Introduction to Cyber Security

Vinca Cyber Academy

Trainer’s Manual
—
Deepika Sharma
 Module Contents

Lesson 1: Need for security

services

Lesson 2: Knowing threats, attacks

and vulnerabilities

Lesson 3: Various security services

Module End Assessment

REPORT TITLE PAGE 2

 Need for Security “WHY”?

Age of Information

The age that we live in thrives on the “information”. Businesses are

done, companies are acquired based on the exchange of information
and not some physical quantity. In starting decades of computers, any
mishandling of files or systems was easily detectable; but now there is
no difference whatsoever between an original and modified version of
same information. Misuse of technology has made it imperative that
we protect our information, identity, machines and networks.
Ironically, the same thing has become more difficult to achieve as
well. In this module we will understand the basics terminology in
information (cyber) security and see some of the threats to our data.

Fundamental Concepts

According to National Institute

of Standards and Technology
(NIST) Block 44 USC Section
3542 (b) (2) “Information
security is protecting
information and the systems
from unauthorized access, use,
disclosure, disruption,
modification or destruction in
order to provide integrity,
confidentiality and
availability.”
This list of objectives to fulfill is
sometimes referred to as “CIA
Triad”.

Confidentiality: ensuring that information is accessible only to those

authorized to have access.
Integrity: data cannot be modified without proper authorization.

REPORT TITLE PAGE 3

Availability: property of a system media or resource being accessible
and usable upon demand by any authorized entity.
In reality we are trying to protect the data and access to it only not
the hardware itself.

Cyber Security can be defined as steps taken to protect your machine

or the huge network of which it is the part from intruder’s access or
attack of any kind. If we look in the corporate scenario, then
cybersecurity is optimal policies which are put in place of business to
balance the resources required with the usability and risk that comes
with giving the access to information to people inside. It can be
broadly classified into two categories: network security and computer
security.

Network Security is designed to protect the CIA triad for networks

and data that travels on these networks. The industries and even
small businesses today want the type of security that can prevent any
attack from happening even. They don’t want to be respondents to the
threats of cyber attacks after they have occurred. Consequently, the
security has to be proactive in thwarting any attempts of hijacking the
data rather than reactive. To ensure this proactiveness, three-pointed
action can be taken:
1. Secure your physical devices also known as hardware security.
2. Secure your data while it is in transmission.
3. Control the access to network through tight security policies.

REPORT TITLE PAGE 4

Computer Security, on the other hand, is more concerned with
protecting the data when it is sitting on your machine. It is prevention
of unauthorized use or theft of data. It consists of securing the
standalone machines i.e., hardware as well as the software used on
them. This can be done by authenticating the identity of the user
before giving access and keeping all the software updated and
patched.

Now we know why we need the locks on our information in today’s

world. Next step would be to identify the methods of thieves so that
we know against what exactly need security.

REPORT TITLE PAGE 5

 Knowing threats “WHAT”?

Security from “what” exactly.

We have understood the importance of protecting but exactly how

can we do that without knowing the methods of our enemies? Let’s
study in detail major security risks that are currently threatening the
cyber space these days.

Threats, Attacks and Vulnerabilities

Threats
Any potential object/person/entity that possess any danger to an
asset is called a threat. Here the point to note is that threats are only
potential circumstances that have not happened yet. If we address
them timely then the risks can be minimized.
Categories of threats –
1. Unstructured Threats – They are random threats that are
mostly not planned and the hacker has no intent of causing
harm. They are mostly for testing the security of systems/
networks/ policies. You can easily find automated scripts or
codes for these on internet. No expertise is needed for running
them.
2. Structured Threats – They are organized and pre planned
threats. Usually, the attacker hit on a specific target because
they know the weaknesses of the system. Attackers have the
technical competence to carry out the exploitation of these
weaknesses.
3. External Threats – Here the intruders are not a part of the
organization they are attacking. They are outsiders and have no
proper authorization to use the systems or the network.
4. Internal Threats - This is the most common type of threat
reported in cyber space. These threats come from persons who
work with the company. They have all the authorization and
access to the assets of the company.

Some of the weak points that can become a threat in future are:

REPORT TITLE PAGE 6

  Act of human error
 Compromise of intellectual property
 Trespassing
 Information extortion
 Sabotage/ vandalism
 Theft
 Attack (software)
 Forces of nature
 Inconsistent quality of service
 Hardware failures
 Software failures

These situations can again present following types of threats to

company IT infrastructure:
1. Virus -A malicious program that is put into the system without
its user’s knowledge. Virus replicates itself inside all the files
and programs of the system. The goal is to render the system
useless.
2. Trojan Horse – Here the malicious program is made to look like
a useful code or software which is then downloaded by the user.
The user thinks of it as a utility while the trojan slowly gains the
control of the system.
3. DNS Poisoning – Domain Name Server or DNS is kind of a
translator that interprets the website name and matches it to
specific IP address in its list. Hackers can modify this list and
introduce their IP against any well-known website so that traffic
is redirected towards their malicious website.
4. Password Grabbers/ Stealers – these program code or snippets
try to get user to enter the password and then store it away for
use in future. Usually, they attack the unmasked credentials
sites or log files of the system that store password for user.
5. Network Worms – Worms are programs that can make copies
of itself therefore consuming a large part of memory and
bandwidth of the system. It can grab sensitive information,
corrupt file systems. They do not need any action from user and
can spread themselves through LAN.
6. Logic Bombs – it is a code snippet installed on the victim
machine which lays dormant. It is activated only if specific logic
is satisfied by the system. It can corrupt the data, delete files or
even whole hard drives.
7. Hijack Homepage – Here the attacker changes the original

REPORT TITLE PAGE 7

 homepage of the browser on victim system. This threat can
endanger financial transactions that happen on bank websites
particularly. The victim is then exposed to cyber frauds.

Attacks
When a threat converts to real life actions that are taken to cause
actual damage to the user, it is called an attack. It is an attempt to get
access to any resource or services illegally.
1. Active Attacks: These attacks are an attempt to modify the data
or create false data. It can be subdivided into four categories:
a. Masquerade – when the intruder pretends to be someone
with authentic credentials and is impersonating the entity.
Here the attacker seems like genuine authority asking for
username, password, OTP etc.
b. Modification – here original message from genuine entity is
tampered or reproduced to gain access to the resource.
Example of such attack is Man-in-the-middle.
c. Replay – previously sent message is copied and transmitted
again to the user. User enters all his sensitive information
again thinking that first time failed transaction failed.
d. Denial of Service (DoS) – the attacker focuses on destroying
all communications on the network or any service. This
attack can be targeted to one particular destination or it can
target full network to degrade the performance.
2. Passive Attacks: Here the main goal of attacker is to just listen
to all the chatter and get private information being transmitted.
They do not attempt to create or modify the data being sent. It
is further divided into two categories:
a. Release of message – all that any attacker does is to just
eavesdrop on the conversations like e-mails, text messages,
file transferred etc. to learn the contents of these messages.
b. Traffic Analysis – This attack is done if the communication is
encrypted and attacker cannot see the actual message. The
adversary then observes the metadata like location of source
and destination, size of messages, duration of transmission
etc. to make a good guess about the contents.

Vulnerabilities
The underlying weakness of any system that can be attacked if found

REPORT TITLE PAGE 8

is called a vulnerability. They increase the risk of exploiting the
system and chances of attack on it. They become the entry door for
hackers to take advantage of faults in the system. Unlike the viruses,
worms etc. they are not put in the system, rather they are present in
the system from start. Attackers first scan the network and system for
these weaknesses and then exploit them. Some of the common
categories are:
1. Hardware vulnerability – when the machine or hardware can be
attacked physically or from remote access. For e.g.if the data
storage location is not protected or the devices are not
encrypted.
2. Software vulnerability – when the program/OS installed on the
systems have any developmental errors. Unpatched and
outdated software expose the system by not validating input,
unverified uploads are allowed and many more such scenarios.
3. Network vulnerabilities – hardware and software are both
secure enough but the transmission lines are left unsecured.
This can lead to attacks like eavesdropping, man-in-the-middle
attack, phishing, bypassing firewalls etc.
4. Procedural vulnerabilities – when the processes or measures
put in place for security are faulty or not robust enough. For
e.g., employees are not aware about the security practices, they
don’t know social engineering concepts, procedure to access the
resources is not authenticated, weak passwords are used in the
organization etc. Sometimes this category is seen as two
separate vulnerabilities – procedural and human.

Module End Quiz

REPORT TITLE PAGE 9

 1. Which of the following attacks requires a carrier file to self-
replicate?
a. Trojan
b. Worm
c. Virus
d. Spam
2. Which of the following is NOT a type of virus?
a. Tunneling
b. Boot sector
c. Macro
d. Wrapper
3. What of the following is a DoS attack?
a. Listening in on network traffic to identify the MAC
address of a computer
b. Continually bombarding a targeted network with fake
requests
c. Injecting bogus networking re-configuration commands
d. Forcing computers to drop their connections and
reconnect with the attacker’s access point
4. Which of the following is an example of a “phishing” attack?
a. Sending someone an email that contains a malicious link
that is disguised to look like an email from someone the
person knows
b. Creating a fake website that looks nearly identical to a real
website in order to trick users into entering their login
information
c. Sending someone a text message that contains a malicious
link that is disguised to look like a notification that the
person has won a contest
d. All of the above
5. A group of computers that is networked together and used by
hackers to steal information is called a …
a. Botnet
b. Rootkit
c. DDoS
d. Operating system
6. If a public Wi-Fi network (such as in an airport or café)
requires a password to access, is it generally safe to use that
network for sensitive activities such as online banking?
a. Yes, it is safe
b. No, it is not safe

REPORT TITLE PAGE 10

 7. Which one of the following is MOST likely to be a hoax?
a. An email from a friend you have not seen recently.
b. An email with an attachment sent by a colleague using
their personal email address.
c. An email asking you to go to a website for a free computer
scan.
d. An email advertisement from a local shop you subscribe
to.

REPORT TITLE PAGE 11