Cybersecurity Notes

1. Introduction to Cybersecurity

 Cybersecurity refers to the practice of protecting systems,

networks, and data from digital attacks, theft, and damage.
 It involves measures to defend against unauthorized access,
malware, cyber-attacks, and data breaches.
 The importance of cybersecurity has grown due to the increase in
cyber-attacks, threats, and reliance on digital technologies.

2. Core Concepts of Cybersecurity

 Confidentiality: Ensuring that information is accessible only to

authorized users.
 Integrity: Ensuring that data is not altered or tampered with by
unauthorized parties.
 Availability: Ensuring that systems, data, and services are
available when needed.

3. Types of Cyber Threats

 Malware: Malicious software that damages or disrupts systems.

o Types: Viruses, worms, Trojans, ransomware, spyware,
adware.
 Phishing: Fraudulent attempts to obtain sensitive information by
pretending to be a trustworthy entity.
 Man-in-the-Middle (MitM) Attack: Intercepting and altering
communication between two parties.
Anas Sarfaraz
  Denial of Service (DoS) Attack: Overloading a system with traffic,
making it unavailable to users.
 SQL Injection: Malicious code inserted into a web application's
SQL query to gain unauthorized access to a database.
 Zero-Day Exploit: Attacks targeting vulnerabilities that are
unknown to the software vendor.
 Social Engineering: Manipulating individuals into divulging
confidential information (e.g., pretexting, baiting, tailgating).

4. Cybersecurity Threat Actors

 Hackers: Individuals or groups who exploit vulnerabilities in

systems to gain unauthorized access.
o Black Hat Hackers: Malicious actors with harmful intentions.
o White Hat Hackers: Ethical hackers who help organizations
identify and fix security flaws.
o Gray Hat Hackers: Hackers who may violate laws but don't
have malicious intent.
 Insiders: Employees or individuals within an organization who
intentionally or unintentionally compromise security.
 Nation-State Actors: Government-sponsored entities involved in
cyber-espionage or cyberwarfare.
 Cybercriminals: Individuals or groups who engage in criminal
activities online for financial gain.

Anas Sarfaraz
5. Security Measures & Technologies

 Firewalls: Network security devices that monitor and control

incoming and outgoing network traffic.
o Types: Packet filtering, Stateful inspection, Proxy, and Next-
Generation Firewalls (NGFW).
 Antivirus Software: Programs that detect and remove malware.
 Encryption: The process of converting data into a code to prevent
unauthorized access.
o Types: Symmetric (same key for encryption and decryption)
and Asymmetric (public/private key pair).
 Multi-Factor Authentication (MFA): A security system that
requires two or more forms of verification before granting access.
 Intrusion Detection Systems (IDS): Tools used to detect and
respond to unauthorized network activities.
 Intrusion Prevention Systems (IPS): Tools that detect and
actively block suspicious activities.
 Virtual Private Network (VPN): A secure connection method that
protects data transmission over insecure networks.

6. Common Vulnerabilities and Exploits

 CVE (Common Vulnerabilities and Exposures): A system for

identifying and cataloging publicly known cybersecurity
vulnerabilities.

Anas Sarfaraz
  OWASP Top 10: A list of the most common and critical security
risks for web applications.
1. Injection: SQL injection, command injection.
2. Broken Authentication: Insecure login mechanisms.
3. Sensitive Data Exposure: Insufficient data protection.
4. XML External Entities (XXE): Vulnerabilities in XML
parsers.
5. Broken Access Control: Inadequate restriction of user
actions.
6. Security Misconfiguration: Default settings, open cloud
storage.
7. Cross-Site Scripting (XSS): Injecting malicious scripts into
web pages.
8. Insecure Deserialization: Vulnerabilities related to unsafe
data deserialization.
9. Using Components with Known Vulnerabilities: Unpatched
software and libraries.
10. Insufficient Logging & Monitoring: Lack of proper
system monitoring.

7. Risk Management in Cybersecurity

 Risk Assessment: Identifying, analyzing, and evaluating risks to

the organization's information systems.
 Risk Mitigation: Implementing controls to reduce risk to
acceptable levels (e.g., firewalls, encryption, access control).

Anas Sarfaraz
  Incident Response: A structured approach to identifying,
managing, and mitigating security incidents.
o Incident Response Plan (IRP): A formalized plan for
responding to cyber incidents.
o Stages of Incident Response: Preparation, Identification,
Containment, Eradication, Recovery, and Lessons Learned.
 Business Continuity and Disaster Recovery (BCDR): Ensuring
that critical business functions continue in case of an incident,
and data can be restored.

8. Cybersecurity Frameworks and Standards

 NIST Cybersecurity Framework: A set of guidelines and best

practices for managing cybersecurity risk.
o Core Functions: Identify, Protect, Detect, Respond, Recover.
 ISO/IEC 27001: A standard for establishing, implementing, and
maintaining an information security management system (ISMS).
 CIS Controls: A set of 18 critical security controls designed to help
organizations improve their cybersecurity posture.
 GDPR (General Data Protection Regulation): A regulation in EU
law on data protection and privacy.
 HIPAA (Health Insurance Portability and Accountability Act):
U.S. regulation focused on protecting health information.

Anas Sarfaraz
9. Cloud Security

 Cloud Computing: The delivery of computing services (e.g.,

servers, storage, databases) over the internet.
o Cloud Deployment Models: Public cloud, private cloud,
hybrid cloud.
o Cloud Service Models: IaaS (Infrastructure as a Service),
PaaS (Platform as a Service), SaaS (Software as a Service).
 Cloud Security Challenges:
o Data privacy and sovereignty issues.
o Shared responsibility model (security responsibilities shared
between the cloud provider and the user).
o Securing APIs and access controls.

10. Ethical Hacking and Penetration Testing

 Penetration Testing (Pen Testing): A simulated cyberattack to

identify and exploit vulnerabilities in systems and networks.
o Types of Pen Testing: External, internal, black box, white
box, grey box.
 Ethical Hacking: Conducted by authorized professionals to
discover and fix vulnerabilities before they can be exploited
maliciously.
 Common Pen Test Tools: Kali Linux, Metasploit, Nmap,
Wireshark, Burp Suite, Aircrack-ng.

Anas Sarfaraz
11. Security Policies and Compliance

 Security Policies: Written guidelines that define how an

organization protects its information assets.
 Access Control Policies: Rules defining who can access what
information within an organization.
 Compliance: Ensuring that organizations adhere to legal,
regulatory, and contractual obligations.
o PCI DSS (Payment Card Industry Data Security Standard):
Standards for securing payment card information.
o SOX (Sarbanes-Oxley Act): U.S. law requiring companies to
maintain accurate financial records and ensure data integrity.

12. Advanced Cybersecurity Concepts

 Artificial Intelligence in Cybersecurity: Using AI for threat

detection, anomaly detection, automated incident response, etc.
 Blockchain Security: Using blockchain technology to secure
transactions and prevent fraud.
 Quantum Computing and Cybersecurity: Impact of quantum
computing on encryption algorithms and the development of
quantum-safe cryptography.
 Security Automation and Orchestration: Automating repetitive
tasks to improve efficiency in detecting and responding to
incidents.

Anas Sarfaraz
13. Emerging Threats and Trends

 Ransomware: A type of malware that encrypts data and demands

a ransom for its decryption.
 Deepfakes: AI-generated video and audio content that can be used
for social engineering or disinformation attacks.
 Supply Chain Attacks: Cyberattacks targeting software vendors
and third-party service providers.
 5G Security: Potential risks and security challenges associated
with the deployment of 5G networks.
 IoT Security: Ensuring the security of Internet of Things devices
that may be vulnerable to exploitation.

Anas Sarfaraz