Chapter 1 – Basic principles and motivation

The Internet is just another medium in the real world. And just like the real world, there are good and bad people. Since the prefix “cyber” is often used in the Internet world, we may see terms like cyber crook or cyber criminal for the bad ones.

It is necessary to defend ourselves against these cyber criminals, and this series of educational materials aims to show the reader that anyone can master the fundamentals of cybersecurity.

1. Introduction

The Internet is just another medium that people use, just like the real world, where we move around on land, water, etc. Each environment is slightly different, but they have one thing in common – there are people in them. You can meet relatives, friends, decent and rude people, and various scammers and criminals in all the mentioned environments. In the Internet environment, it is common to add the prefix “cyber” to everything, which is why you can encounter, for example, the terms cyber crook or cyber criminal.

Normally, we protect ourselves from regular criminals and scammers by locking our homes, having police forces, avoiding visiting dubious sites, etc. So we should protect ourselves against cyber criminals in the same way – the basics of cyber self-defence or cybersecurity are not difficult and can be mastered by anyone. Let’s start by looking at the basic principles of (cyber)security.

2. Basic principles

In the cyber world, everything revolves around information, which is also sometimes referred to as data, so it is certainly not surprising that cybersecurity is concerned with ensuring the availability, confidentiality and integrity of this data. Data availability is defined as a situation where data is available at all times. Confidentiality ensures that this data is only accessible to those systems or persons who either own it or are entitled to it (either by virtue of their personal or professional status). Finally, integrity indicates whether the data is unchanged or undamaged.

Cybersecurity is not the only area where the weakest link principle applies, which is named after the well-known fact that a chain is only as strong as its weakest link (which, as is known, breaks first). It describes that a (cyber)attacker can choose which path to take to reach his/her goal. The defender must simultaneously protect all paths to prevent the attacker from achieving his/her goal because attackers always choose the easiest one. In the case of cybersecurity, the individual links in the chain can be technical measures such as antivirus programs, firewalls (more on this in the following chapters), or the users themselves.

Example of the weakest link principle in IT

An attacker’s plan to obtain confidential information in an information system to which the user has access:

1. Obtaining information from the user by manipulative questions.

Obtaining the user’s password by phishing.

3. Reading information from an abandoned computer where the user is logged in.

4. Taking control (“hacking”) of the information system.

The attacker would only need to implement any of the plans outlined above to obtain the information.

If we want to prevent an attacker from carrying out an attack and we put one obstacle in his/her way, there is a certain chance that he/she will overcome it. However, if he/she has to overcome more obstacles gradually, the attack becomes more complicated, and the chance of success decreases. This principle is called multi-layer defence. The architects of medieval castles provide a good example of the situation. Not only is a wall used, but also a moat in front of it, and at critical points other walls are visible – so the attacker has to overcome all obstacles on the given path.

Example of multi-layer defence in IT

The simultaneous use of multiple methods to prevent a virus in an email attachment to spread:

1. Antivirus scanning on the mail server removes infected attachments.

2. An informed user will not open a suspicious attachment at all.

3. An antivirus program running on the workstation (usually from a different manufacturer than the one on the mail server) blocks attempts to infect the device with a virus.

A virus travelling via email has a hard time – if at least one of the above measures is taken, it will fail to infect the target computer.

3. The price of security

Nothing is free in the world, so security measures always cost something (money, time, specific actions required, adaptation, education, etc.). However, the price must be compared with what these measures protect (for example, know-how, work results, money, prestige). When determining the level of cybersecurity, all aspects must be taken into account, so the result is a compromise between the costs necessary for its deployment and use, the level of risk, and the possible consequences of an attack.

Example of a compromise in security measures

If we have thousands of crowns in cash at home, buying a safe that costs several tens of thousands makes no sense. However, if we are talking about family gold worth hundreds of thousands or millions, a safe for that amount is certainly worthwhile.

Unfortunately, people usually perceive (cyber)security measures as unnecessary. The reason is that if the measures are well put in place, they work as required and prevent problems from occurring without any outward signs. People often think that investing in security is a waste of money – the fact is that (cyber)security measures themselves never earn anything. Still, they can save a lot of money in case of problems. In our private lives, we usually make our own decisions about security and take responsibility for our choices. However, when we are part of a larger whole, an organisation, where a wrong decision can affect many other people and can even have impact on the entire organisation, the decision is rightly entrusted to experts. Other employees then have to accept the results of their analysis and submit to the organisation’s needs, which may conflict with their view of the matter.

For example, in non-despotic organisations, we often see discussions about typical issues such as:

restricting access to certain websites,
limiting access to certain services from the Internet (SSH, RDP, etc.),
limiting the password expiration date,
using a defined password complexity.

However, the needs of the organisation as a whole are more important than the needs of individuals, and this must be accepted.

4. Prevention

Not only in IT, but in life in general, it is better to prevent problems than to fix them, which is why we lock our apartments, houses, cars, look around before crossing the road, etc. Preventing problems is simply cheaper than fixing them. Appropriate preventive measures can reduce the likelihood of a problem occurring or reduce the impact of an incident. For problems that cannot be effectively prevented, or that would have a large impact but are unlikely to occur, insurance is the appropriate solution, transferring the risk to someone else.

Example of IT prevention

Ransomware is malicious code that spreads through various means (email, portable storage devices). When triggered, it encrypts files, rendering them unusable. After encryption, an information page is usually displayed with instructions to pay the ransom. We can protect ourselves against this type of attack by:

Backing up – when files are encrypted, we restore them from backup (reducing the impact).

Technical means – preventing the malicious code from triggering (reducing the likelihood of occurrence).

Insurance – paying the ransom from an insurance claim (transfer of liability).

These measures can of course be combined.

People, i.e. the users, play a crucial role in prevention, as their knowledge and ability to react correctly can help avoid many problems. User education should not be neglected – in many cases, users are the only obstacle or, in the case of multi-layer defence, the only reliable obstacle. On the contrary, an untrained user can easily become the weakest link.

5. Troubleshooting

Even with the best prevention, problems can arise from time to time, and you need to be prepared. Ideally, it is advisable to have emergency plans for likely types of issues, which you can prepare and use in a crisis situation.

In everyday life, this might include instructions on what to do in the event of a traffic accident or a water or gas outage. Contact information for emergency services is often posted on bulletin boards in apartment buildings. For IT users, the most important information is the contact details for their user support. So what should you do in the event of an IT emergency?

Stay calm, don’t hide information, cooperate.
Contact someone who can help you (friends, colleagues, local IT administrator, user support – HelpDesk).
Always give as much information as possible; especially important information is:
- How the emergency manifests itself (files disappear, files are unreadable, the computer is significantly slowed down, account is being misused, etc.).
- What preceded it (receiving a suspicious email, a suspicious phone call, using a found USB drive, etc.).
- How the incident happened (opening an attachment from a suspicious email, filling in login details for a suspicious website, etc.).
- Exact or approximate time
  - When you turned on the computer
  - When you logged in
  - When you received the email
  - When you opened the attachment
  - When you noticed the problem
Follow the recommendations of experts (turn off the PC, change your password, etc.).
Ask questions.
Learn a lesson and avoid the same problem occuring in the future.

Although everything that has happened may have unpleasant consequences, it is always necessary to analyse the situation, learn lessons from it, and implement corrective measures to avoid repeating the same mistakes unnecessarily. IT department employees also proceed in precisely the same way when managing the IT environment. Based on reported problems, they are constantly making improvements to mitigate the impact of the incident next time or even prevent it altogether.

Learning from your own mistakes is necessary but often painful, so it is much more enjoyable and fun to learn from the mistakes of others. Therefore, attending appropriate training courses, lectures or reading recommendations from people who have already experienced mistakes is not a waste of time. This series of educational documents is just such a suitable training. In the following nine chapters, you will gain knowledge about security from various areas of the IT world that will enable you to avoid the vast majority of problems in cyberspace.

6. Summary

In the introductory chapter, you have learned about the generally applicable principles that will be used in later chapters of this training course.

First and foremost, cybersecurity seeks to ensure the availability, confidentiality and integrity of data in cyberspace and uses various approaches to do so. Of the general principles, you should remember two key principles in particular – the principle of the weakest link and multi-layer defence that are not only applicable to cybersecurity.

You also already know that security always costs money and never makes money, but it can save a lot when problems do occur. Given that it is more effective to prevent problems than to fix them later, it is essential to focus on prevention – the selection of measures is based on considering the imminent risks, and the aim is to reduce the probability of their occurrence or reduce the resulting impacts. However, measures cannot always be 100% effective, so you need to know how to respond to problems when they occur.

Virtual tour

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
mdocs-f23d4887cc59eaf5d74998a5389151af	session	This cookie is associated with the site's document system and is used to store information needed to manage and display documents.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
pll_language	1 year	The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
qtrans_front_language	1 year	This cookie is set by qTranslate WordPress plugin. The cookie is used to manage the preferred language of the visitor.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_1HP1PTTJR4	2 years	The _ga_1HP1PTTJR4 cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat	1 minute	Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
sid	1 month	The sid cookie contains digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	13 months	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	13 months	This cookie is set by Microsoft to recognise unique web browsers that visit its websites. It is used for personalised advertising, web analytics and other operations.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by Google and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Univerzita Tomáše Bati ve Zlíně