DIGITAL NOTES

ON
ELEMENTS OF CYBER SECURITY
(BCY402)
 Module 1

Introduction to Cyber Security

Basics cyber security concepts:

Cyber Security is referred to the security offered through online services to protect the online
information.
With an increasing amount of people getting connected to the Internet, the security threats are also
massively increasing.

Cyber Security:
It is the body of technologies, processes and practices designed to protect networks, devices,
programs and data from attack, theft, damage, modification or unauthorized access. It is also called as
Information Technology Security.
OR
Cyber Security is the setoff principles and practices designed to protect the computing resources
and online information against threats.
Understanding Cyber Security:

Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 1

Security Problems & Maintaining Security in Cyber field:

Viruses & Worms:

A virus is a program that is loaded into the computer without user’s knowledge and runs against
the user’s wish.

Maintenance:
Install a security suite that protects the computer against threats such as viruses and worms. (eg.,
Antivirus)

Hackers:
A hacker is a person who uses computers to gain unauthorized access to data.

Types of Hackers:
 Black Hat Hackers: (Unethical Hacker or Security Cracker)
These people hack the system illegally to steal money or to achieve their own illegal goals.
They find the banks or organization with weak security and steal money or credit card
information, they can also modify or destroyconfidential data.
 White Hat Hackers: (Ethical Hacker or Penetration Tester)
These people use the same technique used by the black hat hackers, but they can only hack
the system that they have permission to hack inorder to test the securityof the system.
They focus on securing and protecting IT System. White Hat Hacker is legal.
 Grey Hat Hackers:
Grey Hat Hackers are hybrid of Black hat hackers & White hat hackers
They can hack any system even if they don’t have permission to test the security of the
system but theywill never steal money or damage the system.
Maintenance:
It may be impossible to prevent computer hacking, however effective security controls including
strong passwords and the use of firewalls.

Malware: (MALicious softWARE)

Malware is any software that infects and damages a computer system without the owner’s knowledge
or permission.

Maintenance:
Download an anti-malware program that also helps prevent infection. Activate network protection
firewall, antivirus.

Trojan Horse:
Trojan horse are email viruses that can duplicate themselves, steal information or harm the computer
system. These viruses are the most serious threats to computers.

Maintenance:
Security suits such as Avast Internet Security, which will prevent from downloading Trojan Horses.
Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 2
Password Cracking:
Password attacks are attacks by hackers that are able to determine passwords or find passwords to
different protected electronic areas and social network sites.

Maintenance:
Use always strong password. Never use same password for two different sites.

Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 3

LAYERS OF SECURITY

The 7 layers of cyber security should center on the mission critical assets.

1. Mission Critical Assets: This is the data which need to be protected.

2. Data Security: It protects the storage and transfer of data.
3. Application Security: It protects access to an application which handles the mission
criticalassets and internal security of the application.
4. Endpoint Security: It protects the connection between devices and the network.
5. Network Security: It protects an organization’s network to prevent unauthorized access of
thenetwork.
6. Perimeter Security: It includes both the physical and digital security methodologies that
protectthe overall business.
7. The Human Layer: Humans are the weakest link in any cyber security posture. Human
security control includes phishing simulations and access management control that protect
mission critical assets from a wide variety of human threats, including cyber criminals,
malicious insiders and negligent users.

Motive of Attackers

The categories of cyber-attackers enable us to better understand the attackers' motivations

and the actions they take. As shown in Figure, operational cyber security risks arise from
three types of actions:
i) inadvertent actions (generally by insiders) that are taken without malicious or harmful
intent;
Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 4
 ii) deliberate actions (by insiders or outsiders) that are taken intentionally and are meant
to do harm; and
iii) inaction (generally by insiders), such as a failure to act in a given situation, either
because of a lack of appropriate skills, knowledge, guidance, or availability of the
Correct personto take action Of primary concern here are deliberate actions, of which there are
three categories ofmotivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.
2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
3. Socio-cultural motivations: examples include attacks with philosophical, theological,
political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to
alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.
Cyber-attacks can be classified into the following categories:
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important

Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 5

web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on
for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthyentity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 6
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.

System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harmto the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be fromtrusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 7
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data onthe target or data en route to the target.
Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.
Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do onthe website.
Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.
In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic than it
can handle.
In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems
(sometimes called a botnet or zombie army) attack a single target.

Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but
can be carried out with relative ease, particularly if the traffic is not encrypted.

Types of Passive attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved bythe attacker.
Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.
Software Attacks:
Malicious code (sometimes called malware) is a type of software designed to take over or
damage a computer user's operating system, without the user'sknowledge or approval. It can
Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 8
be very difficult to remove and very damaging. Commonmalware examples are listed in the
following table:

Attack Characteristics
Virus A virus is a programthat attempts to damage a computer system and replicate itself
to other computer systems. A virus:

 Requires a host to replicate and usuallyattaches itself to a host file or a

hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usuallyattaches to files with execution capabilities such as .doc, .exe, and
.bat extensions.
 Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.

Worm A worm is a self-replicating program that can be designed to do any number of

things, such as delete files or send documents via e-mail. A worm can negatively
impact network traffic just in the process ofreplicating itself. A worm:

 Can install a backdoor in the infected computer.

 Is usually introduced into the system through a vulnerability.
 Infects one system and spreads to other systems on the network.
 Example: Code Red.

Trojan A Trojan horse is a malicious program that is disguised as legitimate software.

horse Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed. Thus the
compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

 Cannot replicate itself.

 Often contains spying functions (such as a packet sniffer) or backdoor
functions that allow a computer to be remotely controlled from the
network.
 Often is hidden in useful software such as screen savers or games.
 Example: Back Orifice, Net Bus, Whack-a-Mole.

Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.

 A trigger activity may be a specific date and time, the launching of a

specific program, or the processing of a specific type of activity.
 Logic bombs do not self-replicate.

Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 9

 Hardware Attacks:
Common hardware attacks include:
a. Manufacturing backdoors, for malware or other penetrative purposes; backdoors
aren’t limited to software and hardware, but they also affect embedded radio-
frequency identification (RFID) chips and memory
b. Eavesdropping by gaining access to protected memory without opening other
hardware
c. Inducing faults, causing the interruption of normal behavior
d. Hardware modification tampering with invasive operations
e. Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems
f. Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems.

Cyber Threats:
Cyber Warfare: Cyber warfare refers to the use of digital attacks -- like computer
viruses and hacking -- by one country to disrupt the vital computer systems of another,
with the aim of creating damage, death and destruction. Future wars will see hackers
using computer code to attack an enemy's infrastructure, fighting alongside troops using
conventional weapons like guns and missiles.

Cyber warfare involves the actions by a nation-state or international organization to attack

and attempt to damage another nation's computers or information networks through, for
example, computer viruses or denial-of-service attacks.

Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer network
or a networked device. Cybercrime is committed by cybercriminals or hackers who want
to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically
skilled. Others are novice hackers.

Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful
attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of
Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 10
 political or social objectives.
Examples are hacking into computer systems, introducing viruses to vulnerable
networks, web site defacing, Denial-of-service attacks, or terroristic threats made via
electronic communication.

Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information from

individuals, competitors, rivals, groups, governments and enemies for personal,

economic, political or military advantage using methods onthe Internet.

Security Policies:

Security policies are a formal set of rules which is issued by an organization to ensure that
the user who are authorized to access company technology and information assets comply
with rules and guidelines related to the securityof information.
A security policy also considered to be a "living document" which means that the document
is never finished, but it is continuously updated as requirements of the technology and
employee changes.
We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our
specific environment.

Need of Security policies-

1) It increases efficiency.

2) It upholds discipline and accountability

3) It can make or break a business deal

4) It helps to educate employees on security literacy

There are some important cyber securitypolicies recommendations describe below-

Virus and Spyware Protection policy:

It helps to detect threads in files, to detect applications that exhibits suspicious

behavior.
Removes, and repairs the side effects of viruses and security risks by using signatures.
Firewall Policy:

Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 11

 It blocks the unauthorized users from accessing the systems and networks that connect
to the Internet.
It detects the attacks bycybercriminals and removes the unwanted sources of network
traffic.
Intrusion Prevention policy:

This policy automatically detects and blocks the network attacks and browser attacks.
It also protects applications from vulnerabilities and checks the contents of one or
more data packages and detects malware which is coming through legal ways.

Application and Device Control:

This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system.
The device control policy applies to both Windows and Mac computers whereas
application control policy can be applied only to Windows clients.

Prof. Yogesh N, Dept. of CSE-CY, ATMECE, Mysuru Page 12