Cyber Security

Data : Data is a information that has been translated into a from that is efficient for
movement or processing.
MODULES
 INTRODUCTION TO CYBER SECURITY
 CYBER CRIME AND CYBER LAW
 SOCIAL MEDIA OVERVIEW AND SECURITY
How it works ? Is this msg is secure ?
No, Because The problem is hacker will misuse our data / damage it.
Therefore Security purpose, we use cyber Security.
Computer : A computer is a electronic device capable of performing various tasks.
Components : Hardware and Software
It is relating to internet, networks, Information, technology, data, Applications and
computer The protection of computer Systems and information from harm, theft,
and unauthorized use.
Cyber Security
Cyber Security is the application of technologies, processes, and controls to protect
systems, networks, programs, devices and data from cyber
Types of Cyber Security
1.Network Security :
Network security is the practice of security a computer network from
intruders, whether targeted attackers or opportunistic malware.
a) Access Control
Network security involves implementing access control mechanisms to
regulate who has access to Specific resources, systems, and data.
b) Firewalls
Firewalls are security devices or software that filter incoming and
outgoing network traffic. They Block unauthorized access while permitting
legitimate communication.Firewalls can be configured to block certain ports,
protocols.
c) Intrusion Detection and Prevention Systems (IDS/IPS)
IDS monitors network traffic for suspicious activity and alerts administration
when potential threats
are detected.IPS goes a step further by automatically taking action to prevent
or mitigate threats.
d) Virtual Private Networks(VPNs)
VPNs enable secure communication over untrusted networks, such as the
internet. They encrypt data and create secure tunnels for remote users and branch
offices to connect to the organization's network.
e) Network Segmentation
Dividing a network into smaller, isolated segments to contain potential threat
and limit lateral movement in case of a breach. Segmentation can enhance security
by separating critical systems from less sensitive ones.
f) Security Policies
Establishing and enforcing network security policies and procedures that guide
users
and administrators in maintaining a secure environment..
g) Network Monitoring
Continuously monitoring network traffic and systems for anomalies, securit
incidents, and performance
issues.
h) Patch Management
Keeping network devices, software, and systems up to date with the lates security
patches to address
known vulnerabilities.
i) Encryption
The use of encryption protocols to protect data in transit, such as SSL/TLS for
secure web communication,
and to safeguard sensitive data stored on network devices.
j) Wireless Network Security
Securing wireless networks with encryption, strong authentication, and
monitoring to prevent unauthorized
access.
2. Application security
Application security focuses on keeping software and devices free of threats.
A compromised

a) Secure Development Practices;

Writing secure code: Developers should follow secure coding practices, which
include input validation, proper error handling, and avoiding common coding
vulnerabilities like SQL injection and cross-site scripting (XSS).
Code reviews: Peer code reviews and static code analysis tools can help identify
security issues during the development phase.
b) Authentication and Authorization;
Implementing robust authentication mechanisms, such as multi-factor
authentication (MFA), to verify user identities.
Enforcing proper authorization to ensure that users can access only the data and
features they are entitled to.
c) Data Encryption;
Encrypting data both at rest (stored data) and in transit (data being transmitted
over networks) to protect sensitive information.
d) Input Validation and Sanitization;
Validating and sanitizing user inputs to prevent common vulnerabilities like
SQL injection, cross-site
 scripting, and command injection.
e) Security Patching and Updates;

Regularly updating application components, libraries, and dependencies to

address known vulnerabilities
f) Session Management
Managing user sessions securely, which includes creating secure session tokens
and managing session
data.
g) Web Application Firewalls (WAFs)
Implementing WAFs to filter and monitor incoming web traffic and protect web
applications from common
attacks.
h) Security Testing;
Conducting various security tests, including vulnerability assessments and
penetration testing, to identify and address application vulnerabilities.
i) API Security
Ensuring the security of application programming interfaces (APIs) by using
authentication, access
controls, and encryption to protect data and communication between
applications.
3.Information Security
Information security protects the integrity and privacy of data, both in storage and
in transit.
Confidentiality
Ensuring that sensitive data is accessible only to authorized individuals or
systems. Measures include access controls, encryption, and secure storage.
b) Integrity
Maintaining the accuracy and trustworthiness of data. This involves protecting data
from unauthorized alterations, whether intentional or accidental.
c) Availability
Ensuring that data and systems are available and accessible when needed. This
includes measures to
prevent downtime, such as redundancy and disaster recovery plans.
d) Authentication
Verifying the identity of users and systems to ensure that they have the
appropriate access rights.
Authentication methods include passwords, biometrics, and multi-factor
authentication (MFA).
e) Authorization.
Granting or restricting access to data and resources based on the authenticated
user's role or privileges.
f) Data Encryption.
Protecting data by converting it into a secure format that can only be deciphered by
authorized parties. Encryption is used for data at rest and data in transit.
04.Operational security.
Operational security includes the processes and decisions for handling and
protecting data assets.
Identification of Critical Information.
Determine what information, activities, and assets are vital to the organization and
require protection. This may include proprietary data, trade secrets, customer
information, and strategic plans.
b) Threat Analysis.
Identify potential threats, both internal (e.g., employees) and external (e.g.,
hackers, competitors), that could compromise the organization's security.
c) Risk Assessment.
 Evaluate the potential impact and likelihood of various threats on critical assets.
This helps prioritize
security measures and resources.
e) Security Culture;
Promote a security-conscious culture within the organization, where employees
understand the importance of operational security and follow security protocols.
f) Need-to-Know Principle.
Limit the dissemination of sensitive information on a "need-to-know" basis,
ensuring that individuals only have access to information necessary for their roles.

ISSUES OF CYBER SECURITY

Cybersecurity encompasses a wide array of issues and challenges due to the
complex and dynamic nature of the digital landscape. Here are some key issues in
cybersecurity.
01) Cyber Threats and Attacks
Constantly evolving cyber threats include malware, ransomware, phishing, social
engineering, denial-of-service (DoS) attacks, advanced persistent threats (APTs),
zero- day exploits, and more. Attackers continuously refine their tactics and tools,
making it challenging to stay ahead.
02) Data Breaches
Data breaches expose sensitive information, such as personal records, financial
data, and intellectual property. Breached data can be misused for identity theft,
fraud, or sold on the dark web.

03) Identity Theft and Fraud.

Stolen personal information is used for identity theft, leading to financial losses
and reputational damage. Cybercriminals may open accounts, make purchases, or
conduct other fraudulent activities in the victim's name.
04) Insider Threats.
Malicious or negligent actions by employees, contractors, or partners pose a
significant risk. Insiders can deliberately or accidentally compromise security, leak
sensitive information, or engage in fraud.
05) IoT and OT Vulnerabilities.
The proliferation of Internet of Things (IoT) and operational technology (OT)
devices introduces new
vulnerabilities, as many lack security features. Compromised IoT and OT
devices can be leveraged for
attacks or disrupt critical infrastructure.
06) Supply Chain Risks.
Supply chains involve multiple interconnected entities, making them susceptible
to cyber attacks. Malicious
actors may compromise software or hardware during production or distribution,
introducing vulnerabilities or
backdoors.
07) Lack of Security by Design.
Inadequate consideration of security during the design and development phases of
systems and applications results in vulnerabilities that may be challenging and
costly to address later.
08) Human Error and Lack of Awareness.
Employees and individuals often inadvertently contribute to security breaches
through actions like clicking on phishing emails or using weak passwords.
Insufficient awareness and training exacerbate this issue.
CHALLENGES OF CYBER SECURITY
Cybersecurity faces numerous challenges, reflecting the evolving nature of cyber
threats, technological advancements, and the increasingly interconnected digital
landscape.
Here are some of the major challenges in cybersecurity:
1) Sophisticated Cyber Threats.
Cyber attackers are continually improving their tactics, techniques, and procedures.
Advanced persistent threats (APTs), ransomware, zero-day vulnerabilities, and
polymorphic malware present significant challenges for cybersecurity
professionals.

2) Evolving Attack Vectors.

Attackers exploit various attack vectors, including phishing, social engineering,
supply chain attacks, IoT
vulnerabilities, and insider threats. New attack vectors continually emerge,
making it difficult to predict and
prevent all possible attack scenarios.
3) Data Breaches and Privacy Concerns.
High-profile data breaches compromise sensitive personal and financial
information, resulting in financial losses, identity theft, and reputational damage.
Privacy regulations add complexity to compliance and require robust data
protection measures.
04) Shortage of Skilled Cybersecurity Professionals.
The demand for skilled cybersecurity professionals exceeds the available talent. A
lack of skilled experts in areas like threat hunting, incident response, and security
analysis poses a significant challenge for organizations seeking to enhance their
security posture.
05) Legacy Systems and Infrastructure.
Many organizations still rely on outdated legacy systems and infrastructure that
may have inherent security vulnerabilities. Updating or replacing these systems is
often costly, time-consuming, and complex.
06) Insider Threats and Human Error.
Insiders with malicious intent or accidental actions by employees pose
significant risks. Insider threats can
be difficult to detect and prevent, making employee education, monitoring, and
privileged access
 management crucial.
07) Compliance and Regulatory Changes.
Keeping up with evolving cybersecurity regulations and compliance
requirements is a challenge. Meeting
various legal obligations across jurisdictions and industries demands dedicated
resources and
comprehensive understanding of relevant laws and standards.
08) Integration of IoT and OT Security.
The proliferation of Internet of Things (IoT) devices and operational technology
(OT) in critical infrastructure introduces new security challenges. Securing these
devices and integrating them into existing security frameworks is complex due to
diverse architectures and protocols.

09) Nation-State Actors and Cyber Warfare.

State-sponsored cyberattacks and cyber warfare pose significant threats to
governments, critical infrastructure, and private sector organizations. The
motivations include espionage, sabotage, and disruption of essential services.
10) Cybersecurity for Small and Medium-sized Enterprises (SMEs).
SMEs often lack the resources and expertise needed to implement robust
cybersecurity measures. Attackers may target them as easier entry points into larger
supply chains.
Web technology
Web technology refers to the broad range of tools, languages, protocols, and
practices used in the development and operation of websites and web applications
It encompasses the technologies and methods that enable the functioning of the
World Wide Web.
Web technology includes various components and concepts, such as:
01.Web Development Languages and Technologies.
a) HTML (Hypertext Markup Language): The standard markup language used
to structure and format
 content on web pages.
b) CSS (Cascading Style Sheets);
A stylesheet language used for defining the presentation and layout of web pages,
including fonts, colors, and positioning.
c) JavaScript:
A Scripting Language that enables interactivity and dynamic behavior on web
pages.
d) Backend Languages:
Such as HTTP, Python, Ruby, java, and Node.js, used for server-side scripting to
process data and manage server operations.
e) Databases:
Systems like MySQL, PostgreSQL, MongoDB, and SQL Server for data storage
and retrieval.
f) Web Frameworks:
Tools and libraries that simplify web development, such as Ruby on Rails, Django,
and Angular.
2. Web Servers and Protocols:

a) HTTP (Hypertext Transfer Protocol): The foundation of date communication

on the web, specifying how messages are formatted and transmitted between the
client (browser) and server.
b) Web Servers: Software or hardware that hosts websites and serves web content
to users, including Apache, Nginx, and Microsoft Internet Information Services
(IIS).

3. Web Design and User Experience (UX)

a) Responsive Design: Designing websites to adapt and function well on various

devices and screen sizes.
b) User Interface (UI) Design: Focusing on the layout, visual elements, and
interaction design to enhance the user experience.
e) User Experience (UX) Design: Concentrating on creating an intuitive and
satisfying experience for website visitors.

4. Content Management Systems (CMS)

Platforms like WordPress, Joomla, and Drupal that facilitate the creation and
management of web content.

5. Web Hosting
Services and providers that store and make websites accessible on the internet

6. Web Security
Techniques and practices for safeguarding websites and web applications from
security threats, vulnerabilities, and attacks.
7. Web Services and APIs (Application Programming Interfaces)
Mechanisms for allowing different software systems to communicate and share
data over the web.

8. Web Standards and Accessibility

Adheres to industry standards (eg. W3C standards) and ensuring content is
accessible to people with disabilities.

CLASSIFICATION OF WEB-TECHNOLOGY

1. World Wide Web (WWW)

The World Wide Web can further be classified into several different technology
They are web browsers, Hyper Text Markup Language (HTML), and Hyper Text
Transfer Protocol (HTTP)

2. Web Browser
This application software helps explore the World Wide Web (WWW). It provide
the user interface between the client and the server. The web browser also require
the server for web documents and services

3. Web Server
It is a program that sets upon the network request of the user and serves the with
the files that help open the web page. The exchange of files takes place with the
help of the Hypertext Transfer Protocol (HTTP).
4. Web Pages
A web page is the digital document's front-end linked to the World Wide Web. can
be viewed by anyone having an internet connected web browser.

5. Web Development
Web development is everything about building and maintaining websites. It
contains web services, including web programming, web publishing, web design,
and database management.

ARCHITECTURE OF CYBERSPACE

Cyberspace architecture can be easily related to a physical parallel. It is like the

museum in real life and a model in cyberspace. But buildings in cyberspace are
constructed from programming language and not bricks and mortar. Social
networking sites such as Facebook, Twitter, and Instagram are examples of
cyberspace where people can connect and communicate with each other, regardless
of their physical location

1. Physical Infrastructure
At the foundational level, the architecture of cyberspace relies on a physical
infrastructure composed of network cables, data centers, and various network
devices. This infrastructure supports the transmission of data across the globe.

2. Internet Backbone
The internet backbone consists of a vast network of high-capacity data
transmission lines and fiber-optic cables. It serves as the core of the internet,
providing the necessary bandwidth for global data transmission.
3. Protocols and Standards
Various protocols and standards govern data transmission and communication on
the internet, including:

a) TCP/IP (Transmission Control Protocol/Internet Protocol): The fundamental

protocol suite responsible for data transmission across the internet.

b) HTTP/HTTPS (Hypertext Transfer Protocol/Secure): Protocols used for

transmitting web content, crucial for websites and web applications.

c) DNS (Domain Name System): A system for translating human-readable

domain names into IP addresses to locate web servers.

d) SMTP/POP/IMAP (Simple Mail Transfer Protocol/Post Office Protocol/

Internet Message Access Protocol): Protocols for email communication.

e) FTP (File Transfer Protocol): A protocol for transferring files over the internet.

COMMUNICATION AND WEB TECHNOLOGY

Communication and web technology are closely intertwined, as web technology

serves as the foundation for various forms of digital communication. Web
technology enables the creation, transmission, and reception of information and
messages over the internet transforming how individuals, businesses, and
organizations communicate. Here's how communication and web technology
intersect:
1.Email:
Emails fundamental form of digital communication that relies on web technology.
Web servers and email clients use protocols like SMTP (Simple Mail d) and IMAP
(Internet Message Access Protocol) to send, receive, and Stage email massages.
Web based email services like Gmail and Outlook operate entirely within a web
technology framework, allowing users to access their emails from anywhere with
an internet connection.

2. Instant Messaging and Chat

Instant messaging applications and chat platforms, such as WhatsApp, Facebook
Messenger, and Slack, are web-based and utilize web technology to enable real-
time communication. These platforms operate through web browsers and dedicated
applications that leverage web protocols

3. VoIP and Video Calls

Voice over Internet Protocol (VoIP) and video conferencing services, such as
Skype, Toom, and Microsoft Teams, rely on web technology for communication.
These services use web-based protocols for audio and video transmission over the
internet.

4. Social Media
Social media networks like Facebook, Twitter, and Instagram are built on web
technology. They allow users to share text, images, videos, and links, and engage
in online conversations through web-based interfaces.

5. Web Conferencing and Webinars

Web conferencing tools like Webex and GoToMeeting, as well as webinar
platforms, enable remote meetings and presentations. These technologies use web
based communication protocols to facilitate collaboration and information sharing.
6. Blogs and Forums
Blogging platforms and online forums enable users to engage in discussions and
share information. These platforms are web based and use web technology to
publish and access content.

7. Social Networking Sites

Platforms like LinkedIn and professional networking sites enable users to connect
with others, share professional information, and communicate with peers and
colleagues using web technology.

8. News and Media

News websites, online publications, and multimedia content providers use web
technology to distribute news articles, videos, and multimedia content to a global
audience.

9. Web Forms and Surveys

Web forms and survey tools facilitate data collection and feedback gathering
through web-based interfaces.

10. Online Collaboration

Collaborative tools, including project management software and document sharing
services, rely on web technology for communication and real-time collaboration
among team members.
DEFINITIONS OF INTERNET

There is no single, generally agreed upon answer to this question, because the
Internet is different for each of us:

1.It is a set of computers talking over fiber optics, phone lines, satellite links, and
other media

2.It is a place where you can talk to your friends and family around the world.

3.It is a place to get cool game demos.

4.It is an ocean or resources waiting to be mined.

5.It is a place to do research for your thesis or a business presentation.

6.It is a place where "crackers" and other shady characters lurk, waiting to wreak
havoc

7.It is unlimited commercial opportunity.

8.It is world-wide support group of any problem needed.

9.It is a gold mine of professionals in all fields sharing information about their
work.

10.It is hundreds of libraries and archives that will open to your fingertips.
11.It is the ultimate time-waster.

12.It is the technology of the future that will help make our lives and those of our
children, brighter.

WHO OWNS AND GOVERNS THE INTERNET

 The internet has no president, chief operating official or owner.

 The constituent networks may have owners and presidents but there's no
single authority figure for the internet as a whole.
 The Internet is a working example of anarchy.
 The closest thing to authority on the internet is the Internet Society (ISOC),
voluntary membership organization whose purpose is to promote global
information exchange through internet technology.
 The ISOC appoints a kind of council of elders, which has responsibility for
the technical management and direction of the internet.
 This council of elders is groups of invited volunteers called the Internet
Architecture Board (IAB).
 The IAB meets to approve "standards and to allocate unique resources such
as IP addresses. The standards, or protocols, are what allow computers of
different manufacture and
 operating systems to communicate with each other. The IAB also keeps
track of the various numbers (and other things) that must be unique, such as
the IP address assigned to each computer on the internet.

WORLD WIDE WEB

The Web or World Wide Web, is basically a system of Internet servers that
support specially formatted documents. The documents are formatted in a
markup language called HTML (Hyper Text Markup Language) that
supports links to other documents, as well as graphics, audio and video files.
Users can jump from one document to another simply by clicking on hot
spots. User never need to know where the information is located or to learn
any obscure commands to access it. A WWW hypertext document is usually
called a web page. Operations on the WWW is based on a client/server
model.

The Language of the Web

There are three main components to this language to communicate in the
Web.
1. Uniform Resource Locators (URLs): URLs provide the hypertext links
between one document and another. These links can access a variety of
protocols (eg. ftp, gopher or http) on different machines or your own
machine.

2. Hypertext Markup Language (HTML): Hypertext Markup Language, в

standardized system for tagging text files to achieve font, colour, graphic
and hyperlink effects on World Wide Web pages

3.Common Gateway Interfaces (CGI): CG1s provide a gateway between

the HTTP server software and the host machine

ADVENT OF INTERNET
The advent of the internet marked a revolutionary turning point in the way
humanity communicates, accesses information, conducts business, and
interacts with the world. The origins of the internet can be traced back to
various developments and milestones:

1. Early Concepts (1960s)

The concept of a global network of computers was envisioned in the early
1960s J.C.R. Licklider, an MIT scientist, conceived the idea of un
"Intergalactic Network" of computers.

2. ARPANET (1969)
The Advanced Research Projects Agency Network (ARPANET) was the first
wide-area packet-switching network, funded by the U.S. Department of
Defense's ARPA. It became operational in 1969 and is considered a
precursor to the modern internet.
3. Email and File Sharing (1970s)
Ray Tomlinson sent the first networked email in 1971, using the "@" symbol
to designate sending messages between users on different machines. File
Transfer Protocol (FTP) was introduced in 1971 for efficient file sharing.

4. TCP/IP Protocol (1970s)

The development of the Transmission Control Protocol (TCP) and Internet
Protocol (IP) by Vinton Cerf and Bob Kahn in the 1970s was a crucial step
toward the unification of various networks into a single global network the
basis of the modern internet. of networks,

5. Ethernet and Local Area Networks (1970s)

Ethernet, developed by Robert Metcalfe, allowed multiple computers to
communicate on a local network This technology laid the foundation for
local artificial networks (LANs) and facilitated the growth of interconnected
networks. system

6. DNS (1983)
The Domain Name System (DNS) was introduced to convert human-
readable domain names into numerical IP addresses, making it easier to
access websites.

7. World Wide Web (1991)

Tim Berners-Lee, while working at CERN, proposed the World Wide Wes
(WWW), introducing HTML, HTTP, and the first web browser. This marked
the birth of the user friendly internet we are familiar with today.

INTERNET INFRASTRUCTURE FOR DATA TRANSFER AND

GOVERNANCE

The internet's infrastructure for data transfer and governance is a complex

system of interconnected components and protocols that enable the
transmission, exchange, and management of data globally. It encompasses
both the physical and area logical elements that facilitate data movement and
the policies, standards, and organizations that govern its usage.
1. PHYSICAL INFRASTRUCTURE

The physical infrastructure of the internet comprises the tangible

components that enable the transmission of data and the functioning of
digital communication. These components include cables, data centers,
network devices, and other hardware that make up the foundation of the
internet. Here are the key elements of the physical infrastructure.

a) Submarine Cables

Fiber-optic cables laid on the ocean floor that connect continents and
regions, We forming the primary backbone of international internet
connectivity.

b) Terrestrial Cables

Fiber-optic or copper cables that traverse land, connecting cities, towns, and
regions. These cables form the backbone of national and regional internet
networks.

c) Data Centers

Facilities that house network servers and other computing equipment. Data
centers are critical for storing, processing, and managing vast amounts of
data and services.

d) Network Servers

High-powered computers within data centers that store and serve data and
applications to users across the internet.

e) Switches and Routers

Network devices that direct data packets to their intended destinations within
a network or across networks. Routers operate at the network layer, making
routing decisions based on IP addresses.
f) Firewalls and Security Appliances

Hardware devices that provide security by monitoring and controlling

incoming and outgoing network traffic, protecting against unauthorized
access and cyber threats

g) Modems and Routers in Homes and Businesses

Devices used to connect end-user devices (computers, smartphones, IoT

devices) to the internet via wired or wireless connections.

b) Satellite Communication Systems

Ground stations and satellites that facilitate internet connectivity in remote

or geographically challenging areas where traditional infrastructure is
impractical.

2. DATA TRANSMISSION PROTOCOLS

Data transmission protocols are a set of rules and conventions that govern
the format, timing, sequencing, and error control during the exchange of data
between devices over a network. These protocols ensure that data can be
sent and received accurately and efficiently. Here are some important data
transmission protocols:

a) Transmission Control Protocol (TCP)

TCP is a connection-oriented protocol that provides reliable, ordered, and

error. checked delivery of data between devices. It establishes a connection,
maintains flow control, and retransmits lost packets.

b) User Datagram Protocol (UDP)

UDP is a connectionless protocol that offers a faster but less reliable way to
send data. It does not establish a connection and does not guarantee delivery,
making it suitable for real-time application
c) Internet Protocol (IP)

IP is a network layer protocol responsible for routing packets across a

network. PV and IPv6 are the most common versions of IP. IPv6 has been
developed to address the limitations of IPv4, primarily the limited number of
unique addresses

d) Hyper Text Transfer Protocol (HTTP)

HTTP is the foundation of data communication on the World Wide Web. It

defines how messages are formatted and transmitted, and how web servers
and browsers should respond to different commands

e) HTTPS (HTTP Secure)

HTTPS is the secure version of HTTP, providing encrypted communication

by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
protocols