Cyber Security Notes

Introduction

  • Digital notes on cyber security for B.Tech III Year – II Sem (R18) (2020-2021).

  • Department of Information Technology, Malla Reddy College of Engineering & Technology.

Course Objectives

  • Understand cyber-attacks and cyber-crimes.

  • Learn threats and risks within the context of cyber security.

  • Overview of cyber laws & concepts of cyber forensics.

  • Study defensive techniques against these attacks.

UNIT -I: Introduction to Cyber Security

  • Basic Cyber Security Concepts, layers of security. These may include physical, network, application, and data security layers.

  • Vulnerability, threat, Harmful acts. Vulnerabilities are weaknesses in a system; threats are potential dangers that can exploit these vulnerabilities, leading to harmful acts.

  • Internet Governance – Challenges and Constraints. Includes issues like censorship, data privacy, and international cooperation.

  • Computer Criminals, CIA Triad, Assets and Threat, motive of attackers. Understanding the profiles and motivations of cybercriminals is crucial for effective cyber security.

  • Active attacks, passive attacks. Active attacks involve altering system resources or data, while passive attacks involve monitoring or intercepting data without altering it.

  • Software attacks, hardware attacks. Software attacks target vulnerabilities in software, while hardware attacks involve physical manipulation or damage to hardware.

  • Cyber Threats: Cyber Warfare, Cyber Crime, Cyber terrorism, Cyber Espionage, etc. These represent different forms and scales of cyber threats, ranging from individual acts of crime to state-sponsored warfare.

  • Comprehensive Cyber Security Policy. A well-defined and regularly updated cyber security policy is essential for organizations to protect their assets and data.

UNIT - II: Cyberspace and the Law & Cyber Forensics

  • Introduction, Cyber Security Regulations, Roles of International Law. Includes understanding legal frameworks related to cyber security and the roles of international bodies.

  • The INDIAN Cyberspace, National Cyber Security Policy. Focus on India's specific cyber landscape and policies.

  • Introduction, Historical background of Cyber forensics, Digital Forensics Science. Study the history and principles of digital forensics.

  • The Need for Computer Forensics, Cyber Forensics and Digital evidence, Forensics Analysis of Email. Emphasizes the importance of computer forensics in investigating cybercrimes and analyzing digital evidence.

  • Digital Forensics Lifecycle, Forensics Investigation, Challenges in Computer Forensics. Understand the steps involved in a digital forensics investigation and the challenges faced by investigators.

UNIT - III: Cybercrime: Mobile and Wireless Devices

  • Introduction, Proliferation of Mobile and Wireless Devices, Trends in Mobility. Discusses the increasing use of mobile devices and the security implications.

  • Credit card Frauds in Mobile and Wireless Computing Era. Focus on the specific risks and vulnerabilities associated with credit card fraud in mobile environments.

  • Security Challenges Posed by Mobile Devices. Discusses the unique security challenges posed by mobile devices, such as malware, data leakage, and device theft.

  • Registry Settings for Mobile Devices, Authentication service Security. Understanding the security of registry settings and authentication services in mobile devices.

  • Attacks on Mobile/Cell Phones, Organizational security Policies and Measures in Mobile Computing Era, Laptops. Covers various types of attacks on mobile devices and the security measures organizations can implement.

UNIT- IV: Cyber Security: Organizational Implications

  • Introduction, cost of cybercrimes and IPR issues, web threats for organizations, security and privacy implications. Discusses the financial and legal implications of cybercrimes for organizations.

  • Social media marketing: security risks and perils for organizations, social computing and the associated challenges for organizations. Focus on the risks associated with social media marketing and social computing in organizations.

UNIT - V: Privacy Issues

  • Basic Data Privacy Concepts: Fundamental Concepts, Data Privacy Attacks, Datalinking and profiling. Covers the fundamental concepts of data privacy and the various attacks that can compromise privacy.

  • Privacy policies and their specifications, privacy policy languages, privacy in different domains- medical, financial, etc. Understand privacy policies, policy languages, and privacy considerations in different domains.

  • Cybercrime: Examples and Mini-Cases Examples: Official Website of Maharashtra Government Hacked, Indian Banks Lose Millions of Rupees, Parliament Attack, Pune City Police Bust Nigerian Racket, e-mail spoofing instances. Illustrates real-world examples of cybercrimes and their impact.

  • Mini-Cases: The Indian Case of online Gambling, An Indian Case of Intellectual Property Crime, Financial Frauds in Cyber Domain. Analysis of specific cases related to cybercrime in India.

Cyber Security Introduction - Cyber Security Basics

  • Cyber security is a critical concern due to increasing cyber threats and sophisticated attacker techniques. Cyber security becomes more critical as cyber threats become more common and attackers develop more sophisticated strategies.

  • Impacts individuals, small businesses, and large organizations. Cyber security affects individuals, small businesses, and large organizations alike, because any can save as the target of a cyber attack.

  • Firms are prioritizing measures to deal with cyber threats. Companies are focusing on initiatives to combat cyber threats, reflecting the rising awareness of the need to address associated risks.

  • Cyber security involves people, processes, and technologies. A comprehensive approach to cyber security includes people, processes, and technology, combining human knowledge, well-defined procedures, and innovative technologies.

  • Encompasses threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies. Threat reduction, vulnerability reduction, deterrence, international cooperation, incident response, resilience, and recovery policies are all part of cyber security.

  • Includes computer network operations, information assurance, and law enforcement. Computer network operations, information security, and law enforcement are all examples of the wide range of tasks related to cyber security.

  • Cyber security protects networks, computers, programs, and data from attack, damage, or unauthorized access. Cyber security's goal is to shield networks, computers, programs, and data against unauthorized access, damage, and attacks.

  • Cyber relates to technology (systems, network, programs, data). Cyber relates to technology, i.e., systems, networks, programs, and data.

  • Security relates to protection (systems security, network security, application and information security). Security is related to protection, i.e., system security, network security, application and information security.

Why Cyber Security is Important

  • Cyber attacks can be extremely expensive for businesses. Cyber attacks can carry extraordinarily high financial costs for businesses, with expenses, legal fees, and recovery expenses accruing.

  • Data breaches can inflict reputational damage. Data breaches can inflict reputational damage, causing consumers to lose trust and confidence in the organization.

  • Cybercriminals are using more sophisticated attack methods. Cybercriminals are utilizing increasingly complex assault techniques, therefore, it's important organizations stay ahead of emerging threats.

  • Regulations like GDPR are forcing organizations to better protect personal data. Regulations such as GDPR compel organizations to implement stronger safeguards for personal data, or risk penalties.

  • Focus is on developing response plans to minimize damage from cyber attacks. Organizations are concentrating on response plans to reduce the impact of cyber attacks.

  • Requires a good understanding of cyber security fundamentals. A strong understanding of cyber security fundamentals is essential to successfully execute protection measures and reduce risks.

Cyber Security Fundamentals
Confidentiality

  • Preventing data disclosure to unauthorized parties, keep identities of authorized parties private. Preventing data from being disclosed to unauthorized parties and protecting the identities of authorized parties is a fundamental aspect of protecting sensitive information.

  • Compromised by cracking encrypted data, Man-in-the-Middle (MITM) attacks, disclosing sensitive data. The act of publicizing sensitive information or decrypting encrypted data is a breach of trust; the vulnerability of data may be compromised via Man-in-the-Middle assaults.

  • Standard measures: - Data encryption

    • Two-factor authentication

    • Biometric verification

    • Security tokens

Integrity

  • Protecting information from unauthorized modification. Protecting information against modification by unauthorized parties is an important element of guaranteeing data accuracy and dependability.

  • Standard measures: - Cryptographic checksums

    • File permissions

    • Uninterrupted power supplies

    • Data backups

Availability

  • Ensuring authorized parties can access information when needed. Ensuring that authorized parties have access to information when they need it is critical for sustaining productivity and enabling seamless operations.

  • Standard measures: - Backing up data to external drives

    • Implementing firewalls

    • Having backup power supplies

    • Data redundancy

Types of Cyber Attacks

  • Exploitation of computer systems and networks using malicious code. The exploitation of computer systems and networks through the use of malicious code leads to substantial harm and compromise.

  • Leads to cybercrimes like information and identity theft. Cybercrimes like information and identity theft are the result of cyber attacks, because these crimes often result in financial losses and privacy violations.

Web-based attacks

  • Attacks on websites or web applications.

Injection attacks

  • Injecting data into a web application to manipulate it and fetch information (e.g., SQL Injection, code Injection, log Injection, XML Injection). Injecting data into a web application to manipulate it and retrieve information can take the form of SQL Injection, code Injection, log Injection, or XML Injection, depending on the circumstances.

DNS Spoofing

  • Introducing incorrect data into a DNS resolver's cache, causing redirection of traffic to an attacker's computer. The attacker hopes to misdirect traffic to their own computer by adding inaccurate data to a DNS resolver cache.

Session Hijacking

  • Stealing cookies to access user data over a protected network. Over a secure network, stealing cookies enables users to access user data, therefore, they must protect against session hijacking.

Phishing

  • Stealing sensitive information by masquerading as a trustworthy entity. Stealing consumers' sensitive information by posing as a trustworthy entity can be accomplished through phishing.

Brute force

*   Trial and error method to obtain data like passwords and PINs.

Denial of Service

  • Making a server or network resource unavailable by flooding it with traffic or triggering a crash. Making a server or network resource out of reach requires either causing a crash or inundating it with traffic.

  • Volume-based attacks: Saturate bandwidth, measured in bits per second.

  • Protocol attacks: Consume server resources, measured in packets.

  • Application layer attacks: Crash the web server, measured in requests per second.

Dictionary attacks

  • Validating commonly used passwords to get the original password. If you want to steal someone's password, try entering very common words into their computer via a dictionary attack.

URL Interpretation

  • Changing parts of a URL to access unauthorized web pages. Gaining access to restricted websites requires manipulating certain components of a URL, which is known as URL interpretation.

File Inclusion attacks

  • Accessing unauthorized files on the web server or executing malicious files. Gaining access to restricted files on the web server or running harmful files requires the use of file inclusion attacks.

Man in the middle attacks

  • Intercepting the connection between client and server to read, insert, and modify data. Man-in-the-middle attacks occur when the connection between a client and a server is intercepted, enabling one to read, insert, and change data.

System-based attacks

  • Attacks intended to compromise a computer or network.

Virus

  • Malicious software that spreads throughout computer files without user knowledge, replicates by inserting copies of itself into other programs. Causes harm to the system upon execution. When a user runs a virus, it damages their system as quickly as possible. The virus spreads to other file systems without the user's permission by replicating itself in those files.

Worm

  • Malware that replicates itself to spread to uninfected computers, often via email attachments. A worm is a type of malware that spreads by replicating itself in order to contaminate devices. The worm spreads to other devices via malware-laden email attachments and other channels.

Trojan horse

  • Malicious program disguised as legitimate software, causing unexpected changes and unusual activity. The Trojan horse is a malware that is disguised as legitimate software. The goal of Trojans is to result in unexpected modifications and aberrant activity on the system.

Backdoors

  • Methods to bypass normal authentication processes for troubleshooting or other purposes. Implementing a backdoor is a way to avoid the regular authentication processes for the sake of troubleshooting or other reasons.

Bots

  • Automated processes that interact with network services (e.g., crawlers, chatroom bots, malicious bots). Automated processes that communicate with network services are bots (for example, crawlers, chatroom bots, and harmful bots).

The 7 Layers of Cyber Security

  1. Mission Critical Assets – Data to protect.

  2. Data Security – Controls protect storage and transfer of data.

  3. Application Security – Controls protect access to apps and the security within the application.

  4. Endpoint Security – Controls protect the connection between devices and the network.

  5. Network Security – Controls protect an organization’s network, prevent unauthorized access.

  6. Perimeter Security – Physical and digital security methodologies to protect the business overall.

  7. The Human Layer – Humans are the weakest link. Controls include phishing simulations and access management.

Vulnerability, Threat, Harmful Acts

  • No system is immune to attacks. Security flaws and human mistakes ensure that every system is vulnerable to attacks.

  • Companies must monitor their cyber environment, identify vulnerabilities, and close security holes. Organizations need to actively police their cyber environment, identify vulnerabilities, and remedy security holes in order to reduce risks.

  • Cyber threats are security incidents with the potential for a negative outcome. A cyber threat is any sort of security event that could potentially have negative effects on a company or an individual.

  • Examples include phishing attacks, staff failing to follow data protection protocols, and natural disasters. These are some examples of things that can cause security issues: phishing attacks, staff members' noncompliance with data security procedures, and even natural disasters.

  • Vulnerabilities are weaknesses in a system that make threats possible. System flaws can make threats doable, thus,, threats are the most common cause of attacks.

  • Examples include SQL injections, server misconfigurations, cross-site scripting, and unencrypted data. Data that is not encrypted, cross-site scripting attacks, SQL injections, and misconfigured servers are examples of system flaws that could occur.

  • Risk is threat probability multiplied by potential loss. Loss potential and hazard probability define the amount of risk a business faces.

SECURITY VULNERABILITIES, THREATS AND ATTACKS

  • Categories of vulnerabilities: - Corrupted (Loss of integrity)

    • Leaky (Loss of confidentiality)

    • Unavailable or very slow (Loss of availability)

  • Threats represent potential security harm to an asset when vulnerabilities are exploited. Threats represent potential security harm to an asset when vulnerabilities are exploited, which is referred to as an exploit.

  • Attacks are threats that have been carried out

    • Passive – Make use of information without affecting system resources

    • Active – Alter system resources or affect operation

    • Insider – Initiated by an entity inside the organization

    • Outsider – Initiated from outside the perimeter

Computer criminals

  • Computer criminals have access to hardware, software, and data, and can cripple businesses and government. Government and business may be endangered by computer criminals possessing access to vital hardware, software, and information.

  • Computer crime involves a computer or is aided by one. The use of a computer, or the provision of assistance by one, is an element of computer crime.

  • Prevention involves understanding the characteristics of computer criminals. Comprehending the nature and traits of computer criminals is vital if one is to take preventative action against their actions.

CIA Triad

  • Security model to help people think about IT security. The CIA Triad is employed to highlight the necessity of firms sustaining IT security.

Confidentiality

  • Protecting sensitive information from unauthorized access. In IT security, assuring confidentiality of sensitive information is essential to protect it against unauthorized access.

  • Involves defining access levels for information. Characterizing the various degrees of information accessibility contributes to the maintenance of its confidentiality.

  • Means to manage confidentiality: - Access control lists

    • Volume and file encryption

    • Unix file permissions

Integrity

  • Protecting data from deletion or modification from unauthorized parties. Guarding data against modification or deletion by unapproved parties is essential to preserving its integrity.

Availability

  • Ensuring data is available when needed. Assuring continuous data access requires that data is accessible to those that require it at any moment.

  • Requires proper functioning of authentication mechanisms, access channels, and systems. The authentication mechanisms, access channels, and systems must all function properly to secure data availability.

Understanding the CIA triad

  • Core factor of IT security but promotes a limited view. Although the CIA triad is a core component of IT security, it promotes a restricted viewpoint.

  • Doesn't guarantee that someone hasn't used your hardware resources without authorization. This model doesn't offer any assurances that unauthorized parties have not utilized your hardware resources.

  • Important to understand its limitations. A comprehensive understanding of the implications of its limitations is vital.

Assets and Threat
Asset:

  • Any valuable data, device, or component of an organization’s systems, often because it contains sensitive data or can be used to access it. To an organization, it is of utmost importance that any element of its systems--be it a piece of hardware, software, or information--be guarded against unwanted access or use.

Threat:

  • Any incident that could negatively affect an asset. An incident that may have a detrimental effect on the welfare of the organization is referred to as a threat.

  • Compromising confidentiality, integrity, or availability. It may include jeopardizing the security, dependability, or accessibility of computer resources.

  • Can be intentional or accidental. Either accidental or deliberate acts can bring them about.

Motive of Attackers

  • Operational cyber security risks arise from inadvertent actions, deliberate actions, and inaction. Inadvertent deeds, deliberate actions, and complacency all contribute to operational cyber security concerns.

  • Primary concern is deliberate actions with three categories of motivation:1. Political motivations: destroying, disrupting, or taking control of targets; espionage; protests.

    1. Economic motivations: theft of intellectual property; fraud; industrial espionage; blackmail.

    2. Socio-cultural motivations: attacks with philosophical, theological, political, and humanitarian goals; fun, curiosity, publicity.

Active attacks

  • Hacker attempts to make changes to data on the target or data en route to the target. As part of an active attack, hackers try to change data on the target itself or in transit to the target.

Types of Active attacks:

  • Masquerade: Intruder pretends to be a user to gain access or privileges; may use stolen login IDs, passwords, or security gaps. An intruder masquerades as a genuine user to gain access and exploits stolen login credentials, security flaws, or passwords in the process.

  • Session replay: Hacker steals an authorized user’s log in information by stealing the session ID. When a hacker successfully obtains the session ID of a genuine user, their session information can be used to replay the user's activities and gain access to the system.

  • Message modification: Intruder alters packet header addresses to direct a message to a different destination or modify the data on a target machine. Modifying packet header addresses to alter the message's address or modifying the data on a target device is a component of message modification.

  • Denial of service (DoS): Users are deprived of access to a network or web resource, generally by overwhelming the target with traffic. Customers find that they are unable to access web resources or networks because the target is overloaded with traffic, which causes a denial of service attack.

  • Distributed denial-of-service (DDoS): Large numbers of compromised systems attack a single target. Large numbers of compromised systems are harnessed to carry out a distributed denial-of-service attack. The goal is to overload and paralyze the target system.

Passive Attacks

  • Can be carried out with relative ease, particularly if the traffic is not encrypted. If the traffic is sent unencrypted, carrying out passive attacks is remarkably easy.

Types of Passive attacks:

  • Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities. For the attack to be useful, the traffic must not be encrypted. If attackers listen in on conversations between two parties, it is called eavesdropping. The traffic must not be encrypted if the attack is to succeed.

  • Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce information relating to the exchange and the participating entities. An attacker who examines the metadata traffic is engaging in traffic analysis with the intention of deducing important details about the interchange and actors involved.

Software Attacks

  • Malicious code (malware) is software designed to take over or damage a computer user's operating system, without the user's knowledge or approval. Intentional creation of malware is defined as the act of developing harmful code, which is specifically designed to compromise or damage a computer user's operating system without their consent.

Attack Characteristics

Virus

  • A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A computer virus is a software that spreads itself out to other computers while at the same time trying to corrupt the system that it infects.

Worm

  • A worm is a self-replicating program that can be designed to do any number of things, such as delete files or send documents via e-mail. A worm is a malicious piece of software that can be programmed to do anything a developer wants it to do, including sending files via email and damaging files.

Trojan horse

  • A Trojan horse is a malicious program that is disguised as legitimate software. The malware known as a Trojan horse is designed to look like legitimate software.

Logic Bomb

  • A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a sort of malware that only becomes active once it is triggered.

Hardware Attacks

  • Common hardware attacks include: - Manufacturing backdoors

    • Eavesdropping by gaining access to protected memory

    • Inducing faults, causing the interruption of normal behaviour

    • Hardware modification tampering with invasive operations

    • Backdoor creation

    • Counterfeiting product assets that can produce extraordinary operations and those made to gain malicious access to systems.

Cyber Threats-Cyber Warfare

  • Cyber warfare: use of digital attacks by one country to disrupt the vital computer systems of another, to create damage, death and destruction. When one country employs digital tactics to target the crucial computer networks of another, the result is what is known as cyber warfare, which can cause extensive damage, deaths, and devastation.

  • Future wars involves the hackers attacking enemy infrastructure, fighting alongside troops using conventional weapons. Hackers will play a pivotal role in future armed conflicts by attacking target infrastructure and working in conjunction with soldiers that utilize conventional weaponry.

  • Cyber warfare: actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks. Cyber warfare is described as the activities carried out by either a nation-state or an international organization to damage a country's networks or computers.

Cyber Crime

  • Cybercrime: criminal activity that targets or uses a computer, a computer network or a