SlideShare a Scribd company logo

Introduction to cyber security

Download as PPTX, PDF
G
Geevarghese Titus

The document provides an overview of cyber security and vulnerability scanning. It discusses the history of cyber security including early computer worms like Creeper and Reaper. The CIA triad of confidentiality, integrity and availability is introduced as a model for security policies. Types of attacks and how cyber security is implemented are covered. Vulnerability scanners are defined as tools that assess vulnerabilities across systems and networks. Their benefits, limitations, architecture and types including network-based and host-based are outlined.

Education
1 of 33
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Cyber Security An Introduction
History • 1970’s, Robert Thomas, a researcher for BBN Technologies in Cambridge, Massachusetts, created the first computer “worm”. It was called The Creeper. • It infected computers by hopping from system to system with the message “I’M THE CREEPER: CATCH ME IF YOU CAN.” • Ray Tomlinson, the inventor of email, created a replicating program called The Reaper, the first antivirus software, which would chase Creeper and delete it. • In 1988, Robert Morris wrote a program Morris worm that went through networks, invaded Unix terminals, and copied itself. • The Morris worm was so aggressive that it slowed down computers to the point of being unusable. He subsequently became the first person to be convicted under Computer Fraud and Abuse Act.
What is Cyber Security Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.
Why is cybersecurity important? • With each passing year, the sheer volume of threats is increasing rapidly. • According to the report by McAfee, cybercrime now stands at over $400 billion, while it was $250 billion two years ago. • Cyber attacks can be extremely expensive for businesses to endure. • In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage. • Cyber-attacks these days are becoming progressively destructive. • Cybercriminals are using more sophisticated ways to initiate cyber attacks. • Regulations such as General Data Protection Regulation (GDPR) are forcing organizations into taking better care of the personal data they hold.
The CIA Triad • Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide companies and organizations to form their security policies.
Confidentiality • Confidentiality is about preventing the disclosure of data to unauthorized parties. • It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous. • Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle(MITM) attacks, disclosing sensitive data. • Standard measures to establish confidentiality include: • Data encryption • Two-factor authentication • Biometric verification • Security tokens
Integrity • Integrity refers to protecting information from being modified by unauthorized parties. • It is a requirement that information and programs are changed only in a specified and authorized manner. • Challenges that could endanger integrity include turning a machine into a “zombie computer”, embedding malware into web pages. • Standard measures to guarantee integrity include: • Cryptographic checksums • Using file permissions • Uninterrupted power supplies • Data backups
Availability • Availability is making sure that authorized parties are able to access the information when needed. • Data only has value if the right people can access it at the right time. • Information unavailability can occur due to security incidents such as DDoS attacks, hardware failures, programming errors, human errors. • Standard measures to guarantee availability include: • Backing up data to external drives • Implementing firewalls • Having backup power supplies • Data redundancy
Types of attacks
Attacks on CIA
How is Cybersecurity implemented?
Contd..
Classification of Security Hackers Black Hat Hackers’ objective: • To steal valuable information from another user • To steal money through transactions and accounts • To get access to free music and videos • Downloading free hacking software which is considered an illegal activity • To steal valuable information from military/navy organizations • To access restricted networking spaces White Hat Hackers’ objective: • To improve the security framework in a system • Developing high security programming language like Linux • Developing most of the security software for organizations • Checking and updating security softwares • Developing programs like pop up blocker, firewall and ad blocker
Vulnerability Scanner A vulnerability scanner can assess a variety of vulnerabilities across information systems like computers, network systems, operating systems, and software applications, that may be: 1. Vendor-originated: this includes software bugs, missing operating system patches, vulnerable services, insecure default configurations, and web application vulnerabilities. 2. System administration-originated: this includes incorrect or unauthorised system configuration changes, lack of password protection policies, and so on. 3. User-originated: this includes sharing directories to unauthorised parties, failure to run virus scanning software, and malicious activities, such as deliberately introducing system backdoors activities
Benefits of Vulnerability Scanners • Early detection and handling of known security problems • Identify security vulnerabilities that may be present in the network, from both the internal and external perspective. • Identification of new device or even a new system that may be connected to the network without authorisation • The scanner can help identify rogue machines, which might endanger overall system and network security. • Verify the inventory of all devices on the network. • Inventory includes the device type, operating system version and patch level, hardware configurations and other relevant system information. This information is useful in security management and tracking.
Limitations of Vulnerability Scanners • Snapshot only: a vulnerability scanner can only assess a "snapshot of time" in terms of a system or network's security status. • Scanning needs to be conducted regularly, as new vulnerabilities can emerge, or system configuration changes can introduce new security holes. • Human judgement is needed: Vulnerability scanners can only report vulnerabilities according to the plug-ins installed in the scan database. • They cannot determine whether the response is a false negative or a false positive. Human judgement is always needed in analysing the data after the scanning process. • Others: a vulnerability scanner is designed to discover known vulnerabilities only. • It cannot identify other security threats, such as those related to physical, operational or procedural issues.
Architecture of Vulnerability Scanners • Scan Engine executes security checks according to its installed plug-ins, identifying system information and vulnerabilities. • It can scan more than one host at a time and compares the results against known vulnerabilities. • Scan Database stores vulnerability information, scan results, and other data used by scanner. • Number of available plug-ins, and the updating frequency of plug-ins will vary depending on vendor. Scanners with an "auto-update" feature • Each plug-in might contain not only the test case itself, but also a vulnerability description, a Common Vulnerabilities and Exposures (CVE) identifier; and even fixing instructions for a detected vulnerability.
Architecture of Vulnerability Scanners (Contd..) • Report Module provides different levels of reports on the scan results, • Such as detailed technical reports with suggested remedies for system administrators, • Summary reports for security managers, • High-level graph and trend reports for executives. • User Interface allows the administrator to operate the scanner. • It may be either a Graphical User Interface (GUI), or just a command line interface. For enterprise networks : Use Distributed Network Scanners with more complex architecture, capable of assessing vulnerabilities across multiple or geographically dispersed networks . Composed • Remote scanning agents, • Plug-in update mechanism for those agents, • Centralised management point.
Types of Vulnerability Scanner • NETWORK-BASED SCANNERS • Usually installed on a single machine that scans a number of other hosts on the network. • It helps detect critical vulnerabilities such as mis-configured firewalls, vulnerable web servers, risks associated with vendor-supplied software, and risks associated with network and systems administration. • Different types of network-based scanners include: 1. Port Scanners that determine the list of open network ports in remote systems; 2. Web Server Scanners that assess the possible vulnerabilities (e.g. potentially dangerous files) in remote web servers; 3. Web Application Scanners that assess the security aspects of web applications (such as cross site scripting and SQL injection) running on web servers. Cross-site Scripting (XSS) is a client-side code injection attack. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. SQL injection is a code injection technique that might destroy your database and is one of the most common web hacking techniques.
Types of Vulnerability Scanner (Contd..) • HOST-BASED SCANNERS • Scanner is installed in the host to be scanned, • Has direct access to low-level data, such as specific services and configuration details of the host's operating system. • Provide insight into risky user activities such as using easily guessed passwords or even no password. • Detect signs that an attacker has already compromised a system, including looking for suspicious file names, unexpected new system files or device files, and unexpected privileged programs. • Perform baseline (or file system) checks not done by Network-based scanners as they do not have direct access to the file system on the target host. • Database scanner is an example of a host-based vulnerability scanner. • It performs detailed security analysis of the authorisation, authentication, and integrity of database systems, and can identify any potential security exposures in database systems, ranging from weak passwords and security mis-configurations to Trojan horses.
Open Port Service Identification: Introduction • A port scanner is an application designed to probe a server or host for open ports. • Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities. • A port scan is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port. • Basically port scan are not attacks, but rather simple probes to determine services available on a remote machine. • Portsweep is to scan multiple hosts for a specific listening port. • For example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.
Categories Result of a scan on a port is usually generalized into one of three categories: • Open or Accepted: The host sent a reply indicating that a service is listening on the port. • Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port. • Filtered, Dropped or Blocked: There was no reply from the host. • Two vulnerabilities of which administrators must be cautioned: • Security and stability concerns associated with the program responsible for delivering the service- Open ports. • Security and stability concerns associated with the operating system that is running on the host- Open or Closed ports. • Filtered ports do not present any vulnerabilities.
Types • TCP scanning • Use the operating system's network functions and are generally the next option to go to when SYN is not a feasible option • If a port is open, • the operating system completes the TCP three-way handshake, • The scanner immediately closes the connection to avoid performing a Denial-of-service attack. • Otherwise an error code is returned. • Advantage of the mode • No special privileges required for user does not require. • Disadvantage of the mode • Since mode prevents low-level control, so this scan type is less common. • Method is "noisy", particularly if it is a "portsweep“. • The services can log the sender IP address and Intrusion detection systems can raise an alarm.
Types (Contd..) • SYN scanning • Another form of TCP scanning. • Port scanner generates raw IP packets itself, and monitors for responses instead of running OS based network functions. • Also known as "half-open scanning", because it never actually opens a full TCP connection. • The port scanner generates a SYN packet. • If the target port is open, it will respond with a SYN-ACK packet. • The scanner host responds with an RST packet, closing the connection before the handshake is completed. • If the port is closed but unfiltered, the target will instantly respond with an RST packet. • Advantages, • Scanner has full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses.
Types (Contd..) • UDP scanning • There are technical challenges as UDP is a connectionless protocol , hence no equivalent to a TCP SYN packet. • If a UDP packet is sent to a port that is not open, • System will respond with an ICMP port unreachable message. • Hence, use the absence of a response to infer that a port is open. • However, if a port is blocked by a firewall, this method will falsely report that the port is open. • If the port unreachable message is blocked, all ports will appear open. • Method is also affected by ICMP rate limiting. • Other scanning Method but rarely used are • ACK scanning • Window scanning • FIN scanning
Examples • For example a scanner could connect to using nmap application to • port 1 - to see if tcpmux is running. • Specification describes a multiplexing service that may be accessed with a network protocol to contact any one of a number of available TCP services of a host on a single, well-known port number • port 7 - to see if echo is running. • Display of data • port 22 - to see if openssh is available. • OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers. • port 25 - to see if smtp is available. • Set of communication guidelines that allow software to transmit an electronic mail over the internet i
Version Check • Footprinting is the technique to collect as much information as possible about the targeted network/victim/system. • It helps hackers in various ways to intrude on an organization's system. • Use nmap to discover the web server version, Operating System Version check the servers to make sure that their ports are operating properly, ping network segments. • Some commands for version check include • -sV (Version detection) • -allports (Don't exclude any ports from version detection) • -version-intensity <intensity> (Set version scan intensity) • -version-all (Try every single probe) • - version-trace (Trace version scan activity)
TRAFFIC PROBE • High-Speed Traffic Processing • LAN and MAN has evolved to support speeds from 1 Mb/s to 100 Gb/s. • The total amount of data created or replicated on the planet in 2010 was over 1 zettabyte (143 GB for each of the 7 billion people on the planet. • This volume of information requires high-speed links between server farms, cloud storage, and end users to make sure that it can be processed in a timely and reliable fashion. • It will not be possible to analyse such huge traffic volumes in the coming 100 GbE network installations with the current generation of network measurement tools • FPGA cards (intel 82599, Myri-10G Lanai Z8ES) are still used in applications which perform in-depth analysis, patter matching, and low latency operations in 40/100 Gb/s networks
TRAFFIC PROBE (Contd..) • Network Traffic Measurement • Full packet traces. • Flow statistics provide information from Internet Protocol (IP). • Volume statistics are provided by most network appliances for network management. • Network Intrusion Detection • Signature-based approach inspects the evaluated content. • Anomaly-based detection. • Stateful protocol analysis.
Vulnerability Probe: HTML injection check • Some security bugs can’t be identified without sending a payload that exploits a suspected vulnerability. • Vulnerability probe for a web application. Imagine a web app that has a search box for users to find text within its pages. HTML EXAMPLE :- • <div id="search"><span class="results">Results for '<xss>'...</span> Example of Cross Site Scripting (XSS) To do with caution <script>alert (1)</script>
Vulnerability Probe: Buffer Overflow • A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory (a buffer), than the buffer is allocated to hold. • By sending carefully crafted input to an application, an attacker can cause the application to execute arbitrary code, possibly taking over the machine
Vulnerability Probe: Buffer Overflow • Minimalist vulnerable program #include <string.h> int main(int argc, char *argv[]) { char buffer[512]; if (argc > 1) strcpy(buffer,argv[1]); } • Compile the program with the following command : • $ gcc -o vulnerable main.c
References 1. What is Cybersecurity? – A Beginner’s Guide to Cybersecurity World available at https://www.edureka.co/blog/what-is- cybersecurity/ 2. Cybersecurity Fundamentals – Introduction to Cybersecurity available at https://www.edureka.co/blog/cybersecurity- fundamentals-introduction-to-cybersecurity/ 3. An Overview Of Vulnerability Scanners available at https://www.infosec.gov.hk/english/technical/files/

More Related Content

PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
PPTX
Network Security ppt
SAIKAT BISWAS
 
PPTX
Introduction to cyber security amos
Amos Oyoo
 
PPTX
Cybercrime and Security
Noushad Hasan
 
PDF
Cyber security
Bhavin Shah
 
PPTX
Ppt growing need of cyber security
yatendrakumar47
 
PPTX
Cyber Security Presentation "It Will Never Happen To Me"
Simon Salter
 
PPT
Computer Malware
aztechtchr
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Network Security ppt
SAIKAT BISWAS
 
Introduction to cyber security amos
Amos Oyoo
 
Cybercrime and Security
Noushad Hasan
 
Cyber security
Bhavin Shah
 
Ppt growing need of cyber security
yatendrakumar47
 
Cyber Security Presentation "It Will Never Happen To Me"
Simon Salter
 
Computer Malware
aztechtchr
 

What's hot (20)

PPTX
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
PPTX
Hyphenet Security Awareness Training
Jen Ruhman
 
PPTX
Cybersecurity 2 cyber attacks
sommerville-videos
 
PPTX
Cyber security system presentation
A.S. Sabuj
 
PPT
Physical Security.ppt
maritesalcantara5
 
PPTX
Social engineering presentation
pooja_doshi
 
PPT
Building An Information Security Awareness Program
Bill Gardner
 
PPTX
Hacking
pranav patade
 
PPTX
WTF is Penetration Testing v.2
Scott Sutherland
 
PPTX
Vulnerability Assessment
primeteacher32
 
PDF
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
Edureka!
 
PPTX
Security risk management
Prachi Gulihar
 
PPTX
1 understanding cyber threats
mohamad Hamizi
 
PDF
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
PDF
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
PDF
introduction to cyber security
Slamet Ar Rokhim
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PPTX
Introduction to Cybersecurity
Adri Jovin
 
PPTX
Cyber security
Dr. Kishor Nikam
 
PPTX
Cyber security
Harsh verma
 
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Hyphenet Security Awareness Training
Jen Ruhman
 
Cybersecurity 2 cyber attacks
sommerville-videos
 
Cyber security system presentation
A.S. Sabuj
 
Physical Security.ppt
maritesalcantara5
 
Social engineering presentation
pooja_doshi
 
Building An Information Security Awareness Program
Bill Gardner
 
Hacking
pranav patade
 
WTF is Penetration Testing v.2
Scott Sutherland
 
Vulnerability Assessment
primeteacher32
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
Edureka!
 
Security risk management
Prachi Gulihar
 
1 understanding cyber threats
mohamad Hamizi
 
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
introduction to cyber security
Slamet Ar Rokhim
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Introduction to Cybersecurity
Adri Jovin
 
Cyber security
Dr. Kishor Nikam
 
Cyber security
Harsh verma
 
Ad

Similar to Introduction to cyber security (20)

PDF
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 
PDF
5 howtomitigate
richarddxd
 
PPTX
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
PPTX
Web hacking 1.0
Q Fadlan
 
PPTX
What is a Port Scan in data visualization
Komal Khanna
 
DOCX
Globally.docx
GermanERuizCorrales
 
PPTX
Vapt life cycle
penetration Tester
 
PPTX
CISSP - Security Assessment
Karthikeyan Dhayalan
 
PDF
Vulnerability
Mohit Dholakiya
 
PDF
Practical White Hat Hacker Training - Vulnerability Detection
PRISMA CSI
 
PPTX
Web Application Scanning Flow and features.pptx
alphaa2test
 
PPT
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
PDF
The Security Of Information Security
Rachel Phillips
 
PDF
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
PPT
1 (20 files merged).ppt
seshas1
 
PDF
Vulnerability assessment-info-savvy
infosavvy
 
PPT
cyber sec.ppt
C326PrathameshKhade
 
PDF
System and Enterprise Security Project - Penetration Testing
Biagio Botticelli
 
PPTX
Lecture-39.pptx Xperia of this slide can conversation
MUHAMMADAHMAD173574
 
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 
5 howtomitigate
richarddxd
 
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
Web hacking 1.0
Q Fadlan
 
What is a Port Scan in data visualization
Komal Khanna
 
Globally.docx
GermanERuizCorrales
 
Vapt life cycle
penetration Tester
 
CISSP - Security Assessment
Karthikeyan Dhayalan
 
Vulnerability
Mohit Dholakiya
 
Practical White Hat Hacker Training - Vulnerability Detection
PRISMA CSI
 
Web Application Scanning Flow and features.pptx
alphaa2test
 
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
The Security Of Information Security
Rachel Phillips
 
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
1 (20 files merged).ppt
seshas1
 
Vulnerability assessment-info-savvy
infosavvy
 
cyber sec.ppt
C326PrathameshKhade
 
System and Enterprise Security Project - Penetration Testing
Biagio Botticelli
 
Lecture-39.pptx Xperia of this slide can conversation
MUHAMMADAHMAD173574
 
Ad

Recently uploaded (20)

PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
SOIL: Factor, Horizon, Process, Classification, Degradation, Conservation
Sipra Biswas
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PPTX
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
PDF
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
advance database management system book.pdf
hinamannan364
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PDF
Indian roads congress 037 - 2012 Flexible pavement
offersjackpot
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
SOIL: Factor, Horizon, Process, Classification, Degradation, Conservation
Sipra Biswas
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
advance database management system book.pdf
hinamannan364
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
Lesson notes of climatology university.
sgladness67
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
Indian roads congress 037 - 2012 Flexible pavement
offersjackpot
 

Introduction to cyber security

  • 2. History • 1970’s, Robert Thomas, a researcher for BBN Technologies in Cambridge, Massachusetts, created the first computer “worm”. It was called The Creeper. • It infected computers by hopping from system to system with the message “I’M THE CREEPER: CATCH ME IF YOU CAN.” • Ray Tomlinson, the inventor of email, created a replicating program called The Reaper, the first antivirus software, which would chase Creeper and delete it. • In 1988, Robert Morris wrote a program Morris worm that went through networks, invaded Unix terminals, and copied itself. • The Morris worm was so aggressive that it slowed down computers to the point of being unusable. He subsequently became the first person to be convicted under Computer Fraud and Abuse Act.
  • 3. What is Cyber Security Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.
  • 4. Why is cybersecurity important? • With each passing year, the sheer volume of threats is increasing rapidly. • According to the report by McAfee, cybercrime now stands at over $400 billion, while it was $250 billion two years ago. • Cyber attacks can be extremely expensive for businesses to endure. • In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage. • Cyber-attacks these days are becoming progressively destructive. • Cybercriminals are using more sophisticated ways to initiate cyber attacks. • Regulations such as General Data Protection Regulation (GDPR) are forcing organizations into taking better care of the personal data they hold.
  • 5. The CIA Triad • Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide companies and organizations to form their security policies.
  • 6. Confidentiality • Confidentiality is about preventing the disclosure of data to unauthorized parties. • It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous. • Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle(MITM) attacks, disclosing sensitive data. • Standard measures to establish confidentiality include: • Data encryption • Two-factor authentication • Biometric verification • Security tokens
  • 7. Integrity • Integrity refers to protecting information from being modified by unauthorized parties. • It is a requirement that information and programs are changed only in a specified and authorized manner. • Challenges that could endanger integrity include turning a machine into a “zombie computer”, embedding malware into web pages. • Standard measures to guarantee integrity include: • Cryptographic checksums • Using file permissions • Uninterrupted power supplies • Data backups
  • 8. Availability • Availability is making sure that authorized parties are able to access the information when needed. • Data only has value if the right people can access it at the right time. • Information unavailability can occur due to security incidents such as DDoS attacks, hardware failures, programming errors, human errors. • Standard measures to guarantee availability include: • Backing up data to external drives • Implementing firewalls • Having backup power supplies • Data redundancy
  • 11. How is Cybersecurity implemented?
  • 13. Classification of Security Hackers Black Hat Hackers’ objective: • To steal valuable information from another user • To steal money through transactions and accounts • To get access to free music and videos • Downloading free hacking software which is considered an illegal activity • To steal valuable information from military/navy organizations • To access restricted networking spaces White Hat Hackers’ objective: • To improve the security framework in a system • Developing high security programming language like Linux • Developing most of the security software for organizations • Checking and updating security softwares • Developing programs like pop up blocker, firewall and ad blocker
  • 14. Vulnerability Scanner A vulnerability scanner can assess a variety of vulnerabilities across information systems like computers, network systems, operating systems, and software applications, that may be: 1. Vendor-originated: this includes software bugs, missing operating system patches, vulnerable services, insecure default configurations, and web application vulnerabilities. 2. System administration-originated: this includes incorrect or unauthorised system configuration changes, lack of password protection policies, and so on. 3. User-originated: this includes sharing directories to unauthorised parties, failure to run virus scanning software, and malicious activities, such as deliberately introducing system backdoors activities
  • 15. Benefits of Vulnerability Scanners • Early detection and handling of known security problems • Identify security vulnerabilities that may be present in the network, from both the internal and external perspective. • Identification of new device or even a new system that may be connected to the network without authorisation • The scanner can help identify rogue machines, which might endanger overall system and network security. • Verify the inventory of all devices on the network. • Inventory includes the device type, operating system version and patch level, hardware configurations and other relevant system information. This information is useful in security management and tracking.
  • 16. Limitations of Vulnerability Scanners • Snapshot only: a vulnerability scanner can only assess a "snapshot of time" in terms of a system or network's security status. • Scanning needs to be conducted regularly, as new vulnerabilities can emerge, or system configuration changes can introduce new security holes. • Human judgement is needed: Vulnerability scanners can only report vulnerabilities according to the plug-ins installed in the scan database. • They cannot determine whether the response is a false negative or a false positive. Human judgement is always needed in analysing the data after the scanning process. • Others: a vulnerability scanner is designed to discover known vulnerabilities only. • It cannot identify other security threats, such as those related to physical, operational or procedural issues.
  • 17. Architecture of Vulnerability Scanners • Scan Engine executes security checks according to its installed plug-ins, identifying system information and vulnerabilities. • It can scan more than one host at a time and compares the results against known vulnerabilities. • Scan Database stores vulnerability information, scan results, and other data used by scanner. • Number of available plug-ins, and the updating frequency of plug-ins will vary depending on vendor. Scanners with an "auto-update" feature • Each plug-in might contain not only the test case itself, but also a vulnerability description, a Common Vulnerabilities and Exposures (CVE) identifier; and even fixing instructions for a detected vulnerability.
  • 18. Architecture of Vulnerability Scanners (Contd..) • Report Module provides different levels of reports on the scan results, • Such as detailed technical reports with suggested remedies for system administrators, • Summary reports for security managers, • High-level graph and trend reports for executives. • User Interface allows the administrator to operate the scanner. • It may be either a Graphical User Interface (GUI), or just a command line interface. For enterprise networks : Use Distributed Network Scanners with more complex architecture, capable of assessing vulnerabilities across multiple or geographically dispersed networks . Composed • Remote scanning agents, • Plug-in update mechanism for those agents, • Centralised management point.
  • 19. Types of Vulnerability Scanner • NETWORK-BASED SCANNERS • Usually installed on a single machine that scans a number of other hosts on the network. • It helps detect critical vulnerabilities such as mis-configured firewalls, vulnerable web servers, risks associated with vendor-supplied software, and risks associated with network and systems administration. • Different types of network-based scanners include: 1. Port Scanners that determine the list of open network ports in remote systems; 2. Web Server Scanners that assess the possible vulnerabilities (e.g. potentially dangerous files) in remote web servers; 3. Web Application Scanners that assess the security aspects of web applications (such as cross site scripting and SQL injection) running on web servers. Cross-site Scripting (XSS) is a client-side code injection attack. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. SQL injection is a code injection technique that might destroy your database and is one of the most common web hacking techniques.
  • 20. Types of Vulnerability Scanner (Contd..) • HOST-BASED SCANNERS • Scanner is installed in the host to be scanned, • Has direct access to low-level data, such as specific services and configuration details of the host's operating system. • Provide insight into risky user activities such as using easily guessed passwords or even no password. • Detect signs that an attacker has already compromised a system, including looking for suspicious file names, unexpected new system files or device files, and unexpected privileged programs. • Perform baseline (or file system) checks not done by Network-based scanners as they do not have direct access to the file system on the target host. • Database scanner is an example of a host-based vulnerability scanner. • It performs detailed security analysis of the authorisation, authentication, and integrity of database systems, and can identify any potential security exposures in database systems, ranging from weak passwords and security mis-configurations to Trojan horses.
  • 21. Open Port Service Identification: Introduction • A port scanner is an application designed to probe a server or host for open ports. • Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities. • A port scan is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port. • Basically port scan are not attacks, but rather simple probes to determine services available on a remote machine. • Portsweep is to scan multiple hosts for a specific listening port. • For example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.
  • 22. Categories Result of a scan on a port is usually generalized into one of three categories: • Open or Accepted: The host sent a reply indicating that a service is listening on the port. • Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port. • Filtered, Dropped or Blocked: There was no reply from the host. • Two vulnerabilities of which administrators must be cautioned: • Security and stability concerns associated with the program responsible for delivering the service- Open ports. • Security and stability concerns associated with the operating system that is running on the host- Open or Closed ports. • Filtered ports do not present any vulnerabilities.
  • 23. Types • TCP scanning • Use the operating system's network functions and are generally the next option to go to when SYN is not a feasible option • If a port is open, • the operating system completes the TCP three-way handshake, • The scanner immediately closes the connection to avoid performing a Denial-of-service attack. • Otherwise an error code is returned. • Advantage of the mode • No special privileges required for user does not require. • Disadvantage of the mode • Since mode prevents low-level control, so this scan type is less common. • Method is "noisy", particularly if it is a "portsweep“. • The services can log the sender IP address and Intrusion detection systems can raise an alarm.
  • 24. Types (Contd..) • SYN scanning • Another form of TCP scanning. • Port scanner generates raw IP packets itself, and monitors for responses instead of running OS based network functions. • Also known as "half-open scanning", because it never actually opens a full TCP connection. • The port scanner generates a SYN packet. • If the target port is open, it will respond with a SYN-ACK packet. • The scanner host responds with an RST packet, closing the connection before the handshake is completed. • If the port is closed but unfiltered, the target will instantly respond with an RST packet. • Advantages, • Scanner has full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses.
  • 25. Types (Contd..) • UDP scanning • There are technical challenges as UDP is a connectionless protocol , hence no equivalent to a TCP SYN packet. • If a UDP packet is sent to a port that is not open, • System will respond with an ICMP port unreachable message. • Hence, use the absence of a response to infer that a port is open. • However, if a port is blocked by a firewall, this method will falsely report that the port is open. • If the port unreachable message is blocked, all ports will appear open. • Method is also affected by ICMP rate limiting. • Other scanning Method but rarely used are • ACK scanning • Window scanning • FIN scanning
  • 26. Examples • For example a scanner could connect to using nmap application to • port 1 - to see if tcpmux is running. • Specification describes a multiplexing service that may be accessed with a network protocol to contact any one of a number of available TCP services of a host on a single, well-known port number • port 7 - to see if echo is running. • Display of data • port 22 - to see if openssh is available. • OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers. • port 25 - to see if smtp is available. • Set of communication guidelines that allow software to transmit an electronic mail over the internet i
  • 27. Version Check • Footprinting is the technique to collect as much information as possible about the targeted network/victim/system. • It helps hackers in various ways to intrude on an organization's system. • Use nmap to discover the web server version, Operating System Version check the servers to make sure that their ports are operating properly, ping network segments. • Some commands for version check include • -sV (Version detection) • -allports (Don't exclude any ports from version detection) • -version-intensity <intensity> (Set version scan intensity) • -version-all (Try every single probe) • - version-trace (Trace version scan activity)
  • 28. TRAFFIC PROBE • High-Speed Traffic Processing • LAN and MAN has evolved to support speeds from 1 Mb/s to 100 Gb/s. • The total amount of data created or replicated on the planet in 2010 was over 1 zettabyte (143 GB for each of the 7 billion people on the planet. • This volume of information requires high-speed links between server farms, cloud storage, and end users to make sure that it can be processed in a timely and reliable fashion. • It will not be possible to analyse such huge traffic volumes in the coming 100 GbE network installations with the current generation of network measurement tools • FPGA cards (intel 82599, Myri-10G Lanai Z8ES) are still used in applications which perform in-depth analysis, patter matching, and low latency operations in 40/100 Gb/s networks
  • 29. TRAFFIC PROBE (Contd..) • Network Traffic Measurement • Full packet traces. • Flow statistics provide information from Internet Protocol (IP). • Volume statistics are provided by most network appliances for network management. • Network Intrusion Detection • Signature-based approach inspects the evaluated content. • Anomaly-based detection. • Stateful protocol analysis.
  • 30. Vulnerability Probe: HTML injection check • Some security bugs can’t be identified without sending a payload that exploits a suspected vulnerability. • Vulnerability probe for a web application. Imagine a web app that has a search box for users to find text within its pages. HTML EXAMPLE :- • <div id="search"><span class="results">Results for '<xss>'...</span> Example of Cross Site Scripting (XSS) To do with caution <script>alert (1)</script>
  • 31. Vulnerability Probe: Buffer Overflow • A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory (a buffer), than the buffer is allocated to hold. • By sending carefully crafted input to an application, an attacker can cause the application to execute arbitrary code, possibly taking over the machine
  • 32. Vulnerability Probe: Buffer Overflow • Minimalist vulnerable program #include <string.h> int main(int argc, char *argv[]) { char buffer[512]; if (argc > 1) strcpy(buffer,argv[1]); } • Compile the program with the following command : • $ gcc -o vulnerable main.c
  • 33. References 1. What is Cybersecurity? – A Beginner’s Guide to Cybersecurity World available at https://www.edureka.co/blog/what-is- cybersecurity/ 2. Cybersecurity Fundamentals – Introduction to Cybersecurity available at https://www.edureka.co/blog/cybersecurity- fundamentals-introduction-to-cybersecurity/ 3. An Overview Of Vulnerability Scanners available at https://www.infosec.gov.hk/english/technical/files/