Cyber Security Course Overview

    What is Cyber Security?

    Cyberattacks are a global threat to organisations and individuals. So, how to safeguard against illegal access? Well, a powerful Cyber Security system is the solution. The following guide thoroughly discusses all cybersecurity concepts. After going through all these sections, you can easily explain cyber security to any beginner willing to learn cyber security.

    Cybersecurity protects web-connected systems like servers, computers, mobile devices, networks, electronic systems, and data against malicious attacks. It aims to safeguard assets from malicious logins and codes. Moreover, it is employed in various environments, from businesses to mobile computing.

    To understand basic cyber security, we can distribute the term ‘cybersecurity’ into two parts – cyber and security. Cyber is the technology covering data, networks, systems, or programs. Security refers to the protection of networks, applications, systems, and information. In some instances, Cybersecurity is also referred to as information technology security or electronic information security.

    How to use cyber security tools?

    Cyber Security tools include various apps and solutions capable of mitigating risks and safeguarding sensitive information against cyber threats.
    Critical cybersecurity tools

    List of extensively used basic cyber security tools:

    • Wireshark
    • Nmap
    • Web security
    • Metasploit
    • Ncat
    • Aircrack-ng
    • Entersoft Insights
    • Nikto
    • Cain and Abel
    • Kali Linux
    • John the Ripper
    • Forcepoint
    • PAROS proxy
    • NMAP
    • Truecrypt
    • LifeLock
    • Bitdefender
    • TOR
    • Malwarebytes
    • Mimecast
    • VIPRE
    • SiteLock

    A massive number of internet threats exist in cyberspace. Cyber threats like Malware, Viruses, Trojans, Scareware, Worms, Ransomware, etc., always intend to disrupt the sensitive information of individuals and organisations.

    All organisations should know the amount of risk involved in each step in the cyber world. Hence, organisations must know the essential tools and methods to protect against cyber security challenges due to cyberattacks. Most organisations now include a dedicated team for handling cyberattacks.

    Various tools are now available to defend network security and are implemented with the latest cyber security technology.

    Let’s discuss the details of the critical cyber security tools and how to use them:

    1. Firewalls:

    Firewalls serve as one of the basic cyber security measures that function as a barrier between an organisation's internal network and the external network. They filter every packet of data that moves in and out of the network in an organisation. Moreover, they filter malicious packets.

    You can use firewalls as software or hardware per the data's need and significance to be safeguarded. Each packet of data must pass across a firewall and be filtered.

    Remember that nothing in this cyber world can guarantee 100% protection.  The reason is hackers can create data packets that work as genuine but are malicious inside. Such data packets can overwhelm firewall filtering and ultimately compromise computer security. You can use an overall firewall because it is the best defence for protection against cyberattacks and cyber criminals.

    2. Antivirus Software:

    It is a program that prevents, detects, and discards viruses and other malware attacks from individual networks, computers, and IT systems. Moreover, it safeguards your networks and computers from different viruses and threats. For example, it protects against spyware, adware, worms, Trojan horses, browser hijackers, keyloggers, rootkits, adware, botnets, and ransomware.

    The majority of the antivirus programs have an auto-update feature. This feature enables the system to check for new threats and viruses regularly. Besides, many antivirus programs provide extra services like scanning emails to ascertain that they are protected from malicious web links and attachments.

    You can use reliable Antivirus software in your system. Make sure to update it regularly to let it deal with all kinds of advanced cyber threats. Every antivirus software has a vault containing the threat information that should be kept up to date.

    3. Public Key Infrastructure:

    Public-key Infrastructure (PKI) verifies the receiver's identity. After identification, it helps to send and receive the data over the Internet. Primarily, it assists in distributing and recognising public encryption keys.

    Usually, PKI is implemented with the TLS and SSL technologies that help safeguard the data transfer between server and user who use the HTTPS.

    In other words, this tool encrypts the server communication and is accountable for the padlock and HTTPS in your browser’s address bar. You can use the PKI tool to solve various cybersecurity concerns and incorporate it into your organisation’s security suite.

    4. Penetration Testing:

    This cybersecurity tool checks the quality of security systems by recognising the presence of any security vulnerabilities in the system.

    Ethical hackers attempt to penetrate an organisation’s security system to know whether they can detect any vulnerable points to access the security system. They use identical methods and strategies an original hacker would use to penetrate a cybersecurity system.  If they can penetrate successfully, they will develop a solution to close the particular vulnerability. They will undertake this step after discussing it with the organisation’s cybersecurity team.

    Penetration Testing challenges the type of attack a business may perceive from criminal hackers. The attacks can be code injection, password cracking, and phishing. This tool works on a simulated real-world cyberattack on an application or network.

    You can use this tool to perform Pen Tests using manual or automatic technologies. As a result, you can methodically evaluate web applications, servers, network devices, wireless networks, endpoints, mobile devices, and many other prospective points of vulnerabilities. After the Pen Test completes, the testers provide you with findings and threats. Moreover, it can assist you with recommendations about possible changes to your system.

    5. MDR:

    MDR (Managed Detection and Response Service) is a contemporary cyber security tool. It can assist in threat intelligence, threat analysis, recognizing detection, monitoring, and attack response using machine learning and artificial intelligence in cyber security.

    The working of this tool is focused on threat detection instead of compliance. It hugely depends on security event management and advanced analytics. Although many functions are automatic, MDR involves humans too for monitoring your network. You can also use this tool to carry out remote response and incident validation.

    Understand Cyber Attacks

    It is essential to learn cyber security, but this learning is incomplete without understanding cyberattacks. The need for cyber security is perceived when cyberattacks begin stealing sensitive information of individuals or organisations.

    A cyber attack is any effort to obtain illegal access to a computer, computer network, or computing system. The intention is to destroy, damage, or manipulate the computer system. Alternatively, the intention can be to modify, delete, block, steal or manipulate the data stored in the systems.

    Those individuals or groups who undertake cyber security attacks are known as cyber criminals. Usually, they are referred to as hackers, malicious actors, actors, and hackers. Cybercriminals can be individuals who implement their computer proficiency to perform malicious attacks. In some other cases, cybercriminals can be those working with other malicious actors in a criminal association to detect vulnerabilities or issues in computer systems. These vulnerabilities can be exploited for personal financial gain.

    Cyber security attacks can arise from government-endorsed troops of computer experts. They are known as nation-state attackers.

     Reasons behind the occurrence of cyber attacks:

    Cyber attacks can have different objectives like

    1. Financial gain:

    Most cyberattacks (specifically those against commercial bodies) intend to have financial gain. These cyberattacks usually target to steal sensitive data like employees’ personal information or customers’ credit card numbers.

    Cybercriminals access goods or money using the victims' sensitive cyber security information. The sensitive information can be property information or critical corporate data.  By spying on valuable data of individuals or corporates, cyberattacks deceive them and ask for money.

    2. Revenge:

    Malicious actors can undertake cyberattacks especially to spread confusion, chaos, dissatisfaction, or mistrust. They usually undertake these actions to obtain revenge for acts implemented against them.

    Cybercriminals can aim to publicly humiliate the attacked parties or to disrupt the organisations' status. These attacks in information security are usually targeted at government entities. However, they can also target nonprofit organisations or commercial bodies. Nation-state attackers can be responsible for cyberattacks meant to take revenge.

    3. Cyberwarfare:

    Not only malicious actors but even Governments across the world are involved in undertaking cyber attacks. Many national governments are suspected or acknowledged for designing and performing attacks against other nations. The reasons can be continuing economic, political, and social clashes. They are known as cyberwarfare and they are one of the key reasons behind attacks on information security.

     Types of Cyber Attacks:
    Types of cyberattacks

    1. System-based attacks:

    They intend to compromise a computer's security or network. A few of the prevalent system-based attacks are Viruses, Trojan horns, Worm, Backdoors, and Bots.     
           

    2. Web-based attacks:

    They take place on a website or web app. Few of the prevalent web-based attacks are:

    • DNS Spoofing
    • Injection attacks
    • Session Hijacking
    • Denial of Service
    • Brute force
    • Phishing
    • Man in the middle attacks
    • Dictionary attacks
    • Protocol attacks
    • File Inclusion attacks
    • Application layer attacks
    • URL Interpretation

    How to Avoid a Cyber Attack?

    Here are the best practices to avoid a cyber attack:

    • The use of software (for example –antivirus software) to safeguard the system against malware. It adds another layer of security against cyberattacks.
    • Executing perimeter defenses like firewalls to block attack attempts and also block access to acknowledged malicious domains.
    • Deploying proper security configurations, user access controls, and password policies.
    • Preparing incident response plans to resolve a breach.
    • The use of a patch management program to work on the acknowledged software vulnerabilities which can be misused by hackers.
    • Teaching individual users about attack circumstances and how they can protect the network security of an organisation.
    • The use of a monitoring and detection program to recognize and alert mistrustful activity.

    Understanding the cyber security threats

    In cybersecurity, a threat is a malicious activity an individual or institute undertakes. The intention behind the same is to corrupt or steal data, obtain access to a network, or disturb digital operations. All cyber threats aim to arouse vulnerability in cyber security

    The cyber community outlines the following cyber security threats that create vulnerability in cyber security:

    1. Malware:

    Malware is malicious software and is popular as the most widespread cyber-attacking tool. It is the most prevalent type of cyber attack wherein hackers or cyber criminals use malicious software to damage or interrupt a genuine user's system. Usually, malware spreads through an illicit email attachment or a download link that appears legitimate but actually not. Malware intends to illegally earn money or could have a political intention.

    The significant types of malware are:

    • Virus
    • Trojans
    • Spyware
    • Ransomware
    • Adware
    • Botnets
    • Worms

    2. Phishing:

    In phishing, people receive emails from a cybercriminal that appear to be coming from a legitimate company (like eBay, PayPal, financial institutions, friends, co-workers, etc.) asking for sensitive information like personal data or credit card details. Subsequently, it deceives them for monetary gain.

    Phishing in cyber security implies that cybercriminals contact a target or targets through phone or email or text message through a link. This kind of link persuades them to click and ultimately deceives them. The link redirects them to deceitful websites to submit sensitive data like personal information, credit card and banking information, usernames, passwords, and social security numbers. Clicking on the link instals malware on the target devices too.  As a result, hackers can remotely control devices.

     3.SQL Injection:

    In this form of cyberattack, cybercriminals abuse vulnerability in computer-controlled applications. They insert malicious code in a database through a malicious SQL statement. So, they compromise cyber security information to steal or access sensitive information and control the database.

    Once the cyberattack accomplishes, the malicious individual can observe, modify, or delete private details of customers, sensitive company data, or user lists stored in the SQL database.  The need for cyber security is extremely realised at this point when cybercriminals are accessing sensitive data.

    4. Denial-of-service attack:

    In this category of cyber security threat, a cybercriminal disallows a computer to fulfil authentic requests. It destroys the targeted servers, networks, and services with traffic and makes the system unstable. Moreover, it disallows an organisation to manage its vital functions.

    The requests originate from numerous IP addresses making the system unstable. Furthermore, it slows down the network speed, makes them temporarily offline, overloads their servers, and stops an organisation from performing its key functions.

     5. Man-in-the-middle (MITM) attack:

    In this type of cyber threat, a cybercriminal interrupts data transfer or conversation between two parties for robbing the data. When cybercriminals come in between the two parties, they appear like honest participants. So, they can gain sensitive information and return various responses.

    The key objective of a MITM attack is to obtain access to your organisation or customer data. This cyber threat compromises cyber security measures, for example, a cybercriminal can interrupt data flowing between the network and the target device on an insecure Wi-Fi network. 

    6. Advanced Persistent Threats (APT):

    An APT occurs when a malicious individual or organisation obtains illegal access to a network or system and stays unnoticed for an extended period. 

    7. Brute Force:

    This cryptographic hack implements a trial-and-error method to estimate all possible combinations until precise information is discovered. Typically, cybercriminals use this form of cyber security threat to gain personal information regarding encryption keys, login credentials, targeted passwords, and Personal Identification Numbers (PINS).     
     

    8. Domain Name System (DNS) attack:

    In DNS attacks, cybercriminals use the faults in the DNS (Domain Name System) to readdress site users to malicious sites. After redirecting them, cybercriminals steal data from the affected computers. The DNS system is a vital component of the Internet infrastructure because a DNS attack is a severe cybersecurity threat.

     The common sources of cyber security threats are - 

    • Hackers
    • Terrorist Groups
    • Criminal Groups
    • Hacktivists
    • Corporate Spies
    • Malicious Insiders

    Cyber Crime and its types

    Cybercrime is an illicit activity that targets or uses a computer/computer network/networked device. In other words, Cybercrime is the illegal treatment of any communication device to simplify the occurrence of any illegal activity. The use of the latest cybercrime security is inevitable to curb cybercrime.

    Cybercrimes can target individuals, business groups, and governments. Hackers or cyber criminals commit most of the cybercrime in the lure of money. In most cases, cybercrime targets impairing computers for personal or political profit.

    Individuals or organisations can carry out cybercrime. Cybercriminals are exceptionally technically proficient and use cutting-edge techniques, whereas others are beginner hackers.

    Phishing, malware attacks, and Distributed DoS attacks are the prime contributors to cybercrime. To understand the relationship between cybercrime and security, let’s first understand the types of cybercrime:

    Types of Cybercrime:

    The below list highlights specific examples of various types of cybercrime:

    • Internet and Email fraud
    • Identity fraud that soles and uses personal information
    • Stealing of financial or card payment data
    • Robbery and trade of corporate data
    • Cyber Extortion (demands money to avoid a threatened attack)
    • Ransomware attacks (a category of cyber extortion).
    • Cyber Espionage (hackers access company or government data)
    • Cryptojacking (hackers mine cryptocurrency using resources they don’t own)
    • The practice of shutting down or misusing a website/computer network
    • Spreading hate through hate speech and stirring terrorism
    • Open images of children that spread pornography

     The majority of cybercrimes fall under two categories:

    1. Targeting computers:

    This category of cybercrime implements the best possible cyber security measures to harm computer devices. Examples include denial of service attacks and malware.

    2. Using computers:

    This category uses computers to carry out all the categorizations of computer crimes.

    What is a firewall?

    A firewall in cyber security is a network security device that monitors inward and outward network traffic. It authorises or blocks data packets depending on a collection of security rules. It aims to deploy a barrier between incoming traffic and your internal network against external sources. Therefore, it blocks malicious traffic like hackers and viruses.

    How can we use firewalls?

    One of the best firewalls to use is the Windows Defender Firewall. This firewall in cyber security provides multiple configurable settings including - 

    • Manually block a program
    • Choose to let apps pass data
    • Turn off the firewall

     The following steps let you use this firewall to alter the Windows Firewall Settings:

    Step-1: Type ‘Windows Defender’ in the Search region of the Taskbar and choose ‘Windows Defender Settings’ from the shown list.

    You can do various things from the ‘Windows Defender Firewall’ area. The left pane shows the option to Turn Windows Firewall either On or Off.

    Note: It is recommended to check here frequently if the firewall is enabled or not. Certain malware, if caught by the firewall, can turn off without informing you.

    Step-2: Click to verify which firewall is enabled and then with the back arrow, you can come back to the main firewall screen. It is possible to restore the defaults if you changed them.

    The ‘Restore Defaults’ option in the left pane provides access to these settings.

     Note: Settings labelled with a blue & gold defence need an administrator-level password for access.     

    What are the uses of firewalls?

    Here are some prominent applications of a firewall that users must understand to safeguard their system: