Professional Documents
Culture Documents
Webinar – Week 2
Basics of Cyber Security
Courtesy of Pixabay
TEQSA: PRV14311
CRICOS: 03836J 1
Copyright Disclaimer
• All staff and students are required to abide by the Copyright Act 1968, when providing, accessing
and using learning resources and materials. Some resources are provided under the statutory
licence, and you are required to see this notice:
• WARNING
This material has been reproduced and communicated to you by or on behalf of Sydney
International School of Business and Technology in accordance with section 113P of the Copyright
Act 1968 (Act). The material in this communication may be subject to copyright under the Act. Any
further reproduction or communication of this material by you may be the subject of copyright
protection under the Act.
TEQSA: PRV14311
CRICOS: 03836J 2
Week 2 Learning Outcomes
By the end of
this week,
you should be An understanding of basic concepts of Cyber Security
able to
demonstrate:
TEQSA: PRV14311
CRICOS: 03836J 3
ICT 202 Cyber Security
Unit Coordinator: Dr. Saman Shojae
Lecturer: Dr. Saman Shojae
Any Questions?
Email:
• samans@sistc.nsw.edu.au
TEQSA: PRV14311
CRICOS: 03836J 4
Weekly Learning Goals
TEQSA: PRV14311
CRICOS: 03836J 5
What is Security?
• “A state of being secure and free from danger or harm; the actions taken to make
someone or something secure.”
TEQSA: PRV14311
CRICOS: 03836J 6 6
Business Needs First
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
Cyber Security is a Business Risk, Not Just an IT Proble
TEQSA: PRV14311
CRICOS: 03836J 7 7
Cyber Security Fundamentals
• An important aspect of computer security is the identification of vulnerabilities in
computer systems, which can, for instance, allow a malicious user to gain access to
private data and even assume full control of a machine.
• Vulnerabilities enable a variety of attacks.
• Analysis of these attacks can determine the severity of damage that can be inflicted
and the likelihood that the attack can be further replicated.
• Actions that need to be taken to defend against attacks include
• Identifying compromised machines
• Removing the malicious code
• Patching systems to eliminate the vulnerability
TEQSA: PRV14311
CRICOS: 03836J 8
Confidentiality, Integrity and Availability (CIA)
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
TEQSA: PRV14311
CRICOS: 03836J 9
Confidentiality
• In the context of computer security, confidentiality is the avoidance of the
unauthorized disclosure of information.
• Confidentiality involves the protection of data, providing access for those who are
allowed to see it while disallowing others from learning anything about its content.
• Tools to Protect Sensitive Information
• Encryption
• Access Control
• Authentication
• Authorization
• Physical Security
TEQSA: PRV14311
CRICOS: 03836J 10
Encryption
• The transformation of information using a secret, called an
encryption key, so that the transformed information can only be
read using another secret, called the decryption key (which may, in
some cases, be the same as the encryption key).
• To be secure, an encryption scheme should make it extremely
difficult for someone to determine the original information
without use of the decryption key.
TEQSA: PRV14311
CRICOS: 03836J 11
Access Control
• Rules and policies that limit access to confidential information to
those people and/or systems with a “need to know.”
• This need to know may be determined by
• Identity, such as a person’s name or a computer’s serial
number, or
• A role that a person has, such as being a manager or a
computer security specialist.
TEQSA: PRV14311
CRICOS: 03836J 12
Authentication
TEQSA: PRV14311
CRICOS: 03836J 13
Authentication
TEQSA: PRV14311
CRICOS: 03836J 14
Authorization and Physical Security
• Authorization
• The determination if a person or system is allowed access to resources,
based on an access control policy.
• Such authorizations should prevent an attacker from tricking the system
into letting him have access to protected resources.
• Physical Security
• The establishment of physical barriers to limit access to protected
computational resources.
• Such barriers include locks on cabinets and doors etc.
TEQSA: PRV14311
CRICOS: 03836J 15
Integrity
• Another important aspect of information security is integrity, which is the property that
information has not be altered in an unauthorized way.
• There are a number of ways that data integrity can be compromised in computer
systems and networks, and these compromises can be malicious.
• For example
• A malicious compromise might come from a computer virus that infects our system
and deliberately changes some the files of our operating system.
• Tools for integrity
• Backups
• Checksums
• Data Correcting Codes
TEQSA: PRV14311
CRICOS: 03836J 16
Tools for Integrity
Backups:
• The periodic archiving of data. This archiving is done so that data files can be restored should
they ever be altered in an unauthorized or unintended way.
Checksum:
• The computation of a function that maps the contents of a file to a numerical value.
• A checksum function depends on the entire contents of a file and is designed in a way that
even a small change to the input file (such as flipping a single bit) is highly likely to result in a
different output value.
• TCP, UDP, IP use Checksum to check integrity.
• Routers calculate checksum when they receive a packet. Packet whose checksum failed is
discarded.
TEQSA: PRV14311
CRICOS: 03836J 17
Tools for Integrity
Data Correcting Codes:
• Methods for storing data in such a way that small changes can be easily
detected and automatically corrected.
• These codes are typically applied to small units of storage (e.g., at the byte
level or memory word level), but there are also data-correcting codes that
can be applied to entire files as well.
• Tools for achieving data integrity all possess a common trait—they use
redundancy.
• That is, they involve the replication of some information content or functions of the
data so that we can detect and sometimes even correct breaches in data integrity.
TEQSA: PRV14311
CRICOS: 03836J 18
Availability
TEQSA: PRV14311
CRICOS: 03836J 19
Tools for Availability
Physical protections:
• Infrastructure meant to keep information available even in the event of physical
challenges.
• Such protections can include buildings housing critical computer systems to be
constructed to withstand storms, earthquakes, and bomb blasts.
Computational redundancies:
• Computers and storage devices that serve as fallbacks in the case of failures. For
example, redundant arrays of inexpensive disks (RAID) use storage redundancies to keep
data available to their clients.
• Also, web servers are often organized in multiples called “farms” so that the failure of
any single computer can be dealt with without degrading the availability of the web site.
TEQSA: PRV14311
CRICOS: 03836J 20
Availability is Important
TEQSA: PRV14311
CRICOS: 03836J 21
Security Professionals and the Organization
TEQSA: PRV14311
CRICOS: 03836J 22 22
Senior Management
• Chief Information Officer (CIO):
• Senior technology officer
• Primarily responsible for advising the senior executives on strategic
planning.
TEQSA: PRV14311
CRICOS: 03836J 23 23
Data Responsibilities
• Data Owners: Senior management responsible for the security and use of a particular set
of information.
• Data Custodians: Responsible for the information and systems that process, transmit, and
store it.
• Data Users: Individuals with an information security role.
https://www.youtube.com/watch?v=03bt8zMoIkQ
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
TEQSA: PRV14311
CRICOS: 03836J 24 24
Information Security Project Team
• A small functional team of people who are experienced in one or multiple
facets of required technical and nontechnical areas:
• Champion
• Team leader
• Security policy developers
• Risk assessment specialists
• Security professionals
• Systems administrators
• End users.
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
TEQSA: PRV14311
CRICOS: 03836J 25 25
Balancing Information Security and Access
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
TEQSA: PRV14311
CRICOS: 03836J 26 26
Approaches to Information Security Implementation
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
TEQSA: PRV14311
CRICOS: 03836J 27 27
The 12 Categories of Threats to Information Security
Category of Threat Attack Examples
Deviations in equality of service Internet service provider (ISP), power, or WAN service problems
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
TEQSA: PRV14311
CRICOS: 03836J 28 28
Threats and Attacks
1. Eavesdropping:
• The interception of information intended for someone else during its
transmission over a communication channel.
• Examples: include packet sniffers (e.g. Wireshark), which monitor nearby
Internet traffic, such as in a wireless access location.
• This is an attack on confidentiality.
TEQSA: PRV14311
CRICOS: 03836J 29
Threats and Attacks
2. Masquerading:
• The fabrication of information that is purported to be from someone who is not actually the
author.
• Examples of masquerading attacks include
• Phishing
• Which creates a web site that looks like a real bank or other e-commerce site, but is
intended only for gathering passwords.
• Spoofing
• Which may involve sending on a network data packets that have false return addresses.
• Example: Internet Protocol (IP) Spoofing Attack.
• Man in the Middle (MITM) Attack
TEQSA: PRV14311
CRICOS: 03836J 30
Man-in-the-Middle (MITM) Attack
Whitman, M & Mattord, J 2018, Principles of Information Security, 6th Edn, Cengage Learning, USA.
TEQSA: PRV14311
CRICOS: 03836J 31 31
MITM Attack
https://www.youtube.com/watch?v=fbXu8EX0hsI
TEQSA: PRV14311
CRICOS: 03836J 32 32
Threats and Attacks
TEQSA: PRV14311
CRICOS: 03836J 33
Distributed Denial of Service (DDoS) Attack
TEQSA: PRV14311
CRICOS: 03836J 34
Example - - - TCP SYN DDoS Attack
• A SYN flood is a form of denial-of-service attack in which an attacker
sends a succession of TCP SYN requests to a target's system in an attempt
to consume enough server resources to make the system unresponsive to
legitimate traffic.
• TCP 3-Way Handshake
• The client requests a connection by sending a SYN (synchronize) message to the
server.
• The server acknowledges this request by sending SYN-ACK back to the client.
• The client responds with an ACK, and the connection is established.
• A SYN flood attack works by not responding to the server with the
expected ACK.
TEQSA: PRV14311
CRICOS: 03836J 35
Example - - - TCP SYN DDoS Attack
• The systems in botnet spoof the source IP address in the SYN packet and
send to server.
• It causes the server to send the SYN-ACK to a falsified IP address -
which will not send an ACK because it "knows" that it never sent a SYN.
• The server will wait for the acknowledgement for some time, as simple
network congestion could also be the cause of the missing ACK.
• Large numbers of ”half-open connections” will bind resources on the
server until no new connections can be made, resulting in a denial of
service to legitimate traffic.
TEQSA: PRV14311
CRICOS: 03836J 36
Example - - -TCP SYN DDoS Attack
TEQSA: PRV14311
CRICOS: 03836J 37
Example - - - TCP SYN DDoS
Attack
TEQSA: PRV14311
CRICOS: 03836J 38
Threats and Attacks
4. Repudiation:
• A repudiation attack occurs when the user denies the fact that he or she has
performed a certain action or has initiated a transaction.
• A user can simply deny having knowledge of the transaction or
communication and later claim that such transaction or communication
never took place.
• Electronic information is more susceptible to repudiation attacks than
information in the physical form.
• Digital Signatures for non-repudiation.
• More details later in the course.
TEQSA: PRV14311
CRICOS: 03836J 39
Your Tasks For The Week
• Work on Lab 1
• Read Chapter 1 and 2 of the prescribed Textbook
• Revise today’s lecture
• Watch videos that were mentioned in today’s lecture
TEQSA: PRV14311
CRICOS: 03836J 40
Any Questions?
TEQSA: PRV14311
CRICOS: 03836J 41