Skip to main content

Cybersecurity Fundamentals

Overview

Covers the IBM Cybersecurity Fundamentals and Google Foundations of Cybersecurity certifications — core security concepts, threat models, cryptography, and network security.


Core Security Principles

CIA Triad

PrincipleMeaning
ConfidentialityOnly authorised parties can access data
IntegrityData has not been altered without authorisation
AvailabilitySystems and data are accessible when needed

Authentication vs Authorisation

  • Authentication (AuthN) — who are you? (passwords, MFA, certificates)
  • Authorisation (AuthZ) — what can you do? (RBAC, ACLs, policies)

Threat Landscape

ThreatDescription
PhishingSocial engineering via deceptive email/link
MalwareViruses, ransomware, trojans, spyware
SQL InjectionMalicious SQL in user inputs
XSSInject scripts into web pages viewed by others
MITMIntercept communication between two parties
DDoSOverwhelm a service with traffic
Zero-dayExploit unknown to vendor, no patch available

Cryptography

  • Symmetric — same key for encrypt/decrypt (AES). Fast, used for data encryption.
  • Asymmetric — public/private key pair (RSA, ECC). Used for key exchange, TLS, signatures.
  • Hash — one-way function (SHA-256). Used for password storage, integrity verification.
  • TLS/SSL — encrypts data in transit. Uses asymmetric handshake then symmetric session key.

Network Security

  • Firewall — filters traffic by rules (stateful/stateless).
  • IDS/IPS — detects/prevents intrusion based on signatures or anomalies.
  • VPN — encrypted tunnel over public network.
  • DMZ — buffer zone between public internet and internal network.
  • Zero Trust — never trust, always verify. Authenticate every request.

OWASP Top 10 (Web)

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection (SQL, command)
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable Components
  7. Authentication Failures
  8. Software Integrity Failures
  9. Logging/Monitoring Failures
  10. Server-Side Request Forgery (SSRF)

Best Practices

  • Use MFA everywhere.
  • Patch systems and dependencies regularly.
  • Principle of least privilege — grant minimum permissions.
  • Encrypt data at rest and in transit.
  • Log and monitor all access.
  • Never store plain-text passwords — use bcrypt or Argon2.

Cheat Sheet

CIA: Confidentiality | Integrity | Availability
Crypto: AES (symmetric) | RSA (asymmetric) | SHA-256 (hash) | TLS (transport)
Threats: Phishing | SQLi | XSS | MITM | DDoS | Ransomware
Defence: Firewall | IDS/IPS | VPN | MFA | Least Privilege | Zero Trust