Unit 1 — Principles of Cryptography & Cyber Security

Unit 1 — Principles of Cryptography & Cyber Security

. 

---

Foundations of Cyber Security Concepts

Cyber Security means protecting:

Computers

Networks

Software

Data

Digital systems

from:

Unauthorized access

Attacks

Damage

Theft

Malware

---

Why Cyber Security is Important

Today everything is online:

Banking

Shopping

Government services

Education

Social media

If security is weak:

Data can be stolen

Money can be lost

Systems may stop working

Privacy gets compromised

---

Essential Terminologies

1. CIA Triad

CIA is the foundation of Cyber Security.

(A) Confidentiality

Data should only be accessible to authorized people.

Example:

ATM PIN

Passwords

Bank details

Methods:

Encryption

Passwords

Authentication

---

(B) Integrity

Data should not be modified illegally.

Example: Marks stored in university database should remain correct.

Methods:

Hashing

Digital signatures

Access control

---

(C) Availability

Systems and data should be available whenever needed.

Example: Bank servers should work 24×7.

Methods:

Backups

Firewalls

Disaster recovery

---

Risks

A risk is the possibility of damage or loss.

Example: Weak password can create risk of hacking.

Formula: Risk = Threat × Vulnerability

---

Threats

Anything that can cause harm to a system.

Examples:

Hackers

Viruses

Natural disasters

Insider attacks

Types:

Internal threats

External threats

---

Breach

Unauthorized access to confidential data.

Example: A hacker steals customer credit card information.

Data breaches may cause:

Financial loss

Reputation damage

Legal problems

---

Attacks

An attempt to exploit vulnerabilities.

Types:

Phishing

Malware attack

SQL Injection

Denial of Service (DoS)

---

Exploits

Code or techniques used to take advantage of vulnerabilities.

Example: Using a software bug to gain admin access.

---

Information Gathering

The first step of hacking.

Attackers collect information about target systems.

Two main methods:

1. Social Engineering

2. Footprinting & Scanning

---

Social Engineering

Manipulating people to reveal confidential information.

Example: Fake call asking for OTP or password.

Types:

Phishing

Vishing (voice call fraud)

Smishing (SMS fraud)

Prevention:

User awareness

Verification methods

Security training

---

Footprinting

Collecting information about a target.

Information collected:

IP address

Domain details

Employee details

Network information

Methods:

WHOIS lookup

Google hacking

DNS queries

---

Scanning

Used to identify:

Open ports

Services

Vulnerabilities

Types:

Port scanning

Network scanning

Vulnerability scanning

---

Open Source / Free Tools

Nmap

Popular network scanning tool.

Features:

Detect hosts

Open ports

Services running

OS detection

Example command:

nmap 192.168.1.1

---

Zenmap

GUI version of Nmap.

Advantages:

Easy interface

Visual scanning

Network mapping

---

Port Scanner

Checks which ports are open.

Common ports:

80 → HTTP

443 → HTTPS

21 → FTP

---

Network Scanner

Scans entire networks to identify:

Devices

IP addresses

Active systems

---

Cyber Security Vulnerabilities

Weaknesses in systems.

Types:

1. Software Vulnerabilities

Errors or bugs in software.

Example: Outdated Windows OS.

---

2. Weak Authentication

Weak passwords or no multi-factor authentication.

Example: Password = 123456

---

3. Poor Authorization

Users getting access they should not have.

---

4. Complex Networks

Large networks become difficult to manage securely.

---

5. Open Access to Data

Sensitive data available publicly.

---

6. Unprotected Communication

Data sent without encryption.

Example: Using HTTP instead of HTTPS.

---

Cyber Security Safeguards

Methods used to protect systems.

---

Access Control

Restricts who can access resources.

Types:

Role-based access

Password protection

Biometric authentication

---

IT Audit

Checking security policies and systems regularly.

Purpose:

Find vulnerabilities

Ensure compliance

Improve security

---

Authentication

Verifying identity of users.

Methods:

Passwords

OTP

Biometrics

Smart cards

---

Important Exam Questions

Short Questions

1. Define Cyber Security.

2. Explain CIA Triad.

3. What is Footprinting?

4. Difference between Threat and Risk.

5. What is Social Engineering?

6. Define Vulnerability.

7. What is Authentication?

8. Explain Nmap.

---

Long Questions (6–10 Marks)

1. Explain CIA Triad with examples.

2. Describe various Cyber Security vulnerabilities.

3. Explain Information Gathering techniques.

4. Discuss Social Engineering attacks and prevention.

5. Explain different Cyber Security safeguards.

6. Write detailed notes on Nmap and Zenmap.

---

Quick Revision Notes

CIA = Confidentiality + Integrity + Availability

Threat = Possible danger

Risk = Chance of loss

Vulnerability = Weakness

Exploit = Method to attack weakness

Nmap = Network scanner

Footprinting = Information collection

Scanning = Finding open services

Authentication = Identity verification

Next topics in Unit 1:

Access Control

IT Audit

Authentication methods

Advanced scanning concepts

Practical cybersecurity tools