Cyber Security

IT 404
Lecture 1

Overview of the Course

IT404 Spring 2023/Lecture1 1

 Introducing My Self

Dr. Tauqeer Safdar

[email protected]

Education/Certifications Professional Backgroung

PhD in Information Technology Assistant Professor

Universiti Teknologi PETRONAS, Malaysia BZ University Multan
M.S (C.S) Assistant Professor
AIR University Multan
COMSATS Institute of Technology, Islamabad
Lecturer
B.C.S (Hons)
University of Technology & Applied Science, Muscat, Oman
B.Z University Multan
Lecturer
King Khalid University, Saudi Arabia
Lecturer
B.Z University Multan

2
Introduce Yourself as…..

● T ● Tolerance
● A ● Ali
● U ● Understanding
● Q ● Quran
● E ● Earth
● E ● Engrossed
● R ● Rapturous
Why Do Computer Attacks Occur?
• Who are the attackers?
– bored teenagers, criminals, organized crime
organizations, rogue states, industrial
espionage, angry employees, …
• Why they do it?
– fun,
– fame,
– profit, …
• computer systems are where the moneys are

IT404 Spring 2023/Lecture1 4

Cyber Security Issues
• Computer viruses
• Trojan horses
• Computer worms
– E.g., Morris worm (1988), Melissa worm (1999), etc.
• Distributed denial of service attacks
• Computer break-ins
• Email spams
– E.g., Nigerian scam, stock recommendations

IT404 Spring 2023/Lecture1 5

More Cyber Security Issues
• Identity theft
• Zero-day attacks
• Botnets
• Serious security flaws in many important systems
– electronic voting machines, ATM systems
• Spywares
• Driveby downloads
• Social engineering attacks

IT404 Spring 2023/Lecture1 6

Why do these attacks happen?
• Software/computer systems are buggy

• Users make mistakes

• Technological factors
– Von Neumann architecture: stored programs
– Unsafe program languages
– Software are complex, dynamic, and increasingly so
– Making things secure are hard
– Security may make things harder to use

IT404 Spring 2023/Lecture1 7

Why does this happen?
• Economical factors
– Lack of incentives for secure software
– Security is difficult, expensive and takes time

• Human factors
– Lack of security training for software engineers
– Largely uneducated population

IT404 Spring 2023/Lecture1 8

Security is Secondary
• What protection/security mechanisms one has in
the physical world?

• Why the need for security mechanisms arises?

• Security is secondary to the interactions that

make security necessary.

IT404 Spring 2023/Lecture1 9

Security is not Absolute
• Is your car secure?
• What does “secure” mean?
• Are you secure when you drive your car?

• Security is relative
– to the kinds of loss one consider
• security objectives/properties need to be stated
– to the threats/adversaries under consideration.
• security is always under certain assumptions

IT404 Spring 2023/Lecture1 10

Information Security is Interesting
• The most interesting/challenging threats to
security are posed by human adversaries
– security is harder than reliability
• Information security is a self-sustained field
• Security is about benefit/cost tradeoff
– thought often the tradeoff analysis is not explicit
• Security is not all technological
– humans are often the weakest link

IT404 Spring 2023/Lecture1 11

Cyber Security is Challenging

• Defense is almost always harder than attack.

• In which ways information security is more
difficult than physical security?
– adversaries can come from anywhere
– computers enable large-scale automation
– adversaries can be difficult to identify
– adversaries can be difficult to punish
– potential payoff can be much higher
• In which ways information security is easier than
physical security?
IT404 Spring 2023/Lecture1 12
What is This Course About?
• Learn how to prevent attacks and/or limit their
consequences.
– No silver bullet; man-made complex systems will have
errors; errors may be exploited
– Large number of ways to attack
– Large collection of specific methods for specific
purposes
• Learn to think about security when doing things
• Learn to understand and apply security principles

IT404 Spring 2023/Lecture1 13

Course Outline
• Introduction/review of cryptography
• Operating system security
• Software security
• Access control models
• Network security
• Web security

IT404 Spring 2023/Lecture1 14

 Ethical use of security information

• We discuss vulnerabilities and attacks

– Most vulnerabilities have been fixed
– Some attacks may still cause harm
– Do not try these at home

IT404 Spring 2023/Lecture1 15

Coming Attractions …
• Cryptography: terminology and
classic ciphers.

• Readings for next lecture:

– Cryptography on wikipedia
– Interesting reading
• The Code Book by Simon Singh

IT404 Spring 2023/Lecture1 16