Why Do Security Breaches Happen?
CausesHuman error · Physical access · Software holes · Operating system flaws · Hackers exploiting all of the above
Human Error
Employees install pirated software carrying viruses, forget to lock workstations, or share passwords.
Physical Access
Someone walking up to a server can extract data directly — locks matter as much as firewalls.
OS & Protocol Holes
Unpatched operating systems and flaws in TCP/IP protocols give attackers easy entry points.
Network Device Flaws
Default settings on routers and switches are well-known — change them or pay the price.
Types of Network Security Attacks
ThreatsUnstructured · Structured · Social Engineering · Password · Exploit · Compromised-Key · Man-in-the-Middle · IP Spoofing · DoS/DDoS · Application-layer · Resource · Logic Bomb
🔨 Unstructured
Script kiddies using downloaded tools. They often don't even know what they're attacking — but can still expose sensitive data.
🎯 Structured
Expert hackers with deep OS/networking knowledge who write custom tools to exploit specific vulnerabilities.
🎭 Social Engineering
Exploiting human trust via fake calls or emails. Phishing — duplicating sites to steal credentials is a prime example.
🔑 Password Attacks
Dictionary attacks guess passwords using patterns. A compromised admin account = entire network at risk.
🐛 Exploit Attacks
Taking advantage of software bugs or misconfigurations to gain access to private data.
👂 Eavesdropping
Sniffing unencrypted traffic. Wireless networks are especially vulnerable. Encryption prevents this.
🗝️ Compromised-Key
Attacker obtains a sender's private key and can decrypt secured traffic — requires significant skill and resources.
🕵️ Man-in-the-Middle
Intercepts and modifies traffic between two nodes by rerouting packets through the attacker's machine.
🎭 IP Spoofing
Faking a legitimate IP address to disguise malicious traffic as trusted communication.
💥 DoS / DDoS
DoS = one source floods a server. DDoS = thousands of infected devices attack simultaneously. Server becomes unreachable.
💣 Logic Bomb / Time Bomb
Malicious code sitting dormant until a condition is met (e.g., sys-admin doesn't log in for a month). Then it detonates.
🚪 Backdoors
Hidden accounts or commands left in systems — even by insiders. Stealth backdoors don't appear in audits.
📧 Email Bombing
Flooding an inbox with spam until storage quota fills — a form of DoS targeting email servers.
📱 Application-Layer
Targeting server/workstation apps using viruses, Trojans, and worms to infect and extract data.
DoS vs DDoS — Quick Comparison
Key DistinctionTypes of Cyber Crime
CrimesFraud (Computer Fraud) · Terrorism (Cyberterrorism & Hacktivism) · Trespass (Cybertrespass & Vandalism) · Piracy (Cyber-piracy / Software piracy)
💳 Computer Fraud
Deception for personal gain — assuming a false identity or altering data in online transactions.
💣 Cyberterrorism
Politically motivated hacking causing grave harm — loss of life or severe economic damage. Hacktivism is a milder version (disrupt but not destroy).
🚫 Cybertrespass
Unauthorised access to computer systems or password-protected sites. Cybervandalism = unleashing programs that corrupt data or crash networks.
📦 Cyber-piracy
Copying/distributing copyrighted software. Most widespread because it needs minimal skill and many consider it morally okay. Cracking DRM = security breach.
Countermeasures & Security Culture
DefenceSelf-policing · Password security · Audits · Security software · Access controls (smart cards, biometrics) · Behavioral/ethical standards · Encryption · Resources (enough staff)
-
Password SecurityUse strong, frequently-changed passwords. Rename default accounts. Apply lockout policies. One-time passwords for web admins. Two-step verification.
-
Security SoftwareDeploy antivirus + firewall. Restricts bandwidth to authenticated users only.
-
Audits for Sys-AdminsSpecial logging for remote connections. Surprise laptop audits. Outside independent auditor if only one sys-admin. Dual authentication for software installs.
-
Smart CardsBuilt-in memory holds digital certificates + private keys. Even knowing the PIN is not enough — the physical card is also required.
-
BiometricsVoice, fingerprint, hand print, retina pattern — unique to each person. Can be combined with smart cards for double protection.
-
Zero ToleranceAny illegal behaviour, however minor, is reported and acted upon immediately.
-
ResourcesHire enough sys-admins. Overworked staff miss details. More staff = checks and balances within IT.
-
EncryptionPrevents eavesdropping. All sensitive traffic should be encrypted — especially on wireless networks.
-
Update EverythingFirmware, OS, device default settings — all must be updated and secured from the start.
Deep Dives — Tricky Concepts
Exam FocusHow exactly does a DoS attack work? 🤔
The attacker sends a massive number of authentication requests with invalid return addresses.
The server tries to respond — but the return address doesn't exist, so it waits for a timeout before closing the connection.
While it's waiting, the attacker sends more invalid requests. The server is perpetually busy processing fake requests and cannot serve legitimate users.
Think of it like calling a restaurant, placing an order for delivery, then giving a fake address. They wait for you to answer, can't reach you, and while they're stuck on hold — real customers can't get through.
What makes stealth backdoors extra dangerous? 🚪
Regular backdoors (extra admin accounts) show up in security audits. Stealth backdoors do not.
They allow remote connections with root privileges — meaning the attacker can install anything, read anything, and destroy anything.
Even if a malicious sys-admin is fired, a stealth backdoor gives them continued access. An outside independent auditor doing surprise checks is the main defence.
Social Engineering vs Phishing — what's the difference? 🎭
Social Engineering is the broad category — any manipulation of human psychology to gain information. This includes phone calls, impersonation, pretexting.
Phishing is a specific type of social engineering done through electronic communication (email, fake websites). Entire websites are cloned to steal credentials.
Memory trick: Phishing = fishing for info by casting a fake bait (website/email) into the sea of users.
Logic Bomb vs Time Bomb — same thing? 💣
Logic Bomb: Code that triggers when a specific condition is met (e.g., a file is deleted, a name appears, a date arrives).
Time Bomb: A subtype of logic bomb where the trigger is the absence of regular input. Classic example: a sys-admin must log in monthly — if they don't, the bomb activates and can obliterate the system.
Once a time bomb activates, it is described as unstoppable.
What's the difference between Cyberterrorism and Hacktivism? ⚡
Cyberterrorism: Politically motivated attacks intending to cause grave harm — death or severe economic loss.
Hacktivism: Also political, but the intent is to disrupt operations without causing serious lasting damage. Think protest, not warfare.
Key distinction: severity of intended harm.