Fundamentals of CS - Chapter One

Fundamentals of Cybersecurity
Course Introduction and Chapter One
Senait Desalegn
School of Information Technology and Engineering

Addis Ababa Institute of Technology
Temesgen Kitaw
Addis Ababa Damenu
University
April
March2022
2024
Contents
Course Introduction
Chapter One
• Cyber and cyberspace
• Security, information security and cybersecurity
• Objectives/goals of cybersecurity
• Cybersecurity threats (challenges)
• Cybersecurity vulnerabilities
• Cybersecurity attacks
• Cybersecurity solutions (models and mechanisms)
• The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 2
Course Introduction
SiTE - AAiT - AAU 3

Course Objectives
Explain fundamental concepts in cybersecurity
Introduce security threats and vulnerabilities of information
systems
Introduce the fundamentals of cryptography
Understand and implement the principles of secure system
design and development
Introduce the security issues and defense techniques in
applications, operating systems, networks, web applications,
database and mobile devices.
Introduce the techniques for vulnerability assessment and
security evaluation.
SiTE - AAiT - AAU 4

Learning Outcomes
Be familiar with cybersecurity concepts and issues.
Be able to recognize, explain, and act-on threats to
confidentiality, integrity, and availability of an information
system.
Understand and implement security defense mechanisms in
applications, operating systems, networks, web
applications, and mobile devices
Be conversant with designing, implementing and assessing
security measures in information systems.
Apply applicable techniques and technologies to defend
information systems from security threats.
SiTE - AAiT - AAU 5

Course content
Chapter One: Introduction
Chapter Two: Cybersecurity Risks
Chapter Three: Cryptography
Chapter Four: Application and OS Security
Chapter Five: Web security
Chapter Six: Database security
Chapter Seven: Network security
Chapter Eight: Mobile Security
Chapter Nine: Security Assessment and Evaluation
SiTE - AAiT - AAU 6

Chapter One
Cyber and cyberspace
Security, information security and cybersecurity
Objectives/goals of cybersecurity
Cybersecurity threats (challenges)
Cybersecurity vulnerabilities
Cybersecurity attacks
Cybersecurity solutions (models and
mechanisms)
The importance of cybersecurity in software
SiTE - AAiT - AAU 7
Cyber
Cyber - Oxford Dictionaries
• combining form in nouns and adjectives

• “connected with electronic communication networks, especially the internet”
• Cyber-attack, cybersecurity, cybercafé etc
Cyber - Cambridge Dictionary
• adjective
• “involving, using, or relating to computers, especially the internet”
Sometimes refers to cyberspace
SiTE - AAiT - AAU 8

Cyberspace
“the interdependent network of information technology infrastructures, and includes
• the Internet,
• telecommunications networks,
• computer systems, and
• embedded processors and controllers in critical industries.” National Security Presidential Directive
fifth space (virtual space)
• next to land, air, sea, outer space
consists of four different layers (Kremling and Parker, 2016)

• (1) physical layer,
• (2) logic layer,
• (3) information layer, and
• (4) personal layer
SiTE - AAiT - AAU 9

Cyberspace: layers
Physical layer
• physical devices, such as PCs, networks, wires, grids, and routers
Logic layer
• where the platform nature of the Internet is defined and created
Information layer
• includes the creation and distribution of information and interaction
between users
Personal layer
• consists of people
SiTE - AAiT - AAU 10

Cyberspace: broader view
Infrastructure Information
System
People Society
Driveittech.in

SiTE - AAiT - AAU 12 WEF
4th & 5th industrial revolution
techs
3D Printing
Big
Data
AI
AI
SiTE - AAiT - AAU

Discussion
Individually
Implication of Organization
cyberspace ally
Nationally

Chapter One
Security, information security and
cybersecurity
mechanisms)
Security
Security is the activities involved in protecting

something against attack, danger, etc:
• national security - the defense of a country
• physical security
• personnel security
• information security
• cybersecurity

Information Security
Focused on protecting
the information or data • data can be held on removable disks, laptops, servers,
of an individual or an personal devices and physical records.
organization from any
kind of attack.
• Organizations must protect physical assets including its

There are two sub- premises, as well as anywhere else where sensitive
categories of information can be stored physically.
• The second sub-category of information security relates to
information security. the protection electronic information (cybersecurity).

Cybersecurity
ability to secure, protect, and defend electronic data stored in servers, computers, mobile
devices, networks, and other electronic devices, from being attacked and exploited.
Cybersecurity focuses on protecting electronic (IT) assets against external and internal
cyberattacks.
This includes a wide range of security operations, including

• cloud security,
• network security, and
• application security
The convergence of IT and physical systems makes the scope of cybersecurity broader
• Cyber physical systems

Chapter One
mechanisms)
Cybersecurity goals
Confidentiality Preservatio
n of
• Encryption for data at rest (for instance AES256,
Confidential
full disk encryption). ity, Integrity
• Secure transport protocols for data in motion. and
(SSL, TLS or IPSEC). Availability
• Best practices for data in use - clean desk, no (CIA)
shoulder surfing, PC locking (automatic and when
leaving).
• Strong passwords, multi-factor authentication,
masking, access control, need-to-know, least
privilege.
MNP Digital

Cybersecurity goals…
Integrity Availability
• IPS/IDS.
• Cryptography. • Patch Management.
• Checksums (e.g. • Redundancy on
CRC). hardware power
• Message Digests (Multiple power
also known as a supplies/UPS’s/generator
hash (e.g. MD5, s), Disks (RAID), Traffic
SHA1 or SHA2). paths (Network design),
HVAC, staff.
• Digital Signatures:
• SLA’s – How much
non-repudiation. uptime do we
• -Access
SiTE AAiT - AAU control. want(99.9%?)
21
IAAA (Identification, Authentication, Authorization and
Accountability)
Identification: who you are

• Your name, username, ID number, employee number, SSN etc.
Authentication: the way to prove yourself.

• Something you know - Type 1 Authentication (passwords, pass phrase, PIN, etc.).
• Something you have - Type 2 Authentication (ID, passport, smart card, token,
cookie on PC, etc.).
• Something you are - Type 3 Authentication (and Biometrics) (Fingerprint, iris scan,
facial geometry…
• Should always be done with multi-factor authentication!

Authorization: what are you allowed to access?
• Access Control models. What and how we implement depends on the

organization and what our security goals are.
Accountability: also referred to as Auditing
• Trace an action to a subject’s identity

• Prove who/what a given action was performed by (non-repudiation).

Chapter One
mechanisms)
Cyber threat
A Cyber threat is any malicious act that
attempts to gain access to a computer network
• without authorization or permission from the
owners.
It refers to the wide range of malicious activities

• that can damage or disrupt a computer system, a
network or the information it contain.

Sources of Cyber Threats
Cyber threats can come from a wide variety of
sources, some notable examples include:
• National governments.
• Terrorists.
• Industrial secret agents.
• Rogue employees.
• Hackers.
• Business competitors.
• Organization insiders.

Cyber threats for CIA
Threats for confidentiality
• Attacks on your encryption (cryptanalysis).

• Social engineering.
• Key loggers (software/hardware), cameras,
Steganography.
• IoT backdoor – the growing number of
connected devices we have pose a new threat,
they can be a backdoor to other systems. MNP Digital

Cyber threats for CIA…
Threats for integrity

• Alterations of our data.
• Code injections.
• Attacks on your encryption (cryptanalysis).
Threats for availability

• Malicious attacks (DDOS, physical, system compromise,
staff).
• Application failures (errors in the code).
• Component failure (Hardware).
Cyber Threat Classifications
Threats can be •Attacker's Resources

classified by •Attacker's Organization
•Attacker's Funding
multiple criteria:
On basis of these •Unstructured Threats

criteria, threats •Structured Threats
are of 3 types: •Highly Structured threats

Unstructured Cyber Threats
Resources: Individual or small group.
Organization: Little or no organization.
Funding: Negligible.
Attack: Easy to detect and make use of freely available cyberattack tool.
Exploitation based on documented vulnerabilities.

Structured Cyber Threats
Resources: Well trained individual or group.
Organization: Well planned.
Funding: Available.
Attack: Against particular individual or organizations.
Exploitation based on information Gathering.

Highly Structured Cyber Threats
Extensive organization, resources and planning over time.
Attack: Long term attack on particular machine or data.
Exploitation with multiple methods:

• Technical, social and insider help.

Types of threats

Types of threats…

Cyber threat landscape - Global
Average weekly attacks per

organization by Industry H1 2022
compared to 2021
(Checkpoint, 2022)
Cyber threat landscape – Global …
(IBM, 2022)
Chapter One
mechanisms)
Vulnerabilities
vulnerabilities are weaknesses in the software, hardware, people that

can be exploited by attacker
• can be technical, physical, procedure or other

• vulnerabilities exist in security policies and procedures
a weakness or absence of security controls that could be exploited by a

threat

Vulnerability…
It’s impact is determined by the intersection of three elements:
• A system susceptibility or flaw

• Attacker access to the flaw, and
• Attacker capability to exploit the flaw
Common causes
• Design and development flaws

• Poor security management
• Incorrect implementation
• Incorrect usage

Classification of Vulnerabilities
Vulnerabilities are classified according to the asset:
• Hardware.
• Software.
• Network.
• Personal.
• Physical site.
• Organizational.

Chapter One
mechanisms)
Cyber attack
An illegal act Espionage/Spying
to gain
something
from a Denial of Service/
computer Destruction/ Hijack
system
Compromise
Interception
of
– Confidentiality,
SiTE–- AAiT
Integrity,
- AAU 42
Impacts of cyber attacks
Loss public Cyber Political

Money theft
Confidence Terrorism Crisis
National
Decrease Economic
Espionage Image
Market Share Crisis
Degradation
Organization Closing Loss of
Social Crisis
Asset Loss Service Sovereignty
SiTE - AAiT - AAU
Types of cyber attacks
Based on goal/target Based on
– Cyber fraud methods/tools
– Cyber spying – Phishing
• Social engineering
– Cyber bullying
– Brute force attack
– Cyber warfare
– Denial of Service (DoS)
– etc
– Malware
– etc

Cyber fraud, spying and bullying
Cyber fraud
• Cyber attacks that are generally aimed at gaining monetary or related gains for the perpetrator.
Cyber spying
• Cyber attacks aimed at gaining information for the perpetrator.

• One aim of cyber- spying may be to sell the information gained
Cyber bullying
• Cyber attacks which are designed to frighten and intimidate individuals rather than businesses or
government

Cyber warfare
An extreme form of cyber attack where at least one of the parties involved is a nation state.
• Government and critical infrastructure sites attacked by DoS attacks with a view to taking them offline
• Malware introduced to target and damage government and infrastructure facilities
These are much harder to validate as, for obvious reasons, neither the perpetrator or the victim wish
to release information
Examples.

Cyber warfare: global cases
USA Vs China
Russia? Vs USA
North Korea Vs
South Korea, USA
Israel, USA? Vs Iran
SiTE - AAiT - AAU

Phishing
Phishing is the attempt to acquire sensitive information, often for malicious reasons, by
masquerading as a trustworthy entity in an electronic communication
• targets specific organizations for confidential data
Spear phishing
• the targets are high-ranking bankers, executives or others in powerful positions or job titles
Whaling

Phishing…
www.facebook.com or www.faceb00k.com
www.ethiotelecom.et or www.ethiote1ecom.et
SiTE - AAiT - AAU

Social engineering attack
It is a non-
technical
method that
relies heavily on
human
interaction and
often involves
tricking people
into breaking
normal security
Brute force attack
It is a trial and error
method
Generates large number of
guesses and validate them
to obtain passwords
Dictionary attack
– Contains a list of commonly used
passwords and validate them to
get original password
Denial of Service (DoS)
Implies that an attacker disables or
corrupts networks, systems, or
services with the intent to deny
services to intended users
DoS attacks involve either crashing
the system or slowing it down to the
point that it is unusable
DoS can also be as simple as
deleting or corrupting information
which involves running a hack or
script.

SiTEExample:
- AAiT - AAU E-mail bombs, 52
Malware
Malware - malicious Types of malware
– Virus
software
– Worm
Malicious computer
– Trojan horse
program that runs – Backdoor
without the consent of – Spyware
user. – Bots
– Rootkit
– etc

Viruses
 Self replicating.
 Require host to spread.
 Interfere with computer operation.
 Corrupt or delete data.
 Targets are:
– Executable files.
– Disk's boot sector.
– Documents that supports macros.

Worms
 Self-replicating.
 Spread over a network.
– May not need user intervention
 Don’t need to attach on existing programs.
 Use exploitable vulnerabilities.
– Un-patched machines are vulnerable
 Propagate carrying dangerous payloads.

Trojan Horses
Appear to have useful
purpose, but hide a
malicious capability.
 Crash systems or destroy
data.
–E.g. A DVD writer software
package appears to convert
read-only DVD drive into a
drive
SiTE - AAiT - AAU that could write DVDs. 56
Backdoors
Allows an attacker to access a machine using an alternative
entry method.
Bypass normal system security controls such as user IDs and
passwords.
The remote attacker:
– Can reconfigure or install any software.
– Will have greater understanding and control of the machine.
– May harden the system to prevent other attackers - doing the job
of the legitimate system administrator.
If you don't own your machine, someone else will
SiTEown it for you.
- AAiT - AAU 57
Backdoor Trojan Horses
Backdoors melded into Trojan horses.
The attacker control the system remotely.
Harvest sensitive information from the victim.
Types of Trojan Horse Backdoor
– Application-level Trojan horse backdoor
– User-mode Rootkits
– Kernel-mode Rootkits

Application-level Trojan horse
backdoors
Separate application to a system to control it
across the network.
– Analogy: An attacker adds poison to your soup that you are
going to eat.
Types of application-level Trojan horse backdoors
– Remote-Control Backdoors
– Bots
– Spyware

Remote-Control Backdoors
A Remote-Control Backdoor Can
 Full control of any file on the
system
 Remotely execute any command
Log keystrokes - gather passwords
& sensitive information
Pop-up dialog - utilize social
engineering
GUI control - control keyboard and
60
mouse.
SiTE - AAiT - AAU
Bots
Bots are software programs to control many
infected machines simultaneously by a single
attacker .
 Some of Bot functionalities are:
Denial-of service flood
Vulnerability scanner
File morphing capabilities
Anonymizing HTTP proxy
E-mail address harvester 61
SiTE - AAiT - AAU
Spyware
Performs certain activities without users’
consent, such as:
– Gathering users' surfing habits to know their interest &
advertise.
– Collecting personal information
– Phone no., address, credit card no. etc
– Customizing or filtering Web search results
– Inserting pop-up ads
– Changing the configuration of users’ computer
– Grabbing keystrokes and sending them to the attacker

User-Mode Rootkits
Modify critical operating system executables or
libraries to let an attacker have backdoor access
and hide on the system.
–Analogy: An attacker replaces the potatoes in
your soup with genetically modified potatoes
that are poisonous.
One of the technique is the in memory
modification of system DLLs.

Kernel-Mode Rootkits
The kernel is modified to foster backdoor access
and allow the attacker to hide.
The kernel itself becomes a Trojan horse, looking
like a nice, well-behaved kernel.
–Analogy: An attacker replace your tongue with
a modified, poison tongue .
Have execution redirection capability.
– Intercepts calls and map to run attacker’s application.
Kernel-Mode Rootkits can hide file, process,
network
SiTE - AAiT - AAU port usage 64
Malware Propagation Mechanisms
Removable Storage
 Floppy disks
 Flash disks.
 Memory cards. etc
Shared Directories
 A multiuser file server
Vulnerable (un-patched) machines.
Vulnerable browsers

Malware Propagation Mechanisms…
Downloads
– Illicit software, games, etc that
appear useful and attractive but
hiding malicious programs.
E-Mail attachments
– Executable files & documents
– Funny images & greeting cards
– Audio and video files. Etc
– Virustotal.com

Malware Propagation Mechanisms…
Phishing Attacks and URL Obfuscation
– E-mail with no attachment, but link to a web site that appears to
belong to a legitimate enterprise but to an evil web site.
– The e-mails are spoofed to appear to come from a trusted
source.

Chapter One
mechanisms)
Discussion
What are the • Technical

main • Managerial
cybersecurity • Human related
solutions • Physical

Cybersecurity solutions
Are cybersecurity controls which will help to
defend cyber attacks and assure
cybersecurity Solutions Can be
• Defence in depth
• Standards and frameworks
• ISO27001
• NIST Cybersecurity Framework • Technical
• Managerial
• Human related
Different models and approaches are • Physical
recommended

Defense-in-Depth
Using a layered
Strong passwords, ACLs,
approach: Data encryption, EFS, backup
and restore strategy
Increases an
Application Application hardening
attacker’s risk of
OS hardening, authentication,
detection Host update management, antivirus updates,
auditing
Reduces an
Internal network Network segments, IPSec, NIDS
attacker’s
Firewalls, boarder routers, VPNs with
chance of Perimeter
quarantine procedures
success Physical
Physical security
security Guards, locks, tracking devices
Policies,
Security policies, procedures, and
Policies, procedures,
procedures, and
and awareness
awareness education
SiTE - AAiT - AAU

NIST Cybersecurity Framework
Developed by US
National Institute
of Standards and
Technology
It is a Framework
for Improving
Critical
Infrastructure
Cybersecurity
Consists five
functions and 21
categories

ISO/IEC 27001 and 27002
(Standards)
Developed by ISO and IEC
ISO/IEC 27001:2022
Information security,
cybersecurity and privacy
protection — Information
security management
systems — Requirements
ISO/IEC 27002:2022
Information security,
cybersecurity and privacy
protection — Information
security controls
Cybersecurity good practices
Harden your system configuration
Look for unusual TCP and UDP Ports
– Close unused ports
Apply security patches.
Use difficult-to-guess passwords.
Use antivirus and antispyware.
– Update your antivirus and antispyware

Cybersecurity good practices…
Use the Internet Carefully
– Don’t use vulnerable browser.
– Make sure that e-mail attachments are from source and are not
malicious before opening them.
– Don't respond to unsolicited e-mail that appears to come from e-
commerce sites or banks.
– When you surf to a Web site that requests sensitive information
make sure that the site is legitimate.

Handle Pop-up dialog boxes carefully
Don’t do everything your computer tells you to
do.
E.g. attacker
password
collector

Know your software before install
– Check it using antivirus and antispyware.
– Make sure that the developer is trustworthy.
– Run software from trusted developers only.
– Check the digital fingerprint to verify that the program has not
been altered.

Chapter One
Cybersecurity solutions (models and mechanisms)
engineering
Importance
Attackers are constantly trying to find security breaches in software systems.
• organizations and developers need to be aware of the potential threats and the way to defend them
Software is now a critical part of most businesses,
• to ensure systems are safe from malicious attacks and unauthorized access.
• to ensure user privacy
Importance of cyber security measures have become integral to software development
software security has become a crucial factor in the success of any modern business.

Benefits of security in software
development
Protects the reputation of •When security measures are in place, organizations can protect their reputation from security
organizations. breaches.
•By implementing security measures, organizations can reduce the security risks posed by
Reduces security risks. malicious actors.
Ensures user privacy. •Security measures help ensure that users’ data and information remain secure.
•When security measures are in place, organizations can be confident that their data and
Provides peace of mind. systems remain safe from malicious attacks.
•HIPAA, GDPR, and other security regulations require organizations to have security measures
Ensures regulation compliance. in place.
•Cyber security measures can help organizations save money by preventing security breaches
Saves the bottom line. and associated costs.

Benefits for software engineers
Protect themselves from cyber attack
• Secure citizens
• Secure organizations
• Secure nation
Protect their systems from cyber attack
Select secure systems and platforms for their work
Develop secure systems which contribute towards
May engage on cybersecurity jobs

Thank you!

Fundamentals of CS - Chapter One

Uploaded by

Copyright:

Available Formats

Fundamentals of CS - Chapter One

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fundamentals of CS - Chapter One

Uploaded by

Copyright:

Available Formats

Fundamentals of Cybersecurity

Course Introduction and Chapter One

School of Information Technology and Engineering

SiTE - AAiT - AAU 3

SiTE - AAiT - AAU 4

SiTE - AAiT - AAU 5

Chapter Two: Cybersecurity Risks

Chapter Three: Cryptography

Chapter Four: Application and OS Security

Chapter Five: Web security

Chapter Six: Database security

Chapter Seven: Network security

Chapter Eight: Mobile Security

Chapter Nine: Security Assessment and Evaluation

SiTE - AAiT - AAU 6

• combining form in nouns and adjectives

Cyber - Cambridge Dictionary

Sometimes refers to cyberspace

SiTE - AAiT - AAU 8

consists of four different layers (Kremling and Parker, 2016)

SiTE - AAiT - AAU 9

SiTE - AAiT - AAU 10

SiTE - AAiT - AAU 11

SiTE - AAiT - AAU

SiTE - AAiT - AAU 14

Security is the activities involved in protecting

SiTE - AAiT - AAU 16

• Organizations must protect physical assets including its

SiTE - AAiT - AAU 17

This includes a wide range of security operations, including

SiTE - AAiT - AAU 18

SiTE - AAiT - AAU 20

Identification: who you are

Authentication: the way to prove yourself.

SiTE - AAiT - AAU 22

• Access Control models. What and how we implement depends on the

Accountability: also referred to as Auditing

• Trace an action to a subject’s identity

SiTE - AAiT - AAU 23

It refers to the wide range of malicious activities

SiTE - AAiT - AAU 25

SiTE - AAiT - AAU 26

Threats for confidentiality

• Attacks on your encryption (cryptanalysis).

SiTE - AAiT - AAU 27

Threats for integrity

Threats for availability

Threats can be •Attacker's Resources

On basis of these •Unstructured Threats

SiTE - AAiT - AAU 29

Resources: Individual or small group.

Organization: Little or no organization.

Exploitation based on documented vulnerabilities.

SiTE - AAiT - AAU 30

Resources: Well trained individual or group.

Organization: Well planned.

Attack: Against particular individual or organizations.

Exploitation based on information Gathering.

SiTE - AAiT - AAU 31