Businesses have different types of assets. These can be land and building facilities, people, equipment and data. Of these, data is perhaps the most valuable of its assets. This is because it affects not only your business, but also your employees, your customers, suppliers and shareholders. It can be quite hard to figure out how to protect all this data and what are the kind of threats to protect it from. So, in this lecture, we're going to see what are the key characteristics of secure communication and what are the common types of cybersecurity attacks and threats. When we talk about cyber security, we are referring to technologies that allow any two computers on the Internet to exchange messages securely over an inherently non-secure physical medium that can be susceptible to attackers. Some of the desirable characteristics of secure communications include confidentiality, that is only the sender, and the intended receiver should be able to understand the content of these messages. Because there may be eavesdroppers or sniffles we're intercepting these messages, we want use encryption techniques to scramble and disguise our data. Another characteristic is integrity of the messages. Both the senders and receivers want to be sure that the content of their message or files that they're sending are not altered during transmission, either accidentally or intentionally. That is why we have digital signatures and certificates to prove the message non-repudiation and message integrity. The third one is authentication. Both the sender and the receiver should be able to confirm the identity of each other. That is they are indeed who they are claiming to be. This is easy to enforce in face-to-face conversations, but it becomes really challenging when it comes to the Internet, where the conversations are to be done remotely over a network. Availability is another consideration. Over the past few years we have witnessed many such cyber attacks that have rendered part of the networks and its resources completely unavailable to legitimate users. Protecting the Internet and the organization's network with firewalls and other software-based solutions is required to filter out malicious traffic, and detection of malicious information using intrusion detection systems that allow us to monitor the health of the network and detect malicious traffic is also a key requirement. Cyber security measures are intended to address all these above requirements. Security threats can arise from many different sources. These can be inadvertent acts that are caused by human errors and deviations in the quality of service agreements that the providers have. This can also be deliberate acts which include espionage, extortion, sabotage and information theft. Forces of nature including floods, fires, earthquakes can also disrupt the availability and reliability of our networks. Technical failures like hardware malfunction and software bugs also pose a security risk. Lastly, management failures to cope with technological obsolescence can also threaten the security of an organization. In the next few lectures, we are going to learn about various types of cyber attacks. This include malicious programs like viruses, worms, Trojan horse, bots and SQL injection. Software vulnerabilities also pose a great risk. Badly written softwares can allow hackers to open up a backdoor channel to gain administrative control and access to a machine. We are also going to see how hackers can use specialized softwares in order to crack user passwords. Another type of attack that we are going to look at are identity-based attacks. These include eavesdropping and impersonation. We are going to see what are sniffing, spoofing and man in the middle attacks. The fourth type of attack are denial of service attack. These are attacks in which a target network or a computer is overwhelmed with false requests and thereby making it unavailable to genuine and legitimate user traffic. These are called denial of service attacks. Another way in which information gets disclosed is social engineering. Social engineering presents a variety of non-technical ways in which information is leaked. These include using social skills to convince people to reveal their access credentials, login information and other valuable information. It often involves posing as someone higher up in the organizational hierarchy or someone from the IT to lend you a hand. Many online scams also use social engineering. The most popular ones that we're going to see in these lectures are phishing and baiting. So, now let's delve deeper into each of these types of attacks, starting with malwares.
