Running Head: CYBERSECURITY

Cybersecurity

ECET 460: Network Security with Lab

Professor: Yu On Ng

Student: SM Shahnawaz

DeVry University (New York)

2
CYBERSECURITY
Abstract

The purpose of this paper is to discuss Cybersecurity as it does apply to network security. No

online resources have been a revolutionary invention of modern technology and with the

advancements in technology happening day by day online resources are only getting better and

better. If used correctly online resources or information can be a real asset to the federal

government in perspective to surveillance, but if in the wrong hands this technology can be a

huge invasion of privacy and can also cause real damage to human civilizations.

This is where the concept Cybersecurity appear which refers to the protection of internet-

connected systems, including hardware, software and data, from cyberattacks.

In a computing context, security comprises cybersecurity and physical security -- both are

used by enterprises to protect against unauthorized access to data centers and other computerized

systems. So, on this project, I am going to discuss Drone security vulnerabilities and also how

drone manufacturers are planning and protecting these vulnerabilities.

3
CYBERSECURITY
Table of Contents

Table of Contents.............................................................................................................................3

Cybersecurity .................................................................................................................................4

Introduction..................................................................................................................................4

Types of Cybersecurity Security Threats....................................................................................5

Cybersecurity Protection ………………………………………………………………………8

Careers in cybersecurity ……………………………………………………………………….9

Conclusion ………………………………………………………………………………………10

References ……………………………………………………………………………………….11
4
CYBERSECURITY
Cybersecurity

Introduction

In the world of networking and network security Cybersecurity is the protection of

internet-connected systems, including hardware, software and data, from cyberattacks. In a

computing context, security comprises cybersecurity and physical security -- both are used by

enterprises to protect against unauthorized access to data centers and other computerized

systems. One of the most problematic elements of cybersecurity is the constantly evolving nature

of security risks. The traditional approach has been to focus resources on crucial system

components and protect against the biggest known threats, which meant leaving components

undefended and not protecting systems against less dangerous risks.

To deal with the current environment, advisory organizations are promoting a more proactive

and adaptive approach. The National Institute of Standards and Technology (NIST) for example,

recently issued updated guidelines in its risk assessment framework that recommend a shift

toward continuous monitoring and real-time assessments.

5
CYBERSECURITY
Types of cybersecurity threats

When a criminal is trying to hack an organization, they won't re-invent the wheel unless they

absolutely have to: They'll draw upon common types of hacking techniques that are known to

be highly effective, such as malware, phishing, or cross-site scripting (XSS).

 Ransomware is a type of malware that involves an attacker locking the victim's

computer system files -- typically through encryption -- and demanding a payment to

decrypt and unlock them.

 Malware:

“Malware” refers to various forms of harmful software, such as viruses and Ransomware

Once malware is in your computer, it can wreak all sorts of havoc, from taking control of

your machine, to monitoring your actions and keystrokes, to silently sending all sorts of

confidential data from your computer or network to the attacker's home base.

 Social engineering is an attack that relies on human interaction to trick users into

breaking security procedures in order to gain sensitive information that is typically

protected.

 Phishing:

It is a form of fraud where fraudulent emails are sent that resemble emails from reputable

sources; however, the intention of these emails is to steal sensitive data, such as credit

card or login information. In a phishing attack, an attacker may send you an email that

appears to be from someone you trust, like your boss or a company you do business with.

The email will seem legitimate, and it will have some urgency to it (e.g. fraudulent
6
CYBERSECURITY
activity has been detected on your account). In the email, there will be an attachment to

open or a link to click. Upon opening the malicious attachment, you’ll thereby install

malware in your computer. If you click the link, it may send you to a legitimate-looking

website that asks for you to log in to access an important file—except the website is

actually a trap used to capture your credentials when you try to log in.

 Denial-of-Service (DoS):

In some instances, these DoS attacks are performed by many computers at the same time.

This scenario of attack is known as a Distributed Denial-of-Service Attack (DDoS). This

type of attack can be even more difficult to overcome due to the attacker appearing from

many different IP addresses around the world simultaneously, making determining the

source of the attack even more difficult for network administrators.

 Cross-Site Scripting (XSS):

One of the most common ways an attacker can deploy a cross-site scripting attack is by

injecting malicious code into a comment or a script that could automatically run. For

example, they could embed a link to a malicious JavaScript in a comment on a blog.

Cross-site scripting attacks can significantly damage a website’s reputation by placing the

users' information at risk without any indication that anything malicious even occurred.

Any sensitive information a user sends to the site—such as their credentials, credit card

information, or other private data—can be hijacked via cross-site scripting without the

website owners realizing there was even a problem in the first place.
7
CYBERSECURITY
Cybersecurity Protection

What cybersecurity can prevent:

The use of cybersecurity can help prevent cyberattacks, data breaches and identity theft and can

aid in risk management. When an organization has a strong sense of network security and an

effective incident response plan, it is better able to prevent and mitigate these attacks. For

example, end user protection defends information and guards against loss or theft while also

scanning computers for malicious code.

PREVENTION

Identifying and mitigating vulnerabilities

Conventional defenses, including firewalls and antivirus software, remain an integral part of an

organization’s security lineup. They block the majority of standard attacks by hackers on IT

systems and curb the spread of malware. Additionally, educating employees on cyber security

and potential threats is a key aspect of any prevention strategy. This added layer of protection is

vital, as professional criminals can often exploit the human factor to pinpoint vulnerabilities and

obtain network access. Furthermore, it is important to deploy products and IT solutions that are

secure by design. And enterprises should determine what data is truly mission critical – and

ensure that robust defenses are in place for these key assets.

DETECTION

Simulating and analyzing attack patterns

Dissecting the tactics employed by hackers can help hone defenses, making them more effective.

Companies should implement intelligent security management that aggregates information from

a variety of sources – and analyzes it in real time to shield systems from novel attack vectors. To

combat these emerging threats, T-Systems has partnered with FireEye, which specializes in
8
CYBERSECURITY
protecting systems from complex digital threats. The cyber security enterprise detects previously

unknown, particularly dangerous vulnerabilities – frequently encountered in popular programs.

Furthermore, major corporations should analyze attacks in dedicated cyber security centers and

share their findings with others.

Internet as an Attack Platform

9
CYBERSECURITY
Careers in Cybersecurity

As the cyberthreat landscape continues to grow and emerging threats, such as the internet of

things, require hardware and software skills, it is estimated that there are 1 million unfilled

cybersecurity jobs worldwide. IT professionals and other computer specialists are needed in

security jobs, such as:

 Chief Internet Security officer (CISO): this individual implements the security

program across the organization and oversees the IT security department's operations;

 Security engineer: this individual protects company assets from threats with a focus on

quality control within the IT infrastructure;

 security architect: this individual is responsible for planning, analyzing, designing,

testing, maintaining and supporting an enterprise's critical infrastructure; and

 Security analyst: this individual has several responsibilities that include planning

security measures and controls, protecting digital files, and conducting both internal and

external security audits.

10
CYBERSECURITY
Conclusion

All in all, small businesses are at a major risk of being hacked, the methods we discussed

above can help deter attackers from targeting your business and looking elsewhere for softer

targets to test their exploits on. It’s important to conduct a system-wide assessment to determine

the current state of your business’s security so as to know the next steps to take.

Though not all people are victims to cybercrimes, they are still at risk. Crimes by computer

vary, and they don’t always occur behind the computer, but they executed by computer. The

hacker’s identity is ranged between 12 years young to 67years old. The hacker could live three

continents away from its victim, and they wouldn’t even know they were being hacked. Crimes

done behind the computer are the 21st century’s problem. With the technology increasing,

criminals don’t have to rob banks, nor do they have to be outside in order to commit any crime.

They have everything they need on their lap. Their weapons aren’t guns anymore; they attack

with mouse cursors and passwords.

11
CYBERSECURITY
References

 Clark, C. (n.d.). What is cybersecurity? - Definition from WhatIs.com. Retrieved

December 21, 2018, from https://searchsecurity.techtarget.com/definition/cybersecurity

 Common Types of Cybersecurity Attacks and Hacking Techniques. (n.d.). Retrieved

December 21, 2018, from https://www.rapid7.com/fundamentals/types-of-attacks/