SOM Day 1
SOM Day 1
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
© Institute of Information Security
Cyber Threats
Session 1
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Agenda
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Terminologies
• Security
• To create a threat free environment
• Threats
• Agent or actor that can cause harm
• Vulnerability
• A flow someone can exploit to cause harm
• Risk
• When Threat and vulnerability overlap
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Types of Cyber Security Threats
• Malware
• Emotet
• APT
• Denial of Service
• Man in the Middle
• Phishing
• SQL Injection
• Password Attack
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Introduction to Indicator of Compromise
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Examples of IoC
• Network Traffic
• Logs
• File ops, Process
• Irregular activities
• Spikes in request or Network Traffic
• DNS
• Registry configurations
• Link - https://otx.alienvault.com/dashboard/new
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Indicators of Attack(IoA)
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Cyber Attack lifecycle
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Examples of IoA
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Understanding your Network
Session 3
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Agenda
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Corporate Network Architecture
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Routers and security
• Vulnerability Exploits
• DOS / DDOS attacks
• Administrative credentials
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Zones and traffic flow
• Zones
• Red zone
• Orange zone (DMZ)
• Green zone
• Traffic Flow
• a sequence of packets from a source computer to a destination
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Switches and security
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
VLAN
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Zero-trust architecture and least-privilege
ideals
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Zero Trust Architecture
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Principle of least privilege
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Understanding DNS
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Name to IP mapping structure
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
DNS server and client types
• Resolvers
• Forwarding
• Caching
• authoritative servers
• Non-authoritative servers
• Root name servers
• TLD nameservers
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
DNS Records