INTRODUCTION TO CYBER SECURITY

It is a discipline which involves the security of IT related resources.

Important Part of any Organization:

 People: Human Resources that work with the organization.

 Process: what has to be done and how it has to be done.
 Technology: Physical & Software and hardware, your networks, your cloud solutions.

Features of the cyber security

 It covers the security of the users from cybercrimes, mental and emotional harassment,
financial extortion and social exploitation.

 It also covers the security of the data generated due to the mutual interaction of the
technologies involved.

 Further, it is a vast domain wherein security is rendered to applications, information

systems and networks.
“Cyber Security also known as Information security is a underlying platform that consists of
technologies, practices and process to protect computers, programs, networks and data from
attack, damage or illegal access.”
Most Common Terminologies:
 Hacking: Unauthorized access to someone Information System.
 Hacker: Clever Programmer that better know how to make the system not able to work.
Types of Hackers

 White Hat Hacker:

Professional people hired by organization to detect the flaws in their IT assets.

 Black Hat Hacker:

Doing hacking activities with malicious intent.

 Grey Hat Hacker:

Professionals people hacks someone system but not having malicious intent.

 Script Kidde:
Amateur persons having knowledge only about tools, but not enough knowledge.

Vulnerabilities & Exploits

Vulnerability defines the flaws in the design that developers are usually unaware of, whereas
exploits means exploring all the possible vulnerabilities in the system. Example: the design of
some building having all possible entrances are vulnerabilities for a thief i.e. 02 doors, 01 window
& one roof door, but when that thief actually explore the building physically, he finds that both
the doors are of thick metallic frame whereas the roof door has the sensors. Only window has
the minimal security.

Exploits are of three types:

1. Remote Exploits
2. Local Exploits.
3. Zero - Day Exploits.
Insider Threats
Ex - employee or some current employees of the organization that set back the security concerns
for the organization.
Domains of the Cyber security
Generally, CS has divided into various domains so that we can easily access their application
parts.

 Risk Assessment : - Identify the bugs/data leaks from the major critical risk areas and
conclude them, further, it also relates to assessment of all the possible IT assets for
Cyber-attack. Include Vulnerability Scans & Penetration Testing.

 Vulnerability Assessment: Activities to explore the flaws in networks, checking whether

a software update is required or not, perform certain brute-force attack on their own
system to determine whether a flaw is present or not. Vulnerability Scanner also
sometimes used to scan to alert for some changes in the IT environment.

 Penetration Testing: Practice of exploring a bug and discovering the depth of the
problem to find out exactly what type of information could be revealed, if the website
was exploited. It generally depend upon the ability of the tester.

 Application Security: Now-a-days, the major challenge on the IT world is how to secure
the Applications installed on the system or even apps on the mobile applications.

 Infrastructure Security: The another major domain in which people now a days works
are in Infrastructure like, oil pipeline, electricity, stock market which form the backbone
of the economy of a country needs to be secured from the cyber-attacks.

 Social Engineering: It is the practice of some psychologically retorted people so that

manipulate certain people in way to acquire their confidential information like bank
account details and their other sensitive information.
 SIEM (Security Information and event Management)

 Combines the best of the SIM (Security Information Management systems) & SEM
(Security Event Management systems).

Firewalls Collect Desktop

Servers
Proxy Analyze
Servers Routers

VPNs Archive Switches

Permeter Application
Report
Devices
Switches

SEM LOG ANALYSIS SIM

ANLAYSANA
SIEM systems forms the major parts of the functioning of a security operations center (SOCs).
The major function of a SIEM are as follows:
1. It help the organization to accumulate data from multiple locations and access it from a
single point which make it easier for an analyst to compare trends, locate discrepancies
in the data.
2. It combines the best of SIM & SEM Systems.
3. It deploys different and multiple agents in hierarchical manner for collecting data.

4. It’s key capabilities include data aggregation, correlation, alerting, complying with
compliance, retention and forensic analysis.

SEM systems accumulate discretely stored and interpreted log into one place, thereby allowing
the security analyst to perform real time analysis on the data in quick and efficient manner.
SIM Systems, on the other hand collect discrete data and stored in some central repository that
acts as a central link. Analyst uses this to analyze the latest trends in security domain. It also
produce the automated reports that can be used for compliance reporting.
 Cyber Attack Responses

Pro-active Responses Emergency Responses After attack Responses

Threats to Cyber World:

 IT Threat
 Non- IT Threat
Non-IT Threat
The Threats that threaten the integrity, confidentiality and security of the cyber world.
1. Physical Damage: Threats that inflict physical damage to Information Systems. Ex: Fire
breakout, short circuit, theft, flooding etc.

2. Natural Disasters: Threats to security of IT environment that human beings have no

control of ex: earthquakes, floods, cyclones etc.
IT Threat
IT based threats to information security are the ones that targets IT systems through different
attack vendor.

 AT SERVER
Attacks on the servers (web, application or network) are common and most successfully
used security threats.
1. Application Server: Outdated applications & server versions, faulty configuration,
older versions of plug-ins are some of the potential threats that may give a hacker to
chance to attack a server.
Some other types of attacks are of:

 ARP Spoofing: A type of Server attack in which the target system (user) received fake
address resolution protocol (ARP) messages. These messages are sent over a LAN. As
soon as the recipient receives the messages, the MAC address of an attacker get
linked with the recipient legal IP Address. This established link allow the attackers to
receive any data intended for the official recipient, intercept information, modify it
or stop the messages from reaching the intended recipient. Attacks like DoS attacks,
session hijacking and man-in the middle are some popularly ARP spoofing attacks.

 Botnet: Hackers hack into multiple systems with the help of malware, viruses or
Trojan horses and form a network of these compromised systems. This network is
known as botnet network and works without the letting the owner realize the
 compromised state of their system. Personal Computers are most common target
of bot attacks.

 Cache Poisoning: DNS Server is targeted for the attack. In this, the attacker corrupts
the DNS’s cache databases by sending falsified replies from a fake DNS thereby, re-
routing the domain name to another IP address. Computer worms, viruses and
malware are spread through cache poising attacks.
Important Terms:
1. Malware (Malicious Software):
A malware is malicious piece of Code that is specifically designed to disrupt, damage, or
gain unauthorized access to a computer system.
Types of malware are:
 Virus:- A malicious piece of code that attaches itself to some software/files,
replicates itself when needed. Activates only when the host file came into action.
It destroy/manipulates the functionality of the host program whom it attaches.

 Worm: - A worm is same as virus, but it is not attached to some software, rather
it continuously searches for the vulnerabilities in the system to exploit. The worm
is a stand-alone software that itself transmit over the network.

 Trojan horse: A Trojan horse represents itself as an authenticate software in order

to persuade the user/victim to install it. It usually carries a hidden function that is
activated when the program is started. It is spread generally by some form of
social engineering. Unlike computer viruses and worms, Trojan horses generally
do not attempt to inject themselves into other files or otherwise propagate
themselves.

Phases of Hacking:

1. Footprinting:
 Tester tries to extract as much information as possible about the source i.e.
identification of the source, IP address range, DNS records, networks.
 Includes network scanning for identifying active hosts on the network, check out
for user internet searches, domain name searches in recent time.
2. Scanning:
 This phase begins with the searches of all the possible open ports & possible
vulnerabilities in the system by the hacker.
 The hacker must have all the possible knowledge of protocols, network, OS &
ports.
3. Gaining Access:
 Attacker exploits the system. The objective is to either extract information of value
to the attacker or use the network as a launch site for attacks against the other
targets.
 The vulnerabilities detected by the attacker in first 02 stages are now exploited to
gain access.

4. Maintaining Access:
 After the attacker gains the access to the system, next step is to maintain the
access as long as it accomplish its objectives.
 Even attacker successfully penetrate your system, but the more he stays, the more
there are chances, he caught.
 It will be necessary for him to take further steps to secure its presence.

5. Clearing Tracks:
 After the attacker’s objective is successfully achieved, the attacker usually take
steps to hide all the possible controls left behind during all the phases.
 Erase all the contaminated logins and any possible error messages that may be
generated during the attack process.
 May install several backdoors for future exploitation.
 CRYPTOGRAPHY

 Cryptography involves creating written or generated codes that allow information to be kept
secret.
 Cryptography is associated with the process of converting plain text into unintelligible text
and vice-versa.
 It is also a process of storing and transmitted data only to the intended user.
 Further, it not only secure data against theft or alteration, but also used for user
authentication.

Modern Cryptography generally related with:

1. Confidentiality: Info cannot be understood by anyone, only intended person.

2. Integrity: Information cannot be altered.
3. Non – repudiation: Sender cannot deny his/her intention in the transmission at the later
stage.
4. Authentication: Sender & Receiver confirm each other.

Three Basic Techniques used in Cryptography:

1. Symmetric Key Cryptography

2. Hash Functions
3. Public Key Cryptography.