CYBER SECURITY

It is a state or process of protecting networks, devices, and programs from any type of Cyber
Attack.
UNIT-I Introduction to
Cyber Security
• Cyber security is primarily
About people, processes, and technologies
working together to encompass the full range of
threat reduction.
• Cyber security is
the protection of Internet-connected systems,
including hardware, software, and data from cyber
attacks.
…Introduction to
Cyber Security
• It is made up of two words
1. Cyber and
2. Security.
• Cyber is related to the technology which contains systems,
network and programs or data.
• security related to the protection which includes systems
security, network security and application and information
security.
Necessity of Cyber Security

• It is the body of technologies, processes, and

practices designed to protect networks, devices,
programs, and data from attack, theft, damage,
modification or unauthorized access. It may also be
referred to as information technology security.
 Layers of security:
There are 7 layer of Security
1: Mission Critical Assets – This is the data you
need to protect.
2: Data Security – Data security controls
protect the storage and transfer of data
3: Application Security – Applications security
controls protect access to an application, an
application’s access to your mission critical
assets, and the internal security of the
application.
4: Endpoint Security – Endpoint security
controls protect the connection between
devices and the network.
5: Network Security – Network security controls
protect an organization’s network and
prevent unauthorized access of the network.
6: Perimeter Security – Perimeter security
controls include both the physical and digital
security methodologies that protect the
business overall.
7: The Human Layer – Humans are the
weakest link in any cybersecurity
posture.
This include phishing simulations
and access management controls that
protect mission critical assets from a
wide variety of human threats,
including cyber criminals, malicious
insiders, and negligent users.
Vulnerability

Vulnerability is a cyber-security term

that refers to a flaw in a system that can
leave it open to attack.
Types of Cyber Security vulnerabilities

1. Injection vulnerabilities
2. Buffer Overflows
3. Sensitive Data Exposure
4. Broken Authentication and Session
Management
5. Security Misconfiguration.
1.Injection vulnerabilities
They occur every time an application sends
un trusted data to an interpreter.
• Most popular injection vulnerabilities affect
SQL, LDAP, XPath, XML parsers and program
arguments.
• The injection flaws are quite easy to discover
by analyzing the code, but frequently hard to
find during testing sessions when systems are
already deployed in production
environments.
Example to the dangers for the Internet- of
things devices like smart meters, routers,
web cameras and any other device that
runs software affected by this category of
flaws.
 2. Buffer Overflows
It exists when an application attempts to
put more data in a buffer than it can hold.
So…Writing outside the space assigned to
buffer allows an attacker to overwrite the
content of adjacent memory blocks causing
data corruption, crash the program, or the
execution of an arbitrary malicious code.
• They are quite common and very hard to
discover, but respect the injection attacks
they are more difficult to exploit.
How the attacker attacks in this type …
The attacker needs to know the memory
management of the targeted application, the
buffers it uses, and the way to alter their
content to run the attack.In a classic attack
scenario, the attacker sends data to an application
that store it in an undersized stack buffer, causing
the overwriting of information on the call stack,
including the function’s return pointer. In this way,
the attacker is able to run its own malicious code.
• Types of buffer overflow…
o Heap buffer overflow
o Format string attack.
Buffer overflow attacks are particularly
dangerous. They can target desktop
applications, web servers, and web
applications. An attacker can exploit a
buffer overflow to target a web
application and execute an arbitrary code.
One can corrupt the execution stack of a
web application by sending specifically
crafted data.
3. Sensitive Data Exposure

This occurs every time a threat

actor gains access to the user sensitive
data.
Data could be stored (at rest) in
the system or transmitted between two
entities.
In every case a sensitive data exposure
flaw occurs when sensitive data lack of
sufficient protection.
How attacker attacks… in this type
The attacker has several options such as
the hack of data storage, for example by
using a malware-based attack, intercept
data between a server and the browser
with a Man-In- The-Middle attack, or by
tricking a web application to do several
things like changing the content of a cart in
an e-commerce application, or elevating
privileges.
Who will run these attacks…
Sensitive data exposure attacks could
be run by any category of attackers,
including cyber criminals, state-
sponsored hackers and hacktivists, in
the majority of case this kind of attacks
are part of a first stage offensive that
involve also other hacking techniques.
4. Broken Authentication and Session
Management
This occurs when an attacker uses leaks
or flaws in the authentication or session
management procedures (e.g. Exposed
accounts, passwords, session IDs) to
impersonate other users.
• This kind of attack is very common; many
groups of hackers have exploited these flaws
to access victim’s accounts for Cyber
espionage or to steal information that could
advantage their criminal activities.
• This category of flaws affects web
applications, in the majority of cases
functionalities such as the logout, password
management, remember me, timeouts, secret
question, and account update are affected by
broken authentication vulnerabilities.
How attacker attacks…
once this kind of flaw is successfully
exploited, the attacker can impersonate
the victim doing anything he could do
with the privileges granted to his
account.
• The exploitation of a broken Authentication and Session
Management flaw is hard to mitigate due to the large
number of authentication schemes implemented by each
victim.
• Not all authentication and session management systems
are equal, complicating the adoption of best practices on
a large scale.
• There are several ways to bypass authentication
mechanisms, including
o Brute-forcing the targeted account,
o Using a SQL Injection attack, retrieving a session
identifier from an URL,
o Relying on the session timeout, reusing an already
used session token or compromising a user’s browser.
The most popular attack scenario relies
on the session, authentication
mechanisms are usually based on
tokens associated with each session on
the server side. An attacker that is able
to retrieve the session identifier could
impersonate victims without providing
login credentials again.
5. Security Misconfiguration
This occurs when
• Running outdated software.
• Applications and products running in
production in debug mode.
• Running unnecessary services on the
system.
• Use of default accounts.
•
How the attacker attacks…
An attacker can discover that the target is
using outdated software or flawed
database management systems.In many
cases, it is quite easy for an attacker to
search for this kind of vulnerability. The
availability of automated scanners on the
market allows the detection of systems not
correctly configured or correctly patched.
Threat
• Cyber security threats include a
whole range of vulnerabilities and
cyber-attacks.
• Common Cyber Security Threats…
– Malware
– Phishing
– Data Breaches
– DDoS Attack and Botnets
– Ransomware.
 Cyber Crime
Cyber crimes can be defined as the
unlawful acts where the computer is
used either as a tool or a target or both.
 Cyber crime can be categorized into
– Cyber crime against person
• Cyber stalking
• cyber crime Hacking
• Cracking
• Defamation
• Online fraud
• Child pronography
– Cyber crime against property
• Transmitting virus
• Cyber Squatting
• Cyber Vandalism
• Intellectual Property
– Cyber crime against government
• Cyber Warfare
• Cyber Terrorism
– Cyber crime against society
• Online Gambling
• Cyber Trafficking
Internet Governance – Challenges and
Constraints

Internet governance is the

development and application of shared
principles, norms, rules, decision-
making procedures, and programs that
shape the evolution and use of the
Internet.
The objectives of cybersecurity strategies

• National security-related objectives

• Information and communication

technology-related objectives
Cyber Criminals
• Cyber criminals, also known as hackers,
often use computer systems to gain
access to business trade secrets and
personal information for malicious and
exploitive purposes.
Types of Cyber Criminals
1.Identity Thieves.
Identity thieves are cyber criminals who
try to gain access to their victim’s
personal information.
2. Internet Stalkers
Internet stalkers are individuals who
maliciously monitor the online activity of
their victims to terrorize and/or acquire
personal information.
3. Phishing Scammers
Phishers are cyber criminals who attempt
to get ahold of personal or sensitive
information through victims’ computers.
4. Cyber Terrorists
Cyber terrorism is a well-developed,
politically inspired cyber attack in which
the cyber criminal attempts to steal data
and/or corrupt corporate .
Security Policy development
CIA : Confidentiality, Integrity and Availability.
This triad is a model for security
policy development.
• Confidentiality
Ensures that sensitive information are
accessed only by an authorized person
and kept away from those not authorized
to possess them.
• Integrity
 Ensures that information are in a format
that is true and correct to its original
purposes.
• Availability
Ensures that information and resources
are available to those who need them.
CIA -Model
Assets and Threat
Asset - is any data, device or other
component of an organization's systems
that is valuable.
• Examples : An employee’s desktop
computer, laptop or company phone.
• An organization's most common assets
are information assets, Data bases,
Physical files.
Threat - threat is any incident that could
negatively affect an asset.

For example, if it’s lost, knocked offline

or accessed by an unauthorised party.
Cyber Attackers
Motive of Cyber attackers
The need to understand the
motivations of cyber-attackers is
great, given that "cybersecurity risks
pose some of the most serious
economic and national security
challenges of the 21st Century".
Types of Cyber Attackers
Cyber-attackers can be broadly considered
• Insiders
Disgruntled Employees
Thieves
Unintentional.
• Outsiders
Organized Attacks
o Terrorists
o Hacktivists
o Nation States
o Criminal Actors.
Hackers
o Black Hats
o White Hats.
Amateurs
Categories of cyber-attackers
Types of Cyber-attacker actions and their motivations
when deliberate.
• Inadvertent actions
Generally by insiders that are taken without
malicious or harmful intent.

• Deliberate actions
By insiders or outsiders that are taken intentionally
and are meant to do harm.
• Inaction
Generally by insiders, such as a failure to act in a
given situation, either because of a lack of
appropriate skills, knowledge, guidance, or
availability of the correct person to take action.
• Political motivations Examples:
Destroying, disrupting, or taking control of
targets. Espionage and making political
statements, protests, or retaliatory actions.

• Economic motivations examples :

Theft of intellectual property or other
economically valuable assets like funds,
credit card information. Fraud, industrial
espionage and sabotage; and blackmail.
• Socio-cultural motivations examples:
Attacks with philosophical, theological,
political, and even humanitarian goals.
Types of Attacks
There are two types of Attacks
• Active Attack
It attempts to alter system resources
or affect their operation.
Active attack involve some
modification of the data stream or
creation of false statement.
Types of Passive and Active Attacks

• Masquerade
Masquerade attack takes place when one
entity pretends to be different entity.
• Modification
It means that some portion of a message
is altered or that message is delayed or
reordered to produce an unauthorised
effect.
• Repudiation
This attack is done by either sender or

receiver. The sender or receiver can

deny later that he/she has send or
receive a message.
Message Modification Example
Software attacks and hardware attacks

• Virus
• Worm
• Trojan
• Root kit
• Hybrids
• Scanner
• Hackers
Hardware attacks
Hardware attacks pertain to the
following devices…
• Access control systems such as
authentication tokens.
• Network appliances
• Industrial control systems.
• Surveillance systems
• Components of communication
infrastructure.
Lower level attacks
• Ticking time bombs
• Cheat codes
Motivations of hardware attacks
• Hardware cloning
• Breaking services, obtaining them with piracy
• Imitating user authentication for system
access
• Information leakage
• Unlocking devices, to gain access to an
internal shell or to increase control of a
system
• Unlocking hidden features
Spectrum of Attacks
Types of spectrum
• Anxiety, stress, and dissociation. Several types of
spectrum are in use in these areas.
• Obsessions and compulsions. An obsessive–
compulsive spectrum – this can include a wide
range of disorders .
• General developmental disorders. An autistic
spectrum – in its simplest form this joins together
autism and Asperger.
• Psychosis. The schizophrenia spectrum or psychotic
spectrum – there are numerous psychotic spectrum
disorders
Taxonomy of various attacks
overview regarding cyber attacks, and
to show some pragmatic ways to
classify them and organize them via
taxonomies.
• Cyber attack
An offensive action by a malicious actor that is
intended to undermine the functions of
networked computers and their related
resources, including unauthorized access,
unapproved changes, and malicious destruction.
Cyber Attack Malware Taxonomy
 IP spoofing
• IP spoofing is the creation of Internet
Protocol (IP) packets which have a
modified source address in order to
either hide the identity of the sender,
to impersonate another computer
system, or both.
• It is a technique often used by bad
actors to invoke DDoS attacks against a
target device or the surrounding
infrastructure.
• IP Spoofing is analogous to an attacker
sending a package to someone with the
wrong return address listed.
• spoofing is also used to masquerade as
another device so that responses are sent
to that targeted device instead.
• Tangential to DDoS attacks, spoofing can
also be done with the aim of
masquerading as another device in order
to sidestep authentication and gain access
to or “hijack” a user’s session.
 Protect against IP spoofing –
packet filtering

• Measures can be taken to stop spoofed

packets from infiltrating a network.
• A very common defense against
spoofing is ingress filtering, outlined in
BCP38
• Some networks will also implement
egress filtering, which looks at IP
packets exiting the network.
Methods of Defense
• Prevent harm, by blocking the attack
or closing the vulnerability
• Deter it, by making the attack harder
but not impossible
• Deflect it, by making another target
more attractive (or this one less so)
detect it, either as it happens or some
time after the fact
• recover from its effects.
Security Models
• The Cyber Security Model (CSM) is
part of the Defence Cyber Protection
Partnership (DCPP) which was set up
by the Ministry of Defence (MOD) to
manage and strengthen cyber
security for the defence sector and its
suppliers.
 The Cyber Security Model Work

The Cyber Security Model is a three-stage

process
• First stage of the process is a cyber risk
assessment of organisation’s security.
• Second stage of the assessment involves
the contracting authority deciding on the
appropriate level of cyber risk for a
contract, and the supplier implementing
the relevant controls to meet this level.
• The third stage is a supplier assurance
questionnaire, a self-assessment
questionnaire which enables a
supplier to demonstrate that they
have the ability to meet the
requirements needed for the
contract.
Risk management
• Risk management refers to the process
of identifying, assessing, and controlling
threats to a company’s finances.
• Cyber security risk management relies
on user education, strategy, and
technology to protect an organization
against attacks that could compromise
systems.
Cyber security Risk Management Process

Use the Community Maturity Model

• Initial.
This is the starting point for using a new or
undocumented repeat process.
• Repeatable
At this stage, the process is documented well
enough that repeating the same steps can be
attempted.
• Defined
At this level, the process has been defined and is
confirmed as a standard business process.
Cyber security Risk Management Process…..

• Managed
At this level, the process is quantitatively
managed according to the agreed-upon
metrics.
• Optimizing
At the final stage, the process
management process includes deliver it
action to optimize and improve it.
 Mitigating Security Risks

To eliminate all cyber threats and

security risks, there are a number of
precautions you can take to mitigate
risks when it comes to cyber security.
Precausions
• Limit devices with internet access
• Limit the number of staff members with administrator
credentials and control the rights for each
administrator.
• Limit administrative rights
• Use antivirus programs and endpoint security
• Require users to implement two-factor authentication
to gain access to certain files and systems.
• Install network access controls
• Allow automatic updates and patches for operating
systems Place limits on older operating systems
• Use firewalls
Cyber Threats
• A cyber or cyber security threat is a
malicious act that seeks to damage
data, steal data, or disrupt digital life.
• Cyber attacks include threats like
– computer viruses,
– data breaches, and
– Denial of Service (DoS) attacks.
Cyber Warfare
• Cyber warfare is the use of technology
to attack a nation, causing comparable
harm to actual warfare.
• Cyber warfare refers to the use of digital
attacks like
– computer viruses and
– hacking by one country to disrupt the
vital computer systems of another.
Cybercrime
• computer-oriented crime, is a crime
that involves a computer and a
network.
• The computer may have been used in
the commission of a crime
Cyber terrorism
• Cyber-terrorism is “the use of
computer network tools to shut
down critical national infrastructures
like
– energy,
– transportation,
– government operations.
Cyber Espionage
Cyber spying, or cyber espionage, is the act or
practice of obtaining secrets and information
without the permission and knowledge of the
holder of the information from
– individuals,
– competitors,
– rivals, groups,
– governments and
– enemies for personal, economic, political or
– military advantage using methods on the
Internet .
Comprehensive Cyber Security Policy
• The National Cyber Security Policy (2013) (NCSP)
was a major step in the direction to prepare India
to address the threats and challenges in
cyberspace.
• The need for a competent cyber security
infrastructure as part of the national security
policy cannot be overemphasized.
• The Kargil Review Committee (KRC), India’s first-
ever political review of national security
management, laid the foundation and brought to
the table several areas of concern
Consideration for next NCSP
• Create Awareness
– India has to create awareness about the
perils existing in cyberspace .
– Awareness is necessary for the banking
sector, stock exchanges, financial
institutions, manufacturing sector and
others relying heavily on digital
communications.
– India’s public sector broadcasters should be
drawn into efforts to give wide publicity to
Any Questi ons…?
THANK YOU !