Confidentiality, Integrity, and Availability (CIA Triad)
The CIA Triad represents three fundamental principles used to protect organizational data and information systems. These principles work together to ensure data security and trustworthiness.

Confidentiality
Confidentiality ensures that sensitive information is accessible only to authorized users. Techniques such as encryption, authentication, and access control are used to prevent unauthorized data disclosure.

Integrity
Integrity ensures that data remains accurate, complete, and unaltered during storage or transmission. Mechanisms like hashing, checksums, and digital signatures help detect and prevent unauthorized data modification.

Availability
Availability ensures that data and systems are accessible when needed by authorized users. Redundancy, backups, and protection against attacks like DoS help maintain system availability.

How They Work Together
All three principles must be maintained simultaneously. For example, data may be confidential and accurate, but if systems are unavailable, the organization cannot operate effectively. Weakness in any one principle can compromise overall security.

Real-World Security Breach Example
Equifax Data Breach (2017): In this incident, attackers exploited a vulnerability to access sensitive personal data of millions of users. Confidentiality was compromised as private data was exposed, and Integrity was also affected because attackers accessed systems without authorization.

A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predefined security rules.
Difference Between Stateful Inspection Firewall and NGFW (Next Generation Firewall)

Phishing is a type of cyber attack where attackers trick users into revealing sensitive information like passwords, OTP, or bank details by pretending to be a trusted entity.

Types of Phishing Attacks

• Email Phishing: Fake emails that look like banks or companies asking for login details.
• Spear Phishing: Targeted attack on a specific person or organization using personalized information.
• Smishing (SMS Phishing): Fraud messages sent via SMS with malicious links.
• Vishing (Voice Phishing): Attackers call users pretending to be bank officials to collect information.
• Clone Phishing: A legitimate email is copied and modified with a malicious link.
• Pharming: Redirects users to a fake website even if they enter the correct URL.

• It spreads through phishing emails, malicious downloads, or infected websites.

• 1. Isolate the System: Immediately disconnect the workstation from network (LAN/Wi-Fi) to stop spreading.
• 2. Do Not Pay Ransom: Paying does not guarantee data recovery and encourages attackers.
• 3. Identify & Remove Malware: Use antivirus / anti-malware tools to scan and remove ransomware.
• 4. Restore Data from Backup: Recover files from secure offline or cloud backup.
• 5. Report & Recover: Inform IT/security team, update system, patch vulnerabilities, and change all passwords.

i. Policy Violations

• Account Access Violation: Sharing a single Superuser password among multiple employees violates security policy (no accountability and poor access control).
• Backup Schedule Violation: Policy requires daily backups, but the system performs only weekly backups.

ii. Compliance Failure (Backup Schedule)

• Policy Non-Compliance: The organization is not following its defined backup policy.
• Data Loss Risk: Weekly backups can result in losing up to 7 days of data.
• Business Continuity Risk: In case of failure, recovery will not be up-to-date.
• Audit & Legal Risk: Non-compliance may lead to penalties, audit failure, or legal issues.

CIA in Information Security

CIA stands for:

• Confidentiality
• Integrity
• Availability

The CIA Triad is a fundamental security model used to protect information systems and sensitive data.

It helps organizations ensure that data remains secure, accurate, and accessible to authorized users.

1. Confidentiality

Confidentiality means protecting information from unauthorized access or disclosure.

Only authorized users are allowed to view or access sensitive data.

Methods Used to Ensure Confidentiality

• Encryption
• Password protection
• Access control
• Multi-Factor Authentication (MFA)

Example:

Online banking passwords and customer account details are encrypted so that unauthorized users cannot read them.

2. Integrity

Integrity means ensuring that data remains accurate, complete, and unmodified unless changed by authorized users.

It prevents unauthorized alteration or corruption of information.

Methods Used to Ensure Integrity

• Hashing
• Digital signatures
• Checksums
• Access permissions

Example:

During a bank transaction, the transferred amount should not be changed accidentally or maliciously.

3. Availability

Availability means ensuring that systems, applications, and data are accessible whenever authorized users need them.

Systems should remain operational without unnecessary downtime.

Methods Used to Ensure Availability

• Data backup
• Redundant systems
• Disaster recovery plans
• UPS and power backup

Example:

An ATM system should remain available 24/7 so customers can access banking services anytime.

Summary of CIA Triad

The CIA Triad forms the foundation of information security. Confidentiality protects privacy, integrity ensures data accuracy, and availability guarantees continuous access to systems and information.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is a security mechanism that requires a user to provide two or more different authentication factors to verify identity before accessing a system, application, or banking service.

MFA improves security because even if one authentication factor is compromised, unauthorized users still cannot easily gain access without the other required factors.

Modern banking systems widely use MFA to protect customer accounts, online transactions, and sensitive financial information.

Three Globally Recognized Authentication Factors

Example of MFA in Banking

When a customer logs into online banking:

• The customer enters a password (Something You Know).
• The bank sends an OTP to the customer’s mobile phone (Something You Have).
• The banking app may also require fingerprint verification (Something You Are).

Only after successful verification of multiple factors is access granted.

Advantages of MFA

• Provides stronger security.
• Reduces risk of unauthorized access.
• Protects sensitive banking information.
• Helps prevent phishing and password theft attacks.

MFA combines multiple authentication methods to improve security significantly. The three main authentication categories are something you know, something you have, and something you are.

Encryption: Encryption is the process of converting readable data, called plaintext, into an unreadable form called ciphertext using an encryption algorithm and a key.

• The main purpose of encryption is to protect sensitive information from unauthorized access during storage or transmission.
• Only authorized users who have the correct key can understand the encrypted data.

Decryption: Decryption is the reverse process of encryption.

• It converts the encrypted ciphertext back into the original readable plaintext using a decryption key.
• Without the correct key, the encrypted data cannot be understood properly.

How Encryption and Decryption Work

• The sender encrypts the original message using an encryption key.
• The encrypted message (ciphertext) is transmitted or stored.
• The receiver uses the correct decryption key to recover the original message.

Example

Suppose the original message is:

Plaintext: HELLO

Using a simple encryption method where each letter is shifted by 3 positions:

• H → K
• E → H
• L → O
• L → O
• O → R

The encrypted message becomes:

Ciphertext: KHOOR

When the receiver applies decryption by shifting the letters back by 3 positions:

• K → H
• H → E
• O → L
• O → L
• R → O

The original plaintext is recovered:

Decrypted Text: HELLO

Applications of Encryption

• Secure online banking
• HTTPS web communication
• Email security
• Password protection
• VPN communication

Conclusion

Encryption protects data by converting it into unreadable form, while decryption restores it back into readable form. Together, they ensure confidentiality and secure communication in computer networks and information systems.

Possible Causes

A server sending abnormal traffic may indicate security or system-related problems. Possible causes include:

• Malware or Virus Infection: The server may be infected with malware, botnet software, or ransomware that is sending malicious traffic.
• DDoS Attack Participation: The compromised server may be used to launch Distributed Denial of Service (DDoS) attacks.
• Unauthorized Access: An attacker may have gained access using weak passwords, stolen credentials, or vulnerabilities.
• Misconfigured Applications: Faulty software or incorrect network configuration may generate excessive traffic.
• Data Breach or Data Exfiltration: Sensitive data may be transferred illegally to external systems.

Immediate Actions

• Isolate the Server: Disconnect the server from the network immediately to stop abnormal traffic.
• Check System Logs: Analyze firewall, server, and application logs to identify suspicious activities.
• Run Security Scan: Use antivirus and malware detection tools to scan the server.
• Identify Active Connections: Check running processes and network connections using monitoring tools.
• Change Credentials: Reset passwords and disable compromised accounts.
• Apply Security Updates: Patch operating system and software vulnerabilities.
• Notify Security Team: Inform administrators or incident response teams immediately.
• Backup Important Data: Secure critical data before recovery actions.

Abnormal outbound traffic is often a sign of compromise or malfunction. Quick isolation, investigation, and security response are necessary to protect the network and prevent further damage.

• A Zero-Day Attack is a cyber attack that exploits a software or hardware vulnerability before the vendor or developer becomes aware of it or releases a security patch.
• It is called “zero-day” because developers have had zero days to fix the vulnerability before the attack occurs.
• Attackers use these unknown vulnerabilities to gain unauthorized access, steal data, spread malware, or damage systems.

Characteristics of Zero-Day Attacks

• Exploit unknown vulnerabilities.
• No security patch is available initially.
• Difficult to detect using traditional antivirus tools.
• Can cause serious financial and security damage.

Examples of Zero-Day Attacks

• Ransomware exploiting unpatched systems.
• Browser vulnerabilities used for data theft.
• Operating system exploits for unauthorized access.

Data in Transit vs Data at Rest

Data security technologies differ depending on whether data is moving through a network or stored in a device.

Technologies Used for Data in Transit

• SSL/TLS: Encrypts communication between client and server.
• HTTPS: Secure version of HTTP using TLS/SSL.
• VPN: Creates encrypted communication tunnels.
• SSH: Secure remote login and communication.

Technologies Used for Data at Rest

• Disk Encryption: Encrypts entire storage devices.
• Database Encryption: Protects stored database records.
• AES Encryption: Common encryption standard for stored data.
• Access Control: Restricts unauthorized access to files and storage.

Cryptocurrency is a type of digital or virtual money that uses cryptography for security. It does not exist in physical form like paper notes or coins. Instead, it operates on a decentralized network of computers, meaning no single bank or government controls it. Transactions are verified and recorded on a public ledger called a blockchain. Popular examples include Bitcoin, Ethereum, and Ripple.

Key Features:

• Digital only: No physical coins or notes exist.
• Decentralized: No central authority like a bank manages it.
• Secure: Cryptography protects transactions from fraud.
• Global: Can be sent anywhere in the world quickly.

Bitcoin

Bitcoin is the first and most well-known cryptocurrency. It was created in 2009 by an unknown person or group using the name Satoshi Nakamoto. Bitcoin allows people to send and receive payments directly without needing a bank or middleman. It uses blockchain technology to record all transactions in a transparent and tamper-proof way. The total supply of Bitcoin is limited to 21 million coins, making it scarce and valuable over time.

How Bitcoin Works:

• Mining: Powerful computers solve complex math problems to verify transactions and add them to the blockchain. Miners earn new Bitcoins as a reward.
• Wallets: Users store Bitcoin in digital wallets using private keys, which act like passwords.
• Transactions: When someone sends Bitcoin, the network validates it and records it permanently on the blockchain.

Example: A person in the USA can send Bitcoin to a friend in Japan within minutes, without paying high bank fees or waiting days for processing.

Advantages of Blockchain Technology

Blockchain is the underlying technology behind Bitcoin and most cryptocurrencies. It is a chain of blocks, where each block contains a list of transactions. Once added, the data cannot be changed or deleted.

• Transparency: All transactions are visible to everyone on the network, reducing fraud and corruption.
• Immutability: Once data is recorded, it cannot be altered or deleted, making records trustworthy.
• Decentralization: No single point of control means the system is harder to hack or shut down.
• Security: Cryptography and consensus mechanisms make it extremely difficult to tamper with data.
• Faster transactions: Cross-border payments happen in minutes instead of days.
• Lower costs: Removing middlemen like banks reduces transaction fees significantly.
• Traceability: Every transaction can be traced back to its origin, useful for supply chain and auditing.

Cyber Security is the practice of protecting computers, servers, networks, and data from digital attacks. It is important because our daily lives, businesses, and governments all depend heavily on technology and the internet.

• Protects sensitive data: Keeps personal information, financial records, and business secrets safe from thieves.
• Prevents financial loss: Stops hackers from stealing money or causing costly damage to systems.
• Maintains privacy: Ensures that private conversations, photos, and documents remain confidential.
• Ensures business continuity: Helps companies keep running even when facing cyber attacks.
• Builds trust: Customers feel safe using services that protect their information properly.

Common Types of Cyber Threats

1. Malware
Malware is harmful software designed to damage or gain unauthorized access to a system. It includes viruses, worms, and trojans.

Example: A virus that spreads through email attachments and corrupts files on the computer.

2. Phishing
Phishing is a trick where attackers send fake emails or messages that look real to steal login credentials or personal details.

Example: An email pretending to be from a bank asks the user to click a link and enter their password on a fake website.

3. Ransomware
Ransomware locks or encrypts the victim’s files and demands money to unlock them.

Example: A hospital’s patient records are encrypted by ransomware, and attackers demand payment to restore access.

4. DDoS Attack (Distributed Denial of Service)
A DDoS attack floods a website or server with massive traffic to make it crash and unavailable to real users.

Example: An online shopping site becomes unreachable during a sale because hackers overload it with fake requests.

5. Man-in-the-Middle (MitM) Attack
In this attack, the hacker secretly intercepts communication between two parties to steal or alter data.

Example: A hacker on public Wi-Fi intercepts login details sent between a user and a website.

6. SQL Injection
SQL Injection is a technique where attackers insert malicious code into a database query to access or destroy data.

Example: A hacker enters special code into a login form to bypass authentication and access the entire database.

Cyber Security Measures

• Strong passwords and MFA: Use complex passwords and Multi-Factor Authentication to add extra layers of protection.
• Firewalls: Install firewalls to block unauthorized access to networks and systems.
• Antivirus software: Use updated antivirus programs to detect and remove malware.
• Regular updates: Keep operating systems and applications patched to fix security holes.
• Data encryption: Encrypt sensitive files so even if stolen, they cannot be read without the key.
• Regular backups: Create copies of important data to recover quickly after an attack.
• User awareness training: Teach employees and users to recognize phishing and avoid risky behavior.

Cross-Site Scripting (XSS) is an attack where malicious scripts are injected into trusted websites. The key difference between Reflected and Stored XSS lies in how the payload reaches the victim.

1. Reflected XSS

In Reflected XSS, the malicious payload is embedded in a URL or request and delivered to the victim through social engineering. The server reflects the payload back in the response without storing it.

• Delivery method: The attacker crafts a malicious link containing the script and tricks the victim into clicking it — via email, chat messages, or fake websites.
• Server role: The server receives the payload in the request (like a search query or form input) and immediately includes it in the response page.
• Storage: The payload is never stored on the server. It exists only in the single request-response cycle.
• Victim trigger: The victim must actively click the malicious link or submit a crafted form.

Example: An attacker sends an email with a link like:
https://bank.com/search?q=<script>stealCookie()</script>
When the victim clicks, the bank site reflects the script in the search results page and it executes.

2. Stored XSS

In Stored XSS, the malicious payload is permanently saved on the server (in a database, comment field, or user profile) and delivered to every victim who views the infected content.

• Delivery method: The attacker submits the payload through a form, comment box, or any input that the application saves. Later, when other users load that page, the server serves the stored script.
• Server role: The server stores the payload and includes it in responses to multiple users over time.
• Storage: The payload is persistently stored on the server in a database or file.
• Victim trigger: The victim only needs to visit the infected page. No click on a special link is required.

Example: An attacker posts a comment on a blog containing:
<script>stealCookie()</script>
Every visitor who loads that blog post automatically executes the script.

Comparison Table:

SQL Injection
SQL Injection is a type of attack where an attacker inserts malicious SQL queries into input fields, allowing them to manipulate or retrieve data from the database. This can result in unauthorized access, data theft, or even complete control over the database.Example: If a website uses the following SQL query to check login credentials:

SELECT * FROM users WHERE username = 'input' AND password = 'input';

An attacker can input the following into the username or password field:

        ' OR 1=1 --

This will change the query to:

 SELECT * FROM users WHERE username = '' OR 1=1 -- AND password = '';

The condition `1=1` is always true, allowing the attacker to bypass the login and gain access to the application.
Cross-Site Scripting (XSS)
XSS (Cross-Site Scripting) is a security vulnerability that allows attackers to inject malicious JavaScript code into a website’s pages. This code is then executed in the browsers of users who visit the infected page, allowing attackers to steal sensitive data like cookies, session tokens, or even login credentials.
Example: If a website allows a user to submit a comment like:

<input type="text" name="comment" />

Without sanitizing the input, an attacker could submit the following as a comment:

  <script>alert('XSS Attack');</script>

If the website displays this comment without filtering out the <script> tag, it will execute the JavaScript code in the victim’s browser, potentially leading to a stolen session or a malicious redirect.

CSRF (Cross-Site Request Forgery) is a type of attack where an attacker tricks a victim into unknowingly sending a forged request to a web application, using the victim’s authentication credentials (such as a session cookie). The attacker does not need to know the victim’s username or password but exploits the active session to perform unauthorized actions.

Example: Suppose a user is logged into a banking website and has an active session. The attacker sends the user a link to a malicious website that contains a hidden request to transfer funds from the victim’s account:

<img src="https://bankingwebsite.com/transfer?amount=1000&to_account=attacker" style="display:none;" />

When the victim clicks on the malicious link, the image request triggers the transfer of funds without the victim knowing. Since the victim is already logged into the banking site, the server accepts the request as legitimate, and the funds are transferred to the attacker’s account.

Impact of Stealing a Private Key in TLS

If an attacker steals the private key of a website that uses Transport Layer Security (TLS) and remains undetected, several serious security threats can occur.

• Decryption of Encrypted Traffic: The attacker can decrypt past and future TLS sessions (if Perfect Forward Secrecy is not used).
• Impersonation: The attacker can impersonate the legitimate website and perform Man-in-the-Middle (MITM) attacks.
• Data Theft: Sensitive data such as usernames, passwords, cookies, and credit card details can be stolen.
• Malware Injection: Malicious content can be injected while appearing as a trusted website.

Mitigation Steps:

• Immediately revoke the compromised certificate.
• Generate a new key pair and install a new certificate.
• Enable Perfect Forward Secrecy (PFS).
• Monitor logs and notify users if required.

Reasonable Security Policy for Cross-Origin Frame Navigation

Consider two browser frames A and B loaded from different origins. Allowing frame A to navigate frame B to another origin is considered a reasonable security policy only when the display area of A contains part of B and A has control over that area.

Reasons:

• User Awareness: Since frame A visibly contains part of frame B, the user can see the interaction and is less likely to be tricked by hidden or invisible actions.
• UI Control: If A controls the display area of B, it implies an explicit embedding relationship, making navigation intent clearer and more legitimate.
• Clickjacking Prevention: This restriction prevents malicious frames from silently redirecting other frames that are not visually or structurally related.
• Least Privilege Principle: A is granted limited control (navigation only), not full access to B’s content, maintaining origin isolation.
• Maintains Same-Origin Security: While navigation is allowed, reading or modifying B’s data remains restricted, preserving the same-origin policy.

Allowing navigation under these controlled and visible conditions balances usability with security and prevents abuse across origins.

Penetration Testing (Pen Testing) is a security testing method where ethical hackers simulate real-world attacks on a network service to identify vulnerabilities.

Purpose:

• To find security weaknesses in the network
• To evaluate system security
• To prevent unauthorized access and attacks

Process:

• Scanning: Identify open ports and services
• Exploitation: Try to access the system using vulnerabilities
• Reporting: Document findings and suggest fixes

Penetration testing helps organizations improve network security by detecting and fixing vulnerabilities before attackers exploit them.

Common Security Vulnerabilities in Web Applications & Their Solutions

1. SQL Injection:

• Attackers insert malicious SQL queries
• Solution: Use prepared statements and input validation

2. Cross-Site Scripting (XSS):

• Malicious scripts are injected into web pages
• Solution: Use input sanitization and output encoding

3. Cross-Site Request Forgery (CSRF):

• Unauthorized actions performed on behalf of users
• Solution: Use CSRF tokens and secure cookies

4. Weak Authentication:

• Poor password or login system
• Solution: Use strong passwords, multi-factor authentication (MFA)

5. Broken Access Control:

• Users access unauthorized data
• Solution: Implement proper authorization checks

6. Security Misconfiguration:

• Default settings or improper setup
• Solution: Regular updates and secure configuration

7. Sensitive Data Exposure:

• Data not properly protected
• Solution: Use encryption (HTTPS, SSL/TLS)

By applying secure coding practices, proper validation, and strong authentication, web application vulnerabilities can be minimized.

Social Engineering is a technique where attackers manipulate people into revealing confidential information instead of hacking systems directly.

Common Social Engineering Techniques:

• Phishing: Fake emails or websites used to steal login credentials or personal data.
• Pretexting: Attacker creates a false scenario to gain trust and extract information.
• Baiting: Offering something attractive (e.g., free USB, download) to trick users.
• Tailgating (Piggybacking): Unauthorized person follows an authorized person into a restricted area.
• Quid Pro Quo: Offering a service (e.g., tech support) in exchange for sensitive information.
• Spear Phishing: Targeted phishing attack aimed at a specific individual or organization.

Conclusion:
Social engineering attacks exploit human psychology, so awareness and user training are essential for prevention.

Malware (Malicious Software) is software designed to harm, damage, or gain unauthorized access to a computer system.

Examples of Malware:

• Virus: Attaches to files and spreads when executed
• Worm: Spreads automatically through networks
• Trojan Horse: Disguised as legitimate software
• Ransomware: Locks data and demands payment
• Spyware: Monitors user activity secretly

Conclusion:
Malware can damage systems and steal data, so using antivirus and security practices is important

Authentication is the process of verifying the identity of a user or system before granting access.

Example: Logging into a system using username and password.

Two Factor Authentication (2FA) is a security method where a user must provide two different types of verification to access a system.

Types of Factors:

• Something you know: Password or PIN
• Something you have: OTP, mobile device
• Something you are: Fingerprint, face recognition

Example:
Login with password + OTP sent to mobile.

Conclusion:
2FA increases security by adding an extra layer of protection beyond just a password.