Cyber Security Basics

By B Lokesh Joel
UNIT-I
▪ Cyber Security Basics :
▪ Sphere ▪ Cyber Attack Detection and
▪ Terminology Prevention,
▪ Vulnerability in the Cyber ▪ Information Security Testing,
Structure and Infrastructure ▪ Cyber Security
▪ Cyber threats and Weaponry Investigation/assessment,
▪ Cyber Defense ▪ Cyber-Deterrence.
Internet History
▪ 1950’s
▪ ARPA (Advanced Research Projects Agency)
▪ 1970
▪ ARPANET creates forerunner to Transmission Control Protocol (TCP)
▪ 1971
▪ Universities added to net
▪ Telnet and FTP are available
▪ 1972
▪ First electronic mail message sent
▪ 1973
▪ ARPANET connected to England and Norway
Internet History (cont..)
▪ 1974
▪ ''TCP starts being used for communicating across a system of networks
▪ 1982
▪ 'US DoD starts building defense data networks based on ARPANET
technology
▪ 1983-
▪ ARPANET splits into ARPANET and MILNET
▪ 1983-
▪ Internet now in place
▪ TCP/IP standardized
▪ 1986-
▪ National Science Foundation (NSF) implements NFSNET; a system of
regional network of routers connected over a backbone network
Internet History (cont..)
▪ 1991-
▪ "Archie and Gopher released
▪ 1992-
▪ "Internet links more that 17,000 networks in 33 countries; 3 million hosts
▪ 1993-
▪ " World Wide Web is launched
▪ 1995-
▪ "Interconnected network providers start offering service
▪ 1995-
▪ "About 30 million users
Cyberspace:
▪ Cyberspace is the environment of the internet.
▪ It is the home of google, Facebook, yahoo and many more.
▪ The term was coined by William Gibson
▪ Cyberspace is a ideal electronics space unbounded by
distance and other physical limitation.
▪ Why Cyber Space is Important ?
▪ It allows the users to share information, interact, swap ideas,
play games, engage in discussions or social forums, conduct
business, create media and many other activities.
Internet Insecurities:
▪ Internet insecurity spreads at Internet speed:
▪ Morris worm of 1988
▪ Password sniffing attacks in 1994
▪ IP spoofing attacks in 1995
▪ Denial of service attacks in 1996
▪ Email borne viruses 1999
▪ Distributed denial of service attacks 2000
▪ Ransomware attack in mid 2000
▪ Fast spreading worms and viruses 2003
▪ Spam 2004
Cybercrime
▪ Cyber Crime is any illegal activity that involves a computer or
network-connected device, such as a mobile phone.
▪ Cybercrime is divided into three categories by Department of
justice:
▪ Crimes in which the computing device is the target.
▪ Crimes in which the computer is used as a weapon.
▪ Crimes in which the computer is used as an accessory to a crime.
▪ It include malicious activities such as
▪ Illegal interception of data
▪ System interferences
▪ Copyright infringements
▪ Sale of illegal items like weapons, drugs
Cyber Security:
▪ Cybersecurity is the body of technologies, processes and
practices.
▪ It is designed to protect integrity of networks, computers,
programs and data from attack, damage or unauthorized
access.
▪ Why Cyber Security is important to us?
▪ Kill chains, zero-day attacks, ransomware, alert fatigue and
budgetary constraints are just a few example of cyber
attacks.
Cyber Security Principle:
▪ The Cyber Security five principles:
1. Confidentiality
2. Integrity
3. Availability
4. Accountability
5. Auditability
Cyber Security Principle:
1. Confidentiality : is a set of rules that limits access or place
restrictions on certain type of information.
2. Integrity: is the assurance that the information is trustworthy
and accurate
3. Availability : is a guarantee of reliable access to the
information by authorized people.
4. Accountability : is an assurance that an individual or an
organization will be evaluated on their performance or
behavior related to something for which they are
responsible.
Cyber Security Principle:
5. Auditability: A security audit is a systematic evaluation of the
security of a company's information system by measuring
how well it conforms to a set of established criteria.
Difference:
▪ Information security ▪ Cybersecurity
▪ Information Security means ▪ Cybersecurity is all about
Data Security. protecting data that is found
▪ It main concern is for the in electronic form.
confidentiality, integrity, ▪ It identify what the critical
and availability of user data is, where it resides, and
data. the technology that user
have to use in order to
protect it.
Similarity:
▪ Information security and Cybersecurity:
1. Both have physical security component:
▪ There is a need of entire physical access control to a place where
data is stored either digitally or physically, in order to avoid
unauthorized access.
2. Both protect the valuable ‘data’:
▪ In both the securities, the main concern is safeguarding the data of
the company from the illegal digital and physical access of any kind.
Cyber Security Assets:
▪ Assets include
▪ Hardware (e.g. servers and switches)
▪ Software (e.g. mission critical applications and support
systems)
▪ Confidential information
▪ Asset can be data, device or other component of the
environment that supports information-related activities.
▪ Assets should be protected from unauthorized access.
Protect What You Value
Security Assets
What is Privacy Anonymity and
Pseudonymity
Encrypted Traffic Analytics (ETA)
Cyber Threats:
▪ A Cyber threat is any malicious act that attempts to gain
access to a computer network without authorization or
permission from the owners.
▪ It refers to the wide range of malicious activities that can
damage or disrupt a computer system , a network or the
information it contain.
▪ Most common cyber threats : Social Engineered Trojans,
Unpatched Software , Phishing, Network worms etc.
Source of Cyber Threats:
▪ Nation states or national governments
▪ Terrorists
▪ Industrial secret agent
▪ Hackers
▪ Business competitors
▪ Organization insiders
Types of Cyber Threats:
▪ Threats can be classified according to multiple criteria:
1. Attacker's Resources
2. Attacker's Organization
3. Attacker's Funding
▪ On basis of these criteria, threats are of 3 types:
1. Unstructured Threats
2. Structured Threats
3. Highly Structured threats
Types of Cyber Threats:
▪ Unstructured Threats:
▪ Resources: individual or small group
▪ Organization: Little or no organization
▪ Funding: negligible
▪ Attack: Easy to detect and make use of freely available cyberattack
tool
▪ Exploitation based on Documented vulnerabilities.
Types of Cyber Threats:
▪ Structured Threats:
▪ Resources: well trained individual or group Organization: well
planned organization
▪ Funding : available
▪ Attack: against particular individual or organizations
▪ Exploitation based on information Gathering.
Types of Cyber Threats:
▪ Highly Structured Threats:
▪ Extensive organization, resources and planning overtime.
▪ Attack: long term attack on particular machine or data.
▪ Exploitation with multiple methods: technical, social and insider help
Cyber Security Index Level:
▪ Cyber threats are evaluated daily by the CTU
(counter threat unit) and updated the index level:
▪ Guarded - Level 1
▪ Elevated - Level 2
▪ High-Level 3
▪ Critical - Level 4
Cyber Attack [Types of Attacks]
▪ Advanced Persistent Threats (APT)
▪ Backdoor
▪ Buffer Overflow
▪ Man-in-the-middle Attack
▪ Social engineering
▪ Phishing
▪ Spoofing
▪ Cross-Site Scripting
▪ Denial of Service Attack
▪ SQL injection
▪ Zero-day exploit
Cyber Attack [Types of Attacks]
▪ Advanced Persistent Threats (APT): is a network attack in which an
unauthorized person gains access to a network and stays there
undetected for a Long period of time.
▪ Backdoor: is a method of bypassing normal authentication and gaining
access in OS or application.
▪ Buffer Overflow: is an exploit that takes advantage of a program that is
waiting for a user's input.
▪ Man-in-the-middle Attack: is a attack in which an attacker intercepts
and relays messages between two parties who are communicating
directly with each other.
Cyber Attack [Types of Attacks]
▪ Social engineering : is an attack vector that relies heavily
on human interaction and often involves tricking people
into breaking normal security procedures.
▪ Phishing : is a cybercrime in which a targets are contacted
by email, telephone or text message by impersonating to
attract individuals into providing sensitive data
▪ Spoofing : is a type of scam where an intruder attempts to
gain unauthorized access to a user's system or information
by pretending to be the user.
Cyber Attack [Types of Attacks]
▪ Cross-Site Scripting (XSS): is a code injection attack that allows an
attacker to execute malicious JavaScript in another user's browser.
▪ Denial of Service Attack: is any type of attack where the attackers
attempt to prevent the authorized users from accessing the service.
▪ SQL injection : is a very common exploited web application
vulnerability that allows malicious hackers to steal and alter data in
a website’s database.
▪ Zero-day exploit: is a vulnerability in a system or device that has
been disclosed but is not yet patched.
Types of Malicious Code:
▪ Viruses
▪ Network worm
▪ Trojan Horse
▪ Botnet
▪ Keylogger
▪ Rootkit
▪ Spyware
▪ Adware
▪ Ransomware
Types of Malicious Code:
▪ Virus : is a type of malicious software program, when it is executed, it
replicates itself by modifying other computer programs and inserting
its own code.
▪ Network worm : is a standalone malware which replicates itself in
order to spread to other computers.
▪ Trojan Horse : is a program that claims to free your computer from
viruses but instead introduces viruses onto your system.
▪ Botnet: is used to perform distributed denial-of-service attack (DDoS
attack), steal data, send spam, and allow the attacker access to the
device and its connection
Types of Malicious Code:
▪ Keylogger: is a type of surveillance technology used to monitor and record each
keystroke typed on a specific computer's keyboard.
▪ Rootkit: is a collection of tools or programs that enable administrator-level access
to a computer or computer network.
▪ Spyware: is a software that is hidden from the user in order to gather information
about internet interaction, keystrokes, passwords, and other valuable data.
▪ Adware : Adware is designed to display advertisements on your computer and
redirect your search requests to advertising websites to collect marketing data
about you.
▪ Ransomware : is a type of malware that prevents or limits users from accessing
their system, either by locking the system's screen or by locking the user's files
unless a ransom is paid.
Vulnerability:
▪ Vulnerability is a cyber-security term that refers to a flaw in
a system that can Leave it open to attack.
▪ Vulnerability is the composition of three elements:
▪ A flaw in system
▪ Access of attacker to that flaw
▪ Capability of attacker to exploit the flaw
 https://en.wikipedia.org/wiki/Vulnerability_(computing)

Classification of Vulnerability
▪ Classification of Vulnerability according to the asset:
▪ Hardware
▪ susceptibility to humidity
▪ susceptibility to dust
▪ susceptibility to soiling
▪ susceptibility to unprotected storage
▪ Software
▪ Network
▪ Personnel
▪ Physical site
▪ Organizational
 https://en.wikipedia.org/wiki/Vulnerability_(computing)

Classification of Vulnerability
▪ Classification of Vulnerability according to the asset:
▪ Hardware
▪ Software
▪ insufficient testing
▪ lack of audit trail
▪ design flaw
▪ Network
▪ Personnel
▪ Physical site
▪ Organizational
 https://en.wikipedia.org/wiki/Vulnerability_(computing)

Classification of Vulnerability
▪ Classification of Vulnerability according to the asset:
▪ Hardware
▪ Software
▪ Network
▪ unprotected communication lines
▪ insecure network architecture
▪ Personnel
▪ Physical site
▪ Organizational
 https://en.wikipedia.org/wiki/Vulnerability_(computing)

Classification of Vulnerability
▪ Classification of Vulnerability according to the asset:
▪ Hardware
▪ Software
▪ Network
▪ Personnel
▪ inadequate recruiting process
▪ inadequate security awareness
▪ Physical site
▪ Organizational
 https://en.wikipedia.org/wiki/Vulnerability_(computing)

Classification of Vulnerability
▪ Classification of Vulnerability according to the asset:
▪ Hardware
▪ Software
▪ Network
▪ Personnel
▪ Physical site
▪ area subject to flood
▪ unreliable power source
▪ Organizational
 https://en.wikipedia.org/wiki/Vulnerability_(computing)

Classification of Vulnerability
▪ Classification of Vulnerability according to the asset:
▪ Hardware
▪ Software
▪ Network
▪ Personnel
▪ Physical site
▪ Organizational
▪ lack of regular audits
▪ lack of continuity plans
▪ lack of security
Vulnerability:
▪ Some of the Vulnerability in the system
▪ Missing patches
▪ Cleartext credentials
▪ Using unencrypted channels
▪ RF Emanation
Impact:
▪ A successful cyber attack can cause major damage to
organization or system, as well as to business reputation and
consumer trust.
▪ Financial loss
▪ Reputational damage
▪ Legal consequences
Vulnerability in the Cyber Structure and Infrastructure
Vulnerability in the Cyber Structure and Infrastructure
A five-step process to improve cybersecurity
[framework ]
▪ https://www.nist.gov/cyberframework
Framework for Improving Critical Infrastructure
Cybersecurity
Framework for Improving Critical Infrastructure
Cybersecurity
Framework for Improving Critical Infrastructure
Cybersecurity
Framework for Improving Critical Infrastructure
Cybersecurity
Framework for Improving Critical Infrastructure
Cybersecurity
Framework for Improving Critical Infrastructure
Cybersecurity
Ask yourself this
Laptop example
Next Level
Humans - Education and awareness is essential
Humans - Education and awareness is essential
Technology solutions to protect a business
http://www.digitalattackmap.com/faq/
Passphrases and authentication
https://www.youtube.com/watch?v=vC8qbff_U4o
https://www.ftc.gov/about-ftc/bureaus-offices/bureau-consumer-
protection/small-businesses
https://www.sans.org/security-resources/policies/
 Unit I
Cyber Security Basics
Part 2
By B Lokesh Joel