Cyber and Network Security

By: Prof. Rupanshi Patidar

 Computer Security
 Computer security is the protection that is set up for computer
systems and keeps critical information from unauthorized access,
theft, or misuse.
 Computer security refers to measures and controls that ensure
the confidentiality, integrity and availability of the information
processed and stored by a computer.
Computer Security
Computer Security
 Computer Security
 1.Confidentiality: Preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information. A loss
of confidentiality is the unauthorized disclosure of
information. This term covers two related concepts:
 Data confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
 Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and
by whom and to whom that information may be disclosed.
 Computer Security
 2.Integrity: Guarding against improper information
modification or destruction, including ensuring information
non repudiation and authenticity. A loss of integrity is the
unauthorized modification or destruction of information. This
term covers two related concepts:
 Data integrity: Assures that information (both stored and in
transmitted packets) and programs are changed only in a
specified and authorized manner.
 System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
 Computer Security
 3.Availability: Ensuring timely and reliable access to and
use of information. A loss of availability is the disruption
of access to or use of information or an information
system .Assures that systems work promptly and service
is not denied to authorized users.
 Types of Computer Security
Application Security

 Application security is the introduction of security features in

applications during their development process. This actively
helps prevent potential cyber threats such as data breaches,
denial-of-service attacks (DoS), SQL injection, and many
others. Some examples of application security tools are
antivirus software, firewalls, web application firewalls,
encryption, etc.
 Application security is the process of adding specific features
to software that prevents a variety of cyber threats. Examples
include two-step authentication, high-level encryption,
logging, firewalls, intrusion prevention systems (IPS) and more.
 Types of Computer Security
Information Security

 Information security revolves around protecting company

data assets from unauthorized use. Typically, information
security involves the CIA triad model, which focuses on
protecting data confidentiality, integrity and availability
without impacting an organization’s productivity.
 Types of Computer Security
Network Security

 This type of computer security focuses on procedures

network administrators implement to avoid unauthorized
access, modification, exploitation or denial of the
networks and their resources. Conducted effectively,
these procedures block the majority of viruses, malware
and other cyber threats from accessing or altering secure
information.
 Types of Computer Security
Endpoint Security

 Endpoint security is the practice of safeguarding

individual network endpoints — individual devices that
connect to an organization’s network. This practice has
become more important in recent years as many people
use personal computers, phones and other devices to
access company information and networks while working
from home. Ensuring that these devices can access
needed information without compromising an
organization’s security posture is a major concern in
modern computer security.
 Why Is Computer Security
Important?
 Cybercrime is incredibly common — according to the
Cyber security & Infrastructure Security Agency (CISA), 1
in 3 homes in the United States has a computer infected
with malware and 600,000 Face book accounts are
hacked every single day. Many of these breaches could
have been avoided with proper security practices.
 Why Is Computer Security
Important?
 Computer security protects individuals and organizations
against cyber threats and the loss of important data.
Becoming the target of a cybercriminal can be incredibly
damaging and disruptive to daily activities, whether
personal or professional. So, why is computer security so
important? Because understanding the basics of
computer security can help you avoid headaches and
keep your data safe from others. Having your identity
stolen or your accounts compromised can involve hours
lost with account recovery — as well as significant
financial losses.
 Healthy Computer Security
Principles and Practices
 Ensure physical computer security:
 Install security and anti-virus software
 Activate firewall
 Update your software and stay alert on news and the latest
software
 Do not click on email attachments from unknown senders
 Make your passwords strong and change them regularly
 Ignore pop-ups and drive-by downloads when using the
Internet
 Educate yourself on the fundamentals of computer security
and the latest cyber threats
 Perform regular scans and create system backups periodically
Types of cyber attack
 1. Malware
 Malware — or malicious software — is any program or
code that is created with the intent to do harm to a
computer, network or server. Malware is the most
common type of cyberattack, mostly because this term
encompasses many subsets such as ransomware, trojans,
spyware, viruses, worms, keyloggers, bots, cryptojacking,
and any other type of malware attack that leverages
software in a malicious way.
 Types of Malware
Type Description
Ransomware In a ransomware attack, an adversary encrypts a victim’s data and offers to
provide a decryption key in exchange for a payment. Ransomware attacks are
usually launched through malicious links delivered via phishing emails, but
unpatched vulnerabilities and policy misconfigurations are used as well.

Fileless Fileless malware is a type of malicious activity that uses native, legitimate
Malware tools built into a system to execute a cyber attack. Unlike traditional
malware, fileless malware does not require an attacker to install any code on
a target’s system, making it hard to detect.
Spyware Spyware is a type of unwanted, malicious software that infects a computer or
other device and collects information about a user’s web activity without
their knowledge or consent.
Adware Adware is a type of spyware
Type Description
Trojan It is a code that is malicious in nature and has the capacity to take control
of the computer. It is designed to steal, damage, or do some harmful
actions on the computer. It tries to deceive the user to load and execute
the files on the device. After it executes, this allows cybercriminals to
perform many actions on the user’s computer like deleting data from
files, modifying data from files, and more.
Worms A worm is a self-contained program that replicates itself and
spreads its copies to other computers. A worm may infect its
target through a software vulnerability or it may be delivered via
phishing or smishing. Embedded worms can modify and delete
files, inject more malicious software, or replicate in place until
the targeted system runs out of resources.
Rootkits Rootkit malware is a collection of software designed to give
malicious actors control of a computer network or application.
Once activated, the malicious program sets up a backdoor
exploit and may deliver additional malware. Bootkits take this a
Type Description
Mobile Mobile malware is any type of malware designed to target
Malware mobile devices. Mobile malware is delivered through malicious
downloads, operating system vulnerabilities, phishing, smishing,
and the use of unsecured WiFi.

Exploits An exploit is a piece of software or data that opportunistically

uses a defect in an operating system or an app to provide access
to unauthorized actors. The exploit may be used to install more
malware or steal data.

Scareware Scareware tricks users into believing their computer is infected

with a virus. Typically, a user will see scareware as a pop-up
warning them that their system is infected. This scare tactic aims
to persuade people into installing fake antivirus software to
remove the “virus.” Once this fake antivirus software is
downloaded, then malware may infect your computer.
Type Description
Keylogger Keyloggers are tools that record what a person types on a
device. While there are legitimate and legal uses for keyloggers,
many uses are malicious. In a keylogger attack, the keylogger
software records every keystroke on the victim’s device and
sends it to the attacker.

Botnet Botnet is a network of computers infected with malware that

are controlled by a bot herder. The bot herder is the person who
operates the botnet infrastructure and uses the compromised
computers to launch attacks designed to crash a target’s
network, inject malware, harvest credentials or execute CPU-
intensive tasks.
MALSPAM Malicious malware (MALSPAM) delivers malware as the
malicious payload via emails containing malicious content, such
as virus or malware infected attachments
 2. Denial-of-service (DoS) attacks
 A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods
a network with false requests in order to disrupt business operations.
 In a DoS attack, users are unable to perform routine and necessary tasks,
such as accessing email, websites, online accounts or other resources
that are operated by a compromised computer or network. While most
DoS attacks do not result in lost data and are typically resolved without
paying a ransom, they cost the organization time, money and other
resources in order to restore critical business operations.
 The difference between DoS and Distributed Denial of Service (DDoS)
attacks has to do with the origin of the attack. DoS attacks originate from
just one system while DDoS attacks are launched from multiple systems.
DDoS attacks are faster and harder to block than DOS attacks because
multiple systems must be identified and neutralized to halt the attack.
 3. Phishing
 Phishing is a type of cyber attack that uses email, SMS,
phone, social media, and social engineering techniques to
entice a victim to share sensitive information — such as
passwords or account numbers — or to download a
malicious file that will install viruses on their computer or
phone.
Type Description
Spear Spear-phishing is a type of phishing attack that targets specific individuals or
Phishing organizations typically through malicious emails. The goal of spear phishing is to
steal sensitive information such as login credentials or infect the targets’ device
with malware.

Whaling A whaling attack is a type of social engineering attack specifically targeting

senior or C-level executive employees with the purpose of stealing money or
information, or gaining access to the person’s computer in order to execute
further cyberattacks.

SMiShing Smishing is the act of sending fraudulent text messages designed to trick
individuals into sharing sensitive data such as passwords, usernames and credit
card numbers. A smishing attack may involve cybercriminals pretending to be
your bank or a shipping service you use.

Vishing Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice
messages pretending to be from a reputable organization to convince individuals
to reveal private information such as bank details and passwords.
 4. Spoofing
 Spoofing, as it pertains to cybersecurity, is when someone or
something pretends to be something else in an attempt to gain
our confidence, get access to our systems, steal data, steal
money, or spread malware. Spoofing attacks come in many
forms, including:
 Email spoofing
 Website and/or URL spoofing
 Caller ID spoofing
 Text message spoofing
 GPS spoofing
 Man-in-the-middle attacks
 Extension spoofing
 IP spoofing
 Facial spoofing
4. Spoofing
 5. Identity-based attacks
 An identity-based attack is a type of cyber attack that targets
and compromises the digital identity of individuals and
organizations. In this type of attack, a cybercriminal tries to
steal, alter and misuse an individual’s identity-related
information such as their login credentials, domain names,
personal data or digital certificates.

 These types of attacks take advantage of identity and access

management vulnerabilities to gain unauthorized access to an
organization’s systems, data and resources. Once a
cybercriminal has gained access to an individual’s online
identity, they can pose as the user to further access an
organization’s sensitive data.
5. Identity-based attacks
 6. Code injection attacks
 Code injection refers to attacks that involve injecting
malicious code into an application. The application then
interprets or executes the code, affecting the
performance and function of the application. Code
injection attacks typically exploit existing data
vulnerabilities, such as insecure handling of data from
untrusted sources.
 Code injection often takes advantage of improper
validation of input and output data—for instance, data
format, expected data volume, and permitted characters.
6. Code injection attacks
 7. Supply chain attacks
 A supply chain attack is a type of cyberattack carried out
against an organization’s suppliers as a means to gain
unauthorized access to that organization’s systems or
data. Sometimes called value chain or third-party
software attacks, they involve significant planning by
threat actors use malicious code to infiltrate an
organization’s systems, and they can have a devastating
blast radius after the initial compromise, as in the case of
the 2020 SolarWinds attacks.
7. Supply chain attacks
 8. Social engineering attacks
 Social engineering is a technique where attackers use
psychological tactics to manipulate people into taking a
desired action. Through the use of powerful motivators
like love, money, fear, and status, attackers can gather
sensitive information that they can later use to either
extort the organization or leverage such information for a
competitive advantage.
 Social engineering attacks manipulate people into sharing
information that they shouldn’t share, downloading
software that they shouldn’t download, visiting websites
they shouldn’t visit, sending money to criminals or
making other mistakes that compromise their personal or
organizational security.
8. Social engineering attacks
 9. Insider threats
 An insider threat refers to a cyber security risk that
originates from within an organization. It typically occurs
when a current or former employee, contractor, vendor
or partner with legitimate user credentials misuses their
access to the detriment of the organization’s networks,
systems and data. An insider threat may be executed
intentionally or unintentionally. No matter the intent, the
end result is compromised confidentiality, availability,
and/or integrity of enterprise systems and data.
9. Insider threats
 10. DNS tunneling
 DNS Tunneling is a method of cyber attack that encodes
the data of other programs or protocols in DNS queries
and responses. DNS tunneling often includes data
payloads that can be added to an attacked DNS server
and used to control a remote server and applications.
 Typically, DNS tunneling requires the compromised
system to have external network connectivity, as DNS
tunneling requires access to an internal DNS server with
network access. Hackers must also control a domain and
a server that can act as an authoritative server in order to
execute the server-side tunneling and data payload
executable programs.
 11. IoT-based attacks
 IoT attacks are cyber-attacks that gain access to users'
sensitive data with the help of any IoT device. Attackers
usually install malware on the device, harm the device, or
gain access to further personal data of the company.
 For instance, an attacker may gain access to an
organization's temperature control system through a
security loophole in any IoT device. He can then influence
the temperature of the rooms connected to the
appropriate device.
11. IoT-based attacks
 12. AI-powered attacks
 An AI-powered cyberattack, also known as an AI-enabled or
offensive AI attack, leverages AI/ML algorithms to carry out
malicious activities. These attacks use AI to automate and
enhance the capabilities of traditional cyberattacks, making
them more sophisticated, targeted, and challenging to detect.

 AI-powered cyberattacks can take various forms, such

as phishing emails, malware, ransomware, or even social
engineering techniques. What makes them dangerous is their
ability to adapt and evolve based on the data they collect and
learn from their targets.
 12. AI-powered attacks
Examples of AI-Powered Cyberattacks
 Using a deepfake voice technology in a CEO scam. In this
scenario, a threat actor used AI-powered software to mimic
the voice of a company's CEO and request urgent wire
transfers from employees.
 Creating convincing phishing emails with generative AI. A
sophisticated phishing scam used to require research and
effort, but now attackers can make them in seconds.
 Discovering software vulnerabilities and evading intrusion
detection with AI algorithms.
 Chatbot phishing scams, where chatbots engage in seemingly
harmless conversations with potential victims, subtly gathering
information about personal details or login credentials.
 OSI Security Architecture
 We understood that the data travels from the Application layer
of the sender to its Physical layer and then from the Physical
Layer of the sender to the Physical layer of the receiver. So, in
between, this data can be modified, stolen, or just being read
by an attacker for some future use. This is not safe as the data
can be used for criminal activities as well and in any big
organization, the data being stolen/modified can be of major
concern.
 So, the OSI Security model provides a standard for the security
of data by identifying the attacks, security services, and
security mechanisms and also identifies which security
services should be implemented in which layer of the OSI
model and what security mechanisms should be used to do so.
So, let us now understand the OSI Security Architecture model
in detail.
OSI Security Architecture
 Security Attack
 A security attack means any action that puts the data or
overall security of the system at risk. An attack might be
successful or unsuccessful. In case of a successful attack,
the attacker can complete his/her motive of breaking the
security of the system in any way he/she wants to. In case
of an unsuccessful attack, the system remains secured
and no harm to the security is done.
There are majorly 2 types of attacks:
 Active attacks
 Passive attacks.
 Passive Attack
 A passive attack is a kind of attack in which the data that
is sent from the sender to the receiver is read by the
attacker in the middle of the transmission. However, the
main point to note here is that the passive attack is the
attack in which the attacker does not modify or corrupt
the data. No changes are made to the data. The attacker
just observes the data sent to the receiver from the
sender and can know a lot of information about the
sender and the receiver just by observing the
communication between them. There are 2 types of
passive attacks.
 Passive Attack
 Traffic Analysis: As the name suggests, this attack focuses
on the amount or volume of data sent between the
sender and the reciever.
 1. The attacker can predict a lot of information about the
sender and the receiver by knowing the amount of data
sent. For example, if a lot of data is being sent from the
sender to the receiver, it is assumed as there is an
emergency, or a task is happening on an urgent basis. If
less data is shared between the sender and the receiver, it
is assumed that there is a lack of communication and so
on.
 Passive Attack
 Eavesdropping: In this kind of attack, the attacker reads the
communication that happens between the sender and the
receiver and then can use this information for many things. For
instance, an attacker can use the information to know about
the financial details of the user. Also, this can be used for
criminal activities as the attacker can send a lot of personal
information to a criminal.
 The difference between eavesdropping and traffic analysis is
that in traffic analysis, the attacker does not even read the
data. He/she is just focused on the volume of the data.
Whereas on the other hand, in eavesdropping, the focus is on
the actual data being exchanged between the sender and the
receiver.
 Active Attack
 In an active attack, the focus of the attacker is to modify
the data that is being exchanged between the sender and
the receiver. The most dangerous thing about this attack
is that most of the time, the sender and the receiver do
not even know that an attack has happened. There are
several types of active attacks. Some of them are as
follows:
 Active Attack
 Replay: In a replay attack, the attacker acts as an authorized
user and can use the details of the authorized user to log in to
a system. This happens as follows.
 Suppose that there is a user, and he/she wants to log in to a
system. So, they enter their username and password, and this
detail reaches in the form of a data packet to the server of the
system. The attacker can steal this data packet in between and
use this data packet later to log in to the system. You might be
wondering that the login details are encrypted, so how would
the attacker use them? The encryption will not matter in this
case as the data packet as it is, has been stolen and the server
might not recognize this and give access to the attacker.
 Active Attack
 Masquerade: In this attack too, the attacker acts to be an
authorized user. Now, this is not done by stealing the data
packet. It is done by stealing the login details of the user
somehow. So, no technical aspect of stealing the details is
involved here.
 Denial of Service (DOS): The denial-of-service attack is an
attack in which a system is attacked by a lot of requests to the
system at one time that it is not able to handle. The attacker
sends multiple requests to the server at the same time and the
server is not able to handle such requests. However, this attack
is easily identifiable as these loads of requests come from a
single sender (the attacker) and it is easy to identify the source
of the attack.
 Active Attack
 Distributed Denial of Service (DDOS): As we saw, in the
denial-of-service attack, the source of the attack can be easily
identified. Now, there is a modified version of this attack i.e.,
DDOS i.e., distributed version of the DOS attack. In this attack,
the attacker first observes the details of a lot of authorized
users. Then, the attacker uses these authorized users at the
same time to send requests to the system. Now, thousands (or
even more) of requests at the same are sent to the system and
the system cannot recognize the source of attack as there is
each request from a different user, and all the users are
authorized. So, the attacker is using the authorized users as
victims too. The primary victim is the system, and the
secondary victims are the authorized users. The authorized
users are called Zombie PCs.
 Security Mechanism
 The mechanism that is built to identify any breach of
security or attack on the organization, is called a security
mechanism. Security Mechanisms are also responsible for
protecting a system, network, or device against
unauthorized access, tampering, or other security threats.
 Security Mechanism
 Encipherment (Encryption): Encryption involves the use
of algorithms to transform data into a form that can only
be read by someone with the appropriate decryption key.
Encryption can be used to protect data it is transmitted
over a network, or to protect data when it is stored on a
device.
 Digital signature: Digital Signature is a security
mechanism that involves the use of cryptographic
techniques to create a unique, verifiable identifier for a
digital document or message, which can be used to
ensure the authenticity and integrity of the document or
message.
 Security Mechanism
 Traffic padding: Traffic Padding is a technique used to add
extra data to a network traffic stream in an attempt to
obscure the true content of the traffic and make it more
difficult to analyze.
 Routing control: Routing Control allows the selection of
specific physically secure routes for specific data
transmission and enables routing changes, particularly
when a gap in security is suspected.
 Security Services
 Security services refer to the different services available
for maintaining the security and safety of an organization.
They help in preventing any potential risks to security.
Security services are divided into 5 types:
 Security Services
 Authentication: Authentication is the process of verifying
the identity of a user or device in order to grant or deny
access to a system or device.
 Access control: Access Control involves the use of policies
and procedures to determine who is allowed to access
specific resources within a system.
 Data Confidentiality: Data Confidentiality is responsible
for the protection of information from being accessed or
disclosed to unauthorized parties.
 Security Services
 Data integrity: Data Integrity is a security mechanism that
involves the use of techniques to ensure that data has not
been tampered with or altered in any way during
transmission or storage.
 Non- repudiation: Non-repudiation involves the use of
techniques to create a verifiable record of the origin and
transmission of a message, which can be used to prevent
the sender from denying that they sent the message.
 Fundamental Security Design
Principles
1. Principle of Least Privilege
 The principle of least privilege is a security design
principle that requires that users be given the bare
minimum permissions necessary to perform their tasks.
So, this principle is also sometimes referred to as the
principle of least authority. It is often cited as one of the
most important security design principles.
2. Principle of Defense in Depth
 This principle, also known as layered security, encourages
implementing multiple software design security measures
to protect a system. If one layer is breached, others
remain to deter the attacker.
 Fundamental Security Design
Principles
3. Principle of Fail-Safe Defaults
 Fail-safe defaults are security settings that are configured
to prevent unauthorized access or use of resources. By
default, all users should have the least amount of
privileges necessary to perform their job function.
 Access to sensitive data should be restricted to only
those who need it. To protect data from unauthorized
access, it must be encrypted.
 Systems must be designed to be resilient to
attacks. Security controls should be tested regularly to
ensure they are effective.
 Fundamental Security Design
Principles
4. Principle of Economy of Mechanism
 The principle of economy of mechanism states that a system
should be designed to minimize the number of distinct
components (Eg. processes, machines, nodes, etc.) that must
interact to perform a given task. This principle is also known as
the principle of least action. The design of a security system
should be as simple and efficient as possible.
 This principle is based on the idea that the more complex a
security system is, the more opportunities there are for
attackers to exploit vulnerabilities.
 Therefore, it is important to keep security systems as simple as
possible in order to reduce the attack surface and make it
more difficult for attackers to find and exploit vulnerabilities..
 Fundamental Security Design
Principles
5. Principle of Complete Mediation
 Security design principles should be comprehensive and
address all potential security risks. It should be integrated
into the overall design of the system and implemented in
a way that minimizes the impact on performance and
usability. It should be reviewed and updated on a regular
basis.
 Fundamental Security Design
Principles
6. Principle of Open Design
 Open design is a security design principle that advocates for
the openness of security systems. The principle of open design
states that security systems should be designed in such a way
that they can be easily inspected, analyzed, and modified by
anyone with the necessary skills and knowledge.
 The goal of open design is to improve the security of systems
by making it easier for security experts to find and fix
security vulnerabilities. The open design also makes it
possible for security researchers to audit systems and assess
their security.
 Many open source security tools and technologies are
available that implement the principle of open design.
 Fundamental Security Design
Principles
7. Principle of Separation of Privilege
 The principle of separation of privilege states that a user
should not be able to access all areas of a system. This
principle is designed to protect systems from unauthorized
access and to prevent users from accidentally or deliberately
damaging system resources.
 By separating privileges, a system can more easily control
access to its resources and prevent unauthorized or accidental
damage.
 The principle of separation of privilege is often implemented
by dividing a system into different levels, with each level
having its own set of privileges.
 This principle is an important part of security design and
should be considered when designing any system.
 Fundamental Security Design
Principles
8. Principle of Least Common Mechanism
 The principle of least common mechanism states that security
should be designed so that there is a minimum number of
mechanisms that are shared by all users. This principle is
important because it reduces the chances that a security flaw
will be exploited by more than one user.
 By reducing the number of mechanisms that are shared by all
users, the principle of the least common mechanism also
reduces the chances that a security flaw will be exploited by
an attacker who has access to more than one user’s account.
 The principle of least common mechanism is also known as the
principle of least privilege.
 Attack Surface
 Attack surface is known as the possible points where an
unauthorized person can exploit the system with
vulnerabilities. It's the combination of weak endpoints of
software, system, or a network that attackers can
penetrate.
 Not only the devices and IT components, but people can
also be the attack surface. Malware, ransomware, and
some other types of cyberattacks are common to get
access to a device. But many sophisticated cyberattacks
target individuals related to the business and plan attack
trees using social engineering attack surfaces.
 Attack Surface
 The attack surface is the aggregate of all known,
unknown, and potentially exploitable vulnerabilities that
an unauthorized user can exploit to obtain access to a
network or sensitive data, or to launch a cyberattack. The
less attack surface there is, the simpler it is to defend.
 Types of Attack Surfaces
 Digital attack surface
 Physical attack surface
 Social engineering attack surface
 Digital attack surface
 Digital attack surface: Cybercriminals frequently find it
simpler to get into your company by exploiting weak
cybersecurity than using physical methods. Everything
that exists outside the firewall and is accessible through
the Internet is referred to as the surface.
 Digital attack surface
 Here goes a list of common digital attack surfaces:
 Application: Vulnerabilities in applications are common. As the
number of applications is growing, concern on the attack surface
is uprising simultaneously.
 Code: Code is another attack surface that hackers examine and try
to find a vulnerability. Any unexpected coding could lead your
system into a serious hazard.
 Ports: Attackers scan ports and try to penetrate the system
through open ports. Not all open ports are harmful; in some
cases, your server won't work without a particular open port. But,
any open port with writing access could be used as an attack
surface.
 Website: Websites are the most common attack surface in the
digital arena. Businesses will keep data on their website to serve
the users. Attackers scan for website vulnerabilities, and they use
it as an attack surface to deploy an attack tree and gain access to
the system.
 Digital attack surface
 The digital attack surface potentially exposes the
organization’s cloud and on-premises infrastructure to
any hacker with an internet connection. Common attack
vectors in an organization’s digital attack surface include:
 Weak passwords
 Misconfiguration
 Software, operating system (OS), and firmware
vulnerabilities
 Internet-facing assets
 Shared databases and directories
 Outdated or obsolete devices, data, or applications
 Shadow IT
 Digital attack surface
 Weak passwords: Passwords that are easy to guess—or
easy to crack via brute-force attacks—increase the risk
that cybercriminals can compromise user accounts to
access the network, steal sensitive information, spread
malware and otherwise damage infrastructure. According
to IBM's Cost of a Data Breach Report 2021, compromised
credentials were the most commonly used initial attack
vector in 2021.
 Mis-configuration: Improperly configured network ports,
channels, wireless access points, firewalls, or protocols
serve as entry points for hackers. Man-in-the-middle
attacks, for example, take advantage of weak encryption
protocols on message-passing channels to intercept
communications between systems.
 Digital attack surface
 Software, OS, and firmware vulnerabilities: Hackers and
cybercriminals can take advantage of coding or
implementation errors in third-party apps, OSs, and other
software or firmware to infiltrate networks, gain access to
user directories, or plant malware. For example, In 2021,
cybercriminals took advantage of a flaw in Kaseya's VSA
(virtual storage appliance) platform to distribute ransomware,
disguised as a software update, to Kaseya's customers.
 Internet-facing assets: Web applications, web servers and
other resources that face the public internet are inherently
vulnerable to attack. For example, hackers can inject malicious
code into unsecured application programming interfaces
(APIs), causing them to improperly divulge or even destroy
sensitive information in associated databases.
 Digital attack surface
 Shared databases and directories: Hackers can exploit
databases and directories that are shared between systems
and devices to gain unauthorized access to sensitive resources
or launch ransomware attacks. In 2016, the Virlock
ransomware spread by infecting collaborative file folders that
are accessed by multiple devices.

 Outdated or obsolete devices, data, or applications: Failure to

consistently apply updates and patches creates security risks.
One notable example is the WannaCry ransomware, which
spread by exploiting a Microsoft Windows operating system
vulnerability for which a patch was available. Similarly, when
obsolete endpoints, data sets, user accounts, and apps are not
uninstalled, deleted, or discarded, they create unmonitored
vulnerabilities cybercriminals can easily exploit.
 Digital attack surface
 Shadow IT: "Shadow IT" is software, hardware, or
devices—free or popular apps, portable storage devices,
an unsecured personal mobile device—that employees
use without the IT department’s knowledge or approval.
Because it’s not monitored by IT or security teams,
shadow IT may introduce serious vulnerabilities that
hackers can exploit.
 Physical attack surface
 Physical attack surface: Security concerns arise when an
attacker gains access to any physical component of the
workplace, in addition to a digital attack surface. If an
infected device can connect to the network, it can easily
pass access to the attacker. Consider physical attack
surface to be all the security flaws in a particular system
that an attacker might access if they had physical access
to your office, server room, or other physical location.
Laptops, computers, LANs, and routers are some
examples of physical attack surfaces.
 Physical attack surface
 Malicious insiders: A malicious insider is an employee,
contractor, or business partner who uses their privileged
access to deliberately share or abuse proprietary
company information. Malicious insiders use their access
to share, or misrepresent your company’s data for
personal, professional, or financial gain.
 Physical attack surface
 Device theft: Criminals may steal endpoint devices or gain
access to them by breaking into an organization's premises.
After they are in possession of the hardware, hackers can
access data and processes that are stored on these devices.
They might also use the device's identity and permissions to
access other network resources. Endpoints used by remote
workers, employees' personal devices, and improperly
discarded devices are typical targets of theft.

 Baiting: Baiting is an attack in which hackers leave malware-

infected USB drives in public places, hoping to trick users into
plugging the devices into their computers and unintentionally
downloading the malware.
Social engineering attack surface
 Social engineering tricks people into paying money to
criminals, sending information they shouldn’t transmit,
installing software they shouldn’t download, visiting
websites they shouldn’t visit, and other blunders that
jeopardize their security or that of their organizations.
 Because it exploits human weaknesses rather than
technical or digital system vulnerabilities, social
engineering is sometimes called ‘human hacking’.
Social engineering attack surface
The most well-known and frequent social engineering
assault method is phishing. In a phishing attack, con
artists send voicemails, texts, or emails to trick their
intended targets into divulging personal information,
downloading malicious software, sending money or
assets to the wrong individuals, or performing other
harmful actions. Phishing messages are created by
scammers to appear or sound as though they are from a
reputable or trustworthy company or person, such as a
well-known merchant, a governmental agency, or
occasionally even a person the recipient knows
personally.
How to Reduce the Attack Surface Area
 1. Implement zero-trust policies
 2. Eliminate complexity
 3. Scan for vulnerabilities
 4. Segment network
 5. Train employees
 Attack Tree
 An attack tree is a way to partially model the attack surface by
visualizing an attacker’s goal and the various methods of
possibly achieving that goal. Perhaps the best way to
understand the difference between an attack tree and an
attack surface is the distinction between entry points and
methods:
 An attack surface is a written description of the various entry
points of an IT environment via which attackers could gain
access and achieve their objectives.
 In contrast, an attack tree is a diagram that illustrates the
attacker’s objective and the methods of achieving that
objective.
 Attack Tree
 In cybersecurity, an attack tree is a model of how a malicious
actor might seek access to an IT asset, such as a system or
network. Computer security professional Bruce Schneier was
one of the first to develop and publicize the notion of attack
trees.
 Attack trees have the shape of a tree diagram:
 A single root node at the top represents the hacker’s ultimate
goal.
 The children of the root represent different methods that can
be used to achieve this objective.
 The children of these children represent subproblems that
must be solved along the way.
 A Model for Network Security
 A message is to be transferred from one party to another
across some sort of internet.
 The two parties, who are the principals in this
transaction, must cooperate for the exchange to take
place.
 A logical information channel is established by defining a
route through the internet from source to destination and
by the cooperative use of communication protocols (e.g.,
TCP/IP) by the two principals
 A Model for Network Security
 A network security model in computer networks refers to
the structured defensive mechanisms and protocols
implemented to protect the integrity, confidentiality and
availability of data transmitted between devices over an
interconnected system of networks.
 Its core purpose in computer network security (CNS) is to
transform plain text data into encrypted ciphertext before
sending it over the vulnerable network channel so that
potential attackers cannot decipher or make sense of the
information.
 A Model for Network Security
 This is achieved by applying a cryptographic algorithm
powered by a secret key known only to the communicating
parties in the network security model in CNS. The encrypted
data gets transmitted and later decrypted at the receiving end
with the same secret key.
 An effective network security model in computer networks has
the following key aspects:
 An encryption algorithm encodes plaintext into ciphertext and
decodes cypher text back into plain text. The strength of the
algorithm relies on its ability to withstand cracking attempts by
adversaries.
 Secure generation, distribution and usage of a secret key
exclusively shared between the communicating parties over
the computer network. A trusted third party facilitates the
secret key exchange in the network security model in CNS.
A Model for Network Security
 A Model for Network Security
Using this model requires us to:

• Select appropriate gatekeeper functions to identify users

• Implement security controls to ensure only authorised
users access designated information or resources
• Trusted computer systems may be useful to help
implement this model
 A Model for Network Security
What are the Components of a Network Security Model?
 Firewalls: Firewalls monitor all incoming and outgoing
network traffic and stop viruses, hackers and DDoS
assaults depending on security standards. Firewalls
provide perimeter security through traffic filtering and
block unauthorised access attempts.
 Intrusion Prevention Systems (IPS): IPS monitors traffic
patterns to detect malicious activity, policy violations,
vulnerability exploits or threats that firewalls can miss. It
can analyse packet payloads and block attacks in real-time
before the damage is done.
 A Model for Network Security
What are the Components of a Network Security Model?
 VPN: Virtual Private Networks (VPNs) enable secure remote
connections for teleworkers and road warriors and connect
distributed sites. VPNs create encrypted tunnels across public
networks to ensure data confidentiality and integrity.
 Access Controls: Access controls regulate access to networks
and systems by implementing strict authentication,
authorisation and accounting. Methods like multi-factor
authentication, role-based access and device compliance
enforcement ensure appropriate resource access.
 A Model for Network Security
What are the Components of a Network Security Model?
 Data Encryption: Encrypting data secures sensitive
information from unauthorised access or modification
attempts. It scrambles data using encryption algorithms
and keys, ensuring only parties with decryption keys can
read it.
 Endpoint Security: Hardening endpoints via antivirus
software, strict access controls, and patching helps
prevent malware, unauthorised access and attacks
targeting end users. It blocks threats from entering
networks through endpoints.
 A Model for Network Security
What are the Components of a Network Security Model?
 Network Monitoring: Continuous monitoring using
SIEM(Security information and event management)
systems collects and analyses network activity logs to
rapidly detect potential attacks and anomalous behaviour
indicative of a breach. It enables threat visibility.
 Incident Response Plans: Despite defences, breaches can
happen, so incident response plans prepare
organisations to respond appropriately to security
events. Playbooks detailing roles, responsibilities and
actions are essential for effective breach containment.
 Cyber crime
 Cybercrime can be defined as “The illegal usage of any
communication device to commit or facilitate in
committing any illegal act”.
 A cybercrime is explained as a type of crime that targets
or uses a computer or a group of computers under one
network for the purpose of harm.
 Cybercrimes are committed using computers and
computer networks. They can be targeting individuals,
business groups, or even governments.
 Cybercrime can be carried out by individuals or
organizations. Some cybercriminals are organized, use
advanced techniques and are highly technically skilled.
Others are novice hackers.
 Cyber crime
Who are The Cybercriminals?
cybercriminals:
 - Black hat hackers
 - Cyberstalkers
 - Cyber terrorists
 - Scammers
 Cyber crime
Types of cybercrime include:
 Email and internet fraud.
 Identity fraud (where personal information is stolen and used).
 Theft of financial or card payment data.
 Theft and sale of corporate data.
 Ransomware attacks (a type of cyberextortion).
 Cyberespionage (where hackers access government or company data).
 Interfering with systems in a way that compromises a network.
 Illegal gambling.
 Selling illegal items online.
 Classification of Cyber Crime
Cybercrimes in general can be classified into four categories:
1. Individual Cyber Crimes:
 This type is targeting individuals. It includes phishing, spoofing,
spam, cyberstalking, and more.
2. Organisation Cyber Crimes:
 The main target here is organizations. Usually, this type of
crime is done by teams of criminals including malware attacks
and denial of service attacks.
3. Property Cybercrimes:
 This type targets property like credit cards or even intellectual
property rights.
4. Society Cybercrimes:
 This is the most dangerous form of cybercrime as it includes
cyber-terrorism.
 Classification of Cyber Crime
1. Cyber Bullying
 It is also known as online or internet bullying. It includes
sending or sharing harmful and humiliating content about
someone else which causes embarrassment and can be a
reason for the occurrence of psychological problems. It
became very common lately, especially among teenagers.
2. Cyber Stalking
 Cyberstalking can be defined as unwanted persistent
content from someone targeting other individuals online
with the aim of controlling and intimidating like unwanted
continued calls and messages.
 Classification of Cyber Crime
3. Software Piracy
 Software piracy is the illegal use or copy of paid software with
violation of copyrights or license restrictions.
 An example of software piracy is when you download a fresh
non-activated copy of windows and use what is known as
“Cracks” to obtain a valid license for windows activation. This is
considered software piracy.
 Not only software can be pirated but also music, movies, or
pictures.
4. Social Media Frauds
 The use of social media fake accounts to perform any kind of
harmful activities like impersonating other users or sending
intimidating or threatening messages. And one of the easiest and
most common social media frauds is Email spam.
 Classification of Cyber Crime
5. Online Drug Trafficking
 With the big rise of cryptocurrency technology, it became
easy to transfer money in a secured private way and complete
drug deals without drawing the attention of law enforcement.
This led to a rise in drug marketing on the internet.
 Illegal drugs such as cocaine, heroin are commonly sold and
traded online, especially on what is known as the "Dark Web".
6. Electronic Money Laundering
 Also known as transaction laundering. It is based on unknown
companies or online business that makes approvable payment
methods and credit card transactions but with incomplete or
inconsistent payment information for buying unknown
products.
 It is by far one of the most common and easy money
laundering methods.
 Classification of Cyber Crime
7. Cyber Extortion
 Cyber extortion occurs when a website, e-mail server or
computer system is subjected to or threatened with
repeated denial of service or other attacks by malicious
hackers. These hackers demand huge money in return for
assurance to stop the attacks and to offer protection.
 Cyber extortion is the demand for money by
cybercriminals to give back some important data they've
stolen or stop doing malicious activities such as denial of
service attacks.
 Classification of Cyber Crime
8. Intellectual-property Infringements
 It is the violation or breach of any protected intellectual-
property rights such as copyrights and industrial design.

9. Online Recruitment Fraud

 One of the less common cybercrimes that are also
growing to become more popular is the fake job
opportunities released by fake companies for the
purpose of obtaining a financial benefit from applicants
or even making use of their personal data.
 Classification of Cyber Crime
 Cyber Terrorism – Cyber terrorism is the use of the
computer and internet to perform violent acts that result
in loss of life. This may include different type of activities
either by software or hardware for threatening life of
citizens.
 In general, Cyber terrorism can be defined as an act of
terrorism committed through the use of cyberspace or
computer resources.
 Challenges of Cyber Crime
 People are unaware of their cyber rights-
The Cybercrime usually happen with illiterate people
around the world who are unaware about their cyber
rights implemented by the government of that particular
country
 Anonymity- Those who Commit cyber crime
are anonymous for us so we cannot do anything to that
person.
 Challenges of Cyber Crime
 Less numbers of case registered- Every country in the
world faces the challenge of cyber crime and the rate of
cyber crime is increasing day by day because the people
who even don’t register a case of cyber crime and this is
major challenge for us as well as for authorities as well.

 Mostly committed by well educated people- Committing

a cyber crime is not a cup of tea for every individual. The
person who commits cyber crime is a
very technical person so he knows how to commit the
crime and not get caught by the authorities.
 Challenges of Cyber Crime
 No harsh punishment- In Cyber crime there is no harsh
punishment in every cases. But there is harsh punishment
in some cases like when somebody commits cyber
terrorism in that case there is harsh punishment for that
individual. But in other cases there is no harsh
punishment so this factor also gives encouragement to
that person who commits cyber crime.
 Prevention of Cyber Crime
 Use strong password – Maintain different password and
username combinations for each account and resist the
temptation to write them down. Weak passwords can be easily
cracked using certain attacking methods like Brute force
attack, Rainbow table attack etc, So make them complex. That
means combination of letters, numbers and special characters.

 Use trusted antivirus in devices – Always use trustworthy and

highly advanced antivirus software in mobile and personal
computers. This leads to the prevention of different virus
attack on devices.
 Prevention of Cyber Crime
 Keep social media private –Always keep your social media
accounts data privacy only to your friends. Also make sure only
to make friends who are known to you.

 Keep your device software updated – Whenever you get the

updates of the system software update it at the same time
because sometimes the previous version can be easily
attacked.

 Use secure network – Public Wi-Fi are vulnerable. Avoid

conducting financial or corporate transactions on these
networks.
 Prevention of Cyber Crime
 Never open attachments in spam emails – A computer get
infected by malware attacks and other forms of cybercrime is
via email attachments in spam emails. Never open an
attachment from a sender you do not know.
 Software should be updated – Operating system should be
updated regularly when it comes to internet security. This can
become a potential threat when cybercriminals exploit flaws in
the system.
 Keep an eye on your bank statements - Spotting that you have
become a victim of cybercrime quickly is important. Keep an
eye on your bank statements and query any unfamiliar
transactions with the bank. The bank can investigate whether
they are fraudulent.
 Prevention of Cyber Crime
 Be mindful of which website URLs you visit - Keep an eye
on the URLs you are clicking on. Do they look legitimate?
Avoid clicking on links with unfamiliar or URLs that look
like spam. If your internet security product includes
functionality to secure online transactions, ensure it is
enabled before carrying out financial transactions online.
 Information Security
 Individuals, governments, and businesses all want to keep
their information secure. The field of information security, also
called infosec, protects information from unauthorized access.
That can mean protecting the confidentiality of information,
making data available to authorized users, and preventing data
corruption.
 Because information security covers all types of information,
the field focuses on security policies and practices that apply
to physical and digital records. Cybersecurity, in contrast,
focuses on data stored in computer systems and networks
accessible via the internet. The information security field
includes specializations such as information assurance, end-
point security, and physical security. Cybersecurity is
considered a subfield of information security.
Parameters CYBER SECURITY INFORMATION SECURITY

It is all about protecting

information from
It is the practice of protecting unauthorized users, access,
Basic
the data from outside the and data modification or
Definition
resource on the internet. removal in order to provide
confidentiality, integrity, and
availability.

It is about the ability to

It deals with the protection of
Protect protect the use of cyberspace
data from any form of threat.
from cyber attacks.

Information security is for

Cybersecurity to protect
Scope information irrespective of
anything in the cyber realm.
the realm.
Parameters CYBER SECURITY INFORMATION SECURITY

Cybersecurity deals Information security deals with the

Threat with the danger in protection of data from any form of
cyberspace. threat.

Cybersecurity strikes
Information security strikes against
against Cyber crimes,
Attacks unauthorized access, disclosure
cyber frauds, and law
modification, and disruption.
enforcement.

Information security professionals are

Cyber security the foundation of data security and
professionals deal security professionals associated with it
Profession with the prevention are responsible for policies, processes,
als of active threats or and organizational roles and
Advanced Persistent responsibilities that assure
threats (APT). confidentiality, integrity, and
availability.
Parameters CYBER SECURITY INFORMATION SECURITY

It deals with threats that

may or may not exist in
It deals with information Assets
the cyber realm such as
Deals with and integrity, confidentiality, and
protecting your social
availability.
media account, personal
information, etc.

Acts as first line of Comes into play when security is

Defence
defence. breached.

Primarily deals with digital Addresses a wider range of

Threats threats, such as hacking, threats, including physical theft,
malware, and phishing espionage, and human error
Parameters CYBER SECURITY INFORMATION SECURITY

Protects the confidentiality,

Protects against unauthorized
integrity, and availability of
access, use, disclosure,
all types of information,
Goal disruption, modification, or
regardless of the medium in
destruction of digital
which it is stored
information

Uses a range of
Relies on a variety of technologies, including
technologies, such as firewalls, encryption, access controls,
Technologies
antivirus software, and and data loss prevention
intrusion detection systems tools
Parameters CYBER SECURITY INFORMATION SECURITY

Emphasizes the protection of information

assets, which includes data but also other
Emphasizes protecting the data
Focus on information such as intellectual property,
itself, regardless of where it is
data trade secrets, and confidential customer
stored or how it is transmitted
information

Deals with constantly evolving Deals with a wide range of threats,

Threat threats, such as new forms of including physical security breaches,
landscape malware and emerging insider threats, and social engineering
cybercrime techniques attacks

Requires specialized knowledge

Requires knowledge of risk management,
of computer systems and
Skills compliance, legal and regulatory issues,
networks, as well as
required as well as technical knowledge
programming and software
development skills