Cyber Security.pptx

Full Transcript

WHAT IS CYBER SECURITY ?
CYBERSECURITY IS THE PRACTICE OF PROTECTING SYSTEMS, NETWORKS,
AND PROGRAMS FROM DIGITAL ATTACKS. THESE CYBERATTACKS ARE
USUALLY AIMED AT ACCESSING, CHANGING, OR DESTROYING SENSITIVE
INFORMATION; EXTORTING MONEY FROM USERS VIA RANSOMWARE; OR
INTERRUPTING NORMAL BUSINESS PROCESSES.
CIA TRAID
EXAMPLE
TYPES OF CYBER ATTACKS
DOS ATTACK
A SINGLE MACHINE SENDS MALICIOUS TRAFFIC TO OVERWHELM
A SERVER OR APPLICATION, MAKING IT UNAVAILABLE TO
LEGITIMATE USERS. DOS ATTACKS CAN CRASH SERVICES, OR
THEY CAN FLOOD SERVICES. FOR EXAMPLE, A BUFFER
OVERFLOW ATTACK CAN CAUSE A MACHINE TO USE UP ALL ITS
HARD DISK SPACE, MEMORY, OR CPU TIME.

DDOS ATTACK
MULTIPLE MACHINES OR SOURCES, SUCH AS A BOTNET, SEND
MALICIOUS TRAFFIC TO OVERWHELM A SERVER OR
APPLICATION. DDOS ATTACKS OFTEN USE THOUSANDS OF
HOSTS INFECTED WITH MALWARE, AND TYPICALLY INVOLVE
MORE THAN 3–5 NODES ON DIFFERENT NETWORKS.
MAN-IN-THE-MIDDLE (MITM) ATTACK
A TYPE OF CYBER ATTACK IN WHICH THE ATTACKER SECRETLY INTERCEPTS
AND RELAYS MESSAGES BETWEEN TWO PARTIES WHO BELIEVE THEY ARE
COMMUNICATING DIRECTLY WITH EACH OTHER.

PHISHING ATTACK
A FRAUDULENT ATTEMPT TO STEAL SENSITIVE DATA OR INSTALL MALWARE
ON A VICTIM'S DEVICE BY SENDING A COMMUNICATION THAT APPEARS TO
COME FROM A REPUTABLE SOURCE. THE GOAL IS TO TRICK THE VICTIM INTO
CLICKING ON A LINK OR REPLYING TO AN EMAIL THAT WILL ALLOW THE
ATTACKER TO ACCESS THEIR INFORMATION.

WHALING ATTACK
IS A TYPE OF SPEAR-PHISHING ATTACK DIRECTED AT HIGH-LEVEL EXECUTIVES
WHERE ATTACKERS MASQUERADE AS LEGITIMATE, KNOWN AND TRUSTED
ENTITIES AND ENCOURAGE A VICTIM TO SHARE HIGHLY SENSITIVE
INFORMATION OR TO SEND A WIRE TRANSFER TO A FRAUDULENT ACCOUNT.

SPEAR-PHISHING
IS A TYPE OF PHISHING ATTACK THAT TARGETS SPECIFIC INDIVIDUALS OR
ORGANIZATIONS TYPICALLY THROUGH MALICIOUS EMAILS. THE GOAL OF
SPEAR PHISHING IS TO STEAL SENSITIVE INFORMATION SUCH AS LOGIN
VICTIM’S DATA, IMPORTANT FILES AND THEN DEMANDS A PAYMENT TO UNLOCK AND
DECRYPT THE DATA.

PASSWORD ATTACK
IT REFERS TO ANY OF THE VARIOUS METHODS USED TO MALICIOUSLY AUTHENTICATE
INTO PASSWORD-PROTECTED ACCOUNTS. THESE ATTACKS ARE TYPICALLY
FACILITATED THROUGH THE USE OF SOFTWARE THAT EXPEDITES CRACKING OR
GUESSING PASSWORDS.

SQL INJECTION
ALSO KNOWN AS SQLI, IS A COMMON ATTACK VECTOR THAT USES MALICIOUS SQL
CODE FOR BACKEND DATABASE MANIPULATION TO ACCESS INFORMATION THAT WAS
NOT INTENDED TO BE DISPLAYED. THIS INFORMATION MAY INCLUDE ANY NUMBER OF
ITEMS, INCLUDING SENSITIVE COMPANY DATA, USER LISTS OR PRIVATE CUSTOMER
DETAILS.

URL INTERPRETATION ATTACK
ALSO KNOWN AS URL POISONING, IS A CYBER ATTACK THAT INVOLVES ALTERING THE
MEANING OF A URL WHILE KEEPING THE SYNTAX INTACT. ATTACKERS CAN USE THESE
MANIPULATED URLS TO ACCESS A TARGET'S PERSONAL AND PROFESSIONAL DATA,
PERFORM NORMALLY BANNED OPERATIONS, OR ACCESS DANGEROUS INFORMATION.

DOMAIN NAME SERVER (DNS) SPOOFING OR DNS CACHE POISONING
IS AN ATTACK INVOLVING MANIPULATING DNS RECORDS TO REDIRECT USERS
SESSION HIJACKING
MALICIOUS ACT OF TAKING CONTROL OF A USER’S WEB SESSION. A SESSION, IN THE CONTEXT
OF WEB BROWSING, IS A SERIES OF INTERACTIONS BETWEEN TWO COMMUNICATION
ENDPOINTS, SHARING A UNIQUE SESSION TOKEN TO ENSURE CONTINUITY AND SECURITY.

BRUTE FORCE ATTACK
HACKING METHOD THAT USES TRIAL AND ERROR TO CRACK PASSWORDS, LOGIN CREDENTIALS,
AND ENCRYPTION KEYS. IT IS A SIMPLE YET RELIABLE TACTIC FOR GAINING UNAUTHORIZED
ACCESS TO INDIVIDUAL ACCOUNTS AND ORGANIZATIONS' SYSTEMS AND NETWORKS.

MALWARE ATTACKS
TYPE OF MALICIOUS SOFTWARE DESIGNED TO CAUSE HARM OR DAMAGE TO A
COMPUTER, SERVER, CLIENT OR COMPUTER NETWORK AND/OR INFRASTRUCTURE
WITHOUT END-USER KNOWLEDGE.

COMPUTER VIRUS
TYPE OF MALICIOUS SOFTWARE, OR MALWARE, THAT SPREADS BETWEEN COMPUTERS
AND CAUSES DAMAGE TO DATA AND SOFTWARE.

WORM VIRUS
EXPLOITS VULNERABILITIES IN YOUR SECURITY SOFTWARE TO STEAL SENSITIVE
INFORMATION, INSTALL BACKDOORS THAT CAN BE USED TO ACCESS THE SYSTEM,
CORRUPT FILES, AND DO OTHER KINDS OF HARM.
WHAT IS HACKING ?
Hacking is the act of identifying and then exploiting
weaknesses in a computer system or network, usually
to gain unauthorized access to personal or
organizational data.
 BLACK HAT HACKERS
Black hat hackers are the "bad guys" of the hacking
scene. They go out of their way to discover vulnerabilities in
computer systems and software to exploit them for financial
gain or for more malicious purposes, such as to gain
reputation, carry out corporate espionage, or as part of a
nation-state hacking campaign.
These individuals’ actions can inflict serious damage on
both computer users and the organizations they work for.
They can steal sensitive personal information, compromise
computer and financial systems, and alter or take down the
functionality of websites and critical networks.
 WHITE HAT HACKERS
White hat hackers can be seen as the “good guys” who
attempt to prevent the success of black hat hackers
through proactive hacking. They use their technical
skills to break into systems to assess and test the level
of network security, also known as ethical hacking.
This helps expose vulnerabilities in systems before black
hat hackers can detect and exploit them.
The techniques white hat hackers use are similar to or
even identical to those of black hat hackers, but these
individuals are hired by organizations to test and
discover potential holes in their security defenses.
 GREY HAT HACKERS
Grey hat hackers sit somewhere between the good and
the bad guys. Unlike black hat hackers, they attempt to
violate standards and principles but without intending to
do harm or gain financially. Their actions are typically
carried out for the common good. For example, they may
exploit a vulnerability to raise awareness that it exists,
but unlike white hat hackers, they do so publicly. This
alerts malicious actors to the existence of the
vulnerability.
IP ADDRESS:
INTERNET PROTOCOL (IP) ADDRESS IS THE UNIQUE IDENTIFYING NUMBER ASSIGNED TO EVERY DEVICE CONNECTED TO THE INTERNET.

MAC ADDRESS:
MAC ADDRESS IS A UNIQUE IDENTIFIER ASSIGNED TO A NETWORK INTERFACE CONTROLLER FOR USE AS A NETWORK ADDRESS IN COMMUNICATIONS WITHIN A NETWORK
SEGMENT. IT IS A 12-DIGIT HEXADECIMAL NUMBER ASSIGNED TO EACH DEVICE CONNECTED TO THE NETWORK.
COMMUNICATION
 SIMPLEX MODE
Sender can send the data but the sender can’t
receive the data.
It is a type of unidirectional communication in
which communication happens in only one
direction.
 HALF DUPLEX
MODE
Sender can send the data and also receive the
data one at a time.
It is a type of two-way directional communication
but restricted to only one at a time.
 FULL DUPLEX MODE
Sender can send the data and also can receive
the data simultaneously.
It is two-way directional communication
simultaneously that is both way of
communication happens at a same time.
 NETWORK
COMPUTER NETWORK IS A COLLECTION OF AUTONOMOUS COMPUTERS
INTERCONNECTED BY A SINGLE TECHNOLOGY.
TWO COMPUTERS ARE SAID TO BE INTERCONNECTED IF THEY ARE ABLE TO EXCHANGE
INFORMATION.
THE CONNECTION NEED NOT BE VIA A COPPER WIRE, FIBER OPTICS, MICROWAVES,
INFRARED, AND COMMUNICATION SATELLITES CAN ALSO BE USED.
NETWORKS COME IN MANY SIZES, SHAPES AND FORMS.
THE INTERNET IS NOT A SINGLE NETWORK BUT A NETWORK OF NETWORKS AND THE WEB
IS A DISTRIBUTED SYSTEMS THAT RUNS TOP ON THE INTERNET.
THE SYSTEM OF INTERCONNECTION COMPUTERS TO EXCHANGE DATA.
MAINLY USED FOR DATA COMMUNICATION.
LARGESTS NETWORK IN THE WORLD- INTERNET
NETWORK OF NETWORK IS CALLED INTERNET.
 NETWORK

ARPANET – Advanced Research Projects Agency Network
World’s first network.
Firewall- used to protect network.
TYPES OF NETWORKS
NETWORK DEVICES
REPEATER – STRENGTHEN THE SIGNAL IN A NETWORK
HUB – NETWORK CENTER POINT
SWITCH – USED TO INTERCONNECT DIFFERENT COMPUTERS IN A NETWORK.
NIC [NETWORK INTERFACE CARD] – USED TO CONNECT A COMPUTER TO A NETWORK.
MODEM [MODULATOR DEMODULATOR] – USED FOR DATA CONVERSION.
ANALOG-DIGITAL
LIGHT-DIGITAL
ROUTER – USED TO CONNECT DIFFERENT NETWORKS WITH DIFFERENT TECHOLOGY.
CONSOLE PORT - A DEVICE OR INTERFACE THAT ALLOWS FOR THE MANAGEMENT AND
CONFIGURATION OF NETWORK DEVICES.
SERIALIZATION/ DESERIALIZATION - COMPLEMENTARY PROCESSES THAT ALLOW DATA
TO BE STORED AND TRANSFERRED.
GATEWAY – USED TO CONNECT DIFFERENT NETWORK.
BLUETOOTH – USED TO INTERCONNECT DIFFERENT DEVICES WITHIN A SMALL AREA.
WIFI [WIRELESS FIDELITY] – PROVIDE WIRELESS INTERNET IN A SMALL AREA.
PROTOCOL – SET OF RULES AND REGULATIONS.
WWW [WORLD WIDE WEB] – MECHANIM FOR COLLECTING ALL THE INFORMATIONS
SCATTERED IN THE INTERNET.
FTP - FILE TRANSFER PROTOCOL
USED FOR TRANSFERRING HUGE FILES IN THE INTERNET
FILE UPLOADING AND DOWNLOADING
SMTP – SIMPLE MAIL TRANSFER PROTOCOL
USED FOR EMAIL SENDING
POP 3 – POST OFFICE PROTOCOL
USED FOR EMAIL RECEIVING
IP – INTERNET PROTOCOL
USED TO CREATE DATA PACKETS
TCP – TRANSMISSION CONTROL PROTOCOL
USED FOR RELIABLE COMMUNICATION
WAP – WIRELESS APPLICATION PROTOCOL
USED TO ACCESS INTERNET IN WIRELESS DEVICES.
STAR TOPOLOGY
RING TOPOLOGY
BUS TOPOLOGY
MESH TOPOLOGY
HYBRID TOPOLOGY
TREE TOPOLOGY
POINT- POINT TOPOLOGY
 NETWORK SECURITY
ANY ACTION INTENDED TO SAFEGUARD THE INTEGRITY AND USEFULNESS OF YOUR DATA AND
NETWORK IS KNOWN AS NETWORK SECURITY. IN OTHER WORDS, NETWORK SECURITY IS
DEFINED AS THE ACTIVITY CREATED TO PROTECT THE INTEGRITY OF YOUR NETWORK AND
DATA.
NETWORK SECURITY IS THE PRACTICE OF PROTECTING A COMPUTER NETWORK FROM
UNAUTHORIZED ACCESS, MISUSE, OR ATTACKS. IT INVOLVES USING TOOLS, TECHNOLOGIES,
AND POLICIES TO ENSURE THAT DATA TRAVELING OVER THE NETWORK IS SAFE AND SECURE,
KEEPING SENSITIVE INFORMATION AWAY FROM HACKERS AND OTHER THREATS.
EG: PASSWORD PROTECTION
HOW DOES SECURITY WORKS?

PHYSICAL NETWORK SECURITY: THIS IS THE MOST BASIC LEVEL THAT INCLUDES PROTECTING THE DATA
AND NETWORK THROUGH UNAUTHORIZED PERSONNEL FROM ACQUIRING CONTROL OVER THE
CONFIDENTIALITY OF THE NETWORK. THE SAME CAN BE ACHIEVED BY USING DEVICES LIKE BIOMETRIC
SYSTEMS.

TECHNICAL NETWORK SECURITY: IT PRIMARILY FOCUSES ON PROTECTING THE DATA STORED IN THE
NETWORK OR DATA INVOLVED IN TRANSITIONS THROUGH THE NETWORK. THIS TYPE SERVES TWO
PURPOSES. ONE IS PROTECTED FROM UNAUTHORIZED USERS, AND THE OTHER IS PROTECTED FROM
MALICIOUS ACTIVITIES.

ADMINISTRATIVE NETWORK SECURITY: THIS LEVEL OF NETWORK SECURITY PROTECTS USER BEHAVIOR
LIKE HOW THE PERMISSION HAS BEEN GRANTED AND HOW THE AUTHORIZATION PROCESS TAKES PLACE.
THIS ALSO ENSURES THE LEVEL OF SOPHISTICATION THE NETWORK MIGHT NEED FOR PROTECTING IT
THROUGH ALL THE ATTACKS. THIS LEVEL ALSO SUGGESTS NECESSARY AMENDMENTS THAT HAVE TO BE
DONE TO THE INFRASTRUCTURE.
TYPES OF NETWORK SECURITY
1. NETWORK ACCESS CONTROL – MONITORING THE ACCESS OF USERS TO THE NETWORK, OR TO
SENSITIVE PARTS OF THE NETWORK. YOU MAY RESTRICT ACCESS TO ONLY KNOWN USERS AND DEVICES
USING SECURITY POLICIES OR ALLOW RESTRICTED ACCESS TO NONCOMPLIANT DEVICES OR GUEST
USERS.
2. ANTIVIRUS AND ANTI MALWARE SOFTWARE – THIS TYPE OF NETWORK SECURITY ENSURES THAT ANY
MALICIOUS SOFTWARE DOES NOT ENTER THE NETWORK AND JEOPARDIZE THE SECURITY OF THE DATA.
MALICIOUS SOFTWARE LIKE VIRUSES, TROJANS, AND WORMS IS HANDLED BY THE SAME. THIS ENSURES THAT
NOT ONLY THE ENTRY OF THE MALWARE IS PROTECTED BUT ALSO THAT THE SYSTEM IS WELL-EQUIPPED TO
FIGHT ONCE IT HAS ENTERED.
3. APPLICATION SECURITY - THE SECURITY PRECAUTIONARY MEASURES UTILIZED AT THE APPLICATION LEVEL TO
PREVENT THE STEALING OR CAPTURING OF DATA OR CODE INSIDE THE APPLICATION. IT ALSO INCLUDES THE
SECURITY MEASUREMENTS MADE DURING THE ADVANCEMENT AND DESIGN OF APPLICATIONS, AS WELL AS
TECHNIQUES AND METHODS FOR PROTECTING THE APPLICATIONS WHENEVER.
4. DATA LOSS PREVENTION (DLP) – TECHNOLOGIES ARE THOSE THAT PREVENT THE EMPLOYEE OF AN
ENETERPRISE FROM EXCHANGING VALUABLE COMPANY DATA OR CONFIDENTIAL DATA OUTSIDE THE NETWORK,
WHETHER INADVERTENTLY OR WITH INTENT. DLP CAN PREVENT ACTIONS SUCH AS UPLOADING AND
DOWNLOADING FILES, FORWARDING MESSAGES, OR PRINTING THAT COULD POTENTIALLY EXPOSE DATA TO
BAD ACTORS OUTSIDE THE NETWORKING ENVIRONMENT.
5. EMAIL SECURITY - EMAIL SECURITY IS DEFINED AS THE PROCESS DESIGNED TO PROTECT THE EMAIL ACCOUNT
AND ITS CONTENTS SAFE FROM UNAUTHORIZED ACCESS. FOR EXAMPLE, YOU GENERALLY SEE, FRAUD EMAILS
ARE AUTOMATICALLY SENT TO THE SPAM FOLDER. BECAUSE MOST EMAIL SERVICE PROVIDERS HAVE BUILT-IN
FEATURES TO PROTECT THE CONTENT. THE MOST COMMON DANGER VECTOR FOR A SECURITY COMPROMISE
IS EMAIL GATEWAYS. HACKERS CREATE INTRICATE PHISHING CAMPAIGNS USING RECIPIENTS’ PERSONAL
INFORMATION AND SOCIAL ENGINEERING TECHNIQUES TO TRICK THEM AND DIRECT THEM TO MALICIOUS
WEBSITES. TO STOP CRITICAL DATA FROM BEING LOST, AN EMAIL SECURITY PROGRAMME RESTRICTS
OUTGOING MESSAGES AND STOPS INCOMING THREATS.
6. MOBILE SECURITY - CYBERCRIMINALS ARE FOCUSING MORE ON MOBILE DEVICES AND APPS.
IN THE NEXT THREE YEARS, ABOUT 90 PERCENT OF IT ORGANIZATIONS MIGHT ALLOW
CORPORATE APPLICATIONS ON PERSONAL MOBILE DEVICES. IT’S CRUCIAL TO CONTROL WHICH
DEVICES CAN CONNECT TO YOUR NETWORK AND SET UP THEIR CONNECTIONS SECURELY TO
PROTECT NETWORK TRAFFIC FROM UNAUTHORIZED ACCESS.
7. NETWORK SEGMENTATION - NETWORK TRAFFIC IS DIVIDED INTO SEVERAL CATEGORIES BY
SOFTWARE-DEFINED SEGMENTATION, WHICH ALSO FACILITATES THE ENFORCEMENT OF
SECURITY REGULATIONS. IDEALLY, ENDPOINT IDENTITY—RATHER THAN JUST IP ADDRESSES—IS
THE BASIS FOR THE CLASSIFICATIONS. TO ENSURE THAT THE APPROPRIATE AMOUNT OF
ACCESS IS GRANTED TO THE APPROPRIATE INDIVIDUALS AND THAT SUSPICIOUS DEVICES ARE
CONTROLLED AND REMEDIATED, ACCESS PERMISSIONS CAN BE ASSIGNED BASED ON ROLE,
LOCATION, AND OTHER FACTORS.
8. SECURITY INFORMATION AND EVENT MANAGEMENT – THESE SECURITY CALLED SIEMS
COMBINE HOST-BASED AND NETWORK-BASED INTRUSION DETECTION SYSTEM THAT COMBINE
REAL TIME MONITORING OF NETWORK TRAFFIC WITH SCANNING OF HISTORICAL DATA LOG
FILES TO GIVE ADMINISTRATORS A FULL IMAGE OF ALL NETWORK-WIDE OPERATION.
9. WEB SECURITY - A WEB SECURITY SOLUTION MANAGES HOW YOUR STAFF USES THE
INTERNET, BLOCKS THREATS FROM WEBSITES, AND STOPS ACCESS TO HARMFUL SITES. IT
SAFEGUARDS YOUR WEB GATEWAY EITHER ONSITE OR IN THE CLOUD. ADDITIONALLY, “WEB
SECURITY” INVOLVES MEASURES TAKEN TO PROTECT YOUR OWN WEBSITE FROM POTENTIAL
ATTACKS AND VULNERABILITIES.
ADVANTAGES OF NETWORK
SECURITY
PROTECTION FROM UNAUTHORIZED ACCESS: NETWORK SECURITY MEASURES
SUCH AS FIREWALLS AND AUTHENTICATION SYSTEMS PREVENT UNAUTHORIZED
USERS FROM ACCESSING SENSITIVE INFORMATION OR DISRUPTING NETWORK
OPERATIONS.
DATA CONFIDENTIALITY: ENCRYPTION TECHNOLOGIES ENSURE THAT DATA
TRANSMITTED OVER THE NETWORK REMAINS CONFIDENTIAL AND CANNOT BE
INTERCEPTED BY UNAUTHORIZED PARTIES.
PREVENTION OF MALWARE AND VIRUSES: NETWORK SECURITY SOLUTIONS
LIKE ANTIVIRUS SOFTWARE AND INTRUSION DETECTION SYSTEMS (IDS) DETECT
AND BLOCK MALWARE, VIRUSES, AND OTHER MALICIOUS THREATS BEFORE THEY
CAN INFECT SYSTEMS.
SECURE REMOTE ACCESS: VIRTUAL PRIVATE NETWORKS (VPNS) AND OTHER
SECURE REMOTE ACCESS METHODS ENABLE EMPLOYEES TO WORK REMOTELY
WITHOUT COMPROMISING THE SECURITY OF THE ORGANIZATION’S NETWORK AND
DATA.
DISADVANTAGES OF NETWORK
SECURITY
COMPLEXITY AND MANAGEMENT OVERHEAD: IMPLEMENTING AND
MANAGING NETWORK SECURITY MEASURES SUCH AS FIREWALLS,
ENCRYPTION, AND INTRUSION DETECTION SYSTEMS (IDS) CAN BE COMPLEX
AND REQUIRE SPECIALIZED KNOWLEDGE AND RESOURCES.
COST: EFFECTIVE NETWORK SECURITY OFTEN REQUIRES INVESTMENT IN
HARDWARE, SOFTWARE, AND SKILLED PERSONNEL, WHICH CAN BE
EXPENSIVE FOR ORGANIZATIONS, ESPECIALLY SMALLER ONES.
PRIVACY CONCERNS: SOME NETWORK SECURITY MEASURES, SUCH AS
DEEP PACKET INSPECTION AND MONITORING, MAY RAISE PRIVACY CONCERNS
AMONG USERS AND STAKEHOLDERS, REQUIRING CAREFUL BALANCING OF
SECURITY NEEDS WITH INDIVIDUAL PRIVACY RIGHTS.