cyber security course
cyber security course
Explanation: Cybersecurity involves protecting systems, networks, and data from unauthorized
access, damage, or theft. The core principles are confidentiality (keeping data secret), integrity
(ensuring data is accurate), and availability (ensuring systems are available when needed).
Types:
Types:
o Trojan Horses: Appear as legitimate software but carry out harmful activities.
Types:
Explanation: An attack that injects malicious scripts into trusted websites. The attacker’s script
runs in the victim’s browser, often leading to data theft.
Types:
o Stored XSS: Malicious code is stored on the web server and executed when other users
visit the page.
o Reflected XSS: The malicious script is reflected off the web server and executed
immediately when the user clicks on a link.
6. SQL Injection
Explanation: An attack where malicious SQL statements are inserted into an entry field (e.g., a
login form) to gain unauthorized access to a database or manipulate it.
Example: Inserting OR 1=1 into a login form can bypass authentication by manipulating the SQL
query.
Explanation: An attack that forces a user to unknowingly execute unwanted actions on a web
application where they are authenticated.
Example: If you’re logged into a bank website, an attacker can trick you into transferring money
to their account without your knowledge.
Explanation: Creating and enforcing strategies to protect systems and data. Policies help
organizations define security measures, response strategies, and acceptable use of resources.
Types:
o Security Policies: Documented rules for user behavior and access control.
o Incident Response Plans: Step-by-step actions to take when a security breach occurs.
Explanation: Network protocols are rules that define how data is transmitted between devices.
Service models refer to how services like networking and storage are provided.
o PaaS (Platform as a Service): Provides platform tools for developers to build applications
(e.g., Google App Engine).
o SaaS (Software as a Service): Provides software applications over the internet (e.g.,
Google Workspace, Dropbox).
Explanation: TLS is a protocol that ensures secure communication over the internet by
encrypting data during transmission.
Types:
o SSL (Secure Sockets Layer): The predecessor of TLS, now largely obsolete due to security
vulnerabilities.
o TLS 1.2 and TLS 1.3: The latest and most secure versions of the protocol.
Explanation: Network layer security involves protecting data during transmission between
devices on a network.
Types:
o VPN (Virtual Private Network): Secures communication over the internet by encrypting
data and hiding the user's IP address.
o Intrusion Detection Systems (IDS): Monitor network traffic for suspicious activity.
Explanation: Protecting wireless networks (like Wi-Fi) from unauthorized access and attacks.
Types:
o WPA2 (Wi-Fi Protected Access 2): The standard for securing Wi-Fi networks.
o WEP (Wired Equivalent Privacy): Older, less secure wireless encryption protocol.
Types:
o Data Encryption: Encrypting data stored in the cloud to prevent unauthorized access.
o Identity and Access Management (IAM): Ensures only authorized users can access cloud
services.
o Multi-Factor Authentication (MFA): An added layer of security requiring more than just
a password for access.
Explanation: Protecting devices that connect to the internet, such as smart home appliances,
wearables, and medical devices.
Types:
o Device Authentication: Ensures that only authorized devices can connect to a network.
o Secure Firmware Updates: Ensures that device software is updated with secure patches.