SlideShare a Scribd company logo

The 7 layers of cybersecurity and vulnerabilities

Download as PPTX, PDF
I
ItProfessional14

The 7 layers of cybersecurity and vulnerabilities

Education
1 of 23
Download to read offline
1
2
3
4
5
Most read
6
Most read
7
Most read
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
1 The 7 Layers of Cyber Security & Vulnerabilities Module 8
Module 8 Agenda ➢Finish Module 7 Activity 2 ➢The 7 Layers of Cyber Security ➢Malware ➢Vulnerabilities 2 Copyright 2021 Iowa State University
Module 7 Activity 2 - Each team, take about 10 to 20 minutes to finish up Module 7 Activity 2 Copyright 2021 Iowa State University 3
The 7 Layers of Cyber Security Copyright 2021 Iowa State University 4
The 7 Layers of Cyber Security 1. Mission Critical Assets - This is the data that is being protected. Any asset an organization cannot function without (computers, software and data). 1. Data Security - Protecting your systems at this level would entail establishing reliable backups to save data, encryption of your data, and other policies such as Two-Factor Authentication (usernames & passwords). 1. Application Security - The testing and adding of application features to prevent and patch vulnerabilities. - Routine updating of applications and software to not leave any system open to an old exploit. 1. Endpoint Security - Protects the connection between the network and its devices - We can implement endpoint security through the use of antivirus software, web content filtering, and application controls. Copyright 2021 Iowa State University 5
The 7 Layers of Cyber Security 5. Network Security - At this layer, we are concerned with the breadth of access a user has within a network. It would be dangerous to grant every employee root access. - We need to provide people with the minimum amount of “user privilege” possible for them to do their job and nothing more. 6. Perimeter Security - Prevents suspicious activity from entering the network by protecting the gateway with firewalls, data encryption, anti-virus software. - Monitors and secures devices that transmit data outside of the walls of your network. 7. The Human Layer - Being aware of human threats like spamming, phishing, and any other clever form of social engineering. Copyright 2021 Iowa State University 6
The 7 Layers of Cyber Security Copyright 2021 Iowa State University 7
Malware Copyright 2021 Iowa State University 8
Malware Malware: Malicious Software. Malicious code scripts, files, or programs that aim to deceive, manipulate or spy on the target user without their knowledge. • Malware comes in different forms, and not limited to - Worms, Trojan Horses, Viruses, Keyloggers, Scareware Another way to define malware is to know that malware is any software that compromises confidentiality, integrity, and availability of your computers. - Confidentiality: No unauthorized reading - Integrity: No unauthorized writing - Availability: System are accessible, ready to use Copyright 2021 Iowa State University 9
Malware Malware Propagation Methods: • Worms - Worms are able to self-replicate, without the need for human interaction. • Computer Viruses - Requires a human to spread. Usually hidden and embedded within an application or other software. • Social Engineering - Also referred to as “human hacking”, involves taking advantage of the human element to gain access to unauthorized systems. • Malicious Websites - Sometimes trustworthy websites can contain dangerous content. • Trojan Horses - A malicious function contained within a seemingly benign product. Copyright 2021 Iowa State University 10
Malware Malware Vessels: • Removable Media (USB flash-drives) • Internet Downloads • E-mail Attachments • Corrupt Files • An unsuspecting user Modern cyber attacks will implement a variety of these methods and those mentioned on the previous slide to successfully infiltrate the target. 11
Malware Copyright 2021 Iowa State University 12 Video: Varieties of Malware by IowaCyber https://www.youtube.com/watch?v=pFETP9CAJj4
Malware Malware Triggers: Triggers are the mechanism that activates the “core” or payload of malware. Examples of triggers include but are not limited to: • Time • System configuration settings • Existence of certain files or folders • Current software version • A specific human user action • Failure to comply with ransomware demands 13
Malware Malware Payloads: A payload could be considered malware’s purpose. What is it setting out to accomplish? Examples include: • Destruction of data • Data encryption • Spy on the target • Bring down a website by keeping people from accessing it, through a denial of service attack • Cause real-world harm, in the case of attacking hospitals • Install a backdoor • Zombify your computer 14
Vulnerabilities Copyright 2021 Iowa State University 15
Vulnerabilities By using some of the propagation methods previously described, hackers can intrude and embed malware through vulnerabilities. ● Vulnerabilities are weaknesses within a computer system that compromise systems under attack. They can occur throughout the system’s. . . - Design - Implementation - Configuration Copyright 2021 Iowa State University 16
Vulnerabilities ● Design Vulnerability: flaws in the design of the computer or software that bypass security. ● Implementation Vulnerability: errors within implemented software. (installed improperly) ● Configuration Vulnerability: user configures the system incorrectly or uses defaults. (not changing default password/using weak passwords) Copyright 2021 Iowa State University 17
Vulnerabilities How to check for vulnerabilities? Penetration testing (Pen test): ● Simulated cyber attack against a computer system to check for vulnerabilities (test run) ● Provides insight on weak parts of a system that need to be patched up ● Used to ensure that a system is secure and reliable ● Allows for vulnerabilities to be detected and fixed before the system is compromised by attackers Copyright 2021 Iowa State University 18
Vulnerabilities Steps of a pen test (Optional video) Copyright 2021 Iowa State University 19 https://youtu.be/b7jW9X9UqiY
Vulnerabilities ● As we learned in the video, passive reconnaissance is the first active step of a pen test. ● Passive reconnaissance is the action of acquiring and analyzing as much publicly available information as possible without interacting in any way with the target. ○ This gives the attacker the opportunity to identify potentially vulnerable and misconfigured systems for physical attacks. Additionally, it could potentially provide sensitive information that might allow for impersonation, exploitation, or blackmail. You will be practicing passive reconnaissance in Activity 1 Copyright 2021 Iowa State University 20
To Do ● Have Module 7 Activity 1 Completed ● Complete Module 8 Activity 1 ● Complete Module 8 Activity 2 21 Copyright 2021 Iowa State University
End of Module 8! What questions do you have? Next Module Topic: Web Vulnerabilities 22 Copyright 2021 Iowa State University
Questions? Contact Innovate-IT support staff! email: innovate_it@iastate.edu Your school’s IP-Range can be found at: http://www.it-adventures.org/ip-ranges/ 23

More Related Content

PPTX
INTRODUCTION CB start Cyber Security.pptx
faizanaseem873
 
PPT
Information Technology Security Basics
Mohan Jadhav
 
PPT
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 
PDF
Chapter 8
uabir
 
PDF
Penetration Testing Services_ Comprehensive Guide 2024.pdf
qualysectechnology98
 
PPTX
Chapter 5.pptx
Wollo UNiversity
 
PDF
l_02sec.pdf
someyamohsen2
 
PPT
NetWitness
TechBiz Forense Digital
 
INTRODUCTION CB start Cyber Security.pptx
faizanaseem873
 
Information Technology Security Basics
Mohan Jadhav
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 
Chapter 8
uabir
 
Penetration Testing Services_ Comprehensive Guide 2024.pdf
qualysectechnology98
 
Chapter 5.pptx
Wollo UNiversity
 
l_02sec.pdf
someyamohsen2
 
NetWitness
TechBiz Forense Digital
 

Similar to The 7 layers of cybersecurity and vulnerabilities (20)

PPTX
Computer-Security.pptx
JoselitoJMebolos
 
PPTX
Internet worm-case-study
Ian Sommerville
 
PPT
Internet worms definitions and strategies to avoid it.
SinisaSremac
 
PPTX
Application security
Hagar Alaa el-din
 
PPT
Chapter1 intro network_security_sunorganised
Bule Hora University
 
DOCX
Information security questions
gamemaker762
 
PDF
Presentation about security i.t.
MarianaGilMartnez1
 
PDF
Presentation about security I.T.
HugoBarrionuevoSobri
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
PDF
How To Defeat Advanced Malware. New Tools for Protection and Forensics
London School of Cyber Security
 
PPTX
LIS3353 SP12 Week 9
Amanda Case
 
PDF
Malware
Setiya Nugroho
 
PDF
Cscu module 03 protecting systems using antiviruses
Alireza Ghahrood
 
PPTX
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
PPT
Security Of Information Assets and why it matters.ppt
hellasassin
 
PPT
IT-Security Awareness and Training session
sameerroushan
 
PDF
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 
PPT
IT-Security-20210426203847.ppt
ssuser6c59cb
 
PPT
IT-Security-20210426203847.ppt
RamaNingaiah
 
PPT
IT-Security-20210426203847.ppt
Ian Dave Balatbat
 
Computer-Security.pptx
JoselitoJMebolos
 
Internet worm-case-study
Ian Sommerville
 
Internet worms definitions and strategies to avoid it.
SinisaSremac
 
Application security
Hagar Alaa el-din
 
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Information security questions
gamemaker762
 
Presentation about security i.t.
MarianaGilMartnez1
 
Presentation about security I.T.
HugoBarrionuevoSobri
 
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
London School of Cyber Security
 
LIS3353 SP12 Week 9
Amanda Case
 
Malware
Setiya Nugroho
 
Cscu module 03 protecting systems using antiviruses
Alireza Ghahrood
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Security Of Information Assets and why it matters.ppt
hellasassin
 
IT-Security Awareness and Training session
sameerroushan
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 
IT-Security-20210426203847.ppt
ssuser6c59cb
 
IT-Security-20210426203847.ppt
RamaNingaiah
 
IT-Security-20210426203847.ppt
Ian Dave Balatbat
 
Ad

Recently uploaded (20)

PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Lesson notes of climatology university.
sgladness67
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
master seminar digital applications in india
ananyaray35
 
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Ad

The 7 layers of cybersecurity and vulnerabilities

  • 1. 1 The 7 Layers of Cyber Security & Vulnerabilities Module 8
  • 2. Module 8 Agenda ➢Finish Module 7 Activity 2 ➢The 7 Layers of Cyber Security ➢Malware ➢Vulnerabilities 2 Copyright 2021 Iowa State University
  • 3. Module 7 Activity 2 - Each team, take about 10 to 20 minutes to finish up Module 7 Activity 2 Copyright 2021 Iowa State University 3
  • 4. The 7 Layers of Cyber Security Copyright 2021 Iowa State University 4
  • 5. The 7 Layers of Cyber Security 1. Mission Critical Assets - This is the data that is being protected. Any asset an organization cannot function without (computers, software and data). 1. Data Security - Protecting your systems at this level would entail establishing reliable backups to save data, encryption of your data, and other policies such as Two-Factor Authentication (usernames & passwords). 1. Application Security - The testing and adding of application features to prevent and patch vulnerabilities. - Routine updating of applications and software to not leave any system open to an old exploit. 1. Endpoint Security - Protects the connection between the network and its devices - We can implement endpoint security through the use of antivirus software, web content filtering, and application controls. Copyright 2021 Iowa State University 5
  • 6. The 7 Layers of Cyber Security 5. Network Security - At this layer, we are concerned with the breadth of access a user has within a network. It would be dangerous to grant every employee root access. - We need to provide people with the minimum amount of “user privilege” possible for them to do their job and nothing more. 6. Perimeter Security - Prevents suspicious activity from entering the network by protecting the gateway with firewalls, data encryption, anti-virus software. - Monitors and secures devices that transmit data outside of the walls of your network. 7. The Human Layer - Being aware of human threats like spamming, phishing, and any other clever form of social engineering. Copyright 2021 Iowa State University 6
  • 7. The 7 Layers of Cyber Security Copyright 2021 Iowa State University 7
  • 8. Malware Copyright 2021 Iowa State University 8
  • 9. Malware Malware: Malicious Software. Malicious code scripts, files, or programs that aim to deceive, manipulate or spy on the target user without their knowledge. • Malware comes in different forms, and not limited to - Worms, Trojan Horses, Viruses, Keyloggers, Scareware Another way to define malware is to know that malware is any software that compromises confidentiality, integrity, and availability of your computers. - Confidentiality: No unauthorized reading - Integrity: No unauthorized writing - Availability: System are accessible, ready to use Copyright 2021 Iowa State University 9
  • 10. Malware Malware Propagation Methods: • Worms - Worms are able to self-replicate, without the need for human interaction. • Computer Viruses - Requires a human to spread. Usually hidden and embedded within an application or other software. • Social Engineering - Also referred to as “human hacking”, involves taking advantage of the human element to gain access to unauthorized systems. • Malicious Websites - Sometimes trustworthy websites can contain dangerous content. • Trojan Horses - A malicious function contained within a seemingly benign product. Copyright 2021 Iowa State University 10
  • 11. Malware Malware Vessels: • Removable Media (USB flash-drives) • Internet Downloads • E-mail Attachments • Corrupt Files • An unsuspecting user Modern cyber attacks will implement a variety of these methods and those mentioned on the previous slide to successfully infiltrate the target. 11
  • 12. Malware Copyright 2021 Iowa State University 12 Video: Varieties of Malware by IowaCyber https://www.youtube.com/watch?v=pFETP9CAJj4
  • 13. Malware Malware Triggers: Triggers are the mechanism that activates the “core” or payload of malware. Examples of triggers include but are not limited to: • Time • System configuration settings • Existence of certain files or folders • Current software version • A specific human user action • Failure to comply with ransomware demands 13
  • 14. Malware Malware Payloads: A payload could be considered malware’s purpose. What is it setting out to accomplish? Examples include: • Destruction of data • Data encryption • Spy on the target • Bring down a website by keeping people from accessing it, through a denial of service attack • Cause real-world harm, in the case of attacking hospitals • Install a backdoor • Zombify your computer 14
  • 15. Vulnerabilities Copyright 2021 Iowa State University 15
  • 16. Vulnerabilities By using some of the propagation methods previously described, hackers can intrude and embed malware through vulnerabilities. ● Vulnerabilities are weaknesses within a computer system that compromise systems under attack. They can occur throughout the system’s. . . - Design - Implementation - Configuration Copyright 2021 Iowa State University 16
  • 17. Vulnerabilities ● Design Vulnerability: flaws in the design of the computer or software that bypass security. ● Implementation Vulnerability: errors within implemented software. (installed improperly) ● Configuration Vulnerability: user configures the system incorrectly or uses defaults. (not changing default password/using weak passwords) Copyright 2021 Iowa State University 17
  • 18. Vulnerabilities How to check for vulnerabilities? Penetration testing (Pen test): ● Simulated cyber attack against a computer system to check for vulnerabilities (test run) ● Provides insight on weak parts of a system that need to be patched up ● Used to ensure that a system is secure and reliable ● Allows for vulnerabilities to be detected and fixed before the system is compromised by attackers Copyright 2021 Iowa State University 18
  • 19. Vulnerabilities Steps of a pen test (Optional video) Copyright 2021 Iowa State University 19 https://youtu.be/b7jW9X9UqiY
  • 20. Vulnerabilities ● As we learned in the video, passive reconnaissance is the first active step of a pen test. ● Passive reconnaissance is the action of acquiring and analyzing as much publicly available information as possible without interacting in any way with the target. ○ This gives the attacker the opportunity to identify potentially vulnerable and misconfigured systems for physical attacks. Additionally, it could potentially provide sensitive information that might allow for impersonation, exploitation, or blackmail. You will be practicing passive reconnaissance in Activity 1 Copyright 2021 Iowa State University 20
  • 21. To Do ● Have Module 7 Activity 1 Completed ● Complete Module 8 Activity 1 ● Complete Module 8 Activity 2 21 Copyright 2021 Iowa State University
  • 22. End of Module 8! What questions do you have? Next Module Topic: Web Vulnerabilities 22 Copyright 2021 Iowa State University
  • 23. Questions? Contact Innovate-IT support staff! email: innovate_it@iastate.edu Your school’s IP-Range can be found at: http://www.it-adventures.org/ip-ranges/ 23