Chapter 4 — Cyber Security

4.1Introduction to Cyber Security

Cyber security is the practice of protecting computers, networks, programs, and data from digital attacks, damage, or unauthorized access.

The CIA Triad — the three goals of security

Confidentiality — only authorized people can see the data. (Passwords, encryption.)
Integrity — data cannot be changed without detection. (Hashing, checksums.)
Availability — the system is up when you need it. (Backups, DDoS protection.)

CIA in a bank = locker, ledger, opening hours. Confidentiality: only you can open your locker. Integrity: the ledger can't be rewritten. Availability: the bank is actually open when you go there.

Why cyber security matters

Protects personal data (photos, messages, bank info).
Prevents financial losses (fraud, ransomware).
Keeps critical services running (power grid, hospitals).
Protects national security.

4.2Common security threats

Social engineering

Hacking humans, not computers. Trick a person into giving up passwords, clicking a bad link, or handing over money.

Phishing — fake emails/SMS pretending to be a bank, Daraz, "Nepal Police" asking you to click and "verify" your account.
Vishing — phishing over a phone call.
Smishing — phishing over SMS.
Pretexting — attacker pretends to be a colleague / IT support to extract info.
Baiting — leaves a USB drive in a parking lot; whoever plugs it in gets infected.

Phishing = the fake "bank SMS" asking for your PIN. Same logic as a stranger at the ATM saying "sir, dai, let me help you with this card." No real bank ever asks for your PIN. Ever.

Denial of Service (DoS) & Distributed Denial of Service (DDoS)

DoS — one attacker floods a server with so many requests that it can't serve real users.
DDoS — same idea, but from thousands of computers at once (often a botnet of infected machines).

DDoS = 10,000 pranksters ringing your doorbell at the same time. You can't even answer the door when your real guest arrives.

Malware (malicious software)

Virus — attaches itself to a legitimate file, spreads when that file is shared.
Worm — spreads over a network on its own, no host file needed.
Trojan horse — pretends to be useful software, hides malicious code.
Ransomware — encrypts your files and demands money to unlock them.
Spyware — secretly watches what you do (keylogger, screen grabs).
Adware — shows forced ads and redirects.
Rootkit — hides deep in the OS to keep itself invisible.

Trojan horse = the original trick. Greeks pretended to leave a giant wooden horse as a gift. Soldiers were hiding inside. Same story when you install a "free PC cleaner" from a sketchy website.

Other common threats

Man-in-the-Middle (MITM) — attacker sits between you and the server, reads/changes your traffic.
SQL Injection — attacker slips database commands into a form field.
Password attacks — brute force, dictionary attacks, credential stuffing.
Zero-day — attack on a flaw the vendor hasn't patched yet.
Insider threat — danger from an employee who misuses their access.

4.3Security Mechanisms

Encryption

Scrambling readable data (plaintext) into unreadable form (ciphertext) using a key. Only someone with the right key can unscramble it.

Symmetric — same key for encryption + decryption (AES). Fast, but key must be shared securely.
Asymmetric — public key to encrypt, private key to decrypt (RSA). The basis of HTTPS.

Symmetric key = a shared padlock between two friends. They both have the same key. Asymmetric = a mailbox. Anyone can drop letters in (your public key). Only you have the key that opens the box (private key).

Hashing

A one-way function that turns any input into a fixed-length "fingerprint." Used to check if data was tampered with, and to store passwords safely. Examples: MD5 (old, weak), SHA-1 (weak), SHA-256 (strong).

Digital signatures

Proves who sent a message and that it wasn't changed. Uses the sender's private key to sign a hash of the message.

Backup

Regular copies of data stored separately. The only cure for ransomware. Follow the 3-2-1 rule: 3 copies, on 2 different media, with 1 off-site.

Secure protocols

HTTPS — encrypted HTTP.
SSL / TLS — the encryption underneath HTTPS.
SSH — secure remote login.
VPN — encrypts all your traffic through a secure tunnel.

4.4Identity and Access Control

The three A's

Authentication — Who are you? Proving your identity (password, fingerprint, OTP).
Authorization — What are you allowed to do? Permissions (read/write/admin).
Accounting / Auditing — What did you do? Logs of every action.

Authentication factors

Something you know — password, PIN.
Something you have — OTP SMS, security token, phone.
Something you are — fingerprint, face, iris (biometrics).

MFA (Multi-Factor Authentication)

Combines two or more of the above. Example: password + OTP = 2FA. Much harder to bypass than a password alone.

MFA = Nepali visa interview. You have to show the passport (something you have) and answer questions (something you know) and sometimes even a biometric. Slow for you — nearly impossible for an impersonator.

Access control models

DAC (Discretionary) — owner decides who can access.
MAC (Mandatory) — system enforces fixed rules (military).
RBAC (Role-Based) — permissions based on role (admin, editor, viewer).

Password best practices

Long (12+ characters), mix letters/numbers/symbols.
Different password for every site.
Use a password manager.
Enable MFA wherever possible.

4.5Firewalls, IDS, and IPS

Firewall

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on rules. It sits between your network and the Internet.

Hardware firewall — a physical device (often built into your router).
Software firewall — runs on your computer (Windows Defender Firewall).

Firewall = the security guard at a mall entrance. Shoppers (legitimate traffic) walk in freely. The guy with the sack, the ski mask, and "shopkeeper of suspicion" stamped on his forehead? Blocked at the door.

IDS — Intrusion Detection System

Watches network traffic and alerts you when it sees suspicious activity. Does not block — just sounds the alarm.

IPS — Intrusion Prevention System

Like IDS, but actively blocks the bad traffic. IDS = alarm; IPS = alarm + auto-lockdown.

System	What it does	Analogy
Firewall	Allows/blocks traffic by rules	Mall guard checking IDs
IDS	Detects and alerts	CCTV with a watchman who shouts
IPS	Detects and blocks automatically	CCTV that also locks the gate

4.6Email Filtering

Email filtering is the process of sorting incoming email into legitimate, spam, and malicious categories — automatically.

What filters look at

Sender reputation (is this domain known for spam?)
Content (suspicious words like "FREE LOTTERY WINNER!!!").
Attachments (.exe files, weird extensions).
Links (do they go to known phishing sites?).
Authentication records: SPF, DKIM, DMARC — check if the sender is really who they claim to be.

Where filtered mail goes

Inbox — passed all checks.
Spam / Junk folder — suspicious; check before deleting.
Quarantine — likely malicious; admin must release.
Blocked — rejected entirely.

Spam filter = your mom sorting the mail pile. Real letters → your desk. "You have won 5 crore rupees!" flyer → straight to the raddi pile.

4.7Use of Antivirus Software

Antivirus software detects, prevents, and removes malware from a computer.

Antivirus = childhood vaccines. When you got the polio vaccine, your body was trained to recognize the virus signature instantly. Antivirus does the same for computers — it carries a "signature list" of known nasties and blocks them before they infect you. And just like vaccines need boosters, antivirus needs regular updates.

How antivirus works

Signature-based detection — matches files against a database of known malware "fingerprints."
Heuristic analysis — looks for suspicious behavior, even for never-seen malware.
Real-time scanning — checks every file as it's opened.
Scheduled scans — scans the whole disk on a schedule.
Quarantine — isolates infected files so they can't run.

Popular antivirus programs

Windows Defender (built into Windows 10/11).
Kaspersky.
Bitdefender.
Norton.
Avast / AVG.
Quick Heal.
McAfee.

Safe-computing habits (just as important as antivirus)

Keep OS and apps updated.
Don't install software from random websites.
Don't click unknown links or download unknown attachments.
Use strong unique passwords + MFA.
Take regular backups.

🛡️ Cyber Security