1 cyber security
Module 1
learning outcomes
Having completed this module you will be able to:
Define cybersecurity and explain its importance.
Outline types of cybersecurity threats and common attack vectors.
Explain the fundamentals of network security and list its components.
Identify key network protocols and their vulnerabilities.
Explain firewall technologies and intrusion detection systems.
Discuss operating system security principles.
Identify security mechanisms in operating systems.
Describe secure configuration and hardening of operating system
Introduction to Cybersecurity
This topic will introduce you to cybersecurity.
Topics to Be Covered:
Understanding the basics of cybersecurity.
Importance of cybersecurity.
Cybersecurity in the digital age.
Why is cybersecurity important?
Cybersecurity in the digital age: more relevant than ever.
Overview of cyber threats and attack vectors.
Common attack vectors.
Legal and ethical considerations in cybersecurity.
Understanding the Basics of Cybersecurity
Definition of Cybersecurity
Cybersecurity refers to the practice of safeguarding computer systems, networks,
and digital information from any unwarranted access, use, disclosure, disruption, or
destruction.
This involves taking various measures and technologies in place to secure
computers servers mobile devices electronic systems data against cyber threats
such as hacking malware phishing ransomware other forms of attacks such as
ransomware etc.
,2 cyber security
Importance of Cybersecurity
At present, cybersecurity holds enormous value as we become ever more dependent
on digital technology to perform daily tasks. The greater risks from cyber threats
include significant financial loss, damage to an individual or organisation's reputation,
loss of sensitive data or threats to national security. Such in breaches in security
measures being exploited make fully understanding and implementing the process
for cybersecurity measures imperative for today
Cybersecurity in the Digital Age
The Digital Age: A New Frontier
The digital or information age is an era in human history defined by an economic shift
away from traditional manufacturing towards an economy reliant on information
technology. Today we live more connected than ever before as data is produced,
stored, shared, and accessed across computers, mobile phones and cloud platforms
worldwide.
While our connected and data-driven world provides many conveniences and
advancements, it also presents numerous risks and vulnerabilities which necessitate
the implementation of cybersecurity practices to safeguard us all. Therefore, its
significance cannot be underrated.
Why is Cybersecurity Important?
- One of the key functions of cybersecurity is protecting sensitive data - be it personal
details of individuals, intellectual property of businesses, or classified government files -
which may otherwise be compromised in some manner and lead to serious monetary
and reputational loss if breached.
- Strong cybersecurity measures must be in place in order to keep unauthorised
individuals away from systems and networks - including hackers looking for data theft
opportunities as well as disgruntled employees with plans of disrupting services.
- Cyberattacks have the power to severely disrupt digital systems, like websites. An attack
like DDoS could render them unavailable causing substantial loss in business revenue and
sales.
- Many regions have laws and regulations in place which mandate businesses to protect
customer and employee personal data; failure to do so could incur substantial fines or
penalties.
More Relevant Than Ever
Cybersecurity in today's digital environment continues to rise for multiple reasons:
1. Increased Cybercrime: As we become increasingly dependent upon technology, so
does cybercrime. Cybercriminals have become more sophisticated as has their
reward for conducting crime online.
,3 cyber security
2. Growth of Internet of Things (IoT): With more devices connecting to the internet--from
smartphones and smart home appliances to other connected gadgets like drones--
coming online, more vulnerabilities and entry points for hackers increase
exponentially.
3. COVID-19 and Remote Work: COVID-19 has led to an acceleration in remote work
practices by businesses, expanding digital footprint and raising demands for secure
remote access to resources.
4. Emergence of AI/ML: These cutting-edge technologies may bring many advantages,
yet also pose new cybersecurity threats. Attackers could exploit them to automate
cyber attacks or enhance phishing attempts - and more!
As we progress into a digital society, cybersecurity will remain at the centre of discussions.
Each person plays their part by protecting personal data or company assets while keeping
themselves updated about regulations to keep themselves protected against threats.
Keep this in mind as we journey toward creating a safe digital world - every step towards
understanding and adopting better cybersecurity practices will bring us closer to that goal.
Overview of Cyber Threats and Attack Vectors
What are Cyber Threats?
Cyber threats can be defined as attempts by criminals or hackers to damage or disrupt
computer networks or systems for illicit gain, typically to steal, alter, or destroy targets by
hacking into vulnerable systems and then using that access point as their weapon of attack.
Types of Cyber Threats
1. Malware
Malware can be defined as malicious software installed without consent on an end user
device with the intention of harming them and/or their data, including viruses such as worms
and trojans as well as ransomware and spyware. All such examples constitute examples of
Malware.
2. Phishing
The Phishing technique is a devious method of cybercrime where scammers design falsely
realistic-looking websites or emails in order to entice unaware victims into providing
confidential information such as passwords as well as credit card numbers and social
security number.
Overview of Cyber Threats and Attack Vectors
3. Man-in-the-Middle Attacks
Man-in-the-Middle attacks are cybersecurity attacks wherein an attacker secretly intervenes
between two parties' communication to eavesdrop, alter data or pose as trusted entities,
jeopardising both confidentiality and integrity of communications between them.
, 4 cyber security
4. Distributed Denial of Service Attacks
When engaged in, DDoS attacks use brute-force traffic attacks against networks or websites
in an effort to render it unavailable for user use.
5. SQL Injection
In an SQL Injection attack, attackers take advantage of vulnerabilities in web application's
database query software in order to gain unauthorised access to information.
6. Zero-Day Exploits
Zero-day exploits are cyber attacks which strike upon discovering any weakness in software,
often on its very first day of discovery. Because most affected parties remain unaware of it
until much later, exploits may remain for days, weeks, or even months until being patched by
those with the best protection plans in place.
What are Attack Vectors?
An attack vector is any route through which an attacker gains unauthorised entry to a
computer or network with malicious intentions and delivers their payload or payoff. Attack
vectors allow hackers to exploit system vulnerabilities - including human ones - by exploiting
human vulnerabilities as part of an offensive strategy.
Common Attack Vectors
1. Email and Phishing
Email has emerged as a primary attack vector, with phishing being one of the more popular
attack techniques used against users. Attackers typically pose as trusted organisations to
lure recipients into clicking malicious links or downloading infected attachments from an
email sent from them.
2. Web
Attackers may exploit vulnerabilities in web applications to gain unauthorised access or
spread malware, either via SQL injection, cross-site scripting (XSS), or simply uploading files
with malware onto them.
3. Social Engineering
Social engineering involves deceiving or coercing individuals into divulging confidential
information through various techniques like phishing, pretexting, baiting and tailgating.
4. Physical Media
Module 1
learning outcomes
Having completed this module you will be able to:
Define cybersecurity and explain its importance.
Outline types of cybersecurity threats and common attack vectors.
Explain the fundamentals of network security and list its components.
Identify key network protocols and their vulnerabilities.
Explain firewall technologies and intrusion detection systems.
Discuss operating system security principles.
Identify security mechanisms in operating systems.
Describe secure configuration and hardening of operating system
Introduction to Cybersecurity
This topic will introduce you to cybersecurity.
Topics to Be Covered:
Understanding the basics of cybersecurity.
Importance of cybersecurity.
Cybersecurity in the digital age.
Why is cybersecurity important?
Cybersecurity in the digital age: more relevant than ever.
Overview of cyber threats and attack vectors.
Common attack vectors.
Legal and ethical considerations in cybersecurity.
Understanding the Basics of Cybersecurity
Definition of Cybersecurity
Cybersecurity refers to the practice of safeguarding computer systems, networks,
and digital information from any unwarranted access, use, disclosure, disruption, or
destruction.
This involves taking various measures and technologies in place to secure
computers servers mobile devices electronic systems data against cyber threats
such as hacking malware phishing ransomware other forms of attacks such as
ransomware etc.
,2 cyber security
Importance of Cybersecurity
At present, cybersecurity holds enormous value as we become ever more dependent
on digital technology to perform daily tasks. The greater risks from cyber threats
include significant financial loss, damage to an individual or organisation's reputation,
loss of sensitive data or threats to national security. Such in breaches in security
measures being exploited make fully understanding and implementing the process
for cybersecurity measures imperative for today
Cybersecurity in the Digital Age
The Digital Age: A New Frontier
The digital or information age is an era in human history defined by an economic shift
away from traditional manufacturing towards an economy reliant on information
technology. Today we live more connected than ever before as data is produced,
stored, shared, and accessed across computers, mobile phones and cloud platforms
worldwide.
While our connected and data-driven world provides many conveniences and
advancements, it also presents numerous risks and vulnerabilities which necessitate
the implementation of cybersecurity practices to safeguard us all. Therefore, its
significance cannot be underrated.
Why is Cybersecurity Important?
- One of the key functions of cybersecurity is protecting sensitive data - be it personal
details of individuals, intellectual property of businesses, or classified government files -
which may otherwise be compromised in some manner and lead to serious monetary
and reputational loss if breached.
- Strong cybersecurity measures must be in place in order to keep unauthorised
individuals away from systems and networks - including hackers looking for data theft
opportunities as well as disgruntled employees with plans of disrupting services.
- Cyberattacks have the power to severely disrupt digital systems, like websites. An attack
like DDoS could render them unavailable causing substantial loss in business revenue and
sales.
- Many regions have laws and regulations in place which mandate businesses to protect
customer and employee personal data; failure to do so could incur substantial fines or
penalties.
More Relevant Than Ever
Cybersecurity in today's digital environment continues to rise for multiple reasons:
1. Increased Cybercrime: As we become increasingly dependent upon technology, so
does cybercrime. Cybercriminals have become more sophisticated as has their
reward for conducting crime online.
,3 cyber security
2. Growth of Internet of Things (IoT): With more devices connecting to the internet--from
smartphones and smart home appliances to other connected gadgets like drones--
coming online, more vulnerabilities and entry points for hackers increase
exponentially.
3. COVID-19 and Remote Work: COVID-19 has led to an acceleration in remote work
practices by businesses, expanding digital footprint and raising demands for secure
remote access to resources.
4. Emergence of AI/ML: These cutting-edge technologies may bring many advantages,
yet also pose new cybersecurity threats. Attackers could exploit them to automate
cyber attacks or enhance phishing attempts - and more!
As we progress into a digital society, cybersecurity will remain at the centre of discussions.
Each person plays their part by protecting personal data or company assets while keeping
themselves updated about regulations to keep themselves protected against threats.
Keep this in mind as we journey toward creating a safe digital world - every step towards
understanding and adopting better cybersecurity practices will bring us closer to that goal.
Overview of Cyber Threats and Attack Vectors
What are Cyber Threats?
Cyber threats can be defined as attempts by criminals or hackers to damage or disrupt
computer networks or systems for illicit gain, typically to steal, alter, or destroy targets by
hacking into vulnerable systems and then using that access point as their weapon of attack.
Types of Cyber Threats
1. Malware
Malware can be defined as malicious software installed without consent on an end user
device with the intention of harming them and/or their data, including viruses such as worms
and trojans as well as ransomware and spyware. All such examples constitute examples of
Malware.
2. Phishing
The Phishing technique is a devious method of cybercrime where scammers design falsely
realistic-looking websites or emails in order to entice unaware victims into providing
confidential information such as passwords as well as credit card numbers and social
security number.
Overview of Cyber Threats and Attack Vectors
3. Man-in-the-Middle Attacks
Man-in-the-Middle attacks are cybersecurity attacks wherein an attacker secretly intervenes
between two parties' communication to eavesdrop, alter data or pose as trusted entities,
jeopardising both confidentiality and integrity of communications between them.
, 4 cyber security
4. Distributed Denial of Service Attacks
When engaged in, DDoS attacks use brute-force traffic attacks against networks or websites
in an effort to render it unavailable for user use.
5. SQL Injection
In an SQL Injection attack, attackers take advantage of vulnerabilities in web application's
database query software in order to gain unauthorised access to information.
6. Zero-Day Exploits
Zero-day exploits are cyber attacks which strike upon discovering any weakness in software,
often on its very first day of discovery. Because most affected parties remain unaware of it
until much later, exploits may remain for days, weeks, or even months until being patched by
those with the best protection plans in place.
What are Attack Vectors?
An attack vector is any route through which an attacker gains unauthorised entry to a
computer or network with malicious intentions and delivers their payload or payoff. Attack
vectors allow hackers to exploit system vulnerabilities - including human ones - by exploiting
human vulnerabilities as part of an offensive strategy.
Common Attack Vectors
1. Email and Phishing
Email has emerged as a primary attack vector, with phishing being one of the more popular
attack techniques used against users. Attackers typically pose as trusted organisations to
lure recipients into clicking malicious links or downloading infected attachments from an
email sent from them.
2. Web
Attackers may exploit vulnerabilities in web applications to gain unauthorised access or
spread malware, either via SQL injection, cross-site scripting (XSS), or simply uploading files
with malware onto them.
3. Social Engineering
Social engineering involves deceiving or coercing individuals into divulging confidential
information through various techniques like phishing, pretexting, baiting and tailgating.
4. Physical Media
