Skip to content

Commit

Permalink
Updated CySec
Browse files Browse the repository at this point in the history
  • Loading branch information
@itspatkar
itspatkar committed Dec 2, 2024
1 parent 2f68c3a commit a08cdd3
Showing 1 changed file with 134 additions and 5 deletions.
139 changes: 134 additions & 5 deletions cysec.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ <h3 class="title">Cyber Security</h3>
<div class="section-list">
<ul>
<li><a href="#cia">CIA Triad</a></li>
<li><a href="#cryptography">Cryptography</a></li>
<li><a href="#encryption">Encryption</a></li>
<li><a href="#hash">Hashing</a></li>
<li><a href="#secops">Security Operations</a></li>
<li><a href="#risk">Risk Management</a></li>
<li><a href="#governance">Governance Elements</a></li>
</ul>
Expand Down Expand Up @@ -59,16 +63,141 @@ <h6>Non-Repudiation* :</h6>
</div>
</div>

<div class="sections" id="cryptography">
<h4 class="heading"># Cryptography</h4>
<div class="content">
<p>Cryptography is the practice and study of techniques for securing communication and data from third parties. It involves the creation of mathematical algorithms and protocols that ensure confidentiality, integrity, authenticity, and non-repudiation of information.</p>
<ul>
<li>
<h6>Encryption :</h6>
<p>Encryption is the process of transforming readable plaintext into unreadable ciphertext to mask sensitive information from unauthorized users. Encryption is used to protect sensitive data from unauthorized access and data breaches.</p>
</li>
<li>
<h6>Decryption :</h6>
<p>The description is a reverse process of encryption, where ciphertext is transformed back into plaintext using a decryption key.</p>
</li>
<li>
<h6>Hashing :</h6>
<p>Hashing is a method of converting data (message, file, or password) into a fixed-size string of characters, which typically represents a "fingerprint" of the original data. This converted hash value is called digest. Hashes are used for data integrity checks, ensuring that data has not been altered.</p>
</li>
<li>
<h6>Digital Signature :</h6>
<p></p>
</li>
<li>
<h6>Public Key Infrastructure (PKI) :</h6>
<p></p>
</li>
</ul>
</div>
</div>

<div class="sections" id="encryption">
<h4 class="heading"># Encryption</h4>
<div class="content">
<p>Encryption is the process of transforming readable plaintext into unreadable ciphertext to mask sensitive information from unauthorized users. Encryption is used to protect sensitive data from unauthorized access and data breaches. Encryption works by using encryption algorithms to encrypt data into an indecipherable format. Only authorized parties with the right secret key, known as the decryption key, can decrypt the data.</p>
<ul class="justify">
<li><b>Plaintext :</b> Plaintext is the original, readable data or message in its unencrypted form. Its meaning or value is immediately accessible and usable by the end user (person or a process).</li>
<li><b>Ciphertext :</b> Ciphertext is the encrypted, unreadable data or message and is not interpretable without the decryption key.</li>
<li><b>Encryption Algorithm :</b> An encryption algorithm is a mathematical procedure used to transform data (plaintext) into an unreadable format (ciphertext). This transformation process is achieved using a set of rules and a cryptographic key.</li>
</ul>
<h6>Types of Encryption -</h6>
<ul class="justify">
<li><b>Symmetric Encryption :</b> In symmetric encryption, the same key is used for both encryption and decryption processes. Example: AES (Advanced Encryption Standard) and DES (Data Encryption Standard) </li>
<li><b>Asymmetric Encryption :</b> In asymmetric encryption, different keys are used for encryption and decryption: a public key for encryption and a private key for decryption. Example: RSA (Rivest-Shamir-Adleman)</li>
</ul>
</div>
</div>

<div class="sections" id="Hash">
<h4 class="heading"># Hashing</h4>
<div class="content">
<p>Hashing is a method of converting data (message, file, or password) into a fixed-size string of characters, which typically represents a "fingerprint" of the original data. This converted hash value is called digest. Hashes are used for data integrity checks, ensuring that data has not been altered. Hashing is often used in file fingerprinting and storing passwords securely. Instead of storing the password itself, systems store the hash of the password.</p>
<ul class="justify">
<li>The key property of a hash function is that it produces a fixed-size output for any size of input.</li>
<li>The same input will always produce the same hash value, and even a tiny change in input will generate drastically different hash values.</li>
<li>The hash is irreversible, that is, a one-way operation; one cannot reverse the process to retrieve the original input data from the hash value.</li>
<li>Example: MD5 (Message Digest Algorithm) and SHA (Secure Hash Algorithm).</li>
</ul>
<h5>Checksum :</h5>
<p>A checksum is a small-sized piece of data generated from a larger set of data, used for error detection in data transmission and storage. When the data is transmitted or stored, the checksum is sent or saved alongside it. A checksum is computed by applying a mathematical algorithm (e.g., CRC32, MD5, SHA-1) to the data. Checksum is used in error detection in file transfers, storage, and network protocols (e.g., CRC checks in network protocols like Ethernet or ZIP file integrity).</p>
<ul class="justify">
<li>Checksums are fast and efficient for detecting accidental data corruption but are not designed for security purposes; they don't provide a high level of protection against malicious tampering.</li>
<li>For data integrity and colision resistance, more robust and secure hashes are used.</li>
</ul>
</div>
</div>

<div class="sections" id="secops">
<h4 class="heading"># Security Operations</h4>
<div class="content">
<p>SecOps (Security Operations) is a crucial discipline in cybersecurity that focuses on the integration of security practices and IT operations to ensure the continuous protection, monitoring, and management of an organization's infrastructure, networks, and data.</p>
<h5>Logging and Monitoring :</h5>
<p>Logging refers to the practice of recording detailed information about events, processes, and actions that occur within a system or network.</p>
<ul class="justify">
<li>These records, called logs, provide a history of events and activities that can be used for troubleshooting, performance monitoring, security auditing, and incident response.</li>
<li>A log contains information such as user IDs, system activities, dates and times of key events, device and location identity, system and resource access attempts, system configurations, network traffic, and track or history of events.</li>
<li>A log should be stored separately from the system where it is generated.</li>
</ul>

<h5>Security Information and Event Management :</h5>
<p>Security Information and Event Management (SIEM) is a system or tool used to provide real-time monitoring, analysis, and response to security threats across an organization's IT infrastructure.</p>
<ul class="justify">
<li>SIEM tools collect, aggregate, and analyze data from various sources, such as security logs, network traffic, and endpoint devices, to detect potential security incidents, vulnerabilities, or breaches.</li>
<li>Characteristics of SIEM are log management, event correlation, and real-time monitoring; incident detection and alerts; reporting and compliance; and forensics and analysis.</li>
<li>Logs are the raw data generated by systems and provide detailed records of activities. And SIEM is a tool that aggregates, normalizes, and analyzes these logs in real-time to detect security threats, providing more advanced insights, automation, and compliance reporting.</li>
<li>While logs provide the foundational data, SIEM platforms use that data to enhance security monitoring and response, making SIEM an essential tool for managing and interpreting logs in the context of cybersecurity.</li>
<li>Example: Splunk, a popular SIEM platform that helps organizations monitor, analyze, and respond to security events and incidents.</li>
</ul>

<h5>Intrusion Detection Systems :</h5>
<p>Intrusion Detection Systems (IDS) are security tools designed to detect unauthorized access or anomalies in a network or system. IDS monitors and analyzes network traffic, system activity, and user behavior to identify potential security breaches, such as cyberattacks or data theft, and alerts administrators to take action. IDS automate the inspection of logs and real-time system events to detect intrusion attempts and system failures.</p>
<h6>Type of IDS -</h6>
<ul class="justify">
<li><b>Network-based IDS (NIDS) :</b> HIDs monitor activity on individual devices or hosts (servers, computers). It is installed on the host device, where it monitors file integrity, system calls, and application logs. It detects internal threats and activities like unauthorized access to files and malicious changes to system configurations.</li>
<li><b>Host-based IDS (HIDS) :</b> NIDs monitor network traffic for suspicious activity. It is placed at strategic points within the network (e.g., between the internal network and the internet). It detects external attacks like denial-of-service (DoS) and port scanning.</li>
</ul>

<h5>Intrusion Prevention Systems :</h5>
<p>An Intrusion Prevention System (IPS) is a network security device that monitors network and/or system activities for malicious activity. IPS is placed in line with traffic and is more advanced than an Intrusion Detection System (IDS). IPS not only detects but also automatically blocks or prevents the detected threats in real time to prevent unauthorized access or attacks on computer systems and networks. Since IPSs are more effective at preventing network-based attacks, their function is integrated into firewalls.</p>
<h6>Types of IPS -</h6>
<ul class="justify">
<li><b>Network-based IPS (NIPS) :</b> These are deployed at key points in the network (e.g., network perimeter) to monitor and protect the entire network.</li>
<li><b>Host-based IPS (HIPS) :</b> Installed on individual devices or hosts, HIPS protect against threats targeting a specific machine, such as a server or endpoint.</li>
<li><b>Wireless IPS (WIPS) :</b> A specialized IPS designed to protect wireless networks from unauthorized access or attacks.</li>
</ul>

<h5>Firewalls :</h5>
<p>A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. These rules can be configured to permit or deny traffic based on factors such as IP address, port number, protocol, or specific applications. Firewalls can be hardware devices, software programs, or a combination of both. Firewalls use a variety of techniques to control and monitor network traffic, including packet filtering, stateful inspection, and application-level filtering. It blocks unauthorized access and filters out malicious traffic.</p>
<h6>Types of Firewall -</h6>
<ul class="justify">
<li><b>Network-based Firewall</b> : A network firewall is a device that protects an entire network from unauthorized access and attacks. Network firewalls can be hardware or software based and are typically installed at the perimeter of a network to block unauthorized access from the internet.</li>
<li><b>Host-based Firewall :</b> A host-based firewall is a firewall that protects an individual computer from unauthorized access and attacks. Host-based firewalls are typically software-based and are installed on individual computers to control access to network resources and block unauthorized traffic.</li>
</ul>
</div>
</div>

<div class="sections" id="risk">
<h4 class="heading"># Risk Management</h4>
<div class="content">
<p>Risk management in cybersecurity is the process of identifying, assessing, and mitigating risks to an organization's digital assets, systems, and information.</p>
<h6>Risk Management Terminology :</h6>
<p>Risk management is the process of identifying, assessing, and mitigating potential risks to an organization's digital assets, systems, and information. It includes risk assessments and audits, vulnerability scanning, implementing preventive measures such as firewalls, encryption, or multi-factor authentication, and developing risk management frameworks and policies.</p>
<h5>Incident Response :</h5>
<p>Incident Response (IR) refers to the organized approach taken by an organization to detect, respond to, manage, and recover from security incidents, such as cyberattacks, data breaches, or other malicious activities. The goal of incident response is to minimize the impact of an incident, restore normal operations as quickly as possible, and learn from the event to improve future security measures.</p>
<h6>Terminologies -</h6>
<ul class="justify">
<li><b>Asset :</b> An asset is something in need of protection.</li>
<li><b>Vulnerability :</b> A vulnerability is a gap or weakness in those protection effort.</li>
<li><b>Threat :</b> A threat something or someone that aims to exploit a vulnerability to thwart protection efforts.</li>
<li><b>Asset :</b> An asset refers to any valuable entity that needs protection within an organization's IT infrastructure, network, or environment. Assets can include both tangible (physical devices) and intangible resources (data, software, and intellectual property).</li>
<li><b>Event :</b> An event refers to any observable occurrence or action within a system, network, or environment.</li>
<li><b>Vulnerability :</b> Weakness in a system, system security procedures, internal controls, or implementation that could be exploited by a threat source.</li>
<li><b>Threat :</b> A threat is a potential or ongoing danger that could exploit a vulnerability to cause harm to a system, network, or organization via unauthorized access, destruction, disclosure, or modification of information.</li>
<li><b>Exploit :</b> An exploit is a piece of software, code, or technique that leverages a vulnerability in a system, application, or network to cause unintended behavior or gain unauthorized access.</li>
<li><b>Attack :</b> An attack refers to any deliberate action taken by a malicious actor with the intent to compromise the confidentiality, integrity, or availability of a system or network.</li>
<li><b>Intrusion :</b> A security event or combination of events in which an intruder gains or attempts to gain unauthorized access to a system or system resource.</li>
<li><b>Breach :</b> A breach refers to an incident where unauthorized access, disclosure, or manipulation of data, systems, or networks occurs.</li>
<li><b>Incident :</b> An event that actually or potentially compromises the confidentiality, integrity, or availability of a system or network.</li>
<li><b>Zero Day :</b> A zero-day refers to a vulnerability in a software or system that is unknown to the vendor or the public.</li>
</ul>
<h6>Rebundancy :</h6>
<p>Redundancy refers to the practice of implementing backup systems, processes, or components to ensure that critical functions continue to operate smoothly in the event of failures, attacks, or disasters. By incorporating redundant systems, data storage, and network paths, organizations can reduce the risk of downtime, data loss, and service interruptions caused by system failures, cyberattacks, or other disruptions.</p>
</div>
</div>

Expand Down

0 comments on commit a08cdd3

Please sign in to comment.