Basics of Cyber security and all common terms explained for beginners!
Actually its my second day of learning all the basic of cyber security in my diploma. First step to start is to understand all the theoretical part & basics terms.
Introduction & Key Concepts
What is Cyber security?
Cyber security is protecting computers, mobile phones, networks, and data from being stolen, damaged or misused. In simple security of digital world is called as cyber security. For example if you are living in a house (your computer), you have doors and windows (internet and apps). You lock them to stop thieves from entering, Cyber security is that lock but for digital house.
Importance of Cyber security (Why it matters)
- To keep data safe (like passwords, bank info etc.)
- To stop viruses and scams.
- To protect your identity
- To protect businesses from getting hacked.
CIA Triad:
CIA stands for Confidentiality, Integrity & Availability
- Confidentiality
Confidential mean private, to keep data safe and private, mean only the right people can see it. For example your whatsapp chats only you and receiver can see it.
- Integrity
Integrity means to keep the data correct and unchanged. Keep it in real form. Like no one can change your data without your permission. For example a hacker must not change your bank balance from 1000 to 0.
- Availability
Availability means keep the systems online & working. A user should be able to access his data when needed. For example a website or app should not do down during cyber-attacks.
Types of Cyber security
There are different areas of cyber security depending on what you are protecting:
- Network Security, to protect data while travelling across the networks like Wi-Fi, internet, firewall, routers, VPNs.
- Application Security, to protect software, apps and websites from hackers like making sure login systems, payment gateways etc. are secure.
- Cloud Security, to protect data that’s stored on cloud like Google drive, AWS. Securing access to cloud files, backups.
- Physical Security, to protect the hardware like computers, servers from being stolen or damaged. Locked server rooms security cameras.
Cyber security Terminologies
The few commonly used terminologies as basics of cyber security are,
- Threat, is anything that can cause harm to your system. For example hackers, malware, phishing emails.
- Vulnerability is a weak point in your system that can be attacked. For example a password like 12345 is vulnerability.
- Exploit, is a method that attackers used to take advantage of vulnerability. For example, a hacker uses a software bug to break in.
- Risk, is the chance that a threat will use as vulnerability to cause damage. For example, if your software has bugs and no antivirus, risk is high.
| Concept | Meaning in Simple Words |
| Confidentiality | Keep things private |
| Integrity | Don’t let things be changed |
| Availability | Keep things working |
| Threat | The danger (like hacker) |
| Vulnerability | Weak point (like bad password) |
| Exploit | How the hacker attacks your weak point |
| Risk | Chance of something bad happening |
Types of Cyber Threats & Attack
Malware
Is a malicious software that is harmful software used to steal data or disrupt systems.
Types of Malware:
- Virus, attaches to a clean files and spreads when file runs and it requires human action, for example infected USB.
- Worm, is a self-replicating malware that spreads without human action, for example through networks.
- Trojan, is the software designed as legit but used to steal data, for example fake game installer.
- Ransom ware, locks your files and data and then demands for payment to get your data back, for example WannaCry attack. You can check the complete case study of wannacry attack which was a real example of ransomware attack.
- Spyware, secretly monitor our activates on our system, for example keyloggers. (Its like all the key you press on your system will automatically hacker saved them and then used accordingly. So stay safe it dangerous.
Phishing & Social Engineering
- Phishing, is a cyber-attack of fake emails with link to ask fr reset password or website tricking users to give their personal info and passwords, for example your locked bank account, if attack is by phone call called as “Vishing” (Voice Phishing) but if attack is by harmful link via email or text or website then it’s called as phishing.
- Phishing → Fake emails/links (e.g., “Click to reset password”).
- Vishing (Voice Phishing) → Fake calls (e.g., “Tell me your OTP”).
- Smishing (SMS Phishing) → Fake texts (e.g., “Your package is held; click here”).
- Social Engineering, is manipulating people to reveal their secrets, for example act as fake IT support, or bank agent.
- Insider Threats are the threats caused by the insiders like employs or trusted people of the company who misuse access to leak data or harm systems (intentionally or unintentionally).
- DDoS (distributed denial of services) Attacks, overloading a website or server with fake traffic to crash, for example botnet flooding a site. Botnets is actually a fake computers of attacker from where he did this attack and flood a website with fake traffic to make it down or crash. This type of attack is called a Distributed Denial of Service (DDoS) attack. Its also very common form of attack.
- Brute Force & Password Attacks, guessing easy passwords by trying all combinations is called brute force & easy passwords attack for example 1234 are called as password attacks.
- Zero-Day Exploits means hackers attack on vulnerability before a developer release a fix.
- For more Read basics on OWASP Top 10 Vulnerabilities.
| Threat Type | How It Works | Example |
| Virus | Infects files & spreads when executed | Infected USB with virus |
| Worm | Spreads automatically over networks | Through Wi-Fi, networks |
| Trojan | Fake software act as legit | Pirated game with spyware |
| Ransomware | Encrypts/lock files or data for ransom, ask for payment to unlock data | WannaCry, LockBit |
| Spyware | Secretly monitors activity | Keylogger stealing passwords |
| Phishing | Fake emails/sites stealing data | “To Update your PayPal account click on link” |
| Social Engineering | Manipulating people to reveal info | Fake CEO email asking for money. Or Friend id asking for money |
| Insider Threat | Employee leaking data | Worker selling data for money |
| DDoS Attack | Overloads server with fake traffic | Botnet attacking a website |
| Brute Force | Guessing passwords repeatedly | Hacking weak passwords |
| Zero-Day Exploit | Attacks unknown software flaws before fix release. | Hackers exploiting unpatched Operating systems. |
Actually its all are my notes which I prepared during my class and now am sharing here as blog for people who is learning or just starting with Cyber Security, it might helps someone, i explained all the basics of cyber security, basic terms hope everyone can understands.
Please share your Valuable comments if you like it. Thank you, see yaaa!!!!
READ DAY 1 Blog for better understanding!https://munazajameel.site/career-switch-to-cyber-security-day-1/
