Information

Security Fundamentals

Sibi Chakkaravarthy Sethuraman

Associate Professor
School of Computer Science and Engineering
VIT-AP
Module 1: Information Security Fundamentals

Definitions & challenges of security, Attacks & services, Security policies,

Security Controls, Access control structures, Cryptography, Deception,
Ethical Hacking, Firewalls, Identify and Access Management (IdAM).
Recent Hot Talks
• Windows 11
• Pegasus
• Ransomware attacks on the enterprises (Targeting healthcare sector)
• Cryptocurrency stealers
• Consent phishing
• Spoof emails
• Data Breaches and Exposures (Dominos India & Mobikwik Data
breach)
News Bytes – 16.7.2020
Knowledge level: Foundation & background
• Network infrastructure knowledge
• Diverse device configuration ability
• Security configuration knowledge
• Understanding security policy
• Data & Traffic Analysis
• Identifying Security Events –> How & when to alarm
• Incident Response
• Data management & teamwork
• Diverse set of skills are needed
System Security
• Windows is the mother of all user friendly Operating System.
• What are naïve security services provided by Windows OS ?
• Can you list out some few security tools/services.?
How many layers are there in OSI model?
What is the What is the permanent and
temporary address of any networked (intra/inter)
device
(intra/inter) device
Why you need MAC?
How to get MAC?
Is it possible to change MAC?
OSI layer

Note: PPTP is layer 2 protocol, nbtstat –n, nbtstat –S, nbtstat –s

Interoperability in OSI model
TCP/IP (or internet) stack
Data flow in OSI layers
Data format in OSI layer
Optimal Network Design - Benchmarked
• Top-down approach
• Bottom up approach
Top-down design approach
Hierarchical network
Bridged network
• It creates a single aggregate network from multiple
communication networks or network segments.
Routed network
• A routed network is usually only used when a Bridged network is
unavailable

VTOP

AB1 Central AB2

Segmented network
• Segmentation improves security and performance by dividing a
computer network into smaller parts to better control how traffic
flows across the network

DC
VTOP
NAT

AB1 Central AB2

Flat network
• A flat network is a computer network design approach that aims to
reduce cost, maintenance and administration.
• Flat networks are designed to reduce the number of routers and
switches on a computer network by connecting the devices to a
single switch instead of separate switches.
IP, Ports & Sockets
Sockets
Where sockets live in OSI model?
Where sockets live in OSI model?
 DHCP

• Dynamically assigns an IP
address and other network
configuration parameters to
each device on a network
DNS
DNS

Godaddy – sibi.com
DNS
• How to Find the A Record (IP Address) of a Domain or Server
• How to Find the NS Records for a Domain
• How to Find the MX Records (Email Servers) for a Domain
• How to Perform a Reverse DNS Lookup
• How to Find the SOA Record of a Domain
• How to Find an Authoritative Response

• Reference: https://simpledns.plus/help/dns-record-types
Cyber crimes vs Cyber-attacks
• Cybercrime is a criminal activity done using computers and the
Internet.

• Cyber attack (or cyberattack) is a malicious attempt to expose, alter,

disable, destroy, steal or gain unauthorized access to a computer
system, infrastructure, network, or any other smart device
Most common cyber attacks
• Denial-of-service (DoS) and distributed denial-of-service
(DDoS) attacks.
• Eavesdropping attack.
• Malware attack.
• Drive-by download attack.
• Man-in-the-middle (MitM) attack.
• Phishing and spear phishing attacks.
• Cross-site scripting (XSS) attack.
• Password attack.
Denial-of-Service (DoS) and Distributed Denial-of-Service
(DDoS) attacks
DDoS Types
Volumetric DDoS – Botnet based
Volumetric DDoS – Amplification/Reflection
based
 Src: 141.10.2.10
Dst: 20.10.201.13

A request B
172.18.12.101 20.10.201.13
reply
Src: 20.10.201.13
Dst: 172.18.12.101

Victim computer
141.10.2.10

Src: 20.10.201.13
Dst: 141.10.2.10
Volumetric DDoS – Amplification/Reflection
based
Volumetric DDoS - NTP Amplification/Reflection
Protocol based – SYN flood
Application layer DDoS - Http flood
Application layer DDoS - Slowloris
Tools for DDoS
• LOIC (Low Orbit Ion Canon)
• HULK (HTTP Unbearable Load King)
• R-U-Dead-Yet
• DDOSIM—Layer 7 DDOS Simulator.
• Tor's Hammer
• PyLoris
Tool for eavesdropping
• Wireshark
• Tcpdump – command line tool
Malware attack

• Locky
• Crypto
Drive by download attack
Phishing
Spear Phishing

UPX demo
How long it will take you to crack your password
Password attack
• Brute Force
• Dictionary
• Hybrid (Combination of both)
Man-in-the-middle (MitM) attack
Tools for MITM
• Bettercap
• Ettercap
• Wifiphisher
OWASP attack - XSS
XSS payload
• https://github.com/pgaijin66/XSS-
Payloads/blob/master/payload/payload.txt
OWASP attack – SQL Injection
Tools for SQL injection attack
• DSSS
• Sqlmap
Vulnerability Types
• Software Bugs • URL redirection to untrusted sites
• Weak passwords • Path traversal
• Software that is already infected • Missing authentication for critical
with virus function
• Missing data encryption • Unrestricted upload of dangerous file
• OS command injection types
• SQL injection • Dependence on untrusted inputs in a
security decision
• Buffer overflow
• Cross-site scripting and forgery
• Missing authorization
• Download of codes without integrity
• Use of broken algorithms checks
Adversary Types
• Hackers
• Vandals
• Cyber vandals operate by defacing a website (such as Wikipedia), creating
malware that damages electronic files or elements that interrupt its normal
utilization, or removing a disk drive to disable a computer system.
• Criminals
• Hacktivists (groups of criminals who unite to carry out cyber attacks in support
of political causes)
• Nation state actors
Attacks vs. Intrusion
• A cyber attack can maliciously disable computers, steal data, or use a
breached computer as a launch point for other attacks.

• The successful cyber attack is an Intrusion

Threat Types
Attack model – Intrusion Kill Chain
Pentesting
• A penetration test is an attack on a computer system, network or
Web application to find vulnerabilities that an attacker could
exploit with the intention of finding security weaknesses,
potentially gaining access to it, its functionality and data.
• Pentests can be automated with software applications or they can
be performed manually.
What Does a Malicious Hacker Do
Perspective of Adversary

Web-based Broad Service DDOS Use Stolen

Information Network vulnerability Code Accounts
Collection Mapping Exploitation Installation For Attack

Social Targeted Password System File Log File

Engineering Scan Cracking Deletion Changes

Reconnaissance Scanning System Access Damage Clear Tracks

Preventive Phase Penetration Testing Report

(Defense) (Recommendation for Security)

Proactive Security Reactive Security

(Real Time) (Incident Response)
What types of information would a hacker look for?
• Domain names, IP address blocks, and individual IP addresses
• Types of services (DNS, Mail, Web, etc)
• Active hosts
• Open ports on active hosts (NMAP, AMAP)
• Type of OS, CPU,
• Information about firewalls, intrusion detection systems
• Physical location of devices such as access points
• Information on system administration personnel (names, addresses, phone
numbers, etc.)
Attack Types
• The ways an hacker used to gain access to a system can be classified
as:
• OS attacks
• Application-level attacks
• Code level attacks
• Misconfiguration attacks
When to pentest?
• Weakest/Strongest moment
• Normal operational state
• Periodically, random date within limits
• Before/After specific projects
Pentesting goal
• Information gathering
• Reconnaissance
• Discovery
• Port scanning
• Vulnerability scanning
• Vulnerability analysis
• Taking control
• Exploitation
• Brute forcing
• Social engineering
• Pivoting
• Reporting
• Evidence collection
• Risk analysis
• Remediation
 Security Architecture

• Security Infrastructure (PKI/FWs/IDSes)

• Network security
• Host security
• Workstation security
• Application security
• Physical security
• Human security
Security principles in Information System Security
Security principles in Information System Security

• Confidentiality
• Integrity
• Authenticity
• Availability
What are the different types of attacks which
affects security principles
Security Controls - Types
Physical controls : Fences, gates, guards, security badges and access cards,
biometric access controls, security lighting, CCTVs, surveillance cameras,
motion sensors, fire suppression, as well as environmental controls like
HVAC and humidity controls.

Technical controls : Authentication solutions, firewalls, antivirus software,

intrusion detection systems (IDSs), intrusion protection systems (IPSs),
constrained interfaces, as well as access control lists (ACLs) and encryption
measures.

Administrative controls: Policies, procedures, or guidelines that define

personnel or business practices in accordance with the organization's
security goals.
Security Controls - Definition
• Preventive controls attempt to prevent an incident from occurring.
• Detective controls attempt to detect incidents after they have
occurred.
• Corrective controls attempt to reverse the impact of an incident.
• Deterrent controls attempt to discourage individuals from causing an
incident.
Security Controls
Firewalls and Access Controls
Access Controls
• Discretionary access control
A discretionary access control (DAC) policy is assigning access rights based on rules
specified by users.
• Mandatory access control
• Mandatory Access Control (MAC) is where access to system resources is controlled by
the operating system (under the control of a system administrator)
• Role based access control
• Role-based access control (RBAC) is a method of restricting access based on
the roles of individual users within an enterprise.
• RBAC lets employees have access rights only to the information they need to do their
jobs
• RBAC prevents them from accessing information that doesn't pertain to them.
Firewall
Firewall Design Principle
• Firewall is a security barrier between two networks that screens traffic
coming in and out of the gate of one network to accept or reject
connections and services according to a set of rules.
• For a firewall to be effective, the design of the firewalls should be
efficient.
Firewall Types
• A packet filter (Packet) is a firewall that operates at the network layer.
• A stateful packet filter (Protocol) is a firewall that lives at the
transport layer.
• An application proxy (Application) is a firewall that operates at the
application layer where it functions as a proxy.
Firewall – Fortigate 2000E
• Demo video
Deception - Honeypot

• A Honeypot works by being an

intentionally vulnerable hole in security.
• A honeypot can be an effective tool for
securing your personal/Enterprises
network by diverting hackers' attention
away from your sensitive data.
• Implementation of this tool needs
additional care and provides an effective
layer of defense to the network
Honeypot deployment
Identity and Access Management (IdAM).
Role of a security analyst in information technology
üProtect information and information systems from unauthorized access; use;
disclosure; disruption; modification; perusal; inspection; recording or
destruction.
üPerform investigations to determine whether or not data has been
compromised, the extent of it and related vulnerabilities.
üEnsure the confidentiality, integrity and availability of data to the 'right' users
within/ outside of the organization.
üRisk assessment (identifying risks or issues an organization may face).
üVulnerability assessment (to determine an organization’s weaknesses to
threats).
üDefense planning (designing the protection architecture and installing
security systems such as firewalls and data encryption programs).