Cybersecurity aims to protect systems and data from external cyber-threats.

Information security ensures the overall protection of data, including its

confidentiality, integrity, and availability, across various environments.
Information System
An information system (IS) is a collection of hardware, software, data, and people that work
together to collect, process, store, and disseminate information. An IS can be used for a
variety of purposes, such as supporting business operations, to keep daily record, decision
making, and communication.

Information Security

Information security refers to the protection of information and information systems from
unauthorized access, use, disclosure, disruption, modification, or destruction. It aims to
protect the confidentiality, integrity, and availability of information and information
systems.

 Information systems are vulnerable to a variety of security threats, such as hackers,

viruses, and natural disasters. As such, it is important for organizations to
implement appropriate security measures to protect their information systems.

 There are several different security measures that organizations can implement to
protect their information systems, such as:

 Firewalls: Firewalls are used to restrict access to an organization’s network and to

protect against unauthorized access.

 Intrusion detection systems: These systems are used to detect and alert
organizations to potential security breaches.

 Encryption: Encryption is used to protect sensitive information by converting it into

unreadable code.

 Access controls: Access controls are used to restrict access to information and
information systems to authorized individuals only.

 Security policies: Organizations can implement security policies to ensure that their
employees understand their security responsibilities and adhere to them.
  Security Auditing: Regularly monitoring the system for possible malicious activities
and vulnerabilities.

 By implementing these security measures, organizations can protect their

information systems from unauthorized access and use, and ensure that their
sensitive information is kept confidential and secure.

Information Security is not only about securing information from unauthorized access.
Information Security is basically the practice of preventing unauthorized access and use.

Why We Use Information Security?

We use information security to protect valuable information assets from a wide range of
threats, including theft and cybercrime. Here are some key reasons why information
security is important:

 Protecting sensitive information: Information security helps protect sensitive

information from being accessed, disclosed, or modified by unauthorized
individuals. This includes personal information, financial data, and trade secrets, as
well as confidential government and military information.

 Mitigating risk: By implementing information security measures, organizations can

mitigate the risks associated with cyber threats and other security incidents. This
includes minimizing the risk of data breaches, denial-of-service attacks, and other
malicious activities.

 Compliance with regulations: Many industries and authorities have specific

regulations governing the protection of sensitive information. Information security
measures help ensure compliance with these regulations, reducing the risk of fines
and legal liability.

 Protecting reputation: Security breaches can damage an organization’s reputation

and lead to lost business. Effective information security can help protect an
organization’s reputation by minimizing the risk of security incidents.

 Ensuring business continuity: Information security helps ensure that critical

business functions can continue even in the event of a security incident. This
includes maintaining access to key systems and data, and minimizing the impact of
any disruptions.

Principles/ Security goals/CIA trade of Information Security

Information security is necessary to ensure the confidentiality, integrity, and availability of

information, whether it is stored digitally or in other forms such as paper documents.
Information Security programs are built around 3 objectives, commonly known as CIA –
Confidentiality, Integrity, Availability.

 Confidentiality – The goals of confidentiality is that only the sender and the
predetermined recipient is able to access a message. Confidentiality is equivalent to
privacy and avoids the unauthorized disclosure of information. It involves the
protection of data, providing access for those who are allowed to see it. It prevents
essential information from reaching the wrong people. Data encryption, Access
Control, Authentication, Authorization, and physical security are the tools to ensure
confidentiality.
 Integrity: Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that
information has not be altered in an unauthorized way, and that source of the
information is genuine. Data backup, Check Sums, Data Correcting Codes are the
best tools for integrity.
 Availability: The main goals of information security is availability. It is that resources
must be available to authorized parties at all times, even during failures (with
minimal or no disruption). It is the guarantee of reliable and constant access to our
sensitive data by authorized people. Physical Protection and Computational
Redundancies are the best tools for Availability
Apart from this there is one more principle that governs information security programs.
This is Non repudiation.

Non repudiation: Non-repudiation in cybersecurity refers to the assurance that a party

involved in a transaction or communication cannot deny the authenticity of their signature
or the sending of a message at a later time.

Cyber Threat
Cyber threats are acts performed by individuals with harmful intent, whose goal is to steal
data, cause damage to or disrupt computing systems. Common categories of cyber threats
include malware, social engineering, man in the middle (MitM) attacks, denial of service
(DoS), and injection attacks.

Cyber threats can originate from a variety of sources, from terrorist groups, to individual
hackers, to trusted individuals like employees or contractors, who abuse their privileges to
perform malicious acts. Some common types of cyber threats are explained below.

A. Malware

Malware—short for “malicious software”—is software code that is written intentionally to

harm a computer system or its users.

Almost every modern cyberattack involves some type of malware. Threat actors use
malware attacks to gain unauthorized access and render infected systems inoperable,
destroying data, stealing sensitive information and even wiping files critical to the
operating system.

Common types of malwares include:

Ransomware locks a victim’s data or device and threatens to keep it locked, or leak it
publicly, unless the victim pays a ransom to the attacker. According to the IBM Security X-
Force Threat Intelligence Index 2024, ransomware attacks represented 17 percent of all
cyberattacks in 2022.
A Trojan horse is malicious code that tricks people into downloading it by appearing to be
a useful program or hiding within legitimate software. Examples include remote access
Trojans (RATs), which create a secret backdoor on the victim’s device, or dropper Trojans,
which install additional malware once they gain a foothold on the target system or network.

Spyware is a highly secretive malware that gathers sensitive information, like usernames,
passwords, credit card numbers and other personal data, and transmits it back to the
attacker without the victim knowing.

Worms are self-replicating programs that automatically spread to apps and devices
without human interaction.

B. Social engineering and phishing

It is referred to as “human hacking,” social engineering manipulates targets into taking

actions that expose confidential information, threaten their own or their organization’s
financial well-being or otherwise compromise personal or organizational security.

Phishing is the best-known and most general form of social engineering. Phishing uses
fraudulent emails, email attachments, text messages or phone calls to trick people into
sharing personal data or login credentials, downloading malware, sending money to
cybercriminals or taking other actions that might expose them to cybercrimes.

Common types of phishing include:

 Spear phishing: highly targeted phishing attacks that manipulate a specific

individual, often using details from the victim’s public social media profiles to make
the scam more convincing.
 Whale phishing: spear phishing that targets corporate executives or wealthy
individuals.
 Business email compromise (BEC): scams in which cybercriminals pose as
executives, vendors or trusted business associates to trick victims into wiring money
or sharing sensitive data.

Another common social engineering scam is domain name spoofing (also called DNS
spoofing), in which cybercriminals use a fake website or domain name that impersonates a
real one—for example, ‘‘applesupport.com’’ for support.apple.com—to trick people into
entering sensitive information. Phishing emails often use spoofed sender domain names to
make the email seem more credible and legitimate.
 C. Man-in-the-Middle attack

In a man-in-the-middle (MITM) attack, a cybercriminal eavesdrops on a network

connection to intercept and relay messages between two parties and steal data. Unsecured
wifi networks are often happy hunting grounds for hackers looking to launch MITM attacks.

D. Denial-of-Service attack

A denial-of-service (DoS) attack is a cyberattack that overwhelms (refers to being overload)

a website, application or system with volumes of fraudulent traffic, making it too slow to
use or entirely unavailable to legitimate users. A distributed denial-of-service attack, or
DDoS attack, is similar except it uses a network of internet-connected, malware-infected
devices or bots, which are known as a botnet, to cripple or crash the target system.

E. Zero-day exploits (A weak and out-of-date algorithm had caused a vulnerability,

providing hackers with access to multiple email accounts.)

A zero-day exploit is a type of cyberattack that takes advantage of a zero-day vulnerability.

Zero day” refers to the fact that a software or device vendor has “zero days” or no time to fix
the vulnerabilities because malicious actors can already use them to gain access to
vulnerable systems.

F. Password attack

As the name suggests, these attacks involve cybercriminals trying to guess or steal the
password or login credentials to a user’s account. Many password attacks use social
engineering to trick victims into unknowing sharing this sensitive data. However, hackers
can also use brute force attacks to steal passwords, repeatedly trying different password
combinations until one is successful.

G. Internet of Things attack

In an Internet of Things (IoT) attack, cybercriminals exploit vulnerabilities in IoT devices,

like smart home devices and industrial control systems, to take over the device, steal data
or use the device as a part of a botnet for other malicious ends.

A botnet is a network of infected computers that work together to carry out an attacker's
goals.

H. Injection attacks
In these attacks, hackers inject malicious code into a program or download malware to
execute remote commands, enabling them to read or modify a database or change website
data.

There are several types of injection attacks. Two of the most common include:

 SQL injection attacks: when hackers exploit the SQL syntax to spoof identity; expose,
tamper, destroy or make existing data unavailable; or become the database server
administrator.
 Cross-site scripting (XSS): these types of attacks are similar to SQL injection attacks,
except instead of extracting data from a database, they typically infect users who
visit a website.

Cyber Crime
Cybercrime refers to a wide range of criminal activities that are carried out using
digital devices and/or networks. Most cybercrime is committed by cybercriminals or
hackers who want to make money. However, occasionally cybercrime aims to
damage computers or networks for reasons other than profit. These could be
political or personal.
Cybercrime can be carried out by individuals or organizations. Some cybercriminals
are organized, use advanced techniques and are highly technically skilled.

Types of cybercrime include:

1. Email and internet fraud.

2. Identity fraud (where personal information is stolen and used).
3. Theft of financial or card payment data.
4. Theft and sale of corporate data.
5. Cyberextortion (demanding money to prevent a threatened attack).
6. Ransomware attacks (a type of cyberextortion).
7. Cryptojacking (where hackers mine cryptocurrency using resources they do
not own).
8. Cyberespionage (where hackers access government or company data).
9. Interfering with systems in a way that compromises a network.
10. Infringing copyright.
11. Illegal gambling/betting.
12. Selling illegal items online.
13. Producing, or possessing child pornography.
Types of Cyber Security
Network Security
Network security safeguards communication infrastructure, including devices,
hardware, software, and communication protocols. It protects data integrity,
confidentiality, and availability as information travels over a network and between
network-accessible assets, such as a computer and an application server.

Network security also encompasses a broad collection of technologies, policies,

people, and procedures. These focus primarily on preventing known threats from
infiltrating the communication infrastructure.

For example, firewalls filter incoming and outgoing traffic, acting as a first line of
defense by identifying familiar attack types, suspicious activity, or unauthorized
access attempts based on pre-defined rules. The idea is that firewalls already know
what to expect and have the capability to block these threats before they can cause
harm.

Information Security
Information security, or InfoSec, is the practice of protecting information. It refers to
the tools and processes for preventing, detecting, and remediating threats to
sensitive information, whether digitized or not.

InfoSec is closely related to data security — a subset that specifically protects

digitized data stored in systems and databases or transmitted across networks. Both
disciplines share three primary objectives:

Confidentiality: Ensuring confidential information remains a secret.

Integrity: Protecting information from being altered, manipulated, or deleted.
Availability: Making information readily accessible to those who need it.

Cloud Security
Cloud security refers to the technologies, policies, and procedures that protect data,
applications, and services hosted in private and public cloud environments. It
ensures sensitive information is safe from data breaches and other vulnerabilities,
whether stored in public, private, or hybrid clouds. Cloud security solutions are
often versions of on-premises solutions that are specifically for the cloud. As such,
cloud security can be a seamless extension of an organization's network security.

Endpoint Security
 Endpoint security focuses on protecting the devices that serve as access points to an
organization’s network, such as laptops, desktops, smartphones, and tablets. These
devices, or endpoints, expand the attack surface, providing potential entry points for
cybercriminals to exploit vulnerabilities and infiltrate the broader infrastructure.

To reduce risk, organizations must apply the right security solutions to each
endpoint, ensuring protection is tailored to the specific device and its role in the
network. For example, laptops used by remote workers may require antivirus
software and multi-factor authentication to prevent malware attacks or
unauthorized access.

A related subset of endpoint security is mobile security, which specifically addresses

the vulnerabilities of mobile devices. As employees increasingly use smartphones
and tablets for work, securing these endpoints becomes critical to protecting the
entire network. Security solutions, such as mobile device management, help
organizations manage and secure these devices, preventing them from becoming
weak links in the cybersecurity chain.

Application Security
Application security refers to the technologies, policies, and procedures at the
application level that prevent cybercriminals from exploiting application
vulnerabilities. It involves a combination of mitigation strategies during application
development and after deployment.
For instance, a web application firewall (WAF) monitors and filters traffic between
applications and the outside world, blocking malicious activity like code injections
or cross-site scripting attacks. With robust application security, organizations can
ensure their software remains protected against threats that target the app and the
sensitive data it processes and stores.

Cybersecurity Best Practices and Tips

There are many ways organizations can improve their security posture

1. Use frequent, periodic data backups: Organizations should regularly back up data
to ensure that, if an attack occurs, they can quickly restore systems without
significant loss.
2. Implement multi-factor authentication: MFA adds an extra layer of security by
requiring users to verify their identity through a combination of “who they are” —
username and password — with something they know such as a one-time code. This
reduces the risk of unauthorized access. MFA is one of the most effective defenses
against credential theft.
 3. Provide ongoing cybersecurity training: Ongoing cybersecurity awareness
training helps staff recognize and respond to suspicious activity, minimizing human
vulnerability.
4. Use proper password hygiene: Strong password policies should require long,
complex passwords, changed regularly, rather than short, easily guessed ones.
Organizations must also advocate against reusing passwords across platforms to
prevent lateral movement and data exfiltration.
5. Leverage encryption software: Sensitive data must be protected both at rest and in
transit. Encryption helps safeguard confidential information by obfuscating its
contents and rendering it unreadable to unauthorized parties, even if it’s intercepted
or stolen.
6. Regularly update software: Outdated systems often contain vulnerabilities that
cybercriminals can exploit. Regularly updating applications and patching security
flaws ensures they have the latest protections. An endpoint protection agent can
monitor operating systems and applications and notify the user of needed updates.
7. Limit user privileges: The zero trust model advocates for the principle of least-
privileged access. This means users only have access to the resources necessary for
their roles, thus minimizing the potential damage if their accounts are compromised.
8. Develop an incident response plan: A clear and tested plan is critical during an
active security threat. It should include steps for containment, mitigation,
communication, and recovery, ensuring the organization can quickly address and
respond to an attack.
9. Segment the network: Segmentation is a strategy that divides the larger network
into smaller isolated pieces. This ensures the impact of a breach is limited in scope,
preventing bad actors from moving laterally to harvest more data.
10. Conduct regular security audits: Businesses should periodically review their
cybersecurity measures to identify weaknesses and gaps. Proactively testing
defenses can help uncover vulnerabilities before attackers exploit them, allowing
teams to strengthen the overall security posture.

Security Attack

A security attack is an unauthorized attempt to steal, damage, or expose data from an

information system such as your website. Malicious hackers can go through variety of ways;
such as, Denial of Service attack, Man in the middle attack, Cross Site Scripting, IP Spoofing,
Session Hijacking, etc. In computer networks and systems, security attacks are generally
classified into two groups,
 Active attacks: An Active attack attempts to alter system resources or effect their
operations. Active attack involves some modification of the data stream or creation
of false statement.
 Passive attacks: Passive attacks are used to obtain information from targeted
computer networks and systems without affecting the systems. The goal is to obtain
transmitted information from communicated networks.
Unit 2: Security Technologies

What Is a VPN
A VPN (Virtual Private Network) is a technology that creates a secure, encrypted
connection between your device and the internet. It essentially acts as a private
tunnel for your internet traffic, preventing hackers, ISPs, and even governments
from monitoring your activities. When using a VPN, your IP address is masked, and
your online actions are routed through a remote server, making it harder to track
your online activity.
How Does a VPN Work
A VPN works by creating an encrypted tunnel between your device and a remote
server. Here's the process simplified:
1. Connection Establishment: When you activate a VPN on your device, it connects to
a server operated by the VPN provider.
2. Encryption: The VPN encrypts your data (information, files, web traffic) so that
it’s unreadable to anyone trying to intercept it, whether it's a hacker on the same
Wi-Fi network or an entity trying to monitor your browsing.
3. Traffic Redirection: Your device’s internet traffic is routed through the VPN server,
which can be located in any country. This makes it appear as though you’re browsing
from the server’s location, masking your actual IP address.
4. Decryption: Once your data reaches the VPN server, it is decrypted and sent to the
destination (such as a website, app, or service). Any response from the server is
then sent back to you through the encrypted tunnel.
This end-to-end encryption ensures that your sensitive data stays private and your
location remains anonymous.

Advantages of Using a VPN

1. Privacy Protection: VPNs keep your online activities private and anonymous,
preventing third parties from tracking you.
2. Bypass Geo-Restrictions: VPNs enable you to access content that might be
restricted in your country or region, such as streaming services (Netflix, BBC
iPlayer).
3. Enhanced Security: With end-to-end encryption, VPNs protect your data from
hackers, especially on public Wi-Fi networks.
4. Prevents Data Throttling: VPNs help avoid internet speed throttling imposed by
your Internet Service Provider (ISP), particularly when streaming or gaming.
5. Safer Online Transactions: VPNs help protect sensitive information like bank
details when conducting transactions online.
6. Access Work Resources Remotely: Securely access your work or school network,
even from remote locations.
Disadvantages of Using a VPN
1. Slower Speeds: Using a VPN may slow down your internet speed due to the
encryption process and server routing.
2. Not All VPNs Are Equal: Some VPN services may log your data or provide subpar
protection, so it’s essential to choose a reliable VPN provider.
3. Can Be Blocked: Certain websites or countries may block VPN access, limiting your
ability to connect to certain services.
4. Requires Configuration: Setting up a VPN may require a bit of technical knowledge,
especially if you're doing it manually.
5. Cost: While there are free VPNs available, premium VPNs offer more reliable
services and better security, which can be a recurring expense.
How to Choose the Right VPN for Your Needs?
When selecting a VPN, consider the following factors:
1. Security Features: Look for strong encryption, no-logs policies, and secure
protocols (e.g., OpenVPN, IKEv2).
2. Speed: If streaming or gaming is a priority, choose a VPN with high-speed servers.
3. Location of Servers: More server locations provide better access to geo-blocked
content.
4. Device Compatibility: Ensure the VPN is compatible with your devices (Windows,
Mac, Android, iOS).
5. Customer Support: Choose a VPN with excellent customer support in case you
encounter issues.

Encryption
Encryption is the process of converting a normal message (plain text) into a
meaningless message (ciphertext). Decryption is the process of converting a
meaningless message (ciphertext) into its original form (plaintext). The major
distinction between secret writing and associated secret writing is the conversion of
a message into an unintelligible kind that's undecipherable unless decrypted.
whereas secret writing is the recovery of the first message from the encrypted
 information.

Encryption Decryption

Encryption is the process of While decryption is the process of

converting a normal message into converting meaningless messages
a meaningless message. into their original form,.

While decryption is the process

Encryption is the process that
that takes place at the receiver's
takes place at the sender's end.
end,.

Its major task is to convert the While its main task is to convert
plain text into cipher text. the cipher text into plain text,.

Any message can be encrypted Whereas the encrypted message

with either a secret key or a can be decrypted with either a
public key. secret key or a private key,.

Whereas in the decryption

In the encryption process, the
process, the receiver receives the
sender sends the data to the
information (cipher text) and
receiver after encrypting it.
converts it into plain text.
Encryption Decryption

The only single algorithm used for

The same algorithm with the
encryption and decryption is a
same key is used for the
pair of keys, each used for
encryption-decryption process.
encryption and decryption.

Encryption is used to protect the

confidentiality of data by Decryption is used to reverse the
converting it into an unreadable encryption process and convert
form that can only be read by the ciphertext back into plaintext.
authorized parties.

The output of encryption is a

ciphertext that is unintelligible to The output of decryption is the
anyone who does not have the original plaintext message.
decryption key.

Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) is a security tool that monitors network or system
activities to identify potential threats, unauthorized access, or policy violations. When
such activities are detected, the IDS generates alerts to notify administrator. The
primary function of an IDS is to serve as a passive observer, identifying and reporting
suspicious activities without actively intervening.

To enhance its detection capabilities, an IDS often employs machine learning

algorithms to build predictive models, known as classifiers. These models are trained to
distinguish between 'bad connections' (intrusions or attacks) and 'good’ (normal)
connections.'
1. Network-Based Intrusion Detection System (NIDS):

o Function: Monitors all network traffic across multiple devices.

o Deployment: Installed at strategic points within the network, such as

behind firewalls.

o Purpose: Detects malicious activity attempting to breach the network.

2. Host-Based Intrusion Detection System (HIDS):

o Function: Monitors activity on individual devices like laptops, servers, or

routers.

o Deployment: Installed directly on the host device.

o Purpose: Tracks changes to operating system files and logs, alerting to

unexpected changes like file edits or unauthorized configurations.

3. Protocol-Based Intrusion Detection System (PIDS):

o Function: Monitors communication protocols between servers and

devices.

o Deployment: Typically installed on web servers.

o Purpose: Ensures that network protocols, like HTTPS and FTP, function
correctly and flags suspicious behavior.

4. Application Protocol-Based Intrusion Detection System (APIDS):

o Function: Operates at the application level, monitoring application

interactions to detect protocol-specific threats.

o Deployment: Often placed between web servers and SQL databases.

 o Purpose: Detects attacks, such as SQL injection, and malicious queries
targeting application vulnerabilities.

5. Hybrid Intrusion Detection System:

o Function: Combines features of both NIDS and HIDS.

o Deployment: Integrates network-level monitoring with host-level

monitoring.

o Purpose: Provides comprehensive threat detection and analysis by

correlating data from multiple sources.
Working of Intrusion Detection System(IDS)

 An IDS (Intrusion Detection System) monitors the traffic on a computer network

to detect any suspicious activity.

 It analyzes the data flowing through the network to look for patterns and signs of
abnormal behavior.

 The IDS compares the network activity to a set of predefined rules and patterns
to identify any activity that might indicate an attack or intrusion.
  If the IDS detects something that matches one of these rules or patterns, it sends
an alert to the system administrator.

 The system administrator can then investigate the alert and take action to
prevent any damage or further intrusion.

Intrusion Prevention System (IPS)

Intrusion Prevention System is also known as Intrusion Detection and Prevention

System. It is a network security application that monitors network or system activities
for malicious activity. Major functions of intrusion prevention systems are to identify
malicious activity, collect information about this activity, report it and attempt to block
or stop it.

Working of IPS

An IPS works by analyzing network traffic in real-time and comparing it against known
attack patterns and signatures. When the system detects suspicious traffic, it blocks it
from entering the network.

Types of IPS

There are two main types of IPS:

1. Network-Based IPS: A Network-Based IPS is installed at the network perimeter

and monitors all traffic that enters and exits the network.

2. Host-Based IPS: A Host-Based IPS is installed on individual hosts and monitors

the traffic that goes in and out of that host.
Anti-malware
Antimalware is a software program created to protect IT systems and individual
computers from malicious software, or malware. Anti Malware is the software designed
 for scanning, detecting, blocking and preventing malicious programs from accessing our
system.

Malicious programs are called malware. Malicious programs are harmful because of
various software they include such as virus, trojan, worms, spyware etc. They can break
security, steal data or disrupt the operation of the system.

Antimalware software has a database of malicious signatures. They compare the files
and programs with those signatures. When a potential threat is identified, antimalware
software may quarantine the infected file, preventing it from causing harm. Users can
then choose to remove or further investigate the quarantined item. Example of anti-
malware software are:

 Malwarebytes Anti-Malware: Provides robust scanning and removal of various

types of malwares.
 Super AntiSpyware: Focuses on detecting and removing spyware, adware, and
other malicious threats.
 Spybot Search & Destroy: Offers tools for detecting and removing spyware and
adware.
 AdwCleaner: Specializes in removing adware and potentially unwanted
programs.

Anti Malware Vs Anti-Virus

Antimalware Antivirus

Primarily focused on viruses and

Broad protection against various types of malwares.
specific threats

Mainly viruses and some forms of

Viruses, spyware, adware, ransomware, etc.
malicious code

Primarily signature-based
Emphasizes behavior-based detection and blocking
detection

Offers real-time scanning for

Provides real-time protection against threats
known malware
Antimalware Antivirus

Uses heuristics(analysis code structure, function and pattern Scans files based on predefined
of file) and other methods virus signatures

Relies heavily on regular signature

Requires frequent updates for new threat profiles
updates

Security Software

Security software is designed to protect and secure servers, laptops, mobile devices, and
networks from unauthorized access, intrusions, viruses, and other threats. Security
software can help defend data, users, systems, and companies from a wide range of
risks.

Security software can improve both business and information security. Operating
without security software or using outdated solutions, leaves organizations and users
exposed to a wide range of threats, including malicious hackers, spyware, viruses, and
malware.

Advanced malware protection software

Traditional software programs that scan for, detect, and remove software viruses and
malicious software like worms and Trojans have become ineffective. Advanced malware
protection software has become the new standard.

Application security software

Modern businesses rely heavily on a wide range of applications for communication,

collaboration, data analytics, and more. They need to monitor which applications are
running in their environment, what those applications are doing, and most importantly
who is accessing them.

Firewall software
Firewall software can prevent unauthorized access to or from private networks.
Firewalls can also be hardware, and firewall software and hardware are often used
together.

Endpoint security software

This type of software helps to protect the data and workflows related to the various
devices such as laptops, smartphones, and tablets that connect to a corporate network.

Network security software

Network security software helps businesses detect and stop unauthorized network
access due to phishing, spyware, and more. It can also help to protect data in transit and
at rest.

Browser Security

Browser Security refers to the measures and technologies implemented to protect web
browsers from security threats such as malware, phishing attacks, and data breaches.

A web browser can store information for your convenience, but others may eventually
access the information. Therefore, it provides a large surface area for exposure to email
accounts, usernames, all sorts of passwords, and personal or corporate information.
Attackers often target the web browser to hijack or sniff the web traffic from it. They
may also use it as a means to access the device itself or any files available on it.

There are several ways that hackers can attack web browsers, including the following:

 Malicious websites: Hackers can create malicious websites designed to exploit

vulnerabilities in web browsers or trick users into revealing sensitive
information. For example, a hacker might create a website that looks like a
legitimate login page but is actually designed to capture the user’s login
credentials.

 Malicious ads: Hackers can also use malicious ads, also known as “malvertising,”
to attack web browsers. These ads can contain malware or redirect users to
malicious websites.

 Malicious extensions: Hackers can create malicious extensions or plugins for

web browsers and distribute them through third-party websites or trick users
into installing them. These extensions can contain malware or perform other
malicious actions.
  Exploits: Hackers can also exploit vulnerabilities in web browsers or the
software they are running on to gain access to a user’s device or steal sensitive
information.

To protect against these types of attacks, it is important to keep your web browser and
any extensions or plugins that you have installed up to date, use caution when clicking
on links, and use an antivirus program to scan your device for malware. Using a
reputable web browser and enabling security features such as two-factor authentication
and secure browsing (HTTPS) is also a good idea.

Firewall
Firewalls are the first line of defense for your network security. A firewall is a type of
cybersecurity tool used to monitor and filter incoming and outgoing network traffic –
from external sources, internal sources, and even specific applications. The primary goal
of a firewall is to block malicious traffic requests and data packets while letting through
legitimate traffic.

There are many types of firewall deployment architectures, including network-based

(software), host-based (hardware), and cloud-based. Every firewall operates based on
predetermined rules to determine which outside networks and applications can be
trusted. As such, firewalls are a key component of any network security architecture.

Types of Firewalls
Packet Filters

It is a technique used to control network access by monitoring outgoing and incoming

packets and allowing them to pass or halt based on the source and destination Internet
Protocol (IP) addresses, protocols, and ports. This firewall is also known as a static
firewall.
Circuit-level Gateways

A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP)

and Transmission Control Protocol (TCP) connection security and works between an
Open Systems Interconnection (OSI) network model’s transport and application layers
such as the session layer. Circuit-level gateways work by verifying the transmission
control protocol (TCP) handshake. This TCP handshake check is designed to ensure the
requested packet session is legitimate.

Stateful Inspection Firewalls

It is also a type of packet filtering that is used to control how data packets move through
a firewall. It is also called dynamic packet filtering. Stateful inspection firewalls combine
packet inspection technology and TCP handshake verification. These firewalls can
inspect that if the packet belongs to a particular session or not. It only permits
communication if and only if, the session is perfectly established between two
endpoints else it will block the communication.

Application Layer/Proxy Firewalls

These firewalls can examine application layer (of OSI model) information like
an HTTP request. If it finds some suspicious application that can be responsible for
harming our network or that is not safe for our network then it gets blocked right away.
Proxy firewalls may also perform deep-layer packet inspections, checking the actual
contents of the information packet to verify that it does not contain malware.

Next-generation Firewalls

These firewalls are called intelligent firewalls. Next-generation firewall architectures

typically include the same core features as other firewalls such as deep-packet
inspection, TCP handshake checks, and surface-level packet inspection. They can also
consist of other technologies, such as intrusion prevention systems (IPSs), cloud-
delivered threat intelligence and malware attacks against your network.

Firewall deployment methods

Software Firewall

The software firewall is a type of computer software that runs on our computers. It
protects our system from any external attacks such as unauthorized access, malicious
attacks, etc. by notifying us about the danger that can occur if we open a particular mail
or if we try to open a website that is not secure.

Hardware Firewall

A hardware firewall is a device that is installed to enforce a network boundary. All

network links crossing this boundary pass-through this firewall, which enables it to
perform an inspection of both inbound and outbound network traffic and enforce access
controls and other security policies.

Cloud Firewall

Cloud firewall (also called firewall-as-a-service or FaaS) refers to a firewall delivery

architecture that uses a cloud solution. These are software-based, cloud-deployed
network devices. This cloud-based firewall protects a private network from any
unwanted access. Unlike traditional firewalls, a cloud firewall filters data at the cloud
level.
Unit 3
Cryptography

Cryptography is the process of hiding or coding information so that only the person a
message was intended for can read it. The art of cryptography has been used to code
messages for thousands of years and continues to be used in bank cards, computer
passwords, and ecommerce. Modern cryptography techniques include algorithms and
ciphers that enable the encryption and decryption of information, such as 128-bit and
256-bit encryption keys. Modern ciphers, such as the Advanced Encryption Standard
(AES), are considered virtually unbreakable.

Types of Cryptography

1. Symmetric Key Cryptography

Symmetric Key Cryptography is an encryption system where the sender and receiver of
a message use a single common key to encrypt and decrypt messages. Symmetric Key
cryptography is faster and simpler but the problem is that the sender and receiver have
to somehow exchange keys securely. The most popular symmetric key cryptography
systems are Data Encryption Systems (DES) and Advanced Encryption Systems (AES).

2. Asymmetric Key Cryptography

In Asymmetric Key Cryptography, a pair of keys is used to encrypt and decrypt

information. A sender's public key is used for encryption and a receiver's private key is
used for decryption. Public keys and Private keys are different. Even if the public key is
known by everyone the intended receiver can only decode it because he holds his
private key. The most popular asymmetric key cryptography algorithm is the RSA
algorithm.
 3. Hash Functions

There is no key required in hash function cryptography as it uses mathematical

equations to generate a hash message for nay arbitrary length of message, and the
output will be of fixed length. Some of the famous hash functions are:

 SHA-256

 MD5

 MD6

Classical Encryption/Decryption Techniques

There are two basic building blocks of all encryption techniques: substitution and
transposition.

Substitution Cipher Technique:

In Substitution Cipher Technique plain text characters are replaced with other
characters, numbers and symbols. In substitution Cipher Technique, character’s identity
is changed while its position remains unchanged.

Types
 Caesar Cipher
 The Caesar cipher involves replacing each letter of the alphabet with the letter
standing 3 places further down the alphabet.
For example:
Plain text: PAY MORE MONEY
Cipher text: SDB PRUH PRQHB
 Playfair Cipher
The best-known multiple letter encryption cipher is the Playfair, which treats
diagrams in the plaintext as single units and translates these units into cipher
text diagrams. The Playfair algorithm is based on the use of 5x5 matrix of letters
constructed using a keyword.
It was used for tactical purposes by British forces in the Second Boer War and in
World War I and for the same purpose by the Australians during World War II.

Encryption Technique
The algorithm consists of 2 steps:
1. Generate the key Square (5x5):

 The key square is a 5×5 grid of alphabets that acts as the key for
encrypting the plaintext. Each of the 25 alphabets must be unique and
one letter of the alphabet (usually J) is omitted from the table (as the table
can hold only 25 alphabets). If the plaintext contains J, then it is replaced
by I.
 The initial alphabets in the key square are the unique alphabets.
2. Algorithm to encrypt the plain text: The plaintext is split into pairs of two letters
(digraphs). If there is an odd number of letters, Z is added to the last letter.
If same letter appear in pair, separate same letter by adding Z.
Example
Plain Text: "hello"
After Split: 'he' 'lz' 'lo'
Explanation: Here 'z' is the bogus letter.

Encryption Rules
There are mainly three criteria for encrypting letters within the same pair.
 If the two letters in the pair are in the same row, we replace them with the letter
to their right.
For example:
Plain Text: "st"
Encrypted Text: tl
Encryption: s -> t t -> l
 If both letters in the pair are found in the same column, we will replace each
letter with the letter below it.

For example:
Plain Text: "me"
Encrypted Text: cl
Encryption: m -> c e -> l

 If the letters are in different rows and columns, we form a rectangle with them
and change each letter with the letter in the opposite corner.
For example:
Plain Text: "nt"
Encrypted Text: rq
Encryption: n -> r t -> q
 Let's take an easy example to understand this technique. The plaintext "JUMP" will be
turned into "MXPS" using Caesar Cipher.

One time pad (Vernam) Cipher

In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked
easily. In this technique, a plaintext is paired with a random secret key (also referred to as a
one-time pad). Then, each character of the plaintext is encrypted by combining it with the
corresponding character from the pad using modular addition.

Features of One-time pad

 It is an unbreakable cipher.
 The key is exactly same as the length of message which is encrypted.
 The key is made up of random alphabets.
 As the name suggests, key is used one time only and never used again for any other
message to be encrypted.
 Key and plain text calculated as modulo 10/26/2.

The security of the one-time pad entirely depends on the randomness of the key. If

the characters of the key are truly random, then the characters of the cipher text will

be truly random. Thus, there are no patterns or regularities that a cryptanalyst can

use to attack the cipher text.

Example:

Input: Message = HELLO,

Key = MONEY,

Output: Cipher = TSYPM

Explanation:

Plain text to Ciphertext

Plain text — H E L L O = 7 4 11 11 14

Key — M O N E Y = 12 14 13 4 24

Plain text + key = 19 18 24 15 38

19 18 24 15 12 (38 %26=12)

Cipher Text = T S Y P M

Transposition Cipher Technique:

Transposition cipher is a type of encryption technique where the positions of the letters
in the plaintext message are rearranged to form a cipher text message. In transposition
Cipher Technique, the position of the character is changed but character’s identity is not
changed. This technique does not alter the letters themselves but rather the order in
which they appear.

Types
 Rail Fence Transposition
Rail-Fence is a basic Transposition method in which plaintext is written as a
series of diagonals, which is then read row by row to generate the ciphertext.
Plaintext: Let us meet Today
Let’s write the sentence in diagonal format.

Ciphertext: LTSETOAEUMETDY
Columnar Transposition Cipher

In columnar transposition cipher, the message is written out in row by row of a fixed
length, and then read out again column by column, and the column. The width of
rows and the permutation of the columns are usually defined by a keyword.

For example, the word HACK is of length 4 (so the rows are of length 4), and the
permutation is defined by the alphabetical order of the letters in the keyword. In
this case, the order would be "3 1 2 4". Any spare spaces are filled with nulls or left
blank or placed by a character (Example: _).

Finally, the message is read off, column by column, in the order specified by the
keyword.

Plain Text:- MEET ME TOMORROW

Key : HACK

Length of keyword=4(no. of columns)

Order of Alphabet in HACK=3124

H A C K
3 1 2 4
M E E T
_ M E _
T O M O
R R O W

Cipher Text= EMOREEMOM_TRT_OW

Double Transposition Cipher

Double transposition encryption consists in the consecutive applications of
2 transposition ciphers. Generally, it is 2 columnar transpositions using 2 distinct keys.
The double transposition applies the simple transposition twice as the name suggests.
A transposition cipher is easily recognized because it has the same letter frequencies as the
original plaintext. The transposition cipher can be made significantly more secure by
performing more than one stage of transposition. The result is more complex permutation
that is not easily reconstructed.

Block Cipher and Stream Cipher

Block Cipher and Stream Cipher belongs to the symmetric key cipher. These two

block ciphers and stream cipher are the methods used for converting the plain text

into cipher text. The main difference between a Block cipher and a Stream

cipher is that a block cipher converts the plain text into cipher text by taking plain

text’s block at a time. While stream cipher Converts the plain text into cipher text by

taking 1 byte or bit of plain text at a time.

Block Cipher

A block cipher is a symmetric cryptographic technique which is used to encrypt a

fixed-size data block using a shared, secret key. A block cipher is a cryptographic

algorithm that encrypts fixed-size data blocks, commonly 128 bits. It operates with a

fixed key and encrypts data groups to ensure maximum confidentiality and security.
With the help of the shared secret key, a block cipher encrypts and decrypts its input

one block rather than one bit at a time.

Several encryption standard protocols that utilize block ciphers are:

1. Data Encryption Standard (DES)

Initially, sensitive, private information was protected using a 56-bit symmetric key

algorithm. DES was later discontinued because of its short length and other security

issues, although it is still regarded as a pioneer encryption standard.

2. Advanced Encryption Standard (AES)

It is a popular block cipher which encrypts data in blocks of 128 bits and 256

bit symmetric keys. The block cipher uses substitution and transposition techniques

to produce cipher text by shuffling and replacing input data in a sequence of linked

calculations. .

Stream Cipher

A stream cipher is an encryption technique that works bits by bits or byte by byte to

transform plain text into cipher text that is unreadable to anyone without the proper

key. Stream ciphers are fast because they encrypt data bit by bit or byte by byte, which

makes them efficient for encrypting large amounts of data quickly. Stream ciphers

work well for real-time communication, such as video streaming or online gaming,
because they can encrypt and decrypt data as it’s being transmitted.

 Plain Text and Keystream produces Cipher Text (Same keystream will be used for
 decryption.).
 The Plaintext will undergo XOR operation with keystream bit-by-bit and produces
 the Cipher Text.
 The key typically used with a stream cipher is known as a one-time pad.

Example:

Plain Text : 10011001

Keystream : 11000011

Cipher Text : 01011010

Steganography

A steganography technique involves hiding sensitive information within an ordinary, non

secret file or message, so that it will not be detected. The sensitive information will then be
extracted from the ordinary file or message at its destination, thus avoiding detection.

Steganography is an additional step that can be used in conjunction with encryption in

order to conceal or protect data. Steganography is a means of concealing secret information
within (or even on top of) non secret document or other media to avoid detection. It comes
from the Greek words steganos, which means “covered” or “hidden,” and graph, which
means “to write.” Hence, “hidden writing.”

Different Types of Steganography

 Text Steganography
 Image Steganography: Image steganography is a way of hiding data in an image so
that the image remains almost the same, but secret data can be extracted from it.
 Audio Steganography
 4. Video Steganography
RSA algorithm

RSA is the most common public/asymmetric -key algorithm, named after its inventors
Rivest, Shamir, and Adelman (RSA). Asymmetric actually means that it works on two
different keys i.e. Public Key and Private Key. As the name describes that the Public Key is
given to everyone and the Private Key is kept private.

RSA algorithm

 Select two large prime numbers, p and q.

 Multiply these numbers to find 'n', n = p x q, where n is called the modulus for
encryption and decryption.
 Choose a number 'e' less than n, such that e is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such
that 1< φ (n), e is prime to φ (n), gcd (e, φ (n)), =1
 If n = p x q, then the public key is<e,n> . A plaintext message m is encrypted using
public key. To find cipher text from the plain text following formula is used to get
cipher text C.
C = me mod n Here, m must be less than n. A larger message (>n) is treated as a
concatenation of messages, each of which is encrypted separately.
  To determine the private key, we use the following formula to calculate the d such
that: d*e mod φ (n) = 1 d = (1 + k.φ (n))/e [let k =0, 1, 2, 3………………]
 The private key is <d,n>. A cipher text message c is decrypted using private key. To
calculate plain text m from the cipher text c following formula is used to get plain
text m.
m = cd mod n

Example

# Encrypt plaintext 9 using the RSA public-key encryption algorithm.

Step 1: Select two large prime numbers, p, and q. p = 7 and q = 11

Step 2: Multiply p and q to find n n = p x q, where n is called the modulus for encryption and
decryption. n = 7 x 11 n = 77

Step 3: Choose a number e less that n, such that 'e' is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. φ (n) = (p - 1) x (q-1) φ
(n) = (7 - 1) x (11 - 1) φ (n) = 6 x 10 φ (n) = 60.

Let us now choose relative prime 'e' of 60 as 7. Thus the public key is = (7, 77)

Step 4: A plaintext message m is encrypted using public key . Use C = me mod n to find
cipher text from plain text. C = 97 mod 77 C = 37

Step 5: The private key is . To determine the private key, d*e mod φ (n) = 1 7d mod 60 = 1 d
= 43 The private key is = (43, 77)

Step 6: A cipher text message c is decrypted using private key . To calculate plain text m
from the cipher text c following formula is used. m = cd mod n m = 3743 mod 77

m = 9 Hence, the plain text = 9 and the cipher text = 37