Guide to Cyber Security for Beginners | GTA Canada
Everyone is talking about cybersecurity, but do you understand why it's so important?
Today, information is paramount, meaning we live in a data-driven world. Knowing that personal data is more at risk now than ever before is a need.
Data breaches and identity theft are common topics in the news, as they can affect many people. WannaCry malware affected millions of computers around the world two years ago.
You can join the fight against hackers and cybercriminals because every organization and government agency is engaged. When it comes to the importance of cyber security, it's not just businesses that need to worry; even individual devices like laptops, smartphones, and tablets need to be protected.
What is Cybersecurity?
Before we start this tutorial on cyber security for beginners, let's first talk about what cyber security is and why it's crucial.
Cybersecurity is the technology and process used to protect networks and devices from being attacked, broken, or hacked by people who shouldn't be able to.
Cybersecurity is vital for the military, hospitals, big businesses, small businesses, and other organizations and people because data is now the core of every business. If that information is used, there are many risks.
Now, as we know what cybersecurity is, let's look at the CIA triad and see what it has to do with cybersecurity.
Any organization's security is based on three main ideas: confidentiality, integrity, and availability. And next, in this cyber security for beginners tutorial, we'll learn about the CIA Triad, which has been the standard for computer security since the first mainframes.
Confidentiality: The principles of confidentiality say that sensitive information and functions can only be accessed by people who are allowed to do so. Example: secrets from the military.
Integrity: The principles of integrity say that sensitive information and functions can only be changed, added to, or taken away by people and tools that are authorized to do so. For example, a user might put in wrong information into the database.
Availability: The principles of availability say that systems, functions, and data must be available on demand, based on levels of service and agreed-upon parameters.
In the next part of this cyber security for beginners guide, we'll look at cybersecurity's different areas and specialties to learn more about it.
Specialties in Cybersecurity
If you dream of working in cybersecurity, you need to know about the different areas of specialization. This tutorial on cyber security for beginners will help you do just that. The nine are:
Access control systems and methods: are used to keep unauthorized changes from happening to essential system resources.
Telecommunications and network security: is a field that looks at how communications, protocols, and network services can be vulnerable and how to fix them.
Practices for managing security: This area takes care of significant system failures, natural disasters, and other types of service interruptions in a good way.
Security architecture and models: This is mostly about putting security policies and procedures in place. In this area of security, policy planning is done for almost every kind of security problem.
Law, investigation, and ethics: This section deals with the legal aspects of computer security.
Application and system development security: This person works on database security models and ensures that in-house applications have multilevel security.
Cryptography: aims to teach you how and when to use encryption.
Computer operations security: This includes everything that happens while your computers are running.
Physical security: is mostly about who can get into your servers and workstations and how.
Next, this tutorial on cybersecurity for beginners will help you understand some of the terms you need to know before you can learn anything else about cybersecurity.
A network is a direct connection between two or more computers that make it possible for them to talk to each other. For example:
- 2 Computers connected to exchange data
- 4 Computers connected to communicate
The Internet is a way for a computer anywhere in the world to connect to any other computer anywhere else in the world. This is done with the help of routers and servers.
3. Internet Protocols
The information that is sent or received can't go anywhere. To control how the internet works, people have to follow a set of rules, and Internet protocol is the name for these rules.
4. IP Address
IP Address is the short-term of Internet Protocol Address is a number that is given to every electronic device that connects to a computer network and uses the Internet Protocol to talk. An IP address looks like this: 18.104.22.168
5. MAC Address
This is a unique number that every device with an internet connection has. MAC addresses have always been 12-digit hexadecimal numbers. This is how a MAC address looks: D8-FC-93-C5-A5-EO.
6. Domain Name Server(DNS)
Imagine DNS as the "phone book" of the web. It stores the IP addresses and the names of the links. You want to go to google.com, for example. This is what you type into your web app. Then, this name goes to the DNS server, which finds google.com's IP address. Then, the DNS server sends the IP address back to your computer.
DHCP is a protocol that gives an IP address to any networked computer or device that requests one.
When data is sent to this device, it is first checked to make sure it is going in the right direction before being sent on its way.
Automated software known as "bots" can secretly take over your machine. They can be set to send out emails, pull up websites, or alter preferences automatically.
Common Types of Attacks
This cyber security for beginners course will teach you the ins and outs of the field, from the alphabet to the most common sorts of attacks. Every attack has a reason, and usually, it involves money. Hackers start demanding money from the victims as soon as they get in. Other motivations include:
- Inflicting a financial loss on the victim.
- Advancing a state's military purpose.
- Destroying the target's reputation.
- Engaging in political manipulation.
There are mainly five types of attacks:
- Distributed denial of service(DDoS)
- Man in the middle
- Email attacks
- Password attacks
- Malware attack
In the next section of this cyber security for beginners tutorial, let’s look at all the attacks in detail:
1. Distributed Denial of Service
It's an attack in which traffic used to access resources is flooded to prevent a user from using them.
Simply put, a botnet controller controls all the robots that report to it. The attacker issues a command to the botnet controller, instructing all bots to launch an attack against a server, overwhelming it in the process.
A user cannot access a website when he tries to do so since the site has reached its maximum capacity for concurrent users.
2. Man in the Middle
Let's have a look at this illustration to see what I mean. Let's say you decide to make a purchase via your bank's website.
You must now put your credit card information and PIN while completing the transaction. The fraudster can impersonate you and watch as you make the purchase, and your information will be visible to him as soon as you enter it.
3. Password Attack
This method can either "crack" a password or "discover" a password. As a whole, there are five distinct methods of password hacking:
In a dictionary attack: we try every single potential password.
Brute Force: By using trial and error, sometimes known as "brute force," one can attempt to decrypt the password or data. The longest time is needed for this type of attack.
The term "keylogger": refers to software that secretly monitors and stores every keyboard activity. The vast majority of hackers today employ keyloggers to steal sensitive information.
Shoulder surfing: is a form of keylogging in which attackers peer over the victim's shoulder to see what they type.
Rainbow table: Precomputed hash values can be found in a rainbow table. Hackers can use this table to guess a user's password.
4. Email Attacks
Let's start with the basics of how email operates. Let's pretend John's in the process of writing an email to Jack.
First, the message is sent to the mail server. After that, the DNS server is consulted to obtain the destination IP address.
The sending server generates and sends the email to the receiving server. The email is then sent to Jack's IP address, which is associated with his machine.
5. Malware Attack
Malware malicious software: any piece of software designed to cause harm to a computer. Malware can be divided into three categories.
Virus: A computer virus is a piece of harmful software that can spread from one computer to another by making copies of itself and inserting them into other files. For the virus to apply, a user or system administrator must be unaware of the infection's presence. The Melissa virus is one type of infectious agent.
Worms: are computer programs that can replicate themselves and spread to other computers. A worm-like W32.Alcra. F, for instance, can spread over shared network drives.
Cyber Security Certifications
We have curated a job-ready Cyber security course.
Connect with one of our Subject Matter Experts to discover if this is a good fit for you. Dial Call us today at 905-629-3000