History of Information Security

The earliest known use of information security is found in non-standard

hieroglyphs carved into monuments from Egypt's Old Kingdom. (4500+ years ago).
Over 4,500 years ago, in Egypt's Old Kingdom, people used special symbols on
monuments to keep information safe.
Scytale – an early device for secure information communication

The Scytale was an early tool for secure communication, used by

the ancient Greeks, especially in military campaigns. Both the
sender and receiver had cylinders of the same size. The sender
would wrap a parchment strip around the cylinder and write along
it. When the ribbon was unwound, the message could only be read
by someone with the same-sized cylinder.

Polybius Square
Another Greek method was developed by Polybius In this system, each letter is
represented by a pair of numbers. Each letter is represented by its coordinates in
the grid. For example, "BAT" becomes "12 11 44“
Ceasar Cipher: The Ceasar Cipher is an example of what is called a shift cipher. To
encode a message, letters are replaced with a letter that is a fixed number of
letters beyond the current letter. For example, if you shift by 3, A becomes D, B
becomes E, and so on
Abash cipher: The Abash cipher is a type of substitution cipher used by Hebrew
scholars around 500 to 600 BC. In this cipher, the alphabet is reversed. This means
that A is replaced with Z, B with Y, C with X, and so on.
Example
Plaintext: This is a secret message
Ciphertext: Gsrh rh z hvxivg nvhhztv
Cipher machines
During World War II, mechanical and electromechanical cipher machines were
widely in use. For example, the Enigma machine was widely used by Nazi
Germany.
The Rise of Computer Security (1950s-1970s)
In the 1950s, mainframe computers were introduced by IBM, creating a need for
secure access. In the 1960s, MIT's CTSS MIT’s Compatible Time-Sharing system
introduced passwords to protect user accounts.
The Internet Era and Security Challenges (1980s-1990s)
Rise of Computer Viruses:
In 1971, Bob Thomas at BBN Technologies created the Creeper system, an
experimental self-replicating program to test John von Neumann's theory of self-
replication. Creeper infected DEC PDP-10 computers running the TENEX operating
system via the ARPANET, displaying the message "I'm the creeper, catch me if you
can!" The Reaper program was later developed to delete Creeper.
Firewalls: The first firewalls were developed in the late 1980s and early 1990s to
control and filter network traffic coming in and going out of a system.

In 1986, the Brain boot sector virus was released. It is considered the first virus
for IBM PC compatible computers. The virus was created by 19-year-old Basit
Farooq Alvi and his brother, Amjad Farooq Alvi, from Lahore, Pakistan.

The Morris Worm (1988):

The Morris Worm was the first worm to spread on the internet. It targeted UNIX
systems and was one of the first big internet security attacks, making people
more aware of cybersecurity risks.

Encryption and Public Key Infrastructure (PKI):

In the 1990s, RSA encryption was introduced, making secure communication on
the internet possible.
What is Information Security?
Information security refers to the policies and practices designed to prevent
unauthorized access, misuse, modification, malfunction, and destruction of data
and information.
Information security involves controlling access to data within a network,
managed by the network administrator. Each user is assigned an ID and password,
which grants them access to the network resources based on their level of
authority.
Objectives of Information Security:
Confidentiality means keeping information safe from people who are not allowed
to access it. Only authorized people should be able to see sensitive information.
If confidentiality is broken, it means someone who shouldn’t have access has
gotten it, either on purpose or by mistake. This is called a confidentiality breach.
Once the information is exposed, it can't be hidden again.

Integrity: means making sure that information is accurate and hasn’t been
changed, and that the source of the information is genuine.
For example, if you run a website that sells products, and an attacker changes the
prices on your site so they can buy items for any price they want, that’s a failure
of integrity. The information on your site has been altered, and it’s no longer
reliable.

Availability means that authorized users can access information whenever they
need it. If attackers are unable to access the information, they may try to launch
attacks like a denial of service (DoS), which can take down the server and make
the website unavailable to real users.
For example, a university website should always be available for students and
teachers to use. If it's down, they can't access important resources.

Foundations of Information Security

People
Processes
Technology
 Also called People, Process and Technology (PPT) framework.
People
People are those people who are working on your network that can be network
users or network administrators.
People are the most important part of network security. Without them, nothing
can happen.
Network administrators need to be properly trained to keep the network secure.
Network users must understand and follow the organization's security rules. This
includes knowing what resources they can access, what information they can
view, and whether they’re allowed to copy data to a USB drive and take it home.
Process
A process is a set of steps or actions taken to achieve a specific goal. Processes
help IT professionals set up security, respond quickly to issues, and prevent
problems.
Even if many IT professionals are working on network security, they will be
ineffective without a clear process to follow. Not having the right processes can
cause big problems for network security. For example, if someone wants to access
the network from home, they should use a VPN.
Technology
Technology is a crucial part of network security. Without it, we can't achieve
strong security in today’s world.
Without technology-based security systems, a network would have no way to stop
intrusions or track security incidents.
Information Security Method
Access Control: You should be able to block unauthorized users and devices from
accessing your network. Authorized users should only be able to access the
resources they are allowed to use.
Anti-malware: Viruses, worms, and trojans try to spread on a network and can
stay hidden in infected computers for a while. Security should focus on preventing
infections and removing any malware that gets onto the network.
Application Security: Weak or insecure apps are a common way for attackers to
access your network. You need to use hardware, software, and security processes
to protect these applications.
Behavioral Analytics: It's important to understand normal network behavior so
you can quickly detect any unusual activity or security breaches.

Data Loss Prevention: People are often the weakest link in security. It's important
to use technologies and processes to make sure employees don't accidentally or
purposely send sensitive data outside the network.
Email Security: Phishing is a common way for attackers to access a network. Email
security tools can block incoming attacks and prevent sending sensitive data
through emails.
Firewalls are one of the most important tools for network security They follow
rules to allow or block traffic between your network and the internet, creating a
barrier between your trusted network and the outside world. While they are
important, they should be part of a larger security strategy.
Intrusion Detection and Prevention: These systems check network traffic to find
and block attacks. They do this by comparing activity with known attack patterns
in their database.
Mobile devices and wireless security: Wireless devices can have the same
security issues as other devices, but they can also connect to any Wi-Fi network.
This makes them more at risk and needing extra care to stay safe.
Network segmentation: This is a way to divide network traffic into different
groups, making it easier to apply security rules. For example, you can create
separate VLANs (Virtual Local Area Networks) for different departments in a
company, so each group has its own secure space
VPN
A VPN is a tool that uses IPsec to helps securely connect a device to a private
network over the internet. It creates a safe, encrypted "tunnel" so that your data
stays private and protected from hackers while traveling across the public
internet.
Some Security Concepts
Threat:
Threat is a possible danger that might breach or break the security system and
cause harm.
Adversary (Threat Agent): The person or group who creates the threat to the
network.
Threat is a possible danger that might breach the security system and cause harm.
Risk: Risk is the chance that something bad could happen to the network, like
losing data or services, because of a threat.

Attack: An attack is any action or method used by an adversary to try to break into
the network and cause harm. It’s an attempt to compromise the network’s security.

Cyberattacks
What is a cyberattack?

A cyberattack is an attempt by cybercriminals, hackers, or other digital attackers

to break into a computer network or system. Their goal is usually to steal, change,
destroy, or expose information.

Primary Objectives of a Cyberattack:

1. Stealing Sensitive Information Accessing confidential data like personal

information, financial data, intellectual property, or other important
information.

2. Disrupting Services: Stopping people from using websites, networks, or

services.

3. Gaining Unauthorized Access: Taking advantage of system weaknesses to

break in and control data to manipulate, steal, or destroy data.

4. Extorting Money: Asking for money to fix or stop damage, like unlocking
files that have been locked by hackers.

5. Sabotaging Infrastructure: Attacking important systems like power,

healthcare, or transportation to cause big problems.

Types of Cyberattacks
1. Malware
2. Denial-of-Service (DoS) Attacks
3. Phishing
4. Spoofing
5. Identity-based attacks
6. Code Injection Attacks
7. Social Engineering Attacks
 8. sAI-Powered Attacks

1.Malware:
Malware is any harmful software or program created to damage or disrupt a
computer, network, or server. It's the most common type of cyberattack and
includes different types like: ransomware, trojans, spyware, viruses, worms,
keyloggers, bots, and any other type that leverages software in a malicious way.

Type Description

Virus A type of malware that attaches to a real file and needs you to
open it. It can mess up files and slow down your computer or
damage the system.
Worms A worm is a type of malware that spreads by itself. It can get into
your system through weaknesses in software or fake messages.
Worms can delete files, add more malware, use up network space,
and make your system crash.

Ransomwar In a ransomware attack, a hacker locks your data and demands

e money in exchange for a key to unlock it. These attacks often
happen through fake links in phishing emails, but they can also
exploit weaknesses in software or system settings.
Spyware Spyware is harmful software that secretly installs on a device and
collects information about what you do online without your
permission.
Adware Adware is a type of spyware that tracks your online activity to
show you targeted ads. It’s not usually harmful, but it can slow
down your device and degrades your experience.
Trojan A trojan is malware that looks like a normal, safe program or file,
like a free download. It gets installed through tricks like phishing
or fake websites.
Rootkits Rootkit malware is a type of software that lets hackers control a
computer or network. It creates a secret way for them to access
the system and can install more harmful software. Rootkits make
it harder to detect because they infect the system before the
operating system even starts.

Type Description
Mobile Mobile malware is any type of malware designed to target
Malware mobile devices. Mobile malware is delivered through fake
downloads, weaknesses in the operating system, phishing,
smishing, or using unsecured Wi-Fi.

Scareware Scareware tricks users into thinking their computer has a virus.
You'll usually see a pop-up warning you about an infection. It
tries to convince you to install fake antivirus software to fix the
problem. When you download it, it can actually infect your
computer with malware.

Keylogger Keyloggers are programs that record everything you type on your
device. They can be used for good reasons, but often they're used
to steal information. In an attack, the keylogger sends everything
you type to the hacker.

Botnet A botnet is a group of computers infected with malware and

controlled by a hacker, known as the bot herder. The bot herder
uses these infected computers to attack networks, spread
malware, steal information, or overload systems with tasks.

Wiper Attack A wiper attack is meant to permanently erase or damage data on

a target system. These attacks are often seen in political conflicts
or as part of hacktivism.
2. Denial-of-service (DoS) attacks
A Denial-of-Service (DoS) attack is when a network is flooded with fake requests
to make it stop working properly.
In a DoS attack, users can't do normal tasks like checking email, visiting websites,
or accessing online accounts because the system is overloaded or disrupted.
Although the attack usually doesn't cause data loss or ask for ransom, it leads to
wasted time, money, and resources to restore the business.

The difference between DoS and Distributed Denial-of-service (DDoS) attacks to

do with the origin of the attack. DoS attacks originate from just one system while
DDoS attacks are launched from multiple systems. DDoS attacks are faster and
harder to block than DOS attacks because multiple systems must be identified and
neutralized to halt the attack.

3. Phishing
Phishing is a type of cyberattack where attackers use email, texts, calls, social
media, and tricks to get people to share sensitive information like passwords or
account numbers, or to download harmful files that can infect their devices with
viruses.

Type Description
Spear Spear phishing is a targeted type of phishing attack where the
Phishing attacker researches their victim and sends personalized messages
that seem relevant to them. These messages look real, making it
difficult to identify the attack because they are carefully designed to
deceive the specific target.

Whale Whale phishing is a type of social engineering attack that targets

phishing high-ranking executives (called "whales") in a company. The goal is to
steal money or sensitive business information.
 Smishing is the act of sending fraudulent text messages designed to
Smishing trick individuals into sharing sensitive data such as passwords,
usernames and credit card numbers. A smishing attack may involve
cybercriminals pretending to be your bank or a shipping service you
use.
Vishing Vishing is a voice based phishing attack. Vishing is a type of phishing
that happens over the phone. Scammers pretend to be from a
trusted organization, like a bank, and try to trick you into giving them
personal information, such as bank details and passwords.

4. Spoofing
Spoofing is when a hacker pretends to be someone you trust, like a friend or a
company. They do this to trick you into giving them access to your devices or
information, with the goal of stealing data, demanding money, or installing
harmful software.

Type Description
Domain Domain spoofing is a type of phishing where a hacker pretends to
spoofing be a trusted business or person by creating a fake website or email.
The domain looks real at first, but if you look closely, you'll notice
small differences that show it's fake.

Email spoofing is when hackers send fake emails that look like they
Email come from someone you trust. People are more likely to open
Spoofing these emails and click on harmful links or attachments.

IP Spoofing IP spoofing is a type of malicious attack where the threat actor

hides the true source of IP packets to make it difficult to know
where they came from

6.Identity-based attacks
 Identity-based attacks are hard to spot because a hacker uses a real user's stolen
login details to pretend to be them. It's tough to tell the difference between the
real user and the hacker using normal security tools.

Type Description
Man-in-the- A Man-in-the-Middle (MITM) attack happens when a hacker secretly
Middle intercepts and possibly changes the communication between two people
(MITM) or systems. The attacker’s goal is to steal sensitive information, change
Attack data, or add harmful content.

Credential Credential stuffing is when hackers use stolen usernames and

Stuffing passwords from one breach to try to access other accounts,
especially if people use the same details for multiple sites.

Brute Force Brute force is an attack where hackers try many different combinations of
Attacks usernames and passwords until they find the right one. It's a trial-and-
error method to break into accounts or systems.

6. Code injection attacks

Code injection attacks happen when a hacker inserts harmful code into a
computer or network, causing it to act in a way the attacker wants.
are multiple types of code injection attacks:

Type Description

SQL SQL Injection is an attack where hackers use system weaknesses

Injection to insert harmful SQL commands into a database. This lets them
steal, change, or delete data from the database.
 Cross-Site Cross-Site Scripting (XSS) is an attack where hackers add harmful
Scripting code to a trusted website. When a user visits the site, the code
(XSS) runs in their browser, allowing the hacker to steal sensitive
information or pretend to be the user. Websites where users can
post content, like forums or blogs, are most at risk for XSS attacks.
Malvertising Malvertising is when hackers use ads to spread malware. They
first hack a third-party server to insert harmful code into ads, like
banner ads or videos. When a user clicks on the ad, the malware
or adware gets installed on their computer.

Data Data poisoning is when hackers mess with the data used to train
Poisoning an AI or machine learning model. By changing the data, they can
make the model give wrong results, create weaknesses, or cause
biases in how it predicts things.

8.AI-powered attacks
AI-powered attacks use artificial intelligence (AI) and machine learning (ML) to
help hackers steal information or break into networks. Here are some types:
 Adversarial AI/ML: This tricks AI systems by giving them wrong
information, making them malfunction.
 Dark AI: This uses AI to find weaknesses in systems, often going unnoticed
until it causes harm.
 Deepfake: These are fake images, videos, or audio made by AI that look real
and can be used to damage reputations or mislead people.

 AI-generated social engineering is when hackers use fake chatbots or

virtual assistants that seem human. These bots talk to users and trick them
into giving away sensitive information.