Introduction to cyber security i

1
LECTURE NOTE BY DR. DADA EMMANUEL GBENGA
INTRODUCTION TO CYBER SECURITY I (CYB 201)
WHAT IS CYBER SECURITY?
The technique of protecting internet-connected systems such as computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity.
We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to
the technology that includes systems, networks, programs, and data. And security is concerned
with the protection of systems, networks, applications, and information. In some cases, it is also
called electronic information security or information technology security.
Some other definitions of cybersecurity are:
"Cyber Security is the body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, theft, damage, modification or unauthorized access."
"Cyber Security is the set of principles and practices designed to protect our computing resources
and online information against threats."
Cyber Security can also be defined as a technique that is designed to protect networks and devices
from external threats. Businesses typically employ Cyber Security professionals to protect their
confidential information, maintain employee productivity, and enhance customer confidence in
products and services. The world of Cyber Security revolves around the industry standard of
confidentiality, integrity, and availability, or CIA. Confidentiality means data can be accessed
only by authorized parties; integrity means information can be added, altered, or removed only by
authorized users; and availability means systems, functions, and data must be available on-
demand according to agreed-upon parameters.
The main element of Cyber Security is the use of authentication mechanisms. For example, a
user name identifies an account that a user wants to access, while a password is a mechanism that
proves the user is who he claims to be.
Types of Cyber Security
Every organization's assets are the combinations of a variety of different systems. These systems
have a strong cybersecurity posture that requires coordinated efforts across all of its systems.
Therefore, we can categorize cybersecurity in the following sub-domains:
 Network Security: It involves implementing the hardware and software to secure a
computer network from unauthorized access, intruders, attacks, disruption, and misuse.
This security helps an organization to protect its assets against external and internal threats.
 Application Security: It involves protecting the software and devices from unwanted
threats. This protection can be done by constantly updating the apps to ensure they are
secure from attacks. Successful security begins in the design stage, writing source code,
validation, threat modeling, etc., before a program or device is deployed.

2
 Information or Data Security: It involves implementing a strong data storage mechanism
to maintain the integrity and privacy of data, both in storage and in transit.
 Identity management: It deals with the procedure for determining the level of access that
each individual has within an organization.
 Operational Security: It involves processing and making decisions on handling and
securing data assets.
 Mobile Security: It involves securing the organizational and personal data stored on
mobile devices such as cell phones, computers, tablets, and other similar devices against
various malicious threats. These threats are unauthorized access, device loss or theft,
malware, etc.
 Cloud Security: It involves protecting the information stored in the digital environment or
cloud architectures for the organization. It uses various cloud service providers such as
AWS, Azure, Google, etc., to ensure security against multiple threats.
 Disaster Recovery and Business Continuity Planning: It deals with the processes,
monitoring, alerts, and plans to how an organization responses when any malicious activity
is causing the loss of operations or data. Its policies dictate resuming the lost operations
after any disaster happens to the same operating capacity as before the event.
 User Education: It deals with the processes, monitoring, alerts, and plans to how an
organization responds when any malicious activity is causing the loss of operations or data.
Its policies dictate resuming the lost operations after any disaster happens to the same
operating capacity as before the event.
Why is Cyber Security important?
Today we live in a digital era where all aspects of our lives depend on the network, computer and
other electronic devices, and software applications. All critical infrastructure such as the banking
system, healthcare, financial institutions, governments, and manufacturing industries use devices
connected to the Internet as a core part of their operations. Some of their information, such as
intellectual property, financial data, and personal data, can be sensitive for unauthorized access or
exposure that could have negative consequences. This information makes intruders and threat
actors to infiltrate them for financial gain, extortion, political or social motives, or just vandalism.
Cyber-attack is now an international concern that hacks the system, and other security attacks
could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity
strategy to protect sensitive information from high-profile security breaches. Furthermore, as the
volume of cyber-attacks grows, companies and organizations, especially those that deal with
information related to national security, health, or financial records, need to use strong
cybersecurity measures and processes to protect their sensitive business and personal information.

3
Cyber Security Goals
Cyber Security's main objective is to ensure data protection. The security community provides
a triangle of three related principles to protect the data from cyber-attacks. This principle is called
the CIA triad. The CIA model is designed to guide policies for an organization's information
security infrastructure. When any security breaches are found, one or more of these principles has
been violated.
We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is
actually a security model that helps people to think about various parts of IT security. Let us discuss
each part in detail.
Confidentiality
Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves
ensuring the data is accessible by those who are allowed to use it and blocking access to others. It
prevents essential information from reaching the wrong people. Data encryption is an excellent
example of ensuring confidentiality.
Integrity
This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily recover
from such an event. In addition, it indicates to make the source of information genuine.
Availability
This principle makes the information to be available and useful for its authorized people always.
It ensures that these accesses are not hindered by system malfunction or cyber-attacks.

4
Types of Cyber Security Threats
A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal
data, gain access to a network, or disrupts digital life in general. The cyber community defines the
following threats available today:
Malware
Malware is any type of program that is intended to wreak havoc to the computer system and
network. Malware can be described as various types of software which have the capacity to wreak
havoc on a computer system or illegally make use of this information without the consent of the
users. Malware can be categorized in various types, for instance, Botnet, Backdoor, Ransomware,
Rootkits, Virus, Worms, and Trojan Horse, Spyware, Adware, Scareware and Trapdoor. Malware
means malicious software, which is the most common cyber attacking tool. It is used by the
cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the
important types of malware created by the hacker:
Virus: Virus as a malware that has a self-replicating nature. It is constructed to modify or stop
the functioning of a computer. It multiplies by first infecting one program. It is a kind of malware
that can cause serious damage varying from the computer system merely displaying arbitrary errors
in making the system experience a Denial of Service (DoS) attack. What distinguishes a virus from
a Trojan is the ability of a virus to duplicate itself by attaching itself to other valid software and
become a part of them. Viruses are usually propagated through copying of files from one computer
system to another, through websites, or e-mails that contain files that have already been
contaminated with virus. Virus is a malicious piece of code that spreads from one device to another.
It can clean files and spreads throughout a computer system, infecting files, stoles information, or
damage device.

5
Spyware: Is a kind of self-installing malware that execute without the user’s approval. It is
used to gather and track information about the person and the browsing history of a computer
system. It is generally packaged together with software that is made available to users at no cost.
Spyware is also called rootkit because of the packaging with freeware. Spyware is a code that
enables a third party to spy on a host. Spyware has been used for a variety of purposes including
identity theft and theft of personal data, spying on online activities of individuals (e.g. spouses)
and watching users' online activities. It is a type of malware installed on computers that collects
information about users without their knowledge. The presence of spyware is typically hidden
from the user and can be difficult to detect. It is a software that secretly records information about
user activities on their system. For example, spyware could capture credit card details that can be
used by the cybercriminals for unauthorized shopping, money withdrawing, etc.
Rootkits: Are a set of software tools used by hackers to get and sustain continuous administrator-
level access to a computer system so as to camouflage the changing of files, or activities of the
hacker to keep the user in the dark. Rootkits are commonly linked with Trojans, worms, and viruses
that obscure their presence and actions from users and other system processes.
Trojans: Is a program that looks harmless and helpful to users like any other authentic software.
However, after opening the application, this malware distributes some other malicious codes that
corrupt the files and applications installed on the computer, and also steal sensitive information
such as password. Unlike computer viruses and worms, Trojans require interaction with users
to reproduce themselves. This makes Trojans one of the most destructive and hazardous
types of malware because it is mostly discovered after it has affected the computer system.
Trojan horse can be categorised into two main groups: General Trojan and Remote-Access Trojan.
General Trojans: this type of Trojans has a wide range of malicious activities. They can threaten
data integrity of victim machines. They can redirect victim machines to a particular website by
replacing system files that contain URLs. They can install several malicious software on victim
computers. They can even track user activities, save that information and then send it to the
attacker. Remote-Access Trojans: we can claim that they are the most dangerous type of Trojan.
They have the special capability which enables the attacker to remotely control the victim machine
via a LAN or Internet. This type of Trojan can be instructed by the attacker for malicious activities
such as harvesting confidential information from the victim machine.
Ransomware: Is a subcategory of malware which encrypts the files on the victim’s computer
or totally locked you out. It turns your files to unintelligible information and makes them useless
and payment is necessitated prior to the decryption and returning of the ransomed files to the
owner. They usually infect their victims through Trojan. It's a piece of software that encrypts a
user's files and data on a device, rendering them unusable or erasing. Then, a monetary ransom is
demanded by malicious actors for decryption.
Worms: It is a piece of software that spreads copies of itself from device to device without
human interaction. It does not require them to attach themselves to any program to steal or damage
the data. Is a malware that does not attach itself to other software as it does not need a host software
to fasten itself to. This is what differentiates worm from the virus. A worm normally affects its
victim through the area of exposures that it can exploit. It employs various means to propagate,

6
and corrupt other computer systems. Worms have the capacity to wreck the same extent of havoc
a virus will cause to an infected computer system. Worms are not parasitic in behaviour like the
viruses. They are independent programs that can cause harm on their own. These worms may or
may not have a payload but both types can be pretty harmful. Worms without payloads do not
affect the system that it infects. Whereas the worms with payload will do harm to the infected
system as well. In some cases, the payload acts as a backdoor instead of making changes to the
system. A worm could have a very harmful effect on systems in the network, such as could
consume too much system memory or system processor (CPU) and cause many applications to
stop responding
Adware: It is an advertising software used to spread malware and displays advertisements on
our device. It is an unwanted program that is installed without the user's permission. Is a malware
whose only purpose is to show advertisements to the user. They are regarded as one of the least
threatening categories of malware. Their intention is to display on the affected computer
commercials which the user is likely to be attracted to, it records data from the computer such as
browser and search engines histories. Adware is sometimes classified as spyware subject to the
seriousness of the recording. Adware, or advertising-supported software, is any software package
which automatically plays, displays, or downloads advertisements to a computer. These
advertisements can be in the form of a pop-up. The object of the Adware is to generate revenue
for its writer. Adware, by itself, is harmless; however, some adware may come with integrated
spyware such as keyloggers and other privacy-invasive software. The main objective of this
program is to generate revenue for its developer by showing the ads on their browser. Adware is
usually seen by the developer as a way to recover development costs, and in some cases, it may
allow the software to be offered to the user free of charge or at a reduced price.
Botnets: Also known as a web robot or botnet are application software that runs automated tasks
over the internet. They belong to a category of malware that allows its principal to gain access to
the infected computer system. Bots can propagate through backdoors made available by a virus or
worm on the victim computer. Bots are known for employing an application layer protocol that
enables communication in the form of text with its principal. It is a collection of internet-connected
malware-infected devices that allow cybercriminals to control them. It enables cybercriminals to
get credentials leaks, unauthorized access, and data theft without the user's permission.
Backdoor: Is a class of malware that offers a supplementary stealthy “entrance” to the system
for attackers. The backdoor itself does not directly harm the system but it opens the door for
attackers to wreak havoc. Due to this characteristic, backdoors are in no way used individually.
Ordinarily, a backdoor is antecedent malware attack or other forms of attacks.
Keylogger: Also known as keystroke logging is a type of surveillance malware that once the
computer is infested with it has the ability to record every keystroke make on that system. The
recording is saved in a log file which is normally encrypted and sent to a specific receiver. Such
information can include passwords, Bank Verification Number, ATM card numbers, and other
confidential information

7
Phishing
Phishing is a type of cybercrime in which a sender seems to come from a genuine organization
like PayPal, eBay, financial institutions, or friends and co-workers. They contact a target or targets
via email, phone, or text message with a link to persuade them to click on that links. This link will
redirect them to fraudulent websites to provide sensitive data such as personal information,
banking and credit card information, social security numbers, usernames, and passwords. Clicking
on the link will also install malware on the target devices that allow hackers to control devices
remotely.
Man-in-the-middle (MITM) attack
A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a
cybercriminal intercepts a conversation or data transfer between two individuals. Once the
cybercriminal places themselves in the middle of a two-party communication, they seem like
genuine participants and can get sensitive information and return different responses. The main
objective of this type of attack is to gain access to our business or customer data. For example, a
cybercriminal could intercept data passing between the target device and the network on an
unprotected Wi-Fi network.
Distributed denial of service (DDoS)
It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers,
services, or network's regular traffic by fulfilling legitimate requests to the target or its surrounding
infrastructure with Internet traffic. Here the requests come from several IP addresses that can make
the system unusable, overload their servers, slowing down significantly or temporarily taking them
offline, or preventing an organization from carrying out its vital functions.
Brute Force
A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all
possible combinations until the correct information is discovered. Cybercriminals usually use this
attack to obtain personal information about targeted passwords, login info, encryption keys, and
Personal Identification Numbers (PINS).
SQL Injection (SQLI)
SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for
backend database manipulation to access sensitive information. Once the attack is successful, the
malicious actor can view, change, or delete sensitive company data, user lists, or private customer
details stored in the SQL database.
Domain Name System (DNS) attack
A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the
Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data
from affected computers. It is a severe cybersecurity risk because the DNS system is an essential
element of the internet infrastructure.

8
Latest cyber threats
The following are the latest cyber threats reported by the U.K., U.S., and Australian governments:
Romance Scams
The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat
through dating sites, chat rooms, and apps. They attack people who are seeking a new partner and
duping them into giving away personal data.
Dridex Malware
It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the
public, government, infrastructure, and business worldwide. It infects computers through phishing
emails or existing malware to steal sensitive information such as passwords, banking details, and
personal data for fraudulent transactions. The National Cyber Security Centre of the United
Kingdom encourages people to make sure their devices are patched, anti-virus is turned on and up
to date, and files are backed up to protect sensitive data against this attack.
Emotet Malware
Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our
device. The Australian Cyber Security Centre warned national organizations about this global
cyber threat in 2019.
The following are the system that can be affected by security breaches and attacks:
 Communication: Cyber attackers can use phone calls, emails, text messages, and
messaging apps for cyberattacks.
 Finance: This system deals with the risk of financial information like bank and credit card
detail. This information is naturally a primary target for cyber attackers.
 Governments: The cybercriminal generally targets the government institutions to get
confidential public data or private citizen information.
 Transportation: In this system, cybercriminals generally target connected cars, traffic
control systems, and smart road infrastructure.
 Healthcare: A cybercriminal targets the healthcare system to get the information stored at
a local clinic to critical care systems at a national hospital.
 Education: A cybercriminals target educational institutions to get their confidential
research data and information of students and employees.
Benefits of cybersecurity
The following are the benefits of implementing and maintaining cybersecurity:
 Cyber-attacks and data breach protection for businesses.

9
 Data and network security are both protected.
 Unauthorized user access is avoided.
 After a breach, there is a faster recovery time.
 End-user and endpoint device protection.
 Regulatory adherence.
 Continuity of operations.
 Developers, partners, consumers, stakeholders, and workers have more faith in the
company's reputation and trust.
Cyber Safety Tips
Let us see how to protect ourselves when any cyber-attacks happen. The following are the popular
cyber safety tips:
Conduct cybersecurity training and awareness: Every organization must train their staffs on
cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be
successful. If the staff does unintentional or intentional malicious activities, it may fail the best
technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct
security training and awareness for staff through seminars, classes, and online courses that reduce
security violations.
Update software and operating system: The most popular safety measure is to update the
software and O.S. to get the benefit of the latest security patches.
Use anti-virus software: It is also useful to use the anti-virus software that will detect and removes
unwanted threats from your device. This software is always updated to get the best level of
protection.
Perform periodic security reviews: Every organization ensures periodic security inspections of
all software and networks to identify security risks early in a secure environment. Some popular
examples of security reviews are application and network penetration testing, source code reviews,
architecture design reviews, and red team assessments. In addition, organizations should prioritize
and mitigate security vulnerabilities as quickly as possible after they are discovered.
Use strong passwords: It is recommended to always use long and various combinations of
characters and symbols in the password. It makes the passwords are not easily guessable.
Do not open email attachments from unknown senders: The cyber expert always advises not
to open or click the email attachment getting from unverified senders or unfamiliar websites
because it could be infected with malware.
Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use
insecure networks because they can leave you vulnerable to man-in-the-middle attacks.

10
Backup data: Every organization must periodically take backup of their data to ensure all
sensitive data is not lost or recovered after a security breach. In addition, backups can help maintain
data integrity in cyber-attack such as SQL injections, phishing, and ransomware.
Cyber Security Goals
The objective of Cybersecurity is to protect information from being stolen, compromised or
attacked. Cybersecurity can be measured by at least one of three goals-
1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs. The CIA triad is a security model that is designed to guide policies for information
security within the premises of an organization or company. This model is also referred to as the
AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central
Intelligence Agency. The elements of the triad are considered the three most crucial components
of security.
The CIA criteria are one that most of the organizations and companies use when they have installed
a new application, creates a database or when guaranteeing access to some data. For data to be
completely secure, all of these security goals must come into effect. These are security policies
that all work together, and therefore it can be wrong to overlook one policy.
The CIA triad are-

11
1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of
information. It involves the protection of data, providing access for those who are allowed to see
it while disallowing others from learning anything about its content. It prevents essential
information from reaching the wrong people while making sure that the right people can get it.
Data encryption is a good example to ensure confidentiality.
Tools for Confidentiality

12
Encryption
Encryption is a method of transforming information to make it unreadable for unauthorized users
by using an algorithm. The transformation of data uses a secret key (an encryption key) so that the
transformed data can only be read by using another secret key (decryption key). It protects sensitive
data such as credit card numbers by encoding and transforming data into unreadable cipher text.
This encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-key are the
two primary types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to physical or virtual
resources. It is a process by which users are granted access and certain privileges to systems,
resources or information. In access control systems, users need to present credentials before they
can be granted access such as a person's name or a computer's serial number. In physical systems,
these credentials may come in many forms, but credentials that can't be transferred provide the
most security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that someone has.
It can be done in a number of different ways, but it is usually based on a combination of-
 something the person has (like a smart card or a radio key for storing secret keys),
 something the person knows (like a password),
 something the person is (like a human with a fingerprint).
Authentication is the necessity of every organizations because it enables organizations to keep
their networks secure by permitting only authenticated users to access its protected resources.
These resources may include computer systems, networks, databases, websites and other network-
based applications or services.
Authorization
Authorization is a security mechanism which gives permission to do or have something. It is used
to determine a person or system is allowed access to resources, based on an access control policy,
including computer programs, files, services, data and application features. It is normally preceded
by authentication for user identity verification. System administrators are typically assigned
permission levels covering all system and user resources. During authorization, a system verifies
an authenticated user's access rules and either grants or refuses resource access.
Physical Security
Physical security describes measures designed to deny the unauthorized access of IT assets like
facilities, equipment, personnel, resources and other properties from damage. It protects these
assets from physical threats including theft, vandalism, fire and natural disasters.

13
2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from
unauthorized user modification. It is the property that information has not be altered in an
unauthorized way, and that source of the information is genuine.
Tools for Integrity
Backups
Backup is the periodic archiving of data. It is a process of making copies of data or data files to
use in the event when the original data or data files are lost or destroyed. It is also used to make
copies for historical purposes, such as for longitudinal studies, statistics or for historical records
or to meet the requirements of a data retention policy. Many applications especially in a Windows
environment, produce backup files using the .BAK file extension.
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other
words, it is the computation of a function that maps the contents of a file to a numerical value.
They are typically used to compare two sets of data to make sure that they are the same. A
checksum function depends on the entire contents of a file. It is designed in a way that even a small
change to the input file (such as flipping a single bit) likely to results in different output value.
Data Correcting Codes
It is a method for storing data in such a way that small changes can be easily detected and
automatically corrected.

14
3. Availability
Availability is the property in which information is accessible and modifiable in a timely fashion
by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive data
by authorized people.
Tools for Availability
 Physical Protections
 Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical challenges.
It ensure sensitive information and critical information technology are housed in secure areas.
Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and storage devices
that serve as fallbacks in the case of failures.
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter
computer code, logic or data and lead to cybercrimes, such as information and identity theft.
We are living in a digital era. Now a day, most of the people use computer and internet. Due to the
dependency on digital things, the illegal computer activity is growing and changing like any type
of crime.
Cyber-attacks can be classified into the following categories:
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows-
1. Injection attacks

15
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period
of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies
to store the state and user sessions. By stealing the cookies, an attacker can have access to all of
the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login credentials
and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in
electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification
number. This attack may be used by criminals to crack encrypted data, or by security, analysts to
test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a crash.
It uses the single system and single internet connection to attack a server. It can be classified into
the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured
in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get original
password.

16
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of the
include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and server
and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify
the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network. Some
of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting
copies of itself into other computer programs when executed. It can also execute instructions that
cause harm to the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity,
even when the computer should be idle. It misleads the user of its true intent. It appears to be a
normal application but when opened/executed some malicious code will run in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor
so that an application or operating system can be accessed for troubleshooting or other purposes.
5. Bots

17
A bot (short for "robot") is an automated process that interacts with other network services. Some
bots program run automatically, while others only execute commands when they receive specific
input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.
Types of Cyber Attackers
In computer and computer networks, an attacker is the individual or organization who performs
the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or
make unauthorized use of an asset.
As the Internet access becomes more pervasive across the world, and each of us spends more time
on the web, there is also an attacker grows as well. Attackers use every tools and techniques they
would try and attack us to get unauthorized access.
There are four types of attackers which are described below-
Cyber Criminals
Cybercriminals are individual or group of people who use technology to commit cybercrime with
the intention of stealing sensitive company information or personal data and generating profits. In
today's, they are the most prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to do cybercrimes-
 Select computer as their target- In this, they attack other people's computers to do
cybercrime, such as spreading viruses, data theft, identity theft, etc.
 Uses the computer as their weapon- In this, they use the computer to do conventional
crime such as spam, fraud, illegal gambling, etc.
 Uses the computer as their accessory- In this, they use the computer to steal data illegally.

18
Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a
political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief security
officer for Security Mentor, a national security training firm that works with states said
"Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They are individuals or
groups of hackers who work together and see themselves as fighting injustice.
State-sponsored Attacker
State-sponsored attackers have particular objectives aligned with either the political, commercial
or military interests of their country of origin. These type of attackers are not in a hurry. The
government organizations have highly skilled hackers and specialize in detecting vulnerabilities
and exploiting these before the holes are patched. It is very challenging to defeat these attackers
due to the vast resources at their disposal.
Insider Threats
The insider threat is a threat to an organization's security or data that comes from within. These
type of threats are usually occurred from employees or former employees, but may also arise from
third parties, including contractors, temporary workers, employees or customers.
Insider threats can be categorized below-
Malicious: Malicious threats are attempts by an insider to access and potentially harm an
organization's data, systems or IT infrastructure. These insider threats are often attributed to
dissatisfied employees or ex-employees who believe that the organization was doing something
wrong with them in some way, and they feel justified in seeking revenge. Insiders may also become
threats when they are disguised by malicious outsiders, either through financial incentives or
extortion.
Accidental: Accidental threats are threats which are accidently done by insider employees. In this
type of threats, an employee might accidentally delete an important file or inadvertently share
confidential data with a business partner going beyond company’s policy or legal requirements.
Negligent: These are the threats in which employees try to avoid the policies of an organization
put in place to protect endpoints and valuable data. For example, if the organization have strict
policies for external file sharing, employees might try to share work on public cloud applications
so that they can work at home. There is nothing wrong with these acts, but they can open up to
dangerous threats nonetheless.
Cyber Security Principles
The UK internet industry and Government recognized the need to develop a series of Guiding
Principles for improving the online security of the ISPs' customers and limit the rise in cyber-
attacks. Cybersecurity for these purposes encompasses the protection of essential information,

19
processes, and systems, connected or stored online, with a broad view across the people, technical,
and physical domains.
These Principles recognize that the ISPs (and other service providers), internet users, and UK
Government all have a role in minimizing and mitigating the cyber threats inherent in using the
internet.
These Guiding Principles have been developed to respond to this challenge by providing a
consistent approach to help, inform, educate, and protect ISPs' (Internet Service Provider's)
customers from online crimes. These Guiding Principles are aspirational, developed and delivered
as a partnership between Government and ISPs. They recognize that ISPs have different sets of
customers, offer different levels of support and services to protect those customers from cyber
threats.
Some of the essential cybersecurity principles are described below-
1. Economy of mechanism
This principle states that Security mechanisms should be as simple and small as possible. The
Economy of mechanism principle simplifies the design and implementation of security
mechanisms. If the design and implementation are simple and small, fewer possibilities exist for
errors. The checking and testing process is less complicated so that fewer components need to be
tested.
Interfaces between security modules are the suspect area which should be as simple as possible.
Because Interface modules often make implicit assumptions about input or output parameters or
the current system state. If the any of these assumptions are wrong, the module's actions may
produce unexpected results. Simple security framework facilitates its understanding by developers
and users and enables the efficient development and verification of enforcement methods for it.
2. Fail-safe defaults
The Fail-safe defaults principle states that the default configuration of a system should have a
conservative protection scheme. This principle also restricts how privileges are initialized when a
subject or object is created. Whenever access, privileges/rights, or some security-related attribute
is not explicitly granted, it should not be grant access to that object.
Example: If we will add a new user to an operating system, the default group of the user should
have fewer access rights to files and services.
3. Least Privilege
This principle states that a user should only have those privileges that need to complete his task.
Its primary function is to control the assignment of rights granted to the user, not the identity of
the user. This means that if the boss demands root access to a UNIX system that you administer,
he/she should not be given that right unless he/she has a task that requires such level of access. If
possible, the elevated rights of a user identity should be removed as soon as those rights are no
longer needed.

20
4. Open Design
This principle states that the security of a mechanism should not depend on the secrecy of its design
or implementation. It suggests that complexity does not add security. This principle is the opposite
of the approach known as "security through obscurity." This principle not only applies to
information such as passwords or cryptographic systems but also to other computer security related
operations.
Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a
cryptographic algorithm that protects the DVD movie disks from unauthorized copying.
5. Complete mediation
The principle of complete mediation restricts the caching of information, which often leads to
simpler implementations of mechanisms. The idea of this principle is that access to every object
must be checked for compliance with a protection scheme to ensure that they are allowed. As a
consequence, there should be wary of performance improvement techniques which save the details
of previous authorization checks, since the permissions can change over time.
Whenever someone tries to access an object, the system should authenticate the access rights
associated with that subject. The subject's access rights are verified once at the initial access, and
for subsequent accesses, the system assumes that the same access rights should be accepted for
that subject and object. The operating system should mediate all and every access to an object.
Example: An online banking website should require users to sign-in again after a certain period
like we can say, twenty minutes has elapsed.
6. Separation of Privilege
This principle states that a system should grant access permission based on more than one
condition being satisfied. This principle may also be restrictive because it limits access to system
entities. Thus before privilege is granted more than two verification should be performed.
Example: To su (change) to root, two conditions must be met-
 The user must know the root password.
 The user must be in the right group (wheel).
7. Least Common Mechanism
This principle states that in systems with multiple users, the mechanisms allowing resources shared
by more than one user should be minimized as much as possible. This principle may also be
restrictive because it limits the sharing of resources.
Example: If there is a need to be accessed a file or application by more than one user, then these
users should use separate channels to access these resources, which helps to prevent from
unforeseen consequences that could cause security problems.
8. Psychological acceptability

21
This principle states that a security mechanism should not make the resource more complicated to
access if the security mechanisms were not present. The psychological acceptability principle
recognizes the human element in computer security. If security-related software or computer
systems are too complicated to configure, maintain, or operate, the user will not employ the
necessary security mechanisms. For example, if a password is matched during a password change
process, the password changing program should state why it was denied rather than giving a cryptic
error message. At the same time, applications should not impart unnecessary information that may
lead to a compromise in security.
Example: When we enter a wrong password, the system should only tell us that the user id or
password was incorrect. It should not tell us that only the password was wrong as this gives the
attacker information.
9. Work Factor
This principle states that the cost of circumventing a security mechanism should be compared with
the resources of a potential attacker when designing a security scheme. In some cases, the cost of
circumventing ("known as work factor") can be easily calculated. In other words, the work factor
is a common cryptographic measure which is used to determine the strength of a given cipher. It
does not map directly to cybersecurity, but the overall concept does apply.
Example: Suppose the number of experiments needed to try all possible four character passwords
is 244
= 331776. If the potential attacker must try each experimental password at a terminal, one
might consider a four-character password to be satisfactory. On the other hand, if the potential
attacker could use an astronomical computer capable of trying a million passwords per second, a
four-letter password would be a minor barrier for a potential intruder.
10. Compromise Recording
The Compromise Recording principle states that sometimes it is more desirable to record the
details of intrusion that to adopt a more sophisticated measure to prevent it.
Example: The servers in an office network may keep logs for all accesses to files, all emails sent
and received, and all browsing sessions on the web. Another example is that Internet-connected
surveillance cameras are a typical example of a compromise recording system that can be placed
to protect a building.

Introduction to cyber security i

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Introduction to cyber security i

Ähnlich wie Introduction to cyber security i (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Introduction to cyber security i