Cybersecurity 101

CIA Triad

Definition: The foundation of cybersecurity, representing Confidentiality, Integrity, and Availability.

Example: Think of the CIA triad like a bank. Confidentiality is the vault, integrity is the ledger, and availability is the ATM.

Threat

Definition: Anything that can exploit a vulnerability and cause harm to an asset.

Example: A hacker trying to steal your password is a threat.

Ethical Hacking

Definition: When cybersecurity professionals hack systems with permission to find vulnerabilities.

Example: It’s like a locksmith testing your door locks to make sure they’re secure.

Pentesting (Penetration Testing)

Definition: A simulated cyberattack to evaluate the security of a system.

Example: It’s like a fire drill for your computer systems.

Data Breach/Leak

Definition: When sensitive information is accessed without authorization.

Example: The Equifax breach exposed the personal data of 147 million people.

Vulnerability

Definition: A weakness in a system that can be exploited by a threat.

Example: Leaving your front door unlocked is a vulnerability.

Asset

Definition: Anything of value that needs protection, such as data, hardware, or software.

Example: Your smartphone, laptop, and online accounts are all assets.

IAAA (Identification, Authentication, Authorization, Accounting)

Definition: The four steps to control access to a system.

Example: Think of AAA like entering a concert: show your ticket (identification), prove it’s yours (authentication), get access to your seat (authorization), and be monitored for safety (accounting).

Malware

Definition: Malicious software designed to harm or exploit systems.

Example: Viruses, worms, and ransomware are all types of malware.

What is Social Engineering?

Definition: Social engineering is the art of manipulating people into revealing sensitive information or performing actions that compromise security.

Example: A hacker calls you pretending to be from IT support and asks for your password to "fix an issue."

Common Social Engineering Techniques

Here are some of the most common techniques used by attackers:

• Phishing: Fake emails or messages that trick users into clicking malicious links or sharing sensitive information.
• Pretexting: Creating a fabricated scenario to gain someone’s trust.
• Baiting: Offering something enticing to lure victims into a trap.
• Tailgating: Physically following someone into a restricted area.

Real-World Examples

Social engineering attacks have caused some of the biggest cybersecurity incidents in history. Here are a few examples:

• The Twitter Bitcoin Scam (2020): Hackers gained access to high-profile Twitter accounts and posted tweets asking for Bitcoin donations.
• The Target Data Breach (2013): Hackers used stolen credentials from a third-party vendor to access Target’s network and steal credit card data.
• The Google and Facebook Scam (2013-2015): A hacker tricked these companies into wiring over $100 million by impersonating a legitimate vendor.

How to Protect Yourself

Here are some tips to protect yourself from social engineering attacks:

• Be Skeptical: Always verify the identity of anyone asking for sensitive information.
• Don’t Click on Suspicious Links: Hover over links to see where they lead before clicking.
• Use Multi-Factor Authentication (MFA): Even if your password is compromised, MFA adds an extra layer of security.
• Educate Yourself and Others: Awareness is the best defense against social engineering.

What is Phishing?

Definition: Phishing is a type of social engineering attack where attackers impersonate legitimate entities to trick victims into revealing sensitive information.

Example: An email claiming to be from your bank asking you to "verify your account."

Signs of Phishing

Here are some common signs of phishing attempts:

• Suspicious Sender: The email address doesn’t match the official domain.
• Urgency: Messages that create a sense of urgency (e.g., "Your account will be locked!").
• Generic Greetings: Emails that don’t address you by name.
• Misspellings and Poor Grammar: Phishing emails often contain errors.
• Suspicious Links or Attachments: Hover over links to see if they lead to unfamiliar websites.

Goals of Phishing

Attackers use phishing to:

• Steal Credentials: Usernames, passwords, or PINs.
• Commit Financial Fraud: Gain access to bank accounts or credit card information.
• Spread Malware: Trick users into downloading malicious attachments.
• Gain Access to Systems: Use stolen credentials to infiltrate networks or systems.

What is Encryption?

Definition: Encryption is the process of converting plaintext (readable data) into ciphertext (unreadable data) using an algorithm and a key.

Purpose: Protects data confidentiality, especially during storage or transmission.

Types of Encryption

• Symmetric Encryption: Uses the same key for encryption and decryption.
  • Examples: AES, DES.
• Asymmetric Encryption: Uses a pair of keys (public and private) for encryption and decryption.
  • Examples: RSA, ECC.

Data in Transit vs. Data at Rest

• Data in Transit: Data being transferred over a network (e.g., HTTPS).
• Data at Rest: Data stored on devices or servers (e.g., encrypted hard drives).

When to Encrypt Data

• Sensitive information (e.g., passwords, credit card numbers).
• Data transmitted over public networks.
• Data stored on portable devices (e.g., USB drives, laptops).

What is Hashing?

Definition: Hashing is the process of converting data into a fixed-size string of characters using a hash function. Unlike encryption, hashing is a one-way process (cannot be reversed).

Purpose: Ensures data integrity and is commonly used for password storage and verification.

Common Hashing Algorithms

• MD5: Widely used but now considered insecure due to vulnerabilities.
• SHA Family: Secure Hash Algorithms (e.g., SHA-1, SHA-256, SHA-3).
• bcrypt: Specifically designed for password hashing.

Why Hashing is Used

• Password Storage: Stores hashed passwords instead of plaintext.
• Data Integrity: Verifies that data has not been tampered with (e.g., checksums).
• Digital Signatures: Ensures authenticity and integrity of digital documents.

Encryption vs. Hashing

• Encryption: Reversible (can decrypt ciphertext back to plaintext).
• Hashing: Irreversible (cannot retrieve original data from the hash).

Password Policies

Definition: Rules that define the minimum security requirements for creating strong passwords.

Best Practices:

• At least 12-16 characters
• Mix of uppercase & lowercase letters
• Include numbers & special characters
• Avoid common words & personal info

Example of a bad password: password123
Example of a strong password: Lw#8dP@h_29Gx!

How Are Passwords Stored?

Definition: Passwords should never be stored in plaintext. Instead, they should be hashed using secure algorithms.

Hashing: A one-way cryptographic function that converts a password into a unique string.

Example:
Password: securepassword123
Hashed (SHA-256): 03ac674216f3e15c761ee1a5e255f067953623c8b388b5d89a6006cc6c7cf1a3

Issue: If two users have the same password, they will have the same hash, making it predictable!

Rainbow Tables

Definition: A precomputed table of hashes used by attackers to crack passwords instantly.

How it works: Instead of hashing every guess, hackers compare the stolen hash to a pre-made list of password-hash pairs.

Problem: If your password is in this table, it's already compromised!

Rainbow Table Quiz

Can you find the original password for the following hash? Check the table above and write your answer!

Hash to decode: 5f4dcc3b5aa765d61d8327deb882cf99

Salting as a Mitigation

Definition: A salt is a unique random value added to each password before hashing, making rainbow tables ineffective.

Example Without Salt:
Password: 123456 → Hash: e10adc3949ba59abbe56e057f20f883e

Example With Salt:
Salt: Xg7#@p!
Password: 123456Xg7#@p! → Hash: 8e4d5c378f8b324a56f4d7b66d8a8d74

Why it works: Even if two users choose the same password, their hashes will be different!

Types of Authentication

Authentication is based on three main factors:

🔹 Something You Know (Knowledge-Based Authentication)

Definition: This method requires the user to input information they remember.

Examples: Passwords, PINs, security questions.

Weakness: Can be guessed, stolen, or forgotten.

🔹 Something You Have (Possession-Based Authentication)

Definition: This method requires a physical object the user owns.

Examples: Security tokens, smart cards, mobile authentication apps.

Weakness: If lost or stolen, an attacker can use it.

🔹 Something You Are (Biometric Authentication)

Definition: This method verifies identity based on physical or behavioral traits.

Examples: Fingerprints, facial recognition, retina scans.

Weakness: If compromised, biometric data cannot be changed like a password.

Multi-Factor Authentication (MFA)

Definition: A security method that requires two or more authentication factors.

Example: Logging in with a password and confirming it with an OTP.

Importance: Even if an attacker steals one factor, they still need the second one.

Common Authentication Methods

• Single-Factor Authentication (SFA): Uses only one factor (e.g., a password).
• Two-Factor Authentication (2FA): Uses two factors for added security.
• Multi-Factor Authentication (MFA): Uses multiple factors for stronger security.
• Passwordless Authentication: Uses biometrics, security keys, or authentication apps.

Authentication Protocols & Standards

Authentication relies on different protocols for secure access:

• OAuth: Used for third-party logins (e.g., "Sign in with Google").
• SAML: Enterprise authentication standard.
• Kerberos: Secure authentication in network environments.
• FIDO2/WebAuthn: Standard for passwordless authentication.

Authentication vs. Authorization

Authentication: "Who are you?" (Identity verification)

Authorization: "What are you allowed to do?" (Access control after authentication)

Example: Using a keycard to enter a building (authentication) vs. only being allowed in certain rooms (authorization).

Attacks on Authentication & How to Defend

• Brute Force Attacks: Automated guessing of passwords.
  --> Use strong, unique passwords & limit login attempts.
• Phishing Attacks: Tricking users into revealing credentials.
  --> Use MFA & avoid clicking suspicious links.
• Man-in-the-Middle (MITM) Attacks: Intercepting login credentials.
  --> Use encrypted connections (HTTPS, VPNs).
• Credential Stuffing: Using leaked passwords from breaches.
  --> Use unique passwords & monitor for leaks.
• Session Hijacking: Stealing session tokens.
  --> Use secure cookies & session expiration policies.