Revision part I.pdf

Full Transcript

CYBER SECURITY
(FOUNDATION PROGRAMME)
REVISION BEFORE MID
TERMS TO BE FAMILIAR WITH
Cybersecurity:
The practice of protecting computer systems, networks, and data from theft,
damage, or unauthorized access.

Vulnerability:
A weakness in a system's design, implementation, or security controls that
could be exploited to compromise its security.

Threat:
A potential danger that could exploit a vulnerability, leading to harm or
damage to a system or its data.

Attack:
An intentional action aimed at exploiting vulnerabilities to compromise the
security of a system, network, or application.

Countermeasure
Action you take to protect your information against threats and
vulnerabilities.
TERMS TO BE FAMILIAR WITH
Malware:
Short for "malicious software," malware is software specifically designed to harm, disrupt, or
gain unauthorized access to computer systems.

Phishing:
A type of cyber attack where attackers impersonate a trusted entity to deceive individuals into
revealing sensitive information or performing actions.

Firewall:
A network security device that monitors and controls incoming and outgoing network traffic,
based on predefined security rules.

Encryption:
The process of converting data into a coded form (cipher) to prevent unauthorized access
during transmission or storage.

Authentication:
The process of verifying the identity of a user, device, or system to grant access to resources or
data.

Authorization:
The process of determining what actions or resources a verified user, device, or system is
permitted to access.
TERMS TO BE FAMILIAR WITH
Patch:
A piece of software code designed to fix vulnerabilities or bugs in a program or operating
system.

Digital Certificate:
An electronic document used to verify the identity of individuals, systems, or
organizations online and facilitate secure communication

Two-Factor Authentication (2FA):
A security process that requires users to provide two different authentication factors
(e.g., password and SMS code) to access a system.

Data Breach:
Unauthorized access, acquisition, or exposure of sensitive data, which can result in
potential harm or compromise

Social Engineering:
Manipulating individuals into revealing sensitive information or performing actions
that compromise security.
Interactions everyday using technology
Email
Mobile devices
Website
Social media
Ecommerce systems
Online banking
BYOD and office policy
Network management
Backup and remote
access
Cybersecurity Objectives
CIA TRIAD
 Example:
Confidentiality Criminal steals
customers’ usernames,
passwords, or credit
card information

Protecting
information from
unauthorized
access and
disclosure
 Integrity

Protecting
information
from
unauthorized
modification

Example:
Someone alters payroll
information or a proposed
product design
 Example:
Availability Your customers
are unable to
access your
online services

Preventing
disruption in
how
information is
accessed
 Cybersecurity
Threats
Phishing Attacks
Ransomware
Hacking
Imposter Scams
Environmental events
 Phishing Attacks
Social engineering Example:
attack involving trickery An email about a delayed
Designed to gain access shipment causes you to
to systems or steal data click a link and download
malware to your network.
Targeted phishing is
“spear phishing”
Variants include
“vishing” – attacks by
telephone and
“smishing” those using
SMS or text
 Ransomware
Example:
Type of software with
malicious intent and a WannaCry was one of the
threat to harm your data most devastating ransomware
attacks in history, affecting
The author or distributor
several hundred thousand
requires a ransom to undo machines and crippling banks,
the damage law enforcement agencies, and
No guarantee the ransom other infrastructure.
payment will work
Ransom often needs to be
paid in cryptocurrency
 Hacking
Unauthorized access
to systems and Example:
Newspaper kiosk’s point-of-
information sale system was hacked;
Website attack such malware installed. Every
customer’s credit card
as DDOS information was sent to
criminals.
Access denied to
authorized users
Stolen funds or
intellectual property
 Imposter Scams
Someone “official” calls
or emails to report a
Example:
crisis situation
IRS scams – You receive a
They represent the IRS, phone call claiming to be
a bank, the lottery or the IRS, reporting you owe
technical support money and need to pay or
else get hit with a fine.
There will be a sense of
urgency and a dire
penalty or loss if you
don’t act
 Environmental Threats
Natural threats such as Example:
fire, earthquake, flood Ellicott City flooding wiped
can cause harm to out businesses and their
computers or disrupt computers
business access
Recovery efforts attract
scams such as financial
fraud
Downtime can lose
customers, clients who
can’t wait
 Vulnerabilities and
Item Threats Potential Attacks Countermeasures
Weaknesses
Unauthorized access
Weak passwords, Brute-force attacks,
Account Strong password policies, password managers,
Password password reuse, dictionary attacks,
compromise multi-factor authentication, user education
lack of complexity credential stuffing
Data theft

Unsecured Wi-Fi Eavesdropping,
connections, Data interception malware Use secure Wi-Fi networks, keep OS up to date,
Mobile Phone outdated operating Data leakage installation, app store security reviews, install antivirus
systems, Unauthorized access unauthorized app software
malicious apps access
Social Media Weak account
Account takeover,
passwords, Account hijacking Strong password policies, two-factor
impersonation,
oversharing of Identity theft authentication, careful sharing of personal info
phishing
personal info

Unsecured Wi-Fi Eavesdropping,
Data interception Use secure Wi-Fi networks (WPA2/WPA3), VPN for
Wi-Fi networks, man-in-the-middle
Unauthorized access public Wi-Fi, strong encryption protocols
weak encryption attacks
Lack of end-to-end Message
encryption, Eavesdropping interception, Use encrypted messaging apps, verify contacts'
Instant Messaging
unauthorized Unauthorized access phishing, social identities, be cautious of clicking links
contacts engineering
Unsecured webcam Remote access,
devices, malware infection, Cover or disconnect the webcam when not in use,
Unauthorized
Webcam lack of awareness spying use strong passwords, keep software up to date
surveillance
Phone Camera Unauthorized Spyware Review app permissions, keep phone updated,
Privacy invasion
camera access, installation, use privacy settings
malware camera hijacking

Spear phishing,
Phishing, weak Unauthorized access Email filtering, multi-factor authentication,
Email email spoofing,
email passwords Data theft user training on identifying phishing
malware
SQL injection, Regular security audits, input validation, web
Data theft
Injection attacks, Cross-Site Scripting
Website Unauthorized access
outdated software (XSS) application firewalls
Defacement
DDoS attacks
 Credential stuffing
A type of cyber attack where attackers use
previously stolen usernames and passwords
(credentials) to gain unauthorized access to user
accounts on various online platforms.
This attack exploits the common practice of
people reusing the same passwords across
multiple websites and services.
Since many individuals use the same credentials
on different sites, attackers can use stolen
username and password combinations from one
breach to attempt to access other accounts.
 How credential stuffing works:

Collection of Credentials: Attackers gather large sets of usernames and passwords from
previous data breaches or leaks. These credentials are typically available for sale on the
dark web or can be obtained through various hacking methods.
Automated Login Attempts: Using automated scripts or software, attackers systematically
input these stolen username and password combinations into the login pages of different
websites and services.
Targeted Platforms: Attackers often target popular websites, services, or applications,
hoping that many users have reused their credentials across multiple sites.
Successful Logins: When users have reused their passwords, attackers are able to
successfully log in to their accounts using the stolen credentials. This can result in account
takeovers, unauthorized access to sensitive data, or even financial fraud.
Impact: Credential stuffing attacks can lead to compromised accounts, unauthorized
access to personal information, identity theft, and fraudulent activities. They can also
cause reputational damage to the affected organizations.
 Countermeasures against credential
stuffing include:
Strong and Unique Passwords: Encourage users to create strong and unique
passwords for each account to prevent reuse.

Multi-Factor Authentication (MFA): Implement MFA, which adds an extra layer of
security by requiring a second form of verification beyond just the password.

Account Lockouts and Rate Limiting: Implement mechanisms that temporarily lock
accounts or impose rate limits on login attempts to prevent automated attacks.

Regular Monitoring: Organizations should monitor login patterns and look for
unusual or suspicious activities that might indicate a credential stuffing attack.

Educate Users: Raise awareness among users about the dangers of password reuse
and the importance of using strong, unique passwords for each account.
Global and local cyber security
News and updates
 CIA Component Threats Countermeasures
Confidentiality Unauthorized Access - Strong Authentication (2FA, biometrics) - Access controls (RBAC) - Encryption (data at rest and in transit)

Data Leakage - Data Loss Prevention (DLP) - Data classification and labeling - Network segmentation

Phishing and Social Engineering - Security awareness training - Email filtering and authentication - Multi-factor authentication

Insider Threats - User access monitoring - Segregation of duties - Privileged access management

Data Interception - Encrypted communication (VPN, HTTPS) - Network segmentation - Intrusion detection systems (IDS)

- Account lockouts
Brute Force Attacks - CAPTCHAs and rate limiting
- Strong password policies
- Mobile device encryption
Unsecured Mobile Devices - Remote wipe capabilities
- App whitelisting
- Cryptographic hashing (digital signatures)
Integrity Data Tampering - Version control
- Secure coding practices
- Change management processes
Unauthorized Modification - Data validation and input filtering
- Secure APIs
- Regular system scanning and antivirus software
Malware and Ransomware
- Data integrity checks and monitoring
- Code reviews and secure coding practices
Software Bugs
- Regular vulnerability assessments
- Checksums and error detection
Data Corruption During Transfer
- Reliable data transfer protocols (TCP)
- User behavior monitoring and auditing
Insider Threats
- Strict access controls and least privilege
- Strong encryption (TLS/SSL)
Man-in-the-Middle Attacks
- Digital certificates and public key infrastructure
- DDoS protection services
Availability Denial of Service (DoS) - Load balancing and failover mechanisms
- Traffic filtering
- Offsite backups and disaster recovery plans
Natural Disasters
- Redundant data centers and cloud services

- Redundant hardware and failover systems
Hardware/Software Failures
- Regular system monitoring and maintenance

- Network optimization and traffic management
Insufficient Network Bandwidth
- Scalable infrastructure
- Monitoring and authentication of users
Insider Threats
- Employee training and awareness
- Uninterruptible power supply (UPS)
Power Outages
- Backup power generators
 NETWORKING & COMMUNICATION
What is a network?
What is communication?
What is the eco system of network and communication?
Define the term protocol?
Differentiate the terms LAN, WAN, PAN, MAN
Why these devices are used in a network? HUB,ROUTER,SWITCH
What are the protocols used in the following applications
– Web browsing
– Sending and receiving email
– Remote access
– Streaming
– File sharing
– Sending packets from one machine to another?
– Preparing and organizing the packet to be sent to other device
Explain how the INTERNET works