ISN 6010

Information Systems Security

Overview on Information Systems Security

Engr. Daniel Moune

moune.daniel@ictuniversity.edu.cm

ICT University, Cameroon Campus, Yaounde

P.O. Box 526, 1 Avenue Dispensaire Messassi, Zoatoupsi
Imparting ICTs in all academic disciplines

July 17, 2023

Engr. Daniel Moune (ICT-U) ISN 6010 1 / 29

 Outline

1 Fundamentals of systems security

2 Authentication, Authorization, Accounting

3 Different types of Security threats

4 Basic security controls and threats mitigation

5 Different types of security Actors

6 Threats hunting, threats feeds and advisories

Engr. Daniel Moune (ICT-U) ISN 6010 2 / 29

 Fundamentals of systems security

Engr. Daniel Moune (ICT-U) ISN 6010 3 / 29

 What is System Security?

1 System security refers to the measures

put in place to protect computer systems
and networks from unauthorized access,
use, disclosure, disruption, modification,
or destruction. These measures include
software, hardware, and procedural
controls that help ensure the
confidentiality, integrity, and availability
of information.
2 System security is important for both
businesses and individuals because it
helps to prevent data breaches, identity
theft, financial fraud, and other
cybercrimes. In today’s digital age,
where more and more sensitive
information is being stored and
transmitted electronically, it is essential
to have strong system security measures
in place to protect against these threats.

Engr. Daniel Moune (ICT-U) ISN 6010 4 / 29

 Systems Security Concepts (1)

1 Confidentiality: Confidentiality refers to

the protection of sensitive information
from unauthorized disclosure. This
involves ensuring that only authorized
users have access to the information,
and that it is not leaked or disclosed to
unauthorized parties.
2 Integrity: Integrity refers to the
protection of information from
unauthorized modification or alteration.
This involves ensuring that information
remains accurate, complete, and
uncorrupted, and that it has not been
tampered with or altered in any way.
3 Availability: Availability refers to the
ability of information and systems to be
accessed and used when needed. This
involves ensuring that systems are
operational and accessible, and that
users can access information and
resources as required.

Engr. Daniel Moune (ICT-U) ISN 6010 5 / 29

 Systems Security Concepts (2)
Non-repudiation: Non-repudiation refers to the
ability to verify that a given action or transac-
tion has been performed by a specific user or
entity, and that the user cannot deny having
performed the action.
Engr. Daniel Moune (ICT-U)
Access control: Access control refers to the mecha-
nisms used to restrict access to systems and resources.
This involves implementing authentication and autho-
rization mechanisms to ensure that only authorized
users can access sensitive information and systems.
ISN 6010 6 / 29
 Systems Security Concepts (3)
Auditing: Auditing refers to the process of mon-
itoring and recording system activity to detect
and respond to security threats. This involves
tracking user activity, system events, and other
security-related information to identify poten-
tial security breaches or anomalies.
Engr. Daniel Moune (ICT-U)
Risk management: Risk management refers to the pro-
cess of identifying, assessing, and mitigating security
risks. This involves analyzing potential threats and vul-
nerabilities, and implementing strategies to reduce the
likelihood and impact of security incidents.
ISN 6010 7 / 29
 Systems Security Concepts (4)

Encryption: Encryption refers to the process of encoding information in a way that makes it un-
readable without a key or password. This is often used to protect sensitive information, such as
passwords, credit card numbers, and other personal data.

Engr. Daniel Moune (ICT-U) ISN 6010 8 / 29

 Authentication, Authorization,
Accounting

Engr. Daniel Moune (ICT-U) ISN 6010 9 / 29

 Authentication?

Authentication: is the process of verifying the identity of a user or device attempting to access a
system or resource. Authentication is a critical component of information security, as it ensures
that only authorized users are able to access sensitive information and systems.

Engr. Daniel Moune (ICT-U) ISN 6010 10 / 29

 Authentication methods (1)
Passwords: Passwords are the most common
form of authentication. Users are required to
enter a username and password to access a sys-
tem or resource. Passwords should be strong,
unique, and not easily guessable.
Engr. Daniel Moune (ICT-U)
Biometric authentication: Biometric authentication
uses physical characteristics, such as fingerprints, facial
recognition, or iris scans, to identify and authenticate
individuals. Biometric authentication is often more se-
cure than password authentication, as it is more diffi-
cult to forge or steal physical characteristics.
ISN 6010 11 / 29
 Authentication methods (2)
Tokens: Tokens are physical devices, such as
smart cards or USB tokens, that store authen-
tication credentials. Users insert the token into
a reader or connect the token to a device to
authenticate their identity.
Engr. Daniel Moune (ICT-U)
Multi-factor authentication: Multi-factor authentica-
tion requires users to provide two or more forms of
authentication, such as a password and a fingerprint,
to access a system or resource. Multi-factor authenti-
cation is more secure than single-factor authentication,
as it adds an additional layer of security.
ISN 6010 12 / 29
 Authentication methods (3)
Single sign-on: Single sign-on (SSO) allows
users to authenticate once and access multi-
ple systems or resources without having to re-
authenticate for each one. SSO can improve
security by reducing the number of passwords
that users must remember and reducing the risk
of password reuse.
Engr. Daniel Moune (ICT-U)
Federated identity: Federated identity allows users to
authenticate using their credentials from a trusted
third-party identity provider. This can simplify au-
thentication for users and reduce the risk of password-
related security incidents.
ISN 6010 13 / 29
 Different types of Security threats

Engr. Daniel Moune (ICT-U) ISN 6010 14 / 29

 Types of security threats(1)
Malware: Malware refers to any type of
malicious software designed to damage,
disrupt, or gain unauthorized access to a
system or network. Malware can take many
forms, including viruses, trojans, worms, and
ransomware.
A virus is a type of malicious software
(malware) that can infect a computer or
other device and replicate itself by attaching
to other files or programs on the system.
When a virus infects a system, it can cause
a range of problems, including slowing down
or crashing the system, stealing personal
and financial information, and spreading to
other devices connected to the network.
A worm is a type of malicious software
(malware) that can replicate itself and
spread across computer networks without
human intervention. Unlike viruses, worms
do not need to attach themselves to other
files or programs to spread; they can simply
copy themselves and spread to other devices
or systems connected to the same network.
Engr. Daniel Moune (ICT-U)
A man-in-the-middle (MitM) attack is a type of cyber
attack in which an attacker intercepts communication
between two parties and alters or manipulates the
communication in some way, often to steal sensitive
information or gain unauthorized access to a system or
network.
WiFi eavesdropping, also known as "wireless eaves-
dropping" or "WiFi snooping," is a type of cyber
attack in which an attacker uses a tool such as
a wireless packet sniffer to capture and analyze
wireless network traffic in order to steal sensitive
information. This type of attack is possible because
wireless networks use radio waves to transmit data, which
can be intercepted by anyone within range of the network.
DNS spoofing, also known as DNS cache poisoning or
DNS hijacking, is a type of cyber attack in which an
attacker intercepts and alters Domain Name System
(DNS) traffic to redirect users to fake websites that look
legitimate but are actually used to steal login credentials
or other sensitive information. For example, an attacker
could set up a fake login page for a popular website and
direct users to the fake page instead of the real one.
ISN 6010 15 / 29
 Types of security threats(2)

Social engineering is a type of cyber attack A Denial of Service (DoS) attack is a type of cyber attack
in which attackers use psychological ma- in which an attacker attempts to disrupt or overload a
nipulation and deception to trick users into computer system or network with a flood of traffic or
divulging sensitive information, performing requests, rendering the system or network inaccessible to
an action, or providing access to a system legitimate users. The goal of a DoS attack is to prevent
or network. Social engineering attacks rely users from accessing a resource or service.
on exploiting human vulnerabilities, such as
trust, fear, or curiosity, rather than technical
vulnerabilities in systems or networks.
Phishing: Phishing is a type of social
engineering attack in which attackers send Flood attacks: The attacker floods the target system
fraudulent emails or messages that appear or network with traffic or requests, overwhelming
to come from a trusted source, such as a the system’s resources and causing it to become
bank or a government agency, in an attempt unresponsive. There are several types of flooding
to trick users into revealing sensitive attacks: HTTP flood, SYN flood, UDP flood...
information or clicking on a malicious link.
Baiting: Baiting is a type of social
Distributed Denial of Service (DDoS) attacks: The
engineering attack in which attackers offer
attacker uses a network of compromised computers,
something of value, such as a free download
known as a botnet, to flood the target system
or a gift card, in an attempt to trick
or network with traffic or requests. In this kind of
users into clicking on a malicious link or
attack, there are multiple sources of overwhelming traffic.
downloading a malicious file.

Engr. Daniel Moune (ICT-U) ISN 6010 16 / 29

 Basic security controls and threats
mitigation

Engr. Daniel Moune (ICT-U) ISN 6010 17 / 29

 Basic Security Controls

There are three basic types of security controls: administrative, technical, and
physical. Each type of control serves a different purpose and helps protect
against different types of threats. Here’s a brief overview of each type of
control and how they can be used to mitigate security threats:
1 Administrative controls: Administrative controls are policies,
procedures, and guidelines that govern how an organization manages
security risks. Examples of administrative controls include security
awareness training, access control policies, incident response
procedures, and security audits. These controls are designed to ensure
that employees and other stakeholders follow security policies and
procedures, and that security risks are managed effectively.
2 Technical controls: Technical controls are security measures that use
technology to protect against security threats. Examples of technical
controls include firewalls, intrusion detection systems, encryption,
access control systems, and antivirus software. These controls are
designed to prevent or detect security threats at the technical level,
such as by blocking unauthorized access to a network or identifying and
quarantining malware.
3 Physical controls: Physical controls are measures that physically
protect the organization’s assets, such as facilities, equipment, and
data centers. Examples of physical controls include locks, security
cameras, access control systems, and environmental controls such as
fire suppression systems. These controls are designed to prevent
unauthorized physical access to sensitive assets and to protect against
physical threats such as theft, vandalism, or natural disasters.

Engr. Daniel Moune (ICT-U) ISN 6010 18 / 29

 Threats mitigation Framework
Threats mitigation is the process of identifying, assess-
ing, and reducing or eliminating security risks to an or-
ganization’s assets, data, and infrastructure. Here are
some general steps that can be taken to mitigate secu-
rity threats:
1 Identify and assess threats: The first step in
mitigating threats is to identify and assess the
potential risks to the organization. This can be
done through risk assessments and vulnerability
scans to identify weaknesses in the organization’s
security posture.
2 Develop a risk management plan: Once the
threats have been identified and assessed, a risk
management plan should be developed to
address each threat and reduce or eliminate its
impact on the organization. This plan should
include policies, procedures, and controls to
prevent, detect, and respond to security threats.
3 Implement security controls: Security controls
should be implemented to protect against
security threats. These controls can include
technical controls, such as firewalls and antivirus
software, administrative controls, such as access
control policies and security awareness training,
and physical controls, such as locks and security
cameras.

Engr. Daniel Moune (ICT-U) ISN 6010 19 / 29

 Common threats mitigation (1)

1 Phishing happens when people with malicious motive

sends fraudulent communications to users with the
intent of getting sensitive information such as credit
card and login information or to install malware.
Most of the time the communications appear to come
from a reputable individual, usually through email.
Users should analyse the email thoroughly and also
hover over the links in the email and check if the link
redirects them to a genuine website.

2 Malware is a collective term used to describe different

types of malicious software such as ransomware which
blocks access to key components of the network,
spyware which covertly gains sensitive information by
transmitting data in the hard drive and different types
of viruses disrupting certain components and affecting
the system. The best way to prevent this is by using
the latest version of anti-malware software on all
devices to seek and destroy malicious programs such
as viruses. It is always best to scan personal or
business systems regularly and keep the software
updated.

3 A brute force attack is simple in its approach to gain

access to systems or online accounts, trying all the
possible ways to crack the password using various
algorithms and eventually finding the right one. The
best way to counter a brute force attack is to catch it
in progress before attackers have access to the
network. Its always better to have a strong password
with minimum 8 characters including a combination of
lowercase, uppercase letters, numbers and special
symbols.

Engr. Daniel Moune (ICT-U) ISN 6010 20 / 29

 Common threats mitigation (2)
Structured Query Language (SQL) injection attacks the
target’s vulnerable websites to gain access to stored
data. The attacker inserts the harmful code into a
server using SQL and gains access to sensitive infor-
mation such as usernames, passwords and any amount
of personal information stored in the database. SQL in-
jection can be detected manually leveraging some use-
ful tests against every entry point in the application.
Some of the steps include submitting the single quote
character ‘ and looking for errors. You can look for dif-
ferences in the responses by submitting Boolean con-
ditions OR 1=1 and OR 1=3. Assessing time delays
within an SQL query by submitting payloads specifi-
cally designed for it can also help to detect the attacks.
Engr. Daniel Moune (ICT-U) ISN 6010
A Man-in-the-Middle attack, happens when an attacker
manages to intercept and hijack a connection in a two-
party transaction to eavesdrop. The mastery of the at-
tack is in the fact that the two parties will have no idea
that the connection is being intercepted by the attacker
who can easily filter and steal data. The best way to
stop MITM attacks is to take preventive steps. A se-
cure internet connection is your first line of defense.
To that end, only visit websites with a secure HTTP
connection using SSL (Secure Socket Layer) technol-
ogy. Another approach would be to use a VPN when
sending traffic online. Finally enable Multi-Factor au-
thentication whenever possible.
21 / 29
 Different types of security Actors

Engr. Daniel Moune (ICT-U) ISN 6010 22 / 29

 Common Types of Cyber Attack Vectors

Engr. Daniel Moune (ICT-U) ISN 6010 23 / 29

 Types of CyberThreats Actors

Engr. Daniel Moune (ICT-U) ISN 6010 24 / 29

 Threats hunting, threats feeds and
advisories

Engr. Daniel Moune (ICT-U) ISN 6010 25 / 29

 CyberThreats hunting
To effectively initiate a cyber threat hunting program, there are four steps
your security personnel should follow:

1 Develop a hypothesis: Cyber security hunting begins with

developing a threat hypothesis. This hypothesis could be based on
risks or vulnerabilities that might exist within the organization’s
infrastructure, current threat intelligence or attacker TTPs, or
from suspicious activity or a trigger that deviates from standard
baseline activity. A threat hunter can also use their knowledge,
experience, and creative problem solving skills to establish a
threat hypothesis and decide on a path forward to test it.

2 Begin the investigation: During an investigation, a threat hunter

can lean on complex and historical datasets derived from threat
hunting solutions such as SIEM, MDR and User Entity Behavior
Analytics (UEBA). The investigation will push forward until the
hypothesis is confirmed and anomalies are detected, or the
hypothesis is found to be benign.

3 Discover New Patterns: Deploying a quick and efficient response is

the next step when anomalies or malicious activity are found. This
could include disabling users, blocking IP addresses, implementing
security patches, altering network configurations, updating
authorization privileges, or introducing new identification
requirements. As your security teams work to resolve network
threats proactively, they will inherently learn the tactics,
techniques and procedures of threat actors and how they can
mitigate against these threats in the future.

4 Respond, Enrich & Automate: The job of threat hunting is never

ending, as cybercriminals are always advancing and creating new
network threats. Cyber threat hunting should become an everyday
practice within your organization, operating alongside automated
threat detection technologies and your security team’s current
threat identification and remediation processes.

Engr. Daniel Moune (ICT-U) ISN 6010 26 / 29

 CyberThreats feeds and advisories
Threat advisories are alerts or notifications issued by security orga-
nizations, government agencies, or other entities to warn individuals
and organizations of potential security threats and provide guidance
on how to mitigate those threats. Threat advisories typically in-
clude information on the nature of the threat, the potential impact
of the threat, and recommended actions to reduce the risk of being
affected by the threat.
1 Cybersecurity threats: Threat advisories can provide
information on new and emerging cybersecurity threats,
such as malware, phishing attacks, or data breaches, and
provide guidance on how to protect against them.
2 Physical security threats: Threat advisories can provide
information on physical security threats, such as theft,
vandalism, or terrorism, and provide guidance on how to
protect against them.
3 Natural disasters: Threat advisories can provide information
on natural disasters, such as hurricanes, earthquakes, or
wildfires, and provide guidance on how to prepare for and
respond to these events.
4 Threat advisories are typically distributed through various
channels, such as email alerts, social media, news outlets, or
security websites. Organizations and individuals should
regularly monitor these channels and take appropriate action
to mitigate the risks identified in the threat advisories. It is
also important to stay up-to-date with the latest security
best practices and to implement appropriate security
controls to protect against security threats.

Engr. Daniel Moune (ICT-U) ISN 6010 27 / 29

 Conclusion

1 Cybersecurity is not just a concern for business and governments, but also
for day to day practitioners. The potential risks involved in a cyber-attack
can have serious consequences economically and sociologically.
2 There are several layers of Security and therefore several points of
weaknesses in Information Systems. For each layer we have studied common
threats and strategies on how to mitigate them. It’s our responsibility to
develop an share awareness on cyber-attacks and risky attitudes over the
cyberspace.

Engr. Daniel Moune (ICT-U) ISN 6010 28 / 29

 Q&A

Engr. Daniel Moune (ICT-U) ISN 6010 29 / 29