This document discusses cybersecurity. It defines cybersecurity as protecting computer systems and networks from threats like information disclosure, theft, or damage. The history of cybersecurity began in 1971 with the first computer worm called Creeper. Vulnerabilities are weaknesses that can be exploited, and common threats include phishing, ransomware, malware, backdoors, denial-of-service attacks, and social engineering. Countermeasures to protect computers include security by design, managing vulnerabilities, and reducing vulnerabilities.
2. WHAT IS CYBER-SECURITY?
Computer security, cybersecurity, or
information technology security (IT
security) is the protection of
computer systems and networks from
information disclosure, theft of or
damage to their hardware, software,
or electronic data, as well as from the
disruption or misdirection of the
services they provide.
3. HISTORY OF CYBERSECURITY
It started with Creeper in 1971. Creeper
was an experimental computer program
written by Bob Thomas at BBN. It is
considered the first computer worm. In
1972, the first anti-virus software was
created, called Reaper. It was created by
Ray Tomlinson to move across the
ARPANET and delete the Creeper worm.
4. VULNERABILITIES
• A vulnerability is a weakness in design,
implementation, operation, or internal
control. Most of the vulnerabilities that
have been discovered are documented
in the Common Vulnerabilities and
Exposures (CVE) database.
• Vulnerabilities can be researched,
reverse-engineered, hunted, or
exploited using automated tools or
customized scripts.
5. TYPES OF THREATS
I. Phishing
II. Ransomware
III. Malware
IV. Backdoor
V. Denial-of-service
VI. Social engineering
6. PHISHING
Phishing is the attempt of acquiring sensitive
information such as usernames, passwords, and
credit card details directly from users by
deceiving the users. Phishing is typically carried
out by email spoofing or instant messaging,
and it often directs users to enter details at a
fake website whose "look" and "feel" are almost
identical to the legitimate one. The fake
website often asks for personal information,
such as log-in details and passwords. This
information can then be used to gain access to
the individual's real account on the real
website.
7. RANSOMWARE
Ransomware is a type of malware from
cryptovirology that threatens to publish
the victim's personal data or perpetually
block access to it unless a ransom is paid.
While some simple ransomware may lock
the system so that it is not difficult for a
knowledgeable person to reverse, more
advanced malware uses a technique
called cryptoviral extortion. It encrypts
the victim's files, making them
inaccessible, and demands a ransom
payment to decrypt them
8. MALWARE
Malware is any software intentionally
designed to cause disruption to a
computer, server, client, or computer
network, leak private information, gain
unauthorized access to information or
systems, deprive users access to
information or which unknowingly
interferes with the user's computer
security and privacy.
9. BACKDOOR
A backdoor is a typically covert method of bypassing
normal authentication or encryption in a computer,
product, embedded device (e.g. a home router), or its
embodiment (e.g. part of a cryptosystem, algorithm,
chipset, or even a "homunculus computer" —a tiny
computer-within-a-computer such as that found in
Intel's AMT technology).
10. DENIAL OF SERVICE
• In computing, a denial-of-service attack (DoS
attack) is a cyber-attack in which the perpetrator
seeks to make a machine or network resource
unavailable to its intended users by temporarily or
indefinitely disrupting services of a host connected
to a network. Denial of service is typically
accomplished by flooding the targeted machine or
resource with superfluous requests in an attempt to
overload systems and prevent some or all
legitimate requests from being fulfilled.
11. SOCIAL ENGINEERING
• In the context of information security, social engineering is the
psychological manipulation of people into performing actions
or divulging confidential information. This differs from social
engineering within the social sciences, which does not concern
the divulging of confidential information. A type of confidence
trick for the purpose of information gathering, fraud, or system
access, it differs from a traditional "con" in that it is often one of
many steps in a more complex fraud scheme.
• It has also been defined as "any act that influences a person to
take an action that may or may not be in their best interests."