Midterm 1 Review
Week 1
Intro to Cybersecurity
Cybersecurity:Practice of protecting computer hardware, software, and digital information (assets) from unauthorized access or attacks
Assets: Anything of value to an organization
Physical: things like laptops, cellphones, networking devices
Digital: things like social media accounts, client information, digital medical records, scanned contracts
Goal: Ensure confidentiality, integrity, and availability (CIA Triad) to keep your date safe
Key Terms:
Computer Worm: Self replicating malware, does not rely on other software programs
Personally Identifiable Information (PII): factual or subjective information that can identify an individual
Threat Actor (bad actor): entity responsible for an incident that impacts another entity
Malware: requires attacker to install software on the targets computer with potential to harm or exploit
The Internet and Types of Attacks
Public realm, clearnet, surface web include computers, servers that are easily accessible, do not need passwords, are indexed the visible 4
Deep web, invisible web is accessible only with special tool or authentication, not indexed
Dark Web on specialized networks, accessible with specialized software, anonymizes the user
Cryptocurrency: unregulated digital currency, primary form of currency used in dark web, hard to trace
Ransomware: popular form of attack, difficult to trace, payments made by cryptocurrency
Insight: the dark web is like a hidden marketplace some use it for good, others for harm
Who are the attackers?
Nation-state actors: to damage other governments, nations.
Insider threats: by disgruntled employees, errors.
Organized cybercriminals: for financial gain, influence
Hacktivists: to create change
Thrill Seekers: building a reputation
ie)Nation-states might attack power grids, while thrill seekers will test your wifi
Managing Cybersecurity Risk
Social Engineering: manipulating someone to divulge or give access to restricted info, systems.
Risk: effect of uncertainty on an organization objectives, the chances that an outcome will happen
Cyber threat surfaces: all computer endpoints that connect an organization assets to the internet
Risk Management: Organizations should take a systematic approach to managing risk, to ensure unbiased, evidence based decisions are made; often but choosing a methodology to define and assess risk, identify, prioritize, then address risks
Cybersecurity Framework
NIST Framework: provides a policy framework of computer security guidance
ISO 27001: international standards for managing information security
Benefits: helps any job business or school stay secure
Implementation: requires regular updates and simple checks
Basic Cybersecurity Practices:
Strong Passwords
Two Factor Authentication
Software Updates
Week 2
Understanding the CIA Triad and IT Security Basics
The basics of IT Security: CIA Triad
Confidentiality: Keep data secret from unauthorized people
ie) A password protects your gmail account
Integrity: Keep data accurate and unchanged
ie)A bank statement should not change unless the bank updates it correctly
Availability: Keep data and systems ready when needed
ie)Mesanaks module should work during assignment deadlines
Why the CIA Triad Matters
The CIA Triad isn’t theory; it guides how we design cybersecurity strategies. With the triad, organisations can:
Protect sensitive information
Reduce risks of data breaches and hacks
Build strong security policies
Adapt to the fast-changing cyber threat environment
Implementing the Three-Piller Approach
Confidentality: Use encryption and strict access rules
Integrity: Use monitoring, checks, and validation to stop tampering
Availability: Use backups, secure servers, and standards like MFA to keep systems running
Stability, availability, and integrity
Beyond CIA, security also relies on stability:
Stability: Systems should run reliably without frequent crashes
Integrity: Information must stay accurate and unchained
Availability: Services and data must always be there when needed
The Role Of People
Tech alone cannot protect information. People matter too:
Stay updated on cyber threats
Use strong passwords and MFA
Follow security rules at work or school
Join awareness and training programs
The role of Processes
Processes = step-by-step rules for protection. These include:
Encryption for data confidentiality
Multi-factor authentication for stronger login security
Written security policies everyone must follow
Cyber Attacks and How to Fight Back
Understanding Hackers
Hackers try to steal, change, or block access to data. To fight back:
Use CIA Triad as a framework
Keep systems updates
Train staff and students in cyber awareness
Follow industry standards
Organizations also hire ethical hackers to test systems safely; they find weaknesses before criminals do.
Importance of Information Security
In Today's World
Cyber risks are always changing
Following the CIA Triad is essential
Encryption, MFA, and security policies to keep data safe
Teamwork and Awareness and Constant Learning is vital
Cybersecurity Threats and Cybercrime in Canada
Why talk about threats?
Cyber security is not abstract- its a real risk to people, organizations, and the government
Threat is a potential cause of harm
Vulnerability is a weakness that can be exploited
Attack is when someone actually tries to take advantage of that weakness
Key Terms
Malware: Short for malicious software; any software designed to damage or gain unauthorized access to systems
Virus: Malware that attaches itself to a file/program and spreads when the file is shared
Worm: Self-replicating malware that spreads across networks without user action
Trojan Horse: Malware disguised as legitimate software; tricks user into installing it
Spyware: Malware that monitors user activity secretly (ie: steals passwords or browsing habits)
Ransomware: Malware locks file and systems until a ransom is paid
Adware: Software that automatically displays or downloads ad, sometimes bundled with free apps
Rootkit: Malware that hides deep inside a system, giving attackers long-term ‘root’ control
Phishing: Fake emails or websites that trick users into sharing sensitive information
Vishing: Voice-Phishing – phone calls pretending to be from banks, tech support or government, asking for personal information
Botnet: Network of compromised devices (‘zombies) controlled remotely to launch attacks (like DDOS)
Who are the attackers?
Cybercriminals:financially motivated, often organized groups
Nation-state actors:spying, stealing secrets, or disrupting rivals
Insiders:careless or disgruntled employees
Hacktivists:doing it for a cause; political or social
Thrill Seekers: doing it for fun/to prove skill
How attacks typically unfold
Gain entry(phishing, stolen credentials, web exploit)
Install malware to keep access
Move deeper. Collect more access
Carry out the goal: steal, lock, or destroy data
Try to cover tracks or cash out
Break any stage and the attack fails
Cybercrime in Canada
Two Main Categories:
Technology as target: system themselves are attacked
Technology as instrument: tech is used to commit traditional crimes
Under-reporting problem: many incidents never reach police
National Cybercrime Coordination Centre (NC3): Canada’s hub for reporting and investigation
Canada lost $530 million in 2022 due to cybercrime
Case Study (Desjardin Breach 2019):
Insiders leaked data of 9.7 million canadians
Info like names, addresses, SINs, and financial records
Impact: many canadians faced identity theft risks
Lesson: insider threats can be just as dangerous as hackers
Case Study (healthcare ransomware 2021):
Newfoundland & Labrador healthcare was hit by ransomware
Thousands of patient records were exposed
Surgeries delayed; hospitals had to revert back to paper files
Lesson: Cyberattacks can directly harm people health and safety
Common Scams in Canada:
CRA Scams: Fake calls or emails demanding tax payments
Bank Scams: Texts pretending to be banks
Student Scams: Fake job offers or tuition fee ‘discounts’
Immigration Scams: Targeting newcomers with faking deportation
Canadian Legal Landscape
Criminal Code: defines offences like hacking, fraud, mischief to data
Copyright act
CASL: Canada’s Anti-Spam Legislation
Personal Information Protection and Electronic Documents Act (PIPEDA)
Why it Matters: knowing laws help organizations respond correctly
Common Attack Methods
Phishing
Credential Attacks
Malware
Cloud Misconfigurations
Supply Chain Attacks
Cryptography
Cryptography is the science of protecting information by transforming it into a form that is unreadable to unauthorized users, while still allowing intended users to access it
Core Functions in Security:
Confidentiality– ensures only authorized people can read the data
Integrety– detects if data has been altered
Authentication– verifies the identity of the sender or system
Non-repudation– prevents denial of actions proving that a message or transaction really came from a specific person
Why it matters; Cryptography turns raw defenses into trust– we can safely shop online, use banking apps, and protect backups against attackers
Cryptography in Practice
Encryption: Protects files, databases, and backups from data theft
Hashes: Detect unauthorized changes in software or messages
Message Authentication Codes: Guarantee both integrity and authenticity in communications
Digital Signature: Prove that emails, documents, or software updates are genuine
TLS/SSL: Secures web traffic, preventing eavesdropping on wifi or internet
Week 3
Computers and Computing
Computer
General Purpose can perform a range of computing tasks
Digital: baked on binary 1 – 0 technology
Stored program: command necessary to perform the tasks are stored within the computer
Central processing unit: The brain of a computer, where all computing is done
Computer: A system that includes hardware, an operating system, application programs, and peripherals
Applications: Software program design to fulfill a specific task that is additional to the operation of the computer itself
Computer Fundamentals: Operating Systems
Operating Systems (OS) perform behind the scenes functions such as:
Managing computers resources
Providing a user interface
OS Vulnerabilities figure in cybersecurity attacks, as zero-day vulnerabilities, and often dealt with through OS patches
Root access allow sixers to enter complete set of commands; usually limited to administrator, super user, or root account
Hackers often aim to gain root access
Usually only a limited set of commands are available to most users
Media access control address is unique to each computer
Computer Fundamentals: Programs and Applications
Internet of THings devices may not have OS
IoTS add convenience and also risks
Each device is a platform for attack (ie: home security cameras)
Each application on a device has potential zero-day vulnerabilities
Computer Fundamentals: Peripherals
Peripherals: auxiliary devices that fall into one of these categories
Input Devices (keyboards, mouse, microphone)
Output Devices (monitor, printer, speakers)
Input/output devices (tape drive for backup and restore)
Networking: Connecting Devices
Packet Switching: separating a potential lengthy missive into a series of messages (packets) about 512 to 1500 byte size
Enabled development of switches and routers to route the packets to their destination based on the address
Physical Layer: connections between locations including fibre optics, wired, wireless
Fibre Optics: data converted to light, used over long distances
Wired: Lan uses ethernet
Wireless: shared and heavily regulated; three main classes
Wi-Fi
Wide area cellular
Satellite
Internetworking: Connecting Devices
Internet: the global packet-switched TCP/IP-based network that interconnects most computers on earth
Internetworking: technology of connecting networks together
Internetworking: Network Protocols
System of rules that allow two more different network elements to communicate with each other
TCP/IP protocol developed early on for ARPANET and still the primary internet routing protocol today
Other protocols: UDP, IPv4, VPN, HTTPS, BGP, FTP, SSL
Internetworking: Security
Trust-based system in the underlying network protocols and devices
Future state means newer technologies could break or attack older, stable protocols
Increased network speeds will be developed
State-sponsored cyber risks has led some countries to ban some network equipment
Internetworking: Cloud Computing
Cloud Computing is the combination of server-frame computation and internet bandwidth
Delivers computing services from a data centre instead of the same services held locally on computer
Opportunities for attackers to take down entire service
Large repository of personal data makes cloud computing a rich target for attackers
Can be monitored for risks constantly
Types of cloud networking
Software as a Service (SaaS)
Everything is in the cloud
Platform as a Service (PaaS)
Applications and user data is local, with processing, OS storage, etc.
Infrastructure as a Service (IaaS)
Complex, client controls most
Cyberattacks
Cybercriminals aim to:
Steal data or resources that do not belong to them
Cause damage to systems, networks, or data
Enhance their reputation within the hacking community
Cyberattacks are broadly categorized into:
Identity Compromise
Privilege Escalation
Service Disruption
Compromise Attacks
Overview
Threat actors take over parts or all of victims identity to access sensitive information
Common Types include:
Eavesdropping
Person in the middle
Phishing, Vishing, Smishing
Identity Compromise Malware
Impact: Unauthorized access to personal data, financial loss, or identity theft
Case Study: 2019 capital one breach– attacker used stolen credentials to access customer data
Eavesdropping
Attackers intercept digital traffic to capture sensitive information
Scenarios:
Connecting to the same network as the victim
Capturing unencrypted communications
Vulnerabilities:
Lack of user awareness
Use of unsecured public Wi-Fi networks
Controls:
Use VPNS
Avoid public Wi-Fi for sensitive transactions
Deploy Wireless Intrusion Prevention Systems (WIPS)
ie) Packet sniffing on open networks to steal login credentials
Person-in-the-Middle (PiTM)
Attacker intercept and modify communication between two parties
Scenarios:
Payment redirection fraud
DNS server hijacking to redirect users to malicious websites
Vulnerabilities:
Unsecured public Wi-Fi connections
Lack of encryption or weak DNS configurations
Controls:
Use encrypted communication protocols
Harden DNS servers with DNSSEC
Employ VPNs for secure connections
ie) 2020 Twitter Bitcoin scam – attackers intercepted communications to post fake messages
Phishing, Vishing, Smishing
Social engineering attacks to trick users into revealing sensitive information
Types:
Phishing: Emails
Vishing: Voices based phone calls
Smishing: SMS
Vulnerabilities:
Lack of user awareness
Poor email or message filtering
Controls:
Educate users
Implement email filtering and anti-phishing tools
Multi-factor authentication (MFA) to reduce impact
Malware
Malicious software designed to steal data or harm systems
Types:
Adware
Scareware
Spyware
Keyloggers
Vulnerabilities:
Outdated software
Lack of security awareness
Controls:
Antivirus
Conduct regular security awareness training
Restrict software installation privileges
Formjacking
Malicious code injected into web forms to capture financial details
Scinetrios:
Attackers target e-commerce checkout pages
Skimming credit card details during transactions
Vulnerability:
Irregular software updates
Weak web application security
Controls:
Regular malware and anti virus scans
Implement Content Security Policy
Use secure payment gateways
Privilege Escalation Attacks: Overview
Attacker gain elevated access beyond a user’s normal privileges, often exploiting vulnerabilities
Types:
Ransomware
Bot/Botnets
Zero-day exploits
Privilege Escalation Malware
Impact: Unauthorized control of systems, data theft, or operational disruption
Ransomware
Malware that locks users out of systems and demand payment for access
Scinerios:
Malicious software encrypts files or systems
Attackers demand crypto payments
Vulnerability:
Misconfigured system
Lack of user awareness
Outdated software
Controls
Regular backups to secure location
User awareness training
Software updates and patch management
Bot and Botnets
Automated programs performing malicious tasks over the internet
Scenarios:
DDOS attacks
Phishing campaigns/spambots
Vulnerabilities:
Default username and passwords
Not updating device
Conterols:
Enforce strong password policies
Regular software and firmware updates
Network monitoring for unusual activity
Zero-Day exploits
Exploits targeting unknown software vulnerabilities
Scenarios:
Attacker target unpatched software flaw
Phishing Campaigns deliver zero-day exploit
Vulnerability:
Lack of timely software updates
Insufficient monitoring for new threats
Controls:
Regular software patching
Use of intrusion detection systems
Threat intelligence monitoring
Malware
Malware designed to gain unauthorized system control
Types
Viruses: spread by attaching to legit programs
Trojan Horses: Disguised as legit software
Worms: Self replicating malware spreading across networks
Vulnerability:
Lack of user awareness
Poor system configuration
Controls
Deploy endpoint security solutions
Conduct regular security audits
Restrict admin privileges
Service disruption attacks: Overview
Attacks aimed at disabling or disrupting services provided by a victim
Common types:
DoS
DDoS
Critical infrastructure disruption
Impact: Loss of service availability, financial losses, and reputational damage
DOS
Flooding a system or network with traffic to render it unusable
Scenarios:
Single-Source DOS Attacks
DDoS attacks using botnets
Vulnerabilities:
Systems exposed directly to the internet
Limited bandwidth or resources
Controls:
Deploy intrusion detection and prevention systems
Use traffic filtering at the ISP level
Implement load balancing and redundancy
Critical Infrastructure
Attacks targeting essential services like power, water, or healthcare systems
Scenarios;
Exploiting misconfigurations
Social engineering to gain access
Zero-day vulnerability
Emerging Threats
Supply Chain Attacks
Attackers target less secure elements in organizations supply chain to compromise the main target
Scenarios
Compromising third-party software providers
Infiltrating hardware or firmware during manufacturing
Vulnerabilities:
Lack of oversight from third-party vendors
Weak supply chain security practices
Controls:
Conduct security assessments
Implement software bill of materials
Regular audits of supply chain vendors
Cloud-Based Attacks
Exploiting misconfigurations or vulnerabilities in cloud services to gain unauthorized access
Scenarios
Misconfigured cloud storage buckets exposing sensitive data
Credential theft for cloud service accounts
Vulnerability
Poor cloud security configurations
Lack of encryption for data at rest or in transit
Controls:
Use cloud security posture management tools
Enforce encryption for all cloud data
Implement least privilege access controls
IoT-Based Attacks
Exploiting vulnerabilities in the Internet of Things (IoT) devices to launch attacks or gain network access
Scenarios:
Compromising smart devices like camera or thermostats
Using IoT devices as entry points for botnets
Vulnerability:
Default credential on IoT devices
Lack of regular firmware updates
Controls:
Change default credentials on IoT devices
Segment IoT devices on separate networks
Regularly update IoT device firmware
Cloud Computing
Definition: On-demand access to shared computing resources over the internet with rapid elasticity and measured usage
Why it matters
Expands the attack surface
Identity is the new perimeter
Logging and monitoring are essential
Key Characteristic
On-demand self-service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
Automation & APIs
Models Overview
IaaS: Infrastructure as a Service
You manage: OS, network settings, IAM, data
Provider Manages: Hardware, virtualization
Examples: AWS EC2, Azure VM, Google Compute Engine
Security: Patching, encryption, least privilege access
PaaS: Platform as a service
You manage: App code, access, data
Provider manages: OS, runtime, scaling
Examples: AWS Lambda, Azure App Service, Google App Engine
Security: Secure coding, secrets management, role-based access
SaaS: Software as a service
You manage: User access, data sharing, policies
Provider manages: Full application stack
Examples: Google Workplace, Microsoft 365, Salesforce
Security: MFA, DLP, Audit Logs, Vendor risk assessment
Cloud Deployment Models\
Public CLoud
Private Cloud
Hybrid Cloud
Community Cloud
Multi-Cloud
Shared Responsibility Model
Key Idea: Provider secures the cloud; customers secure what they put in the cloud
Provider: Physical security, infrastructure, many patches
Customer: Identity, data, configurations, compliance
Common Cloud Security Risks
Misconfigured storage buckets
Weak identity and access controls
Lack of encryption
Poor logging and monitoring
Controls: Strong IAM, encryption, monitoring, audits
Cloud Security Incidents
Capital One Breach (2019): Misconfigured AWS firewall exposed customer data
Accenture (2021): Exposed cloud storage with sensitive files
Verizon(2017): 14M customer accounts leaked from open S3 bucket
Week 4
Network Defence Fundamentals
Network security uses defense in depth
Firewalls = first line of defense; IPS = deeper inspection/prevention
These tools operate at different network layers
The OSI Model
Physical – bits, cabling, signals
Data Link – Ethernet, MAC addresses
Network – IP Addressing, routing
Transport – TCP/UDP, segmentation
Sessions – managing connections
Presentations – data formats, encryption
Application – user-end services (HTTP, SMTP)
TCP/IP Model
Network Access – LAN/WAN, ethernet, wi-fi
Internet – IP addressing, routing
Transport – TCP/UDP
Applications – protocols like HTTP, DNS, SMPT
Firewalls
A network security device that:
Monitors and filters incoming/outoging network traffic
Enforces access control policies
Acts like a gatekeeper between trusted and untrusted networks
Evolution
Packet FIltering (1st gen) – simple allow/deny rules
Stateful Inspection (2nd gen) – tracks active connections
Application-Layer/Proxy (3rd gen) – inspects HTTP, SMTP traffic
Next-Generation Firewalls (NGFW) – combine firewall + IPS + content filtering
Packet Filtering Firewalls
Rules defined by source/destination IP, port, protocol
Strength: Simple, fast, low resource usage
Weaknesses: No awareness of connection state, Vulnerable to spoofing
Stateful Inspection Firewalls
Maintain connection tables to track active sessions
Allow packets only if part of an established, valid session
Provides better protection against spoofed packets
Application Layer Firewalls
Acts as a proxy for applications
Can filter based on application content
Detects attacks between hidden in application-layer traffic
Next Generation Firewalls
Integrate multiple functions:
Traditional firewalls + Intrusion Prevention (IPS)
Deep packet inspection
URL filtering, malware sandboxing
Widely used in enterprises today
Firewalls Rules and Policies
Rules specify/deny actions
ie) ip tables
Case Study: Equifax Breach (2017)
Attack Vector: unpatched web app vulnerability
WAF (Web Application Firewall) misconfigured -> failed to block exploit
Sensitive data (SSN, credit reports) of 143M+ people exposed
Strengths and Limitations
Strengths
Control inbound/outbound traffic
Enforce segmentation between networks
Limitation
Cannot stop insider threats
Encrypted traffic limits visibility
Human error in configuration = biggest risk
Intrusion Detection vs Prevention
IDS (detection): Monitors and alerts but does not block
IPS (prevention): Inline, can drop/block malicious traffic
Detection Techniques
Signature-Based: Matches known attack patterns
Anomaly Based: Detects Deviations from normal traffic
Hybrid: Combines both approaches
Techniques in Practice
Deep Packet Inspection (DPI)
Rate limiting suspicious connections
Blocking known malicious IPs/domains
Integration with SIEM for automated responses
Analogy: IDS = Security camera, IPS = Security Guard
Case Study: Log4Shell (2021
Zero-day exploit in Apache Log4j logging library
IPS vendors quickly deployed signature to block attempts
Showcases importance of timely IPs signature updates
Open Source IPS Tools
Snort – signature based, widely used
Suricata – multi-threaded, supports IDS/IPS modes
Bro/Zeek – focuses on traffic analysis/forensics
Firewalls and IPS Together
Firewalls filter based on rules
IPS prevents exploitation of vulnerabilities
Combined → Layered defense: perimeter + deep inspection
AWS WAF, Azure firewall, google cloud armor
Protect cloud-hosted apps from DDoS, SQL injection, XSS
Cloud IPS integrates with auto-scaling and orchestration
Zero Trust and Network Security
Traditional firewalls = perimeter-based defense
Zero Trust = verify every request. Least privilege
Microsegmentation → firewalls and IPS applied at every workload
Future Trends
AI/ML driven detention
TLS 1.3 challenges for traffic inspection
IoT-specific firewall for smart devices
Cloud native firewalling in containers
Practice Questions
Short Answer
Cybersecurity is the layer of defense of individuals on the internet– either they are being protected from harm from web pages or they are being defended from being harmed from other users
Qantas Data Breach: 5.7 million customers had personal data like names, phone numbers, addresses, and emails exposed
Phishing is email scams; Vishing is voice call; Smishing is SMS scams
Dark Web activities are easy to lose and go under the radar; a lot of it goes untracked.
Rootkit, deep access to a users computer; its dangerous because once a hacker has access to it, it's next to impossible to remove them
Canada Anti Spam Legislation, users must register for SMS from a company decreasing probable scam and harm to a Canadian citizen from a hacker
Botnet is an automated process of ways to attack someone; DDoS attacks is a type of attack that uses Botnets
2FA adds a layer of security because you need human verification to allow a sign in
VPN is used to hide your IP address and not allow hackers to easily access your computer account
Desjardins Data Breach shows that outside threats aren’t the only threat; insiders can cause just as much harm
Zero-day exploit is when hackers abuse unpatched bugs in a system off of first day to gain access
Cloud Misconfiguration creates gap in security allowing hackers to exploit these for easy access
Advantage of firewalls: Stops outsider threats;. Disadvantage of firewalls: doesn’t stop insider threats
IDS spots the threat, IPS stops the threat
Insider Threats are risky because they are hard to trace and have easier access to do harm
It locks away a users personal information and puts it behind a paywall of unfair prices
Social engineering; people are easily deceived and scammed because some people are naturally stupid
Long Answer Questions
Capital One BRach
Cause:Misconfigured firewall caused a breach
Impact:compromised people's personal financial and user data
Lessons Learn:Need better cloud security to not allow leaks like this
Ransomware locks user data behind a paywall involving crypto usually
Educate people on how to avoid getting these viruses
Make sure you have software updates for up to date protection
Paying attention; be more aware of what's on your computer like keyloggers