Network and cyber security
Key facts
- 1976: Whitfield Diffie and Martin Hellman published the idea of public-key cryptography, giving the base for asymmetric key exchange.
- 1977: RSA was introduced by Ron Rivest, Adi Shamir and Leonard Adleman, becoming a standard public-key method for encryption and digital signatures.
- 1995: SSL 2.0 was released by Netscape, beginning the practical use of encrypted web communication that later evolved into TLS.
- 2000: India's Information Technology Act gave legal recognition to electronic records and digital signatures.
- 2004: CERT-In became the national computer emergency response body for cyber incident coordination in India.
Key Points at a Glance
- 1
1976: Whitfield Diffie and Martin Hellman published the idea of public-key cryptography, giving the base for asymmetric key exchange.
- 2
1977: RSA was introduced by Ron Rivest, Adi Shamir and Leonard Adleman, becoming a standard public-key method for encryption and digital signatures.
- 3
1995: SSL 2.0 was released by Netscape, beginning the practical use of encrypted web communication that later evolved into TLS.
- 4
2000: India's Information Technology Act gave legal recognition to electronic records and digital signatures.
- 5
2004: CERT-In became the national computer emergency response body for cyber incident coordination in India.
- 6
2008: The Information Technology Amendment Act strengthened provisions on cyber offences, intermediary duties and electronic signatures.
- 7
2015: In Shreya Singhal v. Union of India, the Supreme Court struck down Section 66A of the IT Act for violating free speech.
- 8
2023: The Digital Personal Data Protection Act created a statutory framework for personal data processing and data principal rights in India.
Continue studying
Security Goals and Network Threat Model
Cyber security protects information systems, networks, devices and data from unauthorised access, misuse, disruption, alteration or destruction. Network security focuses on traffic, hosts, users, protocols and devices connected through LANs, WANs or the internet. For objective exams, the starting point is the CIA triad: confidentiality, integrity and availability. Confidentiality keeps data secret from unauthorised users, integrity keeps data accurate and unaltered, and availability keeps systems usable when needed. A fee-payment portal, result server or school network fails security if any one of these three goals is broken.
Security controls are usually grouped as preventive, detective and corrective controls. Preventive controls include authentication, access control, encryption and secure configuration. Detective controls include logging, intrusion detection, antivirus alerts and audit trails. Corrective controls include backup restoration, patching after compromise and incident response. The attack surface is the set of points through which an attacker can enter or affect a system: open ports, weak passwords, outdated software, exposed APIs, removable media and social engineering channels. Threat is a possible danger, vulnerability is a weakness, exploit is a method of using that weakness, and risk combines likelihood with impact.
Exam cue: confidentiality asks "who can see it", integrity asks "who can change it", and availability asks "can authorised users still use it".
Open the complete note
This public page shows the first available section. The study pack opens the complete topic with all revision material.
7 more sections in the complete note
Open study pack