0% found this document useful (0 votes)
37 views40 pages

Unit - II Cyber Security

The document discusses vulnerabilities in cyber security. It defines a vulnerability as a weakness that can be exploited by threats to gain unauthorized access. It provides examples of common types of vulnerabilities like network, operating system, process, and human vulnerabilities. It also discusses what causes vulnerabilities such as human error, software bugs, system complexity, and increased connectivity.

Uploaded by

Ritesh Kelkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
37 views40 pages

Unit - II Cyber Security

The document discusses vulnerabilities in cyber security. It defines a vulnerability as a weakness that can be exploited by threats to gain unauthorized access. It provides examples of common types of vulnerabilities like network, operating system, process, and human vulnerabilities. It also discusses what causes vulnerabilities such as human error, software bugs, system complexity, and increased connectivity.

Uploaded by

Ritesh Kelkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

Unit 2:

Vulnerabilities in Information Security


A vulnerability in security refers to a weakness or opportunity in an information system
that cybercriminals can exploit and gain unauthorized access to a computer system.
Vulnerabilities weaken systems and open the door to malicious attacks.

More specifically, The International Organization for Standardization (ISO) defines a


vulnerability in security as the weakness of an asset or group of assets that can be exploited
by one or more cyber threats where an asset is anything that has value to the organization,
its business operations, and their continuity, including information resources that support
the organization's mission

Vulnerabilities, Exploits, and Threats

While a vulnerability refers to weaknesses in hardware, software, or procedures—the


entryway for hackers to access systems—an exploit is the actual malicious code that
cybercriminals use to take advantage of vulnerabilities and compromise the IT
infrastructure.

A threat is a potentially dangerous event that has not occurred but has the potential to
cause damage if it does. Exploits are how threats become attacks, and vulnerabilities are
how exploits gain access to targeted systems.

Examples and Common Types of Vulnerabilities in Security

The four main types of vulnerabilities in information security are network vulnerabilities,
operating system vulnerabilities, process (or procedural) vulnerabilities, and human
vulnerabilities.
1. Network vulnerabilities are weaknesses within an organization’s hardware or software
infrastructure that allow cyberattackers to gain access and cause harm. These areas of
exposure can range from poorly-protected wireless access all the way to misconfigured
firewalls that don’t guard the network at large.

2. Operating system (OS) vulnerabilities are exposures within an OS that allow


cyberattackers to cause damage on any device where the OS is installed. An example of
an attack that takes advantage of OS vulnerabilities is a Denial of Service (DoS) attack,
where repeated fake requests clog a system so it becomes overloaded. Unpatched and
outdated software also creates OS vulnerabilities, because the system running the
application is exposed, sometimes endangering the entire network.

3. Process vulnerabilities are created when procedures that are supposed to act as security
measures are insufficient. One of the most common process vulnerabilities is an
authentication weakness, where users, and even IT administrators, use weak passwords.

4. Human vulnerabilities are created by user errors that can expose networks, hardware,
and sensitive data to malicious actors. They arguably pose the most significant threat,
particularly because of the increase in remote and mobile workers. Examples of human
vulnerability in security are opening an email attachment infected with malware, or not
installing software updates on mobile devices.

What Causes Vulnerabilities?

1. Human error – When end users fall victim to phishing and other social engineering
tactics, they become one of the biggest causes of vulnerabilities in security.

2. Software bugs – These are flaws in a code that cybercriminals can use to gain
unauthorized access to hardware, software, data, or other assets in an organization’s
network. sensitive data and perform unauthorized actions, which are considered
unethical or illegal.

3. System complexity – When a system is too complex, it causes vulnerability because


there’s an increased likelihood of misconfigurations, flaws, or unwanted network access.

4. Increased connectivity – Having so many remote devices connected to a network creates


new access points for attacks.

5. Poor access control – improperly managing user roles, like providing some users more
access than they need to data and systems or not closing accounts for old employees,
makes networks vulnerable from both inside and outside breaches.

What is Vulnerability in Cyber Security?


A vulnerability in cyber security refers to any weakness in an information system, system
processes, or internal controls of an organization. These vulnerabilities are targets for
lurking cybercrimes and are open to exploitation through the points of vulnerability.

These hackers can gain illegal access to the systems and cause severe damage to data
privacy. Therefore, cybersecurity vulnerabilities are extremely important to monitor for
the overall security posture as gaps in a network can result in a full-scale breach of systems
in an organization.

What causes the vulnerability?

There are many causes of Vulnerabilities, a few of them are mentioned below:

Complex Systems

Complex systems increase the probability of misconfigurations, flaws, or unintended


access.

Familiarity

Attackers may be familiar with common code, operating systems, hardware, and software
that lead to known vulnerabilities.

Connectivity

Connected devices are more prone to have vulnerabilities.

Poor Password Management

Weak and reused passwords can lead from one data breach to several.

OS Flaws

Operating systems can have flaws too. Unsecured operating systems by default can give
users full access and become a target for viruses and malware.
Internet

The internet is full of spyware and adware that can be installed automatically on
computers.

Software Bugs

Programmers can sometimes accidentally, leave an exploitable bug in the software.

Unchecked user input

If software or a website assumes that all input is safe, it may run unintended SQL injection.

People

Social engineering is the biggest threat to the majority of organizations. So, humans can be
one of the biggest causes of vulnerability.

Cyber Security Vulnerability Assessment

Once a vulnerability is detected, it goes through the vulnerability assessment process. What
is a vulnerability assessment? It is a process of systematically reviewing security
weaknesses in an information system. It highlights whenever a system is prone to any
known vulnerabilities as well as classifies the severity levels, and recommends appropriate
remediation or mitigation if required.

The assessment process includes:

 Identify vulnerabilities: Analyzing network scans, firewall logs, pen test results,
and vulnerability scan results to find anomalies that might highlight vulnerabilities
prone to cyber-attacks.
 Verify vulnerabilities: Decide whether an identified vulnerability could be
exploited and classify its severity to understand the level of risk
 Mitigate vulnerabilities: Come up with appropriate countermeasures and measure
their effectiveness if a patch is not available.
 Remediate vulnerabilities: Update affected software or hardware wherever
possible.

There are several types of vulnerability assessments:

Network-based assessment

This type of assessment is used to identify potential issues in network security and detect
systems that are vulnerable on both wired and wireless networks.

Host-based assessment

Host-based assessment can help locate and identify vulnerabilities in servers, workstations,
and other network hosts. It generally assesses open ports and services and makes the
configuration settings and patch management of scanned systems more visible.

Wireless network assessment

It involves the scanning of Wi-Fi networks and attack vectors in the infrastructure of a
wireless network. It helps validate that a network is securely configured to avoid
unauthorized access and can also detect rogue access points.

Application assessment

It is the identification of security vulnerabilities in web applications and their source code.
This is achieved by implementing automated vulnerability scanning tools on the front end
or analyzing the source code statically or dynamically.

Database assessment

The assessment of databases or big data systems for vulnerabilities and misconfiguration,
identifying rogue databases or insecure dev/test environments, and classifying sensitive
data to improve data security.
Vulnerability management becomes a continuous and repetitive practice because cyber
attacks are constantly evolving.

What Is a Software Vulnerability?

A software vulnerability is a defect in software that could allow an attacker to gain control
of a system.

As we explain in greater detail below, the defects that cause software vulnerabilities can
result from flaws in the way the software is designed, problems with the software’s source
code, poor management of data or access control settings within the application or any
other type of issue that attackers could potentially exploit.

What Can an Attacker Do With a Software Vulnerability?

An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a
system to a botnet, install a backdoor, or plant other types of malware. In addition, after
penetrating into one network host, the attacker could use that host to break into other
hosts on the same network.

The specific exploits that an attacker can execute vary from one vulnerability to the next.
Not all vulnerabilities allow attackers to cause the same types of harm, and not all
vulnerabilities create equally severe risks.

However, all vulnerabilities pose at least some level of risk to the applications they impact,
as well as the environments that host those applications and any resources that integrate
with the applications.

How Are Vulnerabilities Exploited?

To take advantage of a vulnerability, an attacker must first discover the vulnerability.


Attackers can do this in a variety of ways. But to provide an example, one common
technique for finding vulnerabilities is to run port scanning software, like the open source
tool nmap, which can collect information about which services are running on a server or
computer, and even which specific operating system is installed. With that information, the
attacker can determine whether the services or operating system are subject to any known
vulnerabilities.

Then, the attacker must devise a method for exploiting the vulnerability. Here again, exploit
methods vary widely, but they may involve techniques like injecting malicious code into an
application or bypassing access controls. Some vulnerabilities can be exploited remotely,
meaning that attackers can take advantage of the security weakness over the network.
Others require direct physical access to the infrastructure that hosts the vulnerable
software.

If the exploit is successful, the attacker will gain the ability to perform malicious actions
within the compromised application or its host system. Depending on the nature of the
vulnerability, these actions could include activity like exfiltrating sensitive data, running
malicious commands, planting malware or disrupting critical services in order to cause
problems for the business.

What Causes Software Vulnerabilities?

As noted above, there are many potential causes for a software vulnerability. Some
applications are vulnerable due to overall design flaws, such as an architecture that
involves moving sensitive data over unsecured networks. In other cases, vulnerabilities
result from specific coding errors that introduce vulnerabilities such as the following:

 Buffer overflows: These allow someone to put more data into an input field than
what the field is supposed to allow. An attacker can take advantage of this by placing
malicious commands into the overflow portion of the data field, which would then
execute.
 SQL Injection: This could allow an attacker to inject malicious commands into the
database of a web application. The attacker can do this by entering specially-crafted
Structured Query Language commands into either a data field of a web application
form, or into the URL of the web application. If the attack is successful, the
unauthorized and unauthenticated attacker would be able to retrieve or manipulate
data from the database.
 Third-party libraries: Many programmers use third-party code libraries, rather
than try to write all software from scratch. This can be a real time-saver, but it can
also be dangerous if the library has any vulnerabilities. Before using any of these
libraries, developers need to verify that they don’t have vulnerabilities.
 Application Programming Interfaces: An API, which allows software programs to
communicate with each other, could also introduce a software vulnerability. Many
APIs are not set up with strict security policies, which could allow an
unauthenticated attacker to gain entry into a system.

What is a Cyber Security Architecture?


A cyber security architecture combines security software and appliance solutions,
providing the infrastructure for protecting an organization from cyber attacks. The cyber
security architecture should be able to adapt to the evolving cyber threat landscape as
organizations engage in digital transformation initiatives and expand IT services beyond
the traditional perimeter.
What is Network Architecture?
Network Architecture is the way in which computer systems are organized and
interconnected to form a network. It refers to the design and implementation of a network
infrastructure that allows communication and data transfer between various devices and
applications. Network architecture provides a framework for organizing and managing
network resources such as hardware, software, and protocols. It enables businesses to
achieve their objectives by ensuring that their network infrastructure is reliable, secure, and
scalable.

What are the types of Network Architecture?


There are two types of network architecture:

1. Client-server architecture: In this architecture, the network is organized around a


central server that provides services and resources to client devices. The server
manages network traffic, storage, and security, while client devices access resources
through the server.
2. Peer-to-peer architecture: In this architecture, all devices in the network are
considered equal and can share resources and services with each other. There is no
central server, and each device can communicate directly with other devices on the
network.
What are the four basic Network Architectures?
1. Local Area Network (LAN): A LAN is a network that is confined to a small geographic
area, such as a building or campus. It connects devices such as computers, printers,
and servers, allowing them to share resources and communicate with each other.
2. Wide Area Network (WAN): A WAN is a network that spans a larger geographic
area, such as a city or country. It connects multiple LANs and allows devices in
different locations to communicate with each other.
3. Metropolitan Area Network (MAN): A MAN is a network that covers a metropolitan
area, such as a city or county. It connects multiple LANs and WANs and provides high-
speed connectivity for organizations within the area.
4. Storage Area Network (SAN): A SAN is a specialized network that is designed for
storage and data transfer. It connects storage devices such as disk arrays and tape
libraries to servers, allowing them to share storage resources.
Advantages and Disadvantages of Network Architecture:
Advantages of Network Architecture:

1. Scalability: Network architecture provides a scalable framework that allows


businesses to expand their network infrastructure as their needs grow.
2. Efficiency: Network architecture helps to optimize network traffic, reducing latency
and improving performance.
3. Security: Network architecture provides a framework for implementing security
measures such as firewalls and encryption to protect network resources from
unauthorized access.
Disadvantages of Network Architecture:
1. Complexity: Network architecture can be complex and require specialized
knowledge and expertise to implement and manage.
2. Cost: Building and maintaining a network infrastructure can be expensive, especially
for small businesses.
3. Vulnerability: Network architecture can be vulnerable to cyber attacks, and
businesses need to implement robust security measures to protect their network
resources.

What is a Threat Actor?

A cyber threat actor is any individual or group that poses a threat to cybersecurity. Threat

actors are the perpetrators behind cyberattacks, and are often categorized by a variety of

factors, including motive, type of attack, and targeted sector.

Today, the cyber threat environment is arguably more dynamic than ever before and threat

actors are becoming more sophisticated.

Understanding threat actors and their motives can help organizations better protect

themselves from the damage these actors cause as they exploit vulnerabilities, compromise

user identities with elevated privileges, evade security controls, damage or delete data, or

manipulate sensitive information.

Threat Actor Targets

Threat actors primarily target large organizations for monetary gain, data, and sensitive

intelligence, or to cause service disruption and reputational harm. However, small and

medium-sized businesses (SMBs) have also become frequent targets for threat actors

because their relative lack of resources can mean that their security systems are weaker

than those of large enterprises.


In today’s threat landscape, most organizations are likely to be targeted by a threat actor,

regardless of their size or industry. In fact, businesses faced 50% more cyberattack

attempts per week in 2021 compared to 2020. Today, threat actors can and will find a path

straight to the crown jewels if the path is unprotected.

Threat Actor Types and Attributes

“Threat actor” is a broad term that encompasses a wide variety of individuals and groups

categorized based on their skill set, resources, or motivation for attack.

Here are some of the most common types of threat actors and the motivations typically

behind their actions:


1. Cybercriminals

Cybercriminals are individuals or groups who use digital technology to conduct illegal

activity. They’re often motivated by financial gain.

This type of threat actor typically employs social engineering tactics such as phishing

emails to lure victims into clicking on a malicious link or downloading malicious software

(malware). Other examples of cybercrime include stealing data, tricking victims into

transferring money, stealing login credentials, and making ransom demands.

2. Nation-States

Nation-states may fund threat actor groups to perform a variety of malicious activities on

the networks of other governing entities including espionage or cyberwarfare. Since

nation-state funded threat actors tend to be highly resourced, their behavior is often

persistent and more difficult to detect.

Targeting their opponents’ networks in stealth, nation-state-funded threat actors typically

seek to exfiltrate or corrupt sensitive data and assets, disrupt critical infrastructure, or

gather confidential intelligence.

3. Terrorist Groups

As with physical acts of terrorism, the goal of cyber terrorists is typically to cause harm and

destruction that furthers their cause. This type of threat actor targets businesses, state

machinery, and critical infrastructures or services that will cause the most damage or

disruption.
4. Thrill-Seekers

Thrill-seekers are threat actors who attack computer systems or networks for personal

enjoyment. Whether they want to see how much data and sensitive information they can

steal, or they are interested in how specific networks and computer systems operate, thrill-

seekers may not necessarily intend to do much harm to their targets. However, they can

interfere with computer systems and networks or exploit vulnerabilities for more

sophisticated cyberattacks in the future.

5. Insider Threats

Insider threats are on the rise. These threats can be categorized into the following types:

 Malicious Insiders: Malicious insiders are individuals who have access to the

corporate environment and decide to turn against their employers by helping threat

actors; usually for monetary gain.

 Incautious Insiders: Incautious insiders are employees who may not have

malicious intent but end up causing a data breach due to their carelessness. They

might click on a phishing email, install unapproved software, or lose their corporate

devices.

6. Hackers

Although the term ‘threat actor’ is often used interchangeably with ‘hackers’, hackers and

threat actors are not one and the same. A hacker is someone who uses their computer skills

to overcome a challenge or problem, for better or for worse, while threat actors almost

always have malicious intent.


Hollywood popularized the term to invoke images of nefarious individuals with malicious

intentions, such as causing disruption or breaking the law. However, there are many types

of hackers with different capabilities.

Here are some examples of different types of hackers and what they can do:

Black Hat Hackers

Black hat hackers work against organizations or government agencies in an attempt to

break into computer networks or systems with malicious intent. Black hat hackers often

work alone or with organized crime groups and employ a number of techniques to hack

their targets, including social engineering, hacking passwords, infecting devices with

malware, logging keystrokes, or creating botnets to execute a Distributed-Denial-of-

Services (DDoS) attack.

White Hat Hackers

White hat hackers, also called ethical hackers, work with organizations or government

agencies to identify vulnerabilities and protect cyber systems from malicious hackers.

Unlike other types of hackers, white hat hackers always have permission from the

organization or agency they work with to hack into computer networks or systems.

Grey Hat Hackers

Grey hat hackers fall somewhere in between white hat hackers and black hat hackers. Grey

hat hackers hack into computer networks or systems in order to draw the target’s attention

to vulnerabilities or potential attack paths and then charge a fee to fix the issues they’ve
discovered. Most often, this type of hacker exploits security issues without malicious intent,

but it is done without permission and often through illegal tactics.

Green Hat Hackers

Green hat hackers are beginners and often seek out information from more experienced

members of the hacking community. Although green hat hackers may not always have the

necessary skills or knowledge to launch a coordinated attack, they can still cause serious

damage if they don’t have a clear understanding of what they’ve done or how to fix it.

Blue Hat Hackers

Blue hat hackers are most similar to white hat hackers: they’re security professionals

working at consulting firms that are hired specifically to test a system prior to its launch.

Sometimes, blue hat hackers also target individuals or companies in retaliation for some

wrongdoing without putting much thought into the consequences of their actions.

Red Hat Hackers

Red hat hackers are often seen as the “dark horses” of the hacking world, working alone or

in private groups to disarm black hat hackers. Unlike white hat hackers who turn black hat

hackers into the authorities, red hat hackers often focus on destroying resources and doing

harm.

Script Kiddies

Unlike other types of hackers, script kiddies are often motivated by boredom and don’t

write their own computer scripts or code. Instead, they insert existing scripts or codes into

viruses or applications to hack computer systems belonging to others. In the hacking world,
script kiddies are notorious for being relatively unskilled and immature compared to other

types of hackers.

Hacktivists

Hacktivists are often considered black hat hackers, but their motivations for hacking are

political. Whether they’re concerned with preserving free speech or exposing instances of

human rights violations, hacktivists target individuals, organizations, or government

agencies.

Most of the time, hacktivists believe they’re trying to enact a positive change in the world.

For example, the hacking group Anonymous is well-known for its numerous cyberattacks

against several governments and have been called “freedom fighters” by their supporters.

Of the different types of hackers, the term “threat actor” most directly applies to black hat

hackers, blue hat hackers, script kiddies, and hacktivists.

The sophistication, scale and frequency of cybercrime continue to rise. While organizations
are concerned about cyber threats, the vast majority of them appear to be acting too slowly
to reduce the risks. Businesses in all sectors are scrambling to respond to cyber-attacks,
with healthcare, finance and government sectors reporting high volumes of breaches.

Open access to organization data

To increase resilience and protect against cyber crimes, organizations must fully
understand the risks.

 Basic vulnerabilities. A substantial number of cyber attacks are aimed at obvious


gaps in enterprise systems. Outdated software patches are an example of an internal
risk that are frequently exploited by attackers.
 Human factors. Human error continues to be the main vulnerability for many
organizations. Human error can include sending sensitive information to incorrect
recipients, accidentally publishing confidential information online and
misconfiguring assets to allow for unwanted access.
 Budget constraints. Most organizations have not invested heavily in their security
framework. Though this is rapidly changing, security teams do not always attract
the budget and resources they need to adopt a proactive approach.
 Third-party risks. It is crucial to understand the security posture of the service and
solution providers in your partner ecosystem. Any vulnerabilities in supplier
organizations can be a potential entry point for your organization. This was most
acutely evident in the SolarWinds network management software hack, which
impacted a wide array of U.S. government departments in 2020. The software
supply chain represents a key vulnerability for many organizations.
 Business continuity. It is important for an organization to be resilient in the event
of a security breach. The absence of business continuity and disaster recovery plans
can lead to severe financial and reputational damage.

Technological advancements and digitization are constantly altering the IT environment,


making cyber security increasingly difficult to manage. The greatest danger is assuming
you will never be a victim of a cyber-attack.

Impacts of cyber crime

A cyber incident can cause a financial loss of millions of dollars, with costs often recurring
over a long period of time. With increasing awareness, customers are more conscious about
what information they are providing to organizations. Failure to protect your customers'
data can lead to loss of trust and to wider, significant reputational damage. This also can
lead to further revenue loss or an impact on investors.

Sophisticated cyber crimes, including ransomware and denial of service (DoS) attacks, can
cause significant damage. They not only bring business operations to a halt but sometimes
involve hefty ransom payments.

The recent attack on the Colonial Pipeline in North America is a stark example. The attack
shut down the fuel distribution network and caused chaos as the community anticipated
gasoline shortages. In addition to reputational damage, Colonial Pipeline also suffered a
direct financial impact, paying $4.4 million dollars to end the attack.

What is authentication?
Authentication is the process of determining whether someone or something is who or
what they say they are. Authentication technology provides access control for systems by
checking to see if a user's credentials match the credentials in a database of authorized
users or a data authentication server. In doing this, authentication ensures that systems,
processes and enterprise information are secure.

There are several authentication types. For user identity, users are typically identified with
a user ID; authentication occurs when the user provides credentials, such as a password,
that match their user ID.

What is authentication used for?

Organizations use authentication to control who can access corporate networks and
resources, and to identify and control which machines and servers have access. Companies
also use authentication to enable remote employees to access applications and networks
securely.

Some specific use cases include the following:

 Login to corporate systems. Authentication methods are used to verify the identity of
employees and grant them access to corporate systems, such as email, databases and
document stores. This helps secure the confidentiality and integrity of sensitive
corporate data.

 Online banking and financial transactions. Authentication methods verify the


identity of customers and ensure that only authorized users can access bank accounts,
approve financial transactions and perform other online banking activities.

 Secure remote access. Many organizations let their employees work remotely,
connecting to resources from offsite locations. Authentication methods enable secure
remote access, verifying the identity of remote users, ensuring authorized access and
maintaining the security of the organization's network infrastructure.
 Electronic healthcare records (EHRs). Authentication methods are critical in
healthcare to protect the privacy and security of patients' EHRs while enabling
authorized healthcare professionals to access them when needed.

 E-commerce transactions. Authentication methods are used to verify the identity of


customers, protect sensitive information and enable secure online transactions. This
helps prevent fraud and enhances customer trust.

What are authentication factors?

Validating a user with a user ID and password is considered the most basic type of
authentication. It depends on the user knowing those two pieces of information. Since this
type of authentication relies on just one authentication factor, it's a type of SFA.

Strong authentication is more reliable and resistant to attack. Typically, it uses at least two
different types of authentication factors and often requires strong passwords with at least
eight characters, a mix of lowercase and uppercase letters, special symbols and numbers.
2FA and MFA are types of strong authentication, with MFA among today's most common
authentication practices.

An authentication factor represents a piece of data or attribute that can validate a user
requesting access to a system. An old security adage has it that authentication factors can
be something you know, something you have or something you are. Additional factors have
been proposed and applied in recent years, with location often serving as the fourth factor
and time serving as the fifth factor.

What is Weak Authentication ?

The more difficult an authentication mechanism is to defeat the stronger it


is. Clearly the authentication strength of a system should correlate to the value
of the assets it is protecting. Two-Factor and Multi-Factor Authentication
solutions are appropriate for systems that deal with highly valued assets.

Weak Authentication describes any scenario in which the strength of the


authentication mechanism is relatively weak compared to the value of the
assets being protected. It also describes scenarios in which the authentication
mechanism is flawed or vulnerable.
Password Strength

The “strength” of a password is related to the potential set of combinations that


would need to be searched in order to guess it. For example, a password
scheme with a length of two characters and consisting only of digits would
represent a a search space of 100 possib le passwords (10 x 10), whereas a 12
digit password would represent 10 12 possible combinations. The larger the set
of possible combinations, the harder it is to guess and the stronger the
password.

Thus, the following factors influence password strength:

 Length: The number of characters in the password. The greater the


length, the greater the strength.
 Character Set: The range of possible characters that can be used in the
password. The broader the range of characters, the greater the
strength. It is typical for strong password schemes to require upper and
lower case letters, digits, and punctuation characters.

Password Policy

Password Policy describes the rules that are enforced regarding password
strength, changes, and re-use. An effective password policy supports strong
authentication. It is generally accepted that the each of the following will
increase the integrity of the authentication process:

 Periodically changing the password for an account makes it less likely


that a password will be compromised, or that a compromised password
will be used. This is termed password expiration.
 Prohibiting the re-use of the same (or similar) password to the one being
changed will prevent password expiration from being circumvented by
users.
 Enforcing minimum strength rules for passwords will guarantee
application compliance with Password Policy.
 Prohibiting dictionary words and/or popular passwords will make
password cracking less likely.
 The use of secret questions to further demonstrate identity.

The more of these rules that are enforced, the stronger will be the
authentication mechanism,

Password Cracking

There are countless hacking tools and frameworks available to help an attacker
guess a password through an automated sequence of attempts. This is called
“brute forcing” because such tools will attempt all possible password
combinations given a set of constraints in an attempt to authenticate. An
application that does not protect itself against password cracking in some
manner may be considered as having a Weak Authentication vulnerability
depending the requirements and risk-level.

Dictionary Attacks

In addition to brute force attacks, password cracking tools also typically have
the ability to test a file of candidate passwords. This is called a dictionary
attack because the file used may actually be a dictionary of words. Passwords
that can be found in a dictionary are considered weak because they can
eventually discovered using a dictionary attack. An application that allows
dictionary words as passwords may be considered as having a Weak
Authentication vulnerability depending the application requirements and risk -
level.

Popular Passwords

Since passwords are usually freely chosen and must be remembered, and given
that humans are lazy, passwords that are easy to remember tend to be more
popular than those that are not. In fact, some passwords become very
popular and are used far more frequently that might be expected. Although the
most popular entries change over time, you can always find a “top -N” list
somewhere, like here, or here, or here. Clearly it is in the user’s best interest to
avoid the most popular passwords.

An application that allows popular passwords may be considered as having a


Weak Authentication vulnerability depe nding the application requirements and
risk-level.

Authentication Bypass

The whole purpose of authentication is to ensure that only authorized users


gain access to the application capabilities and the information it contains. It is
essential therefore that the system verifies the “authentication status” of the
user for every user action or request before it is carried out. The ability of a
user to access any application feature or resource without having first
authenticated represents a Weak Authentication vulnerability.

What is cybersecurity awareness?


Cybersecurity awareness is an ongoing process of educating and training employees about
the threats that lurk in cyberspace, how to prevent such threats and what they must do in
the event of a security incident. It also helps to inculcate in them a sense of proactive
responsibility for keeping the company and its assets safe and secure. In simple terms,
cybersecurity awareness is knowing what security threats are and acting responsibly to
avoid potential risks.

Cybersecurity awareness includes being aware of the latest security threats, cybersecurity
best practices, the dangers of clicking on a malicious link or downloading an infected
attachment, interacting online, disclosing sensitive information and so on. Security
awareness training programs help to enhance your organization’s security posture and
tighten its processes, thereby paving the way to building a more resilient business.
Cybersecurity awareness must be an organization-wide initiative for it to be most effective
and beneficial.

What is cybersecurity awareness training?

With cybercrime continuing its upward trend, cybersecurity is a top priority for businesses
of all sizes. Security awareness training is a critical component of an organization’s
cybersecurity strategy. It encompasses various tools and techniques used to inform and
equip employees about security risks and how to avoid them. This helps them understand
the cyber-risks your business faces every day, the impact they have on your business and
their roles and responsibilities with regard to the safety and security of digital assets.

What is the purpose of cybersecurity awareness training?

Cybercriminals are constantly evolving and devising new methods to exploit vulnerabilities
to steal valuable data from businesses. Additionally, they look to exploit human behavior
and emotions. It is no surprise social engineering attacks like phishing, spear phishing,
business email compromise (BEC), etc., are so successful.

Well-educated and trained employees can quickly identify these threats, which can
significantly reduce the risk of cybersecurity incidents and help prevent data breaches.
Security awareness training not only helps stop threat actors in their tracks, but also
promotes an organizational culture that is focused on heightened security. Cybersecurity
awareness training is a necessity for the survival of your organization. Your organization
must invest in cybersecurity training, tools and talent to minimize risk and ensure
company-wide data security. A well-defined cybersecurity awareness training can help
significantly reduce the cost and number of security incidents in your organization.

What should be included in cybersecurity awareness training?

Over the years, cybersecurity awareness training has come a long way from being largely
reserved for security professionals to include IT administrators and other employees. The
scope of cybersecurity awareness programs may vary depending on the number of
employees, how aware they are, budget and so on. Regardless of what the scope is, here are
some courses that every cybersecurity awareness training program must include.

Email security: Email is one of the most important communications tools for businesses
today. However, it is also the entry point for several types of cybercrime, including
phishing, ransomware, malware and BEC. About 94% of all dangerous ransomware and
other malware enter an organization through email. Therefore, email security training is
crucial to protect your employees and business from malicious email attacks. Email
security training will help employees be mindful of unsafe links and attachments.

Phishing and social engineering: The human attack surface is the primary gateway for
threat actors. Social engineering attackers are aware of how humans think and work. They
leverage this knowledge to exploit human behavior and emotions to influence their targets
to take desired actions. For example, disclosing sensitive information, granting system
access, sharing credentials, transferring funds and so on. Verizon’s 2021 Data Breach
Investigations Report revealed that more than 35% of data breaches involved phishing.
Phishing and social engineering attacks are targeted and convincing, making them highly
successful. However, with the right training and skills, your employees can spot warning
signs and greatly reduce the probability of falling victim to these scams.

Ransomware and malware: Malware, such as ransomware, enters an organization via


phishing emails. It is estimated that about 300,000 new pieces of malware are created
daily. SonicWall’s 2021 Cyber Threat Report revealed ransomware attacks increased by a
whopping 48% in 2020. Ransomware awareness training will help employees understand
how these attacks are executed, the tactics threat actors use and the actions they can take
against rising ransomware attacks.

Browser security: Web browsers are hot targets for hackers since they are the gateways
to the internet and hold large volumes of sensitive data, including personal information.
Not all websites you visit online are safe. Therefore, browser/internet security training,
including best practices, browser security tips, the different types of browser threats,
internet and social media policies, can go a long way toward maintaining confidentiality
and browsing the web safely.

Information security: Your organization’s information is the most prized asset. That’s
why protecting its confidentiality, integrity and availability should be everyone’s
responsibility. Your training programs must include courses that emphasize the criticality
of data security and responsibilities toward protecting the data. Train your employees on
how to handle, share, store and dispose of sensitive information safely. Having a clear
understanding of the legal and regulatory obligations of a breach is critical. Employees
should also be trained on incident reporting to remediate issues quickly and minimize risk.

Remote work protocol: Working remotely is the new norm, as is evident with most
organizations globally implementing a hybrid work model. This poses greater challenges
for organizations since they must now ensure safety and security both in the office and at
home (or anywhere). This also means additional security risks. However, these risks can be
significantly reduced with the right knowledge and tools for your employees. Your training
programs must include the dangers of connecting to unsecured public Wi-Fi networks, the
use of personal devices and unauthorized software, and the importance of VPNs for
additional layers of security, to name a few.

Physical security: Physical security includes everything from being aware of shoulder
surfers to protecting your company-provided laptops and mobile devices from potential
security risks. For example, locking the devices when stepping away, keeping the
workstation clean, avoiding tailgating, and storing confidential files and printed materials
in a secure place.

Removable media security: Removable media, such as USB drives, CDs, portable hard
drives, smartphones, SD cards, etc., offer convenient ways to copy, transfer and store data.
However, there are risks of data exposure, virus or malware infection, data loss and theft.
Educate your employees about your organization’s removable media policy, the risks
involved with using removable media, especially untrusted/unsanctioned removable
media, the importance of the policy and the repercussions of not following procedure.

Password security: According to the Federal Trade Commission’s (FTC) Consumer


Sentinel Network, more than 5.7 million cybercrime reports were filed by consumers in
2021, of which 25% were for identity theft. The importance of having a strong password is
paramount in today’s threat-laden environment. Security awareness programs must
include password management and password best practices, including what constitutes a
strong password and how to generate one. Your employees must also use multifactor
authentication (MFA) whenever possible to prevent account compromises.

Incident response: Having an incident response (IR) plan and IR team is not enough. You
must also educate your employees about their roles and responsibilities in the event of a
security incident. The harsh reality is security incidents are inevitable. Your organization’s
preparedness to deal with such incidents can be the difference maker between grappling
with legal and regulatory issues and quickly recovering from crises and avoiding further
damage.

What are the Components of Access Control?

At a high level, access control is about restricting access to a resource. Any access
control system, whether physical or logical, has five main components:

1. Authentication: The act of proving an assertion, such as the identity of a person or


computer user. It might involve validating personal identity documents, verifying
the authenticity of a website with a digital certificate, or checking login credentials
against stored details.
2. Authorization: The function of specifying access rights or privileges to resources.
For example, human resources staff are normally authorized to access employee
records and this policy is usually formalized as access control rules in a computer
system.
3. Access: Once authenticated and authorized, the person or computer can access the
resource.
4. Manage: Managing an access control system includes adding and removing
authentication and authorization of users or systems. Some systems will sync with G
Suite or Azure Active Directory, streamlining the management process.
5. Audit: Frequently used as part of access control to enforce the principle of least
privilege. Over time, users can end up with access they no longer need, e.g. when
they change roles. Regular audits minimize this risk.

How Does Access Control Work?

Access control can be split into two groups designed to improve physical security
or cybersecurity:

 Physical access control: limits access to campuses, building and other physical
assets, e.g. a proximity card to unlock a door.
 Logical access control: limits access to computers, networks, files and
other sensitive data, e.g. a username and password.

Why is Access Control Important?

Access control minimizes the risk of authorized access to physical and computer systems,
forming a foundational part of information security, data security and network security.

What Is Authentication?
Authentication is a security process followed to verify and confirm the identity of an
individual, device, or system attempting to access a particular resource or service. It
ensures that the claimed identity is valid and authorized to perform the requested actions
or access specific information. Authentication is fundamental to maintaining data privacy,
protecting sensitive resources, and preventing unauthorized access to systems and data.

Authentication involves several key elements and mechanisms:

1. Identity: The user, system, or entity that seeks access to a particular resource is
identified through a unique identifier, often referred to as a username, user ID, or client ID.
2. Credentials: These include information that users or entities present to prove their
identity. Prevalent credential types include:

Something the user knows: This includes passwords, personal identification numbers
(PINs), passphrases, or any other secret information that only the legitimate user should
know.

Something the user has: This involves possession of physical objects or devices such as
smart cards, security tokens, or mobile phones used for receiving one-time passwords
(OTPs).
Something the user is: This pertains to biometric characteristics such as fingerprints, iris
patterns, facial features, or voice recognition.
Biometric Authentication
Biometric authentication refers to a cybersecurity process that verifies a user’s identity
using their unique biological traits such as fingerprints, voices, retinas, and facial features.
Biometric authentication systems store this information in order to verify a user’s identity
when that user accesses their account. This type of authentication is usually more secure
than traditional forms of multi-factor authentication.

Understanding Cryptography

Cryptography can be defined as the art and science of concealing information and data in
an unreadable format so that only the intended individual can read it. In other words,
cryptography is a study to secure communication that allows only the message sender
and the intended recipient to view the message’s contents.

The applications of cryptography have been traced back to the ancient Egyptians.
However, the art of coding has reached new heights over the millennia. Modern
cryptography combines engineering, advanced computer technology, maths and other
disciplines.

Cryptography creates highly secure and sophisticated cyphers and algorithms for
protecting sensitive data in this digital era.
Cryptography in cybersecurity involves the use of encryption and decryption algorithms.
It is used for digital signing, cryptographic key generation, confidential communication,
internet browsing, and verification to ensure data privacy.

The four main objectives of cryptography are:

Confidentiality: Only the intended recipient can access and read the data. Hence,

the data remains private.
 Ensuring data integrity: The encoded data must not be tampered with or modified
en route from the sender to the recipient without any traceable marks.
 Authentication: The receiver and sender can verify each other’s identity and the
destination of the information.
 Non-repudiation: The sender becomes accountable for the messages they send.
The latter cannot deny that the message was transmitted – email tracking and
digital signatures are some examples of this.
Cryptography & Its Types

Let’s look at the different types of cryptography in cybersecurity.

1. Symmetric Key Cryptography/Single Key

In symmetric key cryptography, the same key is used in cryptography to encrypt and
decrypt information. The keys used in this kind of encryption should be kept secret by
both parties, making them vulnerable to attack from hackers. Symmetric cryptography is
often employed to safeguard the local storage of sensitive data on servers or drivers.

The main drawback of this method is finding a way to securely share the key between
the sender and receiver. Advanced Encryption Standard (AES) and Data Encryption
Standard (DES) are examples of this method.

Types of symmetric cryptography

Often, symmetric encryption is referred to as secret key cryptography. This is because


one single private key is used. There are a few forms of this type of cryptography, such
as:

 Block cyphers: This form of cryptography – including the Fiestal cypher – codes
and decodes one data block at a time.
 Stream cyphers: This form works on a single data byte at a time and regularly
changes the encryption key. In this method, the keystream can be in tandem with or
independent of the message stream.
2. Asymmetric Key Cryptography/Public Key

Asymmetric key cryptography uses two keys instead of one. This is a more secure
cryptography involving the sender and receiver having two private and one public key.
The sender uses the receiver’s public key to encrypt the message. On the other hand, the
receiver uses the private key to decrypt it.

This type of cryptography safeguards sensitive data transmission across public


networks. As the receiver has access to the private key, they will be the only ones able to
read the information. The RSA algorithm is one of the most widely used forms of public
key cryptography in cybersecurity.

Types of Asymmetric Cryptography

There are various kinds of asymmetric key algorithms, including:

 RSA: It is the basis of key exchanges and digital signatures. Its algorithm is based on
the principle of factorisation.
 Digital Signature Algorithm (DSA): Created by the National Institute of Standards
and Technologies, it is the standard for verifying electronic signatures and is built
on the modular exponentiation principles.
 Elliptic Curve Cryptography (ECC): This type of cryptography uses the algebraic
structure of elliptic curves for building complex algorithms. It is ideal for electronic
devices – such as smartphones – with limited computing power since they don’t
need much storage or bandwidth.
 Identity-based Encryption (IBE): In this algorithm, the receiver doesn’t have to
provide the public key to the sender. Instead, the sender uses some known unique
identifier – such as email address – to generate a public key to encode the message.
A corresponding private key is then generated by a third-party server, which the
receiver can access for decrypting the information.
3. Hash Functions

These are the kind of cryptographic algorithms which don’t use any keys. Instead, they
use a hash value – a number with fixed lengths that acts as a unique data identifier –
designed based on the length of the plain text information and is employed to encrypt
the data. Various operating systems generally use this method for protecting passwords.
Check out our free technology courses to get an edge over the competition.

Cryptographic Techniques in Cybersecurity

Of the several techniques employed for concealing data and files through cryptography,
some have been listed below:

 Hashing

In this method, a data string is converted into a unique string. Irrespective of the data
type, this technique will change the data into a unique, irreversible form. Hashing is used
for message integrity, password validation, blockchain technology, checking file
integrity, etc.

 Steganography

It is an old technique to conceal data or messages behind non-secret images, data, text or
other files. In this method, the secret message is blended with the file, therefore
becoming incredibly challenging to detect.

 Salting

It is another technique used in hashing to enhance and make them unreadable. Just like
adding salt to food improves its taste, this salting technique strengthens the hashing
process. A random salt string can be placed on either side of any password to change its
hash string.

Deception Technology Definition


Deception technology is a strategy to attract cyber criminals away from an enterprise's true
assets and divert them to a decoy or trap. The decoy mimics legitimate servers,
applications, and data so that the criminal is tricked into believing that they have infiltrated
and gained access to the enterprise's most important assets when in reality they have not.
The strategy is employed to minimize damage and protect an organization's true assets.
Deception technology is usually not a primary cybersecurity strategy that organizations
adopt. The goal of any security posture is protection against all unauthorized access, and
deception technology can be a useful technique to have in place once a suspected breach
has occurred. Diverting the cyber criminal to fake data and credentials can be key to
protecting the enterprise's real assets.

Another benefit of deception technology is research. By analyzing how cyber criminals


break the security perimeter and attempt to steal what they believe to be legitimate data,
IT security analysts can study their behavior in depth. In fact, some organizations deploy a
centralized deception server that records the movements of malicious actors—first as they
gain unauthorized access and then as they interact with the decoy. The server logs and
monitors any and all vectors used throughout the attack, providing valuable data that can
help the IT team strengthen security and prevent similar attacks from happening in the
future.

The downside or risk of deception technology is that cyber criminals have escalated the
size, scope, and sophistication of their attacks, and a breach may be greater than what the
deception server and its associated shadow or mock assets can handle. Further, cyber
criminals may be able to quickly determine that they themselves are being tricked as the
deception server and decoy assets become immediately obvious to them. As such, they can
quickly abort the attack—and likely return even stronger.

To function properly, deception technology must not be obvious to an enterprise's


employees, contractors, or customers.
, Denial of Service Filters
The DoS filter automatically scans traffic passing through the switch for well known frames
(based on packet signature) that are typically used to conduct Denial of Service attacks to
network devices. Once a frame is identified as a threat, it is automatically dropped.

What is Ethical Hacking?

Ethical hacking is an authorized practice of detecting vulnerabilities in an application,


system, or organization’s infrastructure and bypassing system security to identify
potential data breaches and threats in a network. Ethical hackers aim to investigate the
system or network for weak points that malicious hackers can exploit or destroy. They can
improve the security footprint to withstand attacks better or divert them.
The company that owns the system or network allows Cyber Security engineers to perform
such activities in order to test the system’s defenses. Thus, unlike malicious hacking, this
process is planned, approved, and more importantly, legal.

Ethical hackers aim to investigate the system or network for weak points that malicious
hackers can exploit or destroy. They collect and analyze the information to figure out ways
to strengthen the security of the system/network/applications. By doing so, they can
improve the security footprint so that it can better withstand attacks or divert them.

Ethical hackers are hired by organizations to look into the vulnerabilities of their systems
and networks and develop solutions to prevent data breaches. Consider it a high-tech
permutation of the old saying “It takes a thief to catch a thief.”

They check for key vulnerabilities include but are not limited to:

 Injection attacks

 Changes in security settings

 Exposure of sensitive data

 Breach in authentication protocols

 Components used in the system or network that may be used as access points

What are the Roles and Responsibilities of an Ethical Hacker?

Ethical Hackers must follow certain guidelines in order to perform hacking legally. A good
hacker knows his or her responsibility and adheres to all of the ethical guidelines. Here are
the most important rules of Ethical Hacking:

 An ethical hacker must seek authorization from the organization that owns the system.
Hackers should obtain complete approval before performing any security assessment on
the system or network.

 Determine the scope of their assessment and make known their plan to the organization.

 Report any security breaches and vulnerabilities found in the system or network.

 Keep their discoveries confidential. As their purpose is to secure the system or network,
ethical hackers should agree to and respect their non-disclosure agreement.
 Erase all traces of the hack after checking the system for any vulnerability. It prevents
malicious hackers from entering the system through the identified loopholes.

Key Benefits of Ethical Hacking

Learning ethical hacking involves studying the mindset and techniques of black hat hackers
and testers to learn how to identify and correct vulnerabilities within networks. Studying
ethical hacking can be applied by security pros across industries and in a multitude of
sectors. This sphere includes network defender, risk management, and quality assurance
tester.

However, the most obvious benefit of learning ethical hacking is its potential to inform and
improve and defend corporate networks. The primary threat to any organization's security
is a hacker: learning, understanding, and implementing how hackers operate can help
network defenders prioritize potential risks and learn how to remediate them best.
Additionally, getting ethical hacking training or certifications can benefit those who are
seeking a new role in the security realm or those wanting to demonstrate skills and quality
to their organization.

You understood what is ethical hacking, and the various roles and responsibilities of an
ethical hacker, and you must be thinking about what skills you require to become an ethical
hacker. So, let's have a look at some of the ethical hacker skills.

Skills Required to Become an Ethical Hacker

An ethical hacker should have in-depth knowledge about all the systems, networks,
program codes, security measures, etc. to perform hacking efficiently. Some of these skills
include:

 Knowledge of programming - It is required for security professionals working in the


field of application security and Software Development Life Cycle (SDLC).

 Scripting knowledge - This is required for professionals dealing with network-based


attacks and host-based attacks.

 Networking skills - This skill is important because threats mostly originate from
networks. You should know about all of the devices present in the network, how they
are connected, and how to identify if they are compromised.
 Understanding of databases - Attacks are mostly targeted at databases. Knowledge of
database management systems such as SQL will help you to effectively inspect
operations carried out in databases.

 Knowledge of multiple platforms like Windows, Linux, Unix, etc.

 The ability to work with different hacking tools available in the market.

 Knowledge of search engines and servers.

What Is Firewall?

Firewall is a network security device that observes and filters incoming and outgoing
network traffic, adhering to the security policies defined by an organization. Essentially, it
acts as a protective wall between a private internal network and the public Internet.

Fencing your property protects your house and keeps trespassers at bay; similarly,
firewalls are used to secure a computer network. Firewalls are network security systems
that prevent unauthorized access to a network. It can be a hardware or software unit that
filters the incoming and outgoing traffic within a private network, according to a set of
rules to spot and prevent cyberattacks.

Types of Firewalls

A firewall can either be software or hardware. Software firewalls are programs installed on
each computer, and they regulate network traffic through applications and port numbers.
Meanwhile, hardware firewalls are the equipment established between the gateway and
your network. Additionally, you call a firewall delivered by a cloud solution as a cloud
firewall.
Intrusion Detection System (IDS)
A system called an intrusion detection system (IDS) observes network traffic for
malicious transactions and sends immediate alerts when it is observed. It is software that
checks a network or system for malicious activities or policy violations. Each illegal
activity or violation is often recorded either centrally using a SIEM system or notified to
an administration. IDS monitors a network or system for malicious activity and protects a
computer network from unauthorized access from users, including perhaps insiders. The
intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of
distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good (normal)
connections’.

How does an IDS work?


 An IDS (Intrusion Detection System) monitors the traffic on a computer network to
detect any suspicious activity.
 It analyzes the data flowing through the network to look for patterns and signs of
abnormal behavior.
 The IDS compares the network activity to a set of predefined rules and patterns to
identify any activity that might indicate an attack or intrusion.
 If the IDS detects something that matches one of these rules or patterns, it sends an
alert to the system administrator.
 The system administrator can then investigate the alert and take action to prevent any
damage or further intrusion.
Classification of Intrusion Detection System
IDS are classified into 5 types:
 Network Intrusion Detection System (NIDS): Network intrusion detection systems
(NIDS) are set up at a planned point within the network to examine traffic from all
devices on the network. It performs an observation of passing traffic on the entire
subnet and matches the traffic that is passed on the subnets to the collection of known
attacks. Once an attack is identified or abnormal behavior is observed, the alert can be
sent to the administrator. An example of a NIDS is installing it on the subnet where
firewalls are located in order to see if someone is trying to crack the firewall.
 Host Intrusion Detection System (HIDS): Host intrusion detection systems
(HIDS) run on independent hosts or devices on the network. A HIDS monitors the
incoming and outgoing packets from the device only and will alert the
administrator if suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If the analytical
system files were edited or deleted, an alert is sent to the administrator to
investigate. An example of HIDS usage can be seen on mission-critical machines,
which are not expected to change their layout.
Benefits of IDS
 Detects malicious activity: IDS can detect any suspicious activities and alert the
system administrator before any significant damage is done.
 Improves network performance: IDS can identify any performance issues on the
network, which can be addressed to improve network performance.
 Compliance requirements: IDS can help in meeting compliance requirements by
monitoring network activity and generating reports.
 Provides insights: IDS generates valuable insights into network traffic, which can be
used to identify any weaknesses and improve network security.

Scanning
Scanning in ethical hacking is a network exploration technique used to identify the systems
connected to an organization’s network. It provides information about the accessible
systems, services, and resources on a target system. Some may refer to this type of scan as
an active scan because it can potentially disrupt services on those hosts that are
susceptible. Scanning is often used during vulnerability assessment when probing
weaknesses in existing defenses.
There are two ways of scanning:
 Active Scanning
 Passive Scanning
Scanning is more than just port scanning, but it is a very important part of this process.
Scanning allows you to identify open ports on the target system and can be used for port
mapping, performing an interactive session with the operating system via those ports, or
even redirecting traffic from these open ports. There are many tasks that can be performed
with a scanning tool.

What Is Incident Response?


Incident response (IR) is the process by which an organization handles a data breach or
cyberattack. It is an effort to quickly identify an attack, minimize its effects, contain damage,
and remediate the cause to reduce the risk of future incidents.

What Is an Incident Response Plan (IRP)?

An incident response plan is a set of documented procedures detailing the steps that should
be taken in each phase of incident response. It should include guidelines for roles and
responsibilities, communication plans, and standardized response protocols.

Within your plan it is important to use clear language and define any ambiguous terms. One
set of terms that are frequently confused is event, alert, and incident. When using these
terms in your plan, it can help to restrict use as follows:
 Event—a change in system settings, status, or communication. Examples include
server requests, permissions update, or the deletion of data.

 Alert—a notification triggered by an event. Alerts can warn of suspicious events or


of normal events that need your attention. For example,the use of an unused port vs
storage resources running low.

 Incident—an event that puts your system at risk. For example, theft of credentials
or installation of malware.

8 Types of Security Incidents

There are many types of cybersecurity incidents that could result in intrusions on an
organization’s network:

1. Unauthorized Attempts to Access Systems or Data: Occurs when an individual or


group attempts to gain unauthorized access to an organization’s systems or data.
Examples include hacking attempts, brute force attacks, and social engineering.

2. Privilege Escalation Attack: Occurs when an attacker is able to gain access to a


system with limited privileges and then uses that access to gain higher-level
privileges. This can be done by exploiting vulnerabilities in the system or using
stolen credentials.

3. Insider Threat: Occurs when a current or former employee, contractor, or other


insider uses their access to an organization’s systems or data for malicious
purposes. Examples include stealing sensitive information or sabotaging systems.

4. Phishing Attack: Occurs when an attacker sends an email or message that appears
to be from a legitimate source, but is actually a trap to steal sensitive information or
spread malware.

5. Malware Attack: Occurs when an attacker uses malware, such as a virus or Trojan
horse, to gain access to an organization’s systems or data or perform other
malicious activities. Different types of malware can perform different activities. For
example, ransomware can prevent access to data until a ransom has been paid.
6. Denial-of-Service (DoS) Attack: Occurs when an attacker floods a system or
network with traffic, causing it to become unavailable to legitimate users.

7. Man-in-the-Middle (MitM) Attack: Occurs when an attacker intercepts and alters


communications between two parties. The attacker can steal sensitive information
or spread malware this way.

8. Advanced Persistent Threat (APT): A sophisticated and targeted attack designed


to gain access to an organization’s systems or data, often with the goal of stealing
sensitive information or maintaining a long-term presence.

Security Policies

Security policies are a formal set of rules which is issued by an organization to ensure that
the user who are authorized to access company technology and information assets comply
with rules and guidelines related to the security of information. It is a written document in
the organization which is responsible for how to protect the organizations from threats and
how to handles them when they will occur. A security policy also considered to be a "living
document" which means that the document is never finished, but it is continuously updated
as requirements of the technology and employee changes.

Need of Security policies-

1) It increases efficiency.

The best thing about having a policy is being able to increase the level of consistency which
saves time, money and resources. The policy should inform the employees about their
individual duties, and telling them what they can do and what they cannot do with the
organization sensitive information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security
policy of the organization will back up any disciplinary action and also supporting a case in
a court of law. The organization policies act as a contract which proves that an organization
has taken steps to protect its intellectual property, as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to
other vendors during a business deal that involves the transference of their sensitive
information. It is true in a case of bigger businesses which ensures their own security
interests are protected when dealing with smaller businesses which have less high-end
security systems in place.

What is threat management?

Threat management is the process of detecting, preventing, and responding to


cyberthreats. Effective threat management tools and procedures can help reduce the risk of
cyberattacks.
Effective Managing Cyber Threats: Best Practices

An organization needs to unite defenses and response to stop threats faster and more
efficiently if they wish to succeed and grow rapidly. When a solid framework is applied,
effective threat management is achieved. This framework typically includes one or more
practice methods including:
 Unified Insight. Awareness of current threat operations can be used to tailor your
organization's management plan to meet the unique needs of your organization.
 Access to Visibility. Access into the threat landscape with services to test an
organization’s system for risks can integrate security and non-security data resources.
 Risk Detection. Identifying the most critical threats to an organization through the
integration of AI, attack models, and intelligence systems from years of securing well
known companies.
 Use of Investigation Tools. Investigation with the help of artificial intelligence and
advanced analytics across data sources with multiple degrees of capabilities.
 Effective Response. Response to automated actions against common threats provide
organizations with a business-wide playbook for the orchestration of threat
management across people and technological processes.

Unsecured broadband connections and WiFi networks pose a significant risk to users, as
they are vulnerable to hacking, identity theft, and other cyber threats.

How Safe is it to Use Public, Unprotected Wi-Fi Networks?


If you need to connect to the Internet at a public place and can not use your mobile data,
the only available option is to use a public Wi-Fi network. These networks are free and easy
to use but security is always a concern.
When you connect to a public network, remember that several other users are also
connected at the same time. So, if a hacker is able to access the public Wi-Fi router, there is
a risk that he may be able to steal your personal and confidential information.

Risk of Eavesdropping

There is a risk of eavesdropping by hackers when you use public networks. They may use
“man in the middle” style to gain access to your personal data. The hacker may be able to
eavesdrop on your information as it passes from your phone or computer to any website
you may use.

Here are some other risks of using unprotected public networks:

1. As these networks do not require any authentication, the hackers receive unfettered
access to unprotected gadgets within the same network.
2. The hackers may position between you and the hotspot, which leaves
youvulnerable to attacks.
3. If a hacker gets access to your personal information, he may misuse the same at any
point in time.
4. Unsecured Wi-Fi networks are also used by cyber criminals to distribute infected
software like viruses and malware.
5. Intruders may not damage the public network but may use it for illegal purposes
that may have severe repercussions.

Stay Protected While Using Public Wi-Fi network

Hackers target users who do not have the right knowledge to remain protected. Here are a
few tips that ensure security while connecting to a public Wi-Fi network:

1. Use a Virtual Private Network (VPN)

When you use a VPN, the information is encrypted. Therefore, the hackers are unable to
access your confidential information even if they position within the connection. Also,
criminals often do not want to spend time decrypting the information as it is a long and
tedious procedure.

2. Choose Secure Sockets Layer (SSL) connections

It is most likely that you may not have access to a VPN. Nonetheless, you may still encrypt
your data while using the internet on a public network. It is recommended that you enable
the “Always use HTTPS” setting on frequently used websites for more security.

3. Switch off Sharing

While connecting to the Internet on a public network, you may not share personal files and
data. It is advisable to switch off sharing from the control panel or system
preferences while using a laptop. It generally depends on the operating system.
Alternatively, you may allow Windows to switch it off while opting for “Public” option
when you connect to an unprotected network the first time.

4. Check the Terms and Conditions

Before connecting to a public Wi-Fi network, reading the terms and conditions may be
beneficial. Although you may not understand all these, it is likely you will be able to
comprehend the kind of data the network will collect and how it will be used. Moreover, it
is important you do not install any browser extensions or additional software.

5. Security Protocols

Using a well-configured firewall mechanism to filter data transmission over the public
network is recommended. In addition, having updated security software, such as anti-key-
logger or anti-malware is also beneficial.

6. Use a Security Tool

Tools like Wi-Fi check helps to verify the download speed and the security of the network.
It helps in identifying if the public network is secure or not. Such tools are highly beneficial
while using a public Wi-Fi network.

Even after adhering to the aforementioned tips and adopting multiple security measures,
you may still be at some risk. Therefore, using strong and secure internet service
providers and installing robust security software is important. The software will scan your
files for any malware attack and also scan new files before downloading these.

You might also like