Cybersecurity Notes

Cybersecurity Notes

---

**1. Introduction to Information Security**

**Information Security** refers to the protection of information and information systems

from unauthorized access, use, disclosure, disruption, modification, or destruction.

CIA Triad:
 - **Confidentiality** – Ensuring information is accessible only to those authorized to
access it.
 - **Integrity** – Maintaining the accuracy and completeness of data.
 - **Availability** – Ensuring reliable and timely access to data for authorized users.

Additional Principles:

 - **Authenticity** – Verifying the originality of data and users.

 - **Non-repudiation** – Ensuring that someone cannot deny the validity of their actions
(e.g., sending/receiving data).

---

**2. Cyber Attacks**

 - **Cyber Attack** – The use of TTP (Tactics, Techniques, Procedures) to exploit

vulnerabilities and achieve malicious objectives.

TTP Components:
 - **Tactics** – The strategy or planning phase (e.g., gaining access).
 - **Techniques** – The method used (e.g., phishing).
 - **Procedures** – The detailed steps of the attack.

**Motive** – The ultimate goal of the attacker (e.g., leaking sensitive information).

**Vulnerability** – A weakness in software, hardware, or human processes that can be

exploited.

---

**3. Vulnerability and Threat Landscape**

Types of Vulnerabilities:
 - **Software** – Outdated tools, bugs.
 - **Hardware** – Unsecured devices.
 - **Network** – Weak or open ports.
 - **Human** – Errors or negligence.

Vulnerability vs Threat vs Risk:

 - **Threat** – A potential cause of an unwanted incident.
 - **Vulnerability** – A flaw that makes the system susceptible.
 - **Risk** – The potential impact of a threat exploiting a vulnerability.

**Analogy:** A burglar (threat) finds an open door (vulnerability) and steals valuables
(risk).

Attack Classification:
 - **By Target:** Network, System, Application.
 - **By Intent:** Insider, Outsider.
 - **By Mechanism:** Malware, Social Engineering, Cryptographic.
Attack Types:
 - **Active** – Modifying or disrupting operations.
 - **Passive** – Eavesdropping or monitoring.

---

**4. Cyber Warfare**

**Cyber Warfare** – Use of digital attacks by a nation to disrupt the activities of other
nations.

**ICT Assets:** Data, Devices, Networks

Types of Warfare:
 - **Defensive Warfare** – Protecting ICT assets.
 - **Offensive Warfare** – Attacking ICT assets.
 - **Psychological Warfare (PsyOps)**
 - **Cyber Warfare**
 - **Electronic Warfare (EW)**
 - **Propaganda Warfare**
 - **Economic Information Warfare**
 - **Disinformation Warfare**
 - **Intelligence Warfare**

---

**5. Hacking and Hackers**

**Hacking** – Unauthorized access to ICT assets.

Types of Hackers:
 - **Script Kiddies** – Unskilled users using pre-written tools.
 - **Hacktivists** – Hack for social/political messages.
 - **State-Sponsored** – Work for government agencies.
 - **Whistleblowers** – Expose truths from within organizations.
 - **Cyber Criminals** – Financially motivated.
 - **Cyber Terrorists** – Aim to destroy systems and infrastructure.
 - **Insider Threats** – Malicious insiders.
 - **Suicide Hackers** – No concern for consequences.
 - **Hacker Teams** – Collaborative hacker groups.
 - **White Hat** – Ethical hackers.
 - **Black Hat** – Malicious hackers.
 - **Grey Hat** – Borderline illegal but not malicious.
 - **Blue Hat** – Identifies vulnerabilities before they are exploited.
 - **Red Hat** – Vigilantes attacking black hats.
 - **Green Hat** – New, learning hackers.
 - **Purple Hat** – Hacks own system for learning.

---

**6. Ethical Hacking**

**Ethical Hacking** – Authorized attempts to gain access to systems to identify and fix
vulnerabilities.

Types:
 - Network, Web App, Wireless Network, Social Engineering

Process:
1. 1. Authorization
2. 2. Scope Definition

3. Follow Framework

4. Reporting

5. Retesting
Framework Steps:
 - Reconnaissance
 - Scanning & Enumeration
 - Vulnerability Scanning
 - Gaining Access
 - Maintaining Access
 - Covering Tracks

Cyber Kill Chain:

Recon → Weaponization → Delivery → Exploitation → Installation → Command & Control →
Actions on Objectives

---

**7. MITRE ATT&CK Framework**

**MITRE ATT&CK** – Knowledge base of adversary behaviors based on real-world

observations.

Structure:
 - Tactics → Techniques → Sub-techniques → Procedures

Types:
 - Enterprise
 - Mobile
 - ICS (Industrial Control Systems)

Lifecycle (similar to Cyber Kill Chain):

 - Recon
 - Resource Development
 - Initial Access
 - Execution
 - Persistence
 - Privilege Escalation
 - Defense Evasion
 - Credential Access
 - Discovery
 - Lateral Movement
 - Collection
 - Command & Control
 - Exfiltration
 - Impact

Use Cases:
 - Threat Intelligence
 - Security Operations
 - Red Teaming & Pentesting
 - Tool Evaluation

---

**8. Information Assurance (IA)**

**Information Assurance** – Measures taken to protect and manage information systems.

Pillars:
 - Confidentiality (encryption)
 - Integrity (hashing)
 - Availability (backups)
 - Authentication (digital signatures)
 - Non-repudiation (metadata, signatures)

---

**9. Defense in Depth (DiD)**

**Defense in Depth** – A multi-layered cybersecurity approach.

Layers:
3. 1. **Perimeter** – Firewalls, IDS, IPS
4. 2. **Network** – Internal network protection

3. **Endpoint** – Server, device security

4. **Application** – Secure code, patching

5. **Data** – Encryption, access control

6. **User Awareness** – Training

7. **Incident Monitoring** – Response systems

**Example:** Military drone intercepted after breaching outer layers.

Steps to Secure Data:

 - PPA – Policies, Awareness, Training
 - Physical Security
 - Perimeter Security (Firewalls, IDS, IPS)
 - Internal Network (Segmentation, Zero Trust)
 - Host Security (Antivirus, Updates)
 - Application Security (Pen-testing, Coding)
 - Data Security (Encryption, Backup)

---

**10. Risk Management**

**Risk** – The probability of damage from threats exploiting vulnerabilities.

Components:
 - **Threat**
 - **Vulnerability**
 - **Impact**
 - **Likelihood**
Formulas:
 - Risk = Threat × Vulnerability × Impact
 - Risk = Likelihood × Impact
 - Risk = Occurrence × Consequences

**Risk Levels:** Likelihood × Severity

Risk Mitigation Methods:

 - **Avoidance** – Stop risky actions
 - **Reduction** – Add security measures
 - **Transfer** – Insurance
 - **Acceptance** – Tolerate low-level risks

Risk Management Process:

5. 1. Identification
6. 2. Assessment

3. Mitigation

4. Monitoring

Roles:
 - VAPT – Identifies risks
 - SOC – Patches risks
 - IR – Handles incidents

---

**11. Cybersecurity Laws and Standards**

 - **PCI-DSS** – Payment Card Industry Data Security Standard

 - **ISO/IEC 27001** – International information security standard
 - **HIPAA** – Health Information Protection (USA)
 - **DMCA** – Digital copyright protection
 - **GDPR** – General Data Protection Regulation (EU)
 - **DPA** – Data Protection Act
 - **IT Act 2000** – Indian cyber law

---

**12. Additional Concepts**

 - **Indicators of Compromise (IOC)** – Signs of a data breach.

 - **Cyber Threat Intelligence** – Graphical representations, types, and actionable data.
 - **Incident Management** – Responding to and managing security breaches.

---