AGAMYA CYBER TECH

Cyber Security
 AGAMYA CYBER TECH

“The real danger is not that computers will begin

to think like men, but that men will begin to think
like computers.”
– Sydney Harris
 AGAMYA CYBER TECH

Digital Activities
Watching more shows
Spending more time on
& films on streaming Spending longer using social media
mobile apps
services

57% 46% 39%

 AGAMYA CYBER TECH

Digital Activities
Spending more time
Listing to more music
playing computer or Creating and uploading videos
streaming services
video games

41% 26% 45%

 AGAMYA CYBER TECH

Social Media
• There are 4.88 billion social media users worldwide
• There were 448.0 million social media users in India in January
2021.
• India is the second leading country of Instagram and LinkedIn
users after the U.S.
– WhatsApp (531.46 million active users),
– Instagram (516.92 million users),
– Facebook (492.70 million users),
– Telegram (384.06 million users), And
– Facebook Messenger (343.92 million users).
• An average of two hours and 25 minutes are spent per day per
person on social media
 AGAMYA CYBER TECH

• Cyber security is the protection of internet-connected

systems such as hardware, software and data from
cyberthreats.
• The practice is used by individuals and enterprises to protect
against unauthorized access to data centers and other
computerized systems.
 AGAMYA CYBER TECH

Cyber Security Domains

• Application security
• Information or data security
• Network security
• Disaster recovery/business continuity planning
• Operational security
• Cloud security
• Critical infrastructure security
• Physical security
• End-user education
• Mobile security
 AGAMYA CYBER TECH

Vulnerability

• Vulnerabilities are weaknesses in a system that gives threats

the opportunity to compromise assets.
• Vulnerabilities mostly happened because of Hardware,
Software, Network and Procedural vulnerabilities.
 AGAMYA CYBER TECH

Hardware Vulnerability
• A hardware vulnerability is a weakness which can used to
attack the system hardware through physically or remotely.
For examples:
– Old version of systems or devices
– Unprotected storage
– Unencrypted devices, etc.
 AGAMYA CYBER TECH

Software Vulnerability

• A software error happen in development or configuration

such as the execution of it can violate the security policy. For
examples:
– Lack of input validation
– Unverified uploads
– Cross-site scripting
– Unencrypted data, etc.
 AGAMYA CYBER TECH

Network Vulnerability
• A weakness happen in network which can be hardware or
software.
For examples:
– Unprotected communication
– Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
– Social Engineering attacks
– Misconfigured Firewalls
 AGAMYA CYBER TECH

Procedural Vulnerability
• A weakness happen in an organization operational methods.
For examples:
– Password procedure – Password should follow the standard password
policy.
– Training procedure – Employees must know which actions should be
taken and what to do to handle the security.
 AGAMYA CYBER TECH

Exploits
• An exploit is a piece of software, a chunk of data, or a
sequence of commands that takes advantage of
a bug or vulnerability in an application or a system to cause
unintended or unanticipated behavior to occur.
 AGAMYA CYBER TECH

• Remote exploit: These exploits work over a network and exploit a

vulnerability without prior access to the system.

• Local exploit: This exploit needs prior access to a vulnerable system

and increases hacker’s privileges to a higher level.

• Zero-day exploit: A zero-day exploit is an exploit still undiscovered

by developers. If hackers already know about it and can exploit it at
any time.

• Known vulnerabilities: Imagine that a developer has found a

vulnerability in their app or service and released an update to fix it.
They will list the vulnerability in the Common Vulnerabilities and
Exposures (CVE) index so that everybody knows about the issue and
how to combat it.
 AGAMYA CYBER TECH

Network Security
• Network Security refers to the measures taken by any
enterprise or organization to secure its computer network and
data using both hardware and software systems.
 AGAMYA CYBER TECH

Network Security Levels

1. Physical Network Security

 Physical network security controls are put in place to stop unauthorized
personnel from accessing components of the network.
2. Technical Network Security
 Technical network security protects the data that is within the network.
3. Administrative Network Security
 Administrative network security controls the level of access for each user
within the network.
 AGAMYA CYBER TECH

Basic Concepts of Network Security

• Confidentiality
• Integrity
• Availability
 AGAMYA CYBER TECH

Confidentiality

• It is the concept of protecting data from unauthorized access.

This is done by encrypting the data that are stored in a
storage device.
 AGAMYA CYBER TECH

• Plain text
• Cipher text
• Encryption
• Decryption
• Cryptography
• Cryptanalysis
• Cryptology
• Key
 AGAMYA CYBER TECH

Integrity

• This is done by using digital signatures and digital certificate

technology. An organization can digitally sign a file.
• Thereby ensuring that nobody tampers with it or removes it
from its original location.
• Digital certificates provide a way for two computers to verify.
 AGAMYA CYBER TECH

Digital Signatures
• Digital Signatures use the asymmetric key algorithms to
provide data integrity.
• A digital signature is created using the hash code of the
message, the private key of the sender, and the signature
function.
• It is then verified using the hash code of message, the public
key of sender, and the verification function.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Digital Certificates
• A digital certificate is a file or electronic password that proves
the authenticity of a device, server, or user through the use of
cryptography and the public key infrastructure (PKI).
• Digital certificate authentication helps organizations ensure
that only trusted devices and users can connect to their
networks.
• Another common use of digital certificates is to confirm the
authenticity of a website to a web browser, which is also
known as a secure sockets layer or SSL certificate.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Public Key Infrastructure (PKI)

• It is a set of hardware, software, people, policies, and
procedures required to create, manage, distribute, use and
revoke digital certificates.
• Components of PKI
• A Certificate authority (CA) that issues and verifies digital
certificates
• A Registration authority (RA) that acts as the verifier for the
certificate authority
• A certificate management system for generation, distribution,
storage, and verification of certificates.
• One or more directories where the certificates (with their public
keys) are stored.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Availability
• This is the concept of providing services to a
user at any time they need them.
 AGAMYA CYBER TECH

Security Objects
• Authorization
• Authentication
• Access Control
 AGAMYA CYBER TECH

Authentication
• The process of verifying the identity of a user.
• Something user knows
• Password
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Access Control
• Access control is the addition of extra authentication steps to further
protect important segments. Once the identity proves they are who they
say they are, access is granted. With access comes the authority to
perform actions on whatever it is the identity has access to.

• Something user have

– Key, Smart card, Card details, Mobile (2FA)
• Something user is
– Fingerprint, Voice, Face scan
 AGAMYA CYBER TECH

Authorization
• Authorization defines the set of actions that the identity can
perform after gaining access to a specific part of the
infrastructure, protecting from threats that access controls
alone are ineffective against.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

HTTPS
• HTTPS (HTTP over SSL) refers to the combination of HTTP and
SSL to implement secure communication between a Web
browser and a Web server. The HTTPS capability is built into
all modern Web browsers. Its use depends on the Web server
supporting HTTPS communication.
• When HTTPS is used, the following elements of the
communication are encrypted:
• URL of the requested document
• Contents of the document
• Contents of browser forms (filled in by browser user)
• Cookies sent from browser to server and from server to browser
• Contents of HTTP header
AGAMYA CYBER TECH
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Types of Network Attacks

 AGAMYA CYBER TECH

Network Attacks

Passive Active
 AGAMYA CYBER TECH

Passive Network Attacks

• A Passive attack attempts to learn or
make use of information from the
system but does not affect system
resources.
• Passive Attacks are in the nature of
eavesdropping on or monitoring
transmission. The goal of the
opponent is to obtain information
that is being transmitted.
 AGAMYA CYBER TECH

Reading the Message Content

• Telephonic conversation, an electronic mail message, or a
transferred file may contain sensitive or confidential
information.
 AGAMYA CYBER TECH

Traffic analysis
• Hacker tries to access the same network as you to listen (and
capture) all your network traffic.
• A hacker is not actively trying to hack into your systems or
crack your password.
 AGAMYA CYBER TECH

Man-In-The-Middle Attack
• A man-in-the-middle (MITM) attack is a type of cyberattack
where attackers intercept an existing conversation or data
transfer, either by eavesdropping or by pretending to be a
legitimate participant.
 AGAMYA CYBER TECH

Active Network Attacks

 AGAMYA CYBER TECH

Active Network Attacks

• An Active attack attempts to alter system resources or affect
their operations. Active attacks involve some modification of
the data stream or the creation of false statements.
 AGAMYA CYBER TECH

Session Hijacking Attack

• Also known as session replay, playback attacks, or replay
attacks, the threat actors copy the internet session ID
information of the target. They use this information to
retrieve login credentials, impersonate the targets, and
further steal other sensitive data from their devices.
 AGAMYA CYBER TECH

Masquerade Attack
• This attack exploits weaknesses in the authentication process
of the target’s network. The threat actors use stolen login
details to impersonate an authorized user, using the user’s ID
to gain access to their targeted servers.
 AGAMYA CYBER TECH

Denial of Service
• A denial-of-service (DoS) attack is a type of cyber attack in which a
malicious actor aims to render a computer or other device unavailable to
its intended users by interrupting the device's normal functioning.
• DoS attacks typically function by overwhelming or flooding a targeted
machine with requests until normal traffic is unable to be processed.
 AGAMYA CYBER TECH

Network Penetration Testing Process

AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Components of Network Pentesting

• Server-Side penetration testing
• Client-Side penetration testing
 AGAMYA CYBER TECH

Server-Side Pentesting
• Network-level Components:
– Firewall Penetration Testing
– IDS Penetration Testing
– Router Penetration Testing
– Server Penetration Testing
 AGAMYA CYBER TECH

Client-Side Penetration Testing

• Client OS Penetration Testing
• Application Penetration Testing
 AGAMYA CYBER TECH

Network Penetration Testing

 AGAMYA CYBER TECH

Network Penetration Testing

• It Involves detecting security weaknesses in the network
infrastructure of the target organization.
• It can be conducted from inside or outside of the
organization.
• It helps administrator to close unnecessary ports, services,
troubleshoot services and calibrate firewall/IDS rules for
robust security.
 AGAMYA CYBER TECH

External Internal
– All Publicly available – All internal networks,
network applications infrastructure devices
such as website/ and applications
applications, FTP, etc. including servers, end
– Firewall, IDS, routers, points, etc.
switches, etc
– Wireless Networks
 AGAMYA CYBER TECH

Types of Scanning
• Network Scanning
• Port Scanning
• Vulnerability Scanning
 AGAMYA CYBER TECH

Detect Live Hosts

 AGAMYA CYBER TECH

ping sweep (ICMP sweep)

• It is used to determine the live hosts from a range of IP
addresses by sending ICMP ECHO requests to multiple hosts.
If a host is alive, it will return an ICMP ECHO reply.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

TOOLS
 AGAMYA CYBER TECH

NMAP
• Nmap – Network Mapper
• It is a free and open source utility for network discovery and
security auditing.
• Useful for tasks such as network inventory, managing service
upgrade schedules, and monitoring host or service uptime.
• Developed by Gordon Lyon
• Nmap runs on all OS – Windows, Linux, MAC, etc.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Angry IP Scanner
• Angry IP Scanner (or simply ipscan) is an open-source and
cross-platform network scanner designed to be fast and
simple to use.
• It scans IP addresses and ports as well as has many other
features.
• Scans local networks as well as Internet
• IP Range, Random or file in any format
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Port Scanning
 AGAMYA CYBER TECH

Port Scanning

• Checking the services running on the target computer by

sending series of messages in an attempt to break in.
 AGAMYA CYBER TECH

TCP Header Format

AGAMYA CYBER TECH
 AGAMYA CYBER TECH

UDP Header Format

 AGAMYA CYBER TECH

TCP SYN Scan

• The -sS option performs a TCP SYN scan.
• The default TCP SYN scan attempts to identify the 1000 most
commonly used TCP ports by sending a SYN packet to the
target and listening for a response.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Port states
• Open: This indicates that an application is listening for
connections on this port.
• Closed: This indicates that the probes were received but there is
no application listening on this port.
• Filtered: This indicates that the probes were not received and the
state could not be established. It also indicates that the probes
are being dropped by some kind of filtering.
• Unfiltered: This indicates that the probes were received but a
state could not be established.
• Open/Filtered: This indicates that the port was filtered or open
but Nmap couldn't establish the state.
• Closed/Filtered: This indicates that the port was filtered or closed
but Nmap couldn't establish the state.
 AGAMYA CYBER TECH

TCP Connect Scan

• The -sT option performs a TCP connect scan.
• The TCP Connect Scan is a simple probe that attempts to
directly connect to the remote system without using any
stealth
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

UDP Scan

• The -sU option performs a UDP (User Datagram Protocol)

scan.
• While TCP is the most commonly used protocol, many
network services (like DNS, DHCP, and SNMP) still utilize UDP
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Fast Scan
• The -F option instructs Nmap to perform a scan of only the
100 most commonly used ports.
 AGAMYA CYBER TECH

Scan Specific Ports

• The -p option is used to instruct Nmap to scan the specified
port(s).
• nmap –p
 AGAMYA CYBER TECH

Operating System Detection

• The -O parameter enables Nmap’s operating system detection
feature.
• Operating system detection is performed by analyzing
responses from the target for a set of predictable
characteristics which can be used to identify the type of OS on
the remote system
• If Nmap is unable to accurately identify the OS, you can force
it to guess by using the --osscan-guess option
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Service Version Detection

• The -sV parameter enables Nmap’s service version detection
feature.
• The -sV option will attempt to identify the vendor and
software version for any open ports it detects.
 AGAMYA CYBER TECH

Aggressive scan
• Nmap has a special flag to activate aggressive detection,
namely -A. Aggressive mode enables OS detection (-O),
version detection (-sV), script scanning (-sC), and traceroute (-
-traceroute). Needless to say this mode sends a lot more
probes and it is more likely to be detected
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Firewall Evasion Techniques

 AGAMYA CYBER TECH

TCP NULL, FIN, and XMAS Scans

• These three methods exploit a loophole in TCP RFC 793 to
find open and closed ports. If the server receives any packet
that doesn’t contain SYN, RST, or ACK.

• Null scan (-sN)Does not set any bits (TCP flag header is 0)

• FIN scan (-sF) Sets just the TCP FIN bit.

• Xmas scan (-sX) Sets the FIN, PSH, and URG flags,
 AGAMYA CYBER TECH

Fragment Packets
• The -f option is used to fragment probes into 8-byte packets.
• The -f option instructs Nmap to send small 8-byte packets
thus fragmenting the probe into many very small packets.
 AGAMYA CYBER TECH

Specify a Specific MTU

• The --mtu option is used to specify a custom MTU (Maximum
Transmission Unit).
• It allows you to specify your own MTU to be used during
scanning.
• Example –mtu 16
 AGAMYA CYBER TECH

Use a Decoy
• The -D option is used to mask an Nmap scan by using one or
more decoys.
• nmap -D RND:10 instructs Nmap to generate 10 random
decoys. You can also specify decoy addresses manually using
the following syntax: nmap -D decoy1,decoy2,decoy3,etc.
 AGAMYA CYBER TECH

Spoof MAC Address

• The --spoof-mac is used to spoof the MAC (Media Access

Control) address of an ethernet device
 AGAMYA CYBER TECH

Saving results
• nmap –oN test.txt target – text format
• nmap -oX test.xml target – xml format
 AGAMYA CYBER TECH

Nmap Scripting Engine (NSE)

 AGAMYA CYBER TECH

• The Nmap Scripting Engine (NSE) is a powerful tool that allows

users to develop custom scripts which can be used to harness
Nmap’s advanced scanning functions.
• Scripts for NSE are written in the Lua programming language.
 AGAMYA CYBER TECH

NSE script categories

Currently there are 14 categories of NSE scripts in total. The categories include:

• auth • external
• broadcast • fuzzer
• brute • intrusive
• default • malware
• discovery • safe
• dos • version
• exploit • vuln
 AGAMYA CYBER TECH

 -sC: Scan with default NSE scripts.

 Whois-domain: --script whois-domain.nse <target>

 Banner grab: -sV --script=banner <target>

 ssh-auth-methods: nmap -p 22 --script ssh-auth-methods --script-

args="ssh.user=<username>" <target>

 dns-brute: nmap –p80 --script=dns-brute <domain.com>

 Vuln: nmap -sV --script vulners <target>

 http-enum: nmap -p 80 -n --script http-enum <target>

 http-wordpress-enum: nmap –n –p80 –script http-wordpress-enum

 AGAMYA CYBER TECH

How to Secure
1. Apply Encryption To Data

2. Set Up A Firewall

3. Get A Virtual Private Network (VPN)

4. Be Consistent With Network Monitoring

5. Install Antivirus And Malware Protection

6. Update Software Often

7. Create Strong Passwords

8. Set Up Two-Factor Authentication (2FA)

9. Educate All Employees & Staffs

10. Close Unnecessary ports

 AGAMYA CYBER TECH

Vulnerability Assessment
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

• Vulnerability assessment is the process of identifying,

classifying, and prioritizing security vulnerabilities in IT
infrastructure.
• A comprehensive vulnerability assessment evaluates whether
an IT system is exposed to known vulnerabilities, assigns
severity levels to identified vulnerabilities, and recommends
remediation or mitigation steps where required.
• Vulnerabilities can be found in applications managed by third-
party vendors or internally made software, and many flaws
are easily fixed once identified.
 AGAMYA CYBER TECH

Types of Vulnerability Assessment

• Network-based assessment: Used to identify possible network security issues and
can detect vulnerable systems on wired and wireless networks.

• Host-based assessment: Used to locate and identify vulnerabilities in servers,

workstations, and other network hosts. This scan typically examines open
ports and services.

• Wireless network assessment: Used to scan Wi-Fi networks and attack vectors in
the wireless network infrastructure.

• Application assessment: The identification of security vulnerabilities in web

applications and their source code by using automated vulnerability scanning tools
on the front-end or static/dynamic analysis of source code.

• Database assessment: The assessment of databases or big data systems for

vulnerabilities and misconfiguration, identifying rogue databases or insecure
dev/test environments, and classifying sensitive data to improve data security.
 AGAMYA CYBER TECH

Vulnerability Assessment Process

• Vulnerability identification: Analyzing network scans, pen test results,
firewall logs, and vulnerability scan results to find anomalies that suggest
a cyber attack could take advantage of a vulnerability.

• Vulnerability analysis: Decide whether the identified vulnerability could

be exploited and classify the severity of the exploit to understand the level
of security risk.

• Risk assessment: Assess which vulnerabilities will be mitigated or

remediated first based on their wormability and other risks.

• Remediation: Update affected software or hardware where possible.

• Mitigation: Decide on countermeasures and how to measure their

effectiveness in the event that a patch is not available.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

TOOLS
• Nikto
• Acunetix
• Nmap
• Nessus
 AGAMYA CYBER TECH

RISK ASSESSMENT
 AGAMYA CYBER TECH

IS Risk
• Potential that a given threat will exploit vulnerabilities of an
asset and there by cause harm to the organisation
• Likelihood (Probability) X Consequence (Impact) = Risk.

Audit RISK = IR X CR X DR
 AGAMYA CYBER TECH

Approaches
• Top Down Approach
• Bottom-up Approach
 AGAMYA CYBER TECH

Top Down Approach

 AGAMYA CYBER TECH

Bottom-up Approach
 AGAMYA CYBER TECH

Risk Assessment Methodologies

• Asset Based Assessment
• Event Based Risk Assessment
• Threat Based Risk Assessment
 AGAMYA CYBER TECH

Asset Based Risk Assessment

• Asset register
• Asset owner
• Identify threats and vulnerabilities
Assets valuable to the business
Example of assets
– Severs, routers, switches …
– Customer data, partners documents, trade secrets …
– People

Identify asset owners

Prioritize assets according to
Legal standing
Importance to the organization
 AGAMYA CYBER TECH

Event Based Risk Assessment

• Identify risks based on security events

• Vulnerability : Weakness that can be exploited

• Identified through
– Vulnerability analysis
– Audit reports
– Penetration testing
– Scanning tools
• Threat : Anything that can exploit a vulnerability
– Hackers
– Natural disasters
– System failure
– Accidental human interference
 AGAMYA CYBER TECH

Threat Risk Assessment

• Analyses IT systems for vulnerabilities

• Remove potential threats
 AGAMYA CYBER TECH

IT Assets Based Risk Assessment

1. Identify and Prioritize Assets
2. Identify Threats and vulnerabilities
3. Identify risk owners
4. Analyse controls
5. Determine the likelihood of incident
6. Assess the Impact a Threat Could Have
7. Prioritize the Information Security Risks
8. Risk Acceptance Criteria
9. Document the Results
 AGAMYA CYBER TECH

Examples
Asset: Documents

Threat Vulnerability Risk

Theft
Fire
Water Damage
 AGAMYA CYBER TECH

Threat Vulnerability Risk

Loss of Confidentiality and

Theft Unlocked cabinet
availability of the information

Loss of availability of the

Fire No Fire suppression system
information

Water Damage Leaky roof Loss of availability

 AGAMYA CYBER TECH

Asset: System Administrator

Threat Vulnerability Risk

Unavailability
Frequent errors
 AGAMYA CYBER TECH

Threat Vulnerability Risk

There is no
Unavailability replacement for this Potential of availability
position

Potential of integrity
Frequent errors Lack of training
and availability
 AGAMYA CYBER TECH

Asset: E-Mail system

Threat Vulnerability Risk

E-Mail Hacking
 AGAMYA CYBER TECH

Threat Vulnerability Risk

Loss of
Weak password
E-Mail Hacking confidentiality and
policy
availability
 AGAMYA CYBER TECH

Identify Risk Owners

• Risk owner : a person or entity with the accountability and
authority to manage a risk.

– Example :
• Asset owner of a server : System administrator
• Risk owner : Head of IT department
 AGAMYA CYBER TECH

Analyse the Current Controls

• Controls
– In place
– Or planned
• Two types of controls
– Technical
– Non technical
 AGAMYA CYBER TECH

Risk = Likelihood (Probability) X Consequence (Impact)

• Probability – A risk is an event that "may" occur. The probability of

it occurring can range anywhere from just above 0 percent to just
below 100 percent.

• Impact – A risk, by its very nature, always has a negative impact.

However, the size of the impact varies in terms of cost and impact
on health, human life, or some other critical factor.
 AGAMYA CYBER TECH

Types of Risk Assessments

• Qualitative
• Quantitative
 AGAMYA CYBER TECH

Qualitative Risk Analysis

• Qualitative Risk Analysis is a project management technique
concerned with discovering the probability of risk event
occurring & the impact the risk will have if it does occur.
 AGAMYA CYBER TECH

Quantitative risk
Risk
magnitude

1–2 Info

2-4 Low

5–6 Medium

7–8 High

9 - 10 Critical
 AGAMYA CYBER TECH

1 2 3 4 5
5 5 10 15 20 25
Likelihood

4 4 8 12 16 20
3 3 6 9 12 15
2 2 4 6 8 10
1 1 2 3 4 5

Impact
 AGAMYA CYBER TECH

Info Low Medium High Critical

Critical Medium High Critical Critical Critical
Likelihood

High Medium High High Critical Critical

Medium Low Medium High High Critical
Low Low Medium Medium High High
Info Info Low Low Medium Medium

Impact
 AGAMYA CYBER TECH

• Due to COVID-19, all of your employees are now working from

home. Consequently, this has put tremendous strain on your
VPN server, where employees are reporting several VPN
disconnections a day, Skype call instability, slow network
speeds, and an inability to get all of their work done.

• What is the risk of business operations and employee

productivity if you do not fix your VPN issues?
 AGAMYA CYBER TECH

Quantitative Risk Analysis

• A numerical analysis of the probability & Impact of the highest
risk on the project to determine overall project risk or identity
requiring the most attention.
• Quantitative risk analysis checklist:
– A prioritized list of risks (which you’ll get by doing a qualitative risk
analysis)
– Reliable data
– A developed project model
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

• The dedicated air conditioning system in your server room is

12 years old, and you expect it to fail within the next three
years. If it fails, you’ll have to take your servers offline, which
you anticipate will cost your online business $20,000 in lost
sales revenues. You’ve been quoted $5,000 for the purchase
and installation of a new A/C unit.
• Would it be prudent to purchase a new A/C unit at the cost of
$5,000?
– Asset Value (AV) = $20,000
– Exposure Factor (EF) = 100%
– Single Loss Expectancy (SLE) = AV x EF = $20,000 x 1 = $20,000
– Annual Rate of Occurrence (ARO) = .33
– Annualized Loss Expectancy (ALE) = SLE x ARO = $20,000 x .33 = $6,600
 AGAMYA CYBER TECH

Yes. There’s a 33% chance that your A/C unit will fail this year,
with an ALE of $6,600. Since the cost to purchase and install a
new A/C unit is only $5,000, you should invest in the new A/C
unit
 AGAMYA CYBER TECH

• Your data center building is valued at 5,00,000. If there is a

major earthquake, you estimate 25% of the building will be
damaged. Your risk team estimates a major earthquake will
occur once every ten years. Would it be prudent to purchase
building earthquake insurance with an annual cost of 25,000?

• AV = 5,00,000
• EF = .25
• SLE = AV x EF = 5,00,000 x .25 = 1,25,000
• ARO = .10
• ALE = SLE x ARO = 1,25,000 x .10 = 12,500
 AGAMYA CYBER TECH

No. The cost of the annual insurance premium is double the ALE,
so you would be spending more than you expect to lose on an
annual basis.
 AGAMYA CYBER TECH

How to minimize Risk??

AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Risk response methodology

 AGAMYA CYBER TECH

Types of Network Security

Protections
 AGAMYA CYBER TECH

Firewall
• A firewall is a hardware device and/ or software that prevents
unauthorized to or from a private network.
• It is placed at the junction point or gateway between two
networks, usually a private network and a public network.
 AGAMYA CYBER TECH

Kinds of Firewalls
• Host Based Firewall
– s/w on host machine to control and monitor traffic in and
out of it.

• Network Based Firewall

– To filter traffics between two or more networks
– Either h/w or s/w
 AGAMYA CYBER TECH

Types of Firewalls
1. Packet Filtering Firewalls (Static)
2. Stateful Inspection Firewalls (Dynamic)
3. Circuit Level Gateway Firewalls
4. Application level Gateway Firewalls/ Proxy
Firewalls/Gateway Firewalls
5. Stateful Multilayer Inspection Firewalls
 AGAMYA CYBER TECH

Packet Filtering Firewalls

• Packet Filtering Firewalls are normally Deployed on the
Routers which connect the Internal Network to Internet.

• Packet Filtering Firewalls can only be Implemented on the

Network Layer of OSI Model.

• Packet filtering is the process of passing or blocking data

packets at a network interface by a firewall based on source
and destination addresses, ports or protocols.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Stateful Inspection Firewall

• Monitors the state of active connections and uses this
information to determine which network packets to allow
through the firewall

• This firewall records all the connections passing through it.

• By recording session information such as IP addresses and

port numbers, a dynamic packet filter can implement a much
tighter security posture than a static packet filter can.

• This firewall is situated at Layers 3 and 4 of the OSI model.

 AGAMYA CYBER TECH

Application level Gateway Firewalls

• Application level gateways work on the Application layer of the OSI
model and provide protection for a specific Application Layer
Protocol.

• Proxy server is the best example of Application level Gateways

Firewalls.

• Application level gateway would work only for the protocols which
is configured. For example, if we install a web proxy based Firewall
then it will only allow HTTP Protocol Data.

• Application level firewalls can also be configured as Caching Servers

which in turn increase the network performance and makes it
easier to log traffic.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Circuit Level Gateway Firewall

• Circuit level gateways are deployed at the Session layer of the
OSI model and they monitor sessions like UDP and TCP three
way handshake to see whether a requested connection is
legitimate or not

• Major Screening happens before the Connection is

Established

• DO NOT filter individual packets.

AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Stateful Multilayer Inspection Firewall

• Stateful multilayer Inspection Firewall is a combination of all
the firewalls that we have studied till now.

• They can Filter packets at Network layer using Acts, check for
legitimate sessions on the Session Layers and they also
evaluate packets on the Application layer (ALG)
 AGAMYA CYBER TECH

Network Address Translation (NAT)

• Network Address Translation (NAT) is a network protocol used
in IPv4 networks that allows multiple devices to connect to a
public network using the same public IPv4 address.
• Hides the internal networks IP addresses
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

intrusion detection system (IDS)

• IDS is a system to monitor and identify unauthorized system
access or manipulation.
• An IDS gathers and analyzes information from various areas
within a computer or a network to identify possible security
breaches.
• This analyzing includes both SCANNING and probing.
 AGAMYA CYBER TECH

Types of IDS
1.Network Based IDS
2. Host Based IDS
 AGAMYA CYBER TECH

Network Based IDS (NIDS)

• A network intrusion detection system or network IDS,
examines the traffic on your network.
• As such, a typical NIDS has to include a packet sniffer in order
to gather network traffic for analysis.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Host Based IDS (HIDS)

• A host-based intrusion detection system (HIDS) is a system
that monitors a computer system on which it is installed to
detect an intrusion and/or misuse, and responds by logging
the activity and notifying the designated authority.

• A HIDS can be thought of as an agent that monitors and

analyzes whether anything or anyone, whether internal or
external, has circumvented the system's security policy.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

IDS Detection Method

Signature Based Detection (applied by both)
– The signature-based method looks at checksums and
message authentication.

– A HIDS will look at log and config files for any unexpected
rewrites, whereas a NIDS will look at the checksums in
packets and message authentication integrity of systems
such as SHA1.
 AGAMYA CYBER TECH

Anomaly Based Detection (applied by both)

– Anomaly-based detection looks for unexpected or
unusual patterns of activities. This category can also
be implemented by both host and network-based
intrusion detection systems.

– In the case of HIDS, an anomaly might be repeated

failed login attempts. Of unusual activity on the ports
of a device that signify port scanning.
 AGAMYA CYBER TECH

honeypot
• A honeypot is a security tool that can help computer systems
defend against cyber attacks in unique ways. This network-
attached system is used as a decoy to distract cyber attackers
from their real targets.

• A honeypot is a cybersecurity measure with two primary uses:

research and production. Honeypots can both root out and
collect information on cybercriminals before they attack
legitimate targets, as well as lure them away from those
real targets.
 AGAMYA CYBER TECH

• git clone https://github.com/technicaldada/pentbox

• cd pentbox

• tar -zxvf pentbox.tar.gz

• cd pentbox-1.8

• ./pentbox.rb
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Intrusion Prevention System (IPS)

• Once, all the detection work is completed by IDS, you need
defense against it which is provided by an IPS
• Therefore, IPS is a network Security/threat prevention
technology that examines network flows to detect and
prevent vulnerability exploits.
• Specifically, these actions include:
– Sending an alarm to the administrator (as would be seen in
an IDS)
– Dropping the malicious packets
– Blocking traffic from the source address
– Resetting the connection
 AGAMYA CYBER TECH

Types of Intrusion Prevention Systems (IPS)

• Network-based intrusion prevention system (NIPS)
– Typically, a network-based intrusion prevention system is placed at key
network locations, where it monitors traffic and scans for cyberthreats.

• Wireless intrusion prevention system (WIPS)

– Wireless intrusion prevention systems monitor Wi-Fi networks, acting as a
gatekeeper and removing unauthorized devices.

• Host-based intrusion prevention system (HIPS)

– Installed on endpoints like PCs, host-based intrusion prevention systems monitor
inbound and outbound traffic from that device only.

• Network behavior analysis (NBA)

– NBA is focused on network traffic to detect odd movement and flows that
might be associated with distributed denial of service (DDoS) attacks.
 AGAMYA CYBER TECH

IPS Detection Method

• Signature Based Detection
– It uses uniquely identifiable signatures that are located in
exploit code. When exploits are discovered, their
signatures go into an increasingly expanding database.

• Statistical Anomaly Based Detection

– This randomly samples network traffic and compares
samples to performance level baselines. When samples
are identified as being outside the baseline, the IPS
triggers an action to prevent a potential attack.
 AGAMYA CYBER TECH

Potential Attacks Detected and

Prevented By IPS
 Address Resolution Protocol (ARP) Spoofing:
 Buffer Overflow:
 Distributed Denial of Service (DDoS)
 IP Fragmentation:
 Operating System (OS) Fingerprinting:
 Ping of Death:
 Port Scanning:
 Secure Sockets Layer (SSL) Evasion:
 SYN Flood:
 AGAMYA CYBER TECH

Placement of IDS and IPS

AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Demilitarized zone (DMZ)

• A DMZ or demilitarized zone is a perimeter network that
protects and adds an extra layer of security to an
organization’s internal local-area network from untrusted
traffic.
• The end goal of a demilitarized zone network is to allow an
organization to access untrusted networks, such as the
internet, while ensuring its private network or LAN remains
secure.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

VPN
• Virtual Private Network connects your PC, smartphone, or
tablet to another computer (called a server) somewhere on
the internet, and allows you to browse the internet using that
computer's internet connection.
 AGAMYA CYBER TECH

How Does a VPN Work?

• A VPN works by routing a device's internet connection
through a private service rather than the user's regular
internet service provider (ISP). The VPN acts as an
intermediary between the user getting online and connecting
to the internet by hiding their IP address.

• When the user connects to the web using their VPN, their
computer submits information to websites through the
encrypted connection created by the VPN. The VPN then
forwards that request and sends a response from the
requested website back to the connection.
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

• Protecting Browsing History

• Securing IP Address and Location Data
• Hiding Streaming Location
• Protecting Devices
• Ensuring Internet Freedom
 AGAMYA CYBER TECH

Top VPN Services

• NordVPN
• Surfshark VPN
• Express VPN
• CyberGhost VPN
• Proton VPN
• Hide.me
• TunnelBear
AGAMYA CYBER TECH
 AGAMYA CYBER TECH

Firewall Implementation
 AGAMYA CYBER TECH

Windows Firewall
• Right-click the Windows Start button and select Control Panel.
• Click Windows Firewall.
• Click Advanced Settings.
• Click Inbound Rules, then New Rule.
• Select Port for the Rule Type, then click Next.
• Select TCP for Does this rule apply to TCP or UDP.
• Select Specific local ports, and enter the TCP port to allow, then
click Next.
– Note: See Using the SQL Error Log to Determine the SQL Port. The
standard SQL port is 1433, but can be different.
• Ensure Allow the connection is selected, then click Next.
• Select When to apply the rule (Domain, Private, or Public), then
click Next.
• Enter a Name and optional Description, then click Finish.
 AGAMYA CYBER TECH

Linux Firewall
• Commands
– sudo apt-get install iptables
– sudo iptables -L (-L for list)

– sudo iptables -A INPUT -p <port no.> -j ACCEPT (-A for adding)

– sudo iptables -A INPUT -p<port no. > -j DROP

– sudo iptables -A OUTPUT -p <port no> -j ACCEPT

–
– sudo iptables -A FORWARD -p<port no.> -j ACCEPT

– sudo iptables -A INPUT -s <source lp> -j DROP

– sudo iptables –D <chain name><s.no of rule>

AGAMYA CYBER TECH
AGAMYA CYBER TECH
THANK-YOU