OSI Model Layers and Their Functions

1. Physical Layer: Responsible for the transmission of raw bits over a physical medium. It defines cables, connectors, voltage levels, and data rates.

2. Data Link Layer: Ensures error-free data transfer between two directly connected nodes. It handles framing, error detection, and MAC addressing.

3. Network Layer: Manages logical addressing and routing of data packets across different networks.
Example: IP addressing.

4. Transport Layer: Provides reliable data transfer between end systems. It handles segmentation, flow control, and error recovery.
Example: TCP, UDP.

5. Session Layer: Manages sessions between applications. It establishes, maintains, and terminates communication sessions.

6. Presentation Layer: Translates data formats, handles encryption/decryption, and data compression.

7. Application Layer: Provides network services directly to end users and applications.
Example: HTTP, FTP, SMTP.

Cloud Computing

Cloud Computing is a technology that provides computing resources such as servers, storage, databases, networking, and software over the internet on a pay-as-you-go basis. It allows users to access and use IT resources without owning or maintaining physical infrastructure.

Service Models of Cloud Computing

1. Infrastructure as a Service (IaaS)

IaaS provides virtualized computing resources like virtual machines, storage, and networks. Users have control over operating systems and applications.
Examples: Amazon EC2, Google Compute Engine, Microsoft Azure VM.

2. Platform as a Service (PaaS)

PaaS provides a platform that allows developers to build, test, and deploy applications without worrying about infrastructure management.
Examples: Google App Engine, Heroku, Microsoft Azure App Service.

3. Software as a Service (SaaS)

SaaS delivers complete software applications over the internet. Users can access software using a web browser without installation or maintenance.
Examples: Gmail, Google Docs, Salesforce.

Functional Requirements

Functional requirements describe what a system should do. They define the specific functions, features, and behaviors of the system.

Examples:

• User login and authentication.
• Generating reports.
• Processing online payments.
• Data entry, update, and deletion.

Non-Functional Requirements

Non-functional requirements describe how a system performs its functions. They specify quality attributes and system constraints.

Examples:

• Performance (response time, throughput).
• Security (authentication, authorization).
• Usability and accessibility.
• Reliability and availability.
• Scalability and maintainability.

Requirement Validation

Requirement Validation is the process of ensuring that documented requirements are correct, complete, consistent, feasible, and meet the actual needs of stakeholders. It answers the question: “Are we building the right system?”

Activities in Requirement Validation:

• Requirement reviews and walkthroughs.
• Prototyping.
• Stakeholder approval and sign-off.
• Checking for ambiguity and conflicts.

Authentication: Authentication is the process of verifying the identity of a user or system.
Example: Logging in using username and password, OTP, biometric.

Authorization: Authorization is the process of determining what resources or actions a verified user is allowed to access.
Example: Admin can edit data, but a normal user can only view data.

CIA Triad in Cyber Security

The CIA Triad is a model that defines three core principles of information security:

• Confidentiality: Ensures that data is accessible only to authorized users.
  Example: Encryption, passwords.
• Integrity: Ensures that data remains accurate and unaltered.
  Example: Hashing, digital signatures.
• Availability: Ensures that data and systems are accessible when needed.
  Example: Backup systems, redundancy.

Social Engineering

Social Engineering is a cyber-attack technique where attackers manipulate people into revealing confidential information such as passwords, OTPs, or bank details. Instead of exploiting technical vulnerabilities, it exploits human psychology.

Examples: Phishing emails, fake phone calls, impersonation.

Hashing

Hashing is a process of converting data into a fixed-length value (hash) using a mathematical algorithm. It is a one-way process, meaning the original data cannot be retrieved from the hash.

Examples: Password storage using SHA-256, MD5.

Difference between Hashing and Encryption

• Hashing: One-way process, cannot be reversed.
• Encryption: Two-way process, data can be decrypted using a key.
• Purpose of Hashing: Data integrity and password protection.
• Purpose of Encryption: Data confidentiality and secure communication.

Vulnerability Assessment

Vulnerability Assessment is the process of identifying, analyzing, and prioritizing security weaknesses in systems, networks, or applications. It helps organizations understand potential risks before attackers exploit them.

Examples: Scanning for outdated software, weak passwords, misconfigured systems.