

































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
1. Interactive Cybersecurity Awareness Guide Design a document that includes quizzes, checklists, and real-life scenarios. Add sections like “Can You Spot the Phish?” or “Choose Your Security Adventure.” Include infographics and step-by-step guides for common security tasks.
Typology: Study notes
1 / 73
This page cannot be seen from the preview
Don't miss anything!


































































Module 1 learning outcomes Having completed this module you will be able to: Define cybersecurity and explain its importance. Outline types of cybersecurity threats and common attack vectors. Explain the fundamentals of network security and list its components. Identify key network protocols and their vulnerabilities. Explain firewall technologies and intrusion detection systems. Discuss operating system security principles. Identify security mechanisms in operating systems. Describe secure configuration and hardening of operating system Introduction to Cybersecurity This topic will introduce you to cybersecurity. Topics to Be Covered: Understanding the basics of cybersecurity. Importance of cybersecurity. Cybersecurity in the digital age. Why is cybersecurity important? Cybersecurity in the digital age: more relevant than ever. Overview of cyber threats and attack vectors. Common attack vectors. Legal and ethical considerations in cybersecurity. Understanding the Basics of Cybersecurity Definition of Cybersecurity Cybersecurity refers to the practice of safeguarding computer systems, networks, and digital information from any unwarranted access, use, disclosure, disruption, or destruction. This involves taking various measures and technologies in place to secure computers servers mobile devices electronic systems data against cyber threats such as hacking malware phishing ransomware other forms of attacks such as ransomware etc.
Importance of Cybersecurity At present, cybersecurity holds enormous value as we become ever more dependent on digital technology to perform daily tasks. The greater risks from cyber threats include significant financial loss, damage to an individual or organisation's reputation, loss of sensitive data or threats to national security. Such in breaches in security measures being exploited make fully understanding and implementing the process for cybersecurity measures imperative for today Cybersecurity in the Digital Age The Digital Age: A New Frontier The digital or information age is an era in human history defined by an economic shift away from traditional manufacturing towards an economy reliant on information technology. Today we live more connected than ever before as data is produced, stored, shared, and accessed across computers, mobile phones and cloud platforms worldwide. While our connected and data-driven world provides many conveniences and advancements, it also presents numerous risks and vulnerabilities which necessitate the implementation of cybersecurity practices to safeguard us all. Therefore, its significance cannot be underrated. Why is Cybersecurity Important?
Attackers often employ physical devices such as USB flash drives to gain entry to systems and compromise them. Leaving such seemingly innocent items lying about makes for easier compromise by attackers who will soon discover it and exploit its vulnerabilities.
Fundamentals of Network Security What Is Network Security (NS)? Network security refers to practices and policies implemented to detect, deter and monitor any unlawful access, misuse, modification, or denial of computer networks and related resources in an effort to safeguard infrastructure as well as data. The goal is securing these vital components of an efficient digital society. Why Is Network Security Essential? With organisations becoming ever more interconnected, vulnerabilities within network connections increase exponentially; thus making network security an essential aspect of cybersecurity. Network security protects user data while guaranteeing usability, reliability and integrity within a network infrastructure from threats such as malware, ransomware, phishing or denial-of-service (DoS) attacks. Components of Network Security Network security entails multiple layers of defences at both the edge and in the network, each layer implementing policies and controls designed to allow only authorised users access to network resources while keeping malicious actors away. Key elements include: 1. Access Control This is used to control who can access the network. It effectively keeps unauthorised persons out while granting access to authorised users. 2 Antivirus and Antimalware Software Antivirus and antimalware software is intended to defend against malware such as viruses, ransomware, worms, trojans and spyware. 3. Firewalls Firewalls act as barriers between an internal network and external networks (typically the internet) which help block malicious traffic while permitting legitimate traffic through. 4. Virtual Private Networks VPN enables secure connections over the internet between networks. A VPN provides privacy when browsing over public WiFi networks or public Wi-Fi hotspots - an additional layer of protection. 5. Intrusion Prevention Systems (IPS) These systems identify fast-spreading threats, such as zero-day or zero-hour attacks.
Stateful Inspection Firewall: Also known as dynamic packet filtering, this firewall keeps track of active connections and only allows traffic through if it's part of an already-established connection. Proxy Firewall: Proxy firewalls operate at the application layer, filtering traffic between two systems by invoking a service request on behalf of one system. Next-Generation Firewall (NGFW): These firewalls include functions of traditional firewalls plus other network device filtering functionalities, such as intrusion prevention, SSL and SSH inspection, deep-packet inspection, and reputation-based malware detection. What is an IDS? An Intrusion Detection System (IDS) monitors network traffic for any suspicious activities that could indicate potential intrusion attempts and sends alerts when such activity is spotted. While IDS's are highly efficient at spotting anomalies, they cannot prevent intrusion attempts themselves from taking place. Types of Intrusion Detection Systems Intrusion Prevention Systems (IPS)
Remember, cybersecurity should not be considered an immediate fix but an ongoing process! Virtual Private Networks/Secure Remote Access What is a VPN? Virtual Private Network (VPN) technology creates a secure tunnel between your device and either the network at work or an Internet server, effectively creating an extension of private networks across public ones to allow users to send and receive data as though their computing devices were directly linked into them. Why is VPN Important? VPNs are crucial for preserving privacy and securing data exchange in a world where data breaches and surveillance are significant concerns. Encryption: VPN provides strong encryption to ensure that even if cybercriminals intercept data they cannot read it. Anonymity: VPN can mask your IP address, making your online actions virtually untraceable. Remote Access: VPNs provide a secure way for remote employees to access necessary resources on their company's network Understanding Secure Remote Access Secure remote access refers to any method by which an individual may connect securely with a network from outside its location - this may involve VPNs but could also involve using other strategies and tools. Ensuring secure remote access is crucial in protecting your network. This involves several elements: Authentication: Ensure only authenticated users can gain entry to a network using passwords or alternative methods like biometric verification and multi-factor authentication. Authorization: This involves managing user permissions, so users can only access the data and systems they need for their work. Encryption: As mentioned above, encryption involves encoding data so it cannot be read if intercepted and read by third parties. Monitoring: Continuously monitoring network activity can help identify any unusual or suspicious behaviour that might signal a security breach
systems and processes alike. Should an attacker gain entry, PoLP limits their potential damage. Principle 2: Principle of Defense in Depth Defence in Depth refers to using multiple security measures to defend one asset; that way if one measure fails, others remain intact - for instance a strong OS security strategy could include firewalls, antivirus software and regular system updates. Principle 3: Fail-Safe Stance The fail-safe stance principle stipulates that should any system or function fail in an unsafe way, its failure should occur in such a way as to minimise possible harm or disruption - for instance if verification function failure were to occur and requests weren't denied by system instead of approved, as per this theory. Principle 4: Separation of Duties Separation of duties (SoD) is a concept that helps prevent fraud and error. This principle asserts that a task typically engaged in fraud should be broken into separate steps, each requiring different individuals. In an OS, key system administrative tasks can be distributed among multiple roles to prevent misuse. Principle 5: Security by Design Security by design refers to incorporating security protocols and tools into an OS during its design phase instead of trying to add them post-buildup. Building security from day one often proves easier and more effective. Security Mechanisms in Operating Systems Authentication: Identify verification is the process of authenticating users, processes or devices on an operating system, typically through username and password authentication; more advanced systems might also use biometric information or security tokens as methods of confirmation. Access Control: An access control mechanism within an OS is designed to regulate access to certain resources within it by following certain rules that determine who or what can access which resources. Encryption: Encryption can protect information stored within an OS as well as data being transmitted into or out of it. Audit and Logging: Monitoring system activities is important in detecting any irregular or suspicious activities on an operating system (OS), from user log-in/out sessions and file access events to special notifications such as suspicious email communications. OS keeps logs of these and many more activities for your review. Operating system security is at the core of overall cybersecurity, making up one of its three pillars. Understanding its principles is vital in creating and maintaining secure systems; next we'll delve deeper into specific ways we can secure different operating systems like Windows, Linux and MacOS.
Remember, any system is only as safe as its weakest link; even minor breaches in OS security could give cybercriminals an entryway into your OS and provide opportunities for attacks. Therefore, always remain alert and strive to learn. Secure Configuration and Hardening of OS Hardening of an operating system comes into play after installation as many features which, although useful, could create potential vulnerabilities if left unsecured. Hardening provides one way of protecting these features against being misused. What is OS Hardening? OS hardening is the process of securing an operating system by reducing its surface of vulnerability. This is achieved by configuring the OS securely, turning off unnecessary services, deleting unused accounts, keeping the system updated, and applying the necessary security patches. Secure Configuration Step one in hardening an OS is configuring it securely. While the exact process varies based on which OS is being used, here are some general steps:
Use Two-Factor Authentication (2FA): 2FA greatly increases account security by requiring a second form of identification. Regularly Review Accounts and Privileges: Regularly check for outdated or excessive privileges and inactive accounts. Train Users: Educate users about secure behaviour, such as not sharing passwords, recognizing phishing attempts, and reporting suspected security incidents. User and account administration is essential in developing an effective cybersecurity plan. By carefully controlling access to your systems, user and account administration allows you to greatly decrease both internal and external security incidents. Patch Management and Vulnerability Assessment What is Patch Management? Patch management refers to the practice of disseminating and applying updates, or patches, to software applications and technologies. Patches serve various functions ranging from fixing software bugs and improving functionality to eliminating security vulnerabilities that pose threats against our organisation. Why is Patch Management Important? Maintaining an effective patch management process is vitally important, for various reasons:
Patch Management - Best Practices Keep a comprehensive inventory of all systems and applications which require patching. Prioritise patches based on the severity of the vulnerabilities they resolve. Test patches in a controlled environment before deployment to ensure they don't introduce new problems. Schedule patching during off-peak hours to minimise disruption. Automate the patch management process as much as possible to ensure patches are applied promptly and consistently. Vulnerability Assessment Best Practices Conduct vulnerability scans regularly, not just once. Use automated tools to help identify known vulnerabilities. After a vulnerability assessment, act promptly to address identified vulnerabilities. Include hardware, software, and human factors in your vulnerability assessments. Vulnerability assessment should not be seen as a one-off event but as part of your cybersecurity plan's long-term implementation strategy. Lesson Summary Cybersecurity refers to the practice of safeguarding computer systems, networks, and digital information from any unwarranted access, use, disclosure, disruption, or destruction. At present, cybersecurity holds enormous value. Understanding cybersecurity fundamentals is the first step toward protecting yourself or your business against potential cyber threats. One of the key functions of cybersecurity is protecting sensitive data - be it personal details of individuals, intellectual property of businesses, or classified government files. As we progress into a digital society, cybersecurity will remain at the centre of discussions. An attack vector is any route through which an attacker gains unauthorised entry to a computer or network with malicious intentions and delivers their payload or payoff. Network security refers to practices and policies implemented to detect, deter and monitor any unlawful access, misuse, modification, or denial of computer networks and related resources in an effort to safeguard infrastructure as well as data. Network security is crucial in today's interconnected world to protect sensitive data and prevent disruptions to service.
cryptography relies on two keys for encryption and decryption - public for public key encryption while private for decryption. PKI provides a framework that facilitates functions like digital signature, encryption and authentication - essential capabilities that verify data integrity and source, providing secure transactions and communications online. Key Components of PKI: Digital Certificates: These are electronic 'passwords' that allow a party receiving certain information to decode content encrypted by the party who originally sent the info. Certificate Authorities (CAs): Certificate Authorities provide trusted third-party digital certificates by verifying identity and associating cryptographic keys to users who apply for them. Certificate Store: This is a storage space for digital certificates. Key Pair (Public and Private Keys): These mathematically related keys must remain secret, while their public counterpart can be freely made accessible for anyone to use. What are Digital Certificates? Digital certificates are electronic documents created using digital signature technology to link a public key with its identity, providing proof that an individual owns them. Under most PKI schemes, a certificate authority (CA), often an organisation charged by customers to issue them certificates, is the issuer of certificates for them. Digital Certificates typically contain: Owner's public key. Owner's name. Expiration date of the public key. Name of the issuer. Serial number of the Digital Certificate. Digital signature of the issuer. Applications of PKI and Digital Certificates