system and hamper its operation.
3. Email Hacking: Getting unauthorized access on an Email account and using it
without the permission of its owner.
4. Password Hacking: Process of recovering secret passwords from data that has been
stored by a computer system.
5. Computer Hacking: Stealing computer ID and password by applying some methods
and getting unauthorized access to its system.

Attacks from hackers:


1. Phishing: It is an email fraud method in which the perpetrator sends out legitimate-
looking emails, in an attempt to gather personal and financial information from
recipients.

2. BFA: Brute Force Attack.


It is an automated and the simplest kind of method to gain access to a system or
website. It tries different combination of usernames and passwords until it gets in.

3. DOS Attack: Denial of service attack.


It is a malicious attempt to make a server or a network resource unavailable to users,
usually by temporarily interrupting or suspending the services of a host connected to
the internet.

4. DDOS Attack: Distributed denial of service attack.


It occurs when multiple systems flood the bandwidth or resources of a targeted
system, usually one or more web servers. It is often the result of a multiple
compromised systems flooding the targeted system with traffic.

5. Botnets: It also known as zombie army; is a group of computers controlled without


their owners’ knowledge. They are used to send spam or make denial of service
attacks.

6. MITM: Man in the Middle Attack.


It is a type of Eavesdropping attack where the attacker establishes an independent
connection with both the sender and the receiver. It is done in order to hijack their
communication session.

3
7. IP Spoofing: It refers to connection hijacking through a fake internet protocol (IP)
address. It is the action of making a computer IP address looks like it is authentic.
During this masking process, the fake IP address sends what appears to be a
malevolent message coupled with an IP address that appears to be trusted.

8. URL Spoofing: It is the process of creating a fake URL which impersonates a


legitimate and secure website.

9. SQL Injection: Structured Query Language+ Injection.


SQL: Language designed to manipulate and manage data in a database.
SQL Injection: It is an attack that targets these databases using specifically crafted
SQL statements to trick the systems into doing unexpected things.

10. LDAP Injection: Lightweight Directory Access Protocol+ Injection.


LDAP: Client / server protocol used to access and manage directory information.
LDAP Injection: It is a type of attack on web application where hackers place code in
a user input field in an attempt to gain unauthorized access or information.

Section 3: Basic Terminologies


Malware: It is a shorthand for malicious software and is designed to cause damage to a
computer, server or network.
Viruses: Malicious software program loaded onto a user’s computer without the user’s
knowledge and performs malicious actions.
Worms: Malware computer program that replicates itself in order to spread to other
computers.
Trojan: Type of malicious software developed by hackers to disguise as legitimate
software to gain access to target user’s systems.
Ransom ware: Type of malicious software designed to block access to a computer
system until a sum of money is paid.
Spyware: Program that secretly records what you do on your computer.

4
Rootkit: Set of programs or utilities that allows someone to maintain root-level access to
the system. It can be installed in number of ways including phishing attacks … Once
installed, it gives the remote actor access to control over almost every aspect of the
operating system.

Section 4: Defenses
Antivirus: Class of program designed to prevent, detect and remove malware infections
on individual computing devices, networks and IT systems.
Firewall: Network security device that monitors incoming and outgoing network traffic
and decides whether to allow or block specific traffic based on a defined set of security
rules.
Encryption: Method by which plaintext or any other type of data is converted from a
readable form to an encoded version that can only be decoded by another entity which
have access to decryption key.
2FA (2 Factor Authentication): Two- step verification or dual factor authentication; it is
a security process in which the user provides two different authentication factors to verify
itself to better protect the user’s credentials.
Honey Pots: Network- attached system set up as a decoy to lure cyber attackers and to
detect, deflect or study hacking attempts in order to gain unauthorized access to
information system.
DMZ (Demilitarized Zones): Small sub network that sits between a trusted internal
network such as a corporate or private LAN, and an untrusted external network such as
the public Internet.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy