Practical Foundations in Cybersecurity
  • 🖌️Practical Foundations in Cybersecurity
  • 1. IT career planning
    • IT career paths – everything you need to know
    • Job roles in IT and cybersecurity
    • How to break into information security
    • The Security Operations Center (SOC) career path
    • The GRC analyst role
    • How to get started in cryptography
    • How to get CCNA certification
  • 2. Introduction to cybersecurity
    • Confidentiality, integrity, and availability of information
    • Information security definition
    • Risk, threat, vulnerability
      • Threat landscape
    • Common cyber attacks (CCNA security fundamentals)
    • How to respond to a security incident
    • How to secure your data
    • Risk mitigation
  • 3. Cybersecurity GRC
    • Introduction
    • Cybersecurity GRC
  • 4. Networking fundamentals
    • Introduction
    • How data flow through the Internet
  • 5. Network Security Basics
    • Introduction
    • Network security basics
  • 6. Foundations in ethical hacking
    • Introduction
    • Ethical assessment of teaching ethical hacking
    • The ethical teaching of ethical hacking
    • Professional ethical hacking body of knowledge
      • The ethics of ethical hackers
      • The penetration testing process
      • What do ethical hackers do?
    • Who are ethical hackers?
  • 7. Special topics
    • Ethics and philosophy
    • Organizational communication (Karl Weick)
    • Working with recruiters
    • Prepare for an infosec interview
Powered by GitBook
On this page
  • Types and techniques of network attacks
  • References
  1. 2. Introduction to cybersecurity

Confidentiality, integrity, and availability of information

A fundamental goal of security in an enterprise is to protect the confidentiality, integrity, and availability (CIA) of information assets. The principles of the CIA triad form the foundation of security.

  • Confidentiality: only authorized users should be able to access privileged/private data.

  • Integrity: data should not be changed or modified by unauthorized users. Data should be correct and authentic.

  • Availability: the enterprise network and systems should be operational and accessible to authorized users. For example, staff should be able to access the internal resources they need to perform their duties, and the company’s website should be up and running and available to customers.

(CCNA security fundamentals)

Types and techniques of network attacks

Information theft, such as stealing passwords, is a confidentiality attack because it allows someone other than the intended recipient to access data (Graves, 2010; Reynolds, 2012; Stamp, 2001). Information confidentiality network attack techniques include packet capturing (e.g., using Wireshark, a network protocol analyzer), port scanning (where an attacker tries to discover the services running on a target computer by scanning the TCP/UDP ports), and wiretapping (where an attacker hacks the telecommunication devices to listen to phone calls).

Information sabotage via viruses or malware is a data integrity attack that compromises the accuracy and reliability of data. Information integrity network attack techniques include session hijacking (where an attacker exploits a computer session to gain unauthorized access to information or services in a computer system with the goal of modifying data accuracy and reliability), and man-in-the-middle attacks (where an attacker sits between two devices that are communicating to manipulate the data as it moves between the two devices).

In a denial-of-service (DoS) attack, a hacker attacks the availability element of information systems. Ransomware can be used by malicious hackers to lock out users until the user pays a ransom to regain access to their information. Information availability network attack techniques include SYN flood attacks and ICMP flood attacks. In SYN flood attacks, an attacker sends many TCPSYN packets to initiate a TCP connection but never sends a SYN-ACK packet back causing a TCP connection failure. In ICMP flood attacks, a targeted computer is inundated with false ICMP packets, causing it to become unresponsive to legitimate traffic.

(Professional ethical hacking body of knowledge/Network security basics)

References

CCNA Security Fundamentals

CCNA Security Fundamentals portal

Professional ethical hacking body of knowledge

PreviousHow to get CCNA certificationNextInformation security definition

Last updated 5 months ago