IT01_CHAPTER 9: Introduction to Cyber Security PDF

Summary

This document introduces cybersecurity and its importance in today's digital world. It discusses the fundamentals of cyber security, including its various goals and types of attacks . It explains the historical context of cyber security and its evolution.

Full Transcript

MODULE LIVING IN THE IT ERA – IT01

CHAPTER 9: INTRODUCTION TO CYBER SECURITY

Objectives:
a) Discuss the importance of Cybersecurity.
b) Identify the goals of Cybersecurity.
c) Discover the different types cyber-attacks and attackers.

Lesson 1: Cyber Security Overview
Cyber Security Introduction
"Cybersecurity is primarily about people, processes, and technologies working together
to encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and activities,
including computer network operations, information assurance, law enforcement, etc."
Cybersecurity is the protection of Internet-connected systems, including hardware, software, and
data from cyber attacks. It is made up of two words one is cyber and other is security. Cyber is
related to the technology which contains systems, network and programs or data. Whereas
security related to the protection which includes systems security, network security and
application and information security.
It is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification or unauthorized access. It may also
be referred to as information technology security.

We can also define cybersecurity as
the set of principles and practices
designed to protect our computing
resources and online information
against threats. Due to the heavy
dependency on computers in a
modern industry that store and
transmit an abundance of
confidential and essential
information about the people,
cybersecurity is a critical function and needed insurance of many businesses.

Page | 1
 MODULE LIVING IN THE IT ERA – IT01

Why is cybersecurity important?
We live in a digital era which understands that our private information is more vulnerable than
ever before. We all live in a world which is networked together, from internet banking to
government infrastructure, where data is stored on computers and other devices. A portion of
that data can be sensitive information, whether that be intellectual property, financial data,
personal information, or other types of data for which unauthorized access or exposure could
have negative consequences.
Cyber-attack is now an international concern and has given many concerns that hacks and other
security attacks could endanger the global economy. Organizations transmit sensitive data across
networks and to other devices in the course of doing businesses, and cybersecurity describes to
protect that information and the systems used to process or store it.
As the volume of cyber-attacks grows, companies and organizations, especially those that deal
information related to national security, health, or financial records, need to take steps to protect
their sensitive business and personal information.
History of Cyber Security
The origin of cybersecurity began with a research project. It only came into existence because of
the development of viruses.
How did we get here?

In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline, sent the first
electronic message from the UCLA SDS Sigma 7 Host computer to Bill Duvall, a programmer, at
the Stanford Research Institute. This is a well-known story and a moment in the history of a digital
world. The sent message from the UCLA was the word "login." The system crashed after they
typed the first two letters "lo." Since then, this story has been a belief that the programmers
typed the beginning message "lo and behold." While factually believed that "login" was the
intended message. Those two letters of messages were changed the way we communicate with
one another.

Page | 2
 MODULE LIVING IN THE IT ERA – IT01

In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in Cambridge,
Massachusetts created the first computer worm (virus). He realized that it was possible for a
computer program to move across a network, leaving a small trail (series of signs) wherever it
went. He named the program Creeper, and designed it to travel between Tenex terminals on the
early ARPANET, printing the message "I'M THE CREEPER: CATCH ME IF YOU CAN."
An American computer programmer named Ray Tomlinson, the inventor of email, was also
working for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act of
attempting to repair something) with the program and made it self-replicating "the first
computer worm." He named the program Reaper, the first antivirus software which would
found copies of The Creeper and delete it.
Where are we now?
After Creeper and Reaper, cyber-crimes became more powerful. As computer software and
hardware developed, security breaches also increase. With every new development came an
aspect of vulnerability, or a way for hackers to work around methods of protection. In 1986, the
Russians were the first who implement the cyber power as a weapon. Marcus Hess, a German
citizen, hacked into 400 military computers, including processors at the Pentagon. He intended
to sell secrets to the KGB, but an American astronomer, Clifford Stoll, caught him before that
could happen.
In 1988, an American computer scientist, Robert Morris, wanted to check the size of the internet.
He wrote a program for testing the size of the internet. This program went through networks,
invaded Unix terminals, and copied itself. The program became the first famous network virus
and named as Moris worm or internet worm. The Morris worm could be infected a computer
multiple times, and each additional process would slow the machine down, eventually to the
point of being damaged. Robert Morris was charged under the Computer Fraud and Abuse Act.
The act itself led to the founding of the Computer Emergency Response Team. This is a non-profit
research centre for issues that could endanger the internet as a whole.
Nowadays, viruses were deadlier, more invasive, and harder to control. We have already
experienced cyber incidents on a massive scale, and 2018 isn't close to over. The above is to name
a few, but these attacks are enough to prove that cybersecurity is a necessity for corporations
and small businesses alike.

Page | 3
 MODULE LIVING IN THE IT ERA – IT01

For more knowledge about cybersecurity, please check the link provided:
https://www.youtube.com/watch?v=inWWhr5tnEA&ab_channel=Simplilearn

Lesson 2: Cyber Security Goals
Cyber Security Goals
The objective of Cybersecurity is to protect information from being stolen, compromised or
attacked. Cybersecurity can be measured by at least one of three goals-
1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs. The CIA triad is a security model that is designed to guide policies for information
security within the premises of an organization or company. This model is also referred to as
the AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central
Intelligence Agency. The elements of the triad are considered the three most crucial components
of security.
The CIA criteria are one that most of the organizations and companies use when they have
installed a new application, creates a database or when guaranteeing access to some data. For
data to be completely secure, all of these security goals must come into effect. These are security
policies that all work together, and therefore it can be wrong to overlook one policy.
The CIA triad are-
1. Confidentiality
Confidentiality is roughly equivalent to privacy
and avoids the unauthorized disclosure of
information. It involves the protection of data,
providing access for those who are allowed to
see it while disallowing others from learning
anything about its content. It prevents essential
information from reaching the wrong people
while making sure that the right people can get
it. Data encryption is a good example to ensure
confidentiality.

Page | 4
 MODULE LIVING IN THE IT ERA – IT01

Tools for Confidentiality
Encryption
Encryption is a method of transforming information to
make it unreadable for unauthorized users by using an
algorithm. The transformation of data uses a secret key
(an encryption key) so that the transformed data can only
be read by using another secret key (decryption key). It
protects sensitive data such as credit card numbers by
encoding and transforming data into unreadable cipher
text. This encrypted data can only be read by decrypting
it. Asymmetric-key and symmetric-key are the two
primary types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to physical or virtual
resources. It is a process by which users are granted access and certain privileges to systems,
resources or information. In access control systems, users need to present credentials before
they can be granted access such as a person's name or a computer's serial number. In physical
systems, these credentials may come in many forms, but credentials that can't be transferred
provide the most security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that someone
has. It can be done in a number of different ways, but it is usually based on a combination of-
o something the person has (like a smart card or a radio key for storing secret keys),
o something the person knows (like a password),
o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables organizations to keep
their networks secure by permitting only authenticated users to access its protected resources.
These resources may include computer systems, networks, databases, websites and other
network-based applications or services.
Authorization

Authorization is a security mechanism which gives permission to do or have something. It is used
to determine a person or system is allowed access to resources, based on an access control policy,
including computer programs, files, services, data and application features. It is normally
preceded by authentication for user identity verification. System administrators are typically

Page | 5
 MODULE LIVING IN THE IT ERA – IT01

assigned permission levels covering all system and user resources. During authorization, a system
verifies an authenticated user's access rules and either grants or refuses resource access.

Physical Security
Physical security describes measures designed to deny the unauthorized access of IT assets like
facilities, equipment, personnel, resources and other properties from damage. It protects these
assets from physical threats including theft, vandalism, fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from
unauthorized user modification. It is the property that information has not be altered in an
unauthorized way, and that source of the information is genuine.
Tools for Integrity
Backups

Backup is the periodic archiving of data. It is a process of
making copies of data or data files to use in the event when
the original data or data files are lost or destroyed. It is also
used to make copies for historical purposes, such as for
longitudinal studies, statistics or for historical records or to
meet the requirements of a data retention policy. Many
applications especially in a Windows environment,
produce backup files using the.BAK file extension.
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other
words, it is the computation of a function that maps the contents of a file to a numerical value.
They are typically used to compare two sets of data to make sure that they are the same. A
checksum function depends on the entire contents of a file. It is designed in a way that even a
small change to the input file (such as flipping a single bit) likely to results in different output
value.

Data Correcting Codes
It is a method for storing data in such a way that small changes can be easily detected and
automatically corrected.

3. Availability

Page | 6
 MODULE LIVING IN THE IT ERA – IT01

Availability is the property in which information is accessible and modifiable in a timely fashion
by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive
data by authorized people.

Tools for Availability
o Physical Protections
o Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical challenges.
It ensure sensitive information and critical information technology are housed in secure areas.
Computational redundancies

It is applied as fault tolerant against accidental faults. It protects computers and storage devices
that serve as fallbacks in the case of failures.

For more knowledge about cybersecurity goals, please check the link provided;
https://www.youtube.com/watch?v=azLckMQtbs0&ab_channel=GrantCollins

Lesson 3: Types of Cyber Attacks and Attackers
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious
code to alter computer code, logic or data and lead to cybercrimes, such as information and
identity theft.
We are living in a digital era. Now a day, most of the people use computer and internet. Due to
the dependency on digital things, the illegal computer activity is growing and changing like any
type of crime.
Cyber-attacks can be classified into the following categories:
Web-based attacks
These are the attacks which occur on a website or
web applications. Some of the important web-based
attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into
a web application to manipulate the application and fetch the required information.

Page | 7
 MODULE LIVING IN THE IT ERA – IT01

Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period
of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies
to store the state and user sessions. By stealing the cookies, an attacker can have access to all of
the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification
number. This attack may be used by criminals to crack encrypted data, or by security, analysts to
test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a crash.
It uses the single system and single internet connection to attack a server. It can be classified into
the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured
in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original
password.

Page | 8
 MODULE LIVING IN THE IT ERA – IT01

8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of the
include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and
modify the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-

1. Virus
It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.

2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.

Page | 9
 MODULE LIVING IN THE IT ERA – IT01

4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or other
purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they receive
specific input. Common examples of bots program are the crawler, chatroom bots, and malicious
bots.
Types of Cyber Attackers
In computer and computer networks, an attacker is the individual or organization who performs
the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or
make unauthorized use of an asset.
As the Internet access becomes more pervasive across the world, and each of us spends more
time on the web, there is also an attacker grows as well. Attackers use every tools and techniques
they would try and attack us to get unauthorized access.
There are four types of attackers which are described below-
Cyber Criminals
Cybercriminals are individual or group of people who use
technology to commit cybercrime with the intention of
stealing sensitive company information or personal data
and generating profits. In today's, they are the most
prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to
do cybercrimes-
o Select computer as their target- In this, they
attack other people's computers to do
cybercrime, such as spreading viruses, data theft,
identity theft, etc.
o Uses the computer as their weapon- In this, they use the computer to do conventional
crime such as spam, fraud, illegal gambling, etc.
o Uses the computer as their accessory- In this, they use the computer to steal data
illegally.

Page | 10
 MODULE LIVING IN THE IT ERA – IT01

Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a
political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief security
officer for Security Mentor, a national security training firm that works with states said
"Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They are individuals or
groups of hackers who work together and see themselves as fighting injustice.
State-sponsored Attacker

State-sponsored attackers have particular objectives aligned with either the political, commercial
or military interests of their country of origin. These type of attackers are not in a hurry. The
government organizations have highly skilled hackers and specialize in detecting vulnerabilities
and exploiting these before the holes are patched. It is very challenging to defeat these attackers
due to the vast resources at their disposal.
Insider Threats
The insider threat is a threat to an organization's security or data that comes from within. These
type of threats are usually occurred from employees or former employees, but may also arise
from third parties, including contractors, temporary workers, employees or customers.
Insider threats can be categorized below-

Malicious-
Malicious threats are attempts by an insider to
access and potentially harm an organization's data,
systems or IT infrastructure. These insider threats
are often attributed to dissatisfied employees or ex-
employees who believe that the organization was
doing something wrong with them in some way, and
they feel justified in seeking revenge.
Insiders may also become threats when they are
disguised by malicious outsiders, either through
financial incentives or extortion.
Accidental-
Accidental threats are threats which are accidently done by insider employees. In this type of
threats, an employee might accidentally delete an important file or inadvertently share
confidential data with a business partner going beyond company?s policy or legal requirements.

Page | 11
 MODULE LIVING IN THE IT ERA – IT01

Negligent-
These are the threats in which employees try to avoid the policies of an organization put in place
to protect endpoints and valuable data. For example, if the organization have strict policies for
external file sharing, employees might try to share work on public cloud applications so that they
can work at home. There is nothing wrong with these acts, but they can open up to dangerous
threats nonetheless.

For more knowledge about cyber-attacks, please check the link provided;
https://www.youtube.com/watch?v=NDcEOW8r0xc&ab_channel=RobotsNet

REFERENCES

https://www.javatpoint.com/cyber-security-introduction

https://www.javatpoint.com/history-of-cyber-security
https://www.javatpoint.com/cyber-security-goals
https://www.javatpoint.com/types-of-cyber-attacks
https://www.javatpoint.com/types-of-cyber-attackers

Page | 12