COMPUTER

SECURITY
CIS 300
Bachelor of Information
Communication Technology
(Hons)
Uditha Landekumbura
Bsc. in Software Engineering
SCQF Level 7,8,9
EQF Level 5,6
Basic Security Concepts 01 06 Public key
Infrastructure

Threats, Vulnerabilities,
Attacks 02 07 Secure Remorte Access

08
Steps Toward Internet What Do We Do? We've
Security 03 Been Hacked!

Always On, Always

Vulnerable 04 09 Cybercrime

Secure your Business

05
01 BASIC SECURITY CONCEPTS

Cybersecurity is crucial in today’s digital world, where vast amounts of

personal, financial, and business data are stored and transmitted
online.

With the rise in cyber threats such as hacking, phishing, and malware,
securing networks and systems protects this sensitive information
from unauthorized access and misuse.

Effective cybersecurity measures not only prevent financial and

reputational losses but also ensure privacy, maintain trust, and
support the functioning of modern society by safeguarding critical
infrastructure and data.
Real-world examples of security breaches and their
impacts

Equifax Data Breach (2017) – Exposed personal information, including

Social Security numbers, of 147 million people, leading to significant
financial and reputational damage.

Yahoo Data Breach (2013-2014) – Compromised 3 billion accounts over

two years, impacting user trust and leading to a $350 million drop in
Yahoo's acquisition price by Verizon.

SolarWinds Hack (2020) – A sophisticated supply chain attack affecting

multiple U.S. government agencies and private companies, highlighting
vulnerabilities in software supply chains.
 Why Is Computer and Network Security Important?

● Protects Sensitive Data – Ensures personal, financial, and business

information stays secure from unauthorized access and misuse.
● Prevents Financial Loss – Reduces the risk of monetary damages caused
by cyber-attacks, such as fraud, ransomware, and identity theft.
● Maintains Privacy – Safeguards personal data, ensuring individuals'
privacy and preventing exposure of sensitive information.
● Ensures Business Continuity – Helps prevent disruptions to business
operations due to cyber incidents, which can lead to downtime and
productivity losses.
● Supports National Security – Protects critical infrastructure, including
government, energy, and transportation sectors, from cyber threats that
could impact national security.
● Builds Customer Trust – Establishes credibility by ensuring that
customers’ data is handled securely, enhancing trust and loyalty.
● Mitigates Reputation Damage – Protects organizations from the
reputational harm associated with breaches and leaks that can erode
public confidence.
● Reduces Risk of Legal Consequences – Ensures compliance with data
protection regulations (e.g., GDPR, HIPAA) to avoid legal penalties and
lawsuits.
● Protects Intellectual Property – Secures proprietary information and
trade secrets, crucial for businesses in competitive industries.
● Addresses Emerging Threats – Enables defenses against evolving cyber
threats and attack methods, keeping security measures up-to-date
and effective.
The Security Trinity
1) Detection – Identifying threats and vulnerabilities as early as
possible is vital to prevent damage. Detection tools and techniques,
such as intrusion detection systems (IDS), log analysis, and monitoring
tools, help identify unusual activities, unauthorized access, and potential
breaches in real-time or through regular audits. Early detection allows
for quicker responses to incidents, reducing potential harm.

2) Response – Response refers to the actions taken after a threat has

been detected to mitigate or neutralize its impact. This includes
incident response procedures, containment strategies, and remediation
efforts to stop the attack, limit damage, and restore normal operations.
An effective response plan can minimize harm, reduce downtime, and
prevent further exploitation of vulnerabilities.
3) Prevention – Prevention encompasses the proactive measures put
in place to stop threats from occurring in the first place. This includes
implementing strong access controls, enforcing security policies,
patching vulnerabilities, and using firewalls and other security
technologies to create robust barriers against attacks. Prevention
focuses on minimizing the likelihood of a security incident.
 Information Security

Information Security is the practice of

safeguarding information from
unauthorized access, use, disclosure,
disruption, modification, or destruction. It
ensures the confidentiality, integrity, and
availability of data (CIA Triad)
Confidentiality – Protects sensitive information from being accessed by
unauthorized individuals. Techniques like encryption, access controls,
and data masking ensure that only authorized users can view or use
specific data.

Integrity – Maintains the accuracy and trustworthiness of data by

preventing unauthorized modifications. Integrity safeguards, such as
checksums, hashing, and audit trails, help detect and prevent data
tampering.

Availability – Ensures that information and systems are accessible to

authorized users whenever needed. Redundant systems, regular
maintenance, and disaster recovery plans are used to keep information
and services available, even in the event of disruptions.

Information
security = confidentiality + integrity + availability + authentication
Importance of Information Security

● Facilitates Safe Innovation – Enables organizations to adopt new

technologies confidently while minimizing associated risks
● Enhances Customer Confidence – Builds trust by assuring customers
that their data is secure, encouraging engagement and transactions.
● Supports Supply Chain Security – Protects data integrity across supply
chains, ensuring secure practices among suppliers and partners.
● Incident Preparedness – Equips organizations to respond effectively to
security incidents, reducing recovery time and impact.
● Preserves Organizational Value – Safeguards data and operations,
protecting the overall value of the organization and its assets.
 Countermeasures
Countermeasures in computer security are strategies, tools, or actions
taken to reduce or eliminate vulnerabilities and protect against potential
threats. Implementing effective countermeasures helps strengthen the
overall security posture of an organization. Here are some key
countermeasures:

● Technical Countermeasures (Firewalls, Encryption)

● Administrative Countermeasures (Security Policies, Access Controls)
● Physical Countermeasures (Use key cards, biometric scanners,
Surveillance)
● Operational Countermeasures
● Backup and Recovery Countermeasures
Identification
Identification in computer security refers to the process of recognizing and
verifying the identity of users, devices, or systems seeking access to
resources. It is a critical step in establishing secure interactions and
protecting sensitive information. The identification process often precedes
authentication, which further verifies that the identified entity is who they
claim to be.

Authentication
Authentication in computer security is the process of verifying the
identity of a user, device, or system. It ensures that individuals or
entities attempting to access resources are who they claim to be.
Authentication is a critical component of access control and security
protocols, following identification.
Access Control (Authorization)

Access Control (Authorization) is a critical component of computer

security that determines which users or systems are granted
permission to access specific resources or perform certain actions
within a system. It follows the identification and authentication
processes, ensuring that only authorized entities can access sensitive
data and functionalities.
 Availability

Availability refers to the assurance that information and resources are

accessible and usable by authorized users whenever needed. It is a critical
component of information security, ensuring that systems, data, and
applications remain operational and accessible even during failures or
attacks. Key aspects include:

● Redundancy: Implementing backup systems, data replication, and

failover mechanisms to maintain service continuity during outages.
● Disaster Recovery: Having plans and processes in place to restore
systems and data after a disruption, such as natural disasters or cyber
incidents.
● Performance Monitoring: Regularly assessing system performance and
capacity to prevent downtime and ensure efficient operation.
Accountability

Accountability in information security refers to the ability to trace actions

and changes made within a system back to specific users or entities. This
ensures that users are responsible for their actions and can be held
accountable for misuse or malicious behavior.

Nonrepudiation
Nonrepudiation is a security principle that ensures that a party in a
communication or transaction cannot deny the authenticity of their
signature or the sending of a message. It provides proof of the origin,
integrity, and ownership of data.
02 THREATS, VULNERABILITIES, AND ATTACKS

Protocols

Protocols in computer security are standardized sets of rules and conventions

that dictate how data is transmitted and received across networks. They ensure
secure, reliable, and efficient communication between devices, systems, and
applications.
TCP/IP Protocol Suite (Transmission Control Protocol/Internet Protocol)

● The TCP/IP Protocol Suite is a set of communication protocols used to

connect devices on the internet and private networks.
● End-to-End Communication: TCP/IP protocols facilitate
communication from the originating device to the destination device,
maintaining data integrity across diverse networks.
● Scalability: The model supports a vast number of devices and is robust
enough to handle large-scale networks like the internet.
● Reliability: TCP provides reliable data transmission with error-checking
and retransmission, while UDP allows faster, real-time communication.
● Interoperability: TCP/IP allows different types of devices to
communicate, making it ideal for the global internet and intranets.
Threats
In computer security, threats are any potential dangers or risks that could
cause harm to a system, network, or data.

Threats can lead to data loss, unauthorized access, damage to systems,

or disruptions in services. They can come from various sources, including
hackers, malware, software vulnerabilities, or even natural events like
power outages.
 Vulnerabilities
Vulnerabilities in Computer Security refer to weaknesses in a system,
application, or network that can be exploited by threats to gain unauthorized
access or cause harm. Identifying these vulnerabilities is essential for
strengthening security measures.

Physical Vulnerabilities: Weaknesses related to the physical security of

hardware and infrastructure, such as unguarded server rooms, lack of
surveillance, or inadequate access controls.

Media Vulnerabilities: Risks associated with data storage devices, like

unsecured hard drives, backup tapes, or portable media (e.g., USB drives) that
can be lost, stolen, or improperly disposed of.

Human Vulnerabilities: Weaknesses arising from human behavior, including

lack of training, poor password practices, or susceptibility to social engineering
attacks, which can lead to security breaches.
 Attacks
attacks are deliberate actions taken by hackers or malicious software to
exploit vulnerabilities in systems, networks, or applications. The goal of an
attack is often to steal data, disrupt services, gain unauthorized access, or
cause damage.

Common Types of Attacks

Malware Attacks: Using malicious software like viruses, worms, or

ransomware to infect and damage systems or steal data.

Phishing Attacks: Trick people into sharing sensitive information (like

passwords) by pretending to be a trusted source, usually via fake emails or
websites.
Denial of Service (DoS) Attacks: Overloading a system or network with
traffic to make it slow or unavailable to legitimate users.

Man-in-the-Middle (MitM) Attacks: Intercepting communication between

two parties to steal information or manipulate the conversation without their
knowledge.

Password Attacks: Attempting to crack or guess passwords to gain

unauthorized access to accounts or systems.

Viruses: Malicious programs that attach themselves to files or software,

spreading when infected files are opened and potentially causing damage or
stealing information.

Worms: Self-replicating malware that spreads across networks without

needing to attach to a file, often consuming bandwidth and crashing
systems.
Trojan Horses: Programs disguised as legitimate software but containing
harmful code that allows attackers to access and control systems.

Trap Doors (Backdoors): Secret entry points intentionally left in software,

allowing unauthorized access to a system without normal security checks.

Logic Bombs: Malicious code triggered by specific conditions, like a date or

event, which executes harmful actions when activated.

Port Scanning: Scanning a system’s ports to find open or vulnerable entry

points that attackers can exploit to gain access.

Session Hijacking: Taking control of an active session between a user and a

service, allowing the attacker to impersonate the user.

DNS Cache Poisoning: Corrupting DNS cache data to redirect users to

malicious websites by altering the IP address associated with a domain
name.
Spoofs:

● IP Address Spoofing: Forging the sender’s IP address in packets to

make them appear to come from a trusted source.
● Sequence Number Spoofing: Manipulating sequence numbers to
take over or intercept a connection between devices.

Redirects: Forcing users to another site without their consent, often leading
them to malicious or phishing sites.

Replay Attack: Intercepting and re-sending valid data transmissions (like a

login sequence) to gain unauthorized access.

Password Cracking: Attempting to discover passwords by guessing, using

brute-force attacks, or exploiting weak encryption.
Sniffing: Intercepting and monitoring data packets traveling across a
network, often to capture sensitive information.

War Dialing: Calling phone numbers in sequence to find modems, fax

machines, or other connections that could provide unauthorized network
access.

SPAM: Unsolicited emails, often used for phishing or spreading malware by

enticing users to click on malicious links or attachments.
The most common computer vulnerabilities include
● Unpatched Software
● Weak Passwords
● Phishing Attacks
● Malware and Viruses
● Misconfigured Network Settings
● Social Engineering
● Unsecured Wi-Fi Networks
● Poor Encryption
● Outdated Antivirus Software
● Insufficient Access Controls
● Outdated Firmware
● Lack of Data Backup
● Privilege Escalation Vulnerabilities
● Insecure APIs
03 STEPS TOWARD INTERNET SECURITY

Secure Browsing
Secure browsing is the practice of using the internet in a way that
minimizes the risk of data theft, malware infection, and unauthorized
access. This involves taking steps to protect personal information, avoid
malicious websites, and safeguard privacy while online. Secure browsing
helps prevent attackers from intercepting sensitive data, such as
passwords, credit card numbers, and personal details.
 Key Tips for Secure Browsing

Use HTTPS: Ensure that the websites you visit use HTTPS (look for a padlock
icon in the URL bar). HTTPS encrypts data between your browser and the
website, preventing eavesdropping.

Keep Software Updated: Regularly update your browser, operating system,

and plugins to patch vulnerabilities that attackers could exploit.

Use Strong Passwords and a Password Manager: Avoid using the same
passwords on multiple sites and opt for strong, unique passwords. A
password manager can securely store and generate complex passwords.

Enable Browser Security Settings: Adjust browser settings to block

pop-ups, disable third-party cookies, and prevent tracking by websites.
Avoid Phishing Links: Be cautious of clicking on links in unsolicited emails or
pop-ups, as these could lead to fake websites designed to steal your
information.

Use Antivirus Software and Firewalls: These tools can detect and block
malicious downloads and websites, providing an additional layer of
protection.

Avoid Public Wi-Fi or Use a VPN: Public Wi-Fi is insecure and can be easily
exploited. If you must use it, a Virtual Private Network (VPN) encrypts your
connection, protecting your data.
 Configure browser
Browser Security Plus offers three different sets of policies to address the
above challenge:

● Data Leakage Prevention

● Threat Prevention
● Browser Customization

Data Leakage Prevention (DLP)

Measures to protect sensitive data from unauthorized access or sharing.

Techniques:

● Disable Autofill: Prevents sensitive data from being auto-filled.

● Clear Browsing Data: Regularly remove cookies and cache.
● DLP Extensions: Use extensions that control data leaving the browser.
Threat Prevention

Steps to block or reduce online risks.

Techniques:

● Enable Safe Browsing: Most browsers can warn about phishing and
malware sites.
● Install Security Extensions: Use add-ons like ad-blockers and VPNs.
● Stay Updated: Ensure your browser has the latest security patches.

Browser Customization for Security

Adjust browser settings and add tools to enhance security.

● HTTPS-Only Mode: Connect only to sites with encrypted connections.

● Privacy Settings: Block third-party cookies, enable Do Not Track.
● Security Extensions: Use tools like HTTPS Everywhere, ad-blockers, and
tracking prevention.
 Cookies
Cookies are small pieces of data stored on a user's device by a web browser
while browsing a website. They serve various purposes, primarily to enhance
the user experience by remembering information about the user and their
preferences.

How Cookies Work:

When you visit a website, the server sends a cookie to your browser, which
stores it.

On subsequent visits, your browser sends the cookie back to the server,
allowing the website to remember your preferences or session information.
Privacy Concerns:

Cookies can be used for tracking users’ online activities, leading to privacy
issues.

Third-party cookies, in particular, raise concerns about how personal data is

collected and used for targeted advertising.

Managing Cookies:

Browsers allow users to manage cookies through settings. You can:

● Block or delete cookies.

● Set preferences for first-party and third-party cookies.
● Enable or disable specific cookie features like "Do Not Track."
Types of Cookies

Session Cookies

● Temporary cookies that expire when you close your browser.

● Used to remember user actions during a single browsing session (e.g.,
items in a shopping cart).

Persistent Cookies

● Remain on your device for a specified period or until manually deleted.

● Used to remember login information, preferences, or user settings across
multiple sessions.
First-Party Cookies:

● Set by the website you are visiting.

● Used for functionalities like remembering login details or user
preferences.

Third-Party Cookies

● Set by domains other than the one you are visiting, often used for
advertising and tracking purposes.
● Can be used to track users across different sites, leading to privacy
concerns.
04 ALWAYS ON, ALWAYS VULNERABLE

“Always On, Always Vulnerable” describes the risks faced by devices and
systems that are continuously connected to the internet. Constant
connectivity allows for easy access to services and data, but it also
exposes these systems to persistent security threats, such as malware
attacks, unauthorized access, and data breaches.

Devices like smartphones, computers, and Internet of Things (IoT) gadgets

are particularly at risk, as they remain accessible to potential attackers
around the clock. To mitigate these risks, users must take proactive steps,
including regular software updates, strong passwords, and network security
measures, to protect their data and privacy while staying connected.
Minimize the risk & Risk Mitigation

Minimizing risk in cybersecurity involves proactive steps to reduce

vulnerabilities and the likelihood of successful attacks on systems.

Risk mitigation goes further by systematically identifying and addressing

risks through strategic planning, implementing security protocols, and
continuously monitoring for emerging threats. Together, these actions
form a comprehensive approach to protecting systems and minimizing
exposure to cyber risks.
 Risk Mitigation Options
Risk Avoidance: Eliminating activities or practices that pose security risks,
such as removing unnecessary access or disabling risky features.

Risk Reduction: Implementing measures to minimize the impact of risks, like

using firewalls, encryption, regular updates, and user training.

Risk Sharing: Transferring part of the risk to a third party, such as using
cyber insurance or outsourcing certain functions to a managed security
provider.

Risk Acceptance: Acknowledging and accepting certain risks when their

impact or likelihood is low or the cost of mitigation outweighs the benefits.

Risk Transfer: Passing risk responsibilities to another entity, often seen in

contracts with vendors or cloud service providers, which assume
responsibility for certain security aspects.
Risk Mitigation Strategy
Risk Identification: First, identify potential threats and vulnerabilities
within systems, data, or processes that could lead to security incidents.

Risk Assessment: Evaluate each risk by considering its likelihood and

potential impact on the organization. This helps prioritize risks based on
severity.

Risk Control Measures: Select appropriate mitigation options, such as

risk avoidance, reduction, sharing, or transfer, to manage each risk. Control
measures might include firewalls, encryption, access controls, and training.

Implementing Mitigation Actions: Put the selected control measures

into practice, establishing security policies, processes, and tools to
defend against identified risks.

Continuous Monitoring: Regularly monitor systems for new or evolving

risks and assess the effectiveness of mitigation measures, updating the
strategy as needed.
Firewall

A firewall is a security device or software that monitors and controls

incoming and outgoing network traffic based on predetermined security
rules.

It acts as a barrier between a trusted internal network (such as a private

network or personal computer) and untrusted external networks (like the
internet).

By analyzing data packets, firewalls can permit, block, or restrict traffic to

protect the network from unauthorized access, malware, and other cyber
threats.
 Types of Firewalls

Packet-Filtering Firewalls: Analyze individual packets and filter based on IP

addresses, protocols, or port numbers.

Stateful Inspection Firewalls: Track active connections and make filtering

decisions based on the context of network traffic.

Proxy Firewalls: Act as an intermediary, hiding the internal network and

making requests on behalf of users.

Next-Generation Firewalls (NGFWs): Offer advanced features such as

deep packet inspection, intrusion prevention, and application control.
 How does a firewall work?
01) Monitoring Network Traffic:

The firewall sits between your computer (or network) and the internet,
watching all data that tries to come in or go out.

02) Checking Each Data Packet:

Data on the internet moves in small pieces called "packets." The firewall
inspects each of these packets to see where it’s from, where it’s going, and
what it contains.

03) Applying Security Rules:

The firewall uses a set of predefined rules to decide what to do with each
packet. These rules might allow, block, or limit certain types of data based on
things like IP addresses, ports, or protocols.
04) Allowing or Blocking Packets:

If a packet meets the firewall’s rules (e.g., it’s from a trusted source), it is
allowed to pass through. If it looks suspicious or doesn’t follow the rules, the
firewall blocks it to protect the network.

05) Keeping Track of Active Connections (for Advanced Firewalls):

Some firewalls can track active connections to remember which devices are
communicating and ensure that only safe, expected responses come back
to trusted devices.

06) Logging Activity:

The firewall may log information about what it blocks or allows, which helps
in monitoring security and analyzing potential threats.
 05 SECURE YOUR BUSINESS

Securing Your Business involves implementing strategies, tools, and practices

to protect a business’s data, systems, and network from cyber threats. This
includes several key measures;

● Establish Strong Cybersecurity Policies: Set clear rules for data access,
internet use, and security practices among employees.
● Use Firewalls and Antivirus Software: Firewalls block unauthorized access,
while antivirus software detects and removes malware.
● Regular Software Updates and Patching: Keep all systems, applications,
and devices up-to-date to address known vulnerabilities.
● Employee Training: Educate staff on recognizing phishing attempts,
secure password practices, and other security best practices.
● Data Backup and Recovery Plans: Ensure regular data backups and test
recovery plans to quickly restore operations after a security incident.
● Multi-Factor Authentication (MFA): Adding extra layers of
authentication helps protect sensitive accounts from unauthorized
access.

Implementing these security measures helps protect against data

breaches, financial loss, and reputational damage, ensuring a safer and
more resilient business environment.
What is Network Security
Network security involves practices and tools used to protect a
network and its data from unauthorized access, misuse, and cyber
threats. It includes strategies to ensure the confidentiality, integrity, and
availability of network resources.

How Does Network Security Work?

Network security works by using a combination of hardware, software,
and policies to monitor, detect, and respond to threats. It includes
firewalls, intrusion detection systems, encryption, access controls, and
regular security updates to control who can access the network and
how.
How Do I Benefit from Network Security?

Effective network security protects sensitive information, prevents data

breaches, minimizes downtime, and builds customer trust. It helps
businesses avoid financial loss, maintain operational continuity, and meet
regulatory compliance requirements.
 6 steps to secure your network

01) Closely Monitor Your Traffic: Regularly check network traffic for unusual
activity or potential threats. Use monitoring tools to detect unauthorized
access attempts or abnormal patterns that could indicate a breach.

02) Stay Up to Date on New Threats: Keep informed about emerging cyber
threats and vulnerabilities by subscribing to security bulletins or industry
news. This awareness helps you adjust your defenses to address the latest
risks.

03) Regularly Update Your Frontline Defense: Ensure that firewalls, antivirus
software, and intrusion detection systems are up-to-date. Frequent updates
strengthen your defense against new types of attacks.
 6 steps to secure your network

04) Train Your Employees on Security Protocols: Educate employees on

security best practices, including recognizing phishing attempts, secure
password practices, and safe data handling, to minimize risks due to human
error.

05) Protect Against Data Loss: Implement data backup solutions and
enforce encryption policies to secure sensitive data, reducing the impact of
potential data breaches or loss incidents.

06) Consider Additional Security Options: Explore advanced security

measures such as multi-factor authentication, endpoint security, and
network segmentation to strengthen your network’s resilience against
threats.
 Restrict access
Restricting Access is a fundamental part of network security that ensures only
authorized users can access specific areas, resources, or data within a
network. By limiting access based on roles, permissions, and security policies,
you can reduce the chances of unauthorized access and data breaches.

● Role-Based Access Control (RBAC): This approach assigns access rights

based on job roles within an organization. Users only get the permissions
necessary to perform their duties, minimizing exposure to sensitive data.

● Multi-Factor Authentication (MFA): Adding extra authentication steps,

like a code sent to a mobile device or biometric verification, strengthens
access control by confirming user identity beyond just a password.
● Network Segmentation: Dividing a network into smaller, isolated
segments restricts movement within the network. For instance,
sensitive data or servers can be isolated so only authorized employees
have access, reducing the impact of a potential breach.

● Access Control Lists (ACLs): ACLs specify which users or devices can
access certain resources. They act as traffic filters, blocking
unauthorized access while allowing trusted connections.

● Least Privilege Principle: Users are given the minimum access needed
to perform their tasks, reducing the risk of accidental or malicious
misuse of higher access levels.
 Monitor traffic
Monitoring Traffic involves continuously observing and analyzing data
moving in and out of a network to detect suspicious or unusual activity. This
proactive security measure helps identify potential threats early and
prevents unauthorized access or data breaches.

Key Aspects of Monitoring Traffic:

Packet Inspection: By examining individual data packets, security tools can

identify malicious patterns, such as unauthorized access attempts or
unusual traffic spikes.

Real-Time Alerts: Monitoring tools can send alerts when they detect
abnormal behavior, such as a sudden increase in network traffic, which
might indicate a DDoS attack or data exfiltration attempt.
Analyzing Logs: Traffic logs keep a record of all activity, providing insights
into who accessed what and when. Regular log analysis helps track patterns
and detect trends, highlighting possible security issues.

Intrusion Detection Systems (IDS): An IDS specifically monitors traffic for

known attack signatures or unusual patterns and alerts security teams about
potential intrusions.

Bandwidth Usage Tracking: Monitoring traffic helps manage bandwidth,

identifying unauthorized data-intensive activities that could slow down the
network.
 Outsourcing
Outsourcing is the practice of hiring third-party companies or individuals to
perform tasks or services that an organization might otherwise handle
internally. By outsourcing, businesses can access specialized skills, reduce
costs, and focus on their core functions.

Companies tend to look at outsourcing as an option for cyber security for

two main reasons:

● Too busy
● Too inexperienced

Key Benefits of Outsourcing: Cost Savings, Access to Expertise, Focus on

Core Activities, Scalability, Risk Mitigation
 06 PUBLIC KEY INFRASTRUCTURE (PKI)

Public Key Infrastructure (PKI) is a system that manages digital keys and
certificates to enable secure electronic communications. It’s essential for
encrypting data, authenticating users, and ensuring data integrity across
networks.

PKI provides security through two main processes:

● Encryption: Public keys are used to encrypt messages, which can only
be decrypted by the corresponding private key.
● Digital Signatures: Private keys create digital signatures, allowing
recipients to verify the sender’s identity with the public key.

PKI is critical for securing web transactions, authenticating users, protecting

sensitive data, and establishing trust online.
 Key Components of PKI
1. Public and Private Keys: PKI uses pairs of cryptographic keys – a public
key (available to anyone) and a private key (kept secret). Together, they
help encrypt, decrypt, and verify data securely.
2. Digital Certificates: Issued by a trusted Certificate Authority (CA), digital
certificates verify the identity of individuals or devices. Each certificate
links a public key to its owner, confirming authenticity.
3. Certificate Authorities (CA): CAs are trusted entities that issue and
manage digital certificates. They play a vital role in ensuring that the
public key in a certificate belongs to the correct person or organization.
4. Registration Authorities (RA): RAs verify the identities of entities
requesting certificates before a CA issues them, adding a layer of
verification.
5. Certificate Revocation Lists (CRL): If a certificate becomes invalid
before its expiration, it is placed on a CRL. This ensures that revoked
certificates are not trusted in secure communications.
 Key Management Lifecycle

01) Key Generation: The first step is generating a key pair (public and
private keys) for each user or device. Keys must be created with strong
cryptographic algorithms to ensure security and must meet certain length
requirements.

02) Key Distribution: The public key is distributed, usually through a digital
certificate issued by a Certificate Authority (CA), while the private key
remains securely stored and confidential.

03) Key Storage: Private keys must be stored in secure locations, often in
hardware security modules (HSMs) or secure software environments.
Security measures protect keys from unauthorized access and potential
breaches.
04) Key Usage: Keys are used for encryption, decryption, signing, and
verification. Organizations define policies that specify the circumstances under
which keys can be used, ensuring keys are only used for their intended purposes.

05) Key Rotation and Renewal: To maintain security, keys should be periodically
rotated or renewed. This process involves generating a new key pair to replace
the old one, which minimizes the risk of a compromised key being reused.

06) Key Revocation: When a private key is compromised or no longer needed, it

must be revoked. The Certificate Revocation List (CRL) or Online Certificate
Status Protocol (OCSP) updates and invalidates the certificate associated with
the revoked key.

07) Key Expiry and Destruction: Keys have set lifetimes and must be destroyed
securely once they expire or are no longer needed to prevent unauthorized use.
 Cryptography
Cryptography is the science of securing information by transforming it into
an unreadable format, accessible only to those who possess the necessary
decryption key. It plays a fundamental role in digital security by ensuring
data privacy, authenticity, and integrity.

Key Concepts in Cryptography:

● Encryption: The process of converting plain text into an unreadable

format (ciphertext).
● Decryption: Converting ciphertext back to its original, readable form.
● Keys: Cryptographic keys are sequences used to encrypt and decrypt
data, typically in pairs (public and private) for asymmetric encryption.
 History of Cryptography
01) Ancient Cryptography:

The earliest forms of cryptography date back to ancient Egypt and

Mesopotamia, where hieroglyphics and cuneiform symbols were sometimes
encoded to convey secrets.

02) Medieval and Renaissance Cryptography:

During the Middle Ages, ciphers became more sophisticated. The Vigenère
Cipher was developed using polyalphabetic substitution, making it much
harder to decode.

03) World Wars:

WWI and WWII saw major advancements in cryptography. The Enigma

Machine, used by the Germans during WWII, created complex encoded
messages that were challenging to break.
Modern Cryptography (20th Century):

With the rise of computers, symmetric encryption methods like DES (Data
Encryption Standard) and later AES (Advanced Encryption Standard) became
standard.

Public Key Cryptography emerged in the 1970s with the invention of the RSA
algorithm by Rivest, Shamir, and Adleman. This breakthrough enabled secure
communication over public channels without needing a pre-shared key,
revolutionizing digital communication.

Contemporary Cryptography:

Today, cryptography is foundational in securing digital transactions, online

communications, and protecting personal information. Advanced methods,
like quantum cryptography and blockchain-based encryption, are now
explored to strengthen future security in response to increasing
computational power.
 Symmetric Encryption

In symmetric encryption, the

same key is used for both
encryption and decryption.
This type of encryption is fast
and efficient, making it suitable
for encrypting large amounts
of data.

How it Works: The sender uses a key to encrypt the data, turning it into
ciphertext. The receiver, who also has the same key, can then decrypt the
ciphertext back into readable data.
Key Management: Both parties must securely share and store the same key,
which can be a challenge, especially over large networks.

Pros:

● Faster and less computationally intensive.

● Ideal for encrypting large datasets.

Cons:

● Requires a secure method for sharing the key.

● If the key is compromised, both encryption and decryption are exposed.
 Asymmetric Encryption

In asymmetric encryption, two keys

are used: a public key for encryption
and a private key for decryption. This
is also known as public-key
cryptography.

How it Works: The sender uses the recipient’s public key to encrypt the
data. Only the recipient’s private key, which they keep secure, can decrypt
the data. This ensures that even if the public key is widely shared, the data
remains secure.
Key Management: Since the public key can be shared openly, only the
private key needs to be kept secure, simplifying key management.

Pros:

● Eliminates the need for securely sharing a single key.

● Public keys can be shared openly, improving scalability.

Cons:

● Slower than symmetric encryption due to its complex mathematical

algorithms.
● Not ideal for encrypting large amounts of data directly.
 Digital Certificate
A Digital Certificate is an electronic document that links a public key to the identity of
an individual, organization, or device. Issued by a trusted Certificate Authority (CA), a
digital certificate authenticates the identity of the certificate holder.

Public Key: The public key of the certificate holder, used in encryption and verification.

Owner’s Identity: Information about the certificate holder, such as name and
organization.

Certificate Authority’s Signature: The CA’s digital signature verifies the authenticity of
the certificate.

Expiration Date: Specifies how long the certificate is valid.

Use: Digital certificates are widely used in secure web transactions, email encryption,
and network communications to verify that the server or sender is genuine. Examples
include SSL/TLS certificates used by websites.
 Digital Signature
A Digital Signature is a cryptographic method used to verify the authenticity and
integrity of digital messages, documents, or software. It acts as a “digital
fingerprint” for a document or message.

Creating the Signature: The sender generates a hash (a unique, fixed-length string)
of the original document. This hash is then encrypted with the sender’s private key,
creating the digital signature.

Verification: The recipient decrypts the digital signature using the sender’s public
key, obtaining the original hash. They then generate a hash from the received
document and compare it to the decrypted hash. If they match, the document is
verified as authentic and untampered.

Uses: Digital signatures are essential in secure email, document signing, and
software distribution, as they confirm both the sender’s identity and the
document’s integrity.
Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is a protocol that establishes a secure and

encrypted link between a web server and a web browser, protecting data
from being intercepted or tampered with. SSL, now largely replaced by its
successor Transport Layer Security (TLS), is essential for secure online
transactions and private communications.

n a web browser, SSL is indicated by:

● HTTPS in the URL

● A padlock icon in the address bar
● Sometimes, a green address bar for Extended Validation (EV)
certificates, signaling higher trust levels.
How SSL Works:

1. SSL Handshake: When a user connects to a secure website (usually

starting with "https://"), the browser and server initiate the SSL handshake
to agree on encryption methods and verify each other's identity.
2. Certificate Verification: The server presents its SSL certificate, which
includes its public key and is verified by a trusted Certificate Authority
(CA). The browser checks the certificate’s validity and authenticity.
3. Session Key Generation: After verification, both the server and browser
generate a unique session key to encrypt data for the duration of the
connection. This session key is a symmetric key that provides fast
encryption for the secure session.
4. Data Encryption: All data exchanged between the server and browser is
encrypted using the session key. Only the browser and server can
decrypt the data, ensuring confidentiality and data integrity.
5. Session Closure: Once the session ends, the session key is discarded,
and a new handshake is required for any subsequent secure connection.
 Secure Electronic Transaction

Secure Electronic Transaction (SET) is a protocol developed to secure

online credit card transactions and protect sensitive information between
buyers, merchants, and payment processors. SET was co-developed by
Visa and Mastercard in the 1990s to create a secure, trusted environment
for digital payments.

Key Benefits of SET:

● Authentication: Digital certificates authenticate the identities of buyers

and merchants.
● Confidentiality: Encryption ensures that sensitive information like credit
card numbers remains confidential.
● Data Integrity: Digital signatures ensure that transaction data is not
altered during transmission.
How SET Works:

1. Digital Certificates: SET uses digital certificates to verify the identities of all parties
involved in the transaction: the buyer, merchant, and bank. This ensures that each party
is legitimate and authorized to participate in the transaction.

2. Encryption: All sensitive data, such as credit card information, is encrypted. SET uses
both symmetric and asymmetric encryption to secure information and prevent
unauthorized access.

3. Dual Signature: A unique feature of SET is the dual signature, which separates the
payment information from the order details. This keeps the buyer's credit card details
secure, allowing only the bank to access it, while the merchant can only see the order
details.

4. Authorization and Payment: Once the transaction details are encrypted and signed,
the buyer’s bank authorizes the payment, confirming that sufficient funds are available.
The bank then forwards the transaction to the merchant's bank for settlement.

5. Receipt Confirmation: After authorization, both the buyer and the merchant receive
a transaction confirmation, and the transaction is complete.
 Biometrics
Biometrics Types:

1. Fingerprint Recognition: Analyzes the unique patterns of ridges and

valleys in a person's fingerprint.
2. Facial Recognition: Uses the structure and features of a person’s face,
often comparing key points like the distance between the eyes or the
shape of the jawline.
3. Iris and Retina Scanning: Examines patterns in the iris or retina of the
eye, which are unique to each individual.
4. Voice Recognition: Analyzes vocal characteristics, which are influenced
by physical factors like vocal cord length and mouth shape.
5. Hand Geometry: Measures the shape and size of a person’s hand,
including finger length, width, and other details.
6. Veins Recognition: Veins are blood vessels that carry blood to the heart.
 Biometrics Solution
A Biometrics Solution is an integrated system that uses biometric
technologies to enhance security, access control, and user authentication.
Biometrics solutions are increasingly used in various sectors.

Components of a Biometrics Solution:

● Sensor: Captures the biometric data (e.g., camera for face recognition,
fingerprint scanner).
● Data Processing: Converts the captured biometric data into a digital format
for analysis.
● Storage: Stores biometric data in an encrypted format within a secure
database or on the user’s device.
● Matching Algorithm: Compares new biometric data to stored records to verify
identity.
● Decision-Making Engine: Determines whether the presented data matches an
existing template and grants or denies access accordingly.
Benefits of Biometrics Solutions:

● Enhanced Security: Biometrics provides strong authentication as

biological traits are unique and difficult to replicate.
● Convenience: Allows users to access systems quickly without
remembering passwords or carrying physical tokens.
● Fraud Prevention: Reduces risks of unauthorized access and identity theft.
● Non-Transferable: Unlike passwords or cards, biometric data can’t be
easily shared or stolen.

Limitations:

● Privacy Concerns: Biometric data is highly personal, and improper

handling could lead to misuse.
● Data Security: If biometric data is compromised, it cannot be changed like
a password.
● False Acceptance and Rejection Rates: No biometric system is perfect
07 SECURE REMOTE ACCESS

Secure Remote Access refers to the ability for authorized users to access
a network or system remotely, in a secure manner, without compromising
sensitive data or system integrity. It is achieved using technologies like
Virtual Private Networks (VPNs), Secure Shell (SSH), multi-factor
authentication (MFA), and other encryption methods to ensure data is
transmitted securely over public networks.
 Who Uses Remote Access?
Employees: Remote access is commonly used by employees working from in
different geographical locations to connect to the company’s network,
systems, and data.

Contractors and Consultants: Temporary or external workers often need

secure access to specific systems or documents for collaboration.

Support Technicians: IT professionals and support staff use remote access

to troubleshoot, maintain, and monitor systems from remote locations.

Healthcare Providers: Doctors and medical staff use remote access to view
patient records or provide telemedicine services from off-site locations.

Remote/Distributed Teams: Organizations with teams spread across

different offices or even continents rely on remote access for daily
communication, project collaboration, and system access.
 Why Organizations Need Remote Access

Flexibility: Employees can work from anywhere, improving productivity and

work-life balance.

Business Continuity: Ensures work can continue during emergencies, travel, or

unexpected events.

Access to Resources: Employees can access essential systems and data

remotely.

Collaboration: Facilitates teamwork across different locations and time zones.

Cost Savings: Reduces expenses related to office space and utilities.

Security and Privacy: Secures sensitive data through encryption and

authentication.
Competitive Advantage: Attracts global talent, expanding the recruitment
pool.

Time Efficiency: Saves commuting time, enhancing productivity.

Scalability: Remote access solutions can easily grow with the organization.

Compliance: Helps meet regulatory requirements for data protection.

 Virtual Private Networks (VPN)

A Virtual Private Network (VPN) is a technology that creates a secure and

encrypted connection over the internet, allowing users to access a private
network remotely, as if they were directly connected to that network. VPNs
are commonly used to ensure data privacy and security when accessing
public networks or the internet.
 VPN Security
VPNs use encryption to secure data as it travels across the internet,
preventing unauthorized access and ensuring confidentiality. It protects data
from hackers, especially on public Wi-Fi networks, and provides a secure
connection between remote users and a company’s internal systems.

Key components of VPN security include:

● Encryption: Protects data from being read or altered during transmission.

● Authentication: Verifies the identities of users and devices before granting
access.
● Data Integrity: Ensures that the data has not been tampered with during
transmission.
● Anonymity: VPNs can mask a user's IP address, providing privacy and
preventing tracking.
Goals of VPNs

● Confidentiality: Ensures that sensitive information, such as login

credentials and personal data, remains private.
● Integrity: Verifies that the data sent or received has not been altered.
● Authentication: Confirms the identity of users or devices accessing the
network.
● Anonymity: Helps mask the user’s location and IP address, providing
privacy online.
● Bypass Geographical Restrictions: Allows access to content that may be
restricted or blocked in certain regions.
● Secure Remote Access: Enables users to securely connect to a
company's internal network from remote locations.
 Types of VPNs
01) Remote Access VPN: Allows individual users to connect to a remote
network (e.g., company’s internal network) over the internet. It is commonly
used by employees working from home or traveling.

02) Site-to-Site VPN: Connects two or more networks (e.g., branch offices)
securely over the internet. It is often used to connect the network of a
company’s headquarters to remote offices.

03) Client-to-Site VPN: This is a type of remote access VPN where a user’s
device (the client) connects to a corporate network through a secure
connection, often using specialized software or VPN client apps.

04) MPLS VPN (Multiprotocol Label Switching): Used by larger organizations

to create private networks that are more secure and faster than standard VPNs
by utilizing labels to direct data traffic efficiently across a private network.
 08 WHAT DO WE DO? WE'VE BEEN HACKED
Hacking refers to the unauthorized access, manipulation, or exploitation of
computer systems, networks, or devices. It involves bypassing security
mechanisms to gain access to information or systems, often for malicious
purposes, such as stealing data, damaging systems, or disrupting operations.

Hackers are individuals who attempt to break into or exploit computer

systems and networks. They can be classified into:

Black Hat Hackers: Malicious hackers who break the law to steal, damage, or
manipulate data for personal gain or to cause harm.

White Hat Hackers: Ethical hackers who use their skills to help organizations
secure their systems by identifying vulnerabilities before malicious hackers
can exploit them.
Gray Hat Hackers: Hackers who operate in a morally ambiguous area, often
testing systems without permission but without malicious intent, sometimes
reporting vulnerabilities they find.

Script kiddies: A non-skilled person who gains access to computer systems

using already made tools.

Hacktivist: A hacker who use hacking to send social, religious, and political,
etc. messages.

Phreaker: A hacker who identifies and exploits weaknesses in telephones

instead of computers.
 What is Ethical Hacking?
Ethical Hacking refers to the practice of intentionally probing and testing
computer systems, networks, or applications to identify security
vulnerabilities and weaknesses, with the goal of fixing them before malicious
hackers (black hats) can exploit them. Ethical hackers, also known as white hat
hackers, work with the permission of the system owner and use their skills to
enhance security.

They perform activities like:

● Scanning systems for weaknesses.

● Attempting to exploit vulnerabilities in a controlled manner.
● Reporting security issues to the organization.
● Suggesting and implementing corrective measures.

Ethical hacking follows legal and ethical guidelines, ensuring the activities do
not cause harm to the system.
Why Ethical Hacking?
● Identify Vulnerabilities: Helps organizations find and fix security
weaknesses before they can be exploited by attackers.
● Prevent Data Breaches: Ethical hackers help protect sensitive data from
being stolen or compromised.
● Improve System Security: Ethical hacking strengthens systems, networks,
and applications by patching vulnerabilities and ensuring stronger
defenses.
● Compliance: Some industries require regular security testing to comply
with regulations and standards like GDPR, HIPAA, or PCI-DSS.
● Proactive Defense: Ethical hacking allows organizations to stay ahead of
cyber threats, rather than reacting to security incidents after they
happen.
● Build Trust: Organizations that employ ethical hacking demonstrate their
commitment to security, building trust with customers and partners.
09 CYBERCRIME

Cybercrime refers to criminal activities that involve computers, networks,

or digital devices, typically aimed at stealing data, damaging systems, or
disrupting operations. It encompasses a wide range of illegal actions
conducted in cyberspace, from hacking and identity theft to online fraud
and the distribution of malicious software.

Impact:

● Financial loss
● Damage to reputation
● Legal consequences
● Breach of privacy and data security
Types of Cybercrime:

● Hacking: Unauthorized access to computers or networks.

● Phishing: Fraudulent attempts to steal sensitive information through
deceptive emails or websites.
● Malware: The use of malicious software (viruses, worms, trojans) to
damage or exploit systems.
● Ransomware: Locking a victim's data and demanding payment to
restore access.
● Identity Theft: Stealing personal information to commit fraud or other
crimes.
● Online Fraud: Scams such as credit card fraud, auction fraud, or online
banking fraud.
Thank You !!