6. SECRECY OR CONFIDENTIALITY
INTEGRITY
IT MEANS THAT ONLY AUTHORIZED PEOPLE
SHOULD BE ABLE TO ACCESS OR READ SPECIFIC
COMPUTER SYSTEM
IT MEANS THAT ONLY AUTHORIZED PEOPLE
SHOULD HAVE THE ABILITY TO USE OR MODIFY
SYSTEMS
7. AVAILABILITY
IT MEANS THAT AUTHORISED PEOPLE SHOULD
ALWAYS HAVE ACCESS TO THEIR SYSTEMS EVERY
TIME THEY NEED TO
8. What Is Hacking
Hacking is an attempt to exploit a computer system or a private
network inside a computer.
Simply put, it is the unauthorised access to or control over computer
network security systems for some illicit purpose.
9. Hackers
A Hacker is a person who finds and exploits the weakness in computer
systems and/or networks to gain access.
Hackers are usually skilled computer programmers with knowledge of
computer security.
10. Types Of Hackers
White Hat/ Ethical Hackers:
Someone who gains access to a system with a view to find out and fix the
weaknesses and not exploit them for personal gains.
Black Hat/ Crackers:
The main intention here is to steal corporate data, violate privacy rights,
transfer funds from bank accounts etc.
11. Types Of Hackers
Grey Hat:
They breaks into computer systems without authority with a view to identify
weaknesses and reveal them to the system owner.
Hacktivists:
A hacker who use hacking to send social, religious, and political Messages.
This is usually done by hijacking websites and leaving the message on the
hijacked website.
14. Major types of Attacks
Brute force:
A brute force attack is a trial-and-error method used to obtain information such as a
user password or personal identification number (PIN). In a brute force attack,
automated software is used to generate a large number of consecutive guesses as
to the value of the desired data.
Phishing:
Phishing is a type of social engineering attack often used to steal user data,
including login credentials and credit card numbers.
It occurs when an attacker, masquerading as a trusted entity, dupes a victim into
opening an email, instant message, or text message.
15. Major types of Attacks
DOS / DDOS (Denial Of Service):
A denial-of-service attack is a security event that occurs when an attacker takes
action that prevents legitimate users from accessing targeted computer systems,
devices or other network resources.
Denial-of-service (DoS) attacks typically flood servers, systems or networks with
traffic in order to overwhelm the victim resources and make it difficult or impossible
for legitimate users to use them. While an attack that crashes a server can often be
dealt with successfully by simply rebooting the system, flooding attacks can be
more difficult to recover from.
16. Major types of Attacks
IP SPOOFING
IP Spoofing is a technique used to gain unauthorized access to machines, whereby
an attacker illicitly impersonates another machine by manipulating IP packets. IP
Spoofing involves modifying the packet header with a forged (spoofed) source IP
address, a checksum, and the order value.
17. Major types of Attacks
MAN IN THE MIDDLE (MITM) ATTACK
A man-in-the-middle attack is a type of cyberattack
where a malicious actor inserts him/herself into a
conversation between two parties, impersonates
both parties and gains access to information that
the two parties were trying to send to each other.
A man-in-the-middle attack allows a malicious
actor to intercept, send and receive data meant for
someone else, or not meant to be sent at all,
without either outside party knowing until it is too
late. Man-in-the-middle attacks can be abbreviated
in many ways, including MITM, MitM, MiM or MIM.
18. Key Concepts of a Man-in-the-Middle Attack
Man-in-the-middle is a type of eavesdropping attack that occurs when a
malicious actor inserts himself as a relay/proxy into a communication
session between people or systems.
A MITM attack exploits the real-time processing of transactions,
conversations or transfer of other data.
Man-in-the-middle attacks allow attackers to intercept, send and receive
data never meant to be for them without either outside party knowing until it
is too late
Major types of Attacks
19. Major types of Attacks
Viruses
A virus requires an active host program or an already infected
system to run and cause damage by infecting other files or
documents.
They are usually attached to executable file or word documents.
Can be activated at a certain time or an event.
Spread via mails or flash drives.
Worms
A worm is self replicating and self propagating
Worms are usually destructive while viruses can do a lot of other
things.
20. Major types of Attacks
Trojan
Very powerful malware, often disguised as useful software.
Usually very sophisticated and can be anything. e.g. games, song etc.
However, they cannot replicate themselves.
Types: Backdoor Trojan, Info stealer Trojan, Trojan Downloader, Trojan
DDoS
Prevention
Using good anti-malware software's.
Downloading files form trusted websites.
21. Major types of Attacks
Adware
Displays unwanted banner advertisements.
Often bundled with freeware that can be downloaded from the internet.
Usually included to recover costs of software development in order to
distribute the application for free.
Can Hijack the browser to display some certain page when it starts up.
Some of them can even monitor the web usage, referred to as
SPYWARE
Data collected can be sent back to hackers or advertising agencies.
22. Major types of Attacks
Ransomware
●Locks your computer and you cannot access anything
until you pay some amount of money.
●Targets anyone and everyone
●Payments are often requested in form of
cryptocurrencies(Like Bitcoin).
●Infects mostly through email links and downloads.
●WannaCry infected more than 200,000 computers in
over 150 countries
●Lucky in Feb,2016, extorted more than 17,000 $ from a
hospital.
●CTB Locker in 2014, was one of the first ransomwares
that was sold as an underground service program.
23. PREVENTIONS
Data Backups
Turn off external applications like
Dropbox
Never open spam emails or
suspicious links
Use good antivirus
24. Brute force:
Never ever use a dictionary word as your password
Include different numbers and characters in your password
The bigger the better.
Phishing:
Vigilance (Do not open things all willy nilly
Use of email filters and proper antivirus softwares
Common technical sense
25. Some Preventions and Precautions
DOS/DDOS:
Over provision Bandwidth
Creating a DDOS play book
Employing a DDOS specialist e.g. Cloudfare, Akamei.
Using Load Balancers
26. IP SPOOFING AND MITM PREVENTION
Use authentication based on key exchange between the machines on your
network; something like IPsec will significantly cut down on the risk of spoofing.
Use an access control list to deny private IP addresses on your downstream
interface.
Implement filtering of both inbound and outbound traffic.
Configure your routers and switches if they support such configuration, to reject
packets originating from outside your local network that claim to originate from
within.
Enable encryption sessions on your router so that trusted hosts that are outside
your network can securely communicate with your local hosts.
Some Preventions and Precautions
28. CYBER SECURITY MEASURES
ANTIVIRUS
Features of Antivirus Software
Background Scanning
Full System Scans
Virus Definitions
Background Scanning
Antivirus software scans all the files that you open from the back-end; this is also
termed as on access scanning. It gives a real time protection safeguarding the
computer from threats and other malicious attacks.
29. CYBER SECURITY MEASURES
Full System Scans
Full system scans are generally not essential when you already have an on access scanning facility.
Full system scans are essential when you install antivirus software for the first time or you have
updated your antivirus software recently. This is done to make sure that there are no viruses present
hidden on your system. Full system scans are also useful when you repair your infected computer.
Virus Definitions
Antivirus software depends on the virus definitions to identify malware. That is the reason it updates on the
new viruses definitions. Malware definitions contain signatures for any new viruses and other malware that
has been classified as wild. If the antivirus software scans any application or file and if it finds the file infected
by a malware that is similar to the malware in the malware definition. Then antivirus software terminates the
file from executing pushing it to the quarantine. The malware is processed accordingly corresponding to the
type of virus protection.
30. CYBER SECURITY MEASURES
SIGNATURE-BASED DETECTION - This is most common in Traditional
antivirus software that checks all the .EXE files and validates it with the
known list of viruses and other types of malware. or it checks if the unknown
executable files shows any misbehavior as a sign of unknown viruses.
HEURISTIC-BASED DETECTION - This type of detection is most
commonly used in combination with signature-based detection. Heuristic
technology is deployed in most of the antivirus programs. This helps the
antivirus software to detect new or a variant or an altered version of
malware, even in the absence of the latest virus definitions.
31. CYBER SECURITY MEASURES
BEHAVIORAL-BASED DETECTION - This type of detection is used in Intrusion
Detection mechanism. This concentrates more in detecting the characteristics of
the malware during execution. This mechanism detects malware only while the
malware performs malware actions.
SANDBOX DETECTION - It functions most likely to that of behavioral based
detection method. It executes any applications in the virtual environment to track
what kind of actions it performs. Verifying the actions of the program that are
logged in, the antivirus software can identify if the program is malicious or not.
DATA MINING TECHNIQUES - This is of the latest trends in detecting a malware.
With a set of program features, Data mining helps to find if the program is
malicious or not.
32. CYBER SECURITY MEASURES
FIREWALL
At their most basic, firewalls work like a filter
between your computer/network and the
Internet. You can program what you want to
get out and what you want to get in.
Everything else is not allowed. There are
several different methods firewalls use to filter
out information, and some are used in
combination. These methods work at different
layers of a network, which determines how
specific the filtering options can be.
Firewalls can be used in a number of ways to
add security to your home or business.
33. CYBER SECURITY MEASURES
ENCRYPTION
Encryption is a modern form of cryptography that allows a user to hide
information from others. Encryption uses a complex algorithm called a
cipher in order to turn normalized data (plaintext) into a series of seemingly
random characters (cipher text) that is unreadable by those without a
special key in which to decrypt it. Those that possess the key can decrypt
the data in order to view the plaintext again rather than the random
character string of cipher text.
34. CYBER SECURITY MEASURES
SSL
SSL (Secure Sockets Layer) is a
standard security protocol for
establishing encrypted links
between a web server and a
browser in an online
communication. The usage
of SSL technology ensures that all
data transmitted between the web
server and browser remains
encrypted.
35. CYBER SECURITY MEASURES
How SSL Works
When a Web browser tries to connect to a website using SSL, the browser will
first request the web server identify itself. This prompts the web server to send
the browser a copy of the SSL Certificate. The browser checks to see if the
SSL Certificate is trusted -- if the SSL Certificate is trusted, then the browser
sends a message to the Web server. The server then responds to the browser
with a digitally signed acknowledgement to start an SSL encrypted session.
This allows encrypted data to be shared between the browser and the server.
You may notice that your browsing session now starts with https (and not http).
36. CYBER SECURITY MEASURES
HTTPS
HTTPS pages typically use one of two secure protocols to encrypt
communications - SSL (Secure Sockets Layer) or TLS (Transport Layer
Security). Both the TLS and SSL protocols use what is known as an 'asymmetric'
Public Key Infrastructure (PKI) system. An asymmetric system uses two 'keys' to
encrypt communications, a 'public' key and a 'private' key. Anything encrypted
with the public key can only be decrypted by the private key and vice-versa.
37. CYBER SECURITY MEASURES
MULTI-FACTOR AUTHENTICATION
Multi-factor authentication (MFA) is a method of confirming a user's claimed
identity in which a user is granted access only after successfully presenting 2
or more pieces of evidence (or factors) to an authentication mechanism
Hence it makes it harder for the hackers to break into your system as they
need to hack both the factors to pass through.
38. CYBER SECURITY MEASURES
Authentication factors
Knowledge factors
Knowledge factors are the most commonly used form of authentication. In this
form, the user is required to prove knowledge of a secret in order to
authenticate.
Possession factors
Possession factors ("something the user and only the user has") have been
used for authentication for centuries, in the form of a key to a lock. The basic
principle is that the key embodies a secret which is shared between the lock and
the key, and the same principle underlies possession factor authentication in
computer systems. A security token is an example of a possession factor.
Inherence factors
These are factors associated with the user, and are usually bio-metric methods,
including fingerprint readers, retina scanners or voice recognition.
39. CYBER SECURITY MEASURES
PENETRATION TESTING
It is a method of testing in which the areas of weakness in the software
systems in terms of security are put to test to determine, if ‘weak-point’ is
indeed one, that can be broken into or not.
Performed for: Websites/Servers/Networks
It starts with a list of Vulnerabilities/potential problem areas that would cause
a security breach for the system.
Devise penetration tests that would work (attack your system) from both
within the network and outside (externally).
If unauthorized access is possible, then the system has to be corrected and
the series of steps need to be re-run until the problem area is fixed.
40. BEING A CYBER-EXPERT
Industry Status
Last year ethical hacking was estimated to be a US$ 3.8 billion industry in the US
alone. According to Nasscom, India will require at least 77,000 ethical hackers every
year whereas we are producing only 15,000 in a year, currently. Ethical hacking is
growing at a tremendous pace and offers a plethora of lucrative job opportunities
Growth areas
The information security industry is going at a current worldwide growth rate of 21%.
Frost & Sullivan have estimated that there are 2.28 million information security
professionals worldwide which is expected to increase to nearly 4.2 million by 2015.
The need for information security for security compliance in India is mandatory for all
companies with an IT backbone. The requirement for such personnel is especially
high with organisations in the IT/ITES space.
● A fresher may work as an intern for a couple of months and can start with a minimum
of Rs 2.5 lakh per annum.
● th one year of experience, one can expect upto Rs 4.5 lakh per annum.
● Those with work experience five years or more can get from 10-12 lakh per annum.