Cybersecurity Fundamentals

Confidentiality (ensuring data is accessible only to authorized parties), Integrity (ensuring data is accurate and unaltered), and Availability (ensuring systems and data are accessible when needed). Together they form the foundation of information security.

A confidentiality breach means unauthorized parties accessed the data (e.g., a data leak). An integrity breach means the data was altered or tampered with without authorization, even if it wasn't exposed — for example, an attacker modifying financial records.

Even if data remains confidential and unaltered, a system is useless if legitimate users cannot access it when needed. DDoS attacks, ransomware, and hardware failures all target availability, potentially causing significant financial and operational damage.

Phishing uses fraudulent emails or messages to trick victims into revealing sensitive information or clicking malicious links. Spear phishing targets a specific individual or organization with personalized content, making it far more convincing and harder to detect than generic phishing.

SQL injection works by inserting malicious SQL code into input fields (such as login forms) that are passed directly to a database query without proper sanitization. It exploits improper input validation, allowing attackers to read, modify, or delete database contents.

XSS injects malicious scripts into web pages viewed by other users. Stored XSS persists on the server (e.g., in a forum post) and affects every visitor, while reflected XSS is embedded in a URL and only executes when a victim clicks the crafted link.

A DoS attack uses a single source to overwhelm a target with traffic, while a DDoS (Distributed Denial of Service) attack uses many compromised systems (a botnet) simultaneously. DDoS attacks are much harder to mitigate because the traffic comes from thousands of different IP addresses.

In a MITM attack, an attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly. HTTPS encrypts traffic using TLS, making it extremely difficult for an attacker to read or modify the data in transit.

Authentication verifies who a user is (proving identity, e.g., via password or biometrics). Authorization determines what an authenticated user is allowed to do (permissions and access levels). Authentication always comes before authorization.

MFA requires two or more verification factors from different categories: something you know (password), something you have (phone/token), or something you are (biometrics). Even if one factor is compromised, an attacker still cannot access the account without the others.

Symmetric encryption uses a single shared key for both encryption and decryption (fast but requires secure key exchange). Asymmetric encryption uses a public/private key pair where the public key encrypts and the private key decrypts, solving the key distribution problem but being computationally slower.

Hashing is a one-way function that converts data into a fixed-length digest that cannot be reversed to recover the original data. Unlike encryption, hashing has no decryption key — it is used to verify data integrity and securely store passwords, not to protect data for later retrieval.