Scribd
Upload
76 views

W8-9 Module 004 The Structure of The Cyberspace PDF

The document discusses cyber attack structures and how to prevent them. It describes the cyber kill chain model which outlines 7 steps in a typical cyber attack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action on objective. It then provides recommendations for preventing cyber attacks which include implementing physical security of IT equipment, logical access controls, regularly updating systems, using antivirus software, firewalls, and encrypting personal data. Storing minimal required personal data online and using strong, unique passwords are also recommended.

Uploaded by

Jacob Satorious Excalibur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
76 views

W8-9 Module 004 The Structure of The Cyberspace PDF

The document discusses cyber attack structures and how to prevent them. It describes the cyber kill chain model which outlines 7 steps in a typical cyber attack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action on objective. It then provides recommendations for preventing cyber attacks which include implementing physical security of IT equipment, logical access controls, regularly updating systems, using antivirus software, firewalls, and encrypting personal data. Storing minimal required personal data online and using strong, unique passwords are also recommended.

Uploaded by

Jacob Satorious Excalibur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Information Assurance and Security 1 P age |1

Lesson 4
The Structure of Cyber Space: The Internet Backbone and National Infrastructure

Cyber-Attacks Structure
The structure of cyber-attacks has been defined by Lockheed Martin researchers using
the Cyber Kill Chain intrusion model.

Learning Outcomes
At the end of the lesson, you should be able to:
1. Familiarize cyber-attacks.
2. Prevent cyber-attacks.

The intrusion model consists of the following steps: reconnaissance, weaponization,


delivery, exploitation, installation, command and control and action on objective. Under
the terms used to describe the attack on a cyber-infrastructure or to spy traffic from a
computer network, the above steps consist of:

Reconnaissance – research, target identification and selection: it may be looking for


e-mail addresses, social relationships, or data about a particular technology,
information displayed on various websites;
Weaponization – making a malware application (for example, a computer trojan) that,
combined with an exploitable security breach, allows remote access. Moreover, PDF
(Portable Document Format) files or Microsoft Office suite-specific files can be
regarded as weapons available to the attacker;
Delivery – transmitting the weapon to the target environment. The main ways of
transport are e-mails (attachment of infected files), web platforms (running malware
scripts), or removable USB memories;
Exploitation – after the weapon is delivered to the victim, follows the targeting of an
application or vulnerability of the operating system. The infected file can be used by
the self-execution facility to launch the malware code, or it can be executed by the
user himself;
Installation – infecting a victim system with a computer trojan, backdoor or other
malware application of this type that ensures the attacker’s presence in the target
environment;
Command and control – usually an infected host must be accessible outside of the
local network to establish a command and control channel between the victim and the
attacker. Once this bidirectional communication has been made, an attacker has
access inside the target environment and can usually control the activity by manually
launching commands;
Action on objective – after the first six phases, an attacker can act to achieve the
goals. These actions typically consist of collecting information, modifying data
integrity, or attacking the availability of services and devices, but the victim system
can also be used as a starting point for infecting other systems or for expanding
access to the local network.

Jennifer Roxas-Magbanlac, MIT


Information Assurance and Security 1 P age |2

Prevent Cyber-Attacks

Protecting the websites and the web servers against cyber-attacks involves the
application of security measures both at a logical level (security of access and services)
and at physical level.

Physical security consist in the closure of IT equipment in a dedicated space and the
provision of access control.

Logical security consists in software that are necessary to control the access to
information and services of a system. The logical level is divided into two categories:
access security level and service security level.

Automatic update of the operating system from the servers is recommended for
troubleshooting security breaches or uncovered programming errors. Updating installed
applications in the operating system is only possible for licensed programs; the use of
pirated programs can induce cybersecurity risks.

Installing antivirus or anti-spyware applications is required to secure the operating


system from the server. These applications typically have two components:

A component automatically launched at the start of the operating system that runs in
the background and monitors users activity (running programs, web browsing,
launching email attachments, installing various applications);

A component that is running on demand when it is intended to effectively scan the


operating system to search for malware.

Installing a firewall application is an essential requirement in ensuring the security of


any server. The role of this program is to control the flow of information flowing between
the user computer and another destination (either from the local network or from outside
it).

A firewall can filter, accept, or block the transfer of data according to established
security policies (blocking data theft or illegal connections to the server).

Protecting personal data is an important aspect. The way how personal information is
provided on websites, should be done as responsibly as possible. The users must be
attentive when providing data that could lead to their identification or identity theft
(name, surname, date of birth, personal identification number, address, telephone, bank
card details, etc.).

Some basic steps in storing personal data are:

The use of complex, unique, hard to guess or break passwords, consisting of


numbers, upper/lower case letters and special characters;

Jennifer Roxas-Magbanlac, MIT


Information Assurance and Security 1 P age |3

Storage the minimum required data online and maximum discretion in providing them
to a third party (users, companies);

Using encrypted versions of protocols when sensitive information is exchanged so as


to ensure data confidentiality and prevent identity theft;

Encrypting all personal information when saved on different storage media.


An additional risk occurs when personal information is stored in client accounts on
commercial websites, which may become the target of cyber-attacks anytime, so stored
data becomes vulnerable.

Jennifer Roxas-Magbanlac, MIT

You might also like