UNIT_1

Basic Concept of Information Security/Cyber Security

Cyber

Cyber is a prefix that denotes a relationship with information

technology (IT). Anything relating to computing, such as
the internet, falls under the cyber category. It’s worth noting cyber
carries a connotation of a relationship with modern computing and
technology

Definition of 'Cyber Security'

Cyber security or information technology security are the

techniques of protecting computers, networks, programs and data
from unauthorized access or attacks that are aimed for exploitation.

Description: Major areas covered in cyber security are:

1) Application Security

2) Information Security

3) Disaster recovery

4) Network Security

Application security encompasses measures or counter-measures

that are taken during the development life-cycle to protect
applications from threats that can come through flaws in the
application design, development, deployment, upgrade or
maintenance. Some basic techniques used for application security
are:

a) Input parameter validation,

b) User/Role Authentication & Authorization,

c) Session management, parameter manipulation & exception
management.

d) Auditing and logging.

Information security protects information from unauthorized access

to avoid identity theft and to protect privacy. Major techniques used
to cover this are:

a) Identification, authentication & authorization of user,

b) Cryptography.

Disaster recovery planning is a process that includes performing

risk assessment, establishing priorities, developing recovery
strategies in case of a disaster. Any business should have a
concrete plan for disaster recovery to resume normal business
operations as quickly as possible after a disaster.

Network security includes activities to protect the usability,

reliability, integrity and safety of the network. Effective network
security targets a variety of threats and stops them from entering or
spreading on the network. Network security components include:

a) Anti-virus and anti-spyware,

b) Firewall, to block unauthorized access to your network,

c) Intrusion prevention systems (IPS), to identify fast-spreading

threats, such as zero-day or zero-hour attacks, and

d) Virtual Private Networks (VPNs), to provide secure remote access.

Definition

―Information security is the confidentiality, integrity, and

availability of information.‖

C-I-A triad or information security triad

Confidentiality
In the context of information security, confidentiality means that
information that should stay secret stays secret and only those
persons authorized to access it may receive access. From ancient
times, mankind has known that information is power, and in our
information age, access to information is more important than ever.
Unauthorized access to confidential information may have
devastating consequences, not only in national security
applications, but also in commerce and industry. Main
mechanisms of protection of confidentiality in information systems
are cryptography and access controls. Examples of threats to
confidentiality are malware, intruders, social engineering, insecure
networks, and poorly administered systems.

Integrity
Integrity is concerned with the trustworthiness, origin,
completeness, and correctness of information as well as the
prevention of improper or unauthorized modification of information.
Integrity in the information security context refers not only to
integrity of information itself but also to the origin integrity—that is,
integrity of the source of information.

Integrity protection mechanisms may be grouped into two broad

types:

preventive mechanisms, such as access controls that prevent

unauthorized modification of information, and

detective mechanisms, which are intended to detect unauthorized

modifications when preventive mechanisms have failed. Controls
that protect integrity include principles of least privilege,
separation, and rotation of duties

Availability
Availability of information, although usually mentioned last, is not
the least important pillar of information security.

Who needs confidentiality and integrity if the authorized users of

information cannot access and use it?

Who needs sophisticated encryption and access controls if the

information being protected is not accessible to authorized users
when they need it?

Therefore, despite being mentioned last in the C-I-A triad,

availability is just as important and as necessary a component
of information security as confidentiality and integrity.
Attacks against availability are known as denial of service (DoS)
attacks.

Natural and manmade disasters obviously may also affect

availability as well as confidentiality and integrity of information,
though their frequency and severity greatly differ—natural disasters
are infrequent but severe, whereas human errors are frequent but
usually not as severe as natural disasters. In both cases, business
continuity and disaster recovery planning (which at the very least
includes regular and reliable backups) is intended to minimize
losses.

Understanding the fundamental concepts of confidentiality,

integrity, and availability of information
and their interaction
■ Confidentiality is the prevention of unauthorized disclosure of
information.
■ Integrity aims at ensuring that information is protected from
unauthorized or unintentional alteration, modification, or
deletion.
■ Availability aims to ensure that information is readily
accessible to authorized users.

Identification
Identification is the first step in the identify-authenticate-authorize
sequence that is performed every day countless times by humans
and computers alike when access to information or information
processing resources are required. While particulars of dentification
systems differ depending on who or what is being identified, some
intrinsic properties of identification apply regardless of these
particulars—

just three of these properties are the scope, locality, and uniqueness
of IDs. Identification name spaces can be local or global in scope. To
illustrate this concept, let’s refer to the familiar notation of Internet
e-mail addresses: while many e-mail accounts named jack may
exist around the world, an e-mail address [email protected]
unambiguously refers exactly to one such user in the company
.com locality. Provided that the company in question is a small one,
and that only one employee is named Jack, inside the company
everyone may refer to that particular person by simply using his
first name. That would work because they are in the same locality
and only one Jack works there. However, if Jack were someone on
the other side of the world or even across town, to refer to
[email protected] as simply jack would make no sense, because
user name jack is not globally unique and refers to different persons
in different localities. This is one of the reasons why two user
accounts should never use the same name on the same system—
not only because you would not be able to enforce access controls
based on non-unique and ambiguous user names, but also because
you would not be able to establish accountability for user actions.
To summarize, for information security purposes, unique names are
required and, depending on their scope, they must be locally unique
and possibly globally unique so that access control may be enforced
and accountability established.
Authentication
Authentication, which happens just after identification and before
authorization, verifies the authenticity of the identity declared at
the identification stage. In other words, it is at the authentication
stage that you prove that you are indeed the person or the system
you claim to be.

The three methods of authentication are what you know, what you
have, or what you are.

Regardless of the particular authentication method used, the aim is

to obtain reasonable assurance that the identity declared at the
identification stage belongs to the party in communication. It is
important to note that reasonable assurance may mean different
degrees of assurance, depending on the particular environment and
application, and therefore may require different approaches to
authentication: authentication requirements of a national security–
critical system naturally differ from authentication requirements of
a small company. Because different authentication methods have
different costs and properties as well as different returns on
investment, the choice of authentication method for a particular
system or organization should be made after these factors have
been carefully considered.

What You Know

Among what you know authentication methods are passwords,

passphrases, secret codes, and personal identification numbers
(PINs). When using what you know authentication methods, it is
implied that if you know something that is supposed to be known
only by X, then you must be X (although in real life that is not
always the case). What you know authentication is the most
commonly used authentication method thanks to its low cost and
easy implementation in information systems. However, what you
know authentication alone may not be considered strong
authentication and is not adequate for systems requiring high
security.

What You Have

Perhaps the most widely used and familiar what you have
authentication methods are keys—keys we use to lock and unlock
doors, cars, and drawers; just as with doors, what you have
authentication in information systems implies that if you possess
some kind of token, such as a smart card or a USB token, you are
the individual you are claiming to be. Of course, the same risks that
apply to keys also apply to smart cards and USB tokens—they may
be stolen, lost, or damaged. What you have authentication methods
include an additional inherent per-user cost. Compare these
methods with passwords: it costs nothing to issue a new password,
whereas per-user what you have authentication costs may be
considerable.

What You Are

What you are authentication refers to biometric authentication

methods. A biometric is a physiological or behavioral characteristic
of a human being that can distinguish one person from another and
that theoretically can be used for identification or verification of
identity. Biometric authentication methods include fingerprint, iris,
and retina recognition, as well as voice and signature recognition, to
name a few. Biometric authentication methods are less well
understood than the other two methods but when used correctly, in
addition to what you have or what you know authentication, may
significantly contribute to strength of authentication. Nevertheless,
biometrics is a complex subject and is much more cumbersome to
deploy than what you know or what you have authentication.
Unlike what you know or what you have authentication methods,
whether or not you know the password or have the token, biometric
authentication systems say how much you are like the subject you
are claiming to be; naturally this method requires much more
installation-dependent tuning and configuration.

Authorization
After declaring identity at the identification stage and proving it at
the authentication stage, users are assigned a set of authorizations
(also referred to as rights, privileges, or permissions) that define
what they can do on the system. These authorizations are most
commonly defined by the system’s security policy and are set by the
security or system administrator. These privileges may range from
the extremes of ―permit nothing‖ to ―permit everything‖ and include
anything in between. As you can see, the second and third stages
of the identify-authenticate-authorize process depend on the first
stage, and the final goal of the whole process is to enforce access
control .

Accountability
Accountability is another important principle of information security
that refers to the possibility of tracing actions and events back in
time to the users, systems, or processes that performed them, to
establish responsibility for actions or omissions.

A system may not be considered secure if it does not provide

accountability, because it would be impossible to ascertain who is
responsible and what did or did not happen on the system without
that safeguard. Accountability in the context of information
systems is mainly provided by logs and the audit trail.
Logs
System and application logs are ordered lists of events and actions
and are the primary means of establishing accountability on most
systems. However, logs (as well as the audit trail, which is described
next) may be considered trustworthy only if their integrity is
reasonably assured. In other words, if anyone can write to and/or
erase logs or the audit trail, they would not be considered
dependable enough to serve as the basis for accountability.
Additionally, in case of networked or communication systems, logs
should be correctly timestamped and time should be synchronized
across the network so events that affect more than one system may
be correctly correlated and attributed.

Audit Trail

The difference between the audit trail and logs is not clearly
defined. However, we may say that logs usually show high-level
actions, such as an e-mail message delivered or a web page served,
whereas audit trails usually refer to lower-level operations such as
opening a file, writing to a file, or sending a packet across a
network. While an audit trail provides more detailed information
about the actions and events that took place on the system, it is not
necessarily more useful, in a practical sense of the word, than logs,
simply because abundance of detail in an audit trail makes it more
resource and time consuming to generate, store, and analyze.
Another aspect by which logs and audit trails differ is their source:
logs are usually and mostly generated by particular system software
or applications, and an audit trail is usually kept by the operating
system or its auditing module.

Nonrepudiation

Nonrepudiation is the assurance that someone cannot deny

something. Typically, nonrepudiation refers to the ability to ensure
that a party to a contract or a communication cannot deny the
authenticity of their signature on a document or the sending of a
message that they originated.

To repudiate means to deny. For many years, authorities have

sought to make repudiation impossible in some situations. You
might send registered mail, for example, so the recipient cannot
deny that a letter was delivered. Similarly, a legal document
typically requires witnesses to signing so that the person who signs
cannot deny having done so.

On the Internet, a digital signature is used not only to ensure that a

message or document has been electronically signed by the person
that purported to sign the document, but also, since a digital
signature can only be created by one person, to ensure that a
person cannot later deny that they furnished the signature.
Since no security technology is absolutely fool-proof, some experts
warn that a digital signature alone may not always guarantee
nonrepudiation. It is suggested that multiple approaches be used,
such as capturing unique biometric information and other data
about the sender or signer that collectively would be difficult to
repudiate.

Email nonrepudiation involves methods such as email tracking that

are designed to ensure that the sender cannot deny having sent a
message and/or that the recipient cannot deny having received it.

What is Cybercrime?

Cybercrime is defined as a crime where a computer is the object of

the crime or is used as a tool to commit an offense. A cybercriminal
may use a device to access a user’s personal
information, confidential business information, government
information, or disable a device. It is also a cybercrime to sell or
elicit the above information online.

Cybercrimes can generally be divided into two categories:

Crimes that target Crimes using devices to
networks or devices participate in criminal activities

Viruses Phishing Emails

Malware Cyberstalking

DoS Attacks Identity Theft

Categories of Cybercrime
There are three major categories that cybercrime falls into:
individual, property and government. The types of methods used
and difficulty levels vary depending on the category.

 Property: This is similar to a real-life instance of a criminal

illegally possessing an individual’s bank or credit card details.
The hacker steals a person’s bank details to gain access to
funds, make purchases online or run phishing scams to get
people to give away their information. They could also use a
malicious software to gain access to a web page with
confidential information.
 Individual: This category of cybercrime involves one individual
distributing malicious or illegal information online. This can
include cyberstalking, distributing pornography and
trafficking.
 Government: This is the least common cybercrime, but is the
most serious offense. A crime against the government is also
known as cyber terrorism. Government cybercrime includes
hacking government websites, military websites or distributing
propaganda. These criminals are usually terrorists or enemy
governments of other nations.

Types of Cybercrime
D DoS Attacks
These are used to make an online service unavailable and take the
network down by overwhelming the site with traffic from a variety of
sources. Large networks of infected devices known as Botnets are
created by depositing malware on users’ computers. The hacker
then hacks into the system once the network is down.

Botnets (a network of private computers infected with malicious software and

controlled as a group without the owners' knowledge, e.g. to send spam.)
Botnets are networks from compromised computers that are
controlled externally by remote hackers. The remote hackers then
send spam or attack other computers through these botnets.
Botnets can also be used to act as malware and perform malicious
tasks.
Identity Theft
This cybercrime occurs when a criminal gains access to a user’s
personal information to steal funds, access confidential information,
or participate in tax or health insurance fraud. They can also open
a phone/internet account in your name, use your name to plan a
criminal activity and claim government benefits in your name. They
may do this by finding out user’s passwords through hacking,
retrieving personal information from social media, or sending
phishing emails.

Cyberstalking
This kind of cybercrime involves online harassment where the user
is subjected to a plethora of online messages and emails. Typically
cyberstalkers use social media, websites and search engines to
intimidate a user and instill fear. Usually, the cyber stalker knows
their victim and makes the person feel afraid or concerned for their
safety.

Social Engineering
Social engineering involves criminals making direct contact with
you usually by phone or email. They want to gain your confidence
and usually pose as a customer service agent so you’ll give the
necessary information needed. This is typically a password, the
company you work for, or bank information. Cybercriminals will
find out what they can about you on the internet and then attempt
to add you as a friend on social accounts. Once they gain access to
an account, they can sell your information or secure accounts in
your name.

Potentially Unwanted Programs

PUPS or Potentially Unwanted Programs are less threatening than

other cybercrimes, but are a type of malware. They uninstall
necessary software in your system including search engines and
pre-downloaded apps. They can include spyware or adware, so it’s a
good idea to install an antivirus software to avoid the malicious
download.
Phishing
This type of attack involves hackers sending malicious email
attachments or URLs to users to gain access to their accounts or
computer. Cybercriminals are becoming more established and many
of these emails are not flagged as spam (Spam email, junk email, is
an email sent without explicit consent from the recipient). Users are
tricked into emails claiming they need to change their password or
update their billing information, giving criminals access.

Prohibited/Illegal Content
This cybercrime involves criminals sharing and distributing
inappropriate content that can be considered highly distressing and
offensive. Offensive content can include, but is not limited to,
sexual activity between adults, videos with intense violent and
videos of criminal activity. Illegal content includes materials
advocating terrorism-related acts and child exploitation material.
This type of content exists both on the everyday internet and on the
dark web, an anonymous network.

Online Scams
These are usually in the form of ads or spam emails that include
promises of rewards or offers of unrealistic amounts of money.
Online scams include enticing offers that are ―too good to be true‖
and when clicked on can cause malware to interfere and
compromise information.

Exploit Kits
Exploit kits (or exploit packs) are automated programs used by
attackers to exploit known vulnerabilities in systems or
applications. They can be used to secretly launch attacks while
victims are browsing the web, with the goal being to download and
execute some type of malware.

Exploit kits need a vulnerability (bug in the code of a software) in

order to gain control of a user’s computer. They are readymade
tools criminals can buy online and use against anyone with a
computer. The exploit kits are upgraded regularly similar to normal
software and are available on dark web hacking forums.
Because exploit kits work in the background, it can be difficult to
know when you’re under attack. There are measures that can help
you protect against these attacks, such as avoiding unknown links
and keeping software up to date.

For example, CVE-2018-8174 is a highly-exploited Internet Explorer

vulnerability. Common targets for exploits are popular software with
many known vulnerabilities, such as Adobe Flash, Oracle Java, and
Internet Explorer.

Common Types of Cyber Criminals

Cyber criminals, also known as hackers, often use computer

systems to gain access to business trade secrets and personal
information for malicious and exploitive purposes. Hackers are
extremely difficult to identify on both an individual and group level
due to their various security measures, such as proxies and
anonymity networks, which distort and protect their identity.
Cybersecurity experts assert that cyber criminals are using more
ruthless methods to achieve their objectives and the proficiency of
attacks is expected to advance as they continue to develop new
methods for cyber attacks. The growth of the global cyber criminal
network, which is largely credited to the increased opportunity for
financial incentives, has created a number of different types of
cyber criminals, many of which pose a major threat to governments
and corporations.

1. Identity Thieves

Identity thieves are cyber criminals who try to gain access to their
victims’ personal information – name, address, phone number,
place of employment, bank account, credit card information and
social security number. They use this information to make financial
transactions while impersonating their victims. Identity theft is one
of the oldest cyber crimes, gaining prominence during the early
years of the Internet. Initially, these cyber criminals leveraged basic
hacking techniques, such as modifying data and leveraging basic
identity fraud to uncover the desired information. Today, the
practice has progressed in scope and technique due to advances in
computing, and now, many identity thieves can hack into a
government or corporate database to steal a high-volume of
identities and personal information. This expansion of strategy has
resulted in major losses for companies and consumers, with recent
studies indicating that approximately $112 billion has been stolen
by identity thieves over the past six years.

2. Internet Stalkers

Internet stalkers are individuals who maliciously monitor the online

activity of their victims to terrorize and/or acquire personal
information. This form of cyber crime is conducted through the use
of social networking platforms and malware, which are able to track
an individual’s computer activity with very little detection. The
motives for such attacks can differ depending on the cyber criminal,
but many internet stalkers seek to acquire important information
that they can use for bribery, slander, or both. Businesses should
be aware of internet stalkers, as well as the strategies that they
utilize, in case their employees are ever victims of this cyber attack.
If left unaddressed, internet stalkers could cause emotional distress
to the team or even obtain data for blackmail.

3. Phishing Scammers

Phishers are cyber criminals who attempt to get ahold of personal

or sensitive information through victims’ computers. This is often
done via phishing websites that are designed to copycat small-
business, corporate or government websites. Unsuspecting
computer users often fall prey to such activities by unknowingly
providing personal information including home addresses, social
security numbers, and even bank passwords. Once such
information is obtained, phishers either use the information
themselves for identity fraud scams or sell it in the dark web. It’s
important for businesses to constantly be aware of phishing scams,
particularly scams that may be trying to copycat their own business
site. Such sites can tarnish the company’s reputation and brand,
which could potentially lead to a decrease in earnings.

4. Cyber Terrorists

Cyber terrorism is a well-developed, politically inspired cyber attack

in which the cyber criminal attempts to steal data and/or corrupt
corporate or government computer systems and networks, resulting
in harm to countries, businesses, organizations, and even
individuals. The key difference between an act of cyberterrorism
and a regular cyber attack is that within an act of cyber terrorism,
hackers are politically motivated, as opposed to just seeking
financial gain.

Cyber Crime Techniques

There are a number of techniques that cyber criminals leverage to

access personal and private networks. Some of the most common
include:

Botnet – a strategically developed network of bots which crawl the

backend of the web to spread malware with very little detection.

Zombie Computer – a computer which is deliberately hacked by

cyber criminals in order to gain access to and/or attack a private
network.
Distributed Denial of Service (DDoS) – with a DDoS attack, cyber
criminals are not necessarily seeking to access data, but rather are
hoping to shut down a network via an overload of junk data. An
example of a DDoS attack occurred on Friday, October 21, 2016,
when cyber criminals shut down a number of highly utilized
websites, including Twitter, Spotify, and Amazon.

Metamorphic Malware – one of the more advanced techniques,

metamorphic malware, repeatedly adjusts its code, making it
extremely difficult to detect by even the most advanced anti-virus
software. Experts predict that by the end of 2017, there will be an
emergence of malware that can infiltrate networks, steal
information and cover up their activities. These forms of malware
will make it difficult for government agencies and businesses to
establish the extent to which data has been tampered with, as well
as prevent law enforcement from pursuing and prosecuting the
offenders.

How to protect yourself against cybercrime

So, now you understand the threat cybercrime represents, what are
the best ways to protect your computer and your personal data?
Here are our top tips:

Keep software and operating system updated

Keeping your software and operating system up to date ensures

that you benefit from the latest security patches to protect your
computer.

Use anti-virus software and keep it updated

Using anti-virus or a comprehensive internet security solution like
Kaspersky Total Security is a smart way to protect your system
from attacks.

Anti-virus software allows you to scan, detect and remove threats

before they become a problem. Having this protection in place helps
to protect your computer and your data from cybercrime, giving you
piece of mind.

If you use anti-virus software, make sure you keep it updated to get
the best level of protection.

Use strong passwords

Be sure to use strong passwords that people will not guess and do
not record them anywhere. Or use a reputable password manager
to generate strong passwords randomly to make this easier.

Never open attachments in spam emails

A classic way that computers get infected by malware attacks and

other forms of cybercrime is via email attachments in spam emails.
Never open an attachment from a sender you do not know.

Do not click on links in spam emails or untrusted websites

Another way people become victims of cybercrime is by clicking on

links in spam emails or other messages, or unfamiliar websites.
Avoid doing this to stay safe online.

Do not give out personal information unless secure

Never give out personal data over the phone or via email unless you
are completely sure the line or email is secure. Make certain that
you are speaking to the person you think you are.

Contact companies directly about suspicious requests

If you get asked for data from a company who has called you, hang
up. Call them back using the number on their official website to
ensure you are speaking to them and not a cybercriminal.

Be mindful of which website URLs you visit

Keep an eye on the URLs you are clicking on. Do they look
legitimate? Avoid clicking on links with unfamiliar or spammy
looking URLs.

If your internet security product includes functionality to secure

online transactions, ensure it is enabled before carrying out
financial transactions online.

Keep an eye on your bank statements

Our tips should help you avoid falling foul of cybercrime. However,
if all else fails, spotting that you have become a victim of cybercrime
quickly is important.

Keep an eye on your bank statements and query any unfamiliar

transactions with the bank. The bank can investigate whether they
are fraudulent.