Phase 1 pdf.pdf

Full Transcript

Training & Content Partner

Microsoft CyberShikshaa 2024 Phase 1
Program Content

 Understanding Physical World
 Understanding Virtual World
 Understanding Physical World vs Virtual World
 What is Internet?
 Understanding the Need of security physical world vs virtual world.
Examples as to why virtual security is important?
 What is Information Security and Introduction to Information Security?
 With the help of a Quiz Showing them how cyber safe they are?
 Understanding the Concept and need of Cyber Security: Past- Present &
Future
 Understanding the Importance and Definition of Confidentiality,
Integrity and Availability with Examples
Program Content

 Understanding the Need of Passwords
 Strong Vs. Weak Passwords Reasons for Password Compromise
 How can a password get compromised Mass Theft & Shoulder Surfing
 Need for 2 Factor Authentication
 How to Setup 2 Factor Authentication on various applications. Facebook, WhatsApp & Gmail
 Understanding the Concept of Crime
 Cyber Crime and its types
 Cyber Crime – Legal and Technical Measures
 Cyber Crime against Individual: Phishing and Cyber stalking and harassment. Examples of how a
phishing page looks like and how to avoid it?
 Hackers and Hacking
 Types of Hackers
Physical World

Physical security involves making safe assets
you can touch, such as cars, houses, and
computers.
Physical World: Security

In layman language one of the most
straightforward approach to keep those
intent to making issues physically entering
your environment is bolt your doors.
Physical Security Cont’d

Biometric lock: Physical characteristic to recognise the user
(fingerprint).

Badges: Any type of recognizable proof expected to
separate from everybody (Photo ID).
Need of Security at Physical World

Physical World Security:

The protection served to any physical
commodity or living being in physical
existence. It includes hardware,
software, and data protection from
physical actions. These physical actions
are referred to fire, flood, natural
disasters, theft etc.

Surveillance cameras, security personnel
are there for maintaining the security.
Virtual World

Computer-based online community
environment;
To interact in a custom-built, simulated
world.

Designed and shared by individuals
Using text-based, two-dimensional or three-
dimensional graphical models, using input devices
like the keyboard, mouse and other specially
designed command and simulation gadgets.
What is Virtual Security?

Virtual World’s Security:

Virtual security involves the protection
of data and other information that is
stored remotely across the internet, or
in the cloud.
What is Virtual Security? Cont’d

Virtual World’s Security:

Virtual security Focused on keeping
unsafe information out and also on
approval and authorizations
Virtual Security (Cont'd)

Virtual World’s Security:

Antivirus Software

Strong Passwords (seven or fourteen
characters long , contain both upper
and lower care)
Need of Security at Virtual World

Virtual World’s Security:

 Losses that we can incur at virtual
world is about data security.
 The valuable asset in virtual world is
data.
 The example to it when we have our
user login digitally connected to
every place- Gmail accounts.
Securing Important data
WHY VIRTUAL SECURITY?

We worry about something when we have something that has
value and there is a risk associated with it.
Why Virtual Security? Cont’d

“Protection of your digital identity”
Virtual Security: Importance

There is rapid growth in use of social media and other digital
communications making it easier for people to hack into
technology
Why Virtual Security is Important?

 The importance of virtual world resides in words digitally growing environment and its impact on
the world. To testify the impacts level, to know the efficiency of connection established and
better communication and reach the virtual environment has gained its vitality.
 The virtual environment has taken most of the space from the active life of ours made us
connected and provides interfaces to build software and application. So, for data security and
privacy we seek the virtual security a huge importance to be considered.
Data Breach
Digital experiments/Attack Avoidance
Isolation
Threat Evaluations
Physical World Vs Virtual World

Physical World Virtual World
Physical World Vs Virtual World

S.No. Physical World Virtual World

1. The reality where we live in our houses and have The unreal world of network where we create our
inherited, purchased space to work identity and get workspace created

2. In Physical World we have one single In Virtual world –whether it is a social or gaming
identity(managed by our government) world we get to have several usernames –identity

3. Physical host machines, while purchasing a Virtual machines- where we can create number of OS
system, laptop, we get one actual OS –Windows, Linux, etc. in a virtual environment with
environment and specific physical logical storage mapped to physical storage.
storage(space).

4. Physical World is about being cautious what we Virtual world provides us experimental manner and is
do, our actions may have permanent impacts to specifically to learning and developing technology.
our lives/livelihood.
The World Used To Be …….& The World We Know Today

Physical World Scenario Virtual World Scenario
The World Used To Be …….& The World We Know Today Cont’d

Virtual World Physical World
 Schools Vs. Learning Application
 Library Vs. Online researches
 Groups Discussions with friends Vs Social media
chat rooms
 Playgrounds Vs. Play Stations
 Best friends Vs. Followers and likes hits
 Marketing Vs. Digital Marketing

www.quickheal.com
Internet

 Internet is world wide system of interconnected computer networks
 It uses the TCP/IP to link devices

www.quickheal.com
Internet

The internet is a globally connected network system
that can be used to transfer data via various types of
media. This data can be beneficial in different forms
for every individual. Every content available over the
internet is free of worth for anyone who wants to
access it.

www.quickheal.com
Who Invented Internet?

 Came into picture in 1970's
 It was the combined work of many
It is a scientists, programmers and engineers
combined who each developed new features and
effort technologies everyday that eventually
merged to become the “INTERNET” we
know today

www.quickheal.com
Do you know

The first picture ever uploaded
on the web was posted by Tim 1
Burners Lee.
The first email was sent by
2 Ray Tomlinson to himself in
1971.

First item sold on eBay 3

4 First search engine

www.quickheal.com
World Wide Web (WWW)

 WWW contains websites and webpages that can be
accessed over the Internet.

 Resources/webpages and other content is identified
by URLs that are accessible via the Internet.

 The amount of information available on internet is so
large that it is difficult to search for specific
information, through www is it easy to find.

www.quickheal.com
The Face Behind WWW

English scientist Tim Berners-Lee invented the
World Wide Web in 1989.

Tim Berners-Lee The World Wide Web ("WWW" or "The Web") is
the part of the Internet that contains websites
and webpages.

www.quickheal.com
This Is How Websites Are Accessed Over The Internet

www.quickheal.com
How Can We Access The Websites?

The websites can be accessed with the use of Internet
by anyone, anywhere. Every website contains
different kinds of contents and each user can
access/analyze the content according to his news.

www.quickheal.com
Difference Between Internet & WWW

Internet connects million of computers Internet
together so that they can communicate with FTP
each other as long as they stay connected to
Internet. World Wide Web
E-Mail
WWW is way of accessing information over the
Internet.
Telnet

www.quickheal.com
Difference Between Internet & WWW: Example

www.quickheal.com

Source: Google
SSL

An SSL Certificate comprises of your domain
name, the name of your company and other
things like your address, your city, your state
and your country. It has data files that bind
a cryptographic key to the details of an
organization. When SSL/TLS certificate is
installed on a web server, it enables a secure
connection between the web server and the
browser that connects to it.

www.quickheal.com

Source: Google
What Is HTTP and HTTPS?

Hyper Text Transfer Protocol
HTTP

Hypertext Transfer Protocol Secure
HTTPS

www.quickheal.com
HTTP and HTTPS: Example

www.quickheal.com
HTTP

HTTP is also called “a stateless system”,
which means that it enables connection on
demand. You click on a link, requesting a
connection, and your web browser sends
this request to the server, which responds
by opening the page. The quicker the
connection is, the faster the data is
presented to you.

www.quickheal.com
HTTP

HTTPS protocol is an extension of HTTP. That
“S” in the abbreviation comes from the
word Secure. The standard security
technology establishes an encrypted
connection between a web server and a
browser. Thus, the data remains confidential
which is being transferred over the network.

www.quickheal.com
HTTP VS HTTPS

HTTPS
HTTP

Unsecure Secure

TCP Port used: 80 TCP Port used: 443

No data encryption Data is encrypted before being sent

It does not require domain validation. It requires domain validation.

www.quickheal.com
Case Study

"Hacked by Lizard Squad - Official Cyber Caliphate"
read the message - overlaid on a picture of a Malaysia
Airlines A380 airplane, and accompanied by an image
of a top-hat-wearing lizard - that greeted people who
attempted to access the Malaysia Airlines website,
underneath the fake error message "404 - Plane Not
Found."

www.quickheal.com
What Is A Wi-Fi?
A wireless networking technology that allows devices
such as computers (laptops and desktops), mobile
devices (smart phones and wearable's), and other
equipment (printers and video cameras) to interface
with the Internet.

It allows these devices to exchange information with
one another, creating a network.

www.quickheal.com
Secured & Unsecured Wi-Fi
An unsecured network can be connected to within
range and without any type of security feature like a
password or login.

On the other hand, a secured network requires a user
to agree to legal terms, register an account, or type in
a password before connecting to the network.

www.quickheal.com
Dangers Of Unsecured Wi-Fi
Using an unsecured WiFi connection, an attacker can:
1. Capture your account’s user ID and passwords.
2. Log the data of online traffic accessed on your
phone or computer. In this way, they can maintain a
data of the websites you mostly visit, and plan attack
from these websites.
3. Gain access to your computer, its network and data.
4. Launch a spam or malware attack on your device.
5. Hijack the account you are logged into, and use it for
unscrupulous purpose.
6. Redirect you to a phishing webpage where you
might give away your personal information.

www.quickheal.com
Third Party Apps
Apps designed by companies and individuals other
than the provider of the Operating System.

So, if Microsoft, Google, Apple or Linux designs a
program and it is installed in your smartphone it
becomes a first party application. Any program that is
not designed by them becomes a third party
application.

www.quickheal.com
Effect Of Third Party Apps
Once we download these apps, we give them direct
authorization and access to all private information
without even thinking what the third party will do with
all our credentials.

www.quickheal.com
Follow These Precautionary Measures
Google Play Store and Windows Store are not perfect
and 100% safe but they are the most trusted and
reputable stores for app downloading.

If you are still not convinced, then always download a
third-party app after reading the reviews and check
whether the app designer has an official website.
Third-party app rating and user reviews will give you
valuable insights on the authenticity of the app.

www.quickheal.com
Follow These Precautionary Measures
If you have already downloaded a third-party app without reading
reviews then watch out for any suspicious activity on your smartphone.
Excess battery consumption, heating issues and frequent hanging issues
are the most common problems associated with downloading of third-
party apps.

If your third-party app is asking for too much permissions like access to
your contact list or messages, then it is time for you to be alert!

Always scan your smartphones with authentic security applications.

www.quickheal.com
What Do You Mean by Patches?

A patch is a small piece of software that a
company issues whenever a security flaw is
uncovered. Just like the name implies, the
patch covers the hole, keeping hackers from
further exploiting the flaw.
Why Do We Need Patches?

Here’s what patches can do:
 Address a specific bug or flaw
 Improve an OS or application’s general
stability
 Fix a security vulnerability
Patches: Case Study

Microsoft had already issued a patch only a
matter of weeks ago for the particular hole
that led to WannaCry, but many users had
either not installed it or did not have automatic
updates activated on their systems.
What Do You Mean By Updates?

An update is a software file that contains fixes
for problems found by other users or the
software developer. Installing an update fixes
the code and prevents the problems from
happening on your computer. Because updates
fix problems with a program, they are almost
always free and available through the program
or the companies website.
What Do You Mean By Upgrades?

An upgrade is a new version of or addition to a
hardware or, more often, software product
that is already installed or in use. An upgrade
may or may not be available for free or for-
charge downloading from the product maker's
site.
Difference Between Update and Upgrade

When you update a program, you’re applying new patches and changes to the existing file on your
computer.

Update

When you upgrade a program, then the existing file is being uninstalled, and a new one is being installed in
its place.

Upgrade
Introduction: Cyber Security

Cyber Security

Cybersecurity refers to a set of techniques used to
protect the integrity of networks, programs and
data from attack, damage or unauthorized access

It covers all aspects of ensuring the protection of
citizens, businesses and critical infrastructures
from threats that arise from their use of computers
and the internet.
Defining Cyber Security
Standard Definition:

“Prevention of damage to, protection of, and restoration of computers, electronic communications systems,
electronic communications services, wire communication, and electronic communication, including information
contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation”
 To Understand Better

“The term cyber security is
used to refer to the security
offered through on-line
services to protect your online
information.” With an increasing amount of
people getting connected to
Internet, the security threats
that cause massive harm are
also increasing.
Security of information
systems and networks in the
face of attacks, accidents and
failures with the goal of
protecting operations and
assets
Way Forward

What is the meaning of word
1 CYBER?

2 Why we need Cyber Security?

What are the Major Cyber
4 Security Problems in Industry?

3 Building Cyber Security Field
Meaning Of The Word Cyber

It is a combining form relating to information
technology, the Internet, and virtual reality.

Cyber is a prefix used in a growing number of
terms to describe new things that are being
made possible by the spread of computers.
Anything related to the internet also falls
under the cyber category.
Cyber Security: The Need

Cybersecurity's need is on the rise. Fundamentally,
our society is more technologically reliant than
ever before and there is no sign that this trend will
slow.

Personal data that could result in identity theft is
now being posted knowingly or unknowingly to the
public on various networking and social media
platforms.

Sensitive information like personal health
information, Aadhaar details, PAN card details ,
credit card information and other financial
information are now stored by service providers
irrespective of their geographical locations.

Therefore, such information needs to be protected
Major Cyber Security Problems in Industry

The Rising Cost Of Widely Available Tighter Regulations
Breaches Hacking Tools

2 4
1 3 5

Increasingly A Proliferation Of IoT
Sophisticated Hackers Devices
Major Domains in Cyber Security

Risk Audit &
Compliance Digital Forensics

Network Security
Application Management
Testing 02 03
01 04
05 08 Incident
Malware 06 07
Management
Analysis

Security Testing
BCP/DR
Major Domains in Cyber Security Cont’d

Database Security Dark Web Monitoring

IOT Security Cyber Security and
10 11 Blockchain
09 12
13 16
Hardware Security 14 15 Security Operation
Centre

Security Information
Cyber Threat
and Event Management
Intelligence
Major Security Domains

Proactive Services

Technical Audit
Compliance Audit

Security Management
Security Consulting
1
Red Team Audit

Active Services
2

Security Operations Centre
Real-Time Monitoring

Reactive Services

CERT as a Service
Forensics
3
Investigation
What Is Information Security?

Information security is establishing of best
procedures intended to keep private data
protected and protect data from being
exploited, release, damage, change, and
interruption from unauthorized access from
unauthorized persons.
Goals Of Information Security

Safeguard the confidentiality of The objective of Information security is to
1 information. safeguard information from being misused,
attacked, or compromised. Information
Protect the integrity of the
2 information
security can be measured by three things-

Confidentiality
Encourage the availability of
3 data for permitted users.

Integrity
Availability
Confidentiality

In the CIA Triad principle, let us go through their actual definition and example to get better understanding.

CONFIDENTIALITY
Confidentiality is the term used to prevent the disclosure of information to unauthorised individuals or systems.
Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer
screen while you have confidential data displayed on it could be a breach of confidentiality.

Example: If a laptop computer containing sensitive information about a company's employees is stolen or sold, it
could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of
confidentiality if the caller is not authorized to have the information.
Confidentiality Practical

Confidentiality is the concept of ensuring that data is not
made available or disclosed to unauthorized people.
Confidentially is achieved through Encryption.

These are the following steps through which we can perform
encryption we will be using http://aes.online-domain-
tools.com/ web tool for doing so:

Step 1: Visit website http://aes.online-domain-tools.com/
 Confidentiality Practical

Step 2: Here I am going to encrypt a personal message,
converting it into some sort of cipher text to main
confidentiality.
Confidentiality Practical

Step 3: Now we can see another box where we need
to provide the key, you can choose your own key.
 Confidentiality Practical

Step 4: Now click on the Encrypt button. After that he
cipher text has been generated for our given text
message. And the cipher text is:

00000000

dc b5 b4 42 89 a1 01 19 ec fa c5
c3 ca b9 2f 5a

Ü µ ´ B. ¡.. ì ú Å Ã
Ê ¹ / Z
Integrity
In the CIA Triad principle, let us go through their actual definition and example to get better understanding.

INTEGRITY
In information security, integrity means that data cannot be modified without authorisation. This is not the same
thing as referential integrity in databases.

Example: Integrity is violated when an employee accidentally or with malicious intent deletes important data files,
when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database,
when an unauthorised user vandalises a web site, when someone is able to cast a very large number of votes in an
online poll, and so on.
Integrity Practical

Data can be compared to a hash value to determine its integrity. Usually, data is hashed at a certain time and
the hash value is protected in some way. At a later time, the data can be hashed again and compared to the
protected value. If the hash values match, the data has not been altered.

Let us do a quick practical on hashing, to see how it maintains integrity. Suppose in this scenario we need to
generate a hash of any file to check whether the file has been tempered or not. Just follow the given steps:
Integrity Practical

These are the following steps through which we can perform
hashing we will be using www.md5online.org web tool for
doing so:

Step 1: Visit website www.md5online.com
 Integrity Practical

Step 2: Here I am going to generate a hash for
personal message.

In the given box you just provide the message to be
hashed and hit on Crypt Button.
 Integrity Practical

Step 3: Now we can see the hash has been generated
for our given text message. And the cipher text is:

027d483aff1b4158dc8453f29ed041f9
 Integrity Practical

Step 4: Now suppose some has to pass this message to
legitimate user maintaining the confidentiality of the
message, we will simply pass the hash generated in
the last step to the concerned user.
 Integrity Practical

Step 5: In the last step we will simply just put the cipher
text int decryption box to get the actual message.

That how encryption is pure implication of
confidentiality.
Availability

In the CIA Triad principle, let us go through their actual definition and example to get better understanding.

AVAILABILITY
For any information system to serve its purpose, the information must be available when it is needed. This means
that the computing systems used to store and process the information, the security controls used to protect it, and
the communication channels used to access it must be functioning correctly.

Example: If an employee wants to access to his domain in any organisation, and if he is privileged to get access to
some of the files and information then that should be available to his portal.
 Availability Practical

Availability is concerned with the service which should be
available to the authorised user at the certain point of
time.

The best example of availability we see in everyday life,
which is Multifactor or 2 Factor Authentication (2FA).

In which if any of the person has to avail to any of the
services authorised to them, they should be able to
authenticate
Successfully to by going through One Time Password or
Single sign on authentication mechanisms.

In the upcoming slides we are about to see a general
pictorial representation.
Availability Practical
The best example we can reference from daily day to day life routine example, when we setup our google account
login settings and choose login method as "Tap on mobile screen to authenticate" option we can see we get access
very easily, so the scenario looks like following You will be asked to enter your password first, and then if you will
getting a prompt on your mobile phone that "is it you?" And that's it you are successfully authenticated. "In Genral
term we can say 2FA is mechanism of authenticating by two factors first is that you already know and the other is
something you have."
Availability
The Availability can be compromises by some the given factors

Denial of Service (DoS)
Power outages
Natural disasters
Availability
Measures to mitigate threats to availability include:

Off-site backups
Disaster recovery
Redundancy
Failover
RAID
Why Only CIA is not Considered Completely secured?

For a very long time it was thought that if a security design
meets all of the components of the CIA triad, the data is
relatively secure. This way of thinking, however, has changed in
recent years for several reasons. So much has changed in the
way we store data, where we store it, how we transmit it, and
how we secure it.

So much has changed in the way we store data, where we store
it, how we transmit it, and how we secure it.
Why Only CIA Is Not Considered Secure Presently: Examples

01 The threats to information confidentiality, integrity, and availability have evolved
into a vast collection of events, including accidental damage, destruction, theft,
unintended or unauthorized modification, or other misuses from human or
nonhuman threats.

02 Consider other examples as the move to electronic health records in the
medical field, the ability to file your taxes online, cloud storage offerings
from companies like Google and Amazon, and the evolution of security
threats.

03 These are just a few examples of how our data has become
much more complex over the last few years, and the
complexity is only going to continue to increase.
https://www.youtube.com/watch?v=aZTeaL5F4_s
Parkerian Came Into Picture

Initially it was believed that CIA triad However, this approach is not entirely So to fulfil the security gaps of CIA
(confidentiality, integrity, and true because many things has changed triad, Mr. Donn B. Parker introduced a
availability) fulfil all security concerns in recent years for several reasons, for new security model with three new
of data. example the procedure of storing, security component that is recognized
retrieving, and transmitting the data as “Parkerian Hexad Model”
has been completely changed.
Parkerian Hexad Model: History

Confidentiality
In 2002, Donn B. Parker, currently a retired
information security consultant and researcher, Utility Possession
introduced an expanded version of the CIA
model the added three additional elements.
Information
The security model was later renamed to the
Security
Parkerian Hexad in honour of Mr. Parker.
Availability Integrity

Authenticity
Parkerian Hexad Model: Definition

The Parkerian Hexad is an expression of a set of components added to the CIA triad to form or more
comprehensive and complete security model.

It aims to change how information security is understood and implemented.

The six atomic elements of the Parkerian Hexad are:
Confidentiality / Possession Control
Integrity / Authenticity
Availability / Utility
Parkerian Hexad Model: Diagram
Parkerian Hexad Model

Confidentiality
When Parker introduced his refined security, he also
wanted to change the way information security is
Utility Possession
assessed and understood.

To him, the CIA model is simply too simplistic for some Information
applications. Information security has not concentrated Security
sufficiently on the role that people play in perpetuating
and defending against information-related loss. Availability Integrity

Authenticity
Need Of New Security Model

One of the limitations of the CIA model is that it focuses too much on the technology protecting information assets
and not enough on people.

He suggested that the elements be looked at in the following groupings:

Integrity and Authenticity
Confidentiality and Possession

Availability and Utility
Confidentiality (Parkerian Perspective)

Confidentiality is probably the most important element of both the CIA
model and the Parkerian Hexad. It refers to the property that
information is not made available or disclosed to unauthorized
individuals, entities, or processes.

If your data is not confidential, it is not secure.

Every organization has some form of sensitive information where only
certain people should be allowed access to it.

One current example of a breach of confidentiality is the recent attacks
on the Sony gaming and Qriocity networks.
Possession And Control

The possession/control component is one of Parker’s additions to
the CIA model. It was added to protect against the idea that
confidential data can be possessed and controlled by an
unauthorized individual or party without actually violating or
breaching confidentiality. Parker defines this component as:

““a state of having in or taking into one’s control or holding at
one’s disposal; actual physical control of property by one who
holds for himself, as distinguished from custody; something owned
or controlled”

There are ways to protect your sensitive data even if the device
that houses the data is stolen or lost. One tool that has grown in
popularity fairly recently is the encrypted file system (EFS).
Integrity (Parkerian Perspective)

Integrity is an original component of the CIA triad. It is
defined as the ability to prevent data from being changed
in an unauthorized or undesirable manner.

This definition is not limited only to unauthorized parties
or intrusions. This definition also includes people with
authorized access to information assets.

It is a known fact that employees are one of the biggest
threats to data integrity.

There are several ways to protect and ensure data
integrity such as data verification and validation checks,
performing and maintaining backups, and hashing, just to
name a few.
Authenticity

Authenticity is another one of Parker’s additions to the CIA
model. Authenticity refers to the assurance that a message,
transaction, or other exchange of information is from the
source it claims to be from. Authenticity involves proof of
identity.

The internet has enabled us all the ability to do just about
anything and everything from our homes such as filing our
taxes, performing bank transfers, check credit reports and
scores, and paying bills. Because of these abilities, and many
others, technologies were developed to give customers the
confidence in knowing that the site they are visiting is
legitimate and the communication is secure.
Availability (Parkerian Perspective)

Availability is the last component of the original CIA
model. Availability is defined as the ability to have
resources available when needed. It is one of the simpler
components to describe, but ironically, it is one of the
most difficult to safeguard.

As the old saying goes, the only way to truly achieve total
security is to unplug the server and lock it up in a volt.

The challenge for every information security professional
is to achieve the right balance of availability and security.

Depending on the level of availability needed, there are
several options available to help meet the goal of
availability
Utility

Utility simply refers to the usefulness of data. This is the
last fundamental component of the Parkerian Hexad. It
focuses on a much overlooked concept when it comes to
data.

The data may meet five of the six PH components
(confidentiality, integrity, availability, authenticity,
possession/control), but is it in a useful state? Utility is
often confused or assumed with availability but the two
are distinct.
CIA V/S Parkerian Hexad

Parker describes the CIA model as simple and easily and
quickly explained to management, information owners and
1 users, and legislative assistants that write our laws.

CIA model is simply too simple a concept to secure today’s

2 complex networks and it may leave environments
susceptible to threats that they are not prepared to handle.

Parker aimed to expand the view of security and

3 include people more into the realm of information
security.
CIA vs Parkerian Hexad: Diagram
Let us Discuss the Difference Between the Elements of both the models…..
Confidentiality vs. Possession Control

Every breach of confidentiality is a breach of possession/control. Adversely,
01 every breach of possession/control is not a breach of confidentiality.

It refers to the property that information is not made available or disclosed
to unauthorized individuals, entities, or processes as the possession/control
02 refers to protect against the idea that confidential data can be possessed and
controlled by an unauthorized individual or party without actually violating
or breaching confidentiality.

Confidentiality has not been breached but your adversary now has
03 possession and control of your information asset.
Integrity vs Authenticity

Integrity refers to being correct or consistent with the intended state of
01 information. Any unauthorized modification of data, whether deliberate or
accidental, is a breach of data integrity.

Integrity refers to protecting information from being altered, and authenticity
02 has to do with identifying the owner of the information.

Integrity is about standards and the choice to uphold them, while authenticity
03 is about one’s distinctive nature, and the full personification of it.
Availability vs Utility

Implementing redundancy, failovers, and clusters are great for ensuring
01 availability. Protecting against hardware failures and DDoS attacks is very
important to maintaining network health and functionality.

Utility focuses on the content of data. If a customer sent an email to a retail
02 company in a language that the retail company doesn’t recognize, that message
may meet the requirements of five of the six PH components except for utility.

Availability refers to an asset (or data) being present, accessible, and ready
03 for use when needed but Utility is distinguished from availability in that the
data are still present but no longer useable.
Objectives Of Information Security

Authentication Authorization Resource Protection

Confidentiality Integrity Auditing Security Activities
Need Of Information Security

1 To ensure the data security
and availability
2 To protection of the working
functionality of the
organization

4 To implement the policies of
safe operations

3 To defending assets or
technology of an organization
Information Security Principles
Objective

In this section. we will discuss about the information security principles and its application.

Major Cyber Security
Introduction to Cyber Problems in Industry
Security 01
05

Building Cyber Security
Field
04 02
Need of Cyber Security

CIA Triad Principle
03
Understanding Risk, Threat and Vulnerability

Risk is defined as the potential for loss or damage when a threat
Risk exploits a vulnerability. Examples of risk include financial losses,
loss of privacy, reputational damage, legal implications, and
even loss of life.

Threat A threat refers to a new or newly discovered incident that has
the potential to harm a system or your company overall.

A vulnerability refers to a known weakness of an asset
Vulnerability (resource) that can be exploited by one or more attackers. In
other words, it is a known issue that allows an attack to
succeed.
Threat

A person or thing likely to
cause damage or danger.
Threat: Negative Scenario

Example: A threat is what
we’re trying to protect
against which could be fire,
earthquake, oil spillage,
bomb, terrorist, hacker etc.
It is a negative scenario we
want to avoid.
 Vulnerabilities

Vulnerabilities are essentially weak points in software
code that could sneak in during an update or when
creating the base of the software code. They’re
commonly found in more complex and older software
systems than newer applications such as SaaS (software
as a service) apps, but they’re still pretty much
common.
 Some Common Vulnerability Are:

A computer vulnerability is a cybersecurity term that refers to a defect in a system that can leave it open to attack.
This vulnerability could also refer to any type of weakness present in a computer itself, in a set of procedures, or in
anything that allows information security to be exposed to a threat.

Common Security Vulnerabilities
Unrestricted upload of
1 Bugs 1 Buffer Overflow 1
dangerous file types

Cross site scripting and
22 Secure Shell (SSH) 2 Missing Authorization 2
forgery

3 Virus Infected Software's 3 Use of Broken Algorithms 3 Denial of services

Download of code without
4 Missing Data Encryption 4 URL redirection to untrusted sites 4
integrity checks

5 OS Command Injection 5 Path traversal 5 Data breach
Vulnerability

It is a weakness or gap in our
protection system which can be
exploited by threats to gain
unauthorized access to asset.

Weakness
Vulnerability

For Example: A vulnerability is a
weakness that can be exploited
in order to attack you.
Vulnerability: Examples

Employee using Social Media in
office and sharing confidential
information.
Vulnerability: Examples

Outdated anti-virus installed in
system making it vulnerable to
attack.
Vulnerability: Examples

Here security guard is not active for
access control of this critical building
making it vulnerable to
unauthorized access.
Risk

Risk is the potential for loss, damage or destruction of an asset as a result of a threat exploiting a
vulnerability

The Biggest risk a person can take is do nothing.
Relationship b/w Risk, Threat and Vulnerability

Risk threat and vulnerability along with example: -

Threats may exist, but if there are no vulnerabilities then there is no risk..
Similarly, if you can have vulnerability, but if you have no threat, then you have no risk.
Risk is the product of Vulnerability and threat.

R=VT
Relationship b/w Risk, Threat and Vulnerability

Asset Threat
Risk = Vulnerability x Threat

Vulnerability

Protective Measures

Risk
Relationship b/w Risk, Threat and Vulnerability
Risk Life Cycle

Exploits
Threat Vulnerability

Risk

Can be
Countermeasures Asset
safeguarded

Threat exploits vulnerability which leads to risk and can damage assets of the organization and it can be safeguarded
by adopting suitable countermeasures. This is also called as Risk life cycle.
Threat And Vulnerability Landscape

Attackers are constantly probing for new
weaknesses and vulnerabilities to exploit in
corporate networks, while organizations are
being forced to take new, more wide approaches
to IT systems to support trends like Bring-Your-
Own-Device and Cloud Computing. All this
means that the days of simply building a
defensive wall around your corporate IT systems
are long gone, as organizations become ever
more reliant on third parties to deliver critical
services.
Threat And Vulnerability Landscape (Cont’d)
Today, Advanced Persistent Threats (APT) and Cyber Crimes are being seen far more often in the corporate world.
New trends like “hacktivism” and "social engineering" are also rearing their heads more regularly.
Some of the highlights are main reason why the landscape is changing rapidly:

Malware is becoming self-propagating due to its behavioral changes.

Adversaries are stepping up their evasion capabilities.

IoT is becoming a significant threat vector due to vulnerability.

Ransomware are not being used for just ransom, but to destroy whole infra-system.
What Is A Password?

A password is a set of secret characters or words
utilized to gain access to a computer, web page,
network resource, or data. A password can be
something which can be memorized or can be stored
somewhere for future use of it to gain access of a
particular thing.
Why Do We Need Password?

Passwords help ensure that computers or data can
only be accessed by those who have been granted
the right to view or access them. They are like a
security checks which allows only the authorized
person to have the access. This helps to maintain the
data integrity.
Types Of Password

Passwords can be of two types only:
1. Strong Passwords
2. Weak Passwords
Types Of Password

Strong Passwords
Strong password consists of characters that are a
combination of letters, numbers and symbols (@, #,
$, %, etc.) if allowed. Passwords are typically case-
sensitive, so a strong password contains letters in
both uppercase and lowercase and helps in
protecting your data/account more efficiently.
Types Of Password

Weak Passwords
Passwords that is easy to be detected by humans as
well as by computer is known as weak passwords.
Weak passwords result in degradation of your
security measures and makes data/account more
easily vulnerable to cyber attacks.
Ways To Set A Strong Password

Ways to set a Strong Password are:
 Make your passwords very long
 Don’t use a common phrase
 Don't use birthdates or mobile number as
password.
 Don’t reuse your password
 Use Uppercase, Lowercase, Symbols & Numeric
digits.
Case Study

Any Facebook account can be hacked. All it requires
is a phone number.
Apparently, almost all Facebook accounts are
vulnerable to hacking. According to Positive
Technologies, a firm focused on cyber security,
hacking a Facebook account is relatively easy,
especially to those who have access to telecom
networks or can hack/manipulate telecom networks.
Worst Password
Password Practices

Never Tell
Anyone Your
Password

Adopt the 8 + 4
Rule Use Different
Passwords for
Different
Accounts
PASSWORD
PRACTICES

Don’t Write
Anything Avoid
Down Dictionary
Words

Adopt
Passphrases
Adopt The 8 + 4 Rule

Adopt the 8 + 4
Rule

1
Adopt the 8 + 4 Rule

This rule helps you to build passwords that are
strong as steel. Use eight characters with one
upper and one lower case, a special character
like as asterisk and a number. The more
random the better.
Never Tell Anyone Your Password

Never Tell
Anyone Your
Password

2
Never Tell Anyone Your
Password
A good policy will stress that no
one should ever tell anyone else
their password.
Use Different Passwords For Different Accounts

Use Different
Passwords for
Different
Accounts

3
Use Different Passwords for
Different Accounts
Even if there are several
accounts you hold, it’s a bad a
idea to cut a corner by using the
same password for each. Use a
different one for every account.
Avoid Dictionary Words

4
Avoid Dictionary Words
Avoid It might sound safe to go to the dictionary for a
Dictionary
Words
password, but hackers actually have programs
that search through tens of thousands of these
words. Dictionary attack programs have been
around for years.
Adopt Passphrases

I love
Pizza

5
Adopt Passphrases
Abbreviations are usually immune to
dictionary attacks. So TSWCOT for The Sun
will Come Out Tomorrow is a good choice for
a secure password. Remember to add
Adopt
Passphrases symbols and numbers.
Don’t Write Anything Down

6
Don’t Write Anything Down
Granted, committing all of all your passwords to
Don’t Write
Anything Down memory might get tricky. However, everyone
under your small business roof needs to
understand not to write anything down. A
discarded Post-It can be all a would be hacker
needs.
The Traditional Password Advice

According to the traditional advice—which is still good—a strong
password:

Has 12 Characters, Minimum: You need to choose a password
that’s long enough. There’s no minimum password length
everyone agrees on, but you should generally go for passwords
that are a minimum of 12 to 14 characters in length. A longer
password would be even better.
The Traditional Password Advice (Cont’d)

 Includes Numbers, Symbols, Capital Letters, and Lower-Case
Letters: Use a mix of different types of characters to make the
password harder to crack.

 Isn’t a Dictionary Word or Combination of Dictionary Words:
Stay away from obvious dictionary words and combinations of
dictionary words. Any word on its own is bad. Any combination
of a few words, especially if they’re obvious, is also bad. For
example, “house” is a terrible password. “Red house” is also
very bad.
The Traditional Password Advice (Cont’d)

 Doesn’t Rely on Obvious Substitutions: Don’t use common
substitutions, either — for example, “H0use” isn’t strong just
because you’ve replaced an o with a 0. That’s just obvious.

 Try to mix it up for example, “BigHouse$123” fits many of the
requirements here. It’s 12 characters and includes upper-case
letters, lower-case letters, a symbol, and some numbers.
Making Your Passwords Very Long

 Your enemy isn’t some guy in a ski mask trying to guess your
password one try at a time. It’s a program that automatically
runs through massive databases of common passwords or
random combinations of characters.

 The best answer to that is a very long string of words.

 But as many hackers use “dictionary attacks” to guess regular
words, it’s best to add some capital letters, special characters,
or numbers.
Don’t Reuse Your Password

 When your password on some web service gets hacked (and it
will), you’d better hope you didn’t use the same password on
three other services.

 Don’t use a weak password for services that “don’t matter,”
because some day you might give one of those services your
credit card info, or use it to authorize more important services,
and you won’t think to beef up your password.
Don’t Store Passwords In Your Browsers

 Those can get hacked, too. Some of Opera’s saved
passwords were partially hacked last year. Even Google
accounts are vulnerable.

 It’s a lot easier for hackers to pose as Google and request your
login than it is for them to pretend to be your chosen password
management app.

 If your Google account gets hacked, you’ll be in enough trouble
without also worrying about all your saved passwords.
Role Of A Password Manager

Password manager is a software application that is used to store
and manage the passwords that a user has for various online
accounts and security features. Password managers store the
passwords in an encrypted format and provide secure access to all
the password information with the help of a master password.
Need Of Password Management

Password management is being able to manage user passwords
from one centralized location. Managing passwords includes
enforcing password complexity, password rotation, and ensuring
users are following best practices for password security. Weak
password management in an organization is a significant security
risk because passwords play a serious role in protecting your
digital kingdom.
Case Study

63% of confirmed data breaches involve leveraging
weak, default or stolen passwords.
“Often the reason why criminals were so quick at
breaking in was that they already had the key.”
Case Study

Any Facebook account can be hacked. All it requires is
a phone number.
Apparently, almost all Facebook accounts are
vulnerable to hacking. According to Positive
Technologies, a firm focused on cyber security, hacking
a Facebook account is relatively easy, especially to
those who have access to telecom networks or can
hack/manipulate telecom networks.
Authentication

 Authentication is process of verifying identity of the
user.
 Most common technique to authenticate user is ID
and password.
Two Factor Authentication (2-FA) Cont’d

Something You know.

Something You Posses.
2 Authentication Factors

2 Authentication Factors is the extra layer of security
that not only requires username and password but a
piece of information that only the user can access.
2 Authentication Factors Cont’d

 Username and password are the credentials that
you know,

 when you enable two factor authentication it
provides a security layer where the user gets a piece
of information on the device that the user owns.
Why 2 Authentication Factors?

 User authentication

 No fraudulent logins

 Ensures secure access

 Adds extra layer of security
Threat To Passwords

 Social Engineering

 Phishing

 Shoulder Surfing
2FA For WhatsApp
2FA For WhatsApp

Step 1. Open WhatsApp

Step 2. open settings

step 3. Go to account
2FA For WhatsApp

Step 4 : Look for 2 step verification
2FA For WhatsApp

Step 5 : Tap enable

Step 6: Enter the 6 digit passcode

Step 7:Re-enter six-digit passcode.

Step 8: Optionally, add your email address on the next
screen
Step 9: Done
2FA For Facebook
2FA for Facebook Cont’d

Step 1: Log in to your Facebook account and go to Settings.
2FA for Facebook Cont’d

Step 2: Choose “Security” tab
2FA for Facebook Cont’d

Step 3: Login Approvals > Click “Edit”.
2FA for Facebook Cont’d

Step 4: Turn On 2FA (“Login Approvals”) > click
“Enable”
2FA for Facebook Cont’d

Step 5: 2FA (“Login Approvals”)
enabled > close.
2FA For Gmail

Turn on 2-Step Verification
1.Open your Google Account.
2.In the navigation panel, select Security.
3.Under “Signing in to Google,”
4.select 2-Step Verification >Get started.
5.Follow the on-screen steps.
2FA For Gmail Cont’d
Step 1 : Login to Gmail account
2FA For Gmail Cont’d
Step 2 : Click to the Account image Icon
2FA For Gmail Cont’d
Step 3 : Go to security Tab > Click for 2 Steps Verification
2FA For Gmail Cont’d
Step 4 : Click Get Started
2FA For Gmail Cont’d
Step 5 : Click Continue
2FA For Gmail Cont’d
Step 6 : TAP Yes
2FA For Gmail Cont’d
Step 7 : Enter the Mobile number
2FA For Gmail Cont’d
Step 8 : Enter the OTP sent to your mobile number
2FA For Gmail Cont’d
Step 9 : 2 FA is Turn On
2FA For Gmail Cont’d
Step 10 : 2 FA is Done
2FA For Instagram Cont’d
Step 1: log on to your Instagram
2FA For Instagram Cont’d
Step 2: log on to your Instagram
2FA For Instagram Cont’d
Step 3:
2FA For Instagram Cont’d
Step 3:
2FA For Instagram Cont’d
Step 4:
2FA For Instagram Cont’d
Step 5:
2FA For Instagram Cont’d
Step 6:
2FA For Instagram Cont’d
Step 7:
2FA For Instagram Cont’d
Step 8:
2FA for Signal

 Registration Lock : Is basically the two-factor authentication feature that requires you to enter an
additional PIN while registering Signal on a new device.
 So if you want to further enhance your security and want to enable two-factor authentication on
Signal then follow the steps below.
 In case, you forget your PIN and have no access to your old device then you will have to wait 7 days
for the Registration Lock to expire. Only after that, you will be able to log in to Signal and create a
new PIN. So to be on the safe side, write down the PIN and store it in a safe place.
 Currently, Signal does not support Authenticator apps or offer any backup codes. You need to
memorize the PIN which will act as your 2FA key.
2FA For Signal Cont’d
Step 1: Set up Two-Factor Authentication (2FA) on
Signal
 First of all, tap on your profile icon at the top-
left corner and open “Privacy“.
2FA For Signal Cont’d
Step 2:Next, scroll to the bottom and enable
“Registration Lock”. This will enable two-factor
authentication (2FA) on your Signal account. Now
whenever you will reinstall Signal, it will ask for
the PIN along with the one-time code sent to your
device.
2FA For Signal Cont’d
Step 3: In case, you don’t remember your
PIN then you can simply tap on “Change your PIN”
and create a new one. You can create at least a 4-
digit or a maximum 20-digit PIN. If you want, you
can also create an alphanumeric PIN. Make sure
you don’t forget the PIN as you will need it during
reinstallation and restoration of your profile.
2FA For Signal Cont’d
Step 4: In case, you don’t remember your
PIN then you can simply tap on “Change your PIN”
and create a new one. You can create at least a 4-
digit or a maximum 20-digit PIN. If you want, you
can also create an alphanumeric PIN. Make sure
you don’t forget the PIN as you will need it during
reinstallation and restoration of your profile.
2FA For Signal Cont’d
Step 5: Keep in mind, Signal will remind you to re-enter
the PIN from time to time so it’s etched in your memory.
If you find the prompt annoying then you can disable the
“PIN reminders” toggle. However, I would not
recommend this action if you frequently forget
passwords and PIN.
Two Factor Authentication (2-FA)
Introduction To Cyber Crime

A crime is an unlawful act punishable by a state or
other authority. In current scenario cyber crime is
increasing very fast as the technology is growing
very rapidly. So the cyber crime investigation is
becoming a very complicated task to do without a
proper framework.

A generalized definition of cyber crime may be
“Unlawful acts wherein the computer is both a tool
and target. Cyber Criminal is a person who commits
an illegal act with a guilty intention or commits a
crime in context to cyber crime”.
Cyber Crime Cont’d

Cyber Crime is the darker side of technology. The
term ‘Cyber Crime’ finds no mention either in The
Information Technology Act 2000 or in any
legislation of the Country. Cyber Crime is not
different than the traditional crime. The only
difference is that in Cyber Crime the computer
technology is involved.

In general term ‘Cyber Crime’ needs no introduction
in today’s e-world. In this world, where everything is
available at a click, crimes are also been committed
at a click. Basically we can say that it is a crime
where the computer is either a tool or a target.
Cyber Crime : When Computer Can Be A
Cyber Crime : Why Crime in Cyberspace?

Open to participation by anyone,
No boundaries for age, geographical region,
gender, profession or the purpose of use.
Anonymous nature of user on internet, give
rises to criminal activities with impunity.
Lack of awareness for protection of digital
assets.
Cyber space creates civil, criminal as well as
moral wrongs.
The laws applicable in real world cannot be
interpreted in the same way for virtual worlds
/ cyberspace.
Cyber Crime Can Broadly Be Categorized Into Following

 Cyber crime against Person

 Cyber crime against Property

 Cyber Crime against Government

 Cyber crime against Society in large
Against Person

Where the crime is committed against a person or
individual.
This includes various crimes like child
pornography, trafficking, grooming, harassment
using e-mails, cyber-stalking, posting and
distributing obscene material, cyber bullying,
identity theft.
Against Property

Likewise in the real world, the cyber world
criminals can steal and rob.
They can steal a person’s confidential bank details
and siphon off money; misuse the credit card; can
hack to an organization’s website or disrupt the
whole business management systems of the
organization. unauthorized computer trespassing
through cyberspace, computer vandalism,
transmission of harmful programs, and
unauthorized possession of computerized
information.
Against Government

Wherein the crime is committed against
Government.
Through cyber terrorism one can wreak havoc and
cause panic amongst the citizens, criminals hack
government websites, military websites.

The perpetrators can be terrorist outfits or
unfriendly governments of other nations.
Cyber Crime: The Computer As A Target

Using a computer to attack other computers.

Example: Hacking, Virus/Worm attacks, DOS attack
Cyber Crime: The Computer As A Weapon

Using a computer to commit real world crimes.

Example: Cyber Terrorism, IPR violations, Credit
card frauds, EFT frauds, Pornography etc
Cyber Law And Cyber Security

Cyber law it is also known as Internet Law. The term Cyber law describes the legal issues related to the use of
various Internet Technologies.

The major areas of cyber law include:

Fraud
Copyright
Defamation
Harassment and Stalking
Freedom of Speech
Trade Secrets
Contracts and Employment Law
Cyber Law And Cyber Security Cont’d

Cybersecurity refers to a set of techniques used to protect the integrity of an organization’s security architecture
and safeguard its data against attack, damage or unauthorized access. The three most important pillars of cyber
security:
Integrity

Sample Text Sample Text
Confidentiality
This is a sample
text. Insert your
desired text here.
Availability

Sample Text
Cyber Law: IT Act 2000 And Amendments

Reason for introducing IT Act 2000

 To facilitate ecommerce
 Legal recognition of electronic records and digital
signature
 Civil liabilities for contravention of provisions.
 Transformation from traditional paper bases system to
digitalization at government organizations
 Regulatory regime to supervise the certifying authorities
issuing digital signature certificates
Real World IT Act Example
Amendments Act 2008

 To prevent computer related / based crimes
 Ensure security practices and procedures
 Protection of personal data and information
 Implementation of security practices and procedures
 Protection of critical information infrastructure is pivotal
 Rise to new forms of crimes,
 Time to add/ amend penal provisions to tackle
Cybercrimes. (IT Act, IPC, IEA, Cr.PC).
 alternate technology of electronic signature
Financial Crimes

 These crimes are against property, where the computer is used as a  Cyber cheating
tool.
 Accounting scams
 Punishment for such crimes under IT Act is up to 3 years and/ or ₹5 lacs
as fine.  Data manipulations
 Hacking into bank servers
 Debit & Credit Cards Fraud

Sections 43, 66, 66C, 66D of IT Act and
section 420 of the IPC.
Phishing

 This crime is against property, where the computer is used as a  Personal information
tool.
 Financial information
 Punishment for such crimes under IT Act is up to 3 years and/
or ₹5 lacs as Fine.  Causes monetary loss
 disguising trustworthy entity
 Money is the main motive

Sections 43, 66, 66C of IT Act
Cyber Pornography

 These crimes are against person, where the computer is used  Pornographic websites
as a tool.
 Pornographic magazines
 Punishment for such crimes under IT Act is up to 5-10 years
and Fine.  Produce, published, print
 Pictures, videos writing
 Download , transit

Section 67 of IT Act
Pornography And Child Pornography

 These crimes are against person, where the computer is used as a  Pornographic websites
tool.
 Pornographic magazines
 Punishment for such crimes under IT Act is up to 5-10 years and
Fine.  Produce, published, print
 Pictures, videos writing
 Download , transit

Section 67A & 67B of IT Act
IPR Related Crimes

 These crimes are against property, where the computer is  Patent
used as a tool.
 Trademarks
 Punishment for such crimes under IT Act is up to 3 years
and fine.  Trade Secrets
 Software piracy
 Source code tampering
 Copyright infringement

Sections 43, 65 and 66 of IT Act
Email Spoofing

 These crimes are against person, where the computer is  Fraud , misrepresentation
used as a tool.
 Emails from unknown source
 Punishment for such crimes under IT Act is up to 3 years disguised as known source
and fine.
 To obtain trust and confidential
information.

Sections 43, 66A, 66D of IT Act
Cyber Defamation

 These crimes are against person, where the computer is  Publish
used as a tool.
 Post
 Punishment for such crimes under IT Act is up to 3 years
and fine.  Write
 Defamatory and derogatory
 False statements

Sections 43, 66D of IT Act
Cyber Stalking

 These crimes are against person, where the computer is  Following
used as a tool.
 Tracking
 Punishment for such crimes under IT Act is up to 3 years
and Fine.  Keeping watch
 Through internet.
 Malicious intention

Sections 43, 66 of IT Act
Email Bombing

 These crimes are against property, where the computer is  Type of denial of service
used as a target.
 Loose important data
 Punishment for such crimes under IT Act is up to 3 years
and Fine.  Flooding of email
 Loss of documents
 Harm to business or work

Sections 43, 66 of IT Act
Denial Of Service Attack

 These crimes are against property, where the computer is  Cause harm to work or business
used as a tool and target.
 Flooded with unwanted task
 Punishment for such crimes under IT Act is up to Life
imprisonment and fine.  Crash / system failure.

Sections 43, 66, 67F of IT Act
Cyber Terrorism

 These crimes are against Government, where the
computer is used as a tool.
 Punishment for such crimes under IT Act is up to Life
imprisonment and fine.

Sections 66F of IT Act
Virus and Worm Attack

 These crimes are against property, where the  Destroy documents
computer is used as a tool and target.  Corrupt the files
 Punishment for such crimes under IT Act is up
to 3 years and Fine.  Crash / system failure
 Designed to spread from one
computer to another.

Sections 43, 66, of IT Act
Trojan And Key Loggers

 These crimes are against property, where the computer is  Destroy documents
used as a tool and target.  Corrupt the files
 Punishment for such crimes under IT Act is up to 3 years
and Fine.  Malicious programs
 Designed to spread from one
computer to another.

Sections 43, 66, of IT Act
Web Jacking

 These crimes are against property, where the  Motive Ransom
computer is used as a tool and target.  Forcefully taking control
 Punishment for such crimes under IT Act is up
to 3 years and Fine. Of Website
 Cause harm to business or work

Sections 43, 66, 66C, 66D
and 72 of IT Act
Email Frauds

 Impersonation
 These crimes are against person, where the
 To extract money
computer is used as a tool.
 Punishment for such crimes under IT Act is up  Cheat and fraud
to 3 years and Fine.
 Nigerian scams
 Russian wife scams

Sections 43, 66A, 66D
of IT Act
Internet Threat Scenarios

The current top five cyber threats that you should be aware of.

1  Ransomware 6  Data leakage

2  Phishing 7  Impersonation

 Hacking  Spyware
3 8

 Hacktivism  Cyber terrorism
4 9

 Cyber terrorism
5  Fake / rumors on internet 9
Source: www.icaew.com
Ransomware

Ransomware is a type of malicious software
(malware) that threatens to publish or blocks
access to data or a computer system, usually by
encrypting it, until the victim pays a ransom fee
to the attacker. In many cases, the ransom
demand comes with a deadline. If the victim
doesn’t pay in time, the data is gone forever.

The age-old quote “Precaution is better than cure” becomes applicable here to keep ourselves safe in this
ever-changing digital world.
Ransomware: Week – Over –Week
Ransomware Attack: Safety Measures

Measures to stay safe from Ransomware attacks

 Security Awareness
 Backup
 OS and Software Patching
 Be aware of Phishing Attacks
 Network Segmentation
 Implementing Strict Access and Privilege Policies
 Install a Trusted & Reputed Cyber Security Solution

Source: blogs.quickheal.com
Security Awareness

Security awareness training can help users to identify
threats posed by phishing emails,
fraudulent/untrusted websites, and social-
engineering techniques. If implemented in the right
spirit, this awareness and the resultant mindful
actions can save us from the dangers of
ransomware’s impact.

Source: blogs.quickheal.com
Backup

Regular backups can help users/organizations to
restore important files and data in case of a
ransomware attack. Back up your important data
regularly and keep the data secure by either storing it
offline or keeping it disconnected from the network to
prevent them from getting affected. If your computer
gets infected, your files can be restored from the
offline backup once the malware has been removed.

Source: blogs.quickheal.com
OS and Software Patching

Ransomware can exploit software vulnerabilities to spread
laterally. Hence, it’s important to take measures to
safeguard against any vulnerabilities that might impact us.

 Keep your Operating System and other software updated
by applying the latest patches. Software updates
frequently include patches for newly discovered security
vulnerabilities that attackers could exploit.

 Do not download unverified, cracked, or pirated software,
as it can be used to install malware on your computer.

 Avoid downloading software from untrusted P2P (Peer to
Peer) or torrent sites. In most cases, they are malicious.

Source: blogs.quickheal.com
Be aware of Phishing Attacks

Do not click on any links or download attachments
from unexpected sources and the emails you receive
from unverified or unknown accounts. Most phishing
emails carry a sense of urgency. They are crafted to
trick you into taking action, like clicking on a link or
downloading an attached file.

Source: blogs.quickheal.com
Network Segmentation

Since ransomware can spread laterally in the network,
it’s crucial to limit the spread. Network segmentation
divides the network into multiple smaller networks
and helps by isolating the infected machine and
preventing ransomware from spreading to the other
systems.

Additionally, you can keep your network secure by:

 Keeping strong and unique passwords for login accounts
and network shares.
 Disabling unnecessary admin shares or providing access
permission to shared data strictly as per the
requirement & for a limited duration.

Source: blogs.quickheal.com
Implementing Strict Access and Privilege
Policies

Only the users/systems who are authenticated should get the
required level of access to the system and network. This will
help to detect and prevent ransomware spread.

The following practices can help manage the users on your
devices and their privileges: –

 Avoid browsing, opening documents, or other activities
while logged in as an administrator.
 Turn off the services that are not in use, such as Bluetooth,
file sharing, etc.
 Maintain Access Control for users by limiting their access to
their specified tasks and actions to reduce the impact of
data loss if that user gets infected.

Source: blogs.quickheal.com
Implementing Strict Access and Privilege
Policies Cont’d

 Set a strong password to user & email accounts. Strong
passwords include letters in UPPER CASE, lowercase,
numbers & special characters. However, a bad example
would be common passwords like P@ssw0rd,
Admin@123#, etc.
 Set password expiration & account lockout policies (in case
an incorrect password is entered several times).
 Don’t assign Administrator privileges to users unless
absolutely required.

Source: blogs.quickheal.com
Install a Trusted & Reputed Cyber Security
Solution

Ensure that all your devices are protected by a trusted and
reputed cybersecurity solution like Quick Heal. Ensure that
your product is updated with the latest updates at all times.

Source: blogs.quickheal.com
Phishing

Phishing is a cybercrime in which a target or targets are
contacted by email, telephone or text message by
someone posing as a legitimate institution to lure
individuals into providing sensitive data such as
personally identifiable information, banking and credit
card details, and passwords.

The information is then used to access important
accounts and can result in identity theft and financial
loss.

Source: www.wallarm.com
Phishing: Example

researchers say they have detected a
cyberespionage effort using targeted phishing
emails to try to collect vital information on the
World Health Organization's initiative for
distributing COVID-19 vaccine to developing
countries.

Read more at:
https://economictimes.indiatimes.com/news/international/world-news/phishing-ploy-targets-covid-19-
vaccine-distribution-
effort/articleshow/79550803.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=c
ppst

Source: https://www.wallarm.com/what/types-of-phishing-attacks-and-business-impact#real_life_examples_of_phishing_attacks
Phishing Attack: Statistics

 Phishing Email Attacks
 Phishing URL Attacks
Phishing Attack: Statistics
Phishing Attack: Statistics
The Opposite Side: Taking An Enemy Perspective
Most of the organizations do not recognize risk actors and their goals, therefore it’s so crucial for companies
to look at themselves across the eyes of attackers. It helps to understand the attacker’s intension and actions,
it provides a better understanding attacker’s mindset and the resources that will extremely be targeted and
the vulnerabilities that are extremely sensitive to exploit.

“Anatomy of an Phishing Attack”
Spear-Phishing Attack

Spear phishing is on the rise. Unlike regular
phishing, where attacks are usually sent as
bulk mail to full email databases, spear
phishing uses individualized details that make
it much harder to recognize.
Hacking

Hacking is an attempt to exploit a computer system or a private network inside a computer.
Simply put, it is the unauthorized access to or control over computer network security
systems for some illicit purpose.
Hacking: Example

Hackers use brute force, security exploits, social engineering, and other means to gain access to systems
without proper permission.

What they do with that access, however, can vary greatly depending on their motivations.
Ethical Hacking

What is Ethical Hacking
Why Do We Need

?
Ethical Hacking Cont’d

What is Ethical Hacking?
Answer:

 Ethical hacking, also known as the grey hat, white hat hacking type, tests a computer system or
network to assess its security and attack vulnerability.
 Ethical hacking often involves penetration testing or vulnerability scanning, and it helps
organizations to discover security vulnerabilities that hackers can exploit. These tests are usually
performed by skilled computer professionals who are not maliciously trying to break into a system
but want to help improve its defenses against real-world threats.
Ethical Hacking Cont’d

Why it is so important?
Answer:

 Ethical hacking is important to expose your systems vulnerability/weaknesses so you can fix them
before malicious hackers do or from malicious activity.
 It plays a very important role in the security of organization in any country.
 Improve security awareness at all levels in a organization or business.
 Avoid security breaches.
Ethical Hacking VS Unethical Hacking

Parameter Ethical Hacking Unethical Hacking
Intention Intend to protect your data or Intend to steal, damage or disclose your
information. Ethical hacker would strike a data or information without any
company's network for all the right permission.
reasons, such as detecting, repairing
security flaws to protect the system.

Legality Fully legal (With Approval) Entirely illegal (Without Approval)
Punishment No punishment punishable with Fine
Nature of Work They tend to be part of a team or They often work alone due to the risks
organization to reduce the possibility of involved but sometimes may work in
rogue elements. groups as well.

Status Good Bad
Types Of Attackers

Hackers

White Hat Hacker Black Hat Hacker Gray Hat Hacker Hacktivist
White Hat Hacker

White hat hackers are types of hackers who’re
professionals with expertise in cybersecurity. They are
authorized or certified to hack the systems. These White
Hat Hackers work for governments or organizations by
getting into the system. They hack the system from the
loopholes in the cybersecurity of the organization. This
hacking is done to test the level of cybersecurity in their
organization. By doing so, they identify the weak points
and fix them to avoid attacks from external sources.
White hat hackers work as per the rules and regulations
set by the government. White hat hackers are also
known as ethical hackers.
White Hat Hacker: Motives & Aims

The goals of these types of hackers are helping
businesses and an appetite for detecting gaps in
networks’ security. They aim to protect and assist
companies in the ongoing battle against cyber threats. A
White Hat hacker is any individual who will help protect
the company from raising cyber crimes. They help
enterprises create defences, detect vulnerabilities, and
solve them before other cybercriminals can find them.
Black Hat Hacker

Black hat hackers are also knowledgeable computer
experts but with the wrong intention. They attack
other systems to get access to systems where they do
not have authorized entry. On gaining entry they
might steal the data or destroy the system. The
hacking practices used by these types of hackers
depend on the individual’s hacking capacity and
knowledge. As the intentions of the hacker make the
hacker a criminal. The malicious action intent of the
individual cannot be gauged either can the extent of
the breach while hacking
Black Hat Hacker: Motives & Aims

To hack into organizations’ networks and
steal bank data, funds or sensitive
information. Normally, they use the stolen
resources to profit themselves, sell them on
the black market or harass their target
company.
Gray Hat Hacker

The intention behind the hacking is considered
while categorizing the hacker. The Gray hat hacker
falls in between the black hat hackers and white
hat hackers. They are not certified, hackers. These
types of hackers work with either good or bad
intentions. The hacking might be for their gain.
The intention behind hacking decides the type of
hacker. If the intention is for personal gain then
the hacker is considered to be a gray hat hacker.

Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers
Gray Hat Hacker: Motives & Aims

The difference is, they don’t want to rob people
nor want to help people in particular. Rather,
they enjoy experimenting with systems to find
loopholes, crack defenses, and generally find a
fun hacking experience.

Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers
Hacktivist

These types of hackers intend to hack
government websites. They pose themselves
as activists, so known as a hacktivist. Hacktivist
can be an individual or a bunch of nameless
hackers whose intent is to gain access to
government websites and networks. The data
gained from government files accessed are
used for personal political or social gain.

Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers
White, Gray And Black Hat Comparison

Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers/#White-Hat-Hackers
Hacktivism

Hacktivism, a combination of the words “hacker” and “activism”, is a form of hacking that usually
isn’t motivated by monetary gain.

In these cases, a religious, environmental, or other activist may gain access to a system in order to
promote their own cause (or hinder the opposition).
Hacktivism: Example

For example, a hacktivist group might target an oppressive government regime with a DDoS
attack to knock its systems offline, destroy a firewall that’s used to oppress the free speech of
citizens, or seek to disrupt financial networks used by terrorists.

These activities are a form of cybercrime and are illegal, regardless of their motivations.
Data leakage: Example

Data leakage is the unauthorized transmission of data from within an organization to an external
destination or recipient. The term can be used to describe data that is transferred electronically or
physically. Data leakage threats usually occur via the web and email, but can also occur via mobile
data storage devices such as optical media, USB keys, and laptops.
Data leakage: Example

For example, an employee may unintentionally choose the wrong recipient when
sending an email containing confidential data. Unfortunately, unintentional data leakage
can still result in the same penalties and reputational damage as they do not mitigate
legal responsibilities.
Impersonation

When we hear of “impersonation,” we think of the act of deceiving someone by pretending to
be another person. In the context of social engineering and cyber security, impersonation has
evolved into a dangerous form of cyberattack. Cyber criminals have been using it to gain
access to networks and systems to commit fraud and identity theft and sell data to the highest
bidder on the dark web.
Impersonation: Example

 The Spoofed Domain
 The Fake Account
 The Fraudulent App

Source: www.icaew.com
Spyware

it’s a type of malware that gathers the information from a network or system and remotely sends it
to the attacker. Sometimes they deactivate the system firewall and security software.
Types Of Attackers

Salami Attackers
Salami Attackers can make alteration in transactions Insiders
so insignificant that in a single case it would go They may only be 20% of the threat, but they produce
completely unnoticed. 80% of the damage. These attackers are considered
to be the highest risk.

Script kiddies The Social Engineer
These individuals usually are only able to attack
very weakly secured systems. They are the Cyber criminals pretending to be someone else can
newbie's who want to try hacking. trick unsuspecting employees to compromise data.
Cyber Attacks

Cyber Attack is any type of offensive action that targets
computer information systems, infrastructures,
computer networks or personal computer devices,
using various methods to steal, alter or destroy data or
information systems. Similarly, when a criminal is trying
to hack an organization is again a kind of cyber-attack.

Most Cyber Attacks come from legitimate, well-known
sites including banks, established retailers, and large
corporations -- rendering security useless.
Cyber Attack Category

Option 1
System
attack

Option 4
Network Option
Web 2
This is a
attack application
sample text.
attack

Human
Optionbased
3 /
social engineering
attack
System Attack

A cyber attack is any attempt to gain
unauthorized access to a computer,
computing system or computer network
with the intent to cause damage. Cyber
attacks aim to disable, disrupt, destroy or
control computer systems or to alter,
block, delete, manipulate or steal the data
1 held within these systems.
System Attack: Example

Disconnected
Victim Server

Attack
IP 192.169.1.24
Network Attack

A network attack can be defined
as any method, process, or means
used to maliciously attempt to
compromise network security.

2
Network Attack
Types of Network Attack

Active Attack Passive Attack

Interruption Fabrication Release of
(Masquerade) Modification (DOS) Traffic Analysis
message content

Replay
Attacks Alterations
Top Network Security Attack In 2023

 MFA (