UNIT-3

Cyber Security
 We can divide cybersecurity into two parts one is cyber, and the
other is security.
 Cyber  technology that includes systems, networks, programs,
and data.
 Security  concerned with the protection of systems, networks,
applications, and information.
 It is also called Electronic Information
Security or Information Technology Security.
Motivation
 Applications of Cyber Security

 Network Security Surveillance

 Identity And Access Management (IAM)
 Software Security
 Risk Management
 Security During Software Development
 Security Against Distributed Denial of Service (DDoS)
Challenges
 Cyber Threat
• Any malicious act that attempts to gain access to a computer
network without authorization or permission from the owners.
• It refers to the wide range of malicious activities that can damage
or disrupt a computer system, a network or the information it
contain.
• Most common cyber threats:
• Social Engineered Trojans.
• Unpatched Software.
• Phishing.
• Network worms.
Cyber threats can come from a wide variety of sources, some notable
examples include:
• National governments.
• Terrorists.
• Industrial secret agents.
• Rogue employees.
• Hackers.
• Business competitors.
• Organization insiders.
 Cyber Threat Classifications

• Threats can be classified by multiple criteria:

• Attacker's Resources
• Attacker's Organization
• Attacker's Funding
• On basis of these criteria, threats are of three types:
• Unstructured Threats
• Structured Threats
• Highly Structured threats
• Resources: Individual or small group.
• Organization: Little or no organization.
• Funding: Negligible.
• Attack: Easy to detect and make use of freely available
cyberattack tool.
• Exploitation based on documented vulnerabilities.
 Structured Cyber Threats

• Resources: Well trained individual or group.

• Organization: Well planned.
• Funding: Available.
• Attack: Against particular individual or organizations.
• Exploitation based on information Gathering.
 Highly Structured Cyber Threats

• Extensive organization, resources and planning over time.

• Attack: Long term attack on particular machine or data.
• Exploitation with multiple methods:-
Technical, social and insider help.
 Malware refers to malicious software.
 It is software used or created to disrupt computer operation, gather
sensitive information, or gain access to private computer systems.
 It can appear in the form of code, scripts, active content, and other
software.
 'Malware' is a general term used to refer to a variety of forms of
hostile, intrusive, or annoying software
 How Malware Spreads?

Malware is a program that must be triggered or somehow executed

before it can infect your computer system and spread to others.
Here are some examples on how malware is distributed:
a)Social network
b)Pirated software
c)Removable media
d)Emails
e)Websites
 Types of Malware
 Viruses
 Trojan horses
 Worms
 Spyware
 Zombie
 Phishing
 Spam
 Adware
 Ransomware
 Viruses

A program or piece of code that is loaded onto your computer without your knowledge and runs
against your wishes.
 Viruses can also replicate themselves.
 All computer viruses are manmade.
 Viruses copy themselves to other disks to spread to other computers.
They can be merely annoying or they can be vastly destructive to your files.
 Macro virus
 Boot virus
 Logic Bomb virus
 Directory virus
 Resident virus
 Trojan Horses

 A Trojan Horse program has the appearance of having a useful and

desired function.
 A Trojan Horse neither replicates nor copies itself, but causes
damage or compromises the security of the computer.
 A Trojan Horse must be sent by someone or carried by another
program and may arrive in the form of a joke program or software
of some sort.
 These are often used to capture your logins and passwords
 Remote access Trojans (RATs)
 Backdoor Trojans (backdoors)
 IRC Trojans (IRC bots)
 Keylogging Trojans
 Worms

 A computer worm is a self-replicating computer program.

 It uses a network to send copies of itself to other nodes (computers
on the network) and it may do so without any user intervention.
 It does not need to attach itself to an existing program.
 Spyware

 Spyware is a type of malware installed on computers that collects

information about users without their knowledge.
 The presence of spyware is typically hidden from the user and can
be difficult to detect.
 Spyware programs lurk on your computer to steal important
information, like your passwords and logins and other personal
identification information and then send it off to someone else
 Zombie

 Zombie programs take control of your computer and use it and its
Internet connection to attack other computers or networks or to
perform other criminal activities.
 Phishing

 Phishing (pronounced like the word 'fishing') is a message that tries

to trick you into providing information like your social security
number or bank account information or logon and password for a
web site.
 The message may claim that if you do not click on the link in the
message and log onto a financial web site that your account will be
blocked, or some other disaster
 Spam

 Spam is email that you did not request and do not want.
 One person's spam is another's useful newsletter or sale ad.
 Spam is a common way to spread viruses, trojans, and the like
 Adware

 Adware (short for advertising-supported software) is a type of

malware that automatically delivers advertisements.
 Common examples of adware include pop-up ads on websites and
advertisements that are displayed by software.
 Often software and applications offer “free” versions that come
bundled with adware.
 Ransomware

 Ransomware is a form of malware that essentially holds a computer

system captive while demanding a ransom.
 The malware restricts user access to the computer either by
encrypting files on the hard drive or locking down the system and
displaying messages that are intended to force the user to pay the
malware creator to remove the restrictions and regain access to their
computer.
Cyber Attacks
 Types of Cyber Attacks

• Advanced Persistent Threat (APT):

• A network attack in which an unauthorized person gains
access to network and stays there undetected for a long
period of time.

• Backdoor:
• Method of bypassing normal authentication and gaining
access in OS or application.
 Types of Cyber Attacks Contin….

• Buffer Overflow:
• An exploit that takes advantage of the program that is
waiting for a user’s input.

• Man-in-the-middle Attack:
• This attack intercepts and relays messages between two
parties who are communicating directly with each other.
• Cross-Site Scripting (XSS):
• A code injection attack that allows an attacker to execute
malicious JavaScript in another user’s browser.

• Denial of Service Attack:

• Any attack where the attackers attempt to prevent the
authorized users from accessing the service.
• SQL injection:
• A very common exploited web application vulnerability
that allows malicious hacker to steal and alter data in
website’s database.

• Zero-day exploit:
• A vulnerability in a system or device that has been
disclosed but is not yet patched.
 Impacts of Cyber Attacks

• A successful cyber attack can cause major damage to

organizations or systems, as well as to business reputation and
consumer trust.

• Some potential results include:

• Financial loss.
• Reputational damage.
• Legal consequences.
 Tools for Cyber Security Assessment

 NMAP
 Wireshark
 Metasploit
 Aircrack
 Hashcat
 Burpsuite…… etc.
 NMAP
NMAP (Network Mapper) is an open-source tool used for scanning the
networks.
It is mainly useful to discover hosts, information gathering about the network
devices on which service or port is open publicly .
 NMAP supports major OS platforms like Windows, Linux and even MAC
OS.
The main advantage of NMAP is flexible, easily portable, free, and well
documented.
 NMAP
In other words, we can use Nmap to scan IP addresses, search for security
loopholes, and scan for open ports on your computer network by sending
packets and analyzing the responses.
What Does Nmap Do?
Scan every active IP address
Perform entire network scanning
Identify server vulnerabilities
Develop visual mappings.
Automate system and vulnerability scans
 Wireshark
Wireshark is used globally by many for analyzing network protocol.
This tool help to capture packets using pcap, store and analyze each packet in
a detailed fashion.
Wireshark has many uses, including troubleshooting networks that have
performance issues. Cybersecurity professionals often use Wireshark to trace
connections, view the contents of suspect network transactions and identify
bursts of network traffic.
Wireshark supports OS platforms like Windows, Linux, Solaris, macOS etc.
Wireshark is also an open-source tool similar to the tcpdump with a user
interface option.
Usage of Wireshark
Wireshark is a safe tool used by government agencies, educational institutions,
corporations, small businesses and nonprofits alike to troubleshoot network
issues. Additionally, Wireshark can be used as a learning tool.

Common Wireshark Use Cases

Here’s a common example of how a Wireshark capture can assist in identifying a

problem. The figure below shows an issue on a home network, where the internet
connection was very slow.
Common Wireshark Use Cases
 Networking and System Administration
 Knowledge of Operating Systems and Virtual Machines
 Coding
 Cloud Security
 Artificial Intelligence (AI)
 An Understanding of Hacking
A secure website's URL should begin with "https" rather than "http". The "s" at the end of
"http" stands for secure and is using an SSL (Secure Sockets Layer) connection.

THE LOCK ICON

Another sign to look for is the "Lock" icon that is displayed somewhere in the window of your
web browser. Different browsers may position the lock in different places, but a few examples of
what it may look like can be found here:
• Inspect short links. They may hide the real destination of the link.

• Verify links in unsolicited emails. They may be phishing attempts to get your personal info.

• Beware of links with strange character strings. They may contain malware or phishing.

• Check a link yourself by hovering your cursor over it without clicking. You can see the real address in
the lower left corner of your browser.

• Copy the address for testing. You can use online tools to scan the link for malware or phishing.

• Phishtank: PhishTank is a collaborative clearing house for data and information about phishing
on the Internet.
• PhishTank | Join the fight against phishing
Add-ons (Plugins and Extensions), like the Web Browser on which it is installed, also need to be
managed and kept up-to-date. Most Add-on Updates address Security Vulnerabilities and Critical
Issues that NEED to be resolved. It is VERY IMPORTANT that these are kept up-to-date.

How to update Google Chrome

1. Open the Google Chrome web browser.

2. Click the ellipses menu icon, located in the top right corner.
3. Click the Settings button, located near the bottom of the list.
4. Click About Chrome, located toward the bottom of the list.
5. If the version of Chrome that you are running is current, the message will read Google Chrome
is up to date (Version Number).
• Never click on a link from an untrusted source.
• Close windows containing pop-up ads or unexpected warnings by clicking
on the “X” button in the uppermost right hand corner of that window, not
by clicking within the window.
• Use antivirus software, and update it regularly to recognize the latest
threats.
Social media security refers to the measures businesses and individuals take to protect
the privacy, confidentiality and information of their social media accounts.

It envelops various aspects such as privacy settings, account authentication, awareness

of phishing and scams, third-party apps and permissions, secure browsing habits and
more.

Benefits of social media security

• It protects personal privacy

• It enhances online reputation management
• Phishing attacks and scams
• Imposter accounts
• Malware attacks and hacks
• Vulnerable third-party apps
• Password theft
• Privacy settings and data security
• Unsecured mobile devices
1. Create a social media policy- A social media policy is a set of guidelines that outline how
your business and your employees should use social media responsibly.
2. Require two-factor authentication(2 FA)-Two-factor authentication is not foolproof, but it
does provide a powerful extra layer of security for your social media accounts. 2FA is a
combination of more than one authentication factor for verification. Example :- Marking
biometric attendance using an ID card and fingerprint(biometric).
3. Train your staff on social media security awareness- Even the best social media policy
won’t protect your organization if your employees don’t follow it, so train your staff regularly.
4. Regularly check for new social media security issues- Social media security threats are
constantly changing. Hackers are always coming up with new strategies, and new scams and
viruses can emerge at any time.