1. What is Cyber Security?
Cyber security is the practice of protecting computer systems and
networks from unauthorized access, use, disclosure, disruption,
modification, or destruction.
It encompasses various technologies, processes, and controls to ensure
confidentiality, integrity, and availability of sensitive information and
critical infrastructure.
2. key concepts
Integrity
Ensuring data accuracy and
reliability, preventing unauthorised
modifications or deletions.
Availability
Guaranteeing access to systems
and data when needed, preventing
disruptions and downtime.
Confidentiality
Protecting sensitive information
from unauthorised access,
ensuring privacy and secrecy.
3. Popular attacks
Botnet Attacks: Networks of compromised computers controlled by attackers to launch distributed denial-of-service attacks
or spread malware.
Social Engineering Attacks: Exploiting human psychology to gain access to sensitive information, often through phishing
emails or fake websites.
Cryptocurrency Hijacking: Stealing cryptocurrency by hijacking wallets or mining resources for profit.
Phishing: Deceitful attempts to obtain sensitive information through emails, text messages, or fake websites disguised as
legitimate sources.
4. Ransomware
Ransomware is a type of malicious software that encrypts a victim's
files, rendering them inaccessible.
Attackers demand a ransom payment in cryptocurrency, typically
Bitcoin, to decrypt the files.
5. Botnet Attacks
A botnet is a network of compromised computers controlled by attackers. These computers, known as bots, are infected with malware and used
for malicious purposes.
Attackers can use a botnet to launch distributed denial-of-service (DDoS) attacks, spam campaigns, and steal data.
Phishing Attacks
Phishing is a common cyberattack where attackers disguise themselves as trusted entities, like banks or government agencies. They send
deceptive emails or messages containing malicious links or attachments, aiming to trick victims into revealing sensitive information like
passwords, credit card details, or personal data.
Security Goals and its implmentation
Authentication
Ensures the identity of users before granting access to systems or data. This protects against unauthorized access and data breaches.
Authorization
Determines the level of access users have to specific resources based on their roles and responsibilities. This helps maintain data integrity
and confidentiality.
Confidentiality
Guarantees that sensitive information is protected from unauthorized disclosure. This protects privacy and intellectual property.
Accountability
Tracks actions and decisions made by users, allowing for auditing and tracing any malicious activities. This helps in identifying and
responding to security breaches.
6. Designing a Secure System
Assess Risks
Identify potential threats and vulnerabilities. Prioritize risks based on their likelihood and impact.
Implement Controls
Employ security measures like strong passwords, encryption, firewalls, and intrusion detection systems.
Continuously Monitor
Regularly review and update security policies and procedures. Monitor for suspicious activity and promptly address any security
incidents.
Train Users
Educate users about cybersecurity best practices. Promote awareness of phishing attacks and other common threats.
7. Buffer Overflow and its Vulnerabilities
Buffer overflow is a common vulnerability where a program writes more data into a buffer than it can hold.
This overwrites adjacent memory, potentially corrupting data or even executing
malicious code.
Attackers exploit this vulnerability by injecting malicious code into a buffer, causing the
program to execute it.
This can lead to various consequences, including system crashes, data breaches, and
even full system takeove
r.
8. WhatsApp Buffer Overflow
Case Study
A buffer overflow vulnerability was found in WhatsApp's code. This
vulnerability allowed attackers to remotely execute code on users'
devices. Attackers could send specially crafted messages that, when
processed by WhatsApp, would overwrite memory buffers and execute
malicious code.
This vulnerability highlighted the importance of thorough code review
and security testing to prevent such exploitable flaws. WhatsApp
addressed the vulnerability with a security update, urging users to
update their apps to mitigate the risk.
9. Importance of Cyber Security
Protection of Personal
Data
Cyber security safeguards
personal information such as
financial details, medical records,
and social media accounts,
preventing identity theft and
privacy violations.
Safeguarding Business
Operations
Cyber security is crucial for
businesses to protect their
infrastructure, intellectual
property, and customer data,
minimizing disruptions and
ensuring business continuity.
Maintaining National Security
Cyber security is vital for governments to protect critical infrastructure,
such as power grids, transportation systems, and communication
networks, from cyberattacks.
10. Best Practices for Cyber Security
Strong Passwords
Use unique, complex passwords for all your accounts and avoid using the same password across multiple platforms.
Two-Factor Authentication
Enable two-factor authentication for sensitive accounts, adding an extra layer of security by requiring an additional code, typically sent to your phone.
Regular Software Updates
Keep all software, including operating systems, applications, and antivirus software, updated to patch vulnerabilities and ensure security.
Be Cautious of Suspicious Emails and Links
Avoid clicking on suspicious links or opening attachments from unknown senders, as they could contain malware or phishing attempts.
Use Secure Wi-Fi Networks
When connecting to public Wi-Fi, use a VPN (Virtual Private Network) to encrypt your traffic and protect your data from eavesdropping.
11. Cyber Security Awareness Training
1 Identify Potential Threats
Understanding common cyber threats, such as malware, phishing
attacks, and ransomware, is essential for recognizing potential dangers
and taking appropriate precautions.
2 Practice Safe Online Habits
Learning about safe online practices, such as strong passwords, two-
factor authentication, and avoiding suspicious links, can significantly
reduce the risk of cyberattacks.
3 Recognize Social Engineering Tactics
Awareness training helps employees identify and avoid social
engineering techniques used by attackers to manipulate individuals
into divulging sensitive information.
12. The Future of Cyber Security
Artificial Intelligence (AI)
AI-powered security solutions are increasingly being used for threat detection,
anomaly analysis, and proactive defense mechanisms.
Blockchain Technology
Blockchain offers secure and transparent data storage and transaction processing,
enhancing data security and preventing tampering.
Quantum Computing
Quantum computing has the potential to revolutionize cryptography and develop
more robust security solutions against advanced cyber threats.
