MODULE 1 AND 2

AVINASH KUMAR
WHAT IS CYBER SECURITY?

• "Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including computer
network operations, information assurance, law enforcement, etc."
• OR
• Cyber security is the body of technologies, processes, and practices designed to protect networks,
computers, programs and data from attack, damage or unauthorized access.
•  The term cyber security refers to techniques and practices designed to protect digital data.
•  The data that is stored, transmitted or used on an information system
WHAT IS CYBER SECURITY?

• Cyber security is the protection of Internet-connected systems, including

hardware, software, and data from cyber attacks.
• It is made up of two words one is cyber and other is security.
•  Cyber is related to the technology which contains systems, network and
programs or data.
•  Whereas security related to the protection which includes systems security,
network security and application and information security.
WHY IS CYBER SECURITY IMPORTANT?

• Cyber attacks can be extremely expensive for businesses to endure.

• In addition to financial damage suffered by the business, a data breach can
also inflict untold reputational damage.
• Cyber-attacks these days are becoming progressively destructive.
Cybercriminals are using more sophisticated ways to initiate cyber attacks.
WHY IS CYBER SECURITY IMPORTANT?

• Regulations such as GDPR are forcing organizations into taking better care
of the personal data they hold.
• Because of the above reasons, cyber security has become an important part of
the business and the focus now is on developing appropriate response plans
that minimize the damage in the event of a cyber attack.
• But, an organization or an individual can develop a proper response plan only
when he has a good grip on cyber security fundamentals.
SECURITY TRIADS

• CIA
• Confidentiality is about preventing the disclosure of data to unauthorized parties
• It also means trying to keep the identity of authorized parties involved in sharing and holding data private and
anonymous.
• Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle (MITM) attacks,
disclosing sensitive data.
• Standard measures to establish confidentiality include:
• Data encryption and Hashing ( Higher ) key used for encryption
• Two-factor authentication – Multi-Factor
• Biometric verification – Retina Scanning – Face Recognition
• Security tokens – OTP , RSA Token , API Token
HASHING***

1. Hashing is irreversible function

2. It is unique identity
3. Hash Collison– higher version of hashing algorithm came into picture
INTEGRITY

• Integrity refers to protecting information from being modified by

unauthorized parties. Standard measures to guarantee integrity include
• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
• Data backups
AVAILABILITY

• Availability is making sure that authorized parties are able to access the information when
needed.
• Standard measures to guarantee availability include:
• Backing up data to external drives
• Implementing firewalls – Proxy– vpns- NATting– Load Balancer, DNS Forwarding, WAF,
IDPS (IPS/IDS)
• Having backup power supplies
• Data redundancy
TYPES OF CYBER ATTACKS

• A cyber-attack is an exploitation of computer systems and networks. It uses

malicious code to alter computer code, logic or data and lead to cybercrimes,
such as information and identity theft.
• Cyber-attacks can be classified into the following categories:
1) Web-based attacks
2) System-based attacks
WEB-BASED ATTACKS
These are the attacks which occur on a website or web applications. Some of the important web-based attacks
are as follows-
• 1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and
fetch the required information.
• Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
• DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's
cache causing the name server to return an incorrect IP address, diverting traffic to the attackers computer
or any other computer. The DNS spoofing attacks can go on for a long period of time without being
detected and can cause serious security issues.
WEB-BASED ATTACKS

• 3. Session Hijacking
• It is a security attack on a user session over a protected network. Web applications
create cookies to store the state and user sessions. By stealing the cookies, an
attacker can have access to all of the user data.
• 4. Phishing
• Phishing is a type of attack which attempts to steal sensitive information like user
login credentials and credit card number. It occurs when an attacker is masquerading
as a trustworthy entity in electronic communication.
WEB-BASED ATTACKS

• 5. Brute force
• It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
• 6. Denial of Service
• It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-
6. DENIAL OF SERVICE

• It can be classified into the following-

6.1Volume-based attacks- Its goal is to saturate the bandwidth of the attacked
site, and is measured in bit per second.
6.2Protocol attacks- It consumes actual server resources, and is measured in a
packet.
6.3 Application layer attacks- Its goal is to crash the web server and is
measured in request per second.
WEB-BASED ATTACKS

• 7. Dictionary attacks
• This type of attack stored the list of a commonly used password and validated them to get original password.
• 8. URL Interpretation
• It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver web
pages for which he is not authorized to browse.
• 9. File Inclusion attacks
• It is a type of attack that allows an attacker to access unauthorized or essential files which is available on the web
server or to execute malicious files on the web server by making use of the include functionality.
• winint
• 10. Man in the middle attacks
• It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge
between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted connection.
SYSTEM-BASED ATTACKS

• These are the attacks which are intended to compromise a computer or a

computer network. Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer
files without the knowledge of a user. It is a self-replicating malicious computer
program that replicates by inserting copies of itself into other computer programs
when executed. It can also execute instructions that cause harm to the system.
LIFE CYCLE OF VIRUS
LIFE CYCLE OF VIRUS

• 1) Dormant

• Viruses typically don’t self-replicate or otherwise cause harm upon infection.

Rather, they remain dormant. The first phase in a virus’s infection cycle is the
dormant phase. The virus won’t self-replicate, nor will it delete, capture or
modify data on the infected computer. The dormant phase lives up to its
namesake by keeping the virus dormant and inactive.
LIFE CYCLE OF VIRUS

• 2) Propogation
• Following the dormant phase is the propagation phase. The propagation phase is when the
virus self-replicates. All viruses self-replicate. Self-replication, in fact, is what distinguishes
viruses from other types of malware. During the propagation phase, viruses will create copies
of their malicious code, which they’ll store on other parts of the infected computer’s disk drive.
• The propagation phase may include a process known as morphing. Some viruses morph as they
self-replicate. Morphing means that the virus doesn’t create an exact copy of itself when self-
replicating. Rather, the virus changes its code. Morphing is designed to make viruses harder to
detect. If a virus morphs, it will typically do so during the propagation phase.
LIFE CYCLE OF VIRUS

• 3) Trigger
• The third phase in a virus’s infection cycle is the trigger phase. The trigger phase involves
activation. Viruses aren’t considered active until they enter the trigger phase. Upon entering
the trigger phase, viruses will initiate their malicious activities.
• Viruses can be programmed to activate in response to different triggers. A trigger might be a
minimum of self-replications, such as 100. Once the virus has self-replicated 100 times, it will
enter the trigger phase. Alternatively, the trigger may consist of the passage of time, such as 48
hours. After 48 hours have passed, the virus will enter the trigger phase. Regardless, viruses
have a trigger that causes them to activate and, thus, initiate their malicious activities.
LIFE CYCLE OF VIRUS

• 4) Execution
• The fourth and final phase of a virus’s infection is the execution phase. The
execution phase involves the release of a payload. Viruses have a payload.
The payload is the malicious code that’s designed to harm or otherwise
negatively affect the targeted computer. Some payloads can delete data.
Others can cause unwanted pop-ups or advertisements.
SYSTEM-BASED ATTACKS

2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.
SYSTEM-BASED ATTACKS

4. Backdoors
• It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
5. Bots
• A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they receive
specific input. Common examples of bots program are the crawler, chatroom bots, and
malicious bots.
THE 7 LAYERS OF CYBER SECURITY SHOULD
CENTRE ON THE MISSION CRITICAL ASSETS
YOU ARE SEEKING TO PROTECT.
• 1: Mission Critical Assets – This is the data you need to protect
• 2: Data Security – Data security controls protect the storage and transfer of data.
• 3: Application Security – Applications security controls protect access to an application, an application’s access
to your mission critical assets, and the internal security of the application.
• 4: Endpoint Security – Endpoint security controls protect the connection between devices and the network.
• 5: Network Security – Network security controls protect an organization’s network and prevent unauthorized
access of the network.
• 6: Perimeter Security – Perimeter security controls include both the physical and digital security methodologies
that protect the business overall.
• 7: The Human Layer – Humans are the weakest link in any cyber security posture. Human security controls
include phishing simulations and access management controls that protect mission critical assets from a wide
variety of human threats, including cyber criminals, malicious insiders, and negligent users.
VULNERABILITY, THREAT, HARMFUL
ACTS
• As the recent epidemic of data breaches illustrates, no system is immune to attacks. Any company that
manages, transmits, stores, or otherwise handles data has to institute and enforce mechanisms to monitor
their cyber environment, identify vulnerabilities, and close up security holes as quickly as possible.
• Before identifying specific dangers to modern data systems, it is crucial to understand the distinction
between cyber threats and vulnerabilities.
• Cyber threats are security incidents or circumstances with the potential to have a negative outcome for
your network or other data management systems.
• Examples of common types of security threats include phishing attacks that result in the installation of
malware that infects your data, failure of a staff member to follow data protection protocols that cause a
data breach, or even a tornado that takes down your company’s data headquarters, disrupting access.
VULNERABILITY, THREAT, HARMFUL
ACTS

Vulnerabilities are the gaps or weaknesses in a system that make threats

possible and tempt threat actors to exploit them.
Types of vulnerabilities in network security include but are not limited to SQL
injections, server misconfigurations, cross-site scripting, and transmitting
sensitive data in a non- encrypted plain text format.
RISK : When threat probability is multiplied by the potential loss that may
result, cyber security experts, refer to this as a risk.
SECURITY VULNERABILITIES, THREATS
AND ATTACKS –

• Categories of vulnerabilities
Corrupted (Loss of integrity)
Leaky (Loss of confidentiality)
Unavailable or very slow (Loss of availability)
SECURITY VULNERABILITIES, THREATS
AND ATTACKS –
• Threats represent potential security harm to an asset when vulnerabilities are exploited
• - Attacks are threats that have been carried out
• Passive – Make use of information from the system without affecting system resources
• Active – Alter system resources or affect operation
• Insider – Initiated by an entity inside the organization (LAN)
• Outsider – Initiated from outside the perimeter (WAN=INTERNET)
ASSETS AND THREAT

• What is an Asset: An asset is any data, device or other component of an

organization’s systems that is valuable – often because it contains sensitive data
or can be used to access such information.
• For example: An employee’s desktop computer, laptop or company phone would
be considered an asset, as would applications on those devices. Likewise, critical
infrastructure, such as servers and support systems, are assets. An organization’s
most common assets are information assets. These are things such as databases
and physical files – i.e. the sensitive data that you store
ASSETS AND THREAT

• What is a threat: A threat is any incident that could negatively affect an asset – for
example, if it’s lost, knocked offline or accessed by an unauthorized party.
• Threats can be categorized as circumstances that compromise the confidentiality,
integrity or availability of an asset, and can either be intentional or accidental.
• Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.
• Note*** Least Privilege to Access Assets
MOTIVE OF ATTACKERS

• The categories of cyber-attackers enable us to better understand the attackers' motivations and the
actions they take. As shown in Figure, operational cyber security risks arise from three types of
actions:
• i) inadvertent actions (generally by insiders) that are taken without malicious or harmful intent; ii)
deliberate actions (by insiders or outsiders) that are taken intentionally and are meant to do harm;
and
• iii) inaction (generally by insiders), such as a failure to act in a given situation, either because of a
lack of appropriate skills, knowledge, guidance, or availability of the correct person to take action Of
primary concern here are deliberate actions, of which there are three categories of motivation.
MOTIVE OF ATTACKERS

• 1. Political motivations: examples include destroying, disrupting, or taking control of targets;

espionage; and making political statements, protests, or retaliatory actions.
• 2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial espionage
and sabotage; and blackmail.
• 3. Socio-cultural motivations: examples include attacks with philosophical, theological,
political, and even humanitarian goals. Socio-cultural motivations also include fun, curiosity,
and a desire for publicity or ego gratification (Hactivism)
MOTIVE OF ATTACKERS
ACTIVE ATTACKS

• Active attacks: An active attack is a network exploit in which a hacker

attempts to make changes to data on the target or data en route to the target.
TYPES OF ACTIVE ATTACKS:

• Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain access or to
gain greater privileges than they are authorized for. A masquerade may be attempted through the use of
stolen login IDs and passwords, through finding security gaps in programs or through bypassing the
authentication mechanism.
• Session replay: In this type of attack, a hacker steals an authorized user’s log in information by
stealing the session ID. The intruder gains access and the ability to do anything the authorized user can
do on the website.
• Message modification: In this attack, an intruder alters packet header addresses to direct a message to
a different destination or modify the data on a target machine.
• In a denial of service (DoS) attack, users are deprived of access to a network or web resource. This is
generally accomplished by overwhelming the target with more traffic than it can handle.
TYPES OF ACTIVE ATTACKS:

• In a distributed denial-of-service (DDoS) exploit, large numbers of compromised

systems (sometimes called a botnet or zombie army) attack a single target.
TYPES OF PASSIVE ATTACKS:

Passive Attacks: Passive attacks are relatively scarce from a classification perspective, but can be carried out with
relative ease, particularly if the traffic is not encrypted.
• Types of Passive attacks:
• Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities. For the attack to be
useful, the traffic must not be encrypted. Any unencrypted information, such as a password sent in response to an
HTTP request, may be retrieved by the attacker.
• Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce information relating
to the exchange and the participating entities, e.g. the form of the exchanged traffic (rate, duration, etc.). In the
cases where encrypted data are used, traffic analysis can also lead to attacks by cryptanalysis, whereby the
attacker may obtain information or succeed in unencrypting the traffic.
• Software Attacks: Malicious code (sometimes called malware) is a type of software designed to take over or
damage a computer user's operating system, without the user's knowledge or approval. It can be very difficult to
remove and very damaging. Common malicious code examples are listed in the following table:
SOFTWARE ATTACKS:

• Virus,
• Worms,
• Trojan Horse
• , Logic Bomb,
• Spyware,
• Adware
• Malware- Locky and Crytpto
• Ransomware,
• Rootkit,
• Bootkit,
PASSIVE ATTACKS:

• Passive Attacks:Passive attacks are relatively scarce from a classification

perspective, but can be carried out with relative ease, particularly if the
traffic is not encrypted.