Cybersecurity Concepts
The CIA triad — the three pillars of information security. - Confidentiality — info disclosed only to authorized parties (encryption, access control). - Integrity — info not altered without authorization (hashes, digital signatures). - Availability — authorized users can access the system when needed (backups, redundancy, DDoS protection).
Authentication vs. authorization vs. accounting (AAA). - Authentication — proving who you are. - Authorization — what you may do once authenticated. - Accounting / Auditing — recording what you did.
Authentication factors: 1. Something you know — password, PIN. 2. Something you have — phone, smart card, hardware token. 3. Something you are — fingerprint, face, iris.
MFA / 2FA combines two different factors. Two passwords is not MFA; password + phone code is.
Malware: what each one is and why an attacker uses it
| Type | What it is | Why an attacker deploys it |
|---|---|---|
| Virus | Attaches to a host file; spreads when the file runs | To corrupt files or hand off a payload to many machines |
| Worm | Self-replicates across a network without a host | Fastest possible spread; consume resources or seed other malware |
| Trojan | Disguised as legitimate software | Sneak past user trust and install a backdoor |
| Ransomware | Encrypts files and demands payment for the key | Direct extortion |
| Spyware | Secretly monitors activity | Steal credentials, financial data, intellectual property |
| Keylogger | Records every keystroke | Capture passwords typed into login forms |
| Rootkit | Hides itself and other malware deep in the OS | Persist undetected to maintain long-term access |
| Adware | Forces unwanted ads | Generate ad revenue; sometimes carries spyware |
| Logic bomb | Sits dormant; triggers on a condition (date, login, file change) | Sabotage by an insider, delayed-detonation payload |
| Bot / botnet | Compromised machine takes orders from a remote C2 server | DDoS, spam, credential stuffing at scale |
Common attacks
- Phishing — fake email tricks user into giving credentials or running malware. Spear phishing targets a specific person; whaling targets executives; smishing uses text; vishing uses voice.
- Social engineering — manipulating people instead of systems: pretexting, tailgating, shoulder surfing.
- Brute force — try every possible password. Dictionary attack — try a list of likely passwords.
- Man-in-the-middle (MITM) — attacker secretly relays/alters traffic between two parties.
- DoS / DDoS — flood a target with traffic so legitimate users cannot reach it.
- SQL injection — insert database commands into an input field the app passes unsafely to its database.
- Cross-site scripting (XSS) — inject malicious JavaScript into a web page other users will load.
- Zero-day — exploit for a vulnerability the vendor has not yet patched.
Encryption and hashing
- Symmetric encryption — same key encrypts and decrypts. Fast. Example: AES.
- Asymmetric (public-key) encryption — public key encrypts; matching private key decrypts. Examples: RSA, ECC. Slower; used to exchange a symmetric session key.
- Hashing — one-way digest of any size input. Used to verify integrity and store passwords. Examples: SHA-256, SHA-3. MD5 and SHA-1 are obsolete (broken).
- HTTPS / TLS — uses asymmetric crypto to exchange a symmetric key, then encrypts the rest of the session symmetrically. A certificate signed by a CA (Certificate Authority) binds a public key to a domain.
Common defenses
- Antivirus / EDR — detects known malware and suspicious behavior.
- Firewall — filters traffic by rule.
- IDS / IPS — Intrusion Detection / Prevention. IDS alerts; IPS also blocks.
- VPN (Virtual Private Network) — encrypted tunnel between client and network. Common for remote work and for privacy on public Wi-Fi.
- Backups — kept offline or off-site so ransomware cannot reach them.
- Patch management — keep OS and apps updated.
- Principle of least privilege — give each user and process only the access it needs.