CYBER SECURITY

Syllabus:

Module-I: Cyber Security Basics, Security Principles, Cyber Attacks and their Classification, Vulnerability Assessment, Intrusion
Detection and Intrusion Prevention Systems, User Authentication Methods, Bio-metric Authentication Methods

Module II: Standard Security Models: Information Security, Network Security, Operating System Security ; Web Security:mail Security,
Mobile Device Security, Cloud Security

Module III: IoT Security: Cyber Physical System Security, Social Media Security; Virtual Currency: Block Chain Technology, Security
Auditing

Module IV:

Cyber Crimes- Types-Data Frauds, Analysis of Crimes-Human Behavior- Stylometry-Incident Handling, Investigation Methods-Criminal
Profiling- Cyber Trails, Digital Forensics-History- Challenges-Branches of Digital Forensics, Digital Forensic Investigation Methods-
ReportingManagement of Evidence

Module V: Cyber Law-Basics-Information Technology Act 2000-Amendments, Evidentiary value of Emails/SMS, Cyber crimes and
Offences dealt with IPC-RBI Act-IPR in India, Jurisdiction of Cyber Crime, Creating awareness and Healthy practices

• Text Book:

• 1. Lester Evans, Cybersecurity: An Essential Guide to Computer and Cyber Security for Beginners, Including Ethical Hacking, Risk
Assessment, Social Engineering, Attack and Defense Strategies, and Cyberwarfare, Kindle Edition

• 2. K. Jaishankar. Cyber Criminology: Exploring Internet Crimes and Criminal Behavior, CRC Press
 Cyber Security
Cyber:
-It is a prefix derived from the word cybernetics.
-It is often used to describe things related to or involving Internet, digital systems, computers,
technology, application and virtual environments.

Security: Protection
- Protection of system, n/w, application, information etc..

Cyber security refers to the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, damage, or unauthorized access.
 Importance of Cyber Security
Protection of Sensitive Information:
Cybersecurity safeguards sensitive information, such as personal data, financial records, trade secrets, and
government intelligence, from unauthorized access, theft, and exploitation.

Prevention of Data Breaches(unauthorized data access):

Data breaches can result in significant financial losses, reputational damage, and legal consequences. Adequate
cybersecurity measures help prevent unauthorized individuals or entities from gaining access to sensitive data.
Protection of Critical Infrastructure:
Industries such as energy, transportation, healthcare, and finance heavily rely on interconnected systems. A
cyberattack on critical infrastructure can have devastating consequences, including disrupting essential services,
endangering public safety, and causing widespread chaos.
Contd….

Preservation of Intellectual Property:

Businesses invest heavily in research, development, and innovation. Cybersecurity measures safeguard intellectual
property from being stolen or exploited by competitors or malicious actors.

Global Interconnectivity:
The global nature of the internet means that cyber threats can originate from anywhere in the world.
Cybersecurity measures are necessary to defend against international cybercriminals and state-sponsored hacking
activities.

Personal Safety and National Security:

Cybersecurity is not only about protecting data and financial interests; it also plays a crucial role in safeguarding
individuals, communities, and nations from threats that can affect physical safety and national security.
 Other terms related to cyber…
• Cyberspace: This term refers to the virtual environment created by computer systems, including the Internet and
interconnected digital networks.

Example: online gaming platforms, social media

• Cybercrime: This encompasses criminal activities that involve computers or digital devices.
Example: hacking, identity theft, and online fraud.

• Cyberbullying: Refers to the use of digital communication tools to harass, intimidate, or threaten individuals.
Some common cyberbullying behaviors include:

✓ Sending mean or threatening emails, texts, or instant messages

✓ Posting hurtful comments on social networking sites
✓ Creating fake profiles or websites to embarrass or humiliate someone
✓ Spreading rumors or lies about someone online
✓ Posting sensitive personal information about someone without their permission
Contd….

Cyberwarfare: (a series of cyber attacks against a nation-state, causing it significant harm)

-It Involves the use of digital tactics to disrupt or attack the computer systems of individuals, organizations, or
even entire nations.

Cybernetics: The study of communication and control in living organisms and machines, and how they interact
and influence each other.

Cyber-Physical Systems: Systems that integrate digital computing and communication with physical processes
and machinery, often seen in areas like industrial automation and smart cities.
Example: Robots, intelligent buildings, implantable medical devices, cars that drive themselves.
 Motivations for Acquiring Cybersecurity
Knowledge
Personal Data Protection:
Acquiring cybersecurity knowledge empowers individuals to shield their personal information from cyber threats, such
as identity theft and online fraud.

Enhanced Employability: IT professional with cyber security applications are highly in demand.

Contributing to National Security:

Cybersecurity has implications for national safety. Cyber security professional are in demand for various government
secret agencies like NIA(National Investigation Agency),CBI..

Ethical Hacking and Penetration Testing: Mastery of cybersecurity facilitates ethical hacking and
penetration testing, identifying system vulnerabilities before malicious actors exploit them, thus enhancing digital
safety.
- Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business
impacts of weaknesses in a system.
 Security Principles(CIA Triad)
The main objective of cyber security is to ensure data protection.
The security community provides a triangle of three related principles to protect the data from cyber-
attacks.
This principle is called the CIA triad.
The CIA triad is a common model that forms the basis for the development of security systems.
Confidentiality: Protecting information from unauthorized access and
disclosure.
Example:
• Criminal steals customers’ usernames, passwords, or credit card Information

Integrity: Protecting information from unauthorized Modification.

Example:
• Someone alters payroll information or a proposed product design.

Availability: Preventing disruption in how information is accessed.

Example: Availability
• Your customers are unable to access your online services.
 Some common terms….
Vulnerabilities: Weakness in an information system or its components that could be exploited.

Threats: A Threat is a possible security risk that might exploit the vulnerability of a system or asset, organization, or
individual.

Attack:
An attack, on the other hand, is the actual act of exploiting the information security system's weaknesses.

Hacking:
It is the act of compromising digital devices and networks through unauthorized access to an account or computer system.

Fraud:
It occurs when someone intentionally misrepresents the truth, or withholds or conceals important information, resulting
in harm, such as monetary loss.
 Types of Cyber Security Threats
Malware
-Malware means malicious software, which is the most common cyber attacking tool.
- It is used by the cybercriminal or hacker to disrupt or damage a legitimate user's system.
The following are the important types of malware created by the hacker:
• Virus:
✓ It is a malicious piece of code that spreads by attaching itself to other software.
✓ It can clean files and spreads throughout a computer system, infecting files, stoles information, or damage device.
✓ Ex:Melissa, Mydoom
• Spyware:
✓ It is a software that secretly records information about user activities on their system.
For example, spyware could capture credit card details that can be used by the cybercriminals for unauthorized shopping,
money withdrawing, etc.
• Trojans:
✓ It is a type of malware or code that appears as legitimate software or file to fool us into downloading and running.
✓ Its primary purpose is to corrupt or steal data from our device or do other harmful activities on our network.
• Ransomware:
✓ Normally loaded onto a computer via a download/attachment/link from an email or website.
✓ Will either lock the screen or encrypt your data.
✓ Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without
removing all of the data

How to tackle Ransomware

▪ Learn to identify phishing emails

▪ Exercise caution with links
▪ Do not download or click suspicious
links or files
▪ Keep software up-to-date
▪ Back files up regularly
• Worms:
✓ These are are stand-alone malicious programs.
✓ These can replicate rapidly and spread across devices within a network.
✓ As it spreads, a worm consumes bandwidth, overloading infected systems and making them unreliable or unavailable.
✓ Worms can also change and delete files or introduce other malware.
✓ Ex: Morris Worm:(Also known as the Internet worm, this was one of the first computer worms to spread via the
Internet ), MSBlast
• Adware: It is an advertising software used to spread malware and displays advertisements on our device. It is an
unwanted program that is installed without the user's permission.

• Botnets:
✓ It is a collection of internet-connected malware-infected devices that allow cybercriminals to control them.
✓ The term botnet is derived from the words robot and network.
✓ A bot, in this case, is a device infected by malicious code, which then becomes part of a network, or net, of infected
machines all controlled by a single attacker or attack group.
✓ Infected devices are controlled remotely by threat actors.
✓ The objective for creating a botnet is to infect as many connected devices as possible.
✓ Botnets are commonly used to send spam emails, engage in click fraud campaigns.
 Phishing
• Phishing is a type of cybercrime in which a sender seems to come from a genuine
organization like PayPal, eBay, financial institutions, or friends and co-workers.

• They contact a target or targets via email, phone, or text message with a link to
persuade them to click on that links.

• This link will redirect them to fraudulent websites to provide sensitive data such as
personal information, banking and credit card information, social security numbers,
usernames, and passwords.

• Clicking on the link will also install malware on the target devices that allow hackers
to control devices remotely.
How to tackle the problem

• Don’t click any links on an email unless you

can guarantee who its from.
• Check the sender
• Look out for warning signs
• Check the sender
Distributed denial of service (DDoS)
• It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services, or
network's regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure with
Internet traffic.

• Here the requests come from several IP addresses that can make the system unusable, overload their servers,
slowing down significantly or temporarily taking them offline, or preventing an organization from carrying out
its vital functions.

Brute Force
• A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible
combinations until the correct information is discovered.
• Cybercriminals usually use this attack to obtain personal information about targeted passwords, login info,
encryption keys, and Personal Identification Numbers (PINS).
Man-in-the-middle (MITM) attack
• A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a
cybercriminal intercepts a conversation or data transfer between two individuals.

• Once the cybercriminal places themselves in the middle of a two-party communication, they seem like genuine
participants and can get sensitive information and return different responses.

• The main objective of this type of attack is to gain access to our business or customer data.

For example, a cybercriminal could intercept data passing between the target device and the network on an
unprotected Wi-Fi network.

SQL Injection (SQLI)

• SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for backend
database manipulation to access sensitive information.
• Once the attack is successful, the malicious actor can view, change, or delete sensitive company data, user lists,
or private customer details stored in the SQL database.
 Cyber Safety Tips
• Conduct cybersecurity training and awareness
• Update software and operating system
• Use anti-virus software
• Perform periodic security reviews
• Use strong passwords
• Do not open email attachments from unknown senders
• Avoid using unsecured Wi-Fi networks in public places
• Backup data
Latest Cyber Threats

-Assignment…..