Basics of Cybersecurity

 Cybersecurity

Cybersecurity is that branch of computer science domain that deals with maintaining the security of hardware, software or even a network as a whole from potential cyber attacks. Every device connected to a network ( like internet) are always vulnerable to cyber attacks that can often lead to lot of damages.

CIA triad

The three letters here i.e., CIA refers to Confidentiality , Integrity and Availability . 
These are the three pillars that ultimately form the branch of cybersecurity. These three can also be considered as the three vertices of an equilateral triangle, Equilateral because each element of the triad is equally important and the compromise of even one of the elements can cause a major security breach.

Image Source - Google | Image by - Kweku-Muata Osei-Bryson

Confidentiality 

Every organization have got their own secret data and information. The compromise of such important information can sometimes cause huge losses or can even bring down the entire organization, So maintaining the secrecy of such data is called confidentiality.

Integrity

Maintaining secrecy of data is just not enough. Data must also remain uncorrupted and must not be altered without proper authentication. This is where integrity of data comes into play. Integrity can be said as maintaining the original piece of data without tampering it throughout its lifetime.

Availability

Just as the word suggests , availability means making sure that the information is accessible to all legitimate users at all expected times. Anytime there's a server failure , it compromises with the availability element of the CIA triad.

Need of Cybersecurity

We now live in a digital era. Every moment there are technological advancements. Just as the security measures become advanced , hackers are also becoming more and more smarter. So every day poses a new problem to solve.

And in the field of cybersecurity , problems are caused by the 'bad' hackers.

Now hackers can be commonly categorized into three:

1) White Hat Hackers : These are the ethical hackers that work for different organizations to maintain their security and in turn keep the entire public as a whole safe from the malicious hackers. They train themselves just as any malicious hacker would and hack ( gain access ) into the organization with the knowledge and also written permission of the concerned authorities.

2) Black Hat Hackers : These are the hackers that the general public think about when they hear the word 'Hacking' and due to whose works hacking is considered crime by the society. They are the malicious hackers that hack into systems to cause damages just for fun or for monetary benefits. Their malicious activities are usually termed as cyber crimes.

 3) Grey Hat Hackers : These hackers can be considered as both white and black hat hackers. They work ethically as well as unethically too. Sometimes they are driven by the ethical sense and sometimes (especially when it comes to monetary benefits) they can be found to violate the rules too.

Apart from this there are also other types of hackers categorized by their intention or by their skills. Example: Red Hat Hackers, Purple Hat Hackers, Elite Hackers or even Script Kiddies.

4) Red Hat Hackers : These are hackers who have a similar attitude and motive as that of a white hat hacker but they differ in their way of solving their problem.  Both the type of hackers target the black hat hackers but a red hat hacker usually tries to take down the black hat hacker by launching an attack on them and thus bringing them down unlike the white hats who gather information about the attacker and hand them over to the legal authorities.

5) Purple Hat Hackers : These hackers attack their own systems and networks with a motive to analyze themselves and their hacking skills. They may or may not try to patch their own system vulnerabilities depending on their skills.

Types of cyber attacks

The rate and seriousness of cyber attacks are increasing day by day which makes cybersecurity an important and advancing branch of computer science.

Here are some of the popular cyber attacks ; 

1) Phishing : In this attack , the hacker sends carefully solicited emails to the victim impersonating popular brands or organizations and mostly asking for their login credentials. Vishing attacks are also another branch of attacks where the entire attack is carried out using a phone call instead of email. When the attack uses SMS instead of emails or phone calls , the attack is termed as Smishing ( SMS Phishing )  attack. Targeted phishing attacks are called spear phishing attacks. All these broadly come under the topic of Social Engineering attacks. 

2) Password attacks : Just as the name suggests , the attacker targets the passwords of the attacker and try to gain unauthorized access into the victim's system. This can be carried out in support with other attacks such as phishing , or by cracking the password hashes in case a password database leaks.

3) Malware : Malware are pieces of code ( software ) with malicious intend. Some popular malwares are viruses , worms and trojans. These can alter or tamper with your information .

4) DoS attack : DoS attack refers to Denial of Service attack. In this particular attack , a victim service ( like a website or even WIFI ) are targeted and brought down thus denying availability of that service to its legitimate users. When the DoS attack is carried out with a lot of systems ( bots ) that are controlled by a host computer , then the attacks changes into the popular DDoS attack (Distributed Denial of Service). This is definitely more harmful than usual DoS and depending on the number of systems in that botnet , it can even take down larger websites that can handle much more traffic.  

5) MITM attack : MITM attack refers to Man In The Middle attack. In this attack , the hacker acts like a man in the middle of a service and impersonated both the sides and gains valuable information from both sides of the service. Example: In the case of online banking , the hacker can impersonate the user in front of the bank and he can also impersonate the bank in front of the user thus gaining critical credentials like bank accounts, passwords etc.

6) Maladvertising : This kind of attack is increasing day by day. Advertisements have become a popular way for hackers to get access into target systems. Specially crafted advertisements can download malwares or backdoors into the target system without the victim knowing anything about it. Maladvertising are usually combined by drive by downloads which install malwares into your system without any action required from the user. 

Apart from such attacks , several there are other types of attacks also such as Cross Site Scripting ( XSS ) attacks , SQL injections or even the simple eavesdropping techniques.