1. Introduction Concept of Information Security.pdf

Transcript

Introduction to the Concept of Information Security:-
Need for Cybersecurity:-
In the age of the internet, organizations are heavily relying on IT
infrastructure to keep them safe from cyberattacks. As more and more
organizations are adopting digital transformation, the risk of
cybercrime is increasing at a rapid rate; so is the importance of
cybersecurity.

Cybersecurity has become the knight in shining armour. Strong
cybersecurity policy and infrastructure work together to secure
computer systems and networks from an unauthorized attack or access.
Businesses, individuals, and governments are investing heavily to reap
the benefits of cybersecurity in protecting their assets and data against
hackers. For any business to survive in today’s competitive world, it
requires the right tools and cyber security strategy.

Approaches to the Information Security Implementation:-
In order to determine the safety of data from potential violations and
cyberattacks, the implementation of the security model has an
important phase to be carried out. In order to ensure the integrity of
the security model, it can be designed using two methods:

1. Bottom-Up Approach:- The company’s security model is applied by
system administrators or people who are working in network security
or as cyber-engineers. The main idea behind this approach is for
individuals working in this field of information systems to use their
knowledge and experience in cybersecurity to guarantee the design of
a highly secure information security model.

1
Key Advantages:- disadvantages An individual’s technical expertise in
their field ensures that every system vulnerability is addressed and that
the security model is able to counter any potential threats.
Disadvantage:: Due to the lack of cooperation between senior
managers and relevant directives, it is often not suitable for the
requirements and strategies of the organisation.
2. Top-Down Approach:- This type of approach is initialized and
initiated by the executives of the organization.

They formulate policies and outline the procedures to be followed.
Determine the project’s priorities and expected results
Determine liability for every action needed
Advantages And disadvantagesand of top-down implementation:
This approach looks at each department’s data and explores how it’s
connected to find vulnerabilities. Managers have the authority to issue
company-wide instructions while still allowing each person to play an
integral part in keeping data safe. Compared to an individual or
department, a management-based approach incorporates more
available resources and a clearer overview of the company’s assets and
concerns.

A top-down approach generally has more lasting power and efficacy
than a bottom-up approach because it makes data protection a
company-wide priority instead of placing all the responsibility on one
person or team. Data vulnerabilities exist in all offices and
departments, and each situation is unique. The only way for an
information security program to work is by getting every manager,
branch, department, and employee in agreement with a company-wide
plan.

2
Implementing a layered information security approach:-
Cybersecurity is critical for businesses of all types and sizes. In one
survey, more than half of participants cited cybersecurity as a top
concern for their organization. Data and network compromises can
have devastating effects that many businesses never fully recover from.
In 2019, cyberattacks cost individual businesses an average of
$200,000.

Attacks come in several forms, such as phishing scams, hacking,
unauthorized access at physical locations, Trojan viruses,
ransomware, and password attacks. Because there are so many
possible vulnerabilities, a layered approach is the best method for
implementing total protection across departments.

Infosec layering accounts for all standard data protection along with
other facets of cybersecurity, including web, network, device,
application, software, and physical security. It also includes having a
disaster recovery and data backup plan. Layered protection breaks
larger security concerns into smaller, more manageable pieces. It lets
you customize the type and protection level depending on specific
needs, such as department, device, or stored data.

Consider a healthcare business. In the financial department, data
integrity is likely the top concern to prevent overcharging or
undercharging accounts. But the patient records department focuses
on data security, privacy, and access control. This is where a layered
approach comes in. Layered approaches are woven together so each
area of information security relies on the other, creating a stronger,
more defensive blanket of protection that makes it harder for outside
attackers to gain entry.

3
Web and network security:-
Web and network security cover creating policies and safeguarding all
browsers, private networks, shared networks, and online user
accounts, such as:
Clearly assign user roles for each person with access, including
management, employees, third-party contractors, and partners
Various encryption methods for on-site and off-site employees and
contractors
IP network-wide security for all network traffic
Firewalls, antivirus and antimalware systems, intrusion alerts, and
defense software
Disabling web browser pop-ups
Security for all webmail, including attachments and possible phishing
scams
Using a secure, up-to-date web browser with an individual, controlled
employee access account
Mobile device security for company phones, tablets, and smart
devices
Network segmentation whenever applicable
Data loss prevention (DLP) for files and messages
Device and app security:-
Device and app security applies to all computers, tablets, company
phones, smart devices, applications, user software, computer
programs, and online accounts. Precautions include:

Keeping all apps and software and their subsequent security up to date
Requiring unique passwords and log-in credentials for each user,
changed regularly

4
Implementing regular device and system maintenance windows
throughout the month
Keeping thorough, up-to-date records for all device and app activity,
including possible, detected, or isolated threats
Giving each device user and account a host intrusion detection system
Removing unnecessary apps, software, user accounts, and devices from
rotation
Implementing patch management to keep everything up to date and
automatically fixed when new patches are released
It is more likely to succeed. That strategy usually provides strong
support from top management by committing resources, a consistent
preparation and execution mechanism and opportunities to affect
corporate culture.

Cryptography and Network Security Principles:-
In present day scenario security of the system is the sole priority of
any organisation. The main aim of any organisation is to protect their
data from attackers. In cryptography, attacks are of two types such
as Passive attacks and Active attacks.

Passive attacks are those that retrieve information from the system
without affecting the system resources while active attacks are those
that retrieve system information and make changes to the system
resources and their operations.

5
In the above figure it made the text secure by forming it
into cipher text using encryption algorithm and further decryption to
use it.
The Principles of Security can be classified as follows:

1. Confidentiality:
The degree of confidentiality determines the secrecy of the
information. The principle specifies that only the sender and
receiver will be able to access the information shared
between them. Confidentiality compromises if an
unauthorized person is able to access a message.
For example, let us consider sender A wants to share some
confidential information with receiver B and the information
gets intercepted by the attacker C. Now the confidential
information is in the hands of an intruder C.

2. Authentication:
Authentication is the mechanism to identify the user or
system or the entity. It ensures the identity of the person
trying to access the information. The authentication is
mostly secured by using username and password. The
authorized person whose identity is preregistered can prove
his/her identity and can access the sensitive information.

3. Integrity:
Integrity gives the assurance that the information received is
exact and accurate. If the content of the message is changed
after the sender sends it but before reaching the intended
receiver, then it is said that the integrity of the message is
lost.
System Integrity: System Integrity assures that a system
performs its intended function in an unimpaired manner,

6
 free from deliberate or inadvertent unauthorized
manipulation of the system.
Data Integrity: Data Integrity assures that information
(both stored and in transmitted packets) and programs are
changed only in a specified and authorized manner.
4. Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the
message content sent through a network. In some cases the sender
sends the message and later denies it. But the non-
repudiation does not allow the sender to refuse the receiver.

5. Access control:
The principle of access control is determined by role
management and rule management. Role management determines
who should access the data while rule management
determines up to what extent one can access the data. The
information displayed is dependent on the person who is
accessing it.

6. Availability:
The principle of availability states that the resources will be
available to authorize party at all times. Information will not be
useful if it is not available to be accessed. Systems should
have sufficient availability of information to satisfy the user request.

7. Issues of ethics and law
The following categories are used to categorize ethical
dilemmas in the security system.
Individuals’ right to access personal information is referred
to as privacy.
Property: It is concerned with the information’s owner.
Accessibility is concerned with an organization’s right to
collect information.
Accuracy: It is concerned with the obligation of information
authenticity, fidelity, and accuracy.
7
Types of Cyber Attacks:-
Cyber Attack Definition:-

A cyber attack is an attempt by cybercriminals, hackers or other
digital adversaries to access a computer network or system, usually
for the purpose of altering, stealing, destroying or exposing
information.

Cyberattacks can target a wide range of victims from individual
users to enterprises or even governments. When targeting businesses
or other organizations, the hacker’s goal is usually to access
sensitive and valuable company resources, such as intellectual
property (IP), customer data or payment details.

What are the 10 most common types of Cyber Attacks?

1. Malware:-

Malware — or malicious software — is any program or code that is
created with the intent to do harm to a computer, network or server.
Malware is the most common type of cyberattack, mostly because this
term encompasses many subsets such as ransomware, trojans,
spyware, viruses, worms, keyloggers, bots, cryptojacking, and any
other type of malware attack that leverages software in a malicious
way.

Types Description
Ransomware In a ransomware attack, an adversary encrypts a
victim’s data and offers to provide a decryption
key in exchange for a payment. Ransomware
attacks are usually launched through malicious
links delivered via phishing emails, but unpatched
vulnerabilities and policy misconfigurations are
used as well.
Fileless Fileless malware is a
type of malicious
8
Malware activity that uses
native, legitimate tools
built into a system to
execute a cyber attack.
Unlike traditional
malware, fileless
malware does not
require an attacker to
install any code on a
target’s system,
making it hard to
detect.
Spyware Spyware is a type of unwanted, malicious
software that infects a computer or other device
and collects information about a user’s web
activity without their knowledge or consent.
Adware Adware is a type of spyware that watches a user’s
online activity in order to determine which ads to
show them. While adware is not inherently
malicious, it has an impact on the performance of
a user’s device and degrades the user experience.
Trojan A trojan is malware that appears to be legitimate
software disguised as native operating system
programs or harmless files like free downloads.
Trojans are installed through social engineering
techniques such as phishing or bait websites. The
zeus trojan malware, a variant, has the goal
accessing financial information and adding
machines to a botnet.
Worms A worm is a self-contained program that
replicates itself and spreads its copies to other
computers. A worm may infect its target through
a software vulnerability or it may be delivered via
phishing or smishing. Embedded worms can
modify and delete files, inject more malicious

9
 software, or replicate in place until the targeted
system runs out of resources.
Rootkits Rootkit malware is a collection of software
designed to give malicious actors control of a
computer network or application. Once activated,
the malicious program sets up a backdoor exploit
and may deliver additional malware. Bootkits
take this a step further by infecting the master
boot prior to the operating system being on boot
up, going undetectable at times.
Mobile Mobile malware is any type of malware designed
Malware to target mobile devices. Mobile malware is
delivered through malicious downloads,
operating system vulnerabilities, phishing,
smishing, and the use of unsecured WiFi.
Exploits An exploit is a piece of software or data that
opportunistically uses a defect in an operating
system or an app to provide access to
unauthorized actors. The exploit may be used to
install more malware or steal data.
Scareware Scareware tricks users into believing their
computer is infected with a virus. Typically, a user
will see scareware as a pop-up warning them that
their system is infected. This scare tactic aims to
persuade people into installing fake antivirus
software to remove the “virus.” Once this fake
antivirus software is downloaded, then malware
may infect your computer.
Keylogger Keyloggers are tools that record what a person
types on a device. While there are legitimate and
legal uses for keyloggers, many uses are
malicious. In a keylogger attack, the keylogger
software records every keystroke on the victim’s
device and sends it to the attacker.

10
Botnet Botnet is a network of computers infected with
malware that are controlled by a bot herder. The
bot herder is the person who operates the botnet
infrastructure and uses the compromised
computers to launch attacks designed to crash a
target’s network, inject malware, harvest
credentials or execute CPU-intensive tasks.
MALSPAM Malicious malware (MALSPAM) delivers
malware as the malicious payload via emails
containing malicious content, such as virus or
malware infected attachments.

2. Deniel of Service(DOS) Attack:-
A Denial-of-Service (DoS) attack is a malicious, targeted attack that
floods a network with false requests in order to disrupt business
operations.

In a DoS attack, users are unable to perform routine and necessary
tasks, such as accessing email, websites, online accounts or other
resources that are operated by a compromised computer or network.
While most DoS attacks do not result in lost data and are typically
resolved without paying a ransom, they cost the organization time,
money and other resources in order to restore critical business
operations.

The difference between DoS and Distributed Denial of Service (DDoS)
attacks has to do with the origin of the attack. DoS attacks originate
from just one system while DDoS attacks are launched from multiple
systems. DDoS attacks are faster and harder to block than DOS attacks
because multiple systems must be identified and neutralized to halt the
attack.

11
3.Phising:-
Phishing is a type of cyberattack that uses email, SMS, phone, social
media, and social engineering techniques to entice a victim to share
sensitive information — such as passwords or account numbers — or
to download a malicious file that will install viruses on their computer
or phone.

Common phishing attacks include:
Types Description
Spear Phising Spear-phishing is a type of phishing attack that
targets specific individuals or organizations
typically through malicious emails. The goal
of spear phishing is to steal sensitive
information such as login credentials or infect
the targets’ device with malware.
Whaling A whaling attack is a type of social
engineering attack specifically targeting
senior or C-level executive employees with the
purpose of stealing money or information, or
gaining access to the person’s computer in
order to execute further cyberattacks.
SMiShing Smishing is the act of sending fraudulent text
messages designed to trick individuals into
sharing sensitive data such as passwords,
usernames and credit card numbers. A
smishing attack may involve cybercriminals
pretending to be your bank or a shipping
service you use.
Vishing Vishing, a voice phishing attack, is the
fraudulent use of phone calls and voice
messages pretending to be from a reputable
organization to convince individuals to reveal
private information such as bank details and
passwords.

12
4.Spoofing:-
Spoofing is a technique through which a cybercriminal disguises
themselves as a known or trusted source. In so doing, the adversary is
able to engage with the target and access their systems or devices with
the ultimate goal of stealing information, extorting money or installing
malware or other harmful software on the device.

Spoofing can take different forms, which include:

Types Description
Domain Spoofing Domain spoofing is a form of phishing where an
attacker impersonates a known business or
person with fake website or email domain to fool
people into the trusting them. Typically, the
domain appears to be legitimate at first glance,
but a closer look will reveal subtle differences.
Email Spoofing Email spoofing is a type of cyberattack that
targets businesses by using emails with forged
sender addresses. Because the recipient trusts
the alleged sender, they are more likely to open
the email and interact with its contents, such as
a malicious link or attachment.
ARP Spoofing Address Resolution Protocol (ARP) spoofing or
ARP poisoning is a form of spoofing attack that
hackers use to intercept data. A hacker commits
an ARP spoofing attack by tricking one device
into sending messages to the hacker instead of
the intended recipient. This way, the hacker
gains access to your device’s communications,
including sensitive data.

13
4. Identity Based Attack:-
CrowdStrike’s findings show that 80% of all breaches use
compromised identities and can take up to 250 days to identify.

Identity-driven attacks are extremely hard to detect. When a valid
user’s credentials have been compromised and an adversary is
masquerading as that user, it is often very difficult to differentiate
between the user’s typical behavior and that of the hacker using
traditional security measures and tools.

Some on the most common identity-based attacks include:

Types Description
Kerobarosting Kerberoasting is a post-exploitation attack
technique that attempts to crack the password
of a service account within the Active Directory
(AD) where an adversary masquerading as an
account user with a service principal name
(SPN) requests a ticket, which contains an
encrypted password, or Kerberos.
Man-in-the- A man-in-the-middle attack is a type of
Middle cyberattack in which an attacker eavesdrops on
(MITM) a conversation between two targets with the
Attack goal of collecting personal data, passwords or
banking details, and/or to convince the victim
to take an action such as changing login
credentials, completing a transaction or
initiating a transfer of funds.
Pass-the- Pass the hash (PtH) is a type of attack in which
Hash Attack an adversary steals a “hashed” user credential
and uses it to create a new user session on the
same network. It does not require the attacker
to know or crack the password to gain access
to the system. Rather, it uses a stored version
of the password to initiate a new session.

14
Golden Ticket In a golden ticket attack, adversaries attempt to
Attack gain unlimited access to an organization’s
domain by accessing user data stored in
Microsoft Active Directory (AD) by exploiting
vulnerabilities in the Kerberos identity
authentication protocol. This allows
adversaries to bypass authentication methods.
Silver Ticket A silver ticket is a forged authentication ticket
Attack often created when an attacker steals an
account password. A forged service ticket is
encrypted and enables access to resources for
the specific service targeted by the silver ticket
attack.
Credential In credential harvesting, cybercriminals gather
Harvesting user credentials — such as user IDs, email
addresses, passwords, and other login
information — en masse to then access systems,
gather sensitive data, or sell it in the dark web.
Credential Credential stuffing attacks work on the premise
Stuffing that people often use the same user ID and
password across multiple accounts. Therefore,
possessing the credentials for one account may
be able to grant access to other, unrelated
account.
Password The basics of a password spraying attack
Spraying involve a threat actor using a single common
password against multiple accounts on the
same application. This avoids the account
lockouts that typically occur when an attacker
uses a brute force attack on a single account by
trying many passwords.
Brute Force A brute force attack is uses a trial-and-error
Attack approach to systematically guess login info,
credentials, and encryption keys. The attacker
submits combinations of usernames and
passwords until they finally guess correctly.

15
 Downgrade Downgrade attacks are a cyberattack where
Attacks adversaries take advantage of a system’s
backward compatibility to force it into less
secure modes of operation, such as forcing a
user to go into a HTTP version of a website
instead of HTTPS.

5. Code Injection Attacks:-

Code injection attacks consist of an attacker injecting malicious
code into a vulnerable computer or network to change its course
of action. There are multiple types of code injection attacks:

Types Description
SQL Injection A SQL Injection attack leverages system
vulnerabilities to inject malicious SQL
statements into a data-driven application,
which then allows the hacker to extract
information from a database. Hackers
use SQL Injection techniques to alter,
steal or erase application's database
data.
Cross-Site Cross Site Scripting (XSS) is a code
Scripting(XSS) injection attack in which an adversary
inserts malicious code within a legitimate
website. The code then launches as an
infected script in the user’s web browser,
enabling the attacker to steal sensitive
information or impersonate the user. Web
forums, message boards, blogs and other
websites that allow users to post their
own content are the most susceptible to
XSS attacks.
Malvertising Malvertising attacks leverage many other
techniques, such as SEO poisoning, to
carry out the attack. Typically, the
16
 attacker begins by breaching a third-
party server, which allows the
cybercriminal to inject malicious code
within a display ad or some element
thereof, such as banner ad copy, creative
imagery or video content. Once clicked by
a website visitor, the corrupted code
within the ad will install malware or
adware on the user’s computer.
Data Poisoning Data poisoning is a type of cyberattack in
which an adversary intentionally
compromises a training dataset used by
an Artificial Intelligence or Machine
Learning model to manipulate the
operation of that model. When dataset is
manipulated during the training phase,
the adversary can introduce biases,
intentionally create erroneous outputs,
introduce vulnerabilities, or otherwise
influence predictive capabilities of the
model.

7. Supply Chain Attacks:-
A supply chain attack is a type of cyberattack that targets a
trusted third-party vendor who offers services or software vital to
the supply chain. Software supply chain attacks inject malicious
code into an application in order to infect all users of an app,
while hardware supply chain attacks compromise physical
components for the same purpose. Software supply chains are
particularly vulnerable because modern software is not written
from scratch: rather, it involves many off-the-shelf components,
such as third-party APIs, open source code and proprietary code
from software vendors.

17
8. Insider Threats:-
IT teams that solely focus on finding adversaries external to the
organization only get half the picture. Insider threats are internal
actors such as current or former employees that pose danger to
an organization because they have direct access to the company
network, sensitive data, and intellectual property (IP), as well as
knowledge of business processes, company policies or other
information that would help carry out such an attack.

Internal actors that pose a threat to an organization tend to be
malicious in nature. Some motivators include financial gains in
exchange for selling confidential information on the dark web,
and/or emotional coercion using social engineering tactics, such
as pretexting, business email compromise (BEC) attacks or
disinformation campaigns. On the other hand, some insider
threat actors are not malicious in nature but instead are negligent
in nature. To combat this, organizations should implement a
comprehensive cybersecurity training program that teaches
stakeholders to be aware of any potential attacks, including those
potentially performed by an insider.

9. DNS Tunneling:-
DNS Tunneling is a type of cyberattack that leverages domain
name system (DNS) queries and responses to bypass traditional
security measures and transmit data and code within the network.

Once infected, the hacker can freely engage in command-and-
control activities. This tunnel gives the hacker a route to unleash
malware and/or to extract data, IP or other sensitive information
by encoding it bit by bit in a series of DNS responses.

DNS tunneling attacks have increased in recent years, in part
because they are relatively simple to deploy. Tunneling toolkits
and guides are even readily accessible online through
mainstream sites like YouTube.
18
10. IoT-Based Attacks:-
An IoT attack is any cyberattack that targets an Internet of Things
(IoT) device or network. Once compromised, the hacker can
assume control of the device, steal data, or join a group of
infected devices to create a botnet to launch DoS or DDoS
attacks.

[According to the Nokia Threat Intelligence Lab, connected
devices are responsible for nearly one-third of mobile network
infections – more than double the amount in 2019.]

Given that the number of connected devices is expected to grow
rapidly over the next several years, cybersecurity experts expect
IoT infections to grow as well. Further, the deployment of 5G
networks, which will further fuel the use of connected devices,
may also lead to an uptick in attacks.

19