keys on the table
Fri Oct 28

Introduction to Cyber Security

The world is constantly changing. Empowered by the emerging digital technologies, we’ve been given so many conveniences. Thanks to the internet, the world is getting more connected than before. As for today, we could see that more and more devices are connected to the internet.

As you might have guessed, the exchange of information is actually massive as well. For various reasons, it really is a goldmine. People are willing to pay a great price for this. As the money comes to play, the bad enters the field.

What is cyber security?

To take things simply, cyber security is the practical way or mechanism to protect the system from cyber attack. It can be unauthorized access or threat with any malicious intent.

Why learn cyber security?

You may think that your personal information is worthless. Many think that the one who has to care about cyber security is solely the organizations. Most people don’t really pay much attention to cyber security until something bad really happens to them.

Let’s take a look at the most common event. Have you ever received an email asking you to open a certain link that redirects you to a web page which requires you to fill out the form regarding your personal information. You might think that you are too smart to not fall into such a trap. But, let’s think about another situation.

You have a really bad day and are stressed out from work. And then, someone calls you to inform you via the phone call that one of your parents is in a critical situation due to their terminal illness condition. You are at work and separated thousands miles away from them. The one who calls you claims to be the one from the hospital, and needs you to transfer a certain amount of money to perform surgery immediately. He even gives your parents’ personal information to you in a very detailed manner. Even worse, you can’t contact any of your parents. Would you fall for it?

Even though it is not such a common situation, imagine that thousands of people experience it every single day. Are you sure not even a single one would fall for it? I personally don’t think so. In the world of cyber security, this is called social engineering.
By knowing this, I hope that you could understand that not only the computer system has the vulnerability gap, but also the human as a part of the system. On the other side, awareness regarding the issue could help you protect your data better and knowing how the bad works may do you a favor for a better future.

Types of cyber threats

Malware

Malware is a software that is used for various malicious intent like gaining unauthorized access to the host, or disrupting and damaging the system.

Phishing

Phishing is a type of fraudulent act, done by sending emails implying reputable companies or organizations in order to illegally gather the victim’s sensitive data and personal information.

DDOS (Distributed Denial of Service)

Broadly speaking, Distributed Denial of Service (DDOS) is an attempt to flood the target server with a lot of requests, thus disrupting the network. Generally, hackers use several infected computers as hosts that will execute certain code that can make requests to a server at the same time. It will overwhelm the server so that it is unable to perform tasks normally. These computers are then referred to as botnets. What’s worse is that, it is common to see that their computers are one of them without the user even knowing.

Man in the middle

As the name suggests, hackers will intercept data information sent by the client to the destination. By doing this, hackers are able to extract sensitive data sent by the client. Even worse, hackers can manipulate data sent by the client to the destination or from the destination to the client.

CIA Triad

To protect you and your data from all of these, it is imperative to know the basics. In terms of securing data, there are three principles to follow as the foundations, Confidentiality, Integrity, Availability (CIA), known as the CIA Triad.

Breaking down the CIA concept

Confidentiality

All types of data, whether belonging to individuals or organizations, must be kept confidential to prevent data access from the unauthorized. Hence, data control must be done using a system with login credentials. In this case, the data can be grouped based on the level of damage that might occur if the data falls into the wrong hands.

Integrity

Data integrity is related to data reliability in terms of accuracy, authenticity, security, consistency, and quality. For this reason, it is necessary to take precautions and restrictions on data that should not be modified by the unauthorized. It is also necessary to prevent data from being modified or deleted by accident. Data may have a cryptographic checksum to guarantee its authenticity as well as having backups to restore it to the initial or original state if something unexpected happens.

Availability

There are times when the data is needed so that it requires certain access rights which correlate to the third principle, the availability. Besides, data should be accessible, even during unexpected events such as a power outage or server failure.

Why learn the CIA Triad?

By knowing and understanding the triads, it would be easier to understand how hackers can exploit data vulnerabilities. For example, in terms of data confidentiality, hackers will try to access the system to retrieve sensitive information like this which can be done by various techniques such as cracking encrypted data and password brute force, or using spyware or malware.

The data integrity can be compromised by using malware, penetrating the system for unauthorized server access, or acting as a man-in-the-middle. In terms of availability, hackers are able to carry out attacks by sending lots of requests at once causing an overwhelmed and unresponsive system due to too many requests (DDOS attack).

To prevent or reduce the risk of these things happening, some preventive measures are needed in a network such as the use of a firewall, IDS (Intrusion Detection System), or IPS (Intrusion Prevention System).

Conclusion

From time to time, as the technology develops, more and more efforts are conducted to improve data security. Unfortunately, the illegal activity related to cyber security are developing as well. Raising public awareness is therefore necessary because people could end up being the worst vulnerability.

You might like

How To Mount and Unmount Drives on Linux

Learn how to mount and unmount drives on Linux using the mount and umount commands. Also, learn how to make your drives mount automatically using fstab.
Open Redirect to SSRF: Explanation with Example

Learn how to prevent open redirection vulnerabilities, a web security flaw that allows attackers to redirect users to malicious sites. Find out how open redirection works, how it can be exploited, and what are the best practices to avoid it. Click here to learn more!