Cyber Security Primer Lecture 04 PDF

Summary

This lecture provides an introduction to cybersecurity, covering key concepts and challenges in protecting computer systems. It discusses different types of threats and the importance of security measures.

Full Transcript

CYBER SECURITY
PRIMER
CSIT040 – modern computing skills

Instructor: Dr. May El Barachi
News !

Gulf News

Fake Website

Victim tricked
(educated person)

Cyber Crime
section – Dubai
Police

e-mail forensics

E-mail
Security Awareness, 3rd Edition header analysis 2
What comes to your mind when you think about cyber
security?

3
Why should I care?

4
Why should I care?
What about the UAE ?

6
Importance of Cybersecurity
 The internet allows an attacker to work from anywhere on the
planet.
 The more connected we are, the more exposed and vulnerable we
become to cyber attacks.
 Risks caused by poor security knowledge and practice:
 Identity Theft
 Monetary Theft
 Legal Ramifications (for yourself and your organization)
 Sanctions or termination if policies are not followed

 According to the SANS Institute, the top vectors for vulnerabilities
available to a cyber criminal are:
 Web Browser
 IM Clients
 Web Applications
 Excessive User Rights
Cybersecurity is Safety

Security: We must protect our computers and data in the
same way that we secure the doors to our homes.

Safety: We must behave in ways that protect us against
risks and threats that come with technology.

8
Challenges of Securing Information

 Security is one of the most important topic in the
computer world
 Volume and diversity of attacks make it hard to defend
against attacks
 No single simple solution to protecting computers and securing information

 Different types of attacks

 Difficulties in defending against these attacks

9
Difficulties in Defending Against Attacks

Table 1-2 Difficulties in defending against attacks

10
Difficulties in Defending Against Attackers

 Speed of attacks
 With modern tools attackers can quickly scan systems to find
weaknesses and launch attacks, Slammer 75,000 computers in first
11 mins

 Greater sophistication of attacks
 Hackers can use common internet tools (e-mail, HTTP) to send data or
commands to attack computers, making it tricky to distinguish an
attack from legitimate traffic

 Attackers detect weaknesses faster and can quickly exploit
these vulnerabilities
 Even in 2004, there was only 5.8 days between the disclosure of a
vulnerability and the release of an attack

11
Difficulties in Defending Against Attackers

 Increasing number of Zero Day attacks
 Occurs when an attacker discovers and exploits a previously
unknown flaw. Attack can run rampant during the time spent to
identify the vulnerability and issue a fix. Average time was 56.07
hrs in 2022

 Distributed attacks
 Attackers can use thousands of computers (zombies, botnets) in an
attack against a single computer or network. Denial of Service
attack

12
Difficulties in Defending Against Attackers

 User confusion (most difficult to defend against)
 Users often have to make difficult security decisions regarding
their computer systems, often with little or no information; e.g.
 Is it ok to open this port? (to unauthorized users!, what is a port?)
 Is it safe to quarantine this attachment?
 Do I want to permit my bank to install this add-in?
 The delay in applying software patches is another example of
user confusion
 A patch is software used to repair security flaws or other
problems in existing software, and is one of the primary defenses
against attacks
 Many attacks have been successful due to users not installing
patches long after they were available
 Vendors are also overwhelmed by the number of patches that
need to be produced, to keep up with the rapidly produced
malware.

13
Difficulties in Defending Against Attacks (simplicity
of attack tools)

Figure 1-1 Increased sophistication of attack tools

14
Difficulties in Defending Against Attacks (simplicity
of attack tools)

Figure 1-2 Menu of attack tools

15
Defining Information Security?

1. Describes task of guarding information that is in a digital format
This information has high value to people and
organizations. Examples ?
There are some important security properties of the
information that should be protected.

2. Ensures that protective measures are properly implemented
creates a defense that attempts to ward off attacks and prevents
the collapse of the system when an attack occurs, ie. Information
Security is Protection

** What are the characteristics/properties of
information that should be protected?

16
The C.I.A. Triangle
Principles of
Information Security,
2nd Edition

 Confidentiality: prevent
unauthorized disclosure of
sensitive information for data at
rest, in transit or during
transformation.

 Integrity: prevent unauthorized
modification, replacement,
corruption or destruction of
systems or information.

 Availability: prevent disruption of
service and productivity,
addressing threats that could
Integrity render systems inaccessible.
Integrity
17
 Other critical characteristics of
information
Integrity
Availability Authenticity:
Information is
Utility: genuine and
original/ data
Information has
value for some Information origin can be
identified
purpose
accurately
Possession: Confidentiality
Ownership and control of
information Accuracy: Info is free from
mistakes and errors
Examples - Availability

 Example violation: After you log in to the ZU network, you find that
the library’s electronic catalog is not working

(i.e., the resources you have access to are not available to you)

19
Examples - Accuracy

 Example violation: You have attended a class, but your teacher has
marked you absent

20
Examples - Authenticity

 Example violation: You receive an SMS from your friend’s phone, but
the content of the SMS does not seem to come from your friend.

Is the SMS truly from your friend? Or has your friend just lost her
phone and this message actually comes from a stranger?

21
Examples - Confidentiality
 Example violation: I left my phone banking personal identity number
(PIN) on my desk. You call my bank and use my PIN to check my
bank account balance.

(You are not supposed to be authorized to access my banking
information)

22
PIN issued by a bank

23
Examples - Integrity
 Example violation: (1) Noise in the transmission media cause data to
lose its integrity; (2) You hack into my account and change your
attendance record

 Closely related to and overlap with the concept of accuracy

24
Utility
 Example violation: You search for information about robotics on a
search engine, but it returns you web pages in Japanese (and you
don’t know Japanese)

 Another example?

25
Possession

 Example violation: I save the mid-term exam
questions in a memory key and you steal it from me

 Closely related to the concept of confidentially. But
the violation of possession does not necessarily
mean violation of confidentiality…

 e.g., I may have already encrypted my memory key.
Even if you now possess my memory key, you can’t
read the files that contain the exam questions.

26
 What critical characteristic(s) of
information have been compromised?
Question 1

 A competitor steals Coca Cola’s secret formula.

28
Question 2

 An on-line payment system alters an electronic
check to read $10,000 instead of ¥10,000

29
Question 3

 In 2020, a 15-year old Canadian boy launched denial-of-service
attacks against websites belonging to several companies, including
Amazon, Dell and eBay. The sites were bombarded with thousands
of simultaneous messages, which prevented users from accessing
them for up to five hours.

30
User Awareness

System Administrators
Some scripts appear useful
to manage networks…
Cracker:
Computer-savvy Posts to
programmer creates Hacker Bulletin Board
attack software SQL Injection
Buffer overflow
Script Kiddies:
Password Crackers
Unsophisticated Password Dictionaries
computer users who
know how to
execute programs Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Criminals: Create & sell
bots -> generate spam Malware package earns $1K-2K
Sell credit card numbers, 1 M Email addresses earn $8
etc… 10,000 PCs info earn $1000 31
Leading Threats & attack tools

Viruses
Worms
Trojan Horses / Logic Bombs
Social Engineering
Rootkits
Botnets / Zombies
What is the difference between all these malware anyway?
 Viruses

 A virus attaches itself to a program, file, or disk.
Program
 When the program is executed, the virus activates and A
replicates itself.
Extra Code

 The virus may be benign or malignant but executes its
payload at some point (often upon contact).
 Viruses can cause computer crashes and loss of data. infects

 In order to recover or prevent virus attacks:
 Avoid potentially unreliable websites/emails. Program
 System Restore. B
 Re-install operating system.
 Use and maintain anti-virus software.
Viruses
Worms
 Independent program that replicates itself and sends copies from computer to
computer across network connections.
 Upon arrival, the worm may be activated to replicate.
Logic Bombs and Trojan Horses

Logic Bomb: Malware logic executes upon certain conditions. The
program is often used for otherwise legitimate reasons.
Examples:
Software which malfunctions if maintenance fee is not paid.
Employee triggers a database erase when he is fired.

Trojan Horse: Masquerades as a benign program while quietly
destroying data or damaging your system.
Download a game: It may be fun but contains hidden code that gathers personal information
without your knowledge.
Logic Bombs and Trojan Horses
Social Engineering
Social engineering is using psychology and social interactions to manipulate people into
performing actions or divulging confidential information. Similar to a confidence trick or simple
fraud, the term applies to the use of deception to gain information, commit fraud, or access
computer systems.

Phone Call: Email:
This is John, ABC Bank has
the System In Person: noticed a
Administrator. What ethnicity problem with
What is your are you? Your your account…
password? mother’s
maiden name? I have come
to repair
your
and have
machine…
some
lovely
software
patches!
Social Engineering
Phishing: Counterfeit Email

A seemingly trustworthy entity asks for sensitive information such as EID, credit card
numbers, login IDs or passwords via e-mail.
Pharming: Counterfeit Web Pages

Wiping
over, but
not clicking
the link
may reveal
a different
Misspelled address.

With whom?
Copyright
date is old

The link provided in the e-mail leads to a counterfeit webpage which collects
important information and submits it to the owner.
The counterfeit web page looks like the real thing
Extracts account information 42
Botnet
 A botnet is a number of compromised computers used to create and send spam or
viruses or flood a network with messages as a denial of service attack.

 The compromised computers are called zombies.
Botnet in action
Man In The Middle Attack

An attacker pretends to be your final destination on the network. When a person
tries to connect to a specific destination, an attacker can mislead him to a different
service and pretend to be that network access point or server.
Man In The Middle Attack – can you show me an example?
Password Cracking

Dictionary Attack and Brute Force
Pattern Calculation Result Time to Guess
(2.6x1018 tries/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x1028 47
Identifying Security Compromises

 Symptoms:
 Antivirus software detects a problem.
 Disk space disappears unexpectedly.
 Pop-ups suddenly appear, sometimes selling security
software.
 Files or transactions appear that should not be there.
 The computer slows down to a crawl.
 Unusual messages, sounds, or displays on your monitor.
 Stolen laptop: 1 stolen every 53 seconds; 97% never
recovered.
 The mouse pointer moves by itself.
 The computer spontaneously shuts down or reboots.
 Often unrecognized or ignored problems.
48
Malware detection

Spyware symptoms
Changes to your browser homepage/start page.
Ending up on a strange site when conducting a search.
System-based firewall is turned off automatically.
Lots of network activity while not particularly active.
Excessive pop-up windows.
New icons, programs, favorites which you did not add.
Frequent firewall alerts about unknown programs
when trying to access the Internet.
Poor system performance.

49
Best Practices to avoid these threats

uses multiple layers of defense to
address technical, personnel and operational issues.

User Account Controls
Anti-virus and Anti-spyware Software

Anti-virus software detects certain types of malware and can destroy it
before any damage is done.
Install and maintain anti-virus and anti-spyware software.
Be sure to keep anti-virus software updated.
Many free and commercial options exist.
Contact your Technology Support Professional for assistance.
Host-based Firewalls
A firewall acts as a barrier between your computer/private network and the
internet.
Hackers may use the internet to find, use, and install applications on your
computer. A firewall prevents many hacker connections to your computer.
Firewalls filter network packets that enter or leave your computer
Protect your Operating System
 Microsoft regularly issues patches or updates to solve security problems in their
software. If these are not applied, it leaves your computer vulnerable to hackers.
 The Windows Update feature built into Windows can be set up to automatically
download and install updates.
 Avoid logging in as administrator
 Apple provides regular updates to its operating system and software applications.
 Apply Apple updates using the App Store application.
Use Strong Passwords

Make passwords easy to remember but hard to guess:

USG standards:
 Be at least ten characters in length
 Must contain characters from at least two of the following four types of
characters:
 English upper case (A-Z)
 English lower case (a-z)
 Numbers (0-9)
 Non-alphanumeric special characters ($, !, %, ^, …)

 Must not contain the user’s name or part of the user’s name
 Must not contain easily accessible or guessable personal information
about the user or user’s family, such as birthdays, children’s names,
addresses, etc.
Creating Strong Passwords
 A familiar quote can be a good start:

“LOVE IS A SMOKE MADE WITH THE FUME OF
SIGHS”
William Shakespeare

 Using the organization standard as a guide, choose the first
character of each word:
 LIASMWTFOS

 Now add complexity the standard requires:
 L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed English
case: password satisfies all 4 types).

 Or be more creative!
Password Guidelines
 Never use admin, root, administrator, or a default account or
password for administrative access.
 A good password is:
 Private: Used by only one person.
 Secret: It is not stored in clear text anywhere, including on Post-It® notes!
 Easily Remembered: No need to write it down.
 Contains the complexity required by your organization.
 Not easy to guess by a person or a program in a reasonable time, such as
several weeks.
 Changed regularly: Follow organization standards.

 Avoid shoulder surfers and enter your credentials carefully! If a
password is entered in the username field, those attempts usually
appear in system logs.
Avoid Social Engineering and Malicious Software

 Do not open email attachments unless you are expecting the email with the
attachment and you trust the sender.
 Do not click on links in emails unless you are absolutely sure of their
validity.
 Only visit and/or download software from web pages you trust.

57
Avoid Stupid Hacker Tricks
 Be sure to have a good firewall or pop-up blocker installed.
 Pop-up blockers do not always block ALL pop-ups so always
close a pop-up window using the ‘X’ in the upper corner.
 Never click “yes,” “accept” or even “cancel.”

 Infected USB drives are often left unattended by hackers in
public places.
58
Secure Business Transactions
 Always use secure browser to do online activities.
 Frequently delete temp files, cookies, history, saved passwords etc.

https://

Symbol indicating
enhanced security
Backup Important Information

 No security measure is 100% reliable.
 Even the best hardware fails.
 What information is important to you?
 Is your backup:
Recent?
Off-site & Secure?
Process Documented?
Encrypted?
Tested?
Cyber Incident Reporting

If you suspect a cybersecurity incident, notify your organization’s
help desk or the UOWD ITS help desk immediately. Be prepared
to supply the details you know and contact information.

1. Do not attempt to investigate or remediate the incident on
your own.
2. Inform other users of the system and instruct them to stop
work immediately.
3. Unless instructed, do not power down the machine.
4. Unless instructed, do not remove the system from the
network.

The cybersecurity incident response team will contact you as
soon as possible to gather additional information.

Each UOWGE organization is required to have a specific plan to
handle cybersecurity incidents. Refer to local policies, standards
and guidelines for specific information.