Cs Unit-1
Cs Unit-1
Cs Unit-1
Cyber Security is referred to the security offered through online services to protect the online
information.
With an increasing amount of people getting connected to the Internet, the security threats are also
massively increasing.
Cyber Security:
It is the body of technologies, processes and practices designed to protect networks, devices,
programs and data from attack, theft, damage, modification or unauthorized access. It is also called as
Information Technology Security.
OR
Cyber Security is the setoff principles and practices designed to protect the computing resources
and online information against threats.
Understanding Cyber Security:
Maintenance:
Install a security suite that protects the computer against threats such as viruses and worms. (eg.,
Antivirus)
Hackers:
A hacker is a person who uses computers to gain unauthorized access to data.
Types of Hackers:
• Black Hat Hackers: (Unethical Hacker or Security Cracker)
These people hack the system illegally to steal money or to achieve their own illegal goals.
They find the banks or organization with weak security and steal money or credit card
information, they can also modify or destroy confidential data.
• White Hat Hackers: (Ethical Hacker or Penetration Tester)
These people use the same technique used by the black hat hackers, but they can only hack
the system that they have permission to hack inorder to test the security of the system.
They focus on securing and protecting IT System. White Hat Hacker is legal.
• Grey Hat Hackers:
Grey Hat Hackers are hybrid of Black hat hackers & White hat hackers
They can hack any system even if they don’t have permission to test the security of the
system but they will never steal money or damage the system.
Maintenance:
It may be impossible to prevent computer hacking, however effective security controls including
strong passwords and the use of firewalls.
Maintenance:
Download an anti-malware program that also helps prevent infection. Activate network protection
firewall, antivirus.
Trojan Horse:
Trojan horse are email viruses that can duplicate themselves, steal information or harm the computer
system. These viruses are the most serious threats to computers.
Maintenance:
Security suits such as Avast Internet Security, which will prevent from downloading Trojan Horses.
Password Cracking:
Password attacks are attacks by hackers that are able to determine passwords or find passwords to
different protected electronic areas and social network sites.
Maintenance:
Use always strong password. Never use same password for two different sites.
CYBER SECURITY Page 5
LAYERS OF SECURITY
The 7 layers of cyber security should center on the mission critical assests.
Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt
threat actors to exploit them.
SQL injections,
Server misconfigurations,
Cross-site scripting, and
Transmitting sensitive data in a non- encrypted plain text format.
Computer Criminals:
Computer crimes have quickly become on of the fastest rising forms of modern crime. According to
cyber experts, approx., 1 million potential cyber attacks are attempted per day.
Types of Cyber Criminals:
Cyber criminals are also known as hackers. Hackers are extremely difficult to identify on both
individual and group level, due to their various security measures.
Cyber Security expert assert that Cyber Criminals are using more ruthless methods to achieve their
objectives and the proficiency of attacks are expected to advance as they continue to develop new
methods of cyber attacks.
Identity Thieves:
Identity thieves are cyber criminals who try to gain access to their victim’s personal
information. They use their information to make financial transaction while impersonating their
victims. Identity theft is one of the oldest cyber crime.
Phishing Scammers:
Phishing are cyber criminals who attempt to get hold of personal or sensitive information
through victim’s computer.
This is often done via phishing websites that are designed to copycat small business,
corporate or government websites.
Once such information is obtained, phishers either use the information themselves for
identity fraud scams or sell it in the dark web.
Cyber Terrorists:
Cyber Terrorism is a well-developed politically inspired cyber attack in which the cyber
criminal attempts to steal data or corrupt corporate or Government computer systems and networks
resulting in harm to countries, business, organizations and even individuals.
The key difference between an act of cyber terrorism and a regular cyber attack is that
within an attack of cyber terrorism, hackers are politically motivated as opposed to just seeking
financial gain.
CIA Triad
The CIA Triad is actually a security model that has been developed to help people think about
various parts of IT security.
CIA triad broken down:
Confidentiality:
Protecting confidentiality is dependent on being able to define and enforce certain access levels for
information. This process involves separating information into various collections that are
organized by authorized user, who needs to access the information and how sensitive that
information actually is - i.e. the amount of damage suffered if the confidentiality was breached.
Integrity
This is an essential component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an authorized person makes a
change that should not have been made the damage can be reversed.
CYBER SECURITY Page 8
Standard measures to guarantee Integrity include:
Cryptography checksums
Using file permissions
Uninterrupted power supplies
Data backups.
Availability
This is the final component of the CIA Triad and refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.
For example: An employee’s desktop computer, laptop or company phone would be considered
an asset, as would applications on those devices. Likewise, critical infrastructure, such as
servers and support systems, are assets. An organization’s most common assets are information
assets. These are things such as databases and physical files – i.e. the sensitive data that you
store
A threat is any incident that could negatively affect an asset – for example, if it’s lost, knocked
offline or accessed by an unauthorized party.
Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.
Motive of Attackers
The categories of cyber-attackers enable us to better understand the attackers' motivations and
the actions they take. As shown in Figure, operational cyber security risks arise from three
types of actions:
i) inadvertent actions (generally by insiders) that are taken without malicious or harmful
intent;
ii) deliberate actions (by insiders or outsiders) that are taken intentionally and are meant
to do harm; and
iii) inaction (generally by insiders), such as a failure to act in a given situation, either
because of a lack of appropriate skills, knowledge, guidance, or availability of the
CYBER SECURITY Page 9
correct person to take action
Of primary concern here are deliberate actions, of which there are three categories of
motivation.
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to
the attackers computer or any other computer. The DNS spoofing attacks can go on for a long
period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have access
to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
2. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.
4. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.
5. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
6. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they receive
specific input. Common examples of bots program are the crawler, chatroom bots, and
malicious bots.
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.
Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.
Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.
Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.
In a denial of service (DoS) attack, users are deprived of access to a network or web resource.
This is generally accomplished by overwhelming the target with more traffic than it can handle.
Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but can
be carried out with relative ease, particularly if the traffic is not encrypted.
Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved by the attacker.
Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain information
or succeed in unencrypting the traffic.
Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:
Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.
Hardware Attacks:
Common hardware attacks include:
Security Policies:
Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with
rules and guidelines related to the security of information.
A security policy also considered to be a "living document" which means that the document is
never finished, but it is continuously updated as requirements of the technology and employee
changes.
We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our specific
environment.
1) It increases efficiency.
Firewall Policy:
• It blocks the unauthorized users from accessing the systems and networks that connect
to the Internet.
• It detects the attacks by cybercriminals and removes the unwanted sources of network
traffic.
• This policy automatically detects and blocks the network attacks and browser attacks.
• It also protects applications from vulnerabilities and checks the contents of one or
more data packages and detects malware which is coming through legal ways.
• This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system.
• The device control policy applies to both Windows and Mac computers whereas
application control policy can be applied only to Windows clients.