1.

Encryption and Decryption

● Encryption: The process of converting plain text (readable data) into ciphertext (unreadable
data) using an algorithm and a key.
○ Example: Imagine you want to send a secret message to a friend. You use a code (the
encryption key) to scramble the message, making it unreadable to anyone who intercepts
it.
● Decryption: The reverse process of encryption, where ciphertext is converted back into its
original plaintext using the correct decryption key.
○ Example: Your friend receives the scrambled message and uses the same code
(decryption key) to unscramble it and read the original message.

2. Encryption Types
● Symmetric Encryption:
○ Uses a single secret key for both encryption and decryption.
○ Examples: AES (Advanced Encryption Standard), DES (Data Encryption Standard)
● Asymmetric Encryption:
○ Uses a pair of keys: a public key for encryption and a private key for decryption.
○ Examples: RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm)

3. Symmetric vs. Asymmetric Encryption

Feature Symmetric Encryption Asymmetric Encryption

Keys Single shared key Key pair: Public key for

encryption, private key for
decryption

Speed Generally faster Generally slower

Key Distribution Secure key exchange is Easier to distribute public

crucial keys

Use Cases Encryption of large data Digital signatures, secure

volumes, data at rest communication

4. Hashing
● Hashing: A one-way process that converts any input data (of any size) into a fixed-size string
of characters (called a hash or digest).
○ Example: SHA-256 (Secure Hash Algorithm 256) takes any input and produces a unique
 256-bit hash value.
● Algorithm: The specific mathematical function used to perform the hashing. Examples:
SHA-1, SHA-256, MD5

5. IDS vs. IPS

● IDS (Intrusion Detection System): Detects malicious activity on a network or system. It
monitors network traffic and system logs for suspicious patterns.
● IPS (Intrusion Prevention System): Not only detects but also prevents malicious activity. It
can actively block network traffic or take other actions to stop attacks.

6. Use of Web Application Firewall (WAF)

● WAFs protect web applications by filtering and monitoring HTTP traffic between web servers
and the internet.
● Key Uses:
○ Prevent SQL injection attacks
○ Block cross-site scripting (XSS)
○ Detect and mitigate DDoS attacks
○ Protect against other web application vulnerabilities

7. CIA Triad
● Confidentiality: Ensuring that sensitive information remains private and accessible only to
authorized individuals.
● Integrity: Maintaining the accuracy and completeness of information.
● Availability: Ensuring that systems and data are accessible to authorized users when
needed.

8. Cyber Kill Chain Process

A framework that describes the stages of a typical cyberattack:

1. Reconnaissance: Gathering information about the target.
2. Weaponization: Developing and delivering the attack payload (e.g., malware).
3. Delivery: Delivering the weapon to the target (e.g., phishing email, exploit kit).
4. Exploitation: Exploiting vulnerabilities in the target's systems.
5. Installation: Installing malware on the target system.
6. Command and Control: Establishing communication between the attacker and the
compromised system.
7. Actions on Objectives: Achieving the attacker's goals (e.g., data theft, system disruption).

9. Virus, Worm, Trojan

● Virus: Attaches itself to other programs or files and replicates when the host program/file is
executed.
● Worm: Self-replicating malware that spreads across networks without user interaction.
● Trojan: Malicious software disguised as legitimate software. It often performs harmful actions
without the user's knowledge.

10. DDoS vs. DOS Attack & Mitigation

● DoS (Denial of Service): Overwhelms a single target with traffic, making it unavailable to
legitimate users.
● DDoS (Distributed Denial of Service): Uses multiple compromised systems (a botnet) to
launch a DoS attack.

Mitigation:
● Traffic Filtering: Block malicious traffic at the network perimeter.
● Rate Limiting: Limit the number of requests from a single IP address.
● Cloud-Based DDoS Protection: Utilize cloud services that can absorb and mitigate DDoS
attacks.
● DDoS Mitigation Appliances: Specialized hardware devices designed to mitigate DDoS
attacks.

11. SQL Injection

● Attack: Exploits vulnerabilities in web applications that allow attackers to inject malicious
SQL commands into database queries.
● Mitigation:
○ Input Validation: Validate and sanitize all user input.
○ Prepared Statements: Use parameterized queries to prevent SQL injection.
○ Least Privilege: Grant database users only the necessary permissions.
○ WAF: Use a Web Application Firewall to block malicious SQL injection attempts.

12. Securing Your Laptop/Server (System Hardening)

● Strong Passwords: Use strong, unique passwords for all accounts.
● Regular Updates: Keep operating systems, software, and firmware up-to-date with the latest
security patches.
● Antivirus/Antimalware: Install and regularly update antivirus/antimalware software.
● Firewall: Configure and enable firewalls (both software and hardware) to control network
traffic.
● User Account Control (UAC): Enable UAC to prompt for elevation of privileges.
● Disk Encryption: Encrypt the hard drive to protect data if the device is lost or stolen.
● Regular Backups: Regularly back up important data to prevent data loss.
● Least Privilege: Grant users only the necessary permissions.

13. Encryption vs. Hashing

Feature Encryption Hashing

Purpose To protect data To ensure data integrity

 Feature Encryption Hashing

confidentiality and authenticity

Reversibility Reversible (decryption is Irreversible (cannot be

possible) reversed to obtain the
original data)

Key Usage Uses keys (symmetric or No keys are used

asymmetric)

Output Size Output size can vary Output size is fixed

14. Vulnerability, Risk, Threat, Exploit

● Vulnerability: A weakness in a system or its components that can be exploited.
● Threat: A potential cause of an unwanted incident (e.g., malicious actors, natural disasters).
● Risk: The likelihood and potential impact of a threat exploiting a vulnerability.
● Exploit: The specific technique or code used to take advantage of a vulnerability.

15. Defense in Depth

A security strategy that employs multiple layers of security controls to protect systems and data.
This creates a more robust defense by making it harder for attackers to compromise the system.

16. Zero Trust Model

A security model that assumes no one and nothing inside or outside the network perimeter can
be trusted implicitly. It requires strict verification and authorization for every user and device,
regardless of location.

17. Securing a Web Server (No Budget Constraints)

● Dedicated Hardware: Use dedicated, high-performance servers with sufficient resources.
● Load Balancing: Distribute traffic across multiple servers to improve performance and
availability.
● Content Delivery Network (CDN): Cache static content (images, CSS, JavaScript) on
servers closer to users, improving performance and reducing load on the origin server.
● Intrusion Detection/Prevention System (IDS/IPS): Deploy a robust IDS/IPS to monitor and
block malicious traffic.
● Web Application Firewall (WAF): Utilize a high-end WAF with advanced threat detection
and prevention capabilities.
● Regular Security Audits and Penetration Testing: Conduct regular security assessments
to identify and address vulnerabilities.
● Dedicated Security Team: Hire a team of security professionals to manage and maintain
security controls.
18. Securing a Web Server (Budget Constraints)
● Open-Source Software: Utilize open-source alternatives for operating systems, web servers,
and other software.
● Cloud Hosting: Consider cloud-based hosting providers that offer built-in security features
(e.g., firewalls, DDoS protection).
● Basic Security Measures: Implement fundamental security measures like strong passwords,
regular updates, and basic firewall rules.
● Regular Monitoring: Monitor server logs for suspicious activity and proactively address any
issues.
● Free Security Tools: Utilize free security tools for vulnerability scanning, malware detection,
and intrusion detection.

19. MITRE ATT&CK Framework

A knowledge base and adversary tactics, techniques, and procedures (TTPs) that map to the
Cyber Kill Chain. It helps organizations understand and defend against adversary behaviors.

20. Zero-Day Attack

An attack that exploits a previously unknown vulnerability in software or hardware. Since the
vulnerability is unknown, there is no patch or defense available at the time of the attack.

21. Brute Force Attack

An automated attempt to guess passwords by trying all possible combinations of characters.

22. Dictionary Attack

An automated attempt to guess passwords by trying a list of common words, phrases, and
passwords.

**23