Basic cyber security concepts

 1) What is meant by the term "information technology"?

-->Well it can be narrowly described as a branch of engineering which deals with computers and telecommunications equipment to store, retrieve, transmit and manipulate data.

---------------------------------------------------------------------------------------------------------------

 2) What is meant by the term "cyber"?

-->Cyber means, anything which is related to computers or information technology or culture of computers. 

--------------------------------------------------------------------------------------------------------------      

 3) What is meant by the term information security?

 --> Well, in lay man terms, it is safeguarding the vital data from it getting itself leaked to unauthorized entities, getting changed(or transformed) while its transmission and more importantly preventing it from getting misused for harmful intentions and activities(terrorism, bank frauds).

      Having now a basic idea of what information security is, let us delve deeper to understand the technical aspect of this crucial concept. But, before we proceed with this we should clearly distinguish between the terms such as information security, cyber security, network security, information assurance,etc. If you have been a follower of security related news and updates from forums, discussions etc, this demarcation of the above mentioned terms is hardly highlighted and used in an incorrect manner and sometimes even interchangeably. But this will lead you astray.
As we are talking about security, lets take a moment to look at what a Virus is. Basically its an abbreviation standing for Vital Information Resource Under Siege (VIRUS). Subtle differences between a virus, worm, trojans, backdoor trojans etc, coming up in later subsequent sections.

a) Information security- This is security of information. Now information includes any kind. For example, the file on your desktop containing your credentials, or a hard copy file of confidential documents containing a company's strategy or even that small diary of you containing the important formula's. Securing such entities is nothing but information security. Thus information security can be executed by keeping security guards outside your data servers room (in an organisation), or by installing anti-virus software's in your computing machines to protect your data or even keeping your drawers locked, which contain some confidential documents. Thus information security is a generalized term and apparently should not be used interchangeably.

b) Cyber security- (Please read the explanation of the above term before proceeding ahead). It is nothing but securing the information stored, transmitted and used by the computers. Thus we can deduce that cyber security is a subset of information security.

c) Network security- (Please read the explanation of the above terms before proceeding ahead). It is generally considered in a "computer network" perspective. Accordingly it is concerned with the safety of data when involved in a transaction in a network. Also  it involves preventing and monitoring unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

d) Information Assurance-  Again in a simplified sense, information assurance professional is one who decides the policies, the appropriate rules and regulations for the protection of information in an organisation. Information security professional, on the other hand implements these policies and rules using tools such as intrusion detection/prevention systems, anti-malware software's etc to safeguard an organisation's critical data.

[ Find more here:-  http://www.novainfosec.com/2011/08/30/information-assurance-versus-information-security/ ]

-----------------------------------------------------------------------------------------------------------------

4) Are hackers and crackers same? No. Why?

    Hackers : Hackers are those who break into a system with the sole purpose of learning that system, getting to know the flowchart of the processes of the system and etc. Some of these people, learn the system, find vulnerabilities and report it to the organisation without causing harm to their systems. But those who do cause harm to the organisations' systems fall into the next category, the crackers.

   Crackers : Crackers are those who break into a system with an intent to cause harm to it. They break the system, manipulate the data to their wish, modify the critical processes so that the organisation fails to provide its usual services and etc. Simply put, these are malicious hackers.

This the reason why some hackers wont like to be called as a cracker.

-----------------------------------------------------------------------------------------------------------------

5) Quickly! the differences between malware, virus, worms ,trojans, spyware, rootkit?

(a) Malware : An umbrella term meaning MALicious softWARE. It is authored by hackers and/or crackers to realize their malicious intents. It includes virus, worms, trojans,etc.

(b) Virus : A program which replicates itself throughout the computer by attaching with other programs. It also contains malicious code intended to cause harm to the system in consideration. Viruses are sometimes annoying or sometimes a big threat to the system. This kind of malware is now majorly superseded by trojan, worm and rootkit malwares. Importantly, a virus program can only be initiated manually ,i.e only when the user clicks on the malicious file(usually .exe). A complete section for antiviruses, each antiviruses distinctiveness, their working methodology, their output, and the usual section for reviews,rankings, all this, soon on this blog.

(c) Worm : A worm is a next version of a virus. It spreads to a larger scale, traversing across the various networks. Worms, do not require manual initiation but they spread automatically and this is why they are more harmful than viruses. They look out for network loopholes to spread the attack . Usual way to do this is through email attachments, IM messaging portals etc. Good network security practices, safe use of portable data storage equipment such as pen drives, portable hard disks, portable solid state drives, etc can all avert a worm attack.

(d) Trojans : This might be known to you, if you have seen a famous movie called Troy. Anyways, trojans are deceptive malwares, which appear as legitimate programs, but which perform malicious activities under this legitimacy. They are mostly found on the serial key websites, some adult websites, which insist the user to download a file as if it is from an authenticated source. Even after downloading, they "appear" to be working correctly but actually it is causing a system attack.
Never download from an unknown site. Use kaspersky internet security which has a good malicious URL adviser incorporated in their mainstream products.

(e) Spyware : They do not cause harm to the system but secretly spy on the system activities, user activities, log the keystrokes of the user, check the IM messages being sent, emails being sent, passwords and other important banking credentials are recorded by this malware. Key stroke programs are so easily available that a kid as young as 10 years old could be the thief who can stole an amount enough to keep us sleepless at night. 

(f) Rootkit : Rootkits are malware that are designed to gain administrative access on the target system. In most cases or almost all the cases, an administrator has full control over the systems. A successful rootkit attack can give the attacker an opportunity to exploit the system in its own way. Keeping a check on those Access Control Lists (ACL's), constant scheduled penetration testing for the system can keep this malware away at large. 

Next we will enter into a discussion pertaining to subtle differences between firewall, intrusion detection system, their types, intrusion prevention system and also penetration testing. Later we will move on to secure coding and its intricate's.-----------------------------------------------------------------------------------------------------------------

6) Firewall: Quite widely used and existing from a long time, firewalls are used to block types of traffic incoming from say a malicious website or server or user, a range of malicious IP addresses, particular company networks,etc. They filter such traffic and deny them an entry into our network. In short they BLOCK such traffic from invading our networks. But they do not trigger any alarm to the security team or administrator when they find or detect a malicious incoming activity. Common example of a firewall is our windows firewall or the firewalls incorporated on our antivirus products.

-----------------------------------------------------------------------------------------------------------------

7) Intrusion Detection System(IDS) :  IDS as the name suggests, is a system which detects intrusion. This system detects any malicious or unwanted intrusion incoming in the network and if found alarms the security team and/or the administrator of the organisation. Now how is it different from a firewall? It is because firewall blocks a malicious intrusion and triggers no alarm. But IDS does not block any malicious intrusion, but only detects it and also raises an alarm. We will go into the types of IDS soon.

-----------------------------------------------------------------------------------------------------------------

8) Intrusion Detection and Prevention System(IDPS) : IDPS systems as the name suggests, detect as well as prevent any malicious intrusions. They also notify the administrator of any important observed activity taking place on the network. Also they prevent the attack themselves by changing the security environment, re-configuring the firewall, changing the attack's content etc.
IDPs are widely used in organisations with advanced configurations to deal with various new types of attacks. A famous example would be snort from Source Fire, fortunately it is an open source software.

-----------------------------------------------------------------------------------------------------------------

9) Types of Intrusion Detection Systems : 

a) Network based IDS (NIDS) :  This acts as an independent platform and monitors the network activities comprised of multiple hosts. These have sensors at the choke points in the network which closely monitor the network and detect and report of any malicious activities that occur in the network. Example: Snort.

b) Host based IDS(HIDS) : In this type, the sensors are usually the software agents. They are located on the host and they detect an intrusion by analyzing the system calls, file system modifications, application logs, access control lists,etc.Some Application based IDS are also a part of this category. Example : Tripwire, OSSEC.

(c) Stack based IDS (SIDS) : In this system, the packets are analyzed as they pass through the TCP/IP stack.

IDS systems use the following two types of detection techniques, they are:-

1) Statistical anomaly based IDS : They determine a normal activity such as what bandwidth is generally used, what protocols are generally involved in a transaction or communication, which ports and applications usually interact and if they detect any anomalous(irregular,abnormal) activity, report it to the concerned administrator.

2) Signature based IDS :  Mostly similar in working to an antivirus application, here the system detects the incoming packets and compare it with predetermined attack patterns known as signatures. Even anti-viruses compare the activity they detect with their signature databases.

Next we will be entering into a more technical surrounding of the information security domain . Following articles will continue to discuss the various other basic concepts of information security.
------------------------------------------------------------------------------------------------------------------