🔒Cybersecurity and Cryptography Unit 2 – Information Security Fundamentals

Key Concepts and Principles

• Confidentiality ensures data is only accessible to authorized parties and protected from unauthorized disclosure
• Integrity safeguards data from unauthorized modification or tampering to maintain accuracy and consistency
• Availability guarantees timely and reliable access to data and systems for authorized users when needed
• Authentication verifies the identity of users, devices, or systems to prevent unauthorized access (passwords, biometrics)
• Authorization grants or restricts access rights and privileges based on authenticated identities and predefined policies
• Non-repudiation prevents entities from denying their actions or transactions using digital signatures and audit trails
• Least privilege principle grants users the minimum access rights necessary to perform their tasks reducing potential damage from breaches
• Defense-in-depth strategy layers multiple security controls to provide comprehensive protection against various threats

Threats and Vulnerabilities

• Malware includes viruses, worms, trojans, and ransomware that infect systems to steal data, disrupt operations, or gain unauthorized control
• Phishing attacks trick users into revealing sensitive information or installing malware through fraudulent emails or websites
  • Spear phishing targets specific individuals or organizations with personalized messages increasing success rates
• Denial-of-Service (DoS) attacks overwhelm systems with traffic to disrupt availability and deny legitimate users access
  • Distributed Denial-of-Service (DDoS) attacks leverage multiple compromised devices (botnets) to amplify the impact
• Insider threats involve malicious actions by employees, contractors, or partners with authorized access causing significant damage
• Zero-day vulnerabilities are unknown flaws in software or systems that attackers exploit before patches are available
• Social engineering manipulates individuals into divulging confidential information or performing actions that compromise security
• Advanced Persistent Threats (APTs) are sophisticated, targeted attacks that remain undetected for extended periods to steal sensitive data
• Unpatched systems and outdated software with known vulnerabilities provide entry points for attackers to compromise networks

Security Controls and Countermeasures

• Firewalls monitor and control network traffic based on predefined security rules to prevent unauthorized access
• Intrusion Detection Systems (IDS) monitor network activity to identify and alert suspicious or malicious behavior
• Intrusion Prevention Systems (IPS) actively block or mitigate detected threats in real-time to prevent successful attacks
• Antivirus software scans files and systems for known malware signatures and quarantines or removes detected threats
• Encryption protects data confidentiality by converting it into an unreadable format that requires a decryption key to access
  • Symmetric encryption uses the same key for encryption and decryption providing fast and efficient security (AES)
  • Asymmetric encryption uses public-private key pairs for secure communication and digital signatures (RSA)
• Access controls enforce authentication and authorization mechanisms to restrict access to resources based on user roles and permissions
• Security awareness training educates employees about potential threats, best practices, and their role in maintaining a secure environment
• Patch management ensures timely installation of software updates and security fixes to address known vulnerabilities

Risk Management

• Risk identification involves analyzing assets, threats, and vulnerabilities to determine potential security risks
• Risk assessment evaluates the likelihood and impact of identified risks to prioritize mitigation efforts
  • Qualitative risk assessment uses subjective ratings (low, medium, high) to estimate risk levels
  • Quantitative risk assessment assigns numerical values to likelihood and impact for more precise risk calculations
• Risk treatment strategies include risk avoidance, reduction, transfer, and acceptance based on organizational risk appetite
• Business impact analysis (BIA) assesses the consequences of disruptions on critical business processes and determines recovery priorities
• Disaster recovery planning establishes procedures and resources to restore systems and data after a major incident (natural disasters, cyberattacks)
• Incident response plans define roles, responsibilities, and steps to detect, contain, and recover from security incidents minimizing damage
• Continuous monitoring tracks security posture, identifies changes, and detects anomalies for proactive risk management
• Compliance with industry standards (ISO 27001, NIST) and regulations (GDPR, HIPAA) ensures adherence to best practices and legal requirements

Cryptography Basics

• Cryptography is the practice of secure communication in the presence of adversaries using mathematical algorithms
• Plaintext is the original, unencrypted message that is readable by anyone
• Ciphertext is the encrypted version of the plaintext that appears as unintelligible data without the decryption key
• Encryption algorithms transform plaintext into ciphertext using a secret key making it unreadable to unauthorized parties
• Decryption algorithms reverse the encryption process to convert ciphertext back into plaintext using the corresponding key
• Symmetric encryption uses the same key for both encryption and decryption requiring secure key exchange between parties (AES, DES)
• Asymmetric encryption uses a public key for encryption and a private key for decryption enabling secure communication without prior key exchange (RSA, ECC)
• Hash functions generate fixed-size digests (hash values) from input data providing data integrity and authentication (SHA-256, MD5)
  • Collision resistance ensures it is computationally infeasible to find two different inputs that produce the same hash value

Network Security

• Network segmentation divides networks into smaller, isolated subnetworks (VLANs) to limit the scope of potential breaches
• Virtual Private Networks (VPNs) establish encrypted tunnels over public networks for secure remote access and data transmission
• Network Access Control (NAC) enforces security policies on devices before granting network access to prevent unauthorized connections
• Wireless security protocols (WPA2, WPA3) encrypt wireless communication to protect against eavesdropping and unauthorized access
• Security Information and Event Management (SIEM) systems collect and analyze log data from various sources to detect and respond to security incidents
• Data Loss Prevention (DLP) solutions monitor and control the movement of sensitive data to prevent unauthorized exfiltration
• Network traffic monitoring analyzes network flows to identify anomalies, detect malicious activities, and investigate incidents
• Penetration testing simulates real-world attacks to identify vulnerabilities and assess the effectiveness of security controls

Legal and Ethical Considerations

• Cybercrime laws (Computer Fraud and Abuse Act) define illegal activities in cyberspace and establish penalties for offenders
• Data protection regulations (GDPR, CCPA) set requirements for collecting, processing, and securing personal data to protect individual privacy rights
• Intellectual property laws (copyrights, patents) protect the rights of creators and owners of digital assets and software
• Ethical hacking involves authorized penetration testing to identify vulnerabilities and improve security with permission from the target organization
• Responsible disclosure policies encourage researchers to report vulnerabilities to vendors and allow time for patches before public disclosure
• Privacy by design principles integrate privacy considerations into the development and implementation of systems and processes
• Professional codes of conduct (ISC², ISACA) establish ethical standards and guidelines for cybersecurity professionals
• Cybersecurity education and awareness initiatives promote responsible online behavior and help individuals protect themselves against threats

Practical Applications and Case Studies

• Stuxnet was a sophisticated malware that targeted industrial control systems causing physical damage to Iranian nuclear facilities
• WannaCry ransomware exploited a Windows vulnerability to encrypt files on infected systems demanding bitcoin payments for decryption
• Equifax data breach exposed sensitive personal information of 147 million individuals due to unpatched vulnerabilities and inadequate security measures
• NotPetya malware disguised as ransomware caused widespread disruption to businesses and infrastructure globally with estimated losses of $10 billion
• Target data breach compromised 40 million credit and debit card numbers and personal information of 70 million customers through a third-party vendor
• Mirai botnet hijacked IoT devices with default passwords to launch massive DDoS attacks disrupting major websites and services
• SolarWinds supply chain attack infiltrated the software update process to distribute malware to thousands of organizations including government agencies
• Capital One data breach exposed personal information of over 100 million credit card applicants due to a misconfigured firewall in their cloud infrastructure