CYBER SECURITY SCIENCE DEPARTMENT

SCHOOL OF INFORMATION AND COMMUNICATION TECHNOLOGY

FEDERAL UNIVERSITY OF TECHNOLOGY, MINNA

FUTM-CYB 111 LECTURE NOTES

INTRODUCTION TO CYBER SECURITY TOOLS

(3 UNITS)

BY

MD NOEL & A. PETER

February, 2024
Module One

 1.0 INTRODUCTION
 The invention of computing devices has brought higher attainment in
professional and personal lives. Cyber security techniques is of growing
importance due to increasing reliance on devices such as computer
systems, smart phones, routers, switches e.t.c, which attempts to
safeguard the cyber space of online users or organization.

 Cyber criminals aim at getting the information between a client and a

server which are mostly in plain text formats through various means
such as spreading malware in order to gain unauthorized access.
 There is a need for users/organization to be aware of the various cyber-
attacks and in order to prevent such attacks. This course provides the
various open source cyber security tools that could be used in order to
mitigate the different cyber-attacks.

• As technology evolves, cybercriminals also find new ways to take

advantage of the loop holes in the new technology. Cyber security
combines both practices and policies to monitor computers, programs,
networks, etc from attacks that is aimed for exploitation. Attackers
exploits ways to have unauthorized access to programs , networks, and
knowledge for the aim of compromising the confidentiality and integrity
of data.
• From security point of view, hard , long, and distinctive passwords is
good, however, from a usability viewpoint, it is a constrain on users. The
challenges faced by the cybersecurity usability and Human-Computer
Interaction and Security (HCISec/HCI-S) fields is bridging the application
and abstract gap, thereby emphasizing the need to fuse both ideas by
making usable cyber security systems and interfaces
• Cyber threat will continue to be on the rise as Internet of Things enables
smart cities, smart home, remote medical monitoring, and industrial
control. Existing studies predicted that the number of connected
devices will surpass 50 billion by 2030

• Cyber security can be define as a measure protecting computer

systems, networks, and information from disruption or unauthorized
access, use, disclosure, modification or destruction. Other school of
thought defined cyber security as the integration of policies, security
measures, approaches to risk management, protocols, technologies,
process and training which can be utilized in securing the organization
and cyber setup along with user assets.
Security Goals
Availability: addresses issues from fault tolerance to protect against denial of service and access control to
ensure that data is available to those authorized to access it.

Confidentiality: provide protection mechanisms for the data while it is stored and transferred over networks
between computers.

Integrity: keeping data away from those who should not have it and making sure that those who should
have it can get it are fairly basic ways to maintain the integrity of the data

Nonrepudiation: Allows the formation of binding contracts with or without any paper being printed for written
signatures (digital signatures)
 TYPES OF CYBER SECURITY ATTACKS
A). Denial of Service (DoS)
• DoS attacks has become increasingly popular among attackers due to the
growing number of IoT devices with insufficient security. These attacks is
quite common in which overload is used to flood the resource with
illegitimate requests for service thereby slowing or crashing the network.

• The sole objectives of DoS attack is to overwhelm the network with invalid
requests which causes bandwidth wastage that result to lack of access to
service by legitimate users . DDoS arises when a single target is attacked
by multiple sources simultaneously which makes it difficult to identify and
avoid. DDoS attacks occurs in variety of shapes and sizes, with the same
purpose
B). Man in the Middle (MiTM)
• A type of MiTM attacks is Spoofing and impersonation. A MiTM attacker
can pretend to be in a particular location while interacting with a
particular node . This attacker can establish a connection with the server
through hypertext transfer protocol secure (HTTPS) while connecting
with the victim over hypertext transfer protocol (HTTP) through secure
sockets layer (SSL) stripping.

C). Malware
• Malware (malicious software) application or script is intentionally
designed to cause damage to networks ,computers, or data. An attacker
can employ software patches to perform criminal operations and install
malware. It comprises of worms, Trojan horses , spyware, rootkits,
viruses, and other forms of deceptive advertising. These attackers are
dangerous because they are well trained, state sponsored, and well
funded.
D). Botnet Attacks
• Botnet attacks occurs when group of infected devices connects to the
internet to engage in criminal and illegal activities together. The affected
computers are controlled remotely by one or more malicious actors.

E). Password Attack

• The methods of password attack are dictionary and brute force method.
Dictionary method decrypt an encrypted password while in brute force,
multiple usernames and passwords are used. These attack enable
access to third parties passwords through malicious means.

F. Browser Attacks
• This attack browser-based network attacks encourages the transfer of
malware through websites but it can be avoided through regular update
of the browsers
G). Backdoor Attacks
• Back door attack occurs when an attacker gains access to a website
through a vulnerable entry point. In distributed attacks, the surrounding
network’s infrastructure is affected but the specific server is not attacked.

H). Spam attacks

• Spam attacks use messaging systems to send messages which contain
scams to a large number of target consumers. These messages are a
source of phishing scheme.

I). Brute Force Attacks

• This attack adopts trial-and-error approach to guess a system’s positive
identification. It uses machine-controlled code to guess positive
identification combos.
 CYBER SECURITY OPEN SOURCE TOOLS

• Various tools of data science can be employed by cyber security
companies to process and analyze big data that are acting as a threat to
intelligence data.

• The Cyber security mechanism delivers a specific series of Free and

Open Source Software (FOSS) and these cyber security devices are well
ordered by functionality (Encryption, Anti-virus, Email Protection, Internet
security, etc.) and unspecified target designs.

• The open source software tools may be free while analyzing FOSS but it’s
subject to source licensing constraints, and the free software tools might
be free under closed source. The open source cybersecurity tools having
thousands of security capabilities both defensive and offensively.
• Some of the significant security tools are being helpful to secure the
systems and networks. The following are some of the open source
security tools that have indispensable categorization due to the fact they
are very productive, well sustain and it is easy to get start.

• Cybersecurity Analysts categorized their tools as follows: network

security monitoring, encryption, web vulnerability, penetration testing,
antivirus software, network intrusion detection, and packet sniffers.
A). Networking and Operating System Hardening

Hardening of the OS is the “act of configuring an OS securely, updating it,

creating rules and policies to help govern the system in a secure manner,
and removing unnecessary applications and services”. Hardening is done to
lessen the computer OS vulnerability to menace and to lighten viable risks.

i). OpenVPN
• OpenVPN is freely available open source commercial software. It secures
our data communications and produce adaptable Virtual Private Network
(VPN) solutions . It provide solutions to the Cross-platform VPN clients
and to VPN server and extend flexibility to site-to-cloud, users-to-cloud, site
-to-site, devices-to-cloud, site-to-cloud and other network arrangements.
ii). ModSecurity
• ModSecurity is an open source application firewall. Sometimes it is
called as ModSec. ModSecurity toolkit mainly useful in real-event web
application logging, monitoring, and access control. ModSecurity acts as
a module for Apache web servers and checks all HTTP requests that
reach Apache and Nginx- supplementary web server of Apache.

iii). SafePad
• SafePad is an encrypted text editor. It mainly uses AES (Advanced
Encryption Standard) encryption algorithm. SafePad is ideal editor for
protecting the passwords, banking and card details and also providing
secrets in big business.
B. Networking and Security Auditing

Network security auditing is a process for evaluating the effectiveness of a

network's security measures against a known set of criteria. This audit looks
at Hardware Configuration, Software Configuration, The Environment,
Information Handling Processes and User Practices. The tools commonly
used include:

i). NMAP
• NMAP stands for Network Mapper. It is a utility that provides information
about the available ports (connection points) on the network. It has
excellent OS and server software version detection. This tool analyzes IP
packets of systems to gain information about the services running on the
system, operating system, presence and type of firewalls, etc. It also
enables monitoring of host uptime, map out possible areas of attacks on
the network and service and takes possible actions.
 Advantages of Nmap:
Comprehensive Network Scanning:
• Nmap is a comprehensive network scanner that can be used to discover
hosts on a network, identify open ports, and determine which services
are running on those ports. It provides a detailed picture of a network's
structure and the devices connected to it.

Platform Independence:
• Nmap is platform-independent and supports various operating systems
like Windows, Linux, macOS, and more.

• This cross-platform compatibility makes it a flexible and accessible tool

for network administrators and security professionals across different
environments.


Robust Port Scanning Options:
• Nmap offers a wide range of scanning techniques, including TCP SYN scan, TCP
connect scan, UDP scan, and more. These scanning options allow users to tailor
their scans based on the specific requirements of the target network and optimize
the scanning process.


Scriptable and Extensible:
• Nmap comes with a scripting engine called NSE (Nmap Scripting Engine), which
allows users to create and share custom scripts for specific tasks. This scripting
capability enhances Nmap's functionality and adaptability for diverse network
scanning needs.


Fast and Efficient:
• Nmap is known for its speed and efficiency in scanning large networks. It can
perform scans quickly and accurately, making it a valuable tool for network
administrators looking to assess network security and identify potential
vulnerabilities.
Open Source and Active Community:
• Being an open-source tool, Nmap benefits from continuous
development and improvements by a dedicated community of security
enthusiasts and developers.

• This active community ensures that Nmap remains up-to-date with the
latest advancements in networking and security.


 Disadvantages of Nmap:
Intrusive Scanning:
• While Nmap is an excellent network mapping tool, its scanning techniques can be
considered intrusive, especially on production networks. Certain scanning methods may
trigger security alerts or cause disruptions on the network being scanned.

Complex User Interface:

• Nmap's command-line interface can be intimidating for beginners and those less
familiar with the tool. Understanding and configuring the various scanning options may
require some learning and experimentation.

Limited Windows GUI:

• Although Nmap provides command-line and graphical user interface (GUI) options, the
Windows GUI version may not be as feature-rich as its command-line counterpart.

• Users who prefer a visual interface might find the GUI version lacking certain
functionalities.


False Positives:
• In some cases, Nmap may produce false positives, incorrectly
identifying open ports or services due to firewalls, NAT devices, or other
network configurations. This can lead to potentially misleading results if
not interpreted correctly.

Ethical and Legal Considerations:

• While Nmap is a legitimate security tool, using it without proper
authorization to scan networks you do not own or manage may be illegal
and considered unethical. It's essential to use Nmap responsibly and
with appropriate permissions.
ii). ZENMAP
• Zenmap is an open source GUI invented to be utilized with Nmap.
ZenMAP is multi-platform tool which supports “Linux, Ubuntu, Mint, Kali,
Fedora, CentOS, Windows, Mac OS X, BSD and so forth”. Beginners can
also use the Zenmap to discover vulnerabilities and to scan networks.

iii). HPing
• HPing is a “TCP/IP packet assembler/analyzer and furthermore a
commandline oriented. It supports protocol like TCP, UDP, ICMP and
RAW-IP. It has the mode called “traceroute” mode, which have the
“capacity to send records between a secured channel, and numerous
different highlights”.
iv). Wireshark
• This is an open-source tool used to analyse network protocols, asses
network security weakness by continuous capturing and analysing packets.
• It is compatible across different OS, data are captured in real-time, multiple
networks and various output formats are supported.

• Wireshark Features
i). Live capture and offline analysis
ii). Read and write in a variety of different capture file formats, including
tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog,
Microsoft Network Monitor, and many others
iii). Rich VoIP analysis
iv). Export output to XML, PostScript, CSV, or plain text
 Pros
• Affordable Price: Many users appreciate the low cost of Wireshark, as it
provides powerful network analysis capabilities without the need for
expensive software. Several reviewers have stated that Wireshark offers
a good value for its price.
• Packet Analysis Capabilities: The ability to capture, log, and analyze
packet data is highly valued by users. Many reviewers have mentioned
that this feature allows for detailed troubleshooting and monitoring of
network traffic in their feedback on Wireshark.

• Real-time Network Visibility: Users find the real-time network data

visibility provided by Wireshark to be invaluable. Several customers have
mentioned that this feature enables them to monitor network activity
promptly and identify any issues or anomalies with ease.
 Cons
• Confusing User Interface: Some users have found the user interface of
Wireshark to be confusing, suggesting that it can be improved to make it
more user-friendly and intuitive.

• Steep Learning Curve: The software has a steep learning curve, with new
users finding it overwhelming to see all the columns and colors. This can
make it challenging for them to navigate and understand the software.

• Lack of User-Friendliness: While acknowledging that Wireshark is not

primarily designed for those who are not comfortable with this type of
software, some users still mention the lack of a more user-friendly
interface. They suggest enhancing the UI/UX to make it more intuitive
and easier to use.
v). Tcpdump
• Tcpdump is primarily used for packet sniffing in a network. It monitors
and logs IP traffic and TCP communicated through a network, tests and
monitors the security of a network by capturing and filtering TCP/IP
data traffic received over a network on a particular interface.
vi). Snort
• Snort is an open-source IPS/IDS tool. This tool uses a set of rules that will
help to identify the malicious activity and generate security alerts to the
users. Snort can also be deployed in the first layer of network to block the
malicious sources.

• Snort can be functioned and deployed for both personal and official
purposes. Sniffer can be configured in three modes “Sniffer mode, Packet
logger mode, Network Intrusion Detection System mode”. This tool is
developed by Cisco Systems.
• Snort works by using a set of rules to find packets that match against
malicious network activity and generate alerts for users. In addition to its
applications as a full-blown network intrusion prevention system, Snort
can also be used as a packet sniffer like tcpdump or as a packet logger.
• Snort Features
 Compatible with all types of operating systems and hardware
 Perform real-time traffic analysis
 Detect a variety of attacks and probes including buffer overflows, stealth
port scans, CGI attacks, operating system fingerprinting attempts, and
more
vii). Nagios
• To monitor and ensure the integrity of your organization’s infrastructure,
the Nagios IT management software suite is a flexible, customizable,
and intuitive option.
• Promising to help you detect and resolve any IT infrastructure problems
before they affect business processes, the Nagios product line includes:
• Nagios XI :- IT infrastructure monitoring software;
• Nagios Log Server:- for enterprise-class log monitoring;

• Nagios Network Analyzer:- a network flow data analysis solution.

• Nagios Features
 Monitoring of all critical infrastructure components including
applications, network protocols, operating systems, and more

 Plan for infrastructure upgrades with automated, integrated trending and

capacity planning graphs

 Outage alerts can be sent to IT staff, business stakeholders, and users

 Advanced features of the enterprise edition include web-based server

console access, notification deployment, SLA reports, and automated
host decommissioning
viii). OSSEC:
• OSSEC is an Open Source Host-based Intrusion Detection System that
performs log analysis, file integrity checking, Windows registry monitoring
unix-based rootkit detection, real-time alerting and active response. It runs
on most operating systems, including Linux, MacOS, Solaris, OpenBSD,
FreeBSD, HP-UX, AIX and Windows.

• The OSSEC HIDS can be installed as a stand-alone tool to monitor one

host or can be deployed in a multi-host scenario, one installation being the
server
and the others as agents. The server and agents communicate securely
using encryption. OSSEC also has intrusion prevention features, being able
to react
to specific events or set of events by using commands and active responses.
• OSSEC is composed of multiple sections. It has a central manager for
monitoring and receiving information from agents, syslog, databases and
from agentless devices.

• It stores the file integrity checking databases, the logs, events and
system auditing entries. OSSEC Agent is a small program or collection of
programs installed on the systems which are need to be monitor.

• The agent will collect information in real time and forward it to the
manager for analysis and correlation.
• Analyse logs from multiple devices and formats. The devices can be
Agents, Syslog devices, Routers, Switches, Printers, etc.,

• An active response system. This means OSSEC will not only monitor, but
also respond to threats (ex. black list naughty IP addresses)
  Some of the disadvantages of OSSEC:

i). Difficulty in upgrades between versions.

• OSSEC comes with default rules and they are overwritten on every
upgrade.

ii). Coordinating pre-shared keys can be problematic. In OSSEC

architecture Client and server communicate through encrypted channel
using blowfish algorithm. Here pre- sharing keys before the communication
establishment is
a challenging issue.
viii). Acunetix
• A powerful tool for web app security, Acunetix will automatically
generate a list of all your websites, applications, and APIs and crawl
every corner of your applications to detect security flaws and
vulnerabilities including SQL injections, misconfigurations, XSS, exposed
databases, out-of-band vulnerabilities, and much more.
• Acunetix Features
 Lightning-fast scans that automatically prioritize the highest-risk
vulnerabilities
 Scan multiple environments simultaneously
 Remediation guidance
 Run automated scans even in hard-to-reach areas, including single-page
applications, script-heavy sites built on JavaScript, password-protected
areas, and unlinked pages
 On-premise or cloud deployment
C. CyberSecurity Frameworks and Operating Systems

• The cybersecurity framework makes our data and system safe.

Habitually it in scripts the intention of overall security of an organization’s
moderately focusing especially on IT module. Most cybersecurity
frameworks are intended to improve the existing security infrastructure
already in place.

i). Kali Linux

• Kali Linux is an operating system that is compactable with every
cybersecurity tool and has the capability needed to perform any kind of
security checks.
ii). Qubes
• Qubes is Free and Open Source Software (FOSS) operating system. It
provides security by the utilization of compartmentalization in which the
Components of the OS and apps are compartmentalized into qubes.
Qubes allows for the running of Windows apps on Windows App Virtual
Machines.

iii). Metasploit
• Metasploit is a powerful and famous open-source penetration testers or
hackers (in all forms) use for exploiting, listening, executing shell code,
etc. It is compatible with a range of different system, it also offers the
capability to uncover the slightest weakness or emerging weakness.
D). Internet Security
• Typically, Internet security bounds with browser security, where secured
data is invaded through the Web form, and the Internet protocol sends
the overall authentication and protection to the data. Internet security is a
boundless concern covering all the term security for transactions made
over the Internet.

• The tools that could be used for internet security include:

i). CheckShortURL
• CheckShortURL is the cybersecurity tool used for checking shortened
URLs . It supports almost all URL shortening services such as : “t.co,
goo.gl, bit.ly, amzn.to, tinyurl.com, ow.ly, youtu.be and many others .
ii). NoScript
• NoScript tool prevents a victim from cross-site scripting and other types
of script web attacks on Firefox and other Mozilla-based browsers. It
additionally gives the most powerful anti-XSS and hostile to Click jacking
assurance ever accessible in a program (browser).

iii). SiteLock
• SiteLock offers comprehensive website security to guard your site against
malicious cyber threats, including web applications and your site code.
• Depending on which paid plan you subscribe to , each offers a 30-day free
trial. You can use SiteLock to conduct daily scans of your website for
malware, viruses, and other security threats before taking advantage of
the platform’s automatic malware removal feature.
• SiteLock Features
i). Vulnerability management
ii). Website scanning and backup
iii). Content delivery network enables high traffic with zero lag time
iv). Web application security
v). Supports a variety of CMS environments including WordPress,
Drupal, Magento, WooCommerce, and more.
iv). SolarWinds Security Event Manager
• SolarWinds offers an exhaustive number of cybersecurity solutions to
tackle a wide range of functions including network traffic security and
analysis, database management, systems management, IT security and
IT service management, application management, and much more.

• Security Event Manager is the company’s lightweight and affordable

cybersecurity tool, intuitive and straightforward enough that you can
boost your computer security without costly and complex features you
won’t necessarily need.
• SolarWinds Features
i). Automated threat detection and response
ii). Centralized log collection
iii). Easy-to-use dashboard
iv). Built-in file integrity monitoring
v). Compliance reporting
vi). Forensic analysis
vii). Cyberthreat intelligence
E. Email Security
• Email security empowers an independent or consortium to
safeguard the comprehensive access to one or more email
accounts. It refers to the “collaborative measures used to secure the
access and content of an email transcript”.
• The email security tools include:

i). SPAMfighter
• SPAMfilter is an email security tool for filtering emails in order to identify
and stop spams.

ii). Spamihilator
• Spamihilator a security tool that determines spam emails using filters, a
learning algorithm, and a probability calculator for email blockage.
iii). SpamBully
• SpamBully is a tool that learn and block spam using intelligent learning. It
allows for spam reporting to fight back at spammers , auto delete options,
etc.

F. Password Management, Recovery and Attack Tools

• Most businesses and industries are faced with frequent challenge in
password management. Most of the business industries uses unsecured
spreadsheets and they still rely on paper based logbooks to manage their
wealthy account credentials. Password Management tools and recovery
attacks include:
i). LastPass
• LastPass ensures proper password practices as a foundation of security
through the use of strong passwords.
ii). KeePass
• KeePass is a password management tool that helps to manage passwords
in a closed way. By this, KeePass can put all passwords in a single
database which is sealed under a single master key/key file.

ii). Ophcrack
• Ophcrack (GPL Licensed) is a graphical user interface tool that works by
utilizing rainbow tables for password cracking in Windows OS. It is useful
for recovering forgotten Windows passwords.

Iii). John The Ripper

• This is a tool used for testing password strength, it accesses and identifies
weak passwords, and it works with a variety of OS. It identifies complex
ciphers, encrypted logins and hash-type passwords.
iv). Cain and Abel
• This tool is one of the oldest and surprisingly, people still use it today. It
helps to identify weakness in windows as well as passwords recovery.
• It has the ability to maintain VoIP communications, it can disclose
password boxes and cache passwords, helps in decoding passwords,
uses forced attacks that helps in cracking encrypted passwords.
G. Vulnerability Scanning Tools
• Vulnerability scanning plays a crucial role in IT security by scanning our
websites and network from conflicting security risks and automates
security audits. Vulnerability scanners are mastered in originating a
prioritized list of patches, and also illustrate the vulnerabilities, anticipate
steps on how to correct them. It is also possible for some to even
automate the patching process. Some examples of vulnerability
scanning tools include:

i). Burp Suite

• The Enterprise Edition of Burp Suit performs and carry out one-off scans
on demand or schedule scans at precise time.
ii). Nessus
• Nessus is a vulnerability scanning tool that allows one to perform
thorough scans of a network. Nessus home edition is free and takes up
to 16 IP addresses.
• Nessus Professional
• Marketed as the global gold standard in vulnerability assessment, Nessus
advertises the industry’s lowest false positive rate and the broadest
vulnerability coverage of any security software.
• With more than 450 pre-built templates, you can quickly and conveniently
scan for vulnerabilities and audit configuration compliance against CIS
benchmarks or other best practices. Ease of use is a big selling point of
Nessus, with its intuitive navigation system and overall pleasing user
experience.
• Nessus Features
 Unlimited assessments
 Can be deployed on a diverse number of platforms, including Raspberry
Pi
 Dynamically compiled plug-ins make for faster and more efficient scans
 Customizable reporting capabilities
 Access to on-demand product training with more than 60 targeted
videos
iii). Malwarebytes
• Malwarebytes also known as MBAM (Malware Bytes Anti-Malware) - an
antimalware software for macOS, Microsoft Windows, Android, and iOS ;
it finds and removes unauthorized access.
Comparison of some Free and Open Source Cyber Security Tools
ASSIGNMENT ONE
 Module Two

Digital Forensics Tool