Cyber security MOD 1

SECURITY MODEL-

1) "no security" in cybersecurity refers to the idea that adding more security tools or downloading more
security-related software can potentially slow down a system, and the system might also have restrictions
on using external drives.

Performance Impact: It's true that some security software, especially if not optimized, can consume
significant system resources (CPU, memory, disk I/O), leading to a slowdown in system performance. This
can happen if multiple security tools are running simultaneously or if the software is performing
resource-intensive tasks like real-time scanning, frequent updates, or complex analyses.

Security Measures: In many high-security environments, the use of external drives (like USB sticks) is
restricted or entirely prohibited to prevent data breaches, malware infections, or the exfiltration of sensitive
data. This is a common practice to reduce the risk of introducing malware into the system or leaking
confidential information.

2) Security Through Obscurity can indeed be summarized as a strategy that involves hiding your
existence to protect against potential threats. The idea is that if attackers are unaware of your system's
presence or details, they are less likely to target it.

In this context:

● Hiding Existence: This can mean making it difficult for attackers to discover that your system or
service even exists. For example:
○ Running services on non-standard ports so they aren't easily found by attackers scanning
common ports.
○ Using obscure URLs or paths for sensitive web pages like admin panels, making them
harder to guess.

3) host-level security refers to security measures that are implemented on individual devices (hosts)
within a network, such as computers, servers, or virtual machines. These measures are designed to
protect each host from threats, both external and internal, and to ensure the integrity, confidentiality, and
availability of the data and services running on that host.

Key Components of Host-Level Security:

1. Updating Antivirus Software:

○ Regular Updates: Keeping antivirus software up to date ensures that the host is protected
against the latest known malware, viruses, and other malicious software.
○ Real-Time Scanning: Enabling real-time protection to detect and block threats as they
attempt to execute.
2. Updating Firewall:
○ Firewall Rules: Configuring the host's firewall to control incoming and outgoing network
traffic based on security rules, blocking unauthorized access.
○ Regular Updates: Keeping the firewall software and its rules up to date to adapt to new
threats and vulnerabilities.
4) Network security involves implementing a combination of hardware and software technologies,
processes, and policies to defend against unauthorized access, misuse, malfunction, modification,
destruction, or improper disclosure.

Key Components of Network Security:

1. Firewalls:
○ Traffic Filtering: Firewalls act as barriers between internal networks and external networks
(like the internet). They filter incoming and outgoing traffic based on predefined security
rules, blocking potentially harmful traffic and allowing legitimate communications.
○ Types of Firewalls: Includes network firewalls (which protect the entire network) and
host-based firewalls (which protect individual devices).
2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS):
○ IDS: Monitors network traffic for suspicious activities or known threats and alerts
administrators when a potential issue is detected.
○ IPS: Similar to IDS, but it can also take automatic action to block or mitigate detected
threats in real-time.
3. Virtual Private Networks (VPNs):
○ Secure Communication: VPNs encrypt data transmitted between remote users and the
organization's network, ensuring that sensitive information is protected from interception
during transmission.

PRINCIPLES OF SECURITY-

The key principles of security in cybersecurity include:

1. Confidentiality

● Definition: Ensuring that sensitive information is accessible only to authorized users and is
protected from unauthorized access.
● Key Practices:
○ Encryption: Protecting data in transit and at rest by converting it into a secure format.
○ Access Control: Implementing user authentication and authorization mechanisms to
restrict access to sensitive information.
○ Data Masking: Concealing specific data elements within a database or file to prevent
unauthorized access to sensitive information.

2. Integrity

● Definition: Ensuring that data remains accurate, complete, and unaltered during storage,
processing, or transmission.
● Key Practices:
○ Hashing: Using cryptographic hash functions to verify the integrity of data by generating a
unique hash value.
○ Digital Signatures: Ensuring the authenticity and integrity of a message, software, or
digital document.
 ○ Checksums: Verifying data integrity by comparing calculated checksum values before and
after transmission.

3. Availability

● Definition: Ensuring that information and resources are accessible to authorized users when
needed.
● Key Practices:
○ Redundancy: Implementing backup systems, failover mechanisms, and duplicate
resources to ensure continuous availability.
○ Disaster Recovery Planning: Preparing for and mitigating the impact of disasters or
disruptions, ensuring quick recovery of operations.
○ DDoS Protection: Using tools and strategies to protect against Distributed Denial of
Service (DDoS) attacks that can disrupt availability.

4. Authentication

● Definition: Verifying the identity of users, devices, or systems to ensure that they are who they
claim to be.
● Key Practices:
○ Passwords: Using strong, unique passwords and implementing password management
policies.
○ Multi-Factor Authentication (MFA): Requiring additional verification steps, such as a
fingerprint or a code sent to a mobile device.
○ Biometrics: Using unique physical characteristics, such as fingerprints or facial
recognition, to authenticate users.

5. Authorization

● Definition: Granting or denying permissions to access resources or perform actions based on the
user's identity and role.
● Key Practices:
○ Role-Based Access Control (RBAC): Assigning permissions based on the roles of
individual users within the organization.
○ Least Privilege: Limiting user access to the minimum necessary to perform their duties.
○ Access Control Lists (ACLs): Specifying which users or system processes are granted
access to objects and what operations they can perform.

+ Copy s 2 point