Cyber security unit 1

 *WHAT IS CYBERSECURITY?*

Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs and data from attack, damage, or unauthorized access. The term cybersecurity refers to techniques and practices designed to protect digital data. The data that is stored, transmitted, or used on an information system. After all, that is what criminal wants, data. The network, servers, computers are just mechanisms to get to the data. Effective cybersecurity reduces the risk of cyber-attacks and protects organizations and individuals from the unauthorized exploitation of systems, networks, and technologies.

 In other words, the technique of protecting internet-connected systems such  as  computers,  servers,  mobile  devices,  electronic  systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks, programs, and data. And security is concerned with the protection of systems, networks, applications, and information. In some cases, it is also called electronic information security or information technology security.

Robust cybersecurity implementation is roughly based around three key terms: people, processes, and technology. This three-pronged approach helps organizations defend themselves from both highly organized attacks and common internal threats, such as accidental breaches and human error. 

The attacks evolve every day as attackers become more inventive, it is critical to properly define cybersecurity and understand cybersecurity fundamentals.

 *BENEFITS OF LEARNING CYBERSECURITY*


1. *Protecting Personal Data*: Understanding cybersecurity helps individuals safeguard their personal information, such as passwords, financial data, and sensitive documents, from unauthorized access or theft.


2. *Preventing Identity Theft*: Cybersecurity knowledge enables individuals to recognize and thwart attempts to steal their identities, reducing the risk of fraud and financial loss.


3. *Securing Devices and Networks*: With cybersecurity skills, individuals can implement security measures to protect their devices, home networks, and online accounts from malware, viruses, and other cyber threats.


4. *Enhancing Career Opportunities*: Cybersecurity is a rapidly growing field with a high demand for skilled professionals. Learning cybersecurity can lead to rewarding career opportunities in various sectors, including technology, government, finance, healthcare, and more.


5. *Contributing to National Security*: Cybersecurity awareness among citizens strengthens a nation's overall cybersecurity posture, helping to defend against cyber attacks and safeguard critical infrastructure and sensitive information.


6. *Mitigating Risks in the Digital World*: In today's interconnected world, cyber threats are pervasive. By learning cybersecurity, individuals can identify potential risks and take proactive measures to mitigate them, minimizing the likelihood of falling victim to cyber attacks.


7. *Promoting Responsible Online Behavior*: Cybersecurity education encourages responsible online behavior, such as practicing good password hygiene, being cautious of suspicious emails and links, and staying informed about emerging threats and security best practices.

 *MODULE 1: 

FUNDAMENTALS OF CYBER SECURITY*: 

This module consist of three unit:

1. Cybersecurity Goals

2. Cybersecurity Principles

3. Security policies and standards

 Unit 1: *CYBERSECURITY GOALS*: 


The objective of Cybersecurity is to guard information from being stolen, compromised or attacked. Cybersecurity  is measured by a minimum of one amongst  these three goals-

- Protect the confidentiality of information.

- Preserve the integrity of knowledge.

- Promote the provision of knowledge for authorized users.



These goals form the confidentiality, integrity, availability (CIA) triad, the idea of all security programs. The CIA triad is the security model that's designed to guide policies for information security within the premises of a corporation or company.

 This model is additionally stated because the AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the American Central intelligence service. the weather of the triad is considered the three most vital components of security.


The CIA criteria are one that the majority of the organizations and corporations use after they have installed a replacement application, creates a database or when guaranteeing access to some data. For data to be completely secure, all of the three security goals must get effect. These are security policies where everyone works together, and thus it will be wrong to overlook one policy. The CIA triad is shown in the figure below ⬇

 *(A) Confidentiality*: Confidentiality is Ensuring that sensitive data is only accessible to authorized individuals, entities, or systems. 


It involves the protection of knowledge, providing access for people who are allowed to access it while disallowing others from learning anything about its content. 


It prevents essential information from reaching the inapt people while ensuring that the correct people can access it. 


Encryption may be an ideal example to confirm confidentiality. This involves measures such as encryption, access controls, and data classification (authentication).



Don't worry if you don't understand what encryption and these other terms are, we will discuss them further... ⬇️

Let's look at some of the *Tools used for CONFIDENTIALITY*⬇️

1. *Encryption:* Encryption is a fundamental technique used in cybersecurity to protect sensitive data by converting it into an unreadable format, known as *ciphertext*, using *cryptographic algorithms*. Only authorized parties possessing the corresponding *decryption key* can convert the ciphertext back into its original plaintext form.


Here's how encryption works:


- *Plaintext:* This is the original, readable data that needs to be protected, such as passwords, messages, files, or other types of sensitive information.

- *Encryption Algorithm:* An encryption algorithm is a mathematical function used to transform plaintext into ciphertext. Common encryption algorithms include AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adleman), and DES (Data Encryption Standard).

- *Encryption Key*: An encryption key is a piece of information used by the encryption algorithm to perform the encryption process. The strength of encryption depends on the complexity and length of the encryption key. There are two main types of encryption keys: *symmetric and asymmetric*

 *Symmetric Key Encryption*: In symmetric key encryption, the same key is used for both encryption and decryption. Both the sender and the recipient must possess the same secret key. Examples of symmetric key encryption algorithms include AES and DES.

*Asymmetric Key Encryption:* Also known as public-key encryption, asymmetric key encryption uses a pair of keys: a public key and a private key. The public key is used for encryption, while the private key is used for decryption. Asymmetric encryption is commonly used for secure communication and digital signatures. Examples of asymmetric encryption algorithms include RSA and ECC (Elliptic Curve Cryptography).


*Ciphertext*: This is the encrypted form of the plaintext data, which appears as random and unreadable characters without the decryption key.


Encryption plays a crucial role in ensuring the confidentiality and integrity of sensitive information, both at rest (stored data) and in transit (data being transmitted over networks). It helps protect data from unauthorized access, interception, and tampering by malicious actors. Encryption is widely used in various applications, including secure communication, data storage, digital signatures, and authentication mechanisms.

*Encryption case study:* let's break down how encryption works in the context of sending a message through WhatsApp:

1. Message Creation: Suppose Alice wants to send a message to Bob using WhatsApp. She composes her message on her device.

2. Encryption Process:

   - Encryption Algorithm: WhatsApp uses end-to-end encryption (E2EE) to secure messages. It employs the Signal Protocol, which uses a combination of symmetric and asymmetric encryption.

   - Key Generation: When Alice initiates a conversation with Bob or vice versa, their devices generate a pair of encryption keys: a public key and a private key.

   - Message Encryption: Alice's device encrypts the message using Bob's public key. This ensures that only Bob's device, possessing the corresponding private key, can decrypt the message.

   - Symmetric Key Exchange: To efficiently encrypt large messages, WhatsApp also generates a one-time symmetric key for each message. This key is used to encrypt the message itself. The symmetric key is then  encrypted using Bob's public key and sent along with the message.

3. Transmission: The encrypted message, along with the encrypted symmetric key (if applicable), is transmitted from Alice's device to WhatsApp's server over an encrypted connection. WhatsApp cannot decrypt the message since it doesn't possess Bob's private key.

4. Delivery: Upon receiving the encrypted message, Bob's device uses its private key to decrypt the symmetric key (if applicable). Then, it uses this symmetric key to decrypt the actual message.

5. Decryption: Bob's device decrypts the message using the symmetric key or directly using his private key, depending on the encryption method used

6. Display: The decrypted message is displayed on Bob's device, and he can read it.



Throughout this process, the message remains encrypted while in transit between devices and even while stored on WhatsApp's servers. Only the sender and the intended recipient have the necessary keys to decrypt and access the content of the message, ensuring confidentiality and privacy. This end-to-end encryption scheme provides a high level of security, preventing unauthorized parties, including WhatsApp itself, from intercepting or accessing the message content. 

So the second confidentiality tool like i said is *Access control* , Access Control  in cybersecurity refers to the process of regulating and managing who can access specific resources, data, or systems within an organization's network. It is a fundamental component of cybersecurity and is essential for protecting sensitive information, preventing unauthorized access, and ensuring the confidentiality, integrity, and availability (CIA) of data and resources.

ACCESS CONTROL MECHANISMS TYPICALLY INVOLVE THE FOLLOWING COMPONENTS:

🔽⬇️

[4/18, 6:27 AM] Daniel Akinpelu: 1. *Authentication:* Authentication is the process of verifying the identity of users or entities attempting to access a system or resource. It ensures that only legitimate users are granted access. Authentication methods include passwords, biometric authentication (such as fingerprint or facial recognition), smart cards, tokens, and multi-factor authentication (requiring multiple forms of authentication).


2. *Authorization:* Authorization determines what actions or operations an authenticated user or entity is permitted to perform within a system or on specific resources. It specifies the level of access granted based on the user's role, permissions, or privileges. Authorization mechanisms enforce the principle of least privilege, granting users only the minimum access necessary to perform their duties.


3. *Access Control Lists (ACLs):* ACLs are lists associated with resources that specify which users or groups are allowed or denied access to those resources and what actions they can perform. ACLs are commonly used in file systems, network devices, and databases to control access at a granular level.


4. *Role-Based Access Control (RBAC):* RBAC is an access control model that assigns permissions to users based on their roles within an organization. Users are assigned roles, and permissions are associated with those roles. RBAC simplifies access management by centralizing permissions and streamlining administration.


5. *Access Control Policies:* Access control policies define the rules and guidelines for managing access to resources. They specify who can access what resources under what circumstances and outline procedures for granting or revoking access privileges. Access control policies are typically based on organizational security requirements, compliance regulations, and risk assessments.


6. *Audit Trails:* Audit trails record and track access attempts, authorization decisions, and user activities within a system. They provide a record of who accessed what resources, when they accessed them, and what actions they performed. Audit trails are essential for monitoring and reviewing access control activities, detecting security incidents, and ensuring accountability.


_Effective access control is critical for mitigating the risk of unauthorized access, insider threats, and data breaches. By implementing robust access control mechanisms, organizations can enforce security policies, protect sensitive information, and maintain the integrity of their systems and data._

 Lets also look at a case study to help simplify what *Access Control* is ⬇️🔽

let's consider an example of access control in a corporate network environment:

Scenario: Sparker Africa Inc. has a network infrastructure that includes sensitive data stored on servers, confidential documents, and various applications used by employees across different departments. The company wants to implement access control measures to ensure that only authorized personnel can access specific resources based on their roles and responsibilities.


Example of Access Control Measures:

1. *Authentication:*

   - Each employee is provided with a unique username and password to authenticate themselves when accessing the corporate network or specific applications.

   - Multi-factor authentication (MFA) is enforced for accessing critical systems and sensitive data, requiring employees to provide additional verification, such as a one-time password sent to their mobile device, in addition to their username and password.


2. *Authorization:*

   - Sparker Africa Inc. implements Role-Based Access Control (RBAC), where access permissions are assigned to users based on their roles within the organization.

   - Employees are assigned roles such as "Employee," "Manager," and "Administrator," each with different levels of access privileges.

   - For example, regular employees may have read-only access to certain documents, while managers have permission to edit and approve them, and administrators have full access to all resources for maintenance and configuration.


3. *Access Control Lists (ACLs):*

   - Access control lists are configured on file servers and network devices to control access to specific files, folders, and network resources.

   - For instance, an ACL might be set up to allow only members of the HR department to access employee records stored in a designated folder on the file server.


4. *Access Control Policies:*

   - Sparker Africa Inc. establishes access control policies that outline the rules and procedures for granting and revoking access privileges.

   - Policies specify the acceptable use of corporate resources, password management requirements, and guidelines for remote access.

   - Employees are required to undergo regular security awareness training to understand and comply with access control policies.


5. *Audit Trails:*

   - Sparker Africa Inc. maintains audit logs that record all access attempts, login activities, and changes to access permissions.

   - Security administrators regularly review audit trails to identify suspicious or unauthorized activities, investigate security incidents, and ensure compliance with access control policies.

   - Audit trails also serve as evidence for regulatory compliance audits and internal investigations.


By implementing these access control measures, Sparker Africa Inc. can effectively manage access to its resources, protect sensitive information from unauthorized access, and maintain the confidentiality, integrity, and availability of its data and systems.

 Access Control is very common in bank settings, if you go to the bank or perform very heavy transactions, you will observe that there are some transactions that only the branch manager can approve, some transactions they have to call the regional manager for approval and so on.

The third tool of Confidentiality is *AUTHENTICATION* ⬇️

 Authentication in cybersecurity is the process of verifying the identity of a user, device, or entity attempting to access a system, application, or network. It ensures that only authorized individuals or entities are granted access to resources, data, or functionalities, while unauthorized access attempts are prevented. Authentication is a critical component of cybersecurity and is essential for protecting sensitive information, preventing unauthorized access, and maintaining the confidentiality, integrity, and availability of data and systems.


Authentication mechanisms typically involve the following components:


*1. Credentials:* Credentials are pieces of information used to authenticate users or entities. 

*_Common types of credentials include:_*

   - Username and Password: The most common form of authentication, where users provide a unique username and associated password.

   - Biometric Data: Physical or behavioral characteristics such as fingerprints, facial recognition, iris scans, or voiceprints.

   - Tokens: Physical or digital devices that generate one-time passwords (OTPs) or cryptographic keys for authentication.

   - Certificates: Digital certificates issued by a trusted authority that validate the identity of users or devices, just like this course you are doing now, your certificate will come with digital authentication in case someone wants to verify if your certificates are real or forged.

2. *Authentication Factors:* Authentication may involve one or more factors to verify the identity of the user or entity:

   - Knowledge Factor: Something the user knows, such as a password or PIN.

   - Possession Factor: Something the user possesses, such as a physical token or mobile device.

   - Inherence Factor: Something inherent to the user, such as biometric data (fingerprint, retina, voice).

   - Location Factor: The location or context from which the authentication attempt is made, such as IP address or geolocation. 

3. *Authentication Protocols:* Authentication protocols define the rules and procedures for verifying the authenticity of users or entities. Common authentication protocols include:

   - Password-based authentication: Users provide a username and password, which are compared against stored credentials.

   - Challenge-Response Authentication: Users respond to a challenge from the system, often with a cryptographic key or token.

   - Multi-factor Authentication (MFA): Requires users to provide two or more authentication factors for verification. 

   - Single Sign-On (SSO): Allows users to authenticate once and access multiple systems or applications without re-authenticating.

 4. *Authentication Servers:* Authentication servers or services verify the credentials provided by users or entities and determine whether access should be granted. These servers store user credentials securely and enforce authentication policies.


Authentication plays a crucial role in controlling access to resources, protecting against unauthorized access, and ensuring accountability and traceability in cybersecurity. By implementing robust authentication mechanisms and protocols, organizations can mitigate the risk of identity theft, unauthorized access, and data breaches, safeguarding their assets and maintaining trust with users and stakeholders.

 DON'T FORGET WE ARE STILL IN UNIT 1 AND WE HAVE BEEN DISCUSSING CYBERSECURITY GOALS WHICH ARE; *CONFIDENTIALITY, INTEGRITY AND AVAILABILITY*, AND SO FAR WE HAVE DISCUSSED CONFIDENTIALITY AND SOME OF ITS *TOOLS (ENCRYPTION, ACCESS CONTROL AND AUTHENTICATION)*, SO WE ARE MOVING TO THE SECOND GOAL WHICH IS *INTEGRITY*

In cybersecurity, integrity refers to the assurance that data, information, and systems have not been altered, tampered with, or modified in an unauthorized or unintended manner. It ensures that data remains accurate, reliable, and consistent throughout its lifecycle, from creation to storage and transmission.

For example there are some physical goods that when you buy, you see instructions such as *do not accept if seal is broken*. that is to ensure the integrity of such goods.

 *Integrity encompasses several key principles and objectives:* 1. *Data Accuracy:* Integrity ensures that data is accurate and free from errors, omissions, or unauthorized alterations. It verifies that data has not been manipulated or tampered with to deceive or mislead users.

2. *Data Authenticity:* Integrity verifies the authenticity of data, confirming that it originates from a trusted source and has not been forged or altered by unauthorized parties. Authentication mechanisms, digital signatures, and cryptographic techniques are used to validate the origin and integrity of data.

3. *Data Consistency:* Integrity ensures that data remains consistent and coherent across different systems, databases, or applications. It prevents inconsistencies, discrepancies, or conflicts that may arise from unauthorized modifications or data corruption.

4. *Data Integrity Controls:* Integrity controls are implemented to protect data from unauthorized modifications or alterations. These controls include access controls, encryption, checksums, hash functions, and digital signatures, which help detect and prevent unauthorized changes to data.

5. *Data Validation:* Integrity involves validating the accuracy and integrity of data through validation mechanisms such as input validation, data validation rules, and integrity checks. These mechanisms ensure that data meets specified criteria and is free from errors or inconsistencies.

6. *Data Protection:* Integrity measures protect data from intentional or accidental alterations, whether by malicious actors, system errors, or environmental factors. Backup and recovery strategies, data redundancy, and disaster recovery plans help mitigate the risk of data loss or corruption.


*_Maintaining data integrity is essential for ensuring the reliability, trustworthiness, and usability of data in critical applications and decision-making processes. By upholding data integrity, organizations can enhance trust with stakeholders, comply with regulatory requirements, and mitigate the risk of data breaches, fraud, and misinformation._*

*TOOLS FOR INTEGRITY* ⬇️

 *(A) DATA LOSS PREVENTION (DLP) SOLUTIONS

DLP* solutions prevent the unauthorized exfiltration or leakage of sensitive data by monitoring and controlling data movement across networks, endpoints, and cloud services. They use policy-based controls, encryption, and data classification to ensure data integrity and prevent data breaches.



*(B) BACKUP AND RECOVERY TOOLS*

Backup and recovery solutions create copies of data and store them in secure locations to protect against data loss, corruption, or ransomware attacks. They ensure data integrity by enabling organizations to restore data to its original state in the event of an incident or disaster.

 *(C) HASH FUNCTIONS*

Hash functions generate a fixed-length cryptographic hash value (checksum) based on the input data. Any change to the input data results in a different hash value. Hash functions are used to verify data integrity by comparing hash values before and after transmission or storage. Popular hash functions include SHA-256, MD5, and SHA-3.


*(D) FILE INTEGRITY MONITORING (FIM)* 

FIM tools monitor files and directories for changes, additions, deletions, or modifications. They use checksums, cryptographic hashes, or baseline comparisons to detect unauthorized changes to files or configurations. FIM tools provide real-time alerts and logs for suspicious activities.


*(E) DIGITAL SIGNATURES:*

Digital signatures use asymmetric cryptography to provide authentication and integrity assurance for digital documents or messages. They involve the use of a private key to sign the document and a corresponding public key to verify the signature's authenticity. Digital signatures ensure that the document has not been altered since it was signed.

 *(F) INTRUSION DETECTION SYSTEMS (IDS) AND INTRUSION PREVENTION SYSTEMS (IPS)*:

IDS and IPS solutions monitor network traffic and system activities for signs of unauthorized access, intrusion attempts, or malicious activities. They use signature-based detection, anomaly detection, and behavioral analysis to identify and prevent security incidents that may compromise data integrity.



*(G)SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) SYSTEMS*:

SIEM systems collect, analyze, and correlate log data from various sources, including network devices, servers, and applications. They detect security events, anomalies, and policy violations that may affect data integrity. SIEM solutions provide centralized visibility and monitoring capabilities for proactive threat detection and response.

 *(H) DATA CORRECTING CODES*

A checksum could  be  a  numerical  value  for verifying  the integrity of a file or an information transfer. Alternatively, it's the computation of a function that maps the contents of a file to a numerical value. They're typically applied in comparing two sets of information to confirm that they're identical. A checksum function depends on the whole contents of a file. It's designed in a special way that even a little or low change to the computer file (such as flipping one bit) is likely to leads to different output value.

*Goal 3: AVAILABILITY* ⬇️

Availability in cybersecurity refers to the accessibility and usability of information, resources, and services when needed by authorized users. It ensures that critical systems, applications, and data remain operational and accessible, even in the face of disruptions, failures, or cyber attacks. Availability is one of the three pillars of the CIA triad, along with confidentiality and integrity, and is essential for maintaining the functionality and productivity of organizations.

*TOOLS FOR AVAILABILITY* ⬇️⬇️

A) *Physical Protections:*

Physical safeguard means to preserve and make information available  even  within  the  event  of  physical  challenges.  It guarantees sensitive data and critical information technology resources are housed in secure areas.


B) *Computational Redundancies:*

This is applied as fault tolerant against inadvertent faults. It protects computers and storage devices that function as fallbacks in the event of failures.

*Unit Conclusion*⬇️⬇️ 

In this unit, we get a brief overview of cyber security goals. The Unit identified that the primary goal of cybersecurity is to ensure privacy of information, correctness of data, and access to authorised users. 


These goals were examined in the three crucial aspects of security which are *confidentiality, integrity, and availability (CIA)* of data collectively known as the *CIA Triad*. 


These three major components of cyber security goals and their evolution were described in detail in the unit.



Comments

Popular posts from this blog

How to prevent hackers from hacking Gmail account password easily

Basics of Computers - Introduction