Cyber Security

2. Cyber Security
Lec1

3. What is security
• Security is protection against potential
harm (or other unwanted coercion)
caused by others, by restraining the
freedom of others to act
• Security is a state of wellbeing of
information and infrastructure
• Security for information technology (IT)
refers to the methods, tools and
personnel used to defend an
organization's digital assets

4. Why security?

5. Cyber security
• Cyber Security is a process that is
designed to protect networks and
devices from external threats
• Cyber security is the practice of
defending computers, servers,
mobile devices, electronic systems,
networks, and data from malicious
attacks. It's also known as
information technology security or
electronic information security
• Businesses typically employ
Cyber Security professionals to
protect their confidential
information, maintain employee
productivity, and enhance
customer confidence in products
and services

8. Computer security

9. Potential Losses

10. Elements of Security

12. Common Terms
• Threat - An action or event that has the potential to
compromise and/or violate security
• Vulnerability - Existence of a weakness, design, or
implementation error that can lead to an unexpected,
undesirable event compromising the security of the system
• Exploit - A defined way to breach the security of an IT system
through vulnerability
• Data Theft - Any action of stealing the information from the
users’ system
• Attack - Any action derived from intelligent threats to violate
the security of the System
• Cracker, Attacker, or Intruder - An individual who breaks into
computer systems in order to steal, change, or destroy
information

13. Attacker TYPES
• Misfeasors - Authorized users gain additional but
unauthorized access to resources on a system or misuse their
authorization
• Masqueraders - Using authorized user’s access (other than
own) privileges to enter a system and then, posing as that
user, attack the system
• Clandestine users - Insiders or outsiders who obtain their own,
distinct unauthorized access to a system

14. Common Goals of Attackers
Identity
theft
Tempering
Trophy
Grabbing
Service theft
Information
theft
Denial of
service (DoS)

15. Main motive behind the cybercrime
is to disrupt regular business
activity and critical infrastructure.
Cybercriminals also commonly
manipulate stolen data to benefit
financially, cause financial loss,
damage a reputation, achieve
military objectives, and propagate
religious or political beliefs
Cyber criminal Motive

16. Cyber Experts
As data breaches, hacking, and cybercrime reach new heights,
companies are increasingly relying on Cyber Security specialists to
identify potential threats and protect valuable data. Cyber
Security experts actually ensures:
• Find, test, and repair weaknesses within a company’s
infrastructure
• Monitor systems for malicious content
• Identify network breaches
• Install regular software updates, firewalls, and antivirus
protection
• Strengthen areas where attacks may have occurred

17. common Cyber Security domains
Asset security: Analyze
networks, computers,
routers, and wireless access
points
Security architecture and
engineering: Standardize
security policies and
procedures
Communication and network
security: Regulate cloud
storage and data transfer
Identity and access
management: Track user
authentication and
accountability
Security operations: Monitor
security to identify attacks
Security assessment and
testing: Test security policies
to ensure compliance with
industry standards
Software development
security: Create and
repeatedly test code
Security and risk
management: Identify
potential risks and implement
appropriate security controls

18. Best Practices by Experts
Using two-way authentication
Securing passwords
Installing regular updates
Running antivirus software
Using firewalls to disable unwanted
services
Avoiding phishing scams
Employing cryptography, or
encryption
Securing domain name servers, or
DNS
User Awareness

19. Types of Cybersecurity
Network Security. Most attacks occur
over the network, and network security
solutions are designed to identify and
block these attacks
• Data Loss Prevention (DLP)
• IAM (Identity Access Management)
• NAC (Network Access Control)
• NGFW (Next-Generation Firewall)
application controls to enforce safe web
use policies.
• IPS (Intrusion Prevention System)
• NGAV (Next-Gen Antivirus), Sandboxing
• Also important are network analytics,
threat hunting, and automated SOAR
(Security Orchestration and Response)
technologies
• IDS

20. Types of Cybersecurity
Endpoint Security. With endpoint
security, companies can secure end-user
devices such as desktops and laptops with
data and network security controls,
advanced threat prevention such as anti-
phishing and anti-ransomware, and
technologies that provide forensics such as
endpoint detection and response (EDR)
solutions

21. Types of Cybersecurity
Cloud Security. This strategy includes
cyber security solutions, controls, policies,
and services that help to protect an
organization’s entire cloud deployment
(applications, data, infrastructure, etc.)
against attack. While many cloud providers
offer security solutions, these are often
inadequate to the task of achieving
enterprise-grade security in the cloud

22. Types of Cybersecurity
Mobile Security. Often overlooked,
mobile devices such as tablets and
smartphones have access to corporate
data, exposing businesses to threats from
malicious apps, zero-day, phishing, and IM
(Instant Messaging) attacks
Mobile security prevents these attacks and
secures the operating systems and devices
from rooting and jailbreaking

23. Types of Cybersecurity
Application Security. Web
applications, like anything else
directly connected to the Internet,
are targets for threat actors
Application security prevents bot
attacks and stops any malicious
interaction with applications and
APIs.

24. Ethical hacking

25. Ethical hacking involves an
authorized attempt to gain
unauthorized access to a
computer system,
application, or data for
identifying and resolving
security vulnerabilities
Ethical Hacking

28. Ethical Hacker
Security experts that perform these
security assessments. The proactive work
they do helps to improve an
organization’s security posture
Also known as “white hats,” hackers

29. Key concepts of Ethical Hacking
Stay legal
Obtain proper approval before accessing and performing a security
assessment
Define the scope
Determine the scope of the assessment so that the ethical hacker’s work
remains legal and within the organization’s approved boundaries
Report vulnerabilities
Notify the organization of all vulnerabilities discovered during the
assessment. Provide remediation advice for resolving these vulnerabilities
Respect data sensitivity
Depending on the data sensitivity, ethical hackers may have to agree to a
non-disclosure agreement, in addition to other terms and conditions
required by the assessed organization

30. Ethical Hacker vs Malicious hacker
Ethical Hacker
They use their knowledge to
secure and improve the
technology of organizations. They
provide an essential service to
these organizations by looking for
vulnerabilities that can lead to a
security breach
Reports the identified
vulnerabilities to the organization
and provide remediation advice
Malicious Hacker
Intend to gain unauthorized
access to a resource (the more
sensitive the better) for financial
gain or personal recognition
Some malicious hackers deface
websites or crash backend servers
for fun, reputation damage, or to
cause financial loss

31. Skills required
• Expertise in scripting languages
• Proficiency in operating systems
• A thorough knowledge of networking
• A solid foundation in the principles of information security

32. What hacking identify
• They look for attack vectors against the target. The initial
goal is to perform reconnaissance, gaining as much
information as possible
• Once the ethical hacker gathers enough information, they
use it to look for vulnerabilities against the asset
• They perform this assessment with a combination of
automated and manual testing
• Even sophisticated systems may have complex
countermeasure technologies which may be vulnerable
• They don’t stop at uncovering vulnerabilities. Ethical
hackers use exploits against the vulnerabilities to prove
how a malicious attacker could exploit it

33. common vulnerabilities
• SQL Injection attacks
• Broken authentication
• Security misconfigurations
• Use of components with known vulnerabilities
• Sensitive data exposure
• Coding bugs
• Weak Passwords

34. Kevin Mitnick
• Served a five-year sentence
• One of the most wanted hacker
• Started from using bus for free
• Hacked various organizations
• Now runs a security firm named Mitnick
Security Consulting
• Hollywood movie was made on him
“Takedown” in year 2000.
• IMDB ranking is 6.3
• Documentary titled as “Freedom Downtime”
– 2001 was also made

35. Gary Mckinnon
• Scottish system administrator and hacker
• Biggest military computer hacker of all time
• Hacked 97 United States military
and NASA computers in
• 13-month period between February 2001
and March 2002

36. Albert Gonzalez
• Stole credit-card information
• 130 million card numbers
• largest retail-store theft in U.S. history
• Sold these credit card details from 2005
through 2007—the biggest such fraud in
history

37. Major cyber security Incidents

38. US’s CYBER ATTACK ON IRAN
• US and Israel launched cyber attack on Iran using malware named as
Stuxnet in 2010
• Reportedly, one fifth of Iranian nuclear centrifuges were damaged

39. WORLD’S LARGEST CYBER ATTACK
• Largest Cyber Attack on Backbone of Internet – Oct 2016
• Targets – Amazon, BBC, CNN, Netflix, Twitter etc
• Effects Achieved – Disruption of Internet by Hackers
Global Cyber Attack

40. NSA’S WORLDWIDE SURVEILLANCE
Edward Snowden defected US in 2013
Revealed information regarding various cyber-attacks by US

43. CAMBRIDGE
ANALYTICA
(ALLEGATIO
NS)
Cambridge Analytica specializes in collecting data
points of citizens and then categorizing them into
segments, such as those who support their clients
(say XYZ) and those who oppose them.
It then uses social media, and even the
conventional media at times to influence and sway
public opinion. All this is done very scientifically
and systematically with proven results and
outcomes.
Data of young Pakistani university students was
collected by Cambridge Analytica through a
tweaked operating system that was preinstalled on
laptops given under PM’s laptop scheme.

44. CAMBRIDGE
ANALYTICA
(ALLEGATIO
NS)
Not to mention, Mr.XXX allegedly hired Cambridge
Analytica to influence Pakistani voters as well, given its
successful track record with Donald J trump’s election
campaign in USA.
Cambridge Analytica is also alleged to have played a role
in Brexit as it reportedly influenced voters after
analyzing their behavior.
Cambridge Analytica has also linked with NATO and
allegedly involved in online Islamic state and al-
Qaeda terrorist recruitment on behalf of the American
state department.
It allegedly propagated hate in Afghans against Pakistan.

45. US ELECTIONS HACKED
• 2016 U.S. presidential election impacted by several cyber attacks
• One month after 2018 Midterm Election, the National Republican
Congressional Committee (NRCC) confirmed its email system was
hacked by an unknown third party.
• The hackers reportedly (Russians) gained access to the email
accounts of senior NRCC aides

47. Malicious URLs
• Symantec Internet Security Threat Report

48. Security Risks Home Users

49. What to secure ?

50. What makes a home computer vulnerable?

51. What makes a systemsecure?

52. Benefits of computer security awareness?

53. Types of Information Security Controls
Types of information security controls include security
policies, procedures, plans, devices and software intended to
strengthen cybersecurity. There are three maj types of
information security controls:
• Preventive controls are intended to help prevent
cybersecurity incidents
• Detective controls are designed to recognize attacks while
they are in progress and provide alerts to security teams
• Corrective controls come into play after a security
incident and are intended to help minimize damage from
an attack or to restore business systems

54. Classification of Information Security Controls
Information security controls can be classified into several categories:
• Administrative Controls. These controls include policies, procedures, and guidelines that define
how the organization manages its information security program. Examples include security policies,
risk assessments, security awareness training, incident response procedures, and access control
policies
• Technical Controls. Implemented through technology and aim to protect information systems and
data. Examples include firewalls, intrusion detection and prevention systems, encryption, access
controls, authentication mechanisms (e.g., passwords, biometrics), and security patches and
updates
• Physical Controls. Protect the physical environment where information systems and assets are
housed. They include measures such as physical access controls (e.g., locks, access cards),
surveillance systems, environmental controls (e.g., temperature and humidity controls), and secure
disposal of media.
• Logical Controls. Implemented within information systems to protect data and ensure appropriate
access. These controls include user authentication, authorization mechanisms, logging and
monitoring, data backups, and secure coding practices
• Operational Controls. Focus on the day-to-day operational activities related to information security.
These controls include change management processes, incident response procedures, backup and
recovery processes, security testing and vulnerability assessments, and system monitoring
• Compliance Controls. Compliance controls ensure that the organization adheres to relevant laws,
regulations, and industry standards. Examples include regular audits, security assessments, privacy
controls, and documentation of security policies and procedures

55. Penetration testing
• A penetration test (pen test) is an authorized
simulated attack performed on a computer system
to evaluate its security
• Penetration testers use the same tools, techniques,
and processes as attackers to find and demonstrate
the business impacts of weaknesses in a system
• Penetration tests usually simulate a variety of
attacks that could threaten a business
• A pen test provides insight into how well that aim
was achieved Pen testing can help an organization

56. Purpose of Pentest
• Find weaknesses in systems
• Determine the robustness of controls
• Support compliance with data privacy and
security regulations (e.g. PCI-DSS, HIPAA, GDPR)
• Provide qualitative and quantitative examples
of current security posture and budget
priorities for management

57. Phases of pen testing
• Reconnaissance. Gather as much information about the target as
possible from public and private sources to inform the attack strategy.
Sources include internet searches, domain registration information
retrieval, social engineering, network scanning, and sometimes even
dumpster diving
• Scanning. Pen testers use tools to examine the target website or
system for weaknesses, including open services, application security
issues, and open source vulnerabilities
• Gaining access. Pen testers determine the best tools and techniques to
gain access to the system, whether through a weakness such as SQL
injection or through malware, social engineering, or something else
• Maintaining access. Once pen testers gain access to the target, their
simulated attack must stay connected long enough to accomplish their
goals of exfiltrating data, modifying it, or abusing functionality. It’s
about demonstrating the potential impact

58. TYPES of pen testing
• Web apps. Testers examine the effectiveness of security controls and look
for hidden vulnerabilities, attack patterns, and any other potential security
gaps that can lead to a compromise of a web app
• Mobile apps. Using both automated and extended manual testing, testers
look for vulnerabilities in application binaries running on the mobile
device and the corresponding server-side functionality
• Mobile devices. Pen testers use both automated and manual analysis to
find vulnerabilities in application binaries running on the mobile device
and the corresponding server-side functionality
• Networks. This testing identifies common to critical security vulnerabilities
in an external network and systems. Experts employ a checklist that
includes test cases for encrypted transport protocols, SSL certificate
scoping issues, use of administrative services, and more
• Cloud. A cloud environment is significantly different than traditional on-
premises environments. Typically, security responsibilities are shared
between the organization using the environment and the cloud services
provider. Because of this, cloud pen testing requires a set of specialized
skills and experience to scrutinize the various aspects of the cloud, such as
configurations, APIs, various databases, encryption, storage, and security
controls

59. The only system which is truly secure is one which is
switched off and unplugged locked in a titanium lined
safe, buried in a concrete bunker, and is surrounded by
nerve gas and very highly paid armed guards. Even then,
I wouldn't stake my life on it.
-- Gene Spafford

60. Thank you