This document provides an overview and introduction to cybersecurity concepts. It discusses key topics such as risk, common attack types and vectors, security architecture principles including defense in depth and cryptography. Specifically, it defines cybersecurity and its objectives of confidentiality, integrity and availability. It also explains common cybersecurity concepts like vulnerabilities, threats and risk analysis and assessments. Various attack types are outlined including malware, advanced persistent threats, man-in-the-middle attacks and SQL injection.

2. INTro. To IT
Security/cybersecurity
Week 1

3. DISCUSSION POINTS:
 Cybersecurity Introduction and Overview:
• Introduction to Cybersecurity
• Difference Between Information Security and Cybersecurity
• Cybersecurity Objectives
• Cybersecurity Roles
 Cybersecurity Concepts:
• Risk
• Common Attack Types and Vectors
• Policies and Procedures
 Security Architecture Principles:
• Overview of Security Architecture
• The OSI Model
• Concept of Defense in Depth
• Firewalls
• Isolation and Segmentation
 Cryptography Introduction
• Cryptanalysis
• Symmetric and Asymmetric Encryption, CA, RA, Public and Private keys

4. CYBERSECURITY INTRODUCTION AND
OVERVIEW

5. What is Cybersecurity?
 cybersecurity can be defined as “the protection of information assets by addressing
threats to information processed, stored and transported by internetworked
information systems.”
Cybersecurity plays a significant role in today’s ever-evolving cyberlandscape. More
and more organizations and corporations are processing, storing and transporting
data and information across the internet.
New trends in mobility and connectivity present a broader range of challenges than
ever before as new attacks continue to develop along with emerging technologies.
(e.g. Cloud computing).
Cybersecurity professionals must be adequately trained and prepared to deal with
these emerging security within the cyberlandscape. (Situational Awareness)

6. Introduction & Overview cont.
 Understanding the key business (nature of business, the risk tolerance etc.) and technology factors (level of IT
complexity, new or emerging security tools) that affect cybersecurity or information security is central to achieving
situational awareness.
The Cybersecurity Skills Gap:
 Information security professional jobs are expected to increase 53% by the end 2018 with over 1.8 million jobs
available. However, recent studies and reports suggest that there are simply not enough skilled professionals to fill
them. (ISACA Report)
 Women only make up about 14% of the U.S cybersecurity workforce

7. Introduction & Overview cont.
 While the cybersecurity landscape has evolved, the skill set among existing and
potential cybersecurity professionals has not kept pace. The 2017 (ISC)2 Global
Information Security Workforce Study sponsored by Frost & Sullivan, Booz Allen
Hamilton and (ISC)^2 concluded that there is a dangerous shortage of skilled
professionals in the cybersecurity profession.
 The study indicates that the shortage negatively impacts organizations and their
customers, leading to more frequent and costly data breaches.
According to the Cybersecurity Source:
https://www.scmagazine.com/home/security-news/cybersecurity-job-gap-grows-to-3-million-report/
According to Forbes:
https://www.forbes.com/sites/forbestechcouncil/2018/08/09/the-cybersecurity-talent-gap-is-an-industry-crisis/#11eda961a6b3
According to the (ISC)^2:
https://blog.isc2.org/isc2_blog/2018/10/cybersecurity-skills-shortage-soars-nearing-3-million.html

8. Introduction & Overview cont.
1. To check if your public IP address is hacked!
http://www.techmonkeys.co.uk/hackcheck/index.php
2. How Secure is my Password
https://howsecureismypassword.net/
3. Check your email and password if they have been compromised in a breach database
https://haveibeenpwned.com/

9. Introduction & Overview cont.
Difference Between Information Security and Cybersecurity
The terms “cybersecurity” and “information security” are often used interchangeably.
Although different groups tend to adapt terminology for their own purposes, there are
some important distinctions between cybersecurity and information security.
Information security deals with information, regardless of its format—it includes paper
documents, digital and intellectual property in people’s minds, and verbal or visual
communications.
Cybersecurity on the other hand, is concerned with protecting digital assets—
everything from networks to hardware and information that is processed, stored or
transported by internetworked information systems.

10. INTRODUCTION & OVERVIEW CONT.
Cybersecurity Objectives
To better understand cybersecurity and the protection of cyber assets, it is important to
consider three key concepts that are used to guide security policies, as shown below.
The concepts are: Confidentiality, Integrity and Availability (CIA)
There are three (3) security objectives:
The Key Security Concept/Objectives

11. Introduction & Overview cont.
Security Objectives:
Confidentiality is the protection of information from unauthorized access
or disclosure.
Different types of information require different levels of confidentiality, and the need for
confidentiality can change over time. E.g. personal, financial and medical information require a
higher degree of confidentiality than the minutes of a staff meeting.
Data must be protected from improper disclosure according to its sensitivity and applicable legal
requirements.
The confidentiality of digital information can be maintained using several different means, including
access controls, file permissions and encryption etc.
Integrity is the protection of information from unauthorized modification.
If a bank transfers US $10,000 to another financial institution, it is important that the amount does not change
to US $100,000 during the exchange.
The integrity of digital assets can be controlled by using logging systems, digital signatures, hashes/message
digest, encryption and access controls etc.

12. Introduction & Overview cont.
Security Objectives:
Availability ensures the timely and reliable access to and use of
information and systems.
Safeguards to make sure data are not accidentally or maliciously deleted.
This is particularly important with a mission-critical system, because any interruptions in its
availability can result in a loss of productivity and revenue.
Availability can be protected by the use of redundancy, backups and access control

13. Introduction & Overview cont.
Confidentiality, Integrity and Availability Model and Related Impacts

14. KNOWLEDGE CHECK
1. What does C.I.A stands for:
C Confidentiality
I Integrity
A Availability
2. What controls can you use to ensure Confidentiality and Integrity
Confidentiality  Access Control, File Permission, Encryption
Integrity  Access Control, logging, Hashes, Encryption

15. CYBERSECURITY CONCEPTS

16. CYBERSECURITY CONCEPT (RISK)
VULNERABILITY:
The weakness in a system or control.
THREAT:
Anything (object, substance or human) that has the tendency to cause harm or destruction.
RISK:
The likelihood of a THREAT exploiting a VULNERABILITY in a system to cause an undesirable IMPACT.
RESIDUAL RISK:
This is defined as the remaining risk after management has implemented a risk response (control).
INHERENT RISK:
The risk level or exposure without taking into account the actions that management has taken or might
take (e.g., implementing controls).
It is particularly important to understand an organization’s risk tolerance, size and scope of the organization, and the
amount of data available when considering how to measure risk.

17. CYBERSECURITY CONCEPT (RISK) C O N T.
The core duty of cybersecurity is to identify, mitigate and manage cyberrisk to an organization’s
digital assets.
Cybersecurity professional must understand risk in the context of cybersecurity, which means
knowing how to determine, measure and reduce risk effectively.
Assessing risk is one of the most critical functions of a cybersecurity professional, without
adequate knowledge of the risk, organization might implement over-protective or under-protective
controls
ISACA’s recent worldwide survey of IT management, auditors and security managers consistently
shows that over 80 percent of companies believe “information security risks are either not known or
are only partially assessed” and that “IT security risk illiteracy and lack of awareness” are major
challenges in managing risk.

18. CYBERSECURITY CONCEPT (RISK) C O N T.
Approaches to Implementing Cybersecurity Program
Generally, there are three (3) different approaches to implementing cybersecurity:
1. Compliance-based This approach relies on rules & regulations or standards hence controls are
implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward
security. (e.g. FISMA, HIPAA, SOX etc.)
2. Risk-based This approach relies on identifying the unique risk a particular organization faces and
designing and implementing security controls to address that risk above and beyond the entity’s risk
tolerance and business needs.
3. Ad hoc This approach simply implements security with no particular rationale or criteria. Ad hoc
implementations may be driven by vendor marketing, or they may reflect insufficient subject matter
expertise, knowledge or training when designing and implementing safeguards they just copy approaches
from other companies.
In reality, most organizations with mature security programs use a combination of risk-based and compliance-based approaches. In
fact, most standards or regulations such as the Payment Card Industry Data Security Standard (PCIDSS) or the US Health Insurance
Portability and Accountability Act (HIPAA) require risk assessments to drive the particular implementation of the required controls.

19. CYBERSECURITY CONCEPT (RISK) C O N T.
Relationship between Risk Analysis, Risk Assessment and Risk Management
Risk Analysis is looking/brainstorming and listing vulnerabilities, threats, likelihood and the Impact to an org.
Risk Analysis
+
Report
RISK ASSESSMENT
+
COUNTERMEASURES & PROTECTIONS/PREVENTIONS
RISK MANAGEMENT

20. CYBERSECURITY CONCEPT (RISK) C O N T.
Threat Agent, Attack Vectors, Threat Events and Common Attack Types
Threat Agents - Individual or group that can be a threat.
Corporations—Corporations have been known to breach security boundaries and perform malicious acts to gain a competitive
advantage.
Nation States—Nation states often target government and private entities with a high level of sophistication to obtain intelligence or
carry out other destructive activities.
Hacktivists—Although they often act independently, politically motivated hackers may target specific individuals or
organizations to achieve various ideological ends. (e.g. Anonymous, WikiLeaks etc.)
Cyberterrorists—Characterized by their willingness to use violence to achieve their goals, cyberterrorists frequently
target critical infrastructures and government groups.
Cybercriminals—Motivated by the desire for profit, these individuals are involved in fraudulent financial transactions.
Cyberwarriors—Often likened to hacktivists, cyberwarriors, also referred to as cyberfighters, are nationally
motivated citizens who may act on behalf of a political party or against another political party that threatens them.
Script Kiddies—Script kiddies are young individuals who are learning to hack; they may work alone or with others and are primarily
involved in code injections and distributed denial-of-service (DDoS) attacks.
Employees—Although they typically have fairly low-tech methods and tools, dissatisfied/disgruntled current or former employees
represent a clear cybersecurity risk.

21. CYBERSECURITY CONCEPT (RISK) C O N T.
Attack Vector:
The path or route used to gain access to the target (asset) is known as an attack vector
Types of Attack Vector:
1.Ingress
2.Egress
These are also known as Data Exfiltration
Ingress refers to network communications coming into the network
Egress refers to network communications going out of the network.
Threat Event:
An event or situation that has the potential for causing undesirable consequences or impact.
There are two broad categories for threat events: adversarial and nonadversarial. An adversarial threat event is
made by a human threat agent (or adversary), while a nonadversarial threat event is usually the result of an error,
malfunction or mishap of some sort

22. CYBERSECURITY CONCEPT (RISK) C O N T.
Malware and Common Attack Types
Malware, also called malicious code, is software designed to gain access to targeted computer systems, steal
information or disrupt computer operations.
There are several types of malware, the most important being computer viruses, network worms and Trojan
horses, which are differentiated by the way in which they operate or spread.
Viruses—A computer virus is a piece of code that can replicate and spread from one computer to another. It
requires intervention or execution to replicate and/or cause damage.
Network worm—A variant of the computer virus, which is essentially a piece of self-replicating code
designed to spread itself across computer networks. It does not require intervention or execution to replicate.
Trojan horses—A further category of malware is the Trojan horse, which is a piece of malware that gains
access to a targeted system by hiding within a genuine application. Trojan horses are often broken down into
categories reflecting their purposes.
Botnets—A botnet (a term derived from “robot network”) is a large, automated and distributed network of
previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as
denial-of-service (DoS).

23. CYBERSECURITY CONCEPT (RISK) C O N T.
Other Specific Types of Malware Characterized by their Purposes
Spyware—A class of malware that gathers information about a person or organization without the
knowledge of that person or organization.
Adware—Designed to present advertisements (generally unwanted) to users.
Ransomware—A class of extortive malware that locks or encrypts data or functions and
demands a payment to unlock them.
Keylogger—A class of malware that secretly records user keystrokes and, in some cases, screen
content.
Rootkit—A class of malware that hides its existence by modifying the underlying operating system.

24. CYBERSECURITY CONCEPT (RISK) C O N T.
Other Attack Types
In addition to malware, there are many other types of attacks.
Advanced persistent threats—Complex and coordinated attacks directed at a specific entity or organization. They require an
enormous amount of research and time, often taking months or even years to fully execute.
Backdoor—A means of regaining access to a compromised system by installing software or configuring existing software to enable
remote access under attacker-defined conditions.
Brute force attack—An attack made by trying all possible combinations of passwords or encryption keys until the correct one is
found.
Cross-site scripting (XSS)—A type of injection in which malicious scripts are injected into otherwise benign and trusted web sites.
XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a
different end user. It enables attackers inject client-side scripts into web pages viewed by other users, this enables attackers
to implant malicious code onto users machine without their knowledge. Types are reflective and the persistent.
Denial-of-service (DoS) attack—An assault on a service from a single source that floods it with so many requests that it
becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate.

25. CYBERSECURITY CONCEPT (RISK) C O N T.
Other Attack Types
 Man-in-the-middle attack—An attack strategy in which the attacker intercepts and secretly relays and possibly alters the
communication between two parties who believe they are directly communicating with other other.
 Social engineering—Any attempt to exploit social vulnerabilities to gain access to information and/or systems. It involves a “con
game” that tricks others into divulging information or opening malicious software or programs.
 Phishing—A type of electronic mail (email) attack that attempts to convince a user that the originator is genuine, but with the
intention of obtaining information for use in social engineering.
 Spear phishing—An attack where social engineering techniques are used to masquerade as a trusted party to obtain important
information such as passwords from a particular victim.
 Spoofing—Faking the sending address of a transmission in order to gain illegal entry into a secure system.
 Structure Query Language (SQL) injection— SQL Injection attacks allow an unauthorized user to take control over SQL
statements used by a web application. This attack has a huge impact on the web site, because you can take control of the backend
database (users credentials, credit card numbers etc.). Most web applications use some kind of backend database to store data they
process. To interact with databases systems operators, and programmers, applications and web applications use SQL.
e.g of SQL statement: >> SELECT name, description FROM products WHERE id=9;
 Zero-day exploit—A vulnerability that is exploited before the software creator/vendor or even Anti Virus companies are aware of
its existence.

26. CYBERSECURITY CONCEPT (RISK) C O N T.
Other Attack Types cont.
 Buffer overflow—Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it
was intended to hold. Since buffers are created to contain a finite amount of data, the extra information—which has to go
somewhere—can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
A buffer is an area in the computer Random Access Memory (RAM) reserved for temporary data storage. Data such as:
• User Input
• Server banners received by a client application
Buffers have a finite size. This means that they can only contain a certain amount of data.
e.g. if a client-server application is designed to accept only 8-character long username, the username’s buffer will be 8 bytes long.
1 2 3 4 5 6 7 8…… ……
Other Data in RAM Other Data in RAM
Buffer in RAM
If a developer of an application does not enforce buffers’ limits, an attacker could find a way to write data beyond those limits, thus
actually writing random code in the computer RAM.
This can be exploited to get control over program execution flow!
Being able to write buffer overflow exploit requires deep understanding of assembly programming, how applications and operating
system works and some exotic programming skills.

27. CYBERSECURITY CONCEPT (RISK) C O N T.
POLICY AND PROCEDURE
 Information security policies are a primary element of cybersecurity and governance.
 They specify requirements and define the roles and responsibilities of everyone in the organization, as well as the expected
behaviors in various situations.
 Policy and Procedure must be properly created, accepted and validated by the board and executive management before being
communicated throughout the organization for use.
 Policy and Procedure and every compliance document should have a formal process of being created, reviewed, updated and
approved.
 In some cases there may be legitimate need for an exception to a policy; therefore, a clear process of how an exception is
approved and monitored is necessary.
Compliance Documents Types

28. SECOND KNOWLEDGE CHECK
1. What is RISK, Threat and Vulnerability?
Risk: is the likelihood of a THREAT exploiting a VULNERABILITY in a system to cause an undesirable
IMPACT.
Threat: is anything (object, substance) or human that has the tendency to cause harm.
Vulnerability: is the weakness in a system or control.
2. What is a Zero-Day Attack?
Zero-day exploit—A vulnerability that is exploited before the software creator/vendor or even Anti-Virus companies are
aware of its existence.

29. WEEK2: SECURITY ARCHITECTURE PRINCIPLE

30. Overview of Security Architecture
 Security architecture—describes the structure, components, connections and layout of security controls within an
organization’s IT infrastructure.
• It shows how defense in depth is implemented.
• It also shows how layers of control are linked.
 Security Perimeter—a well-defined boundary between the organization and the outside world.
 In cybersecurity, the focus of security perimeter is Network or System-Centric where the emphasis is on placing
controls at the network and system levels to protect the information stored within.
 Unlike the Data-Centric which emphasizes the protection of data regardless of its location.
 With the advent of the Internet, outsourcing, mobile devices, cloud and other hosted services, the perimeter has expanded
considerably. Consequently, there are significant new risk and vulnerabilities to confront in this hyper-connected and
extended environment. The perimeter, is an important line of defense that protects the enterprise against external threats.
On the contrary, the degree of control over deperimeterized environments has been significantly reduced, especially in
enterprises permitting partial or full integration of user-owned mobile devices (i.e., bring your own device [BYOD]. These
changes have important ramifications for security architecture.
SECURITY ARCHITECTURE PRINCIPLE

31. SECURITY ARCHITECTURE PRINCIPLE C O N T.
Protocols
 In computer network, machine talk to each other by means of protocols. These protocols ensure that
different computers, using different hardware and software, can communicate.
 There are numerous networking protocols on the Internet, each one with its own purpose. We are going to
discuss a few of them in detail.
 Information are exchanged between services and protocol as Packets
 Packets are streams of bits running as electric signals on the physical media used for data transmission. These
media can be a wire in a LAN or the air in a Wi-Fi
 These electrical signals are then interpreted as bits (zeros and ones) that make up the information.
 Every packet in every protocol has the following structure.
 The Header has a protocol specific structure: This ensures that the receiving host can correctly interpret the
payload and handles the overall communication.
 The Payload is the actual information (e.g. an email message or the content of a file during a
download)
HeaderPayload

32. SECURITY ARCHITECTURE PRINCIPLE C O N T .
The OSI MODEL
• The Open Systems Interconnect (OSI) model is used to describe networking protocols. Created in 1984 by the International
Organization for Standardizaition (ISO).
• The OSI Model is rarely implemented in actual networks today.
• It is considered a reference to standardize the development of actual networks.
• There are seven (7) layers in the OSI model.
The OSI Layers

33. SECURITY ARCHITECTURE PRINCIPLE C O N T .
OSI MODEL:
• Each OSI layer performs a specific function for the network:
• Layer 7 Application Layer—Mediates between software applications and other layers of network services
• Layer 6 Presentation Layer—Formats, encrypts and compresses data
• Layer 5 Session Layer—Coordinates and manages user connections
• Layer 4 Transport Layer—Ensures that data are transferred reliably in the correct sequence
• Layer 3 Network Layer—Translates network addresses and routes data from sender to receiver
• Layer 2 Data Link Layer—Divides data into frames that can be transmitted by the physical layer
• Layer 1 Physical Layer—Manages signals among network systems.
• (Mnemonics to remember the OSI Layers)
• All People Seem To Need Data Processing

34. SECURITY ARCHITECTURE PRINCIPLE C O N T .
OSI MODEL: Layers with their respective Encapsulation Units
TCP/IP Model
 Like the OSI model, the TCP/IP model is a four (4) layered system and is used in the same fashion as the OSI model.
As the modern Internet and most communications use the Internet Protocol (IP), the TCP/IP model is technically
more in line with modern network implementations, which is the most widely used protocol.
 TCP/IP is the real-world implementation of a networking stack and is the protocol stack on the internet.
OSI Layers vs TCP/IP Layers
Ethernet frames &
Physical Media
Packets
Segments
Interface for end point service
e.g. web browsing and email

35. SECURITY ARCHITECTURE PRINCIPLE C O N T .
 Encapsulation refers to sending data where the data is augmented with a successive layers of control
information before transmission across the network. In short, the entire upper protocol packet (header +
payload) is/becomes the payload of the lower one.
 The reverse of data encapsulation is decapsulation, which refers to the successive layers of data being
removed (essentially unwrapped) at the receiving end of a network.
 During encapsulation every protocol adds its own header to the packet, treating it as a payload.
 This happens to every packet sent by a host
ENCAPSULATION & DECAPSULATION

36. SECURITY ARCHITECTURE PRINCIPLE C O N T .
Network Access
Internet
Transport
Application
PayloadHeader
Payloa
d
Header
Payloa
d
Header
PayloadHeader
Encapsulation
Encapsulation
Lower Layers

37. SECURITY ARCHITECTURE PRINCIPLE C O N T .

38. SECURITY ARCHITECTURE PRINCIPLE C O N T .
The Concept of Defense-In-Depth
 No single control or countermeasure can completely eliminate risk, it is often important to use several controls to protect an asset.
 This process of using several controls or layering defenses is known as defense in depth.
 It is also called protection in depth or security in depth.
 It forces an adversary to defeat or avoid more than one control to gain access to an asset.
 Adding additional controls to overcome, also creates a delay so that the attack may be interrupted and prevented.
 The number and types of layers needed is a function of asset value, criticality, the reliability of each control and the degree of
exposure.
Types of Defense-In-Depth
1. Concentric Rings/Security Layers
 Creates a series of nested layers that must
be bypassed in order to complete an attack.
 Each layer delays the attacker and provides
opportunities to detect the attack.

39. SECURITY ARCHITECTURE PRINCIPLE C O N T .
Logical Layers of Security Physical Layers of Security

40. SECURITY ARCHITECTURE PRINCIPLE C O N T .
2. Overlapping redundancy
 Two or more controls that work in parallel to protect an asset.
 Provides multiple, overlapping points of detection
 This is most effective when each control is different.
3. Segregation or Compartmentalization
 Compartmentalizes access to an asset, requiring two or more
processes, controls or individuals to access or use the asset.
 This is effective in protecting very high value assets or in
environments where trust is an issue.

41. SECURITY ARCHITECTURE PRINCIPLE C O N T.
Firewalls
 A firewall is defined as a system or combination of systems that enforces a boundary between two
or more networks, typically forming a barrier between a secure and an open environment such as
the Internet.
 It applies rules to control the type of networking traffic flowing in and out.
 Most commercial firewalls are built to handle commonly used Internet protocols.
 Most organizations follow a deny-all philosophy, which means that access to a given resource will
be denied unless a user can provide a specific business reason or need for access to the
information resource.
 The converse of this access philosophy—which is not widely accepted—is the accept-all
philosophy, under which everyone is allowed access unless there is a reason for denying access.

42. SECURITY ARCHITECTURE PRINCIPLE C O N T.
Firewalls:
Generally the types of network firewalls available today fall into 3 categories:
 Packet Filtering Firewalls
In packet filtering, a screening router examines the header of every packet of data traveling between the Internet and the
corporate network. Packet headers contain information, including the IP address of the sender and receiver, as well as the
port numbers (application or service) authorized to use the information transmitted. Based on that information, the router
knows what kind of Internet service (e.g. web-based service or FTP) is being used to send the data as well as the identities
of the sender and receiver of the data. Then, the router can prevent certain packets from being sent between the Internet
and the corporate network. For example, the router could block any traffic to and from suspicious destinations.
 Application Firewall
Application firewalls analyze packets through the use of proxies (e.g. application-level gateways which use a set of
proxies one for each service whereas circuit-level gateways use one proxy server for all services).
 Stateful Inspection Firewalls
Stateful firewalls maintains a state table, in that when packet leaves the private network they are documented so when an in-
coming packets is inbound then it will compare with the table to make sure there is an out-leg for the incoming, in-leg. (i.e.
maintaining a state table). In other words there must be a request and a response!

43. SECURITY ARCHITECTURE PRINCIPLE C O N T.
FIREWALL LAYERS

44. SECURITY ARCHITECTURE PRINCIPLE C O N T .
VLANs
 A common technique for implementing network security is to segment an organization’s network so that each segment can be
separately controlled, monitored and protected.
 Virtual local area networks (VLANs) are groups of devices on one or more logically segmented Local Area Network (LAN).
 A VLAN is set up by configuring ports on a switch, so devices attached to these ports may communicate as if they were attached to
the same physical network segment.
Security Zones and DMZs
 By creating separate zones, controls can be applied at a more granular level based on the systems, information and applications in
each area.
 Separate zones can create defense in depth where additional layers of authentication, access control and monitoring can take place.
Isolation and Segmentation Model

45. THIRD KNOWLEDGE CHECK
1. How many layers does the OSI Model has?
The OSI Model has seven (7) layers.
2. How many layers does the TCP/IP layer has?
The TCP/IP Model has four (4) layers.

46. CRYPTOGRAPHY I N T R O .

47. Cryptanalysis: Deals with unlocking or uncovering the secret that others try so hard to hide
or obscure.
 One of the most valuable components of the cryptosystem is the key
 Types of Cryptography:
Symmetric and
Asymmetric (Public-Key Cryptography)
 Advantages of Asymmetric cryptography are:
It offers non-repudiation and Key distribution benefits
Hash function: Is used in both creating and verifying a digital signature
 To perform verification of the message, hashing is used as part of the digital signatures
creation.
 When the message is received by the intended party or parties, the hashing process is
re-created and then compared to the one original sender created. Digital Signature

48. Certificate Authority
 A certificate’s principal function is to bind a key pair with a particular subscriber
 A Digital Certificate allows you to associate the public key with a particular service such
as a web server for use in e-commerce
 A certificate authority (CA) creates and revokes certificate that it has in it’s control with
the associated public keys.
 When CA goes through the process of creating a certificate, a key pair that is made of a
public key and a private key is generated.
 The public key is made available to the public at large
 The private key is given to the party requesting the digital certificate.
Validation of certificate: When a certificate is presented by one party to another, it must
be validated. Since both parties involved typically do not know each other, they must rely
on a third party who is trusted, THIS IS THE ROLE OF THE CA.

49. Registration Authority (RA)
 This is an entity positioned between the client and the CA that is used to support or
offload work from a CA.
 Although RA cannot generate a certificate, it can accepts request verify a person’s
identity, and pass along the information to the CA that will perform the actual certicate
generation.
 RAs are usually located at the same level as the subscribers for which they perform the
authentication.
Public Key Infrastructure (PKI)
 PKI is designed to validate, issue, and manage certificates on a large scale
 Remember Public Key is bound to a digital certificate
 The digital certificate tells a requester of the public key that it belongs to a specific
party.

50. Hashing
 Hashing can be considered a type of a one-way encryption.
 The process outputs what is known as a hash, hash value, or message digest.
 A hash function generates a fixed-length value that is always the same length no matter
how large or small the data entering the process or algorithm is.
 A one-way hash function is also known as a thumbprint
 Message Digest 2 (MD 2)
 Use in privacy –enhanced mail (PEM) protocols along with MD5.
 MD4 has been replaced by MD5 in most cases
 MD5 is an improved and redesigned version of MD4 that produces a 128 bit hash.
 Also in many cases MD5 has been replaced with SHA 2

51. Some Important Security Links and Usage
2. To download a canary tokens (Honey Pots) on your PCs to alert you if you are hacked!
https://www.stationx.net/canarytokens/
3. List of TCP and UDP port numbers
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
4. Kaspersky Lab
https://cybermap.kaspersky.com/
5.FireEye Threat Maps
https://www.fireeye.com/cyber-map/threat-map.html
6. Fortinet
https://threatmap.fortiguard.com/

52. Thank you!

53. With Great flexibility comes great power of Messing things up!