CyberSecurity 101

All images used in the Presentation are part of the Creative Common License

Facts

• Digitalization has made our life super easy.
• But Security is the biggest Challenge.
• Cyber Attacks is no more a fun. It is very organized business.
• Every system can be compromised but your matured action will help to protect your resources and enable to operate Security in the digital world. Security Hygiene is essential to ensure data security.

2

3

https://www.thesslstore.com/

blog/cyber-crime-statistics/

4

https://www.cloudwards.net/cyber-security-statistics/

A Movie clip of 1995

5

Goal of the Course

• Overview of Cyber Security
• Cryptography & its Application
• Network and Infrastructure Security
• Cyber Security Vulnerabilities & Safe Guards

​

6

Overview

Overview of CyberSecurity

​

Cyber Space

A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, embedded processors and controllers.

​

-- A Definition of Cyberspace

8

Q&A

• What is Security?
• What is CyberSecurity?
• Is there a Difference?

​

Security as a paradigm is not something exclusive to IT. The first patent on electro-magnetic alarms was filed in 1853.

9

CyberSecurity

CyberSecurity consists of strategy, policy, and standards regarding the security of and operations in cyberspace, encompassing the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

10

*National Initiative for Cybersecurity Careers and Studies (a division of the Department of Homeland Security)

CyberSecurity Challenges

• Cyberspace has inherent vulnerabilities that cannot be Removed
• Innumerable entry points to internet.
• Assigning attribution: Internet technology makes it relatively easy to misdirect attribution to other parties
• Computer Network Defense techniques, tactics and practices largely protect individual systems and networks rather than critical operations (missions)
• Attack technology outpacing defense technology
• Nation states, non-state actors, and individuals are at a peer level, all capable of waging attacks

11

Why Online Security ?

12

• Data Protection

​

​

​

• Mobile Technology

• Multiple Vendors

​

​

​

• Global Business

Actors in CyberSecurity

• Hackers

​

​

​

• Internal Users

13

• Hactivism

​

​

​

• Governments

Motives

• Just Play
• Monetary Gain
• Political Actions and Movements
• Hire Me

14

A Movie clip of 1985

15

Access Control 1/2

• Foundation Stone of Security : IS Controlling how resources are accessed so that they are protected from unauthorized modification or disclosure.
• Access can be controlled can be technical, physical, or administrative:
• Obtain and use information and related information processing services; and
• Enter specific physical facilities.

16

Access Control 2/2

PLEASE REMEMBER

• Access is the ability to do something with a computer resource.
• Authorization on the other hand is the permission to use a resource. Permission is granted by the application or the owner of the system.
• And Authentication is proving that users are who they claim to be.

17

CIA Triad

18

CIA

• Confidentiality: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
• Integrity: The property whereby information has not been modified or destroyed in an unauthorized manner.
• Availability: the property of being accessible.�

19

Basic Concept of Access Control

• Identification: user provides identification information such as a user name.
• Authentication: the identification information is verified through things such as passwords.
• Authorization: Using specific criteria a determination is made of operations a user can carry out.
• Accountability: Monitoring and logging is enabled to track what ever a user does.

20

Threats to Security

21

CyberSecurity START…

• Security Program
• Admin Control
• Asset Management
• Technical Control

​

​

​

• How Much data is produced per Minute ?

22

How your Data is used…

23

How your Data is used…

24

Software Development Security 1/5

• Protect the brand your customers trust. Attackers will not just disrupt business operations, but may also impact consumer confidence.
• Know your business and support it with secure solutions. A security professional must not only have a strong background in technology, but must also have a through understanding of the business when it comes to creating secure solutions.

25

Information Security Certification https://www.isc2.org/

Software Development Security 2/5

• Understand the technology of the software. A lack of understanding of the technology used to build or buy software can lead to insecure implementations of the software.
• Ensure compliance to governance, regulations, and privacy. A software security professional needs to be well versed in meeting regulatory and privacy requirements

26

Information Security Certification https://www.isc2.org/

Software Development Security 3/5

• Basic components of software security. Confidentiality, Integrity, Availability, Authentication, Authorization, Auditing and the management of configuration, sessions, and exceptions
• Ensure the protection of sensitive information. It’s vital that any sensitive information be protected as well.

27

Information Security Certification https://www.isc2.org/

Software Development Security 4/5

• Design software with secure features. When a software developer focuses only on finding security issues in code, he or she runs the risk of missing out on vulnerabilities such as business logic flaws, which can’t be detected in code.
• Develop software with secure features. It is imperative that secure features are not ignored when design artifacts are converted into syntax constructs.

28

Information Security Certification https://www.isc2.org/

Software Development Security 5/5

• Deploy software with secure features. A development team needs to ensure that the development and test environments properly simulate the production environment.
• Educate yourself and others on how to build secure software. It is important to create a culture that factors in software security from the very beginning by default.

29

Information Security Certification https://www.isc2.org/ …

Question & Answers

Overview of CyberSecurity

​

WriteTo: imukhopadhyay@kol.amity.edu

​

31

Overview

Overview of CyberSecurity

​

All images used in the Presentation are part of the Creative Common License

Statistics at a Glance 1/2

• 94% of malware is delivered via email
• Phishing attacks account for more than 80% of reported security incidents
• $17,700 is lost every minute due to phishing attacks
• 60 percent of breaches involved vulnerabilities for which a patch was available but not applied
• 63 percent of companies said their data was potentially compromised within the last twelve months due to a hardware- or silicon-level security breach

33

Statistics at a Glance 2/2

• Attacks on IoT devices tripled in the first half of 2019.
• File-less attacks grew by 256 percent over the first half of 2019
• Data breaches cost enterprises an average of $3.92 million
• 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill.

​

​

​

​

https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html

34

Attack

An attack is an information security threat that involves an attempt to obtain, alter, destroy, remove, implant or reveal information without authorized access or permission. It happens to both individuals and organizations. There are many different kinds of attacks, including but not limited to passive, active, targeted, clickjacking, brandjacking, botnet, phishing, spamming, inside and outside.

35

Threat

• An incident that has the potential to harm a system. There are three main types of threats:
• Natural Threats: e.g. floods, fire.
• Unintentional Threats: e.g. employee mistakenly accessing the wrong information.
• Intentional Threats: e.g. such as spyware, malware, adware companies, or the actions of a disgruntled employee.

​

36

Vulnerabilities

Refers to a known weakness of an asset (resource) that can be exploited by one or more attackers. In other words, it is a known issue that allows an attack to succeed. For example, when a team member resigns and you forget to disable their access to external accounts, change logins, or remove their names from company credit cards, this leaves your business open to both intentional and unintentional threats.

37

Zero Day Exploit (Attack)

Occurs when a software contains a critical security vulnerability of which the vendor is unaware. The vulnerability only becomes known when a hacker is detected exploiting the vulnerability, hence the term Zero-Day Exploit. The systems is left vulnerable to attack until the vendor releases a patch to correct the vulnerability. E.g. In 2014, a zero-day attack targeted Sony Pictures brought down Sony Network.

38

Risk

Risk is defined as the potential for loss or damage when a threat exploits a vulnerability. Examples of risk include financial losses, loss of privacy, reputational damage, legal implications, and even loss of life.

​

• Risk can also be defined as follows

Risk = Threat X Vulnerability

​

39

Social Engineering

• The clever manipulation of the natural human tendency to trust.
• Can be done by Humans or Computers.

40

Social Engineering

41

Social Engineering - Malware / Ransomware

42

Social Engineering - Malware / Ransomware

43

Social Engineering Attack

44

How a Cyber Attack Starts ?

• Reconnaissance (information gathering)
• Passive
• Active
• Scanning and scrutinizing information for its validity
• Identifying existing vulnerabilities
• Launching an attack (gaining and maintaining system access)

​

45

Lets Concentrate on Social Engineering Attacks…

46

Social Engg – Human Based

• Impersonating an employee or valid user
• Posing as an important user
• Using a third person
• Calling technical support
• Shoulder surfing
• Dumpster diving

47

Social Engg – Computer Based

• Fake E-Mails
• E-Mail attachments
• Pop-up windows

​

​

Social Engineering and dumpster diving are considered passive information gathering methods.

​

48

Impact of Hacking

• Identity stolen
• Data Loss
• Financial Loss
• CIA Compromised
• Loss of reputation , brand value
• May Lose customer (Brand Dilation) and market share can fall

​

…

49

Question & Answers

Overview of CyberSecurity

​

WriteTo: imukhopadhyay@kol.amity.edu

​

51

Overview

Overview of CyberSecurity

​

Lab Session

​

All images used in the Presentation are part of the Creative Common License

Important Disclaimer !!!

The following software and tools should only be used on networks or systems you own or have permission to scan, as unauthorized scanning can violate policies or laws.

53

Port Scanner

• A port scan is a method for determining which ports on a network are open.
• It is also valuable for testing network security and the strength of the system's firewall.
• Due to this functionality, it is also a popular reconnaissance tool for attackers seeking a weak point of access to break into a computer.

54

Hands-On : Port Scanner

• Port scanners are some of the most useful tools when you are starting your security investigation on any remote or local network.
• Used by programmers, System and Network administrators, these tools are applications designed to scan servers and hosts in order to check what available ports are being used for network communications.
• Example: nmap, zenmap, angry IP scanner

55

nmap 1/5

• nmap stands for "Network Mapper", it is the most popular Network Discovery and Port Scanner.
• nmap features:
• Active Port scanning: allows to scan and discover open ports on specific networks / hosts.
• Host discovery: allows to identify potential hosts that are responding to network requests.

​

56

nmap 2/5

Main uses of nmap:

​

• 1. Network Discovery
• 2. Port Scanning
• 3. Service and Version Detection
• 4. OS and Device Fingerprinting
• 5. Vulnerability Assessment
• 6. Penetration Testing and Ethical Hacking
• 8. Network Troubleshooting

57

nmap 3/5

• nmap Installation:
• nmap: https://nmap.org/
• Also install npcap (if not already installed when prompted & also install loopback)
• zenmap is not a new port scanner, but the official NMAP Front End interface (GUI).

​

58

nmap – zenmap 4/5

59

nmap – zenmap 5/5

60

Angry IP Scanner 1/3

• Download (https://angryip.org/) and Run.
• Scan for open ports on any remote network.
• Webserver & NetBIOS information detection.

​

61

Angry IP Scanner 2/3

62

Hands-On : MAC Spoofing

• MAC address spoofing is the practice of changing the Media Access Control (MAC) address of a network interface to another value, either temporarily or permanently.

​

• Example: Technitium MAC Address Changer
• Download (https://technitium.com/tmac/)

63

Hands-On : MAC Spoofing

Main reasons why MAC Spoofing is done:

​

1. Privacy and Anonymity

2. Network Access and Bypassing Filters

3. Testing and Security Audits

4. Device Replacement and Continuity

5. Evasion and Malicious Use (illegal/against policies)

64

Hands-On : MAC Spoofing

65

Hands-On : MAC Spoofing

66

Hands-On : MAC Spoofing

67

Hands-On : CommView for Wi-Fi

• CommView for Wi-Fi is a popular wireless network monitoring and analysis tool. It’s mainly used by network administrators, cybersecurity professionals, and researchers.

​

• Example: CommView for Wi-Fi
• Download (https://www.tamos.com/download/main/ca)

68

Hands-On : CommView for Wi-Fi

Reason for using CommView:

1. Packet Capture and Analysis

2. Network Troubleshooting

3. Security Testing

4. Bandwidth and Usage Monitoring

5. Device and AP Discovery

6. Educational and Research Use

7. Integration and Reporting

69

Hands-On : CommView for Wi-Fi

70

Hands-On : CommView for Wi-Fi

71

Hands-On : CommView for Wi-Fi

72

Hands-On : CommView for Wi-Fi

73

Hands-On : CommView for Wifi

74

Hands-On : How to Crack Wi-Fi

• Once CommView for Wi-Fi packets are saved we can crack the Wi-Fi password using aircrack-ng. This particular software allows us to retrieve the password.

​

• Download: aircrack-ng (https://www.aircrack-ng.org/downloads.html)

75

Hands-On : How to Crack Wi-Fi

76

Question & Answers

Overview of CyberSecurity

​

WriteTo: imukhopadhyay@kol.amity.edu

Lab Session

78