Cyber Security: The Fundamentals

Cybersecurity is no longer just for IT geeks. It is a fundamental life skill. Whether you are a CEO or a student, understanding the CIA Triad, the OSI model, and the basics of encryption is mandatory. This is the comprehensive manual for surviving the digital age.

The CIA Triad

Ideally, every security control fits into one of three buckets:

• Confidentiality: Preventing unauthorized access. (e.g., Encryption, ACLs).
• Integrity: Preventing unauthorized modification. (e.g., Hashing, Digital Signatures).
• Availability: Ensuring access when needed. (e.g., Redundancy, DDoS protection).

The Seven Layers of OSI

To defend a network, you must understand how it talks. The Open Systems Interconnection (OSI) model describes 7 layers:

1. Physical: Cables, Fiber, WiFi radio waves. Attack: Cutting the cable.
2. Data Link: MAC addresses, Switching. Attack: ARP Spoofing.
3. Network: IP addresses, Routing. Attack: IP Spoofing.
4. Transport: TCP/UDP ports. Attack: SYN Flood.
5. Session: Managing connections. Attack: Session Hijacking.
6. Presentation: Encryption/Formatting (TLS, JPG). Attack: SSL Stripping.
7. Application: HTTP, FTP, SMTP. Attack: SQL Injection, Phishing.

Encryption 101

Technical Deep Dive: The Attack Anatomy

Understanding the specific mechanics of the attack is crucial for engineers. Most advanced threats follow the Cyber Kill Chain model:

RECONNAISSANCE: The attacker gathers information on the target. This can be passive (OSINT) or active (port scanning).

WEAPONIZATION: Creating a deliverable payload (e.g., a malicious PDF or Office macro).

DELIVERY: Transmitting the weapon to the target (e.g., via Phishing or USB).

EXPLOITATION: Triggering the payload to exploit a vulnerability (e.g., CVE-2023-xyz).

INSTALLATION: establishing a backdoor or persistence mechanism (e.g., a scheduled task or registry key).

COMMAND & CONTROL (C2): The compromised system calls home to the attacker server for instructions.

ACTIONS ON OBJECTIVES: The attacker achieves their goal (encryption, extensive data exfiltration, destruction).

Common Threat Vectors

Phishing: The number one cause of breaches.
Ransomware: Malware that encrypts files for money.
Man-in-the-Middle (MitM): Intercepting WiFi often.
SQL Injection: Asking the database a question it wasn't expecting.

Standard Incident Response Procedures

A robust Incident Response Plan (IRP) is the best defense against chaos. The SANS Institute outlines a six-step process:

1. Preparation: Training, tooling, and dry runs (tabletop exercises).
2. Identification: Detecting the deviation from normal behavior and determining the scope.
3. Containment: Short-term mitigation (isolating the system) and long-term containment (patching).
4. Eradication: Removing the root cause (malware, compromised accounts).
5. Recovery: Restoring systems to normal operation and monitoring for recurrence.
6. Lessons Learned: Post-incident analysis to improve future response.

Personal Hygiene Checklist

1. Password Manager: Use Bitwarden or 1Password.
2. MFA: Use an Authenticator App (Google/Microsoft), not SMS.
3. Updates: Turn on auto-updates for OS and Browser.
4. Backups: 3-2-1 Rule. 3 copies, 2 media types, 1 offsite.

Comprehensive Mitigation Strategies

To prevent recurrence, a defense-in-depth approach is required. This involves layering security controls so that if one fails, another catches the threat.

• Network Segmentation: Isolate critical assets in separate VLANs with strict firewall rules (East-West traffic inspection).
• Endpoint Detection and Response (EDR): Deploy agents that can detect behavioral anomalies, not just file signatures.
• Identity and Access Management (IAM): Enforce Least Privilege and MFA everywhere. Review access logs regularly.
• Regular Audits: Conduct penetration testing and vulnerability scanning (using tools like Nessus or Burp Suite) at least quarterly.