Chapter 2: Cyber Security Foundations and Principles

Elements, CIA Triad, AAA Services & Protection Mechanisms

๐Ÿ“š Table of Contents

๐ŸŽฏ Overview & Key Elements

What is Cybersecurity All About?

To achieve security, we need to combine 3 key pillars:

๐Ÿ‘ฅ People

Users must understand and comply with basic data security principles:

  • Choosing strong passwords
  • Being wary of email attachments
  • Backing up data regularly
  • Security awareness training

๐Ÿ“‹ Policies

Organizations must have a framework for:

  • Handling attempted cyber attacks
  • Responding to successful breaches
  • Incident response procedures
  • Business continuity planning

๐Ÿ”ง Technology

Essential tools to protect against cyber attacks:

  • Firewalls and IDS/IPS
  • Antivirus software
  • Encryption tools
  • Access control systems

Three Main Entities to Protect

๐Ÿ’ป Endpoint Devices

Computers, smartphones, routers, IoT devices

๐ŸŒ Networks

LANs, WANs, wireless networks, internet connections

โ˜๏ธ Cloud & Data Centers

Cloud services, servers, storage systems

Common Protection Technologies

โš ๏ธ Threats, Vulnerabilities & Countermeasures

๐Ÿ”“ Vulnerability

Definition: A weakness in the security system (procedures, design, or implementation) that might be exploited to cause loss or harm.

Examples:
  • Unpatched software
  • Weak passwords
  • Misconfigured systems
  • Physical access gaps

โšก Threat

Definition: A set of circumstances that has the potential to cause loss or harm; a potential violation of security.

Examples:
  • Malware attacks
  • Insider threats
  • Natural disasters
  • Hardware failures

๐Ÿ›ก๏ธ Control

Definition: An action, device, procedure, or technique that removes or reduces a vulnerability.

Examples:
  • Security patches
  • Access controls
  • Encryption
  • Security training

๐ŸŽฏ Key Concept: Exploit

A human (criminal) who exploits a vulnerability commits an attack on the system. The relationship is:

Threat + Vulnerability - Control = Risk

Threat Damage Types (The Four I's)

๐Ÿšซ Interruption

Asset becomes unavailable or unusable. Attacks on availability.

Availability Attack

๐Ÿ‘๏ธ Interception

Unauthorized party gains access to an asset. Attacks on confidentiality.

Confidentiality Attack

โœ๏ธ Modification

Unauthorized party changes an asset. Attacks on integrity.

Integrity Attack

โž• Fabrication

Unauthorized party creates counterfeit assets. Attacks on authenticity.

Authenticity Attack

๐Ÿ” Types of Cybersecurity Threats

Threat Categories

Category Types Examples
Human Factor Malicious & Non-malicious Social engineering, mistakes, insider threats
Environmental Natural & Man-made Floods, fires, power outages
Technical Hardware & Software System failures, bugs, vulnerabilities
Operational Processes & Procedures Poor practices, lack of training

Advanced Threat Types

๐ŸŽฏ Zero-Day Attack

A form of threat that is unknown to the party responsible for patching or fixing the flaw. NO PRIOR KNOWLEDGE exists about this vulnerability.

๐Ÿ“ Doxing

The act of publishing private information and identifying information about an individual online with intent to harm.

๐Ÿ”„ Reverse Social Engineering

Attacker convinces the target that they have a problem (or might have one in the future) and that the attacker is ready to help solve it.

๐Ÿฆ  Malware Types & Symptoms

Malware Definition: Any file or program used to harm a computer user, including worms, viruses, Trojans, and spyware.

Common Malware Types

๐Ÿฆ  Virus

Self-replicating code that attaches to files

๐Ÿ› Worm

Self-propagating malware that spreads across networks

๐Ÿด Trojan Horse

Disguised as legitimate software

๐Ÿ•ต๏ธ Spyware

Secretly monitors user activity

โŒจ๏ธ Keylogger

Records keyboard inputs

๐Ÿšช Backdoor

Provides unauthorized access

๐Ÿ”’ Ransomware

Encrypts files and demands payment

๐Ÿ“ฑ Adware

Displays unwanted advertisements

Malware Symptoms

โš ๏ธ Warning Signs

  • ๐Ÿ”ฅ Increased CPU usage
  • ๐ŸŒ Slow computer or web browser speeds
  • ๐ŸŒ Problems connecting to networks
  • โ„๏ธ Freezing or crashing
  • ๐Ÿ“ Modified or deleted files
  • ๐Ÿ‘ป Appearance of strange files, programs, or desktop icons
  • ๐Ÿ”„ Programs running, turning off, or reconfiguring themselves
  • ๐ŸŽญ Strange computer behavior
  • ๐Ÿ“ง Emails/messages being sent automatically

Malware Countermeasures

๐Ÿ›ก๏ธ Prevention
  • Install quality anti-virus software
  • Regular virus definition updates
  • Enable firewall protection
๐Ÿ‘ค User Practices
  • Never open untrusted attachments
  • Caution when downloading files
  • Avoid suspicious websites
๐Ÿ’พ Data Protection
  • Regular data backups
  • System restore points
  • Offline backup copies

Ransomware

๐Ÿ” Ransomware Attack Process

  1. Infection: Malware received via spam/phishing
  2. Execution: Malware downloads malicious files
  3. Encryption: The malicious code encrypts your files
  4. Notification: Ransom notice with deadline appears
  5. Payment: Demand for cryptocurrency payment

Famous Examples: WannaCry, Petya/NotPetya, Locky, Cerber, Bad Rabbit, Ryuk, Dharma

๐ŸŽญ Social Engineering Attacks

Social Engineering: An attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information.

Types of Social Engineering Attacks

๐ŸŽฃ Phishing

Fraudulent emails resembling reputable sources to steal sensitive data.

Most Common
  • Spear Phishing: Targets specific individuals
  • Whaling: Targets high-profile executives
  • Angler Phishing: Targets social media users
  • Vishing: Voice phishing via phone
  • Smishing: SMS text phishing

๐ŸŽ Baiting

Lures victims with attractive offers or rewards.

  • Free software downloads
  • USB drives left in parking lots
  • Prize notifications

๐Ÿ“‹ Pretexting

Uses fabricated scenarios to gain victim's trust and extract information.

  • Impersonating IT support
  • Fake surveys
  • Authority figures

๐Ÿšถ Tailgating

Unauthorized person follows authorized person into secure area.

  • Following through doors
  • Fake IDs
  • "Forgot my badge" excuse

๐ŸŒ Pharming

Redirects users to fraudulent websites without their knowledge.

  • DNS cache poisoning
  • Host file modification
  • Malicious code on servers

๐Ÿ‘€ Shoulder Surfing

Spying on users to obtain passwords, PINs, or other sensitive information.

  • ATM observations
  • Password watching
  • Phone cameras

Social Engineering Countermeasures

๐Ÿ”‘ Password Policies
  • Periodic password changes
  • Complex passwords
  • Account lockout after failures
  • Password secrecy
๐Ÿข Physical Security
  • ID cards and badges
  • Access restrictions
  • Document shredding
  • Security checks
๐Ÿ“š Training & Awareness
  • Security awareness programs
  • Phishing simulations
  • Incident reporting procedures
  • Regular updates on threats
๐Ÿ” Technical Controls
  • Two-factor authentication
  • Email filtering
  • Access privileges
  • Information classification

๐Ÿ” The CIA Triad

CIA Triad: A model designed to guide policies for information security within an organization.

Confidentiality

Keeping secrets secret

Integrity

Data accuracy & consistency

Availability

Access when needed

Confidentiality

Definition

The concept of measures used to ensure the protection of secrecy of data, objects, or resources. Prevents or minimizes unauthorized access to data.

Attacks on Confidentiality

  • Password theft: Using keyloggers or public WiFi attacks
  • Port scanning: Discovering open services
  • Shoulder surfing: Observing sensitive information
  • Eavesdropping: Man-in-the-middle attacks
  • Sniffing: Capturing network packets
  • Privilege escalation: Gaining higher access levels

Protection Methods

Encryption

Data encryption at rest and in transit

Authentication

User IDs, passwords, 2FA

Biometrics

Fingerprints, iris scans, voice recognition

Tokens

Hardware/software security tokens

Integrity

Definition

The assurance that information is reliable and accurate. Data should not be modified by unauthorized parties.

Attacks on Integrity

  • Viruses and malware
  • Logic bombs
  • Unauthorized access
  • Coding errors
  • System backdoors

Protection Methods

  • File permissions: Access control lists
  • Version control: Track and manage changes
  • Checksums/Hashing: Verify data integrity
  • Digital signatures: Authenticate source and integrity
  • Backups: Restore to correct state

Availability

Definition

Ensures all information is readily accessible to authorized users at all times.

Threats to Availability

  • Device failures
  • Software errors
  • Environmental issues (heat, flooding, power loss)
  • Denial-of-Service (DoS) attacks
  • Network intrusions

Protection Methods

  • Redundancy: Multiple systems and paths
  • Backups: Geographically isolated copies
  • Disaster recovery: Business continuity plans
  • Security equipment: Firewalls, proxy servers
  • Web application firewalls: DDoS protection (Cloudflare)

Additional Security Characteristics

Characteristic Definition Example
Accuracy Free from mistakes or errors Correct user data, valid calculations
Authenticity Genuine and original Digital certificates, verified sources
Utility Having value for intended purpose Data in usable format
Possession Ownership or control Encrypted data possession vs. access
๐Ÿ’ก Important Concept Question

Statement: "A breach of confidentiality always results in a breach of ownership, but a breach of ownership does not always result in a breach of confidentiality."

Answer: TRUE - If someone reads confidential data (breach of confidentiality), they now possess that information (breach of ownership). However, someone can steal encrypted data (breach of ownership) without being able to read it (no breach of confidentiality).

๐Ÿ”‘ AAA Services

AAA Services: Authentication, Authorization, and Accounting/Auditing - foundational concepts for security.

Note: AAA actually refers to five elements, not just three!

1๏ธโƒฃ Identification

Definition: Claiming to be an identity when attempting to access a secured area or system.

Example: Entering a username

2๏ธโƒฃ Authentication

Definition: Proving that you are that identity.

Example: Entering a password, biometric scan

3๏ธโƒฃ Authorization

Definition: Defining the permissions (allow/deny) of resources and object access for a specific identity.

Example: Access control lists, role-based permissions

4๏ธโƒฃ Auditing

Definition: Recording a log of events and activities related to the system and subjects.

Example: Security logs, access logs

5๏ธโƒฃ Accounting/Accountability

Definition: Reviewing log files to check for compliance and violations to hold subjects accountable for their actions.

Example: Log analysis, compliance reports

๐Ÿฆ AAA in Action - Banking Example
  1. Identification: You enter your account number
  2. Authentication: You enter your PIN or password
  3. Authorization: System checks what accounts you can access
  4. Auditing: System logs your transaction
  5. Accounting: Bank reviews logs for suspicious activity

๐Ÿ›ก๏ธ Protection Mechanisms

Protection mechanisms are controls used to implement and maintain the CIA triad.

Layering / Defense in Depth

Definition

The use of multiple controls in a series. Like an onion with multiple layers of protection.

Configurations

  • Serial Configuration: Controls in sequence (one after another)
  • Parallel Configuration: Multiple controls at same level
  • Mall Configuration: Multiple checkpoints like a shopping mall
  • Bank Configuration: Layers like vault โ†’ safe โ†’ lock box
  • Airport Configuration: Multiple security checkpoints
โœ… Benefits of Defense in Depth
  • No single point of failure
  • Redundancy in security controls
  • Time delay for attackers
  • Multiple detection opportunities

Abstraction

Definition

Used for efficiency. Similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective.

Examples

  • User Groups: Admin, User, Guest
  • File Permissions: Read, Write, Execute
  • Network Zones: DMZ, Internal, External
  • Data Classification: Top Secret, Confidential, Public

Data Hiding

Definition

The act of intentionally positioning data so that it is not viewable or accessible to an unauthorized subject.

Methods

  • Steganography (hiding data in images/files)
  • Access controls
  • Network segmentation
  • Data masking

Encryption

Definition

The art and science of hiding the meaning or intent of a communication from unintended recipients.

Types

  • Symmetric: Same key for encryption/decryption
  • Asymmetric: Public/private key pairs
  • Hashing: One-way transformation

๐Ÿ“ Exam Preparation

Key Points to Remember

  • โœ… 3 Pillars of Cybersecurity: People, Policies, Technology
  • โœ… CIA Triad: Confidentiality, Integrity, Availability
  • โœ… AAA has 5 elements: Identification, Authentication, Authorization, Auditing, Accounting
  • โœ… Vulnerability + Threat - Control = Risk
  • โœ… People are the weakest link in security
  • โœ… Defense in Depth uses multiple layers of security
  • โœ… Zero-Day Attack: Unknown vulnerability with no prior knowledge
  • โœ… Social Engineering exploits human psychology

Sample Exam Questions

Q1: True or False

Statement: Defense in depth is used to provide a protective multilayer barrier against various forms of attack.

Answer: TRUE

Q2: True or False

Statement: Wired Equivalent Privacy (WEP) uses a predefined shared secret key.

Answer: TRUE

Q3: Multiple Choice

Question: Which of the following is NOT part of the CIA triad?

a) Confidentiality b) Intelligence c) Integrity d) Availability

Answer: b) Intelligence

Q4: Short Answer

Question: What is the difference between a threat and a vulnerability?

Answer: A vulnerability is a weakness in the system that could be exploited. A threat is a potential danger that might exploit a vulnerability. Vulnerability is the "how" an attack could happen, while threat is the "who" or "what" might attack.

Common Mistakes to Avoid

  • โŒ Confusing Authentication with Authorization
  • โŒ Thinking AAA has only 3 elements (it has 5!)
  • โŒ Mixing up threat and vulnerability definitions
  • โŒ Forgetting that people are the weakest link
  • โŒ Not understanding the relationship between CIA elements

Study Tips

  • ๐Ÿ“š Create flashcards for threat types and countermeasures
  • ๐ŸŽฏ Practice identifying which CIA element is attacked in scenarios
  • ๐Ÿ”„ Understand the relationship between threats, vulnerabilities, and controls
  • ๐Ÿ“ Memorize the 5 AAA elements in order
  • ๐ŸŽญ Learn to recognize social engineering techniques
  • ๐Ÿ›ก๏ธ Know protection methods for each CIA element

Important Formulas and Relationships

Concept Formula/Relationship
Risk Equation Risk = Threat ร— Vulnerability รท Control
Security Pillars People + Policies + Technology = Security
Defense in Depth Multiple Layers = Increased Security
Confidentiality Breach Always results in Possession Breach
Possession Breach Does NOT always result in Confidentiality Breach

Good Luck with Your Studies!

Chapter 2: Cyber Security Foundations and Principles

Created by Shoug Alomran