# (Cyber) Security Overview ### **Incident** Response LIfecycle (NIST Framework) The **NIST (National Institute of Standards and Technology)** defines a **6-phase** approach: 1. **Preparation** - Develop an incident response plan (IRP). - Train teams, conduct security awareness programs. - Implement security controls like firewalls, IDS/IPS. 2. **Identification** - Detect anomalies through logs, SIEM tools, and alerts. - Confirm if an incident has occurred (malware, data breach, DDoS). - Classify the severity and type of attack. 3. **Containment** - Stop the attack from spreading (isolate infected systems). - Implement temporary patches, disable compromised accounts. - Ensure forensic evidence is preserved. 4. **Eradication** - Remove the root cause of the incident (malware, vulnerabilities). - Apply permanent fixes, patch vulnerabilities. - Strengthen security measures. 5. **Recovery** - Restore affected systems from clean backups. - Monitor for lingering threats, ensure full functionality. - Reintegrate systems into production. 6. **Lessons Learned** - Conduct a post-mortem analysis of the incident. - Document findings, update response plans. - Improve security policies and employee training. ### Threat Intelligence (from incident to problem) - reporting - monitor new trends and techniques - operational response: up-to-date (virus) protection - research into new techniques. ##### Example Use Case - A **financial institution** uses threat intelligence to monitor **new phishing campaigns** targeting its customers. - The security team blocks malicious domains and updates email filtering rules. - They prevent thousands of phishing attempts **before customers are impacted**. ### Cryptography **Cryptography** is the practice of securing information by **converting it into an unreadable format** to prevent unauthorized access. It ensures **confidentiality, integrity, authenticity, and non-repudiation** of data. #### Key Concepts: - **Encryption** – Converting plaintext into ciphertext (e.g., AES, RSA). - **Decryption** – Reversing encryption to retrieve the original data. - **Hashing** – Generating a fixed-length fingerprint of data (e.g., SHA-256). - **Digital Signatures** – Verifying authenticity using cryptographic keys. - **Key Exchange** – Securely sharing encryption keys (e.g., Diffie-Hellman). #### Types of Cryptography: 1. **Symmetric Encryption** – Uses one key for both encryption and decryption (e.g., AES). 2. **Asymmetric Encryption** – Uses a public and a private key (e.g., RSA, ECC). #### Uses in Cybersecurity: ✅ **Protects data in transit and at rest** (e.g., SSL/TLS for web security). ✅ **Secures passwords** (e.g., storing hashes instead of plaintext). ✅ **Enables secure authentication** (e.g., digital signatures). ✅ **Prevents data tampering** (e.g., message integrity checks). **Example:** HTTPS encrypts web traffic using SSL/TLS, keeping user data safe from eavesdroppers. Cryptography is essential for **privacy, secure communication, and data protection** in modern cybersecurity. ### Network #### OSI Model The **OSI (Open Systems Interconnection) model** is a **7-layer framework** that standardizes communication in a network: 1. **Physical Layer** – Hardware, cables, and wireless signals. 2. **Data Link Layer** – MAC addresses, switches, and error detection. 3. **Network Layer** – IP addressing and routing. 4. **Transport Layer** – Reliable data transmission (TCP, UDP). 5. **Session Layer** – Managing communication sessions. 6. **Presentation Layer** – Encryption, compression, data formats. 7. **Application Layer** – User interactions (HTTP, FTP, DNS). #### Relation to Cybersecurity: - **Physical Layer** – Preventing physical tampering with devices. - **Data Link Layer** – Protecting against MAC spoofing and ARP poisoning. - **Network Layer** – Firewalls, IP filtering, and VPNs. - **Transport Layer** – Preventing DDoS attacks, ensuring encryption (TLS). - **Session Layer** – Secure authentication and session hijacking protection. - **Presentation Layer** – Implementing SSL/TLS encryption. - **Application Layer** – Web security (XSS, SQL injection, authentication).