Introduction

to
Cyber Security
 Introduction

The Term “Cyber Security” is used to refer to

the security offered through on-line services to
protect your online information.

With an increasing amount of people getting

connected to internet, the security threats that
cause massive harm are increasing also.

2
 To Understand

What is the
What is the need of
meaning of the
Cyber Security
word CYBER

What are the How to implement

security and maintain
problems in Security of a Cyber
Cyber field? field around us.

3
 Meaning of the Word “Cyber”

It is a combining form
relating to information
technology, the internet and
virtual reality.

4
 Cyber Crime
 Cyber Crimes are, as the name implies, crimes
committed using computers, phones or the internet.

 Some types of cyber crime include:

 Illegal interception of data.
 System interferences.
 Copyrights infringements.
 Sale of illegal items.

5
 Cyber Security Kill Chain, Zero-
day attack,
ransomware, alert
 Cyber Security is the body of technologies, fatigue and Man-
in the middle
processes and practices involved in protecting attack are just a
few examples of
individuals and organizations from cyber crime. common cyber
attacks.

 It is designed to protect integrity of networks,

computers, programs and data from attack, damage
or unauthorized access.

6
 Need of Cyber Security

Cyber Security is necessary since it helps in securing

data from threats such as data theft or misuse, also

safeguards your system from viruses.

7
 ASSESSMENT/EVALUATION

 Differentiate between Cyber Crime & Cyber

Security and briefly highlight the need for cyber
security.

8
Personal Data
 Personal Data
• Offline Identity
 Your identity that interacts on a regular basis at home,
school or work.
 this is how we act, in physical reality, around people;
what information we tell and to who.
• Online Identity
 Your identity while you are in cyberspace.
 Also called digital or internet identity, is a social
identity that an internet user establishes over the
internet e.g. Username
o Should not include any personal information
o Should be appropriate and respectful and Should not attract
unwanted attention
10
 Your Data

11
 Personal Data as a Target
How do the criminals get your money?
• Online credentials
 Gives thieves access to your accounts
• Creative schemes
 Trick into wiring money to your friends or family
Why do they want your identity?
• Long-term profits
• Medical benefits
• File a fake tax return
• Open credit card accounts
• Obtain loans
12
Protecting Your
Personal Data
 Protecting Your Computing Devices
Keep the Firewall On
• Prevent unauthorized access to your data or computing
devices
• Keep the firewall up to date

Use Antivirus and Antispyware

• Prevent unauthorized access to your data or computing
devices
• Only download software from trusted websites
• Keep the software up to date

14
 Protecting Your Computing Devices
Manage Your Operating System and Browser
• Set the security settings at medium or higher
• Update your computer’s operating system and browser
• Download and install the latest software patches
and security updates

Protect All Your Devices

• Password protect
• Encrypt the data
• Only store necessary information
• IoT devices
15
 Protecting Your Computing Devices
Home Wireless Network
• Change the pre-set SSID and default administrative password
on your Wi-Fi router.
• Disable SSID broadcast
• Use WPA2 encryption feature
• Be aware of WPA2 protocol security flaw – KRACK
 Allows intruder to break the encryption between
wireless router and clients

Use caution when using public Wi-Fi hotspots

• Avoid accessing or sending sensitive information
• Use of VPN tunnel can prevent eavesdropping
Turn off Bluetooth when not in use
16
 ASSESSMENT/EVALUATION

 Discuss what you understand by data.

 Briefly explain why should your digital

information be secure.

17
Major Security
Problems
 Major Security Problems

 Virus

 Hacker

 Malware

 Trojan Horses

 Password Cracking

19
 Viruses and Worms

A Virus is program that is

loaded onto your computer

without your knowledge and

runs against your wishes.

20
 Solution

 Install a security suite

that protects the

computer against threats

such as viruses and

worms

21
Solution – Security Suites/Antivirus

22
 Hackers

In common, a Hacker is a
person who breaks into
computers, usually by
gaining access to
administrative controls.

23
 Types of Hackers

 White Hat Hacker

 Grey Hat Hacker

 Black Hat Hacker

24
 Types of Hackers
White Hat Hacker: break into system with
permission to discover weaknesses so that the
security of these systems can be improved.

Gray Hat Hacker: compromise systems

without permission.

Black Hat Hacker: takes advantage of any

vulnerability for illegal personal, financial or
political gain.
25
 Other Types of Attackers
Amateurs
• Script kiddies with little or no skill

• Using existing tools or instructions found

online for attacks
Organized Hackers

• organizations of cyber criminals,

hacktivists, terrorists, and state-sponsored
hackers.
26
 How to Prevent Hacking

It may be impossible to prevent computer

hacking however effective security controls
including strong password and the use of
firewalls can helps.

27
 Malware

 The word “malware” comes from the term

“MALicious softWARE”.

 Malware is any software that infects and

damages a computer system without the
owner’s knowledge or permission

28
 Types of Malware

Worms

Rootkits Spyware

Trojans Crimeware

Viruses Malware Adware

29
 Symptoms of Malware
 Presence of unknown files,
 An increase in CPU usage.
programs, or desktop icons.
 Decrease in computer speed.
 Unknown processes running.
 The computer freezes or 
Programs turning off or
crashes often.
reconfiguring themselves.
 Decrease in browsing speed.  Email is being sent without
 Unexplainable problems with the user’s knowledge or
consent.
network connections.

 Files are modified.

 Files are deleted.

30
 To Stop Malware

 Download an Anti-Malware program that also

helps prevent infections.

 Activate Network Threat Protection, Firewall,

Antivirus

31
 Trojan Horses

 Trojan horses are email viruses that can

duplicate themselves, steal information or
harm the computer system.

 These viruses are the most serious threats to

computers.

32
 How to Avoid Trojans

 Security suites such as

Avast Internet Security, will

prevent you from

downloading Trojan Horses.

33
 Password Cracking
 Password attacks are by hackers that are able to
determine passwords or find passwords to
different protected electronic areas and social
network sites.

 Methods of Password Cracking

• Social Engineering - The attacker manipulates a person
who knows the password into providing it.
• Brute-force Attacks - The attacker tries several possible
passwords in an attempt to guess the password.
• Network Sniffing - The password maybe discovered by
listening and capturing packets send on the network.

34
 Securing Password
 Always use Strong Password
 Never use same password for two different
passwords.

Tips for choosing a good password:

• Do not use dictionary words or names in any languages
• Do not use common misspellings of dictionary words
• Do not use computer names or account names
• If possible use special characters, such as !@#$%^&*()
• Use a password with ten or more characters

Check how secured is your password from the website

below

www.security.org/how-secure-is-my-password/

35
 Securing Password
Tips in choosing a good passphrase:
• Choose a meaningful statement to you
• Add special characters, such as ! @ # $ % ^ & * ( )
• The longer the better
• Avoid common or famous statements, for example, lyrics from
a popular song

36
37
 Cyber Security Counter Measures
 Audit regularly

 Awareness to staff

 Update software system

 Install antivirus, anti-malware etc

 Installing Endpoint Detection & Response (EDR)

 Firewalls

 End point protection

38
 Cyber Security Strategy - India
 Security Policy, Legal Framework
 IT Act, 2000
 IT (Amendment) Bill, 2006 Data Protection & Computer
Crimes

 Capacity Building
 Skill & Competence Development

 Research & Development

 Cyber Monitoring
 Network Security

 International Collaboration

39
40
41
 ASSESSMENT/EVALUATION
 Mention any five (5) Major Security Problems

 Mention any five (5) types of Malware

 Mention any five (5) symptoms of Malware

 Mention any 3 tips in choosing a strong password
 As a company, how will you take measures
against cyber attacks?
 Find out the meaning of all the types of Malware

42
Cyber Security
Principles
 Cyber Security Principles

There are five key principles in Cyber Security:

• Confidentiality

• Integrity

• Availability

• Accountability

• Auditability

44
 Cyber Security Principle
Definitions
 Confidentiality:
 A set of rules that limits access or place restrictions
on certain type of information.
 Integrity:
 Assurance that the information is trustworthy and
accurate.
 Availability:
 The guarantee of reliable access to the information
by authorized people.
45
 Cyber Security Principle
Definitions
 Accountability:
 Is an assurance that an individual or an organization
will be evaluated on their performance or behaviour
related to something for which they are responsible.

 Auditability:
 A security audit is a systematic evaluation of the
security of a company’s information system by
measuring how well it conforms to a set of
established criteria.
46
Cyber Threats
 Cyber Threat
 A Cyber threat is any malicious act that attempts to gain
access to a computer network without authorization or
permission from the owners.

 It refers to the wide range of malicious activities that can

damage or disrupt a computer system, a network or the
information it contain.

 Most common cyber threats: Social Engineered Trojans,

Unpatched Software, Phishing, Network worms, etc.
48
 Sources of Cyber Threats
Cyber threats can come from a wide variety of sources,
some notable examples include:

 National governments.  Hackers.

 Terrorists.  Business competitors.

 Industrial secret agents.  Organization insiders.

 Rogue employees.

49
 Cyber Threat Classifications
 Threats can be classified by multiple criteria:
 Attacker's Resources
 Attacker's Organization
 Attacker's Funding

 On basis of these criteria, threats are of 3 types:

 Unstructured Threats
 Structured Threats
 Highly Structured threats

50
 Unstructured Cyber Threats
 Resources: Individual or small group.

 Organization: Little or no organization.

 Funding: Negligible.

 Attack: Easy to detect and make use of freely

available cyberattack tool.

 Exploitation based on documented vulnerabilities.

51
 Structured Cyber Threats
 Resources: Well trained individual or group.

 Organization: Well planned.

 Funding: Available.

 Attack: Against particular individual or organizations.

 Exploitation based on information Gathering.

52
 Highly Structured Cyber Threats

 Extensive organization, resources and planning over

time.

 Attack: Long term attack on particular machine or

data.

 Exploitation with multiple methods:

 Technical, social and insider help.

53
 Cyber Security Threat Index Level

 Cyber threats are evaluated daily by the CTU (counter

threat unit) and associated with an threat index level.

 The threat index levels are:

 Level 1: Guarded.
 Level 2: Elevated.
 Level 3: High.
 Level 4:Critical.

54
 ASSESSMENT/EVALUATION

 What is Cyber Threat?

 Mention any three (3) Sources of Cyber Threats

 On criteria basis, list the three (3) types of
threats.

55
Cyber Security Attackers,
Professionals, Criminals &
Specialists
 Cyber Attackers & Cyber Security
Professionals
 Cyber Attackers are individuals or organizations who
perform malicious activities to destroy, expose, alter,
steal, or gain unauthorized access to assets.

 Cyber Security Professionals build, test, and

analyze systems to keep data and information safe
from hackers and other external threats

57
 Cyber Security Criminals
 A Cyber Criminal is a person who conducts some form of illegal
activity using computers or other digital technology such as the
Internet. The criminal may use computer expertise, knowledge of
human behavior, and a variety of tools and services to achieve his
or her goal.

 The kinds of crimes a cybercriminal may be involved in can include

hacking, identity theft, online scams and fraud, creating and
disseminating malware, or attacks on computer systems and sites.
The core factor of what makes a crime a cybercrime is that it’s
directed at a computer or other devices and/or these technologies
are used to commit the crime.
58
 Cyber Security Specialists

 A Cyber Security Specialist is a person that is

responsible for providing security during and after the
development stages of software and networks.

 A Cyber Security Specialist searches for risks in

hardware and software systems.

59
Cyber Warfare & Cyber
War
 Cyber Warfare and Its Purpose
 Cyberwarfare is the use of cyber attacks against an
enemy state, causing comparable harm to actual
warfare and/or disrupting vital computer systems.

 In short, it is a conflict using the cyberspace.

 Types of Cyberwarfare includes Espionage,

Sabotage, Denial-of-Service Attack, Propaganda,
Economic Disruption, etc.

61
 A crucial example of this is
the STUXNET malware.

Cyber Warfare Vs. Cyber War Stuxnet, a computer worm,

discovered in June 2010,
that was specifically written
to take over certain
programmable industrial
 Cyber Warfare is different from Cyber War in that control systems and cause
the equipment run by those
systems to malfunction, all
the while feeding false data
cyber warfare typically refers to the techniques used to the systems monitors
indicating the equipment
to be running as intended.
As analyzed by computer
while engaging in cyber war. For example, a state- security experts around the
world, Stuxnet targeted
certain “supervisory control

sponsored hacker may try to hack into the Bank of and

(SCADA)
data acquisition”
systems
manufactured by the
German electrical company
England as an act of cyber warfare while engaging in Siemens AG that control
machinery employed in
power plants and similar

a cyber war against England and its allies. installations.

62
 Purpose of Cyber Warfare
The main purpose of cyber warfare is to gain advantage
over adversaries, nations, or competitors by
compromising their systems. However, reasons and
motivations for cyber warfare runs deeper:

 Military: It is in the military’s best interests to gain

control of key elements of an enemy nation’s
cyberspace. An effective cyber attack could bring an
enemy country’s military to its knees and secure what
would have been an otherwise costly victory.
63
 Purpose of Cyber Warfare
 Civil: Attacking the civil infrastructure of a nation directly
impacts the people living and working in the country. This
could be used to inspire fear or cause them to revolt against
the government in protest, weakening the opponent from a
political standpoint.

 Hacktivism: Hacktivists can engage in cyber warfare by

spreading propaganda or going after secrets and then
exposing them to the rest of the world. In these ways,
hacktivists can weaken an opponent’s standing on the world
stage, precluding support from other countries.

64
 Purpose of Cyber Warfare
 Income Generation: Cyber warfare “soldiers” can engage in
these kinds of attacks for their own financial benefit. If they
are employed by the government, they can earn a fee for
their services. Further, they could break the defenses of a
financial institution and steal money for themselves.

 Nonprofit Research: Nonprofit research often reveals very

valuable information that a country can use to solve a critical
problem. For example, if a country is trying to develop a
vaccine and another one already has it, cyber warfare could
be used to steal information pertaining to their solution.

65
 ASSESSMENT/EVALUATION
 Differentiate between Cyber Attacker and
Cyber Security Professional?

 Differentiate between Cyber Security Criminal

and Cyber Security Specialist?

 Mention any five (5) purposes of Cyber Warfare.

66
Cyber Attacks
 Types of Cyber Attacks

• Advanced Persistent Threat (APT):

• A network attack in which an unauthorized person
gains access to network and stays there undetected
for a long period of time.

• Backdoor:
• Method of bypassing normal authentication and
gaining access in OS or application.

68
 Types of Cyber Attacks Continued

• Buffer Overflow:
• An exploit that takes advantage of the program that
is waiting for a user’s input.

• Man-in-the-middle Attack
• This attack intercepts and relays messages
between two parties who are communicating
directly with each other.

69
 Types of Cyber Attacks Continued

• Cross-Site Scripting (XSS):

• A code injection attack that allows an attacker to
execute malicious JavaScript in another user’s
browser.

• Denial of Service Attack:

• Any attack where the attackers attempt to prevent
the authorized users from accessing the service.

70
 Types of Cyber Attacks Continued

• SQL Injection:
• A very common exploited web application
vulnerability that allows malicious hacker to steal
and alter data in website’s database.
• `

• Zero-day Exploit:
• A vulnerability in a system or device that has been
disclosed but is not yet patched.

71
 Impacts of Cyber Attacks

• A successful cyber attack can cause major damage to

organizations or systems, as well as to business
reputation and consumer trust.

• Some potential results include:

• Financial loss.
• Reputational damage.
• Legal consequences.

72
 ASSESSMENT/EVALUATION
 Mention any four Cyber Attack & Briefly Explain
two (2) of them.

 Mention three (3) potential result impact of

Cyber Attack.

73
Malicious Code
 Types of Malicious Code
• Virus:
• Malicious software program, when it is executed, it
replicates itself by modifying other computer
programs and inserting its own code.

• Network Worm:
• Standalone malware which replicates itself in order
to spread to other computers.

75
 Types of Malicious Code
Continued
• Trojan Horse:
• A program that claims to free your computer from
viruses but instead introduces viruses onto your
system.

• Botnet:
• Used to perform distributed denial-of-service attack
(DDoS attack), steal data, send spam, and allow the
attacker access to the device and its connection.
76
 Types of Malicious Code
Continued
• Keylogger:
• A type of surveillance technology used to monitor
and record each keystroke typed on specific
computer’s keyboard.

• Rootkit:
• Collection of tools or programs that enable
administrator-level access to computer or computer
network.
77
 Types of Malicious Code
Continued
• Spyware:
• Software that is hidden from the user in order to
gather information about internet interaction,
keystrokes, passwords, and other valuable data.

• Adware:
• Designed to display advertisements on your computer
and redirect your search requests to advertising
websites to collect marketing data about you.
78
 Types of Malicious Code
Continued
• Ransomware:
• Malware that prevents or limits users from
accessing their system, either by locking the
system’s screen or by locking the user’s files unless
a ransom is paid.

79
Vulnerabilities
 What is a Vulnerability?

• A cyber-security term that refers to a flaw in a system

that can leave it open to attack.

• Vulnerability is the composition of three elements:

1. A flaw in system.
2. Access of attacker to that flaw.
3. Capability of attacker to exploit the flaw.

81
 Classification of Vulnerabilities

• Vulnerabilities are classified according to the asset:

• Hardware.
• Software.
• Network.
• Personal.
• Physical site.
• Organizational.

82
 Causes of Vulnerabilities

• Some of the vulnerability in the system occur due to:

• Missing patches.
• Cleartext credentials.
• Using unencrypted channels.
• RF Emanation.

83
 ASSESSMENT/EVALUATION
 Mention any five (5) types of Malicious Code
you know and briefly explain three (3).

 What is Vulnerability?

 Mention the three (3) Component Elements of

Vulnerability

 Mention five (5) classification of Vulnerability

according to asset

84
Safeguarding Your
Online Privacy
 Two Factor Authentication

 Popular online services use two factor authentication

 Need Username / password or PIN and a second token

for access:
 Physical object - credit card, ATM card, phone,
or fob
 Biometric scan - fingerprint, palm print, as well
as facial or voice recognition

86
 OAuth 2.0

 An open standard protocol that allows an

end user’s credentials to access third
party applications without exposing the
user’s password

 Act as the middle man to decide whether

to allow end users access to third party
applications.

87
 Do Not Share Too Much on Social
Media
 Share as little information as possible on social media

 Do not share information such as:

 Birth date
 Email address
 Phone number

 Check your social media settings

88
 Email and Web Browser Privacy
 Email is like sending a postcard.
 Copies of the email can be read by anyone with access.
 The email is passed among different servers
 Using private browsing mode can prevent others from
gathering information about your online activities.
 Private mode on popular browser
 Microsoft Internet Explorer: InPrivate
 Google Chrome: Incognito
 Mozilla Firefox: Private tab / private window
 Safari: Private: Private browsing

89
Protecting the
Organization
Firewall & Types of Firewall
Firewalls control or filter incoming or outgoing communications on a
network or device. Below are common types of firewall:
 Network Layer Firewall: source and destination IP addresses
 Transport Layer Firewall: source and destination data ports,
connection states
 Application Layer Firewall: application, program or service
 Context Aware Application Firewall: user, device, role, application
type, and threat profile
 Proxy Server: web content requests
 Reverse Proxy Server: protect, hide, offload, and distribute access
to web servers
 Network Address Translation (NAT) Firewall: hides or
masquerades the private addresses of network hosts
 Host-based Firewall: filtering of ports and system
service calls on a single computer operating system.

91
 Security Appliances
Security appliances fall into these general categories:
• Routers - can have many firewall capabilities:
traffic filtering, IPS, encryption, and VPN.
• Firewalls – may also have router capability,
advanced network management and analytics.
• IPS - dedicated to intrusion prevention.
• VPN - designed for secure encrypted tunneling.
• Malware/Antivirus - Cisco Advanced Malware Protection (AMP)
comes in next generation Cisco routers, firewalls, IPS devices,
Web and Email Security Appliances and can also be installed as
software in host computers.
• Other Security Devices – includes web and email security
appliances, decryption devices, client access
control servers, and security management systems.

92
 Legal Issues in Cybersecurity
 Personal Legal Issues
 Be responsible with your skills

 Corporate Legal Issues

 Businesses are required to abide by the cybersecurity laws.
 Break the law, you could lose your job and your company could
be punished.
 When you are not sure, you should consult legal department.

 International Law and Cybersecurity

 IMPACT
 global partnership of world governments, industries and
academia
 Improving global capabilities when dealing with cyber threats

93
 Cybersecurity Jobs
Some online job search engine
• ITJobMatch
• Monster
• CareerBuilder
Different types of cybersecurity jobs
• Penetration testing / ethical hacker
• Security administrator
• Network administrator
• System administrator

94
95