Professional Documents
Culture Documents
Cyber Security
AGAMYA CYBER TECH
Digital Activities
Watching more shows
Spending more time on
& films on streaming Spending longer using social media
mobile apps
services
Digital Activities
Spending more time
Listing to more music
playing computer or Creating and uploading videos
streaming services
video games
Social Media
• There are 4.88 billion social media users worldwide
• There were 448.0 million social media users in India in January
2021.
• India is the second leading country of Instagram and LinkedIn
users after the U.S.
– WhatsApp (531.46 million active users),
– Instagram (516.92 million users),
– Facebook (492.70 million users),
– Telegram (384.06 million users), And
– Facebook Messenger (343.92 million users).
• An average of two hours and 25 minutes are spent per day per
person on social media
AGAMYA CYBER TECH
Vulnerability
Hardware Vulnerability
• A hardware vulnerability is a weakness which can used to
attack the system hardware through physically or remotely.
For examples:
– Old version of systems or devices
– Unprotected storage
– Unencrypted devices, etc.
AGAMYA CYBER TECH
Software Vulnerability
Network Vulnerability
• A weakness happen in network which can be hardware or
software.
For examples:
– Unprotected communication
– Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
– Social Engineering attacks
– Misconfigured Firewalls
AGAMYA CYBER TECH
Procedural Vulnerability
• A weakness happen in an organization operational methods.
For examples:
– Password procedure – Password should follow the standard password
policy.
– Training procedure – Employees must know which actions should be
taken and what to do to handle the security.
AGAMYA CYBER TECH
Exploits
• An exploit is a piece of software, a chunk of data, or a
sequence of commands that takes advantage of
a bug or vulnerability in an application or a system to cause
unintended or unanticipated behavior to occur.
AGAMYA CYBER TECH
Network Security
• Network Security refers to the measures taken by any
enterprise or organization to secure its computer network and
data using both hardware and software systems.
AGAMYA CYBER TECH
Confidentiality
• Plain text
• Cipher text
• Encryption
• Decryption
• Cryptography
• Cryptanalysis
• Cryptology
• Key
AGAMYA CYBER TECH
Integrity
Digital Signatures
• Digital Signatures use the asymmetric key algorithms to
provide data integrity.
• A digital signature is created using the hash code of the
message, the private key of the sender, and the signature
function.
• It is then verified using the hash code of message, the public
key of sender, and the verification function.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
Digital Certificates
• A digital certificate is a file or electronic password that proves
the authenticity of a device, server, or user through the use of
cryptography and the public key infrastructure (PKI).
• Digital certificate authentication helps organizations ensure
that only trusted devices and users can connect to their
networks.
• Another common use of digital certificates is to confirm the
authenticity of a website to a web browser, which is also
known as a secure sockets layer or SSL certificate.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
Availability
• This is the concept of providing services to a
user at any time they need them.
AGAMYA CYBER TECH
Security Objects
• Authorization
• Authentication
• Access Control
AGAMYA CYBER TECH
Authentication
• The process of verifying the identity of a user.
• Something user knows
• Password
AGAMYA CYBER TECH
AGAMYA CYBER TECH
Access Control
• Access control is the addition of extra authentication steps to further
protect important segments. Once the identity proves they are who they
say they are, access is granted. With access comes the authority to
perform actions on whatever it is the identity has access to.
Authorization
• Authorization defines the set of actions that the identity can
perform after gaining access to a specific part of the
infrastructure, protecting from threats that access controls
alone are ineffective against.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
HTTPS
• HTTPS (HTTP over SSL) refers to the combination of HTTP and
SSL to implement secure communication between a Web
browser and a Web server. The HTTPS capability is built into
all modern Web browsers. Its use depends on the Web server
supporting HTTPS communication.
• When HTTPS is used, the following elements of the
communication are encrypted:
• URL of the requested document
• Contents of the document
• Contents of browser forms (filled in by browser user)
• Cookies sent from browser to server and from server to browser
• Contents of HTTP header
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
Network Attacks
Passive Active
AGAMYA CYBER TECH
Traffic analysis
• Hacker tries to access the same network as you to listen (and
capture) all your network traffic.
• A hacker is not actively trying to hack into your systems or
crack your password.
AGAMYA CYBER TECH
Man-In-The-Middle Attack
• A man-in-the-middle (MITM) attack is a type of cyberattack
where attackers intercept an existing conversation or data
transfer, either by eavesdropping or by pretending to be a
legitimate participant.
AGAMYA CYBER TECH
Masquerade Attack
• This attack exploits weaknesses in the authentication process
of the target’s network. The threat actors use stolen login
details to impersonate an authorized user, using the user’s ID
to gain access to their targeted servers.
AGAMYA CYBER TECH
Denial of Service
• A denial-of-service (DoS) attack is a type of cyber attack in which a
malicious actor aims to render a computer or other device unavailable to
its intended users by interrupting the device's normal functioning.
• DoS attacks typically function by overwhelming or flooding a targeted
machine with requests until normal traffic is unable to be processed.
AGAMYA CYBER TECH
Server-Side Pentesting
• Network-level Components:
– Firewall Penetration Testing
– IDS Penetration Testing
– Router Penetration Testing
– Server Penetration Testing
AGAMYA CYBER TECH
External Internal
– All Publicly available – All internal networks,
network applications infrastructure devices
such as website/ and applications
applications, FTP, etc. including servers, end
– Firewall, IDS, routers, points, etc.
switches, etc
– Wireless Networks
AGAMYA CYBER TECH
Types of Scanning
• Network Scanning
• Port Scanning
• Vulnerability Scanning
AGAMYA CYBER TECH
TOOLS
AGAMYA CYBER TECH
NMAP
• Nmap – Network Mapper
• It is a free and open source utility for network discovery and
security auditing.
• Useful for tasks such as network inventory, managing service
upgrade schedules, and monitoring host or service uptime.
• Developed by Gordon Lyon
• Nmap runs on all OS – Windows, Linux, MAC, etc.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
Angry IP Scanner
• Angry IP Scanner (or simply ipscan) is an open-source and
cross-platform network scanner designed to be fast and
simple to use.
• It scans IP addresses and ports as well as has many other
features.
• Scans local networks as well as Internet
• IP Range, Random or file in any format
AGAMYA CYBER TECH
AGAMYA CYBER TECH
Port Scanning
AGAMYA CYBER TECH
Port Scanning
Port states
• Open: This indicates that an application is listening for
connections on this port.
• Closed: This indicates that the probes were received but there is
no application listening on this port.
• Filtered: This indicates that the probes were not received and the
state could not be established. It also indicates that the probes
are being dropped by some kind of filtering.
• Unfiltered: This indicates that the probes were received but a
state could not be established.
• Open/Filtered: This indicates that the port was filtered or open
but Nmap couldn't establish the state.
• Closed/Filtered: This indicates that the port was filtered or closed
but Nmap couldn't establish the state.
AGAMYA CYBER TECH
UDP Scan
Fast Scan
• The -F option instructs Nmap to perform a scan of only the
100 most commonly used ports.
AGAMYA CYBER TECH
Aggressive scan
• Nmap has a special flag to activate aggressive detection,
namely -A. Aggressive mode enables OS detection (-O),
version detection (-sV), script scanning (-sC), and traceroute (-
-traceroute). Needless to say this mode sends a lot more
probes and it is more likely to be detected
AGAMYA CYBER TECH
AGAMYA CYBER TECH
• Null scan (-sN)Does not set any bits (TCP flag header is 0)
• Xmas scan (-sX) Sets the FIN, PSH, and URG flags,
AGAMYA CYBER TECH
Fragment Packets
• The -f option is used to fragment probes into 8-byte packets.
• The -f option instructs Nmap to send small 8-byte packets
thus fragmenting the probe into many very small packets.
AGAMYA CYBER TECH
Use a Decoy
• The -D option is used to mask an Nmap scan by using one or
more decoys.
• nmap -D RND:10 instructs Nmap to generate 10 random
decoys. You can also specify decoy addresses manually using
the following syntax: nmap -D decoy1,decoy2,decoy3,etc.
AGAMYA CYBER TECH
Saving results
• nmap –oN test.txt target – text format
• nmap -oX test.xml target – xml format
AGAMYA CYBER TECH
• auth • external
• broadcast • fuzzer
• brute • intrusive
• default • malware
• discovery • safe
• dos • version
• exploit • vuln
AGAMYA CYBER TECH
How to Secure
1. Apply Encryption To Data
2. Set Up A Firewall
Vulnerability Assessment
AGAMYA CYBER TECH
AGAMYA CYBER TECH
• Wireless network assessment: Used to scan Wi-Fi networks and attack vectors in
the wireless network infrastructure.
TOOLS
• Nikto
• Acunetix
• Nmap
• Nessus
AGAMYA CYBER TECH
RISK ASSESSMENT
AGAMYA CYBER TECH
IS Risk
• Potential that a given threat will exploit vulnerabilities of an
asset and there by cause harm to the organisation
• Likelihood (Probability) X Consequence (Impact) = Risk.
Audit RISK = IR X CR X DR
AGAMYA CYBER TECH
Approaches
• Top Down Approach
• Bottom-up Approach
AGAMYA CYBER TECH
Bottom-up Approach
AGAMYA CYBER TECH
Examples
Asset: Documents
Potential of integrity
Frequent errors Lack of training
and availability
AGAMYA CYBER TECH
– Example :
• Asset owner of a server : System administrator
• Risk owner : Head of IT department
AGAMYA CYBER TECH
• Qualitative
• Quantitative
AGAMYA CYBER TECH
Quantitative risk
Risk
magnitude
1–2 Info
2-4 Low
5–6 Medium
7–8 High
9 - 10 Critical
AGAMYA CYBER TECH
1 2 3 4 5
5 5 10 15 20 25
Likelihood
4 4 8 12 16 20
3 3 6 9 12 15
2 2 4 6 8 10
1 1 2 3 4 5
Impact
AGAMYA CYBER TECH
Impact
AGAMYA CYBER TECH
Yes. There’s a 33% chance that your A/C unit will fail this year,
with an ALE of $6,600. Since the cost to purchase and install a
new A/C unit is only $5,000, you should invest in the new A/C
unit
AGAMYA CYBER TECH
• AV = 5,00,000
• EF = .25
• SLE = AV x EF = 5,00,000 x .25 = 1,25,000
• ARO = .10
• ALE = SLE x ARO = 1,25,000 x .10 = 12,500
AGAMYA CYBER TECH
No. The cost of the annual insurance premium is double the ALE,
so you would be spending more than you expect to lose on an
annual basis.
AGAMYA CYBER TECH
Firewall
• A firewall is a hardware device and/ or software that prevents
unauthorized to or from a private network.
• It is placed at the junction point or gateway between two
networks, usually a private network and a public network.
AGAMYA CYBER TECH
Kinds of Firewalls
• Host Based Firewall
– s/w on host machine to control and monitor traffic in and
out of it.
Types of Firewalls
1. Packet Filtering Firewalls (Static)
2. Stateful Inspection Firewalls (Dynamic)
3. Circuit Level Gateway Firewalls
4. Application level Gateway Firewalls/ Proxy
Firewalls/Gateway Firewalls
5. Stateful Multilayer Inspection Firewalls
AGAMYA CYBER TECH
• Application level gateway would work only for the protocols which
is configured. For example, if we install a web proxy based Firewall
then it will only allow HTTP Protocol Data.
• They can Filter packets at Network layer using Acts, check for
legitimate sessions on the Session Layers and they also
evaluate packets on the Application layer (ALG)
AGAMYA CYBER TECH
Types of IDS
1.Network Based IDS
2. Host Based IDS
AGAMYA CYBER TECH
– A HIDS will look at log and config files for any unexpected
rewrites, whereas a NIDS will look at the checksums in
packets and message authentication integrity of systems
such as SHA1.
AGAMYA CYBER TECH
honeypot
• A honeypot is a security tool that can help computer systems
defend against cyber attacks in unique ways. This network-
attached system is used as a decoy to distract cyber attackers
from their real targets.
• cd pentbox
• cd pentbox-1.8
• ./pentbox.rb
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
AGAMYA CYBER TECH
VPN
• Virtual Private Network connects your PC, smartphone, or
tablet to another computer (called a server) somewhere on
the internet, and allows you to browse the internet using that
computer's internet connection.
AGAMYA CYBER TECH
• When the user connects to the web using their VPN, their
computer submits information to websites through the
encrypted connection created by the VPN. The VPN then
forwards that request and sends a response from the
requested website back to the connection.
AGAMYA CYBER TECH
AGAMYA CYBER TECH
Firewall Implementation
AGAMYA CYBER TECH
Windows Firewall
• Right-click the Windows Start button and select Control Panel.
• Click Windows Firewall.
• Click Advanced Settings.
• Click Inbound Rules, then New Rule.
• Select Port for the Rule Type, then click Next.
• Select TCP for Does this rule apply to TCP or UDP.
• Select Specific local ports, and enter the TCP port to allow, then
click Next.
– Note: See Using the SQL Error Log to Determine the SQL Port. The
standard SQL port is 1433, but can be different.
• Ensure Allow the connection is selected, then click Next.
• Select When to apply the rule (Domain, Private, or Public), then
click Next.
• Enter a Name and optional Description, then click Finish.
AGAMYA CYBER TECH
Linux Firewall
• Commands
– sudo apt-get install iptables
– sudo iptables -L (-L for list)