Introduction to Information Security PDF
Document Details
Uploaded by ConsummateZither
West Bengal State University
Tags
Summary
This document provides an introduction to the concept of information security, discussing the importance of cybersecurity in today's digital world. It explores different approaches to information security implementation, such as bottom-up and top-down models, and emphasizes the importance of a layered security approach.
Full Transcript
Introduction to the Concept of Information Security:- Need for Cybersecurity:- In the age of the internet, organizations are heavily relying on IT infrastructure to keep them safe from cyberattacks. As more and more organizations are adopting digital transformation, the risk of cybercrime is increas...
Introduction to the Concept of Information Security:- Need for Cybersecurity:- In the age of the internet, organizations are heavily relying on IT infrastructure to keep them safe from cyberattacks. As more and more organizations are adopting digital transformation, the risk of cybercrime is increasing at a rapid rate; so is the importance of cybersecurity. Cybersecurity has become the knight in shining armour. Strong cybersecurity policy and infrastructure work together to secure computer systems and networks from an unauthorized attack or access. Businesses, individuals, and governments are investing heavily to reap the benefits of cybersecurity in protecting their assets and data against hackers. For any business to survive in today’s competitive world, it requires the right tools and cyber security strategy. Approaches to the Information Security Implementation:- In order to determine the safety of data from potential violations and cyberattacks, the implementation of the security model has an important phase to be carried out. In order to ensure the integrity of the security model, it can be designed using two methods: 1. Bottom-Up Approach:- The company’s security model is applied by system administrators or people who are working in network security or as cyber-engineers. The main idea behind this approach is for individuals working in this field of information systems to use their knowledge and experience in cybersecurity to guarantee the design of a highly secure information security model. 1 Key Advantages:- disadvantages An individual’s technical expertise in their field ensures that every system vulnerability is addressed and that the security model is able to counter any potential threats. Disadvantage:: Due to the lack of cooperation between senior managers and relevant directives, it is often not suitable for the requirements and strategies of the organisation. 2. Top-Down Approach:- This type of approach is initialized and initiated by the executives of the organization. They formulate policies and outline the procedures to be followed. Determine the project’s priorities and expected results Determine liability for every action needed Advantages And disadvantagesand of top-down implementation: This approach looks at each department’s data and explores how it’s connected to find vulnerabilities. Managers have the authority to issue company-wide instructions while still allowing each person to play an integral part in keeping data safe. Compared to an individual or department, a management-based approach incorporates more available resources and a clearer overview of the company’s assets and concerns. A top-down approach generally has more lasting power and efficacy than a bottom-up approach because it makes data protection a company-wide priority instead of placing all the responsibility on one person or team. Data vulnerabilities exist in all offices and departments, and each situation is unique. The only way for an information security program to work is by getting every manager, branch, department, and employee in agreement with a company-wide plan. 2 Implementing a layered information security approach:- Cybersecurity is critical for businesses of all types and sizes. In one survey, more than half of participants cited cybersecurity as a top concern for their organization. Data and network compromises can have devastating effects that many businesses never fully recover from. In 2019, cyberattacks cost individual businesses an average of $200,000. Attacks come in several forms, such as phishing scams, hacking, unauthorized access at physical locations, Trojan viruses, ransomware, and password attacks. Because there are so many possible vulnerabilities, a layered approach is the best method for implementing total protection across departments. Infosec layering accounts for all standard data protection along with other facets of cybersecurity, including web, network, device, application, software, and physical security. It also includes having a disaster recovery and data backup plan. Layered protection breaks larger security concerns into smaller, more manageable pieces. It lets you customize the type and protection level depending on specific needs, such as department, device, or stored data. Consider a healthcare business. In the financial department, data integrity is likely the top concern to prevent overcharging or undercharging accounts. But the patient records department focuses on data security, privacy, and access control. This is where a layered approach comes in. Layered approaches are woven together so each area of information security relies on the other, creating a stronger, more defensive blanket of protection that makes it harder for outside attackers to gain entry. 3 Web and network security:- Web and network security cover creating policies and safeguarding all browsers, private networks, shared networks, and online user accounts, such as: Clearly assign user roles for each person with access, including management, employees, third-party contractors, and partners Various encryption methods for on-site and off-site employees and contractors IP network-wide security for all network traffic Firewalls, antivirus and antimalware systems, intrusion alerts, and defense software Disabling web browser pop-ups Security for all webmail, including attachments and possible phishing scams Using a secure, up-to-date web browser with an individual, controlled employee access account Mobile device security for company phones, tablets, and smart devices Network segmentation whenever applicable Data loss prevention (DLP) for files and messages Device and app security:- Device and app security applies to all computers, tablets, company phones, smart devices, applications, user software, computer programs, and online accounts. Precautions include: Keeping all apps and software and their subsequent security up to date Requiring unique passwords and log-in credentials for each user, changed regularly 4 Implementing regular device and system maintenance windows throughout the month Keeping thorough, up-to-date records for all device and app activity, including possible, detected, or isolated threats Giving each device user and account a host intrusion detection system Removing unnecessary apps, software, user accounts, and devices from rotation Implementing patch management to keep everything up to date and automatically fixed when new patches are released It is more likely to succeed. That strategy usually provides strong support from top management by committing resources, a consistent preparation and execution mechanism and opportunities to affect corporate culture. Cryptography and Network Security Principles:- In present day scenario security of the system is the sole priority of any organisation. The main aim of any organisation is to protect their data from attackers. In cryptography, attacks are of two types such as Passive attacks and Active attacks. Passive attacks are those that retrieve information from the system without affecting the system resources while active attacks are those that retrieve system information and make changes to the system resources and their operations. 5 In the above figure it made the text secure by forming it into cipher text using encryption algorithm and further decryption to use it. The Principles of Security can be classified as follows: 1. Confidentiality: The degree of confidentiality determines the secrecy of the information. The principle specifies that only the sender and receiver will be able to access the information shared between them. Confidentiality compromises if an unauthorized person is able to access a message. For example, let us consider sender A wants to share some confidential information with receiver B and the information gets intercepted by the attacker C. Now the confidential information is in the hands of an intruder C. 2. Authentication: Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the person trying to access the information. The authentication is mostly secured by using username and password. The authorized person whose identity is preregistered can prove his/her identity and can access the sensitive information. 3. Integrity: Integrity gives the assurance that the information received is exact and accurate. If the content of the message is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity of the message is lost. System Integrity: System Integrity assures that a system performs its intended function in an unimpaired manner, 6 free from deliberate or inadvertent unauthorized manipulation of the system. Data Integrity: Data Integrity assures that information (both stored and in transmitted packets) and programs are changed only in a specified and authorized manner. 4. Non-Repudiation: Non-repudiation is a mechanism that prevents the denial of the message content sent through a network. In some cases the sender sends the message and later denies it. But the non- repudiation does not allow the sender to refuse the receiver. 5. Access control: The principle of access control is determined by role management and rule management. Role management determines who should access the data while rule management determines up to what extent one can access the data. The information displayed is dependent on the person who is accessing it. 6. Availability: The principle of availability states that the resources will be available to authorize party at all times. Information will not be useful if it is not available to be accessed. Systems should have sufficient availability of information to satisfy the user request. 7. Issues of ethics and law The following categories are used to categorize ethical dilemmas in the security system. Individuals’ right to access personal information is referred to as privacy. Property: It is concerned with the information’s owner. Accessibility is concerned with an organization’s right to collect information. Accuracy: It is concerned with the obligation of information authenticity, fidelity, and accuracy. 7 Types of Cyber Attacks:- Cyber Attack Definition:- A cyber attack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information. Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details. What are the 10 most common types of Cyber Attacks? 1. Malware:- Malware — or malicious software — is any program or code that is created with the intent to do harm to a computer, network or server. Malware is the most common type of cyberattack, mostly because this term encompasses many subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, cryptojacking, and any other type of malware attack that leverages software in a malicious way. Types Description Ransomware In a ransomware attack, an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. Ransomware attacks are usually launched through malicious links delivered via phishing emails, but unpatched vulnerabilities and policy misconfigurations are used as well. Fileless Fileless malware is a type of malicious 8 Malware activity that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect. Spyware Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent. Adware Adware is a type of spyware that watches a user’s online activity in order to determine which ads to show them. While adware is not inherently malicious, it has an impact on the performance of a user’s device and degrades the user experience. Trojan A trojan is malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads. Trojans are installed through social engineering techniques such as phishing or bait websites. The zeus trojan malware, a variant, has the goal accessing financial information and adding machines to a botnet. Worms A worm is a self-contained program that replicates itself and spreads its copies to other computers. A worm may infect its target through a software vulnerability or it may be delivered via phishing or smishing. Embedded worms can modify and delete files, inject more malicious 9 software, or replicate in place until the targeted system runs out of resources. Rootkits Rootkit malware is a collection of software designed to give malicious actors control of a computer network or application. Once activated, the malicious program sets up a backdoor exploit and may deliver additional malware. Bootkits take this a step further by infecting the master boot prior to the operating system being on boot up, going undetectable at times. Mobile Mobile malware is any type of malware designed Malware to target mobile devices. Mobile malware is delivered through malicious downloads, operating system vulnerabilities, phishing, smishing, and the use of unsecured WiFi. Exploits An exploit is a piece of software or data that opportunistically uses a defect in an operating system or an app to provide access to unauthorized actors. The exploit may be used to install more malware or steal data. Scareware Scareware tricks users into believing their computer is infected with a virus. Typically, a user will see scareware as a pop-up warning them that their system is infected. This scare tactic aims to persuade people into installing fake antivirus software to remove the “virus.” Once this fake antivirus software is downloaded, then malware may infect your computer. Keylogger Keyloggers are tools that record what a person types on a device. While there are legitimate and legal uses for keyloggers, many uses are malicious. In a keylogger attack, the keylogger software records every keystroke on the victim’s device and sends it to the attacker. 10 Botnet Botnet is a network of computers infected with malware that are controlled by a bot herder. The bot herder is the person who operates the botnet infrastructure and uses the compromised computers to launch attacks designed to crash a target’s network, inject malware, harvest credentials or execute CPU-intensive tasks. MALSPAM Malicious malware (MALSPAM) delivers malware as the malicious payload via emails containing malicious content, such as virus or malware infected attachments. 2. Deniel of Service(DOS) Attack:- A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations. In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations. The difference between DoS and Distributed Denial of Service (DDoS) attacks has to do with the origin of the attack. DoS attacks originate from just one system while DDoS attacks are launched from multiple systems. DDoS attacks are faster and harder to block than DOS attacks because multiple systems must be identified and neutralized to halt the attack. 11 3.Phising:- Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social engineering techniques to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone. Common phishing attacks include: Types Description Spear Phising Spear-phishing is a type of phishing attack that targets specific individuals or organizations typically through malicious emails. The goal of spear phishing is to steal sensitive information such as login credentials or infect the targets’ device with malware. Whaling A whaling attack is a type of social engineering attack specifically targeting senior or C-level executive employees with the purpose of stealing money or information, or gaining access to the person’s computer in order to execute further cyberattacks. SMiShing Smishing is the act of sending fraudulent text messages designed to trick individuals into sharing sensitive data such as passwords, usernames and credit card numbers. A smishing attack may involve cybercriminals pretending to be your bank or a shipping service you use. Vishing Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages pretending to be from a reputable organization to convince individuals to reveal private information such as bank details and passwords. 12 4.Spoofing:- Spoofing is a technique through which a cybercriminal disguises themselves as a known or trusted source. In so doing, the adversary is able to engage with the target and access their systems or devices with the ultimate goal of stealing information, extorting money or installing malware or other harmful software on the device. Spoofing can take different forms, which include: Types Description Domain Spoofing Domain spoofing is a form of phishing where an attacker impersonates a known business or person with fake website or email domain to fool people into the trusting them. Typically, the domain appears to be legitimate at first glance, but a closer look will reveal subtle differences. Email Spoofing Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment. ARP Spoofing Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing attack that hackers use to intercept data. A hacker commits an ARP spoofing attack by tricking one device into sending messages to the hacker instead of the intended recipient. This way, the hacker gains access to your device’s communications, including sensitive data. 13 4. Identity Based Attack:- CrowdStrike’s findings show that 80% of all breaches use compromised identities and can take up to 250 days to identify. Identity-driven attacks are extremely hard to detect. When a valid user’s credentials have been compromised and an adversary is masquerading as that user, it is often very difficult to differentiate between the user’s typical behavior and that of the hacker using traditional security measures and tools. Some on the most common identity-based attacks include: Types Description Kerobarosting Kerberoasting is a post-exploitation attack technique that attempts to crack the password of a service account within the Active Directory (AD) where an adversary masquerading as an account user with a service principal name (SPN) requests a ticket, which contains an encrypted password, or Kerberos. Man-in-the- A man-in-the-middle attack is a type of Middle cyberattack in which an attacker eavesdrops on (MITM) a conversation between two targets with the Attack goal of collecting personal data, passwords or banking details, and/or to convince the victim to take an action such as changing login credentials, completing a transaction or initiating a transfer of funds. Pass-the- Pass the hash (PtH) is a type of attack in which Hash Attack an adversary steals a “hashed” user credential and uses it to create a new user session on the same network. It does not require the attacker to know or crack the password to gain access to the system. Rather, it uses a stored version of the password to initiate a new session. 14 Golden Ticket In a golden ticket attack, adversaries attempt to Attack gain unlimited access to an organization’s domain by accessing user data stored in Microsoft Active Directory (AD) by exploiting vulnerabilities in the Kerberos identity authentication protocol. This allows adversaries to bypass authentication methods. Silver Ticket A silver ticket is a forged authentication ticket Attack often created when an attacker steals an account password. A forged service ticket is encrypted and enables access to resources for the specific service targeted by the silver ticket attack. Credential In credential harvesting, cybercriminals gather Harvesting user credentials — such as user IDs, email addresses, passwords, and other login information — en masse to then access systems, gather sensitive data, or sell it in the dark web. Credential Credential stuffing attacks work on the premise Stuffing that people often use the same user ID and password across multiple accounts. Therefore, possessing the credentials for one account may be able to grant access to other, unrelated account. Password The basics of a password spraying attack Spraying involve a threat actor using a single common password against multiple accounts on the same application. This avoids the account lockouts that typically occur when an attacker uses a brute force attack on a single account by trying many passwords. Brute Force A brute force attack is uses a trial-and-error Attack approach to systematically guess login info, credentials, and encryption keys. The attacker submits combinations of usernames and passwords until they finally guess correctly. 15 Downgrade Downgrade attacks are a cyberattack where Attacks adversaries take advantage of a system’s backward compatibility to force it into less secure modes of operation, such as forcing a user to go into a HTTP version of a website instead of HTTPS. 5. Code Injection Attacks:- Code injection attacks consist of an attacker injecting malicious code into a vulnerable computer or network to change its course of action. There are multiple types of code injection attacks: Types Description SQL Injection A SQL Injection attack leverages system vulnerabilities to inject malicious SQL statements into a data-driven application, which then allows the hacker to extract information from a database. Hackers use SQL Injection techniques to alter, steal or erase application's database data. Cross-Site Cross Site Scripting (XSS) is a code Scripting(XSS) injection attack in which an adversary inserts malicious code within a legitimate website. The code then launches as an infected script in the user’s web browser, enabling the attacker to steal sensitive information or impersonate the user. Web forums, message boards, blogs and other websites that allow users to post their own content are the most susceptible to XSS attacks. Malvertising Malvertising attacks leverage many other techniques, such as SEO poisoning, to carry out the attack. Typically, the 16 attacker begins by breaching a third- party server, which allows the cybercriminal to inject malicious code within a display ad or some element thereof, such as banner ad copy, creative imagery or video content. Once clicked by a website visitor, the corrupted code within the ad will install malware or adware on the user’s computer. Data Poisoning Data poisoning is a type of cyberattack in which an adversary intentionally compromises a training dataset used by an Artificial Intelligence or Machine Learning model to manipulate the operation of that model. When dataset is manipulated during the training phase, the adversary can introduce biases, intentionally create erroneous outputs, introduce vulnerabilities, or otherwise influence predictive capabilities of the model. 7. Supply Chain Attacks:- A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the supply chain. Software supply chain attacks inject malicious code into an application in order to infect all users of an app, while hardware supply chain attacks compromise physical components for the same purpose. Software supply chains are particularly vulnerable because modern software is not written from scratch: rather, it involves many off-the-shelf components, such as third-party APIs, open source code and proprietary code from software vendors. 17 8. Insider Threats:- IT teams that solely focus on finding adversaries external to the organization only get half the picture. Insider threats are internal actors such as current or former employees that pose danger to an organization because they have direct access to the company network, sensitive data, and intellectual property (IP), as well as knowledge of business processes, company policies or other information that would help carry out such an attack. Internal actors that pose a threat to an organization tend to be malicious in nature. Some motivators include financial gains in exchange for selling confidential information on the dark web, and/or emotional coercion using social engineering tactics, such as pretexting, business email compromise (BEC) attacks or disinformation campaigns. On the other hand, some insider threat actors are not malicious in nature but instead are negligent in nature. To combat this, organizations should implement a comprehensive cybersecurity training program that teaches stakeholders to be aware of any potential attacks, including those potentially performed by an insider. 9. DNS Tunneling:- DNS Tunneling is a type of cyberattack that leverages domain name system (DNS) queries and responses to bypass traditional security measures and transmit data and code within the network. Once infected, the hacker can freely engage in command-and- control activities. This tunnel gives the hacker a route to unleash malware and/or to extract data, IP or other sensitive information by encoding it bit by bit in a series of DNS responses. DNS tunneling attacks have increased in recent years, in part because they are relatively simple to deploy. Tunneling toolkits and guides are even readily accessible online through mainstream sites like YouTube. 18 10. IoT-Based Attacks:- An IoT attack is any cyberattack that targets an Internet of Things (IoT) device or network. Once compromised, the hacker can assume control of the device, steal data, or join a group of infected devices to create a botnet to launch DoS or DDoS attacks. [According to the Nokia Threat Intelligence Lab, connected devices are responsible for nearly one-third of mobile network infections – more than double the amount in 2019.] Given that the number of connected devices is expected to grow rapidly over the next several years, cybersecurity experts expect IoT infections to grow as well. Further, the deployment of 5G networks, which will further fuel the use of connected devices, may also lead to an uptick in attacks. 19