Lecture #8

•Cybersafety
 What is Cyber security?
• According to the National Initiative for Cybersecurity Careers and Studies  (a division of
the Department of Homeland Security),
• cyber security consists of strategy,  policy, and standards regarding the security of and
operations in cyberspace, encompassing  the full range of threat reduction,
vulnerability reduction, deterrence, international engagement, 
• incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, diplomacy,
military, and intelligence missions as they relate to the security and stability of the
global information and communications infrastructure.
• https://www.cert.kz/
• https://us-cert.cisa.gov/
•
Threats to Information Security
 Acts of Human Error or Failure
• Includes acts done without malicious
intent
• Caused by:
• Inexperience
• Improper training
• Incorrect assumptions
• Other circumstances
• Employees are greatest threats to
information security – They are closest to
the organizational data

Slide 4
Slide 5
 Internet Service Issues
• Loss of Internet service can lead to considerable loss
in the availability of information
• organizations have sales staff and telecommuters working at
remote locations
• When an organization outsources its web servers, the
outsourcer assumes responsibility for
• All Internet Services
• The hardware and operating system software used to
operate the web site

Slide 6
 Power Irregularities
Voltage levels can increase, decrease, or cease:
• spike – momentary increase
• surge – prolonged increase
• sag – momentary low voltage
• brownout – prolonged drop
• fault – momentary loss of power
• blackout – prolonged loss
• Electronic equipment is susceptible to
fluctuations, controls can be applied to
manage power quality

Slide 7
 Espionage/Trespass
• Broad category of activities
that breach confidentiality
• Unauthorized accessing of information
• Competitive intelligence vs. espionage
• Shoulder surfing can occur any place a
person is accessing confidential
information
• Controls implemented to mark
the boundaries of an
organization’s virtual territory
giving notice to trespassers
that they are encroaching on
the organization’s cyberspace
• Hackers uses skill, guile, or
fraud to steal the property of
someone else
Slide 8
Slide 9
Slide 10
 Espionage/Trespass
• Generally two skill levels among hackers:
• Expert hacker
• develops software scripts and codes exploits
• usually a master owill often create attack software and share with others
• f many skills
• Script kiddies
• hackers of limited skill
• use expert-written software to exploit a system
• do not usually fully understand the systems they hack
• Other terms for system rule breakers:
• Cracker - an individual who “cracks” or removes protection
designed to prevent unauthorized duplication
• Phreaker - hacks the public telephone network

Slide 11
 TYPES OF ATTACKS

Nontechnical attack Technical attack

Denial-of-service
Malicious code Sniffing Spoofing
attack

Virus

Worm

Trojan horse

12/42
 Deliberate Software Attacks
• When an individual or group designs
software to attack systems, they create
malicious code/software called malware
• Designed to damage, destroy, or deny service to the Trojan
target systems Horse
• Includes:
• macro virus
• boot virus Virus
• worms
• Trojan horses
• logic bombs
• back door or trap door Bomb
• denial-of-service attacks
• polymorphic
• hoaxes

Slide 13
TYPICAL SYMPTOMS
• File deletion

• File corruption

• Visual effects

• Pop-Ups

• Erratic (and unwanted) behavior

• Computer crashes
STOPPING THE TROJAN HORSE
The Horse must be “invited in” ….

How does it get in? By:

Downloading a file
Installing a program
Opening an attachment

Opening bogus Web pages

Copying a file from someone else
Slide 16
 Deliberate Software Attacks
• Challenges:
• Trojan programs that use common ports, such as TCP 80, or UDP 53, are more
difficult to detect.
• Many software firewalls can recognize port-scanning program or information
leaving a questionable port.
• However, they prompt user to allow or disallow, and users are not aware.
• Educate your network users.
• Many Trajan programs use standard ports to conduct their exploits.

Slide 17
 Deliberate Software Attacks
• Spyware
• A Spyware program sends info from the infected computer to the person who initiated the
spyware program on your computer
• Spyware program can register each keystroke entered.
• www.spywareguide.com
• Adware
• Main purpose is to determine a user’s purchasing habits so that Web browsers can display
advertisements tailored to that user.
• Slow down the computer it’s running on.
• Adware sometimes displays a banner that notifies the user of its presence
• Both programs can be installed without the user being aware of their presence

Slide 18
Slide 19
 Attack Descriptions
• IP Scan and Attack – Compromised system scans random or local
range of IP addresses and targets any of several vulnerabilities known
to hackers or left over from previous exploits
• Web Browsing - If the infected system has write access to any Web
pages, it makes all Web content files infectious, so that users who
browse to those pages become infected
• Virus - Each infected machine infects certain common executable or
script files on all computers to which it can write with virus code that
can cause infection

Slide 20
 Attack Descriptions
• Unprotected Shares - using file shares to copy viral
component to all reachable locations
• Mass Mail - sending e-mail infections to addresses found
in address book
• Simple Network Management Protocol - SNMP
vulnerabilities used to compromise and infect
• Hoaxes - A more devious approach to attacking
computer systems is the transmission of a virus hoax,
with a real virus attached

Slide 21
 Attack Descriptions
• Back Doors - Using a known or previously unknown and newly
discovered access mechanism, an attacker can gain access to a
system or network resource
• Password Crack - Attempting to reverse calculate a password
• Brute Force - The application of computing and network
resources to try every possible combination of options of a
password
• Dictionary - The dictionary password attack narrows the field
by selecting specific accounts to attack and uses a list of
commonly used passwords (the dictionary) to guide guesses

Slide 22
 Attack descriptions
• • A DoS (Denial of Service) attack aims at preventing, for
• legitimate users, authorized access to a system resource . The attacker uses
specialized software to send a flood of data packets to the target
computer with the aim of overloading its resources

• • DDoS ( distributed Denial of Service attacks)

• A denial-of-service attack in which the attacker gains illegal administrative
access to as many computers on the Internet as possible and uses the
multiple computers to send a flood of data packets to the target computer
•
Distributed Denial-of-service
(DDoS) attack

24/42
 Classification of DoS attacks
1. Bandwidth consumption:
Attacks will consume all available network bandwidth
2. Resource starvation:
Attacks will consume system resources (mainly CPU, memory,
storage space)
3. Programming flaws:
Failures of applications or OS components to handle exceptional
conditions (i.e. unexpected data is sent to a vulnerable component).
4. Routing and DNS attacks:
 manipulate routing tables.
 changing routing tables to route to attacker’s net or black hole.
 attack to DNS servers, again route to attackers or black hole.

25/42
How to know if an attack is happening?

• Not all disruptions to service are the result of a DOS. There may be technical
problems with a particular network. However, the following symptoms could
indicate a DoS or DDoS attack:
• Unusually slow network performance
• Unavailability of a particular web site
• Inability to access any web site or any resources
• Dramatic increase in the amount of spam received in the account.

26/42
 How to avoid being part of the problem?

there are no effective ways to prevent being the victim of a DoS or

DDoS attack, but these ways can help:
• Install anti-virus software
• Install a firewall,
• Applying email filters may help manage unwanted traffic

27/42
Target Machine Health

28/42
Source Machine Health

29/42
 Cryptography
• Cryptography is the general name given to the art and science of
keeping messages secret. It is not the purpose here to examine in
detail any of the mathematical algorithms that are used in the
cryptographic process, but instead to provide a general overview of
the process and its uses.
• Modern encryption systems use mathematical algorithms that are
well known and have been exposed to public testing, relying for
security on the keys used. For example, a well-known and very simple
algorithm is the Caesar cipher, which encrypts each letter of the
alphabet by shifting it forward three places. 
There are two main requirements for cryptography:

• It should be computationally infeasible to derive the plaintext from

the ciphertext without knowledge of the decryption key.
• It should be computationally infeasible to derive the ciphertext from
the plaintext without knowledge of the encryption key.
 Cryptography
• Encryption – a process that transforms information (the plaintext) into
a seemingly unintelligible form (the ciphertext) using a mathematical
algorithm and some secret information (the encryption key). The
process of decryption undoes this transformation using a mathematical
algorithm, in conjunction with some secret value (the decryption key)
that reverses the effects of the encryption algorithm. An encryption
algorithm and all its possible keys, plaintexts and ciphertexts is known
as a cryptosystem or cryptographic system. 
Symmetric key systems Asymmetric key systems

The same key is used for encryption and decryption. One key is used for encryption and a different but mathematically
related key is used for decryption.

Relies on the sender and the receiver sharing a secret key. Shared secret key exchange is not needed.

The key must be kept secret. One key (the secret key) must be kept secret, but the other key (the
public key) is published.

It should be computationally infeasible to derive the key or the It should be computationally infeasible to derive the decryption key
plaintext given the algorithm and a sample of ciphertext. given the algorithm, the encryption key and a sample of ciphertext.

Faster and computationally less demanding than public key Slower and computationally more demanding than symmetric key
encryption. encryption.
Asymmetric Algorithm
RSA (named after its creators–Rivest, Shamir and Adleman)
DSS (Digital Signature Standard 1)
Description
A block cipher first published in 1978 and used for both
encryption and authentication. Its security is based on the
problem of factoring large integers, so any advances in the
mathematical methods of achieving this will affect the
algorithm's vulnerability.
Developed by the US National Security Agency (NSA). Can
be used only for digital signatures and not for encryption or
key distribution.
Symmetric Algorithm Description

DES (Data Encryption Standard) A block cipher with a 56-bit key. Adopted in 1977 by the US National
Security Agency (NSA) as the US Federal standard, it has been one of the
most widely used encryption algorithms but, as computers have become
more powerful, it is now considered to have become too weak.

Triple-DES (or 3DES) A variant of DES developed to increase its security. It has several forms;
each operates on a block three times using the DES algorithm, thus
effectively increasing the key length. Some variants can use three
different keys, the same key three times, or use an encryption–
decryption–encryption mode.

IDEA(International Data Encryption Algorithm) A block cipher with a 128-bit key published in 1990. It encrypts data
faster than DES and is considered to be a more secure algorithm.

Blowfish A compact and simple block cipher with a variable-length key of up to

448 bits.
RC2 (Rivest cipher no. 2) A block cipher with a variable-length key of up to 2048 bits. The details
of the algorithm used have not been officially published.

RC4 (Rivest cipher no. 4) A stream cipher with a variable-length key of up to 2048 bits.