Module 1.pdf

Full Transcript

MODULE 1
Introduction to Cyber Security

Dr. Uma Narayanan
Assistant Professor
CSE, IST
CVV
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 INTRODUCTION TO CYBER
SECURITY
Cyber Security is the practice of protecting systems, networks, and
programs from digital attacks.
These attacks are usually aimed at accessing, changing, or destroying
sensitive information, extorting money from users, or interrupting
normal business processes.
 INTRODUCTION TO CYBER
SECURITY
Importance of Cyber Security
Cyber Security is crucial in today's digital age due to the following
reasons:
Protection of Sensitive Data
Mitigation of Financial Losses
Preservation of Business Reputation
Compliance with Regulations
Ensuring National Security
 INTRODUCTION TO CYBER
SECURITY
Key aspects of Cyber Security include:
Protecting Confidentiality: Ensuring that sensitive information is not
disclosed to unauthorized individuals, entities, or processes.
Maintaining Integrity: Safeguarding the accuracy and completeness
of information and processing methods.
Ensuring Availability: Ensuring that authorized users have access to
information and associated assets when required.
 INTRODUCTION TO CYBER
SECURITY
Core Principles: The CIA Triad
The CIA Triad is a model designed to guide policies for information
security within an organization.
It stands for Confidentiality, Integrity, and Availability, which are the
three core principles of Cyber Security.
a. Confidentiality
b. Integrity
c. Availability
 INTRODUCTION TO CYBER
SECURITY
a. Confidentiality
Definition: Confidentiality refers to the protection of information from
unauthorized access and disclosure.
Importance: It ensures that sensitive data is accessible only to those
who are authorized to view it.
Methods to Ensure Confidentiality:
Encryption: Encrypting data ensures that even if it is intercepted, it
cannot be read without the proper decryption key.
Access Controls: Implementing strict access controls ensures that
only authorized individuals can access certain data.
Authentication Mechanisms: Using strong authentication
mechanisms, such as multi-factor authentication (MFA), helps
ensure that only authorized users can access sensitive information.
 INTRODUCTION TO CYBER
b. Integrity SECURITY
Definition: Integrity refers to the accuracy, consistency, and
trustworthiness of data over its entire lifecycle.
Importance: It ensures that data is not altered or tampered with in an
unauthorized manner, maintaining its accuracy and reliability.
Methods to Ensure Integrity:
Hashing: Hash functions can be used to verify the integrity of data
by comparing the original hash value with the current one.
Digital Signatures: Digital signatures provide a way to verify the
authenticity and integrity of a message, software, or digital
document.
Checksums: Checksums are used to verify the integrity of files
during transmission by comparing the calculated checksum at the
source and destination.
 INTRODUCTION TO CYBER
c. Availability
Definition: Availability
SECURITY
ensures that information and resources are
accessible to authorized users when needed.
Importance: It guarantees that systems function correctly and that
data is available when required by users or processes.
Methods to Ensure Availability:
Redundancy: Implementing redundant systems, such as backup
servers and data replication, ensures that services remain available
even if one component fails.
Disaster Recovery Plans: Having a disaster recovery plan in place
ensures that an organization can quickly recover from disruptions,
such as cyber-attacks or natural disasters.
DDoS Mitigation: Protecting against Distributed Denial of Service
(DDoS) attacks ensures that services remain available by
preventing the overwhelming of network resources.
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 COMPUTER SECURITY
Computer security, often referred to as cybersecurity, involves the
protection of computer systems, networks, and data from various
types of threats, including unauthorized access, cyberattacks, data
breaches, and other forms of malicious activities.
The goal of computer security is to ensure the safety, integrity, and
availability of information and resources.
 COMPUTER SECURITY
The core principles and components include:
Confidentiality: Ensuring that sensitive information is only accessible to
authorized individuals.
Integrity: Maintaining the accuracy and consistency of data over its
entire lifecycle.
Availability: Ensuring that information and resources are accessible to
authorized users when needed.
Authentication: Verifying the identity of users or systems before
granting access.
Authorization: Determining what authenticated users are permitted to
do within the system.
Accountability: Tracking user actions to ensure that they are held
responsible for their activities.
 REASONS FOR COMMISSION OF
CYBER CRIMES
There are many reasons which act as a catalyst in the growth of cyber
crime. Some of the prominent reasons are:
a. Money: People are motivated towards committing cyber crime is to
make quick and easy money.
b. Revenge: Some people try to take revenge with other
person/organization/society/ caste or religion by defaming its
reputation or bringing economical or physical loss. This comes under
the category of cyber terrorism.
c. Fun: The amateur do cyber crime for fun. They just want to test the
latest tool they have encountered.
d. Recognition: It is considered to be pride if someone hack the highly
secured networks like defense sites or networks.
 REASONS FOR COMMISSION OF
CYBER CRIMES
e. Anonymity- Many time the anonymity that a cyber space provide
motivates the person to commit cyber crime as it is much easy to commit a
cyber crime over the cyber space and remain anonymous as compared to
real world.
It is much easier to get away with criminal activity in a cyber world than in
the real world.
There is a strong sense of anonymity than can draw otherwise respectable
citizens to abandon their ethics in pursuit personal gain.
f. Cyber Espionage: At times the government itself is involved in cyber
trespassing to keep eye on other person/network/country.
The reason could be politically, economically socially motivated.
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 THREATS
A threat is any potential event or action that can cause harm to a
computer system, network, or data.
Threats can be intentional, such as hacking and malware, or
unintentional, such as human error or hardware failures.
Malware: Malicious software designed to damage or disrupt systems,
steal information, or gain unauthorized access. Most comman are
 Viruses: Programs that attach themselves to legitimate files and spread when the
files are shared.
 Worms: Standalone malware that replicates itself to spread across networks.
 Ransomware: Malware that encrypts a victim's data and demands payment for
decryption.
 Trojans: Malicious programs disguised as legitimate software.
 THREATS
A threat is any potential event or action that can cause harm to a
computer system, network, or data.
Threats can be intentional, such as hacking and malware, or
unintentional, such as human error or hardware failures.
Malware: Malicious software designed to damage or disrupt systems,
steal information, or gain unauthorized access.
Malware is malicious software and refers to any software that is
designed to cause harm to computer systems, networks, or users.
Malware can take many forms.
 VIRUS
Viruses: Programs that attach themselves to legitimate files and
spread when the files are shared.
A virus is a malicious code written to damage/harm the host computer by
deleting or appending a file, occupy memory space of the computer by
replicating the copy of the code, slow down the performance of the
computer, format the host machine, etc.
It can be spread via email attachment, pen drives, digital images, e-
greeting, audio or video clips, etc.
A virus may be present in a computer but it cannot activate itself without the
human intervention.
Until and unless the executable file(.exe) is execute, a virus cannot be
activated in the host machine.
 WORMS
Worms: Standalone malware that replicates itself to spread across
networks.
They are a class of virus which can replicate themselves.
They are different from the virus by the fact that they does not require
human intervention to travel over the network and spread from the
infected machine to the whole network.
Worms can spread either through network, using the loopholes of the
Operating System or via email.
The replication and spreading of the worm over the network
consumes the network resources like space and bandwidth and force
the network to choke.
 Ransomware
Ransomware: Malware that encrypts a victim's data and demands
payment for decryption
Ransomware is a type of malicious software (malware) that encrypts a
victim's data or locks them out of their system, demanding payment
(usually in cryptocurrency) in exchange for restoring access to the
data or system.
Types:
Crypto Ransomware: Encrypts files, rendering them inaccessible until
the ransom is paid.
Locker Ransomware: Locks users out of their device entirely, preventing
access to the operating system.
Spread: Ransomware often spreads through phishing emails, malicious
links or attachments, exploit kits, or drive-by downloads from
compromised websites.
Strategies include regular data backups.
 TROJAN HORSE
Trojans: Malicious programs disguised as legitimate software.
Trojan horse is a malicious code that is installed in the host machine by
pretending to be useful software.
The user clicks on the link or download the file which pretends to be a useful
file or software from legitimate source.
It not only damages the host computer by manipulating the data but also it
creates a backdoor in the host computer so that it could be controlled by a
remote computer.
It can become a part of botnet(robot-network), a network of computers
which are infected by malicious code and controlled by central controller
 ADWARE
Adware is a type of malicious software designed to display unwanted
advertisements on a user’s device. These ads often appear as pop-
ups, banners, or within the software interface.
It typically comes bundled with legitimate software downloads and
can be installed without the user's consent.
Adware often accompanies free software downloads. When users
install these programs, they may unknowingly install adware as well.
Once installed, adware generates revenue for the distributor by
showing ads, redirecting users to specific websites, or collecting data
to target ads more effectively.
 SPYWARE
Spyware is a type of malicious software designed to secretly monitor
and collect information about a user's activities without their knowledge
or consent. It often operates silently in the background, making it
difficult to detect.
Spyware can capture a wide range of data, including browsing
history, login credentials, emails, and even personal documents.
Some spyware can give attackers remote access to the infected
device, allowing them to control it and extract data at will.
Spyware often employs techniques to remain hidden and resist
removal, such as modifying system files or using rootkit technology.
 BOTNET
Botnet is a network of compromised computers, known as bots or
zombies, controlled remotely by a hacker, often called a botmaster.
These infected devices are used collectively to perform malicious
activities.
Botnets spread through various means like phishing emails, malicious
downloads, or vulnerabilities in software.
Overloading a target server with traffic to disrupt services.
Sending large volumes of unsolicited emails.
Extracting sensitive information from infected devices.
 THREATS
Phishing: A form of social engineering where attackers deceive
individuals into providing sensitive information, such as passwords or
credit card details, typically through email or fraudulent websites.
Insider Threats: Employees or other trusted individuals who misuse their
access to cause harm.
Social Engineering: Techniques used to manipulate individuals into
divulging confidential information or performing actions that
compromise security. This can include tactics like pretexting, baiting,
and tailgating.
 VULNERABILITY
A vulnerability is a weakness or flaw in a computer system, network, or
software that can be exploited by a threat to gain unauthorized
access or cause harm.
Common vulnerabilities include:
Unpatched Software: Software that has not been updated with the
latest security patches, making it susceptible to known exploits.
Weak Passwords: Easy-to-guess or reused passwords that can be
easily cracked by attackers.
Misconfigured Systems: Systems that are not properly configured,
leading to security gaps.
Human Error: Mistakes made by users or administrators, such as
clicking on malicious links or improperly configuring security
settings.
 HARM
The potential damage that can result from threats exploiting
vulnerabilities.
In cybersecurity, harm can be classified into several categories based
on the nature and impact of the threat. The key classifications include:
Financial Harm:
Refers to monetary losses resulting from cyber incidents. This
includes direct financial loss (e.g., theft or ransom payments), loss
of revenue due to service disruption, and the cost of remediation
efforts like incident response and legal fees.
Reputational Harm:
Involves damage to an organization's brand or public image.
Cyber incidents like data breaches can erode customer trust, lead
to negative publicity, and cause long-term brand damage,
resulting in loss of customers and market share.
 HARM
Operational Harm:
Represents disruptions to business operations. Cyberattacks can
lead to service outages, productivity loss, and even supply chain
disruptions, affecting the organization's ability to function
effectively.
Legal and Regulatory Harm:
Encompasses the legal consequences of cyber incidents, such as
fines for non-compliance with regulations (e.g., GDPR), lawsuits
from affected parties, and increased regulatory scrutiny.
Data Integrity Harm:
Involves the loss, corruption, or unauthorized manipulation of data.
This type of harm can result in the permanent loss of critical
information, exposure of sensitive data, or inaccurate data that
leads to poor decision-making.
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 SECURITY CONTROLS

Types of Controls
Preventive Controls: Measures designed to prevent security incidents
from occurring.
Examples: Firewalls, encryption, and access controls.
Detective Controls: Measures designed to detect and alert to security
incidents when they occur.
Examples: Intrusion Detection Systems (IDS), security monitoring
tools.
Corrective Controls: Measures designed to respond to and recover
from security incidents.
Examples: Data backup and recovery solutions, incident response
plans.
 SECURITY CONTROLS

Examples of Security Controls
Firewalls: Network security devices that monitor and control incoming
and outgoing network traffic based on predetermined security rules.
Intrusion Detection Systems (IDS): Systems that monitor network traffic
for suspicious activity and generate alerts.
Encryption: The process of converting data into a coded form to
protect it from unauthorized access. Only those with the decryption
key can access the original data.
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 AUTHENTICATION
Authentication is the process of verifying the identity of a user, device,
or system before granting access to resources or services.
It ensures that the entity attempting to gain access is who or what it
claims to be.
Authentication typically involves one or more of the following factors:
Something you know: A password, PIN, or security question.
Something you have: A physical token, smart card, or mobile device.
Something you are: Biometric characteristics such as fingerprints,
facial recognition, or retinal scans.
 AUTHENTICATION
Authentication Methods
Passwords: The most common form of authentication, where users
provide a secret word or phrase to verify their identity.
Multi-Factor Authentication (MFA): A method that requires users to
provide two or more verification factors (e.g., password and a one-
time code) to gain access.
Biometrics: Authentication methods that rely on unique physical
characteristics, such as fingerprints, facial recognition, or iris scans.
 ACCESS CONTROL
Access Control is a security technique used to regulate who or what
can view, use, or modify resources in a computing environment.
It involves the implementation of policies and mechanisms that ensure
only authorized users or systems can access specific data,
applications, networks, or physical areas.
Access control operates on several levels:
Identification: Determining the identity of a user or system (e.g.,
through a username or ID).
Authentication: Verifying that the identified user or system is genuine.
Authorization: Granting or denying access to resources based on the
authenticated identity and predefined permissions.
Accountability: Tracking and logging actions performed by the
authenticated and authorized user or system.
 ACCESS CONTROL
Access Control Models
Role-Based Access Control (RBAC): Access is granted based on the
user's role within the organization. Roles are assigned permissions
based on job functions.
Mandatory Access Control (MAC): Access is based on fixed security
attributes assigned to both users and resources. Typically used in highly
secure environments.
Discretionary Access Control (DAC): The owner of a resource has the
discretion to decide who can access it and what permissions they
have.
Attribute-Based Access Control (ABAC) is an access control model
that grants or denies access to resources based on attributes (such as
user roles, resource characteristics, and environmental conditions)
rather than just the identity of the user.
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 CRYPTOGRAPHY
Cryptography is a technique of securing information and
communications through the use of codes so that only those persons
for whom the information is intended can understand and process it.
Thus preventing unauthorized access to information.
The prefix “crypt” means “hidden” and the suffix “graphy” means
“writing”.
 Cryptography serves several key purposes: CRYPTOGRAPHY
Confidentiality:
Ensuring that information is accessible only to those authorized to view
it.
The degree of confidentiality determines the secrecy of the
information.
The principle specifies that only the sender and receiver will be able to
access the information shared between them.
Confidentiality compromises if an unauthorized person is able to
access a message.
For example, let us consider sender A wants to share some
confidential information with receiver B and the information gets
intercepted by the attacker C. Now the confidential information is in
the hands of an intruder C.
 CRYPTOGRAPHY
Integrity: Protecting data from being altered by unauthorized parties.
Integrity gives the assurance that the information received is exact
and accurate.
If the content of the message is changed after the sender sends it but
before reaching the intended receiver, then it is said that the integrity
of the message is lost.
System Integrity: System Integrity assures that a system performs its
intended function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
Data Integrity: Data Integrity assures that information (both stored and
in transmitted packets) and programs are changed only in a specified
and authorized manner.
 CRYPTOGRAPHY
Authentication:
Verifying the identity of users or systems.
Authentication is the mechanism to identify the user or system or the
entity.
It ensures the identity of the person trying to access the information.
The authentication is mostly secured by using username and
password.
The authorized person whose identity is preregistered can prove
his/her identity and can access the sensitive information.
 CRYPTOGRAPHY
Non-repudiation:
Preventing parties from denying their involvement in a communication
or transaction.
Non-repudiation is a mechanism that prevents the denial of the message
content sent through a network.
In some cases the sender sends the message and later denies it.
But the non-repudiation does not allow the sender to refuse the receiver.
 Basic Concepts of Encryption and Decryption
Encryption: The process of converting plaintext data into ciphertext to
protect it from unauthorized access.
Decryption: The process of converting ciphertext back into plaintext,
making it readable again, using a key.
Symmetric Cryptography: Uses the same key for both encryption and
decryption. It's faster but requires secure key distribution.
Example: AES (Advanced Encryption Standard).
Asymmetric Cryptography: Uses a pair of keys—one public and one
private. The public key encrypts data, and the private key decrypts it.
It's more secure for key exchange.
Example: RSA (Rivest–Shamir–Adleman).
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 WEB ATTACKS
Web attacks are malicious activities that target web applications,
websites, and web users.
These attacks can lead to unauthorized access, data breaches, and
various forms of exploitation.
 WEB ATTACKS
Types of Browser Attacks:
Drive-by Downloads: Malware is automatically downloaded and
executed when a user visits a compromised website, often without
the user's knowledge.
Cross-Site Scripting (XSS): Attackers inject malicious scripts into web
pages viewed by other users. The script can steal cookies, session
tokens, or other sensitive information.
Man-in-the-Browser (MitB): A form of man-in-the-middle attack
where malware infects a web browser, allowing attackers to
intercept and manipulate communication between the user and a
website.
 WEB ATTACKS TARGETING USERS
Web attacks targeting users often involve social engineering tactics to
trick users into revealing sensitive information or performing actions
that compromise security.
Common Techniques:
Phishing: Attackers send fake emails or set up fraudulent websites
to deceive users into providing personal information, such as login
credentials or credit card details.
Spear Phishing: A targeted form of phishing aimed at specific
individuals or organizations, often using personalized information to
increase the likelihood of success.
Clickjacking: Attackers trick users into clicking on a seemingly
harmless element on a web page, which actually triggers an
unintended action, such as enabling a camera or submitting a
form.
 DATA BREACHES
Data breaches occur when sensitive information is accessed or
disclosed without authorization, often as a result of web attacks.
Causes of Data Breaches:
SQL Injection: Attackers exploit vulnerabilities in web applications
to execute arbitrary SQL queries, gaining access to databases and
sensitive information.
Insecure Data Transmission: If data is transmitted over unencrypted
channels, it can be intercepted and accessed by attackers.
Poor Access Controls: Weak or improperly configured access
controls can allow unauthorized users to access sensitive data.
 EMAIL ATTACKS AND PHISHING
TECHNIQUES
Email attacks are a common vector for distributing malware, launching
phishing campaigns, and conducting other forms of cyberattacks.
Phishing Techniques:
Mass Phishing: A broad, non-targeted phishing campaign that
attempts to deceive as many users as possible by sending identical
emails to a large group.
Spear Phishing: A more targeted approach, where the attacker
customizes the email to the specific recipient, often using personal
information to make the email appear legitimate.
Whaling: A form of spear phishing that targets high-profile individuals,
such as executives or government officials, often with the goal of
stealing sensitive data or gaining access to critical systems.
Business Email Compromise (BEC): Attackers impersonate a
company’s executive or trusted partner to trick employees into
transferring money or sensitive information.
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 NETWORK VULNERABILITIES
Network vulnerabilities refer to weaknesses in a network that can be
exploited by attackers to gain unauthorized access, disrupt services,
or steal data.
Types
Configuration Vulnerabilities:
Caused by insecure or improper settings on network devices, such as
default passwords, open ports, or misconfigured firewalls, which can be
exploited by attackers.
 Software Vulnerabilities:
NETWORK VULNERABILITIES
Arise from flaws or bugs in the software running on network devices
or applications, such as unpatched systems or vulnerabilities in
network protocols that can be exploited for unauthorized access or
disruption.
Hardware Vulnerabilities:
Involves vulnerabilities in the physical devices that make up the
network, such as insecure routers, switches, or outdated hardware
that may have built-in weaknesses or lack proper security controls.
Human Factor Vulnerabilities:
Stem from user behavior or lack of proper security practices, such
as weak passwords, susceptibility to social engineering, or
mishandling of sensitive information, making the network more
vulnerable to attacks.
 NETWORK VULNERABILITIES
 Basics of Vulnerability Scanning
 Vulnerability scanning is the process of systematically examining a
network or system to identify security weaknesses, such as open
ports, outdated software, and misconfigurations.
 Steps in Vulnerability Scanning:
 Asset Discovery: Identifying all devices, systems, and applications
on the network.
 Vulnerability Identification: Scanning for known vulnerabilities,
such as unpatched software, open ports, and insecure
configurations.
 Risk Assessment: Evaluating the potential impact of each
identified vulnerability.
 Reporting: Documenting the findings and providing
recommendations for remediation.
 NETWORK VULNERABILITIES
 Open Port/Service Identification
 Open port and service identification is a critical part of network
security. Open ports can expose services that may be
vulnerable to exploitation.

 Open Ports: Network ports that are actively listening for
incoming connections. Attackers often scan for open ports to
identify services running on a network.

 Service Identification: Determining the specific services or
applications running on open ports, which can help in
identifying potential vulnerabilities associated with those
services.
 BANNER/VERSION CHECK
A Banner/Version Check involves querying a network service to
retrieve its banner, which often includes information about the
service, such as its name, version number, and other metadata.
Purpose:
Attackers use this technique to identify the version of software
running on a server or device, which can reveal specific
vulnerabilities associated with that version.
For example, outdated or unpatched software versions might have
known vulnerabilities that can be exploited.
Example:
A hacker uses a tool like Nmap to perform a banner check on a
web server, discovering that it is running an outdated version of
Apache with known vulnerabilities.
 NETWORK VULNERABILITIES

 Traffic and Vulnerability Probes
 Traffic and vulnerability probes are techniques used by attackers
to gather information about a network or system, which can later
be used to exploit vulnerabilities.

 Traffic Probing: Monitoring network traffic to gather information
about the types of data being transmitted, the protocols used,
and potential security gaps.

 Vulnerability Probing: Sending crafted packets to a target system
to identify vulnerabilities in its software, services, or network
configuration.
 OPENVAS
OpenVAS (Open Vulnerability Assessment System) is an open-source
vulnerability scanner that helps in identifying security issues in
networks and systems by performing comprehensive scans.
Features:
It includes a wide range of vulnerability tests (also known as
Network Vulnerability Tests or NVTs) to detect various types of
vulnerabilities in networks, applications, and systems.
OpenVAS is often used by security professionals to conduct
vulnerability assessments and ensure that systems are secure
against known threats.
Usage:
Security teams can use OpenVAS to automate the process of
scanning and identifying vulnerabilities, allowing them to prioritize
and remediate issues before they are exploited.
 METASPLOIT
Metasploit is a widely used penetration testing framework that
provides tools for discovering, exploiting, and validating
vulnerabilities in systems.
Features:
It includes a vast database of exploits and payloads that can be
used to test the security of networks and applications.
Metasploit allows security professionals to simulate real-world
attacks in a controlled environment to identify weaknesses and
assess the effectiveness of security measures.
Usage:
Penetration testers use Metasploit to exploit identified
vulnerabilities, demonstrating the potential impact of a security
breach and helping organizations strengthen their defenses.
 Feature OpenVAS Metasploit
Primary Function Vulnerability Scanning Penetration Testing
Comprehensive tool for
Framework for discovering,
identifying and assessing
Description exploiting, and validating
vulnerabilities in networked
vulnerabilities.
systems.
- Automated vulnerability
- Database of exploits and
scanning
payloads
- Extensive database of
Key Features - Tools for exploiting
known vulnerabilities
vulnerabilities
- Detailed reporting and risk
- Post-exploitation modules
assessment
Used to validate
Ideal for regular network
vulnerabilities by exploiting
scans to identify security
Use Case them and understanding
weaknesses and generate
their impact in real-world
remediation reports.
scenarios.
 Feature OpenVAS Metasploit
Early in the security assessment After vulnerabilities are
Workflow process for identifying identified, to test if they can be
vulnerabilities. exploited.
Integrates with other tools for Integrated into larger security
comprehensive vulnerability frameworks, often used in
Integration
management, primarily focused on conjunction with tools like OpenVAS
scanning and reporting. for penetration testing.
Basic to intermediate Requires advanced expertise in
User Skill Level cybersecurity knowledge; user- penetration testing and ethical
friendly. hacking.
Generates detailed vulnerability Provides detailed reports on
reports with risk assessments, exploited vulnerabilities, showing
Reporting
remediation suggestions, and how they were exploited and the
prioritization. potential impact.
Scanning a network to discover Exploiting a vulnerability identified
outdated software with known by OpenVAS to gain access to a
Examples of Use
vulnerabilities, helping prioritize system and demonstrate the
patching. potential damage.
 SYLLABUS
Module I. Introduction to Cyber Security
Introduction, Computer Security, Threats, Harm, Vulnerabilities,
Controls, Authentication, Access Control and Cryptography.
Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining
User or Website Data, Email Attacks.
Network Vulnerabilities: Overview of vulnerability scanning, Open Port
/ Service Identification, Banner /Version Check, Traffic Probe,
Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit.
Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and
Injection tools.
 INTRODUCTION TO NETCAT AND
SOCAT

Overview
Netcat and Socat are powerful networking tools used for network
communication, diagnostics, and troubleshooting.
Both are designed to handle a variety of network tasks such as
transferring data, testing connections, port scanning, and more.
Netcat is a simple and versatile networking tool, often called the "Swiss
Army knife" of networking. It can create network connections, send
and receive data, scan for open ports, and more.
 INTRODUCTION TO NETCAT AND
SOCAT

What Can You Do with Netcat?
Connect to other computers over the network using TCP or UDP.
Scan for open ports to see what services are running on a system.
Transfer files between computers.
Listen for incoming connections and act as a basic server.
Create a reverse shell to remotely control a machine.
 INTRODUCTION TO NETCAT AND
SOCAT

Usage:
Basic syntax: nc [options] [hostname] [port].
Example: nc -zv 192.168.1.1 1-1000 scans ports 1 to 1000.
 INTRODUCTION TO NETCAT AND
SOCAT
What is Socat?
Socat is like an advanced version of Netcat, with more features. It can
handle different types of network connections and is useful for more
complex tasks.
What Can You Do with Socat?
Create TCP/UDP connections, just like Netcat.
Set up secure (SSL/TLS) connections for encrypted communication.
Forward network traffic between different computers or ports.
Use advanced port forwarding to route data through multiple systems.
Proxy data streams and connect to devices like serial ports.
 DIFFERENCE BETWEEN NETCAT AND
SOCAT

Netcat: Simple and easy-to-use tool for basic networking tasks like file
transfer, port scanning, and simple connections.

Socat: More advanced, supports secure connections, more protocols
(like UNIX sockets and SSL), and can handle complex tasks like
tunneling and proxying.
 NETWORK SNIFFERS AND
INJECTION TOOLS
Network sniffers and injection tools are used to capture, analyze, and
manipulate network traffic.
Network Sniffers:
Wireshark: A popular open-source network protocol analyzer that
captures and inspects packets transmitted over a network.
Wireshark allows users to see all traffic passing through a network
interface and analyze it in detail.
tcpdump: A command-line packet analyzer that allows users to
capture and display TCP/IP and other packets being transmitted or
received over a network.
 NETWORK SNIFFERS AND
INJECTION TOOLS

Injection Tools:
Ettercap: A comprehensive suite for man-in-the-middle attacks on
LAN. It can capture and analyze traffic, perform active
eavesdropping, and inject malicious code into live connections.

Scapy: A powerful Python-based tool that allows users to create,
send, and receive network packets. Scapy is often used for
network testing, scanning, and packet crafting.
THANK YOU