What is Cyber Security?

• The technique of protecting internet-

connected systems such as computers,
servers, mobile devices, electronic systems,
networks, and data from malicious attacks is
known as cybersecurity. 
• Cyber Security is the body of technologies,
processes, and practices designed to protect
networks, devices, programs, and data from
attack, theft, damage, modification or
unauthorized access."
• "Cyber Security is the set of principles and
practices designed to protect our computing
resources and online information against
threats."
 Types of Cyber Security

• Network Security: It involves implementing

the hardware and software to secure a
computer network from unauthorized access,
intruders, attacks, disruption, and misuse.
• This security helps an organization to protect
its assets against external and internal threats.
 Types of Cyber Security

• Application Security: It involves protecting the

software and devices from unwanted threats.
This protection can be done by constantly
updating the apps to ensure they are secure
from attacks. Successful security begins in the
design stage, writing source code, validation,
threat modeling, etc., before a program or
device is deployed.
 Types of Cyber Security

• Information or Data Security: It involves

implementing a strong data storage
mechanism to maintain the integrity and
privacy of data, both in storage and in transit.
 Types of Cyber Security

• Identity management: 
• It deals with the procedure for determining
the level of access that each individual has
within an organization.
 Types of Cyber Security

• Mobile Security: It involves securing the

organizational and personal data stored on
mobile devices such as cell phones,
computers, tablets, and other similar devices
against various malicious threats. These
threats are unauthorized access, device loss or
theft, malware, etc.
 Types of Cyber Security

• Cloud Security: It involves in protecting the

information stored in the digital environment
or cloud architectures for the organization. It
uses various cloud service providers such as
AWS, Azure, Google, etc., to ensure security
against multiple threats.
 Types of Cyber Security Threats

• A threat in cybersecurity is a malicious activity

by an individual or organization to corrupt or
steal data, gain access to a network, or
disrupts digital life in general.
 Malware

• Malware means malicious software, which is

the most common cyber attacking tool.
• It is used by the cybercriminal or hacker to
disrupt or damage a legitimate user's system.
 Virus
• It is a malicious piece of code that spreads
from one device to another. It can clean files
and spreads throughout a computer system,
infecting files, stoles information, or damage
device.
 Spyware
• It is a software that secretly records
information about user activities on their
system.
 Trojans
• It is a type of malware or code that appears as
legitimate software or file to fool us into
downloading and running. Its primary purpose
is to corrupt or steal data from our device or
do other harmful activities on our network.
 Ransomware
• It's a piece of software that encrypts a user's
files and data on a device, rendering them
unusable or erasing
 Worms
• It is a piece of software that spreads copies of
itself from device to device without human
interaction. It does not require them to attach
themselves to any program to steal or damage
the data.
 Adware
• It is an advertising software used to spread
malware and displays advertisements on our
device.
• It is an unwanted program that is installed
without the user's permission.
 Botnets
• It is a collection of internet-connected
malware-infected devices that allow
cybercriminals to control them. It enables
cybercriminals to get credentials leaks,
unauthorized access, and data theft without
the user's permission.
 Phishing

• Phishing is a type of cybercrime in which a

sender seems to come from a genuine
organization like PayPal, eBay, financial
institutions, or friends and co-workers. They
contact a target or targets via email, phone, or
text message with a link to persuade them to
click on that links.
• This link will redirect them to fraudulent
websites to provide sensitive data such as
personal information, banking and credit card
information, social security numbers,
usernames, and passwords. Clicking on the
link will also install malware on the target
devices that allow hackers to control devices
remotely.
 Man-in-the-middle (MITM) attack

• A man-in-the-middle attack is a type of cyber

threat (a form of eavesdropping attack) in
which a cybercriminal intercepts a
conversation or data transfer between two
individuals.  
 Distributed denial of service (DDoS)

• It is a type of cyber threat or malicious

attempt where cybercriminals disrupt targeted
servers, services, or network's regular traffic
by fulfilling legitimate requests to the target or
its surrounding infrastructure with Internet
traffic. 
 Brute Force

• A brute force attack is a cryptographic hack

that uses a trial-and-error method to guess all
possible combinations until the correct
information is discovered.
• Cybercriminals usually use this attack to
obtain personal information about targeted
passwords, login info, encryption keys, and
Personal Identification Numbers (PINS).
 SQL Injection (SQLI)

• SQL injection is a common attack that occurs

when cybercriminals use malicious SQL scripts
for backend database manipulation to access
sensitive information.
• Once the attack is successful, the malicious
actor can view, change, or delete sensitive
company data, user lists, or private customer
details stored in the SQL database.
 Domain Name System (DNS) attack

• A DNS attack is a type of cyber attack in which

cyber criminals take advantage of flaws in the
Domain Name System to redirect site users to
malicious websites (DNS hijacking) and steal
data from affected computers
• Communication: Cyber attackers can use
phone calls, emails, text messages, and
messaging apps for cyberattacks.
• Finance: This system deals with the risk of
financial information like bank and credit card
detail. This information is naturally a primary
target for cyber attackers.
• Governments: The cybercriminal generally
targets the government institutions to get
confidential public data or private citizen
information.
• Transportation: In this system, cybercriminals
generally target connected cars, traffic control
systems, and smart road infrastructure.
• Healthcare: A cybercriminal targets the
healthcare system to get the information
stored at a local clinic to critical care systems
at a national hospital.
• Education: A cybercriminals target educational
institutions to get their confidential research
data and information of students and
employees.
 Cyber Security Goals

• Protect the confidentiality of data.

• Preserve the integrity of data.
• Promote the availability of data for authorized
users.
 Confidentiality

• Confidentiality is roughly equivalent to privacy and

avoids the unauthorized disclosure of information.
• It involves the protection of data, providing access
for those who are allowed to see it while disallowing
others from learning anything about its content.
• It prevents essential information from reaching the
wrong people while making sure that the right
people can get it. Data encryption is a good example
to ensure confidentiality.
 Encryption

• Encryption is a method of transforming

information to make it unreadable for
unauthorized users by using an algorithm.
• The transformation of data uses a secret key
(an encryption key) so that the transformed
data can only be read by using another secret
key (decryption key). 
 Access control

• Access control defines rules and policies for

limiting access to a system or to physical or
virtual resources. It is a process by which users
are granted access and certain privileges to
systems, resources or information. 
 Authentication

• An authentication is a process that ensures and

confirms a user's identity or role that someone
has. It can be done in a number of different ways,
but it is usually based on a combination of-
• something the person has (like a smart card or a
radio key for storing secret keys),
• something the person knows (like a password),
• something the person is (like a human with a
fingerprint).
 Authorization

• Authorization is a security mechanism which

gives permission to do or have something. It is
used to determine a person or system is
allowed access to resources, based on an
access control policy, including computer
programs, files, services, data and application
features.
 Integrity

• Integrity refers to the methods for ensuring

that data is real, accurate and safeguarded
from unauthorized user modification.
• It is the property that information has not be
altered in an unauthorized way, and that
source of the information is genuine.
 Backups

• Backup is the periodic archiving of data. It is a

process of making copies of data or data files
to use in the event when the original data or
data files are lost or destroyed.
 Checksums

• A checksum is a numerical value used to verify

the integrity of a file or a data transfer. In
other words, it is the computation of a
function that maps the contents of a file to a
numerical value.
• They are typically used to compare two sets of
data to make sure that they are the same. 
 Availability

• Availability is the property in which

information is accessible and modifiable in a
timely fashion by those authorized to do so.
• Tools for Availability
• Physical Protections
• Computational Redundancies
 Types of Cyber Attackers

• Cyber Criminals
• Cybercriminals are individual or group of
people who use technology to commit
cybercrime with the intention of stealing
sensitive company information or personal
data and generating profits.
• Hacktivists
• Hacktivists are individuals or groups of hackers
who carry out malicious activity to promote a
political agenda, religious belief, or social
ideology
• State-sponsored Attacker
• State-sponsored attackers have particular
objectives aligned with either the political,
commercial or military interests of their
country of origin.
• Insider Threats
• These type of threats are usually occurred
from employees or former employees, but
may also arise from third parties, including
contractors, temporary workers, employees or
customers.
• E-Commerce refers to the activity of buying and
selling things over the internet.
• E-commerce can be drawn on many technologies
such as mobile commerce, Internet marketing,
online transaction processing, electronic funds
transfer, supply chain management, electronic
data interchange (EDI), inventory management
systems, and automated data collection systems.
 Electronic payments system

• With the rapid development of the computer,

mobile, and network technology, e-commerce
has become a routine part of human life.
• In e-commerce, the customer can order
products at home and save time for doing
other things.
 The Risk of Fraud

• An electronic payment system has a huge risk

of fraud. The computing devices use an
identity of the person for authorizing a
payment such as passwords and security
questions
Types of Personal Records
• Authentication verifies the identity of a user to
prevent unauthorized access. Users prove
their identity with a username or ID
• Authorization services determine which
resources users can access, along with the
operations that users can perform
 Principle of Data Integrity

• Integrity is the accuracy, consistency, and

trustworthiness of data during its entire life
cycle. Another term for integrity is quality.
• Methods used to ensure data integrity include
hashing, data validation checks, data
consistency checks, and access controls.
 Integrity Checks

• A checksum is one example of a hash function.

A checksum verifies the integrity of files, or
strings of characters, before and after they
transfer from one device to another across a
local network or the Internet.
• Checksums simply convert each piece of
information to a value and sum the total. To
test the data integrity, a receiving system just
repeats the process.
• If the two sums are equal, the data is valid
• If they are not equal, a change occurred
somewhere along the line
• Common hash functions include MD5, SHA-1,
SHA-256, and SHA-512.
• These hash functions use complex
mathematical algorithms.
 The Principle of Availability

• Data availability is the principle used to

describe the need to maintain availability of
information systems and services at all times.
Cyberattacks and system failures can prevent
access to information systems and services.
 :
Cyber security Threats, Vulnerabilities, and Attacks

• A threat is the possibility that a harmful event,

such as an attack, will occur.
• A vulnerability is a weakness that makes a
target susceptible to an attack.
 What is Malware?

• Malicious software, or malware, is a term used

to describe software designed to disrupt
computer operations, or gain access to
computer systems, without the user's
knowledge or permission.
• Malware has become an umbrella term used
to describe all hostile or intrusive software.
• A virus is malicious executable code attached
to another executable file, such as a legitimate
program. Most viruses require end-user
initiation, and can activate at a specific time or
date. Computer viruses usually spread in one
of three ways: from removable media; from
downloads off the Internet; and from email
attachments
 Worms

 
Worms are malicious code that replicates by
independently exploiting vulnerabilities in
networks. Worms usually slow down
networks. Whereas a virus requires a host
program to run, worms can run by themselves
 Trojan horse

 
A Trojan horse is malware that carries out
malicious operations under the guise of a
desired operation such as playing an online
game.
This malicious code exploits the privileges of
the user that runs it
 Logic Bombs

• A logic bomb is a malicious program that uses

a trigger to awaken the malicious code.
• The logic bomb remains inactive until that
trigger event happens. Once activated, a logic
bomb implements a malicious code that
causes harm to a computer.
 Backdoors and Rootkits

• A backdoor refers to the program or code

introduced by a criminal who has
compromised a system.
• The backdoor by passes the normal
authentication used to access a system.
• A few common backdoor programs are Netbus
and Back Orifice, which both allow remote
access to unauthorized system users.
 Spam

• Email is a universal service used by billions

worldwide. As one of the most popular
services, email has become a major
vulnerability to users and organizations. Spam,
also known as junk mail, is unsolicited email.
In most cases, spam is a method of
advertising.
• Spyware, Adware, and Scareware
• Spyware is software that enables a criminal to
obtain information about a user’s computer
activities.
• Spyware often includes activity trackers,
keystroke collection, and data capture
• Adware typically displays annoying pop-ups to
generate revenue for its authors. The malware
may analyze user interests by tracking the
websites visited.
 Phishing

• Phishing is a form of fraud. Cyber criminals use

email, instant messaging, or other social
media to try to gather information such as
login credentials or account information by
masquerading as a reputable entity or person.
Phishing occurs when a malicious party sends
a fraudulent email disguised as being from a
legitimate, trusted source
 Browser Plugins and Browser Poisoning

• Security breaches can affect web browsers by

displaying pop-up advertising, collecting
personally identifiable information, or
installing adware, viruses, or spyware.
• A criminal can hack a browser’s executable
file, a browser’s components, or its plugins.
 Social Engineering

• Social engineering is a completely non-

technical means for a criminal to gather
information on a target.
• Social engineering is an attack that attempts
to manipulate individuals into performing
actions or divulging confidential information.
 Sniffing

• Sniffing is similar to eavesdropping on

someone. It occurs when attackers examine all
network traffic as it passes through their NIC,
independent of whether or not the traffic is
addressed to them or not.
• Criminals accomplish network sniffing with a
software application, hardware device, or a
combination of the two.
 Spoofing

• Spoofing is an impersonation attack, and it

takes advantage of a trusted relationship
between two systems.
• If two systems accept the authentication
accomplished by each other, an individual
logged onto one system might not go through
an authentication process again to access the
other system
 Keyboard Logging

• Keyboard logging is a software program that

records or logs the keystrokes of the user of
the system.
• Criminals can implement keystroke loggers
through software installed on a computer
system or through hardware physically
attached to a computer.
• Creating Ciphertext
• Each encryption method uses a specific
algorithm, called a cipher, to encrypt and
decrypt messages. A cipher is a series of well-
defined steps used to encrypt and decrypt
messages
• Key management is the most difficult part of
designing a cryptosystem.
• Many cryptosystems have failed because of
mistakes in their key management, and all
modern cryptographic algorithms require key
management procedures
 Symmetric algorithms
These algorithms use the same pre-shared key,
sometimes called a secret key pair, to encrypt
and decrypt data.
Both the sender and receiver know the pre-
shared key before any encrypted
communication begins
 Asymmetric algorithms
Asymmetrical encryption algorithms use one key
to encrypt data and a different key to decrypt
data. One key is public and the other is
private. In a public-key encryption system, any
person can encrypt a message using the public
key of the receiver, and the receiver is the only
one that can decrypt it using his private key
 Block Ciphers

 
• Block ciphers transform a fixed-length block of
plaintext into a common block of ciphertext of
64 or 128 bits. Block size is the amount of data
encrypted at any one time.
• To decrypt this ciphertext, apply the reverse
transformation to the ciphertext block, using
the same secret key.
 Identification Controls

• What You Know

• Passwords, passphrases, or PINs are all
examples of something that the user knows.
Passwords are the most popular method used
for authentication
• https://www.security.org/how-secure-is-my-p
assword/
• https://privacycanada.net/strong-password-ge
nerator/
• What You Have
• Smart cards and security key fobs are both
examples of something that users have in their
possession.
• Who You Are
• A unique physical characteristic, such as a
fingerprint, retina, or voice, that identifies a
specific user is called biometrics. Biometric
security compares physical characteristics
against stored profiles to authenticate users.
• Physiological characteristics – these include
fingerprints, DNA, face, hands, retina, or ear
features
• Behavioral characteristics - include patterns of
behavior, such as gestures, voice, typing
rhythm, or the way a user walks
• Multi-factor Authentication
• Multi-factor authentication uses at least two
methods of verification. A security key fob is a
good example. The two factors are something
you know, such as a password, and something
you have, such as a security key fob. Take this
a step further by adding something you are,
such as a fingerprint scan.
 Preventive Controls

• Prevent means to keep something from

happening. Preventive access controls stop
unwanted or unauthorized activity from
happening.
• For an authorized user, a preventive access
control means restrictions. Assigning user
specific privileges on a system is an example of
a preventive control
 Detective Controls

• Detection is the act or process of noticing or

discovering something. Access control
detections identify different types of
unauthorized activity.
• Detection systems can be very simple, such as
a motion detector or security guard. They can
also be more complex, such as an intrusion
detection system
Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate “securely”
• Trudy (intruder) may intercept, delete, add messages

Alice Bob
channel data, control
messages

data secure secure data

s
sender receiver

Trudy

Security 8-99
 Who might Bob, Alice be?
• … well, real-life Bobs and Alices!
• Web browser/server for electronic transactions
(e.g., on-line purchases)
• on-line banking client/server
• DNS servers
• routers exchanging routing table updates
• other examples?

Security 8-100
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: A lot! See section 1.6
– eavesdrop: intercept messages
– actively insert messages into connection
– impersonation: can fake (spoof) source address in
packet (or any field in packet)
– hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
– denial of service: prevent service from being used
by others (e.g., by overloading resources)

Security 8-101
 The language of cryptography

Alice’s Bob’s
K encryption K decryption
A
key Bkey

plaintext encryption ciphertext decryption plaintext

algorithm algorithm

m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))

Security 8-102
 Breaking an encryption scheme
• cipher-text only attack: Trudy •hasknown-plaintext
ciphertext she can
attack:
analyze
• two approaches: Trudy has plaintext
corresponding to ciphertext
– brute force: search through all keys
– e.g., in
– statistical analysis
monoalphabetic
cipher, Trudy
determines pairings
for a,l,i,c,e,b,o,
• chosen-plaintext attack:
Trudy can get ciphertext for
chosen plaintext

Security 8-103
 Symmetric key cryptography

KS KS

plaintext encryption ciphertext decryption plaintext

message, m algorithm algorithm
K (m) m = KS(KS(m))
S

symmetric key crypto: Bob and Alice share same (symmetric)

key: KS
• e.g., key is knowing substitution pattern in mono alphabetic
substitution cipher
Q: how do Bob and Alice agree on key value?

Security 8-104
 Simple encryption scheme
substitution cipher: substituting one thing for another
 monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

e.g.: Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc

Encryption key: mapping from set of 26

letters
to set of 26 letters Security 8-105
 Symmetric key crypto: DES
DES: Data Encryption Standard
• US encryption standard [NIST 1993]
• 56-bit symmetric key, 64-bit plaintext input
• block cipher with cipher block chaining
• how secure is DES?
– DES Challenge: 56-bit-key-encrypted phrase
decrypted (brute force) in less than a day
– no known good analytic attack
• making DES more secure:
– 3DES: encrypt 3 times with 3 different keys

Security 8-106
 Symmetric key
crypto: DES

DES operation
initial permutation
16 identical “rounds” of
function application,
each using different 48
bits of key
final permutation

Security 8-107
 Social Steganography

• Social steganography hides information in

plain sight by creating a message that can be
read a certain way by some to get the
message. Others who view it in a normal way
will not see the message
• . Teens on social media use this tactic to
communicate with their closest friends while
keeping others, like their parents, unaware of
what the message actually means. For
example, the phrase “going to the movies”
might mean “going to the beach”.
 Detection

• Steganalysis is the discovery that hidden

information exists. The goal of steganalysis is
to discover the hidden information.
• Patterns in the stego-image create suspicion.
For example, a disk may have unused areas
that hide information. Disk analysis utilities
can report on hidden information in unused
clusters of storage devices.
 Obfuscation

• Data obfuscation is the use and practice of

data masking and steganography techniques
in the cybersecurity and cyber intelligence
profession.
• Obfuscation is the art of making the message
confusing, ambiguous, or harder to
understand.
• A system may purposely scramble messages
to prevent unauthorized access to sensitive
information.
 DES
• DES is an implementation of a Feistel Cipher. It
uses 16 round Feistel structure. The block size
is 64-bit. Though, key length is 64-bit, DES has
an effective key length of 56 bits, since 8 of
the 64 bits of the key are not used by the
encryption algorithm (function as check bits
only).
DES
• Round Function
• The heart of this cipher is the DES function, f.
The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.
• XOR (Whitener). − After the expansion permutation,
DES does XOR operation on the expanded right
section and the round key. The round key is used
only in this operation.
• Substitution Boxes. − The S-boxes carry out the real
mixing (confusion). DES uses 8 S-boxes, each with a
6-bit input and a 4-bit output. Refer the following
illustration −
• Key Generation
• The round-key generator creates sixteen 48-
bit keys out of a 56-bit cipher key.