Microsoft CyberShikshaa 2024 Phase 1 PDF
Document Details
Uploaded by KidFriendlyIvy
Tags
Summary
This document is a presentation on Microsoft CyberShikshaa 2024 Phase 1. It covers topics such as understanding physical and virtual security, cybercrime, and passwords.
Full Transcript
Training & Content Partner Microsoft CyberShikshaa 2024 Phase 1 Program Content Understanding Physical World Understanding Virtual World Understanding Physical World vs Virtual World What is Internet? Understanding the Need of security physical world vs...
Training & Content Partner Microsoft CyberShikshaa 2024 Phase 1 Program Content Understanding Physical World Understanding Virtual World Understanding Physical World vs Virtual World What is Internet? Understanding the Need of security physical world vs virtual world. Examples as to why virtual security is important? What is Information Security and Introduction to Information Security? With the help of a Quiz Showing them how cyber safe they are? Understanding the Concept and need of Cyber Security: Past- Present & Future Understanding the Importance and Definition of Confidentiality, Integrity and Availability with Examples Program Content Understanding the Need of Passwords Strong Vs. Weak Passwords Reasons for Password Compromise How can a password get compromised Mass Theft & Shoulder Surfing Need for 2 Factor Authentication How to Setup 2 Factor Authentication on various applications. Facebook, WhatsApp & Gmail Understanding the Concept of Crime Cyber Crime and its types Cyber Crime – Legal and Technical Measures Cyber Crime against Individual: Phishing and Cyber stalking and harassment. Examples of how a phishing page looks like and how to avoid it? Hackers and Hacking Types of Hackers Physical World Physical security involves making safe assets you can touch, such as cars, houses, and computers. Physical World: Security In layman language one of the most straightforward approach to keep those intent to making issues physically entering your environment is bolt your doors. Physical Security Cont’d Biometric lock: Physical characteristic to recognise the user (fingerprint). Badges: Any type of recognizable proof expected to separate from everybody (Photo ID). Need of Security at Physical World Physical World Security: The protection served to any physical commodity or living being in physical existence. It includes hardware, software, and data protection from physical actions. These physical actions are referred to fire, flood, natural disasters, theft etc. Surveillance cameras, security personnel are there for maintaining the security. Virtual World Computer-based online community environment; To interact in a custom-built, simulated world. Designed and shared by individuals Using text-based, two-dimensional or three- dimensional graphical models, using input devices like the keyboard, mouse and other specially designed command and simulation gadgets. What is Virtual Security? Virtual World’s Security: Virtual security involves the protection of data and other information that is stored remotely across the internet, or in the cloud. What is Virtual Security? Cont’d Virtual World’s Security: Virtual security Focused on keeping unsafe information out and also on approval and authorizations Virtual Security (Cont'd) Virtual World’s Security: Antivirus Software Strong Passwords (seven or fourteen characters long , contain both upper and lower care) Need of Security at Virtual World Virtual World’s Security: Losses that we can incur at virtual world is about data security. The valuable asset in virtual world is data. The example to it when we have our user login digitally connected to every place- Gmail accounts. Securing Important data WHY VIRTUAL SECURITY? We worry about something when we have something that has value and there is a risk associated with it. Why Virtual Security? Cont’d “Protection of your digital identity” Virtual Security: Importance There is rapid growth in use of social media and other digital communications making it easier for people to hack into technology Why Virtual Security is Important? The importance of virtual world resides in words digitally growing environment and its impact on the world. To testify the impacts level, to know the efficiency of connection established and better communication and reach the virtual environment has gained its vitality. The virtual environment has taken most of the space from the active life of ours made us connected and provides interfaces to build software and application. So, for data security and privacy we seek the virtual security a huge importance to be considered. Data Breach Digital experiments/Attack Avoidance Isolation Threat Evaluations Physical World Vs Virtual World Physical World Virtual World Physical World Vs Virtual World S.No. Physical World Virtual World 1. The reality where we live in our houses and have The unreal world of network where we create our inherited, purchased space to work identity and get workspace created 2. In Physical World we have one single In Virtual world –whether it is a social or gaming identity(managed by our government) world we get to have several usernames –identity 3. Physical host machines, while purchasing a Virtual machines- where we can create number of OS system, laptop, we get one actual OS –Windows, Linux, etc. in a virtual environment with environment and specific physical logical storage mapped to physical storage. storage(space). 4. Physical World is about being cautious what we Virtual world provides us experimental manner and is do, our actions may have permanent impacts to specifically to learning and developing technology. our lives/livelihood. The World Used To Be …….& The World We Know Today Physical World Scenario Virtual World Scenario The World Used To Be …….& The World We Know Today Cont’d Virtual World Physical World Schools Vs. Learning Application Library Vs. Online researches Groups Discussions with friends Vs Social media chat rooms Playgrounds Vs. Play Stations Best friends Vs. Followers and likes hits Marketing Vs. Digital Marketing www.quickheal.com Internet Internet is world wide system of interconnected computer networks It uses the TCP/IP to link devices www.quickheal.com Internet The internet is a globally connected network system that can be used to transfer data via various types of media. This data can be beneficial in different forms for every individual. Every content available over the internet is free of worth for anyone who wants to access it. www.quickheal.com Who Invented Internet? Came into picture in 1970's It was the combined work of many It is a scientists, programmers and engineers combined who each developed new features and effort technologies everyday that eventually merged to become the “INTERNET” we know today www.quickheal.com Do you know The first picture ever uploaded on the web was posted by Tim 1 Burners Lee. The first email was sent by 2 Ray Tomlinson to himself in 1971. First item sold on eBay 3 4 First search engine www.quickheal.com World Wide Web (WWW) WWW contains websites and webpages that can be accessed over the Internet. Resources/webpages and other content is identified by URLs that are accessible via the Internet. The amount of information available on internet is so large that it is difficult to search for specific information, through www is it easy to find. www.quickheal.com The Face Behind WWW English scientist Tim Berners-Lee invented the World Wide Web in 1989. Tim Berners-Lee The World Wide Web ("WWW" or "The Web") is the part of the Internet that contains websites and webpages. www.quickheal.com This Is How Websites Are Accessed Over The Internet www.quickheal.com How Can We Access The Websites? The websites can be accessed with the use of Internet by anyone, anywhere. Every website contains different kinds of contents and each user can access/analyze the content according to his news. www.quickheal.com Difference Between Internet & WWW Internet connects million of computers Internet together so that they can communicate with FTP each other as long as they stay connected to Internet. World Wide Web E-Mail WWW is way of accessing information over the Internet. Telnet www.quickheal.com Difference Between Internet & WWW: Example www.quickheal.com Source: Google SSL An SSL Certificate comprises of your domain name, the name of your company and other things like your address, your city, your state and your country. It has data files that bind a cryptographic key to the details of an organization. When SSL/TLS certificate is installed on a web server, it enables a secure connection between the web server and the browser that connects to it. www.quickheal.com Source: Google What Is HTTP and HTTPS? Hyper Text Transfer Protocol HTTP Hypertext Transfer Protocol Secure HTTPS www.quickheal.com HTTP and HTTPS: Example www.quickheal.com HTTP HTTP is also called “a stateless system”, which means that it enables connection on demand. You click on a link, requesting a connection, and your web browser sends this request to the server, which responds by opening the page. The quicker the connection is, the faster the data is presented to you. www.quickheal.com HTTP HTTPS protocol is an extension of HTTP. That “S” in the abbreviation comes from the word Secure. The standard security technology establishes an encrypted connection between a web server and a browser. Thus, the data remains confidential which is being transferred over the network. www.quickheal.com HTTP VS HTTPS HTTPS HTTP Unsecure Secure TCP Port used: 80 TCP Port used: 443 No data encryption Data is encrypted before being sent It does not require domain validation. It requires domain validation. www.quickheal.com Case Study "Hacked by Lizard Squad - Official Cyber Caliphate" read the message - overlaid on a picture of a Malaysia Airlines A380 airplane, and accompanied by an image of a top-hat-wearing lizard - that greeted people who attempted to access the Malaysia Airlines website, underneath the fake error message "404 - Plane Not Found." www.quickheal.com What Is A Wi-Fi? A wireless networking technology that allows devices such as computers (laptops and desktops), mobile devices (smart phones and wearable's), and other equipment (printers and video cameras) to interface with the Internet. It allows these devices to exchange information with one another, creating a network. www.quickheal.com Secured & Unsecured Wi-Fi An unsecured network can be connected to within range and without any type of security feature like a password or login. On the other hand, a secured network requires a user to agree to legal terms, register an account, or type in a password before connecting to the network. www.quickheal.com Dangers Of Unsecured Wi-Fi Using an unsecured WiFi connection, an attacker can: 1. Capture your account’s user ID and passwords. 2. Log the data of online traffic accessed on your phone or computer. In this way, they can maintain a data of the websites you mostly visit, and plan attack from these websites. 3. Gain access to your computer, its network and data. 4. Launch a spam or malware attack on your device. 5. Hijack the account you are logged into, and use it for unscrupulous purpose. 6. Redirect you to a phishing webpage where you might give away your personal information. www.quickheal.com Third Party Apps Apps designed by companies and individuals other than the provider of the Operating System. So, if Microsoft, Google, Apple or Linux designs a program and it is installed in your smartphone it becomes a first party application. Any program that is not designed by them becomes a third party application. www.quickheal.com Effect Of Third Party Apps Once we download these apps, we give them direct authorization and access to all private information without even thinking what the third party will do with all our credentials. www.quickheal.com Follow These Precautionary Measures Google Play Store and Windows Store are not perfect and 100% safe but they are the most trusted and reputable stores for app downloading. If you are still not convinced, then always download a third-party app after reading the reviews and check whether the app designer has an official website. Third-party app rating and user reviews will give you valuable insights on the authenticity of the app. www.quickheal.com Follow These Precautionary Measures If you have already downloaded a third-party app without reading reviews then watch out for any suspicious activity on your smartphone. Excess battery consumption, heating issues and frequent hanging issues are the most common problems associated with downloading of third- party apps. If your third-party app is asking for too much permissions like access to your contact list or messages, then it is time for you to be alert! Always scan your smartphones with authentic security applications. www.quickheal.com What Do You Mean by Patches? A patch is a small piece of software that a company issues whenever a security flaw is uncovered. Just like the name implies, the patch covers the hole, keeping hackers from further exploiting the flaw. Why Do We Need Patches? Here’s what patches can do: Address a specific bug or flaw Improve an OS or application’s general stability Fix a security vulnerability Patches: Case Study Microsoft had already issued a patch only a matter of weeks ago for the particular hole that led to WannaCry, but many users had either not installed it or did not have automatic updates activated on their systems. What Do You Mean By Updates? An update is a software file that contains fixes for problems found by other users or the software developer. Installing an update fixes the code and prevents the problems from happening on your computer. Because updates fix problems with a program, they are almost always free and available through the program or the companies website. What Do You Mean By Upgrades? An upgrade is a new version of or addition to a hardware or, more often, software product that is already installed or in use. An upgrade may or may not be available for free or for- charge downloading from the product maker's site. Difference Between Update and Upgrade When you update a program, you’re applying new patches and changes to the existing file on your computer. Update When you upgrade a program, then the existing file is being uninstalled, and a new one is being installed in its place. Upgrade Introduction: Cyber Security Cyber Security Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access It covers all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet. Defining Cyber Security Standard Definition: “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation” To Understand Better “The term cyber security is used to refer to the security offered through on-line services to protect your online information.” With an increasing amount of people getting connected to Internet, the security threats that cause massive harm are also increasing. Security of information systems and networks in the face of attacks, accidents and failures with the goal of protecting operations and assets Way Forward What is the meaning of word 1 CYBER? 2 Why we need Cyber Security? What are the Major Cyber 4 Security Problems in Industry? 3 Building Cyber Security Field Meaning Of The Word Cyber It is a combining form relating to information technology, the Internet, and virtual reality. Cyber is a prefix used in a growing number of terms to describe new things that are being made possible by the spread of computers. Anything related to the internet also falls under the cyber category. Cyber Security: The Need Cybersecurity's need is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now being posted knowingly or unknowingly to the public on various networking and social media platforms. Sensitive information like personal health information, Aadhaar details, PAN card details , credit card information and other financial information are now stored by service providers irrespective of their geographical locations. Therefore, such information needs to be protected Major Cyber Security Problems in Industry The Rising Cost Of Widely Available Tighter Regulations Breaches Hacking Tools 2 4 1 3 5 Increasingly A Proliferation Of IoT Sophisticated Hackers Devices Major Domains in Cyber Security Risk Audit & Compliance Digital Forensics Network Security Application Management Testing 02 03 01 04 05 08 Incident Malware 06 07 Management Analysis Security Testing BCP/DR Major Domains in Cyber Security Cont’d Database Security Dark Web Monitoring IOT Security Cyber Security and 10 11 Blockchain 09 12 13 16 Hardware Security 14 15 Security Operation Centre Security Information Cyber Threat and Event Management Intelligence Major Security Domains Proactive Services Technical Audit Compliance Audit Security Management Security Consulting 1 Red Team Audit Active Services 2 Security Operations Centre Real-Time Monitoring Reactive Services CERT as a Service Forensics 3 Investigation What Is Information Security? Information security is establishing of best procedures intended to keep private data protected and protect data from being exploited, release, damage, change, and interruption from unauthorized access from unauthorized persons. Goals Of Information Security Safeguard the confidentiality of The objective of Information security is to 1 information. safeguard information from being misused, attacked, or compromised. Information Protect the integrity of the 2 information security can be measured by three things- Confidentiality Encourage the availability of 3 data for permitted users. Integrity Availability Confidentiality In the CIA Triad principle, let us go through their actual definition and example to get better understanding. CONFIDENTIALITY Confidentiality is the term used to prevent the disclosure of information to unauthorised individuals or systems. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. Example: If a laptop computer containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information. Confidentiality Practical Confidentiality is the concept of ensuring that data is not made available or disclosed to unauthorized people. Confidentially is achieved through Encryption. These are the following steps through which we can perform encryption we will be using http://aes.online-domain- tools.com/ web tool for doing so: Step 1: Visit website http://aes.online-domain-tools.com/ Confidentiality Practical Step 2: Here I am going to encrypt a personal message, converting it into some sort of cipher text to main confidentiality. Confidentiality Practical Step 3: Now we can see another box where we need to provide the key, you can choose your own key. Confidentiality Practical Step 4: Now click on the Encrypt button. After that he cipher text has been generated for our given text message. And the cipher text is: 00000000 dc b5 b4 42 89 a1 01 19 ec fa c5 c3 ca b9 2f 5a Ü µ ´ B. ¡.. ì ú Å Ã Ê ¹ / Z Integrity In the CIA Triad principle, let us go through their actual definition and example to get better understanding. INTEGRITY In information security, integrity means that data cannot be modified without authorisation. This is not the same thing as referential integrity in databases. Example: Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorised user vandalises a web site, when someone is able to cast a very large number of votes in an online poll, and so on. Integrity Practical Data can be compared to a hash value to determine its integrity. Usually, data is hashed at a certain time and the hash value is protected in some way. At a later time, the data can be hashed again and compared to the protected value. If the hash values match, the data has not been altered. Let us do a quick practical on hashing, to see how it maintains integrity. Suppose in this scenario we need to generate a hash of any file to check whether the file has been tempered or not. Just follow the given steps: Integrity Practical These are the following steps through which we can perform hashing we will be using www.md5online.org web tool for doing so: Step 1: Visit website www.md5online.com Integrity Practical Step 2: Here I am going to generate a hash for personal message. In the given box you just provide the message to be hashed and hit on Crypt Button. Integrity Practical Step 3: Now we can see the hash has been generated for our given text message. And the cipher text is: 027d483aff1b4158dc8453f29ed041f9 Integrity Practical Step 4: Now suppose some has to pass this message to legitimate user maintaining the confidentiality of the message, we will simply pass the hash generated in the last step to the concerned user. Integrity Practical Step 5: In the last step we will simply just put the cipher text int decryption box to get the actual message. That how encryption is pure implication of confidentiality. Availability In the CIA Triad principle, let us go through their actual definition and example to get better understanding. AVAILABILITY For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. Example: If an employee wants to access to his domain in any organisation, and if he is privileged to get access to some of the files and information then that should be available to his portal. Availability Practical Availability is concerned with the service which should be available to the authorised user at the certain point of time. The best example of availability we see in everyday life, which is Multifactor or 2 Factor Authentication (2FA). In which if any of the person has to avail to any of the services authorised to them, they should be able to authenticate Successfully to by going through One Time Password or Single sign on authentication mechanisms. In the upcoming slides we are about to see a general pictorial representation. Availability Practical The best example we can reference from daily day to day life routine example, when we setup our google account login settings and choose login method as "Tap on mobile screen to authenticate" option we can see we get access very easily, so the scenario looks like following You will be asked to enter your password first, and then if you will getting a prompt on your mobile phone that "is it you?" And that's it you are successfully authenticated. "In Genral term we can say 2FA is mechanism of authenticating by two factors first is that you already know and the other is something you have." Availability The Availability can be compromises by some the given factors Denial of Service (DoS) Power outages Natural disasters Availability Measures to mitigate threats to availability include: Off-site backups Disaster recovery Redundancy Failover RAID Why Only CIA is not Considered Completely secured? For a very long time it was thought that if a security design meets all of the components of the CIA triad, the data is relatively secure. This way of thinking, however, has changed in recent years for several reasons. So much has changed in the way we store data, where we store it, how we transmit it, and how we secure it. So much has changed in the way we store data, where we store it, how we transmit it, and how we secure it. Why Only CIA Is Not Considered Secure Presently: Examples 01 The threats to information confidentiality, integrity, and availability have evolved into a vast collection of events, including accidental damage, destruction, theft, unintended or unauthorized modification, or other misuses from human or nonhuman threats. 02 Consider other examples as the move to electronic health records in the medical field, the ability to file your taxes online, cloud storage offerings from companies like Google and Amazon, and the evolution of security threats. 03 These are just a few examples of how our data has become much more complex over the last few years, and the complexity is only going to continue to increase. https://www.youtube.com/watch?v=aZTeaL5F4_s Parkerian Came Into Picture Initially it was believed that CIA triad However, this approach is not entirely So to fulfil the security gaps of CIA (confidentiality, integrity, and true because many things has changed triad, Mr. Donn B. Parker introduced a availability) fulfil all security concerns in recent years for several reasons, for new security model with three new of data. example the procedure of storing, security component that is recognized retrieving, and transmitting the data as “Parkerian Hexad Model” has been completely changed. Parkerian Hexad Model: History Confidentiality In 2002, Donn B. Parker, currently a retired information security consultant and researcher, Utility Possession introduced an expanded version of the CIA model the added three additional elements. Information The security model was later renamed to the Security Parkerian Hexad in honour of Mr. Parker. Availability Integrity Authenticity Parkerian Hexad Model: Definition The Parkerian Hexad is an expression of a set of components added to the CIA triad to form or more comprehensive and complete security model. It aims to change how information security is understood and implemented. The six atomic elements of the Parkerian Hexad are: Confidentiality / Possession Control Integrity / Authenticity Availability / Utility Parkerian Hexad Model: Diagram Parkerian Hexad Model Confidentiality When Parker introduced his refined security, he also wanted to change the way information security is Utility Possession assessed and understood. To him, the CIA model is simply too simplistic for some Information applications. Information security has not concentrated Security sufficiently on the role that people play in perpetuating and defending against information-related loss. Availability Integrity Authenticity Need Of New Security Model One of the limitations of the CIA model is that it focuses too much on the technology protecting information assets and not enough on people. He suggested that the elements be looked at in the following groupings: Integrity and Authenticity Confidentiality and Possession Availability and Utility Confidentiality (Parkerian Perspective) Confidentiality is probably the most important element of both the CIA model and the Parkerian Hexad. It refers to the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. If your data is not confidential, it is not secure. Every organization has some form of sensitive information where only certain people should be allowed access to it. One current example of a breach of confidentiality is the recent attacks on the Sony gaming and Qriocity networks. Possession And Control The possession/control component is one of Parker’s additions to the CIA model. It was added to protect against the idea that confidential data can be possessed and controlled by an unauthorized individual or party without actually violating or breaching confidentiality. Parker defines this component as: ““a state of having in or taking into one’s control or holding at one’s disposal; actual physical control of property by one who holds for himself, as distinguished from custody; something owned or controlled” There are ways to protect your sensitive data even if the device that houses the data is stolen or lost. One tool that has grown in popularity fairly recently is the encrypted file system (EFS). Integrity (Parkerian Perspective) Integrity is an original component of the CIA triad. It is defined as the ability to prevent data from being changed in an unauthorized or undesirable manner. This definition is not limited only to unauthorized parties or intrusions. This definition also includes people with authorized access to information assets. It is a known fact that employees are one of the biggest threats to data integrity. There are several ways to protect and ensure data integrity such as data verification and validation checks, performing and maintaining backups, and hashing, just to name a few. Authenticity Authenticity is another one of Parker’s additions to the CIA model. Authenticity refers to the assurance that a message, transaction, or other exchange of information is from the source it claims to be from. Authenticity involves proof of identity. The internet has enabled us all the ability to do just about anything and everything from our homes such as filing our taxes, performing bank transfers, check credit reports and scores, and paying bills. Because of these abilities, and many others, technologies were developed to give customers the confidence in knowing that the site they are visiting is legitimate and the communication is secure. Availability (Parkerian Perspective) Availability is the last component of the original CIA model. Availability is defined as the ability to have resources available when needed. It is one of the simpler components to describe, but ironically, it is one of the most difficult to safeguard. As the old saying goes, the only way to truly achieve total security is to unplug the server and lock it up in a volt. The challenge for every information security professional is to achieve the right balance of availability and security. Depending on the level of availability needed, there are several options available to help meet the goal of availability Utility Utility simply refers to the usefulness of data. This is the last fundamental component of the Parkerian Hexad. It focuses on a much overlooked concept when it comes to data. The data may meet five of the six PH components (confidentiality, integrity, availability, authenticity, possession/control), but is it in a useful state? Utility is often confused or assumed with availability but the two are distinct. CIA V/S Parkerian Hexad Parker describes the CIA model as simple and easily and quickly explained to management, information owners and 1 users, and legislative assistants that write our laws. CIA model is simply too simple a concept to secure today’s 2 complex networks and it may leave environments susceptible to threats that they are not prepared to handle. Parker aimed to expand the view of security and 3 include people more into the realm of information security. CIA vs Parkerian Hexad: Diagram Let us Discuss the Difference Between the Elements of both the models….. Confidentiality vs. Possession Control Every breach of confidentiality is a breach of possession/control. Adversely, 01 every breach of possession/control is not a breach of confidentiality. It refers to the property that information is not made available or disclosed to unauthorized individuals, entities, or processes as the possession/control 02 refers to protect against the idea that confidential data can be possessed and controlled by an unauthorized individual or party without actually violating or breaching confidentiality. Confidentiality has not been breached but your adversary now has 03 possession and control of your information asset. Integrity vs Authenticity Integrity refers to being correct or consistent with the intended state of 01 information. Any unauthorized modification of data, whether deliberate or accidental, is a breach of data integrity. Integrity refers to protecting information from being altered, and authenticity 02 has to do with identifying the owner of the information. Integrity is about standards and the choice to uphold them, while authenticity 03 is about one’s distinctive nature, and the full personification of it. Availability vs Utility Implementing redundancy, failovers, and clusters are great for ensuring 01 availability. Protecting against hardware failures and DDoS attacks is very important to maintaining network health and functionality. Utility focuses on the content of data. If a customer sent an email to a retail 02 company in a language that the retail company doesn’t recognize, that message may meet the requirements of five of the six PH components except for utility. Availability refers to an asset (or data) being present, accessible, and ready 03 for use when needed but Utility is distinguished from availability in that the data are still present but no longer useable. Objectives Of Information Security Authentication Authorization Resource Protection Confidentiality Integrity Auditing Security Activities Need Of Information Security 1 To ensure the data security and availability 2 To protection of the working functionality of the organization 4 To implement the policies of safe operations 3 To defending assets or technology of an organization Information Security Principles Objective In this section. we will discuss about the information security principles and its application. Major Cyber Security Introduction to Cyber Problems in Industry Security 01 05 Building Cyber Security Field 04 02 Need of Cyber Security CIA Triad Principle 03 Understanding Risk, Threat and Vulnerability Risk is defined as the potential for loss or damage when a threat Risk exploits a vulnerability. Examples of risk include financial losses, loss of privacy, reputational damage, legal implications, and even loss of life. Threat A threat refers to a new or newly discovered incident that has the potential to harm a system or your company overall. A vulnerability refers to a known weakness of an asset Vulnerability (resource) that can be exploited by one or more attackers. In other words, it is a known issue that allows an attack to succeed. Threat A person or thing likely to cause damage or danger. Threat: Negative Scenario Example: A threat is what we’re trying to protect against which could be fire, earthquake, oil spillage, bomb, terrorist, hacker etc. It is a negative scenario we want to avoid. Vulnerabilities Vulnerabilities are essentially weak points in software code that could sneak in during an update or when creating the base of the software code. They’re commonly found in more complex and older software systems than newer applications such as SaaS (software as a service) apps, but they’re still pretty much common. Some Common Vulnerability Are: A computer vulnerability is a cybersecurity term that refers to a defect in a system that can leave it open to attack. This vulnerability could also refer to any type of weakness present in a computer itself, in a set of procedures, or in anything that allows information security to be exposed to a threat. Common Security Vulnerabilities Unrestricted upload of 1 Bugs 1 Buffer Overflow 1 dangerous file types Cross site scripting and 22 Secure Shell (SSH) 2 Missing Authorization 2 forgery 3 Virus Infected Software's 3 Use of Broken Algorithms 3 Denial of services Download of code without 4 Missing Data Encryption 4 URL redirection to untrusted sites 4 integrity checks 5 OS Command Injection 5 Path traversal 5 Data breach Vulnerability It is a weakness or gap in our protection system which can be exploited by threats to gain unauthorized access to asset. Weakness Vulnerability For Example: A vulnerability is a weakness that can be exploited in order to attack you. Vulnerability: Examples Employee using Social Media in office and sharing confidential information. Vulnerability: Examples Outdated anti-virus installed in system making it vulnerable to attack. Vulnerability: Examples Here security guard is not active for access control of this critical building making it vulnerable to unauthorized access. Risk Risk is the potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability The Biggest risk a person can take is do nothing. Relationship b/w Risk, Threat and Vulnerability Risk threat and vulnerability along with example: - Threats may exist, but if there are no vulnerabilities then there is no risk.. Similarly, if you can have vulnerability, but if you have no threat, then you have no risk. Risk is the product of Vulnerability and threat. R=VT Relationship b/w Risk, Threat and Vulnerability Asset Threat Risk = Vulnerability x Threat Vulnerability Protective Measures Risk Relationship b/w Risk, Threat and Vulnerability Risk Life Cycle Exploits Threat Vulnerability Risk Can be Countermeasures Asset safeguarded Threat exploits vulnerability which leads to risk and can damage assets of the organization and it can be safeguarded by adopting suitable countermeasures. This is also called as Risk life cycle. Threat And Vulnerability Landscape Attackers are constantly probing for new weaknesses and vulnerabilities to exploit in corporate networks, while organizations are being forced to take new, more wide approaches to IT systems to support trends like Bring-Your- Own-Device and Cloud Computing. All this means that the days of simply building a defensive wall around your corporate IT systems are long gone, as organizations become ever more reliant on third parties to deliver critical services. Threat And Vulnerability Landscape (Cont’d) Today, Advanced Persistent Threats (APT) and Cyber Crimes are being seen far more often in the corporate world. New trends like “hacktivism” and "social engineering" are also rearing their heads more regularly. Some of the highlights are main reason why the landscape is changing rapidly: Malware is becoming self-propagating due to its behavioral changes. Adversaries are stepping up their evasion capabilities. IoT is becoming a significant threat vector due to vulnerability. Ransomware are not being used for just ransom, but to destroy whole infra-system. What Is A Password? A password is a set of secret characters or words utilized to gain access to a computer, web page, network resource, or data. A password can be something which can be memorized or can be stored somewhere for future use of it to gain access of a particular thing. Why Do We Need Password? Passwords help ensure that computers or data can only be accessed by those who have been granted the right to view or access them. They are like a security checks which allows only the authorized person to have the access. This helps to maintain the data integrity. Types Of Password Passwords can be of two types only: 1. Strong Passwords 2. Weak Passwords Types Of Password Strong Passwords Strong password consists of characters that are a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are typically case- sensitive, so a strong password contains letters in both uppercase and lowercase and helps in protecting your data/account more efficiently. Types Of Password Weak Passwords Passwords that is easy to be detected by humans as well as by computer is known as weak passwords. Weak passwords result in degradation of your security measures and makes data/account more easily vulnerable to cyber attacks. Ways To Set A Strong Password Ways to set a Strong Password are: Make your passwords very long Don’t use a common phrase Don't use birthdates or mobile number as password. Don’t reuse your password Use Uppercase, Lowercase, Symbols & Numeric digits. Case Study Any Facebook account can be hacked. All it requires is a phone number. Apparently, almost all Facebook accounts are vulnerable to hacking. According to Positive Technologies, a firm focused on cyber security, hacking a Facebook account is relatively easy, especially to those who have access to telecom networks or can hack/manipulate telecom networks. Worst Password Password Practices Never Tell Anyone Your Password Adopt the 8 + 4 Rule Use Different Passwords for Different Accounts PASSWORD PRACTICES Don’t Write Anything Avoid Down Dictionary Words Adopt Passphrases Adopt The 8 + 4 Rule Adopt the 8 + 4 Rule 1 Adopt the 8 + 4 Rule This rule helps you to build passwords that are strong as steel. Use eight characters with one upper and one lower case, a special character like as asterisk and a number. The more random the better. Never Tell Anyone Your Password Never Tell Anyone Your Password 2 Never Tell Anyone Your Password A good policy will stress that no one should ever tell anyone else their password. Use Different Passwords For Different Accounts Use Different Passwords for Different Accounts 3 Use Different Passwords for Different Accounts Even if there are several accounts you hold, it’s a bad a idea to cut a corner by using the same password for each. Use a different one for every account. Avoid Dictionary Words 4 Avoid Dictionary Words Avoid It might sound safe to go to the dictionary for a Dictionary Words password, but hackers actually have programs that search through tens of thousands of these words. Dictionary attack programs have been around for years. Adopt Passphrases I love Pizza 5 Adopt Passphrases Abbreviations are usually immune to dictionary attacks. So TSWCOT for The Sun will Come Out Tomorrow is a good choice for a secure password. Remember to add Adopt Passphrases symbols and numbers. Don’t Write Anything Down 6 Don’t Write Anything Down Granted, committing all of all your passwords to Don’t Write Anything Down memory might get tricky. However, everyone under your small business roof needs to understand not to write anything down. A discarded Post-It can be all a would be hacker needs. The Traditional Password Advice According to the traditional advice—which is still good—a strong password: Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better. The Traditional Password Advice (Cont’d) Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack. Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad. The Traditional Password Advice (Cont’d) Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious. Try to mix it up for example, “BigHouse$123” fits many of the requirements here. It’s 12 characters and includes upper-case letters, lower-case letters, a symbol, and some numbers. Making Your Passwords Very Long Your enemy isn’t some guy in a ski mask trying to guess your password one try at a time. It’s a program that automatically runs through massive databases of common passwords or random combinations of characters. The best answer to that is a very long string of words. But as many hackers use “dictionary attacks” to guess regular words, it’s best to add some capital letters, special characters, or numbers. Don’t Reuse Your Password When your password on some web service gets hacked (and it will), you’d better hope you didn’t use the same password on three other services. Don’t use a weak password for services that “don’t matter,” because some day you might give one of those services your credit card info, or use it to authorize more important services, and you won’t think to beef up your password. Don’t Store Passwords In Your Browsers Those can get hacked, too. Some of Opera’s saved passwords were partially hacked last year. Even Google accounts are vulnerable. It’s a lot easier for hackers to pose as Google and request your login than it is for them to pretend to be your chosen password management app. If your Google account gets hacked, you’ll be in enough trouble without also worrying about all your saved passwords. Role Of A Password Manager Password manager is a software application that is used to store and manage the passwords that a user has for various online accounts and security features. Password managers store the passwords in an encrypted format and provide secure access to all the password information with the help of a master password. Need Of Password Management Password management is being able to manage user passwords from one centralized location. Managing passwords includes enforcing password complexity, password rotation, and ensuring users are following best practices for password security. Weak password management in an organization is a significant security risk because passwords play a serious role in protecting your digital kingdom. Case Study 63% of confirmed data breaches involve leveraging weak, default or stolen passwords. “Often the reason why criminals were so quick at breaking in was that they already had the key.” Case Study Any Facebook account can be hacked. All it requires is a phone number. Apparently, almost all Facebook accounts are vulnerable to hacking. According to Positive Technologies, a firm focused on cyber security, hacking a Facebook account is relatively easy, especially to those who have access to telecom networks or can hack/manipulate telecom networks. Authentication Authentication is process of verifying identity of the user. Most common technique to authenticate user is ID and password. Two Factor Authentication (2-FA) Cont’d Something You know. Something You Posses. 2 Authentication Factors 2 Authentication Factors is the extra layer of security that not only requires username and password but a piece of information that only the user can access. 2 Authentication Factors Cont’d Username and password are the credentials that you know, when you enable two factor authentication it provides a security layer where the user gets a piece of information on the device that the user owns. Why 2 Authentication Factors? User authentication No fraudulent logins Ensures secure access Adds extra layer of security Threat To Passwords Social Engineering Phishing Shoulder Surfing 2FA For WhatsApp 2FA For WhatsApp Step 1. Open WhatsApp Step 2. open settings step 3. Go to account 2FA For WhatsApp Step 4 : Look for 2 step verification 2FA For WhatsApp Step 5 : Tap enable Step 6: Enter the 6 digit passcode Step 7:Re-enter six-digit passcode. Step 8: Optionally, add your email address on the next screen Step 9: Done 2FA For Facebook 2FA for Facebook Cont’d Step 1: Log in to your Facebook account and go to Settings. 2FA for Facebook Cont’d Step 2: Choose “Security” tab 2FA for Facebook Cont’d Step 3: Login Approvals > Click “Edit”. 2FA for Facebook Cont’d Step 4: Turn On 2FA (“Login Approvals”) > click “Enable” 2FA for Facebook Cont’d Step 5: 2FA (“Login Approvals”) enabled > close. 2FA For Gmail Turn on 2-Step Verification 1.Open your Google Account. 2.In the navigation panel, select Security. 3.Under “Signing in to Google,” 4.select 2-Step Verification >Get started. 5.Follow the on-screen steps. 2FA For Gmail Cont’d Step 1 : Login to Gmail account 2FA For Gmail Cont’d Step 2 : Click to the Account image Icon 2FA For Gmail Cont’d Step 3 : Go to security Tab > Click for 2 Steps Verification 2FA For Gmail Cont’d Step 4 : Click Get Started 2FA For Gmail Cont’d Step 5 : Click Continue 2FA For Gmail Cont’d Step 6 : TAP Yes 2FA For Gmail Cont’d Step 7 : Enter the Mobile number 2FA For Gmail Cont’d Step 8 : Enter the OTP sent to your mobile number 2FA For Gmail Cont’d Step 9 : 2 FA is Turn On 2FA For Gmail Cont’d Step 10 : 2 FA is Done 2FA For Instagram Cont’d Step 1: log on to your Instagram 2FA For Instagram Cont’d Step 2: log on to your Instagram 2FA For Instagram Cont’d Step 3: 2FA For Instagram Cont’d Step 3: 2FA For Instagram Cont’d Step 4: 2FA For Instagram Cont’d Step 5: 2FA For Instagram Cont’d Step 6: 2FA For Instagram Cont’d Step 7: 2FA For Instagram Cont’d Step 8: 2FA for Signal Registration Lock : Is basically the two-factor authentication feature that requires you to enter an additional PIN while registering Signal on a new device. So if you want to further enhance your security and want to enable two-factor authentication on Signal then follow the steps below. In case, you forget your PIN and have no access to your old device then you will have to wait 7 days for the Registration Lock to expire. Only after that, you will be able to log in to Signal and create a new PIN. So to be on the safe side, write down the PIN and store it in a safe place. Currently, Signal does not support Authenticator apps or offer any backup codes. You need to memorize the PIN which will act as your 2FA key. 2FA For Signal Cont’d Step 1: Set up Two-Factor Authentication (2FA) on Signal First of all, tap on your profile icon at the top- left corner and open “Privacy“. 2FA For Signal Cont’d Step 2:Next, scroll to the bottom and enable “Registration Lock”. This will enable two-factor authentication (2FA) on your Signal account. Now whenever you will reinstall Signal, it will ask for the PIN along with the one-time code sent to your device. 2FA For Signal Cont’d Step 3: In case, you don’t remember your PIN then you can simply tap on “Change your PIN” and create a new one. You can create at least a 4- digit or a maximum 20-digit PIN. If you want, you can also create an alphanumeric PIN. Make sure you don’t forget the PIN as you will need it during reinstallation and restoration of your profile. 2FA For Signal Cont’d Step 4: In case, you don’t remember your PIN then you can simply tap on “Change your PIN” and create a new one. You can create at least a 4- digit or a maximum 20-digit PIN. If you want, you can also create an alphanumeric PIN. Make sure you don’t forget the PIN as you will need it during reinstallation and restoration of your profile. 2FA For Signal Cont’d Step 5: Keep in mind, Signal will remind you to re-enter the PIN from time to time so it’s etched in your memory. If you find the prompt annoying then you can disable the “PIN reminders” toggle. However, I would not recommend this action if you frequently forget passwords and PIN. Two Factor Authentication (2-FA) Introduction To Cyber Crime A crime is an unlawful act punishable by a state or other authority. In current scenario cyber crime is increasing very fast as the technology is growing very rapidly. So the cyber crime investigation is becoming a very complicated task to do without a proper framework. A generalized definition of cyber crime may be “Unlawful acts wherein the computer is both a tool and target. Cyber Criminal is a person who commits an illegal act with a guilty intention or commits a crime in context to cyber crime”. Cyber Crime Cont’d Cyber Crime is the darker side of technology. The term ‘Cyber Crime’ finds no mention either in The Information Technology Act 2000 or in any legislation of the Country. Cyber Crime is not different than the traditional crime. The only difference is that in Cyber Crime the computer technology is involved. In general term ‘Cyber Crime’ needs no introduction in today’s e-world. In this world, where everything is available at a click, crimes are also been committed at a click. Basically we can say that it is a crime where the computer is either a tool or a target. Cyber Crime : When Computer Can Be A Cyber Crime : Why Crime in Cyberspace? Open to participation by anyone, No boundaries for age, geographical region, gender, profession or the purpose of use. Anonymous nature of user on internet, give rises to criminal activities with impunity. Lack of awareness for protection of digital assets. Cyber space creates civil, criminal as well as moral wrongs. The laws applicable in real world cannot be interpreted in the same way for virtual worlds / cyberspace. Cyber Crime Can Broadly Be Categorized Into Following Cyber crime against Person Cyber crime against Property Cyber Crime against Government Cyber crime against Society in large Against Person Where the crime is committed against a person or individual. This includes various crimes like child pornography, trafficking, grooming, harassment using e-mails, cyber-stalking, posting and distributing obscene material, cyber bullying, identity theft. Against Property Likewise in the real world, the cyber world criminals can steal and rob. They can steal a person’s confidential bank details and siphon off money; misuse the credit card; can hack to an organization’s website or disrupt the whole business management systems of the organization. unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programs, and unauthorized possession of computerized information. Against Government Wherein the crime is committed against Government. Through cyber terrorism one can wreak havoc and cause panic amongst the citizens, criminals hack government websites, military websites. The perpetrators can be terrorist outfits or unfriendly governments of other nations. Cyber Crime: The Computer As A Target Using a computer to attack other computers. Example: Hacking, Virus/Worm attacks, DOS attack Cyber Crime: The Computer As A Weapon Using a computer to commit real world crimes. Example: Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc Cyber Law And Cyber Security Cyber law it is also known as Internet Law. The term Cyber law describes the legal issues related to the use of various Internet Technologies. The major areas of cyber law include: Fraud Copyright Defamation Harassment and Stalking Freedom of Speech Trade Secrets Contracts and Employment Law Cyber Law And Cyber Security Cont’d Cybersecurity refers to a set of techniques used to protect the integrity of an organization’s security architecture and safeguard its data against attack, damage or unauthorized access. The three most important pillars of cyber security: Integrity Sample Text Sample Text Confidentiality This is a sample text. Insert your desired text here. Availability Sample Text Cyber Law: IT Act 2000 And Amendments Reason for introducing IT Act 2000 To facilitate ecommerce Legal recognition of electronic records and digital signature Civil liabilities for contravention of provisions. Transformation from traditional paper bases system to digitalization at government organizations Regulatory regime to supervise the certifying authorities issuing digital signature certificates Real World IT Act Example Amendments Act 2008 To prevent computer related / based crimes Ensure security practices and procedures Protection of personal data and information Implementation of security practices and procedures Protection of critical information infrastructure is pivotal Rise to new forms of crimes, Time to add/ amend penal provisions to tackle Cybercrimes. (IT Act, IPC, IEA, Cr.PC). alternate technology of electronic signature Financial Crimes These crimes are against property, where the computer is used as a Cyber cheating tool. Accounting scams Punishment for such crimes under IT Act is up to 3 years and/ or ₹5 lacs as fine. Data manipulations Hacking into bank servers Debit & Credit Cards Fraud Sections 43, 66, 66C, 66D of IT Act and section 420 of the IPC. Phishing This crime is against property, where the computer is used as a Personal information tool. Financial information Punishment for such crimes under IT Act is up to 3 years and/ or ₹5 lacs as Fine. Causes monetary loss disguising trustworthy entity Money is the main motive Sections 43, 66, 66C of IT Act Cyber Pornography These crimes are against person, where the computer is used Pornographic websites as a tool. Pornographic magazines Punishment for such crimes under IT Act is up to 5-10 years and Fine. Produce, published, print Pictures, videos writing Download , transit Section 67 of IT Act Pornography And Child Pornography These crimes are against person, where the computer is used as a Pornographic websites tool. Pornographic magazines Punishment for such crimes under IT Act is up to 5-10 years and Fine. Produce, published, print Pictures, videos writing Download , transit Section 67A & 67B of IT Act IPR Related Crimes These crimes are against property, where the computer is Patent used as a tool. Trademarks Punishment for such crimes under IT Act is up to 3 years and fine. Trade Secrets Software piracy Source code tampering Copyright infringement Sections 43, 65 and 66 of IT Act Email Spoofing These crimes are against person, where the computer is Fraud , misrepresentation used as a tool. Emails from unknown source Punishment for such crimes under IT Act is up to 3 years disguised as known source and fine. To obtain trust and confidential information. Sections 43, 66A, 66D of IT Act Cyber Defamation These crimes are against person, where the computer is Publish used as a tool. Post Punishment for such crimes under IT Act is up to 3 years and fine. Write Defamatory and derogatory False statements Sections 43, 66D of IT Act Cyber Stalking These crimes are against person, where the computer is Following used as a tool. Tracking Punishment for such crimes under IT Act is up to 3 years and Fine. Keeping watch Through internet. Malicious intention Sections 43, 66 of IT Act Email Bombing These crimes are against property, where the computer is Type of denial of service used as a target. Loose important data Punishment for such crimes under IT Act is up to 3 years and Fine. Flooding of email Loss of documents Harm to business or work Sections 43, 66 of IT Act Denial Of Service Attack These crimes are against property, where the computer is Cause harm to work or business used as a tool and target. Flooded with unwanted task Punishment for such crimes under IT Act is up to Life imprisonment and fine. Crash / system failure. Sections 43, 66, 67F of IT Act Cyber Terrorism These crimes are against Government, where the computer is used as a tool. Punishment for such crimes under IT Act is up to Life imprisonment and fine. Sections 66F of IT Act Virus and Worm Attack These crimes are against property, where the Destroy documents computer is used as a tool and target. Corrupt the files Punishment for such crimes under IT Act is up to 3 years and Fine. Crash / system failure Designed to spread from one computer to another. Sections 43, 66, of IT Act Trojan And Key Loggers These crimes are against property, where the computer is Destroy documents used as a tool and target. Corrupt the files Punishment for such crimes under IT Act is up to 3 years and Fine. Malicious programs Designed to spread from one computer to another. Sections 43, 66, of IT Act Web Jacking These crimes are against property, where the Motive Ransom computer is used as a tool and target. Forcefully taking control Punishment for such crimes under IT Act is up to 3 years and Fine. Of Website Cause harm to business or work Sections 43, 66, 66C, 66D and 72 of IT Act Email Frauds Impersonation These crimes are against person, where the To extract money computer is used as a tool. Punishment for such crimes under IT Act is up Cheat and fraud to 3 years and Fine. Nigerian scams Russian wife scams Sections 43, 66A, 66D of IT Act Internet Threat Scenarios The current top five cyber threats that you should be aware of. 1 Ransomware 6 Data leakage 2 Phishing 7 Impersonation Hacking Spyware 3 8 Hacktivism Cyber terrorism 4 9 Cyber terrorism 5 Fake / rumors on internet 9 Source: www.icaew.com Ransomware Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever. The age-old quote “Precaution is better than cure” becomes applicable here to keep ourselves safe in this ever-changing digital world. Ransomware: Week – Over –Week Ransomware Attack: Safety Measures Measures to stay safe from Ransomware attacks Security Awareness Backup OS and Software Patching Be aware of Phishing Attacks Network Segmentation Implementing Strict Access and Privilege Policies Install a Trusted & Reputed Cyber Security Solution Source: blogs.quickheal.com Security Awareness Security awareness training can help users to identify threats posed by phishing emails, fraudulent/untrusted websites, and social- engineering techniques. If implemented in the right spirit, this awareness and the resultant mindful actions can save us from the dangers of ransomware’s impact. Source: blogs.quickheal.com Backup Regular backups can help users/organizations to restore important files and data in case of a ransomware attack. Back up your important data regularly and keep the data secure by either storing it offline or keeping it disconnected from the network to prevent them from getting affected. If your computer gets infected, your files can be restored from the offline backup once the malware has been removed. Source: blogs.quickheal.com OS and Software Patching Ransomware can exploit software vulnerabilities to spread laterally. Hence, it’s important to take measures to safeguard against any vulnerabilities that might impact us. Keep your Operating System and other software updated by applying the latest patches. Software updates frequently include patches for newly discovered security vulnerabilities that attackers could exploit. Do not download unverified, cracked, or pirated software, as it can be used to install malware on your computer. Avoid downloading software from untrusted P2P (Peer to Peer) or torrent sites. In most cases, they are malicious. Source: blogs.quickheal.com Be aware of Phishing Attacks Do not click on any links or download attachments from unexpected sources and the emails you receive from unverified or unknown accounts. Most phishing emails carry a sense of urgency. They are crafted to trick you into taking action, like clicking on a link or downloading an attached file. Source: blogs.quickheal.com Network Segmentation Since ransomware can spread laterally in the network, it’s crucial to limit the spread. Network segmentation divides the network into multiple smaller networks and helps by isolating the infected machine and preventing ransomware from spreading to the other systems. Additionally, you can keep your network secure by: Keeping strong and unique passwords for login accounts and network shares. Disabling unnecessary admin shares or providing access permission to shared data strictly as per the requirement & for a limited duration. Source: blogs.quickheal.com Implementing Strict Access and Privilege Policies Only the users/systems who are authenticated should get the required level of access to the system and network. This will help to detect and prevent ransomware spread. The following practices can help manage the users on your devices and their privileges: – Avoid browsing, opening documents, or other activities while logged in as an administrator. Turn off the services that are not in use, such as Bluetooth, file sharing, etc. Maintain Access Control for users by limiting their access to their specified tasks and actions to reduce the impact of data loss if that user gets infected. Source: blogs.quickheal.com Implementing Strict Access and Privilege Policies Cont’d Set a strong password to user & email accounts. Strong passwords include letters in UPPER CASE, lowercase, numbers & special characters. However, a bad example would be common passwords like P@ssw0rd, Admin@123#, etc. Set password expiration & account lockout policies (in case an incorrect password is entered several times). Don’t assign Administrator privileges to users unless absolutely required. Source: blogs.quickheal.com Install a Trusted & Reputed Cyber Security Solution Ensure that all your devices are protected by a trusted and reputed cybersecurity solution like Quick Heal. Ensure that your product is updated with the latest updates at all times. Source: blogs.quickheal.com Phishing Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. Source: www.wallarm.com Phishing: Example researchers say they have detected a cyberespionage effort using targeted phishing emails to try to collect vital information on the World Health Organization's initiative for distributing COVID-19 vaccine to developing countries. Read more at: https://economictimes.indiatimes.com/news/international/world-news/phishing-ploy-targets-covid-19- vaccine-distribution- effort/articleshow/79550803.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=c ppst Source: https://www.wallarm.com/what/types-of-phishing-attacks-and-business-impact#real_life_examples_of_phishing_attacks Phishing Attack: Statistics Phishing Email Attacks Phishing URL Attacks Phishing Attack: Statistics Phishing Attack: Statistics The Opposite Side: Taking An Enemy Perspective Most of the organizations do not recognize risk actors and their goals, therefore it’s so crucial for companies to look at themselves across the eyes of attackers. It helps to understand the attacker’s intension and actions, it provides a better understanding attacker’s mindset and the resources that will extremely be targeted and the vulnerabilities that are extremely sensitive to exploit. “Anatomy of an Phishing Attack” Spear-Phishing Attack Spear phishing is on the rise. Unlike regular phishing, where attacks are usually sent as bulk mail to full email databases, spear phishing uses individualized details that make it much harder to recognize. Hacking Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorized access to or control over computer network security systems for some illicit purpose. Hacking: Example Hackers use brute force, security exploits, social engineering, and other means to gain access to systems without proper permission. What they do with that access, however, can vary greatly depending on their motivations. Ethical Hacking What is Ethical Hacking Why Do We Need ? Ethical Hacking Cont’d What is Ethical Hacking? Answer: Ethical hacking, also known as the grey hat, white hat hacking type, tests a computer system or network to assess its security and attack vulnerability. Ethical hacking often involves penetration testing or vulnerability scanning, and it helps organizations to discover security vulnerabilities that hackers can exploit. These tests are usually performed by skilled computer professionals who are not maliciously trying to break into a system but want to help improve its defenses against real-world threats. Ethical Hacking Cont’d Why it is so important? Answer: Ethical hacking is important to expose your systems vulnerability/weaknesses so you can fix them before malicious hackers do or from malicious activity. It plays a very important role in the security of organization in any country. Improve security awareness at all levels in a organization or business. Avoid security breaches. Ethical Hacking VS Unethical Hacking Parameter Ethical Hacking Unethical Hacking Intention Intend to protect your data or Intend to steal, damage or disclose your information. Ethical hacker would strike a data or information without any company's network for all the right permission. reasons, such as detecting, repairing security flaws to protect the system. Legality Fully legal (With Approval) Entirely illegal (Without Approval) Punishment No punishment punishable with Fine Nature of Work They tend to be part of a team or They often work alone due to the risks organization to reduce the possibility of involved but sometimes may work in rogue elements. groups as well. Status Good Bad Types Of Attackers Hackers White Hat Hacker Black Hat Hacker Gray Hat Hacker Hacktivist White Hat Hacker White hat hackers are types of hackers who’re professionals with expertise in cybersecurity. They are authorized or certified to hack the systems. These White Hat Hackers work for governments or organizations by getting into the system. They hack the system from the loopholes in the cybersecurity of the organization. This hacking is done to test the level of cybersecurity in their organization. By doing so, they identify the weak points and fix them to avoid attacks from external sources. White hat hackers work as per the rules and regulations set by the government. White hat hackers are also known as ethical hackers. White Hat Hacker: Motives & Aims The goals of these types of hackers are helping businesses and an appetite for detecting gaps in networks’ security. They aim to protect and assist companies in the ongoing battle against cyber threats. A White Hat hacker is any individual who will help protect the company from raising cyber crimes. They help enterprises create defences, detect vulnerabilities, and solve them before other cybercriminals can find them. Black Hat Hacker Black hat hackers are also knowledgeable computer experts but with the wrong intention. They attack other systems to get access to systems where they do not have authorized entry. On gaining entry they might steal the data or destroy the system. The hacking practices used by these types of hackers depend on the individual’s hacking capacity and knowledge. As the intentions of the hacker make the hacker a criminal. The malicious action intent of the individual cannot be gauged either can the extent of the breach while hacking Black Hat Hacker: Motives & Aims To hack into organizations’ networks and steal bank data, funds or sensitive information. Normally, they use the stolen resources to profit themselves, sell them on the black market or harass their target company. Gray Hat Hacker The intention behind the hacking is considered while categorizing the hacker. The Gray hat hacker falls in between the black hat hackers and white hat hackers. They are not certified, hackers. These types of hackers work with either good or bad intentions. The hacking might be for their gain. The intention behind hacking decides the type of hacker. If the intention is for personal gain then the hacker is considered to be a gray hat hacker. Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers Gray Hat Hacker: Motives & Aims The difference is, they don’t want to rob people nor want to help people in particular. Rather, they enjoy experimenting with systems to find loopholes, crack defenses, and generally find a fun hacking experience. Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers Hacktivist These types of hackers intend to hack government websites. They pose themselves as activists, so known as a hacktivist. Hacktivist can be an individual or a bunch of nameless hackers whose intent is to gain access to government websites and networks. The data gained from government files accessed are used for personal political or social gain. Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers White, Gray And Black Hat Comparison Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers Hacktivism Hacktivism, a combination of the words “hacker” and “activism”, is a form of hacking that usually isn’t motivated by monetary gain. In these cases, a religious, environmental, or other activist may gain access to a system in order to promote their own cause (or hinder the opposition). Hacktivism: Example For example, a hacktivist group might target an oppressive government regime with a DDoS attack to knock its systems offline, destroy a firewall that’s used to oppress the free speech of citizens, or seek to disrupt financial networks used by terrorists. These activities are a form of cybercrime and are illegal, regardless of their motivations. Data leakage: Example Data leakage is the unauthorized transmission of data from within an organization to an external destination or recipient. The term can be used to describe data that is transferred electronically or physically. Data leakage threats usually occur via the web and email, but can also occur via mobile data storage devices such as optical media, USB keys, and laptops. Data leakage: Example For example, an employee may unintentionally choose the wrong recipient when sending an email containing confidential data. Unfortunately, unintentional data leakage can still result in the same penalties and reputational damage as they do not mitigate legal responsibilities. Impersonation When we hear of “impersonation,” we think of the act of deceiving someone by pretending to be another person. In the context of social engineering and cyber security, impersonation has evolved into a dangerous form of cyberattack. Cyber criminals have been using it to gain access to networks and systems to commit fraud and identity theft and sell data to the highest bidder on the dark web. Impersonation: Example The Spoofed Domain The Fake Account The Fraudulent App Source: www.icaew.com Spyware it’s a type of malware that gathers the information from a network or system and remotely sends it to the attacker. Sometimes they deactivate the system firewall and security software. Types Of Attackers Salami Attackers Salami Attackers can make alteration in transactions Insiders so insignificant that in a single case it would go They may only be 20% of the threat, but they produce completely unnoticed. 80% of the damage. These attackers are considered to be the highest risk. Script kiddies The Social Engineer These individuals usually are only able to attack very weakly secured systems. They are the Cyber criminals pretending to be someone else can newbie's who want to try hacking. trick unsuspecting employees to compromise data. Cyber Attacks Cyber Attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems. Similarly, when a criminal is trying to hack an organization is again a kind of cyber-attack. Most Cyber Attacks come from legitimate, well-known sites including banks, established retailers, and large corporations -- rendering security useless. Cyber Attack Category Option 1 System attack Option 4 Network Option Web 2 This is a attack application sample text. attack Human Optionbased 3 / social engineering attack System Attack A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data 1 held within these systems. System Attack: Example Disconnected Victim Server Attack IP 192.169.1.24 Network Attack A network attack can be defined as any method, process, or means used to maliciously attempt to compromise network security. 2 Network Attack Types of Network Attack Active Attack Passive Attack Interruption Fabrication Release of (Masquerade) Modification (DOS) Traffic Analysis message content Replay Attacks Alterations Top Network Security Attack In 2023 MFA (