Computer · Chapter 08

🔒 Cybersecurity

Malware types, encryption, IT Act 2000, safe practices.

🔒 Staying Safe in the Digital World

Cybersecurity is the practice of protecting computers, networks, and data from attacks, damage, and unauthorized access. Also called Information Security (InfoSec).

CIA Triad — 3 pillars of security:
• Confidentiality — only authorized persons can access data (encryption, access control)
• Integrity — data is accurate and not tampered (hashing, checksums)
• Availability — systems are accessible when needed (backups, redundancy)

Types of threats:
• Virus — self-replicating program that attaches to files. Needs human action to spread.
• Worm — self-replicating, spreads over network WITHOUT human action (more dangerous).
• Trojan Horse — disguised as legitimate software. Gives attacker backdoor access.
• Ransomware — encrypts files, demands payment. WannaCry (2017) affected 230,000 computers.
• Spyware — secretly monitors and steals data. Adware — shows unwanted ads.
• Phishing — fake websites/emails to steal credentials. Most common attack.

🛡️ Protection tools

Antivirus — detects and removes malware. Scans files, monitors behavior.
Firewall — monitors and filters network traffic based on rules. Hardware or software.
Encryption — converts data to unreadable form. Symmetric (AES — same key), Asymmetric (RSA — public/private key pair).
VPN (Virtual Private Network) — encrypts all traffic, hides IP address.
2FA (Two-Factor Authentication) — password + OTP/biometric.
HTTPS — SSL/TLS encrypts web traffic. Padlock icon in browser.
Password Manager — generates and stores strong unique passwords.

⚡ Cyberattacks — SSC/CCC exam

DoS/DDoS (Denial of Service/Distributed DoS) — floods server with traffic to make it unavailable.
Man-in-the-Middle (MITM) — attacker intercepts communication between two parties.
SQL Injection — malicious SQL code injected into web form to access database.
Cross-Site Scripting (XSS) — malicious scripts injected into web pages.
Zero-day exploit — attacks unknown vulnerability before patch available.
Social Engineering — manipulating people to give up information (phishing, vishing, baiting).
IT Act 2000 (India) — law governing cybercrime. Section 66 (hacking), Section 67 (obscene content online).

🎬

Types of Malware — Click Each

Animation

Phishing accounts for 36% of all data breaches — the human is the weakest link in cybersecurity.

💻

Cybersecurity Concepts Explorer

Interactive

SymmetricSame key for encryption and decryption — AES, DES, 3DES

AsymmetricPublic key encrypts, private key decrypts — RSA, ECC

HashingOne-way — MD5, SHA-256 — verifies integrity, stores passwords

SSL/TLSUses asymmetric for key exchange, then symmetric for data

End-to-endWhatsApp, Signal — only sender and receiver can read

Practice (CCC/SSC): What is the difference between symmetric and asymmetric encryption?

Symmetric Encryption:
• Same key used for both encryption (locking) and decryption (unlocking)
• Fast — suitable for large amounts of data
• Problem: How to securely share the key with the recipient?
• Algorithms: AES (Advanced Encryption Standard — 128/256 bit, most secure), DES (56-bit, now considered weak), 3DES
• Used for: Encrypting files, disk encryption (BitLocker), HTTPS data transfer phase

Asymmetric Encryption (Public Key Cryptography):
• Two keys: Public key (shared openly) + Private key (kept secret)
• Data encrypted with public key can ONLY be decrypted by the private key
• Solves the key distribution problem
• Slower — used for small amounts of data (key exchange, digital signatures)
• Algorithms: RSA (Rivest-Shamir-Adleman, most common), ECC, Diffie-Hellman
• Used for: HTTPS handshake, email encryption (PGP), digital signatures, SSH login

How HTTPS combines both:
1. Server sends public key in certificate
2. Browser uses public key to encrypt a random session key
3. Server decrypts with private key — both now share the session key
4. Rest of communication uses fast symmetric AES with that session key

Best of both: asymmetric solves key sharing, symmetric handles speed.

Practice (SSC): What are the important sections of IT Act 2000 for exams?

Information Technology Act, 2000 (India) — key sections:

• Section 43 — Penalty for unauthorized access to computer, network. Civil liability.
• Section 65 — Tampering with computer source documents. Imprisonment up to 3 years.
• Section 66 — Computer related offences (hacking, data theft). Imprisonment up to 3 years + fine.
• Section 66A — (Struck down by SC in 2015 — Shreya Singhal case) Was about offensive online messages.
• Section 66B — Dishonestly receiving stolen computer resource.
• Section 66C — Identity theft — fraudulently using someone else's electronic signature, password. Up to 3 years.
• Section 66D — Cheating by impersonation using computer resource (online fraud).
• Section 66E — Privacy violation — publishing private images of person.
• Section 66F — Cyber terrorism — most severe. Imprisonment for life.
• Section 67 — Publishing obscene material online. Up to 5 years.
• Section 69 — Government power to intercept/decrypt information for national security.
• Section 79 — Safe harbour provision for intermediaries (like Google, Facebook).

IT (Amendment) Act, 2008 added many sections including 66A-F.
CERT-In (Computer Emergency Response Team — India) — national cybersecurity agency.

←

Programming Basics

Data Structures & Logic Gates

→