ICT 202 Cyber Security

Webinar – Week 2
Basics of Cyber Security

Courtesy of Pixabay
TEQSA: PRV14311
CRICOS: 03836J 1
 Copyright Disclaimer
• All staff and students are required to abide by the Copyright Act 1968, when providing, accessing
and using learning resources and materials. Some resources are provided under the statutory
licence, and you are required to see this notice:

• WARNING
This material has been reproduced and communicated to you by or on behalf of Sydney
International School of Business and Technology in accordance with section 113P of the Copyright
Act 1968 (Act). The material in this communication may be subject to copyright under the Act. Any
further reproduction or communication of this material by you may be the subject of copyright
protection under the Act.

Do not remove this notice.

TEQSA: PRV14311
CRICOS: 03836J 2
 Week 2 Learning Outcomes

By the end of
this week,
you should be An understanding of basic concepts of Cyber Security
able to
demonstrate:

TEQSA: PRV14311
CRICOS: 03836J 3
 ICT 202 Cyber Security
Unit Coordinator: Dr. Saman Shojae
Lecturer: Dr. Saman Shojae

Any Questions?

Email:
• samans@sistc.nsw.edu.au

TEQSA: PRV14311
CRICOS: 03836J 4
 Weekly Learning Goals

READ CHAPTER 1 AND 2 ATTEND WEBINAR WATCH VIDEO TUTORIALS

OF PRESCRIBED TEXT

TEQSA: PRV14311
CRICOS: 03836J 5
 What is Security?
• “A state of being secure and free from danger or harm; the actions taken to make
someone or something secure.”

• A successful organisation should have multiple layers of security in place to protect:

Operations Physical People Functions Communication Information

Infrastructure Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 6 6
 Business Needs First

Protecting the data

Protecting the
and information the
organization’s ability
organization
to function
collects and uses

Enabling the safe

operation of Safeguarding
applications running
organisation’s
on the
technology assets
organisation’s IT
systems

Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
Cyber Security is a Business Risk, Not Just an IT Proble

TEQSA: PRV14311
CRICOS: 03836J 7 7
 Cyber Security Fundamentals
• An important aspect of computer security is the identification of vulnerabilities in
computer systems, which can, for instance, allow a malicious user to gain access to
private data and even assume full control of a machine.
• Vulnerabilities enable a variety of attacks.
• Analysis of these attacks can determine the severity of damage that can be inflicted
and the likelihood that the attack can be further replicated.
• Actions that need to be taken to defend against attacks include
• Identifying compromised machines
• Removing the malicious code
• Patching systems to eliminate the vulnerability

TEQSA: PRV14311
CRICOS: 03836J 8
 Confidentiality, Integrity and Availability (CIA)

Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 9
 Confidentiality
• In the context of computer security, confidentiality is the avoidance of the
unauthorized disclosure of information.
• Confidentiality involves the protection of data, providing access for those who are
allowed to see it while disallowing others from learning anything about its content.
• Tools to Protect Sensitive Information
• Encryption
• Access Control
• Authentication
• Authorization
• Physical Security

TEQSA: PRV14311
CRICOS: 03836J 10
 Encryption
• The transformation of information using a secret, called an
encryption key, so that the transformed information can only be
read using another secret, called the decryption key (which may, in
some cases, be the same as the encryption key).
• To be secure, an encryption scheme should make it extremely
difficult for someone to determine the original information
without use of the decryption key.

TEQSA: PRV14311
CRICOS: 03836J 11
 Access Control
• Rules and policies that limit access to confidential information to
those people and/or systems with a “need to know.”
• This need to know may be determined by
• Identity, such as a person’s name or a computer’s serial
number, or
• A role that a person has, such as being a manager or a
computer security specialist.

TEQSA: PRV14311
CRICOS: 03836J 12
 Authentication

• The determination of the identity or role that someone has.

• This determination can be done in a number of different ways,
but it is usually based on
• Something the person has (like a smart card)
• Something the person knows (like a password)
• Something the person is (like a human with a fingerprint).

TEQSA: PRV14311
CRICOS: 03836J 13
 Authentication

TEQSA: PRV14311
CRICOS: 03836J 14
 Authorization and Physical Security
• Authorization
• The determination if a person or system is allowed access to resources,
based on an access control policy.
• Such authorizations should prevent an attacker from tricking the system
into letting him have access to protected resources.
• Physical Security
• The establishment of physical barriers to limit access to protected
computational resources.
• Such barriers include locks on cabinets and doors etc.

TEQSA: PRV14311
CRICOS: 03836J 15
 Integrity
• Another important aspect of information security is integrity, which is the property that
information has not be altered in an unauthorized way.
• There are a number of ways that data integrity can be compromised in computer
systems and networks, and these compromises can be malicious.
• For example
• A malicious compromise might come from a computer virus that infects our system
and deliberately changes some the files of our operating system.
• Tools for integrity
• Backups
• Checksums
• Data Correcting Codes

TEQSA: PRV14311
CRICOS: 03836J 16
 Tools for Integrity
Backups:
• The periodic archiving of data. This archiving is done so that data files can be restored should
they ever be altered in an unauthorized or unintended way.
Checksum:
• The computation of a function that maps the contents of a file to a numerical value.
• A checksum function depends on the entire contents of a file and is designed in a way that
even a small change to the input file (such as flipping a single bit) is highly likely to result in a
different output value.
• TCP, UDP, IP use Checksum to check integrity.
• Routers calculate checksum when they receive a packet. Packet whose checksum failed is
discarded.

TEQSA: PRV14311
CRICOS: 03836J 17
 Tools for Integrity
Data Correcting Codes:
• Methods for storing data in such a way that small changes can be easily
detected and automatically corrected.
• These codes are typically applied to small units of storage (e.g., at the byte
level or memory word level), but there are also data-correcting codes that
can be applied to entire files as well.
• Tools for achieving data integrity all possess a common trait—they use
redundancy.
• That is, they involve the replication of some information content or functions of the
data so that we can detect and sometimes even correct breaches in data integrity.

TEQSA: PRV14311
CRICOS: 03836J 18
 Availability

• It is the property that information is accessible and modifiable in a timely fashion by

those authorized to do so.
• Information that is locked in a cast-iron safe high on a Tibetan mountain and
guarded round the clock by a devoted army of ninjas may be considered safe, but it
is not practically secure from an information security perspective if it takes us weeks
or months to reach it.
Tools for Availability
• Physical Protections
• Computational Redundancies

TEQSA: PRV14311
CRICOS: 03836J 19
 Tools for Availability
Physical protections:
• Infrastructure meant to keep information available even in the event of physical
challenges.
• Such protections can include buildings housing critical computer systems to be
constructed to withstand storms, earthquakes, and bomb blasts.
Computational redundancies:
• Computers and storage devices that serve as fallbacks in the case of failures. For
example, redundant arrays of inexpensive disks (RAID) use storage redundancies to keep
data available to their clients.
• Also, web servers are often organized in multiples called “farms” so that the failure of
any single computer can be dealt with without degrading the availability of the web site.

TEQSA: PRV14311
CRICOS: 03836J 20
 Availability is Important

• An attacker who otherwise doesn’t care about the confidentiality or

integrity of data may choose to attack its availability.

TEQSA: PRV14311
CRICOS: 03836J 21
 Security Professionals and the Organization

• Wide range of professionals are required to support a diverse Information

Security program.

• Senior management is the key component.

• Chief Information Officer (CIO)
• Chief Information Security Officer (CISO)

• Additional administrative support and technical expertise are required to

implement details of the Information Security program.
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 22 22
 Senior Management
• Chief Information Officer (CIO):
• Senior technology officer
• Primarily responsible for advising the senior executives on strategic
planning.

• Chief Information Security Officer (CISO):

• Has primary responsibility for assessment, management, and
implementation of Information Systems in the organisation
• Usually reports directly to the CIO.
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 23 23
 Data Responsibilities
• Data Owners: Senior management responsible for the security and use of a particular set
of information.
• Data Custodians: Responsible for the information and systems that process, transmit, and
store it.
• Data Users: Individuals with an information security role.

https://www.youtube.com/watch?v=03bt8zMoIkQ

Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 24 24
 Information Security Project Team
• A small functional team of people who are experienced in one or multiple
facets of required technical and nontechnical areas:

• Champion
• Team leader
• Security policy developers
• Risk assessment specialists
• Security professionals
• Systems administrators
• End users.
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 25 25
 Balancing Information Security and Access

• Security should be considered a

balance between protection and
availability.

• To achieve balance, the level of

security must allow reasonable
access, yet protect against threats.

Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 26 26
 Approaches to Information Security Implementation

Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 27 27
 The 12 Categories of Threats to Information Security
Category of Threat Attack Examples

Compromises to intellectual property Piracy, copyright infringement

Deviations in equality of service Internet service provider (ISP), power, or WAN service problems

Espionage or trespass Unauthorised access and/or data collection

Forces of nature Fire, floods, earthquakes. lightning

Human error or failure Accidents, employee mistakes

Information extortion Blackmail, information disclosure

Sabotage or vandalism Destruction of systems or information

Software attacks Viruses, worms, macros, denial of service

Technical hardware failures or errors Equipment failure

Technical software failures or errors Bugs, code problems, unknown loopholes

Technological obsolescence Antiquated or outdated technologies
Theft Illegal confiscation of equipment or information

Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 28 28
 Threats and Attacks
1. Eavesdropping:
• The interception of information intended for someone else during its
transmission over a communication channel.
• Examples: include packet sniffers (e.g. Wireshark), which monitor nearby
Internet traffic, such as in a wireless access location.
• This is an attack on confidentiality.

TEQSA: PRV14311
CRICOS: 03836J 29
 Threats and Attacks
2. Masquerading:
• The fabrication of information that is purported to be from someone who is not actually the
author.
• Examples of masquerading attacks include
• Phishing
• Which creates a web site that looks like a real bank or other e-commerce site, but is
intended only for gathering passwords.
• Spoofing
• Which may involve sending on a network data packets that have false return addresses.
• Example: Internet Protocol (IP) Spoofing Attack.
• Man in the Middle (MITM) Attack

TEQSA: PRV14311
CRICOS: 03836J 30
 Man-in-the-Middle (MITM) Attack

Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.

TEQSA: PRV14311
CRICOS: 03836J 31 31
 MITM Attack

https://www.youtube.com/watch?v=fbXu8EX0hsI

TEQSA: PRV14311
CRICOS: 03836J 32 32
 Threats and Attacks

3. Denial-of-Service (DoS): the interruption or degradation of a

data service or information access.
• Denial of service is an attack on availability.
• Examples include email spam, to the degree that it is meant to
simply fill up a mail queue and slow down an email server.
• Other examples include TCP SYN Flood attack, UDP Flood attack
etc.

TEQSA: PRV14311
CRICOS: 03836J 33
 Distributed Denial of Service (DDoS) Attack

• Attack which involves use of multiple compromised systems to cause a loss

of service to its intended users by depleting the bandwidth and other
computational resources of the target system or network is called as a DDoS
attack.
• When customer or internal services go down due to DDoS attacks, the
impact is usually severe and affects the business in multiple ways. These
include
•Lost revenue/profit and lower productivity
•Breaches of Service Level Agreement (SLA) contracts
•Tarnished reputation

TEQSA: PRV14311
CRICOS: 03836J 34
 Example - - - TCP SYN DDoS Attack
• A SYN flood is a form of denial-of-service attack in which an attacker
sends a succession of TCP SYN requests to a target's system in an attempt
to consume enough server resources to make the system unresponsive to
legitimate traffic.
• TCP 3-Way Handshake
• The client requests a connection by sending a SYN (synchronize) message to the
server.
• The server acknowledges this request by sending SYN-ACK back to the client.
• The client responds with an ACK, and the connection is established.
• A SYN flood attack works by not responding to the server with the
expected ACK.

TEQSA: PRV14311
CRICOS: 03836J 35
 Example - - - TCP SYN DDoS Attack
• The systems in botnet spoof the source IP address in the SYN packet and
send to server.
• It causes the server to send the SYN-ACK to a falsified IP address -
which will not send an ACK because it "knows" that it never sent a SYN.
• The server will wait for the acknowledgement for some time, as simple
network congestion could also be the cause of the missing ACK.
• Large numbers of ”half-open connections” will bind resources on the
server until no new connections can be made, resulting in a denial of
service to legitimate traffic.

TEQSA: PRV14311
CRICOS: 03836J 36
 Example - - -TCP SYN DDoS Attack

TCP 3-Way Handshake TCP SYN Attack

TEQSA: PRV14311
CRICOS: 03836J 37
 Example - - - TCP SYN DDoS
Attack

Slide from http://en.nsfocus.com

TEQSA: PRV14311
CRICOS: 03836J 38
 Threats and Attacks
4. Repudiation:
• A repudiation attack occurs when the user denies the fact that he or she has
performed a certain action or has initiated a transaction.
• A user can simply deny having knowledge of the transaction or
communication and later claim that such transaction or communication
never took place.
• Electronic information is more susceptible to repudiation attacks than
information in the physical form.
• Digital Signatures for non-repudiation.
• More details later in the course.

TEQSA: PRV14311
CRICOS: 03836J 39
 Your Tasks For The Week

• Work on Lab 1
• Read Chapter 1 and 2 of the prescribed Textbook
• Revise today’s lecture
• Watch videos that were mentioned in today’s lecture

TEQSA: PRV14311
CRICOS: 03836J 40
 Any Questions?

TEQSA: PRV14311
CRICOS: 03836J 41