cybersecurity_document.txt

CIA-
Confidentiality - secured ,hidden ,visible to only authorized person 
integrety - Accuracy , completed ,not modified (hash)
availability - when required ,not slow 

The Fundamentals of Cyber Security

 Cyber security is the practice of protecting systems, networks, and data from cyber threats such as    unauthorized access, theft, and damage.
The CIA Triad (Confidentiality, Integrity, Availability) forms the foundation of all cyber security strategies. Every security control, technology, or policy usually addresses one or more of these principles.
   fundamentals of cyber security based on CIA triad.
    I. confidentiality
    II. integrity
    III. availability
       
1. Confidentiality:
Definition:
Confidentiality ensures that sensitive information is only available to those who are authorized to access it. Unauthorized disclosure of data can lead to identity theft, corporate espionage(unauthorized access )or severe reputational damage.
Core Idea: Keep secrets safe.
How It’s Achieved:
    1. Encryption
        ◦ Data is converted into an unreadable format using cryptographic algorithms.
        ◦ Only someone with the correct key can decrypt it back to readable form.
        ◦ Example: AES-256 encryption in banking transactions.
    2. Access Control
        ◦ Users are given permissions based on role (Role-Based Access Control, RBAC).
        ◦ Example: In a hospital database, only doctors can view patient records, while administrative staff can see only billing details.
    3. Authentication
        ◦ Verifying a user’s identity before giving access.
        ◦ Methods: Passwords, biometrics (fingerprint/face ID), smart cards, OTPs.
    4. Data Classification
        ◦ Categorizing data (public, internal, confidential, top secret) and applying controls based on classification level.
Real-World Breach Example:
    • Yahoo Data Breach (2013–2014): Poor access control and weak encryption led to over 3 billion accounts being compromised.

       
2. Integrity
Definition:
Integrity means data remains accurate, consistent, and trustworthy over its entire life cycle.
If data is altered — accidentally or maliciously — without authorization, its integrity is compromised.
Core Idea: Keep information accurate and untampered.
How It’s Achieved:
    1. Hashing
        ◦ A mathematical function that generates a unique fingerprint of data(a hash function)
        ◦ Even a tiny change in data changes the hash completely.
        ◦ Example: SHA-256 hash of a file before and after download to verify it wasn’t tampered with.
    2. Digital Signatures
        ◦ Used to ensure authenticity and integrity in communications.
        ◦ Example: Signed software packages guarantee the source and that files are unaltered.
    3. Checksums and Error-Detection Codes
        ◦ Used in networking and storage to verify that transmitted data is intact.
    4. Version Control Systems
        ◦ In software development, tools like Git maintain the history of changes and detect unauthorized modifications.
Real-World Breach Example:
    • NotPetya Malware (2017): Spread via a compromised software update — attackers altered the integrity of the legitimate installer to insert malicious code.

3. Availability
Definition:
Availability ensures that authorized users have access to information and systems when they need them.
Core Idea: Keep systems and data accessible.
How It’s Achieved:
    1. Redundancy
        ◦ Backup hardware, multiple servers, and replicated databases.
        ◦ Example: Cloud providers have data centers in multiple geographic locations.
    2. Disaster Recovery Planning
        ◦ Strategies to restore systems after natural disasters, power failures, or cyber attacks.
    3. Load Balancing
        ◦ Distributes network traffic across multiple servers to prevent overload.
    4. Defense Against DoS/DDoS Attacks
        ◦ Firewalls, intrusion prevention systems, and traffic filtering prevent malicious overload attempts.
    5. Regular Maintenance
        ◦ Applying patches and updates to prevent crashes due to known vulnerabilities.
Real-World Breach Example:
    • GitHub DDoS Attack (2018): The site suffered the largest recorded DDoS attack at that time but remained largely available thanks to effective mitigation.


one line definations :

Confidentiality
Ensures that data is accessible only to those authorized to view it.
Methods: encryption, access controls, authentication, and classification of information.

Integrity
Ensures that data is accurate, complete, and hasn’t been tampered with.
Methods: checksums, hashing, digital signatures, and version control.

Availability
Ensures that authorized users can access data and systems when needed.
Methods: redundancy, backups, load balancing, and DDoS protection.

Threat:
A threat is any circumstance, event, or entity that has the potential to cause harm to an information system, network, or organization. It represents a possible danger that can exploit weaknesses and negatively affect the confidentiality, integrity, or availability of data or resources.

Vulnerability:
A vulnerability is a flaw, gap, or weakness in a system’s design, implementation, configuration, or internal controls that could be exploited by a threat. It reduces the system’s ability to withstand or respond effectively to attacks or adverse events.

Vulnerability Lifecycle:
    1. Discovery – A vulnerability is found by a researcher, vendor, or attacker.
    2. Report – The finder discloses it to a CNA or vendor.
    3. Assignment – A CVE ID is assigned.
    4. Analysis – The vulnerability is assessed and given a CVSS score.
    5. Publication – Publicly disclosed in the CVE database.
    6. Remediation – Patches or mitigations are developed and released.
    7. Verification – The fix is tested and confirmed effective.


Risk:
Risk is the probability or likelihood that a threat will successfully exploit a vulnerability, resulting in adverse consequences for the organization. It represents the potential for loss or damage to assets, operations, or reputation, and is typically assessed based on the likelihood of occurrence and the severity of its impact.

CVE (Common Vulnerabilities and Exposures)
A unique identifier assigned to publicly known cybersecurity vulnerabilities.
Standardized format: CVE-YYYY-NNNN (e.g., CVE-2023-12345).
Purpose: To provide a common reference for tracking and sharing information about vulnerabilities across tools, databases, and organizations.

CVSS (Common Vulnerability Scoring System)
A framework for rating the severity of a vulnerability.
Scores range from 0 to 10, where higher scores indicate more critical vulnerabilities.
Considers factors such as:
Exploitability: How easy it is to exploit
Impact: Potential damage to confidentiality, integrity, or availability
Scope: Whether the vulnerability affects multiple systems or boundaries

CWE (Common Weakness Enumeration)
A catalog of software and hardware weaknesses that may lead to vulnerabilities.
Focuses on the root cause, not the individual incidents.
Example categories: input validation errors, buffer overflows, improper authentication.

NVD (National Vulnerability Database)
Maintained by NIST, it’s a repository of CVEs enriched with CVSS scores, CWE classifications, and other metadata.
Used by organizations for vulnerability management and patch prioritization.

Exploit
A piece of code or technique that takes advantage of a vulnerability to compromise a system.

Zero-Day Vulnerability
A vulnerability unknown to the vendor or public, for which no patch exists.
Extremely critical because attackers can exploit it immediately.

Patch
A software update designed to fix vulnerabilities or bugs.
Essential for maintaining security and reducing risk.

Security Issue: A potential weakness or problem in a system that could cause harm.

Security Incident: An event where a system or data is actually harmed or threatened.

Digital Signature 
1.A digital signature is a secure method used to confirm the identity of the sender, 
2.Ensure the data, message or document remains unchanged, 
3.And prevent the sender from denying .

There are three main purposes of Digital signature:
1.Authentication,2.Integrity ,3.Non-repudiation .

The digital signature includes:
1.A hash of the original message
2.The sender’s private key used to encrypt the hash
3.The resulting digital signature

A hash value is a fixed-length code generated from the message using a hash function. 
ipm point :- if there is a small change in the message hash function will produces a different hash.

Process :
Sender Side:
step 1.The message is converted into a hash. 
step 2.This hash is then encrypted using the sender’s private key.
step 3.Both the message and the signature are sent to the receiver.
Receiver Side:
step 1.The receiver generates a hash from the received message. 
step 2.The receiver also decrypts the digital signature using the sender’s public key for the original hash. 
step 3.If both hashes match, the message is verified as original or unchanged.Digital Signature.


OpenVAS
Type: Open-source vulnerability scanner
Purpose: Detects vulnerabilities, misconfigurations, and security issues in networks and systems

Nessus
Type: Commercial vulnerability scanner (by Tenable)
Purpose: Identifies vulnerabilities, missing patches, and compliance issues

openssl
OpenSSL is an open-source software library that provides tools for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. These protocols are used to secure communication over computer networks.
It includes:
    • A library (libssl and libcrypto) for SSL/TLS and cryptographic functions.
    • A command-line tool for certificate creation, management, encryption, decryption, hashing, etc.

Purpose of OpenSSL
OpenSSL is used to:
    1. Encrypt and decrypt data using symmetric and asymmetric cryptography.
    2. Generate digital certificates for SSL/TLS websites.
    3. Verify certificate authenticity.
    4. Create and manage private keys and certificate signing requests (CSRs).
    5. Implement secure network protocols such as HTTPS, FTPS, SMTPS.