Cyber Security
Introduction
Embedded Files
Lecture 01: The Introduction
Lecture 01: The Introduction
Definitions:
Definitions:
The term Cyber security consists of two terms:
Cyber: Related to computers, networks, and the internet.
Security: Protection against threats, attacks, and unauthorized access.
History:
History:
Cybersecurity began in the 1960s–70s with early concerns about securing time-sharing systems and ARPANET.
In the 1980s, the first computer viruses like "Elk Cloner" appeared, prompting the creation of antivirus software.
The 1990s saw the rise of the internet, leading to widespread threats such as:
Worm: a small hidden program for penetrating a network to cause slowness
Trojan: a small program that act as a legal one for penetrating a network to cause slowness
Firewalls: a defensive model for the new trends
IDS: Intrusion detection systems were introduced to monitor and detect
In the 2000s, more sophisticated threats emerged, including phishing, botnets, and state-sponsored attacks like Stuxnet.
The 2010s marked a surge in ransomware, data breaches (e.g., Equifax), and Advanced Persistent Threats (APT). In the 2020s, cybersecurity focuses on Zero Trust architectures, cloud and IoT security, AI-powered threats, and global cyber warfare.
Standards like NIST, ISO 27001, and GDPR have played a crucial role in shaping cybersecurity frameworks and policies.
Goals:
Goals:
Cyber security main goals are to secure organization assets(Computers, network, applications.
In order to achieve that, the organization should achieve the following objectives:
Aspect-Oriented Objectives (CIA triangle)
Aspect-Oriented Objectives (CIA triangle)
Confidentiality: Data is secured
As per the authentication
And authorization
How to secure:
Authentication/Authorization
XSS
Injections
MIIM
Encryption
Integrity: Data not altered
No one can access it
No one can modify it
Sample: MIIM(Man in the middle), can inspect the traffic, see the objects and calls, and update before submitting
`How to resolve:
OWASP
Zero trust approach
Availability: Can authorized users access it
DDoS: Hackers can send an unlimited number of requests to consume servers' resources
How to resolve
Rate Limiting
WAF solutions
Performance/regression testing that test the system under highest volume of requests
Layer-Based Cybersecurity Approach
Layer-Based Cybersecurity Approach
Frontend
Communication
Gateway level
API level
Database level
Data-level
Infrastructure level
Security Terms
Security Terms
Asset: A resource of value such as the data in a database or on the file system, or a system resource:
Machine
Database
Files
Vulnerability is a weakness that makes a threat possible, like a weak password, which leads to threats
Threat is any potential occurrence, malicious or otherwise, that could harm an asset. In other words, a threat is any bad thing that can happen to your assets.
Attack is an action that exploits a vulnerability or enacts a threat.
Countermeasure. A safeguard that addresses a threat and mitigates risk
Preventive: Like the zero trust principle
Detective: Like WAF
Corrective: After the occurrence
CSRF: Cross-Site Request Forgery is an attack where a malicious site sends a request to a vulnerable site where the user is currently logged in.
Hijacking: To steal something from the client or the server
Phishing
Fake emails or messages to steal credentials or sensitive info
User training, MFA, email filtering (SPF, DKIM, DMARC)
Malware
Malicious software (viruses, trojans, worms, etc.)
You should have Antivirus, EDR, software updates, restricted access
Ransomware: Encrypts data and demands ransom, you should have Backups, EDR, least privilege, behavior-based detection
Spyware is a type of malicious software that secretly monitors and collects data from a user's device without their knowledge or consent.
Spoofing: Impersonation (IP, email, DNS, etc.), you should have SSL/TLS, SPF/DKIM/DMARC, DNSSEC
Botnet: Network of compromised devices used for attacks, you should have Network monitoring, firewalls, and IoT security controls
Rootkit: Malware that hides in the system/root level, you should have Kernel-level protection, file integrity monitoring
Social Engineering: Manipulating people to leak confidential data, you should have Employee training, verification procedures, and phishing simulations
APT: Advanced Persistent Threat — long-term, stealthy attack, you should use Network segmentation, anomaly detection, threat hunting
Zero Day: Unknown vulnerabilities that developers or users are not aware, so defense is not effective
Cyber Security Certificates
Cyber Security Certificates
Google Cybersecurity
TryHackMe
HackTheBox
OverTheWire
RootMe
CompTIA Security+
CEH (Certified Ethical Hacker)
CISSP
Dr. Ghoniem Lawaty
Tech Evangelist @TechHuB Egypt
Page updated
Google Sites
Report abuse