Scribd
Upload
3 views

Introduction

cyber security material

Uploaded by

rukhsaraalam93
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Introduction

cyber security material

Uploaded by

rukhsaraalam93
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 70

Introducing myself

Dr. Zakria
PhD, Software Engineering
University of Electronic Science and Technology of China.

MS, Computer Science and Information Technology


NED University of Engineering and Technology, Karachi.

BS, Computer Engineering


COMSATS University, Lahore, Pakistan
Internet is Integral part of business and personal life
What happens online in 60 seconds
Case Study : Ebay data breach
Case Study : Google Play Hack
Case Study : The Home Depot data breach
Case Study : JP Morgan Chase data breach
Case Study : Year of Mega Breaches
Data Breach Statistics
What Is Security?

“A state of being secure and free from danger or harm; the actions taken to make someone or
something secure.”

Security is not a ‘thing’ – rather, it is a ‘process.’


--
Cyber Security?
Cyber security?
Cyber security is the protection of Internet connected system, including hardware, software,
and program or data from cyber attacks.

Precautions taken to guard against unauthorized access to data (in electronic form) or
information systems connected with internet

Prevent crime related to Internet


Protect Against What?
C.I.A. triangle or Security Objectives

Confidentiality
“Preserving authorized restriction on information access and disclosure,
including means for protecting personal privacy and proprietary information.”

Integrity
“Guarding against improper information modification or destruction, and
includes ensuring information non-repudiation and authenticity.”

Availability
“Ensuring timely and reliable access and use of information.”
Attacks on CIA
Types of Attacks
Malware
Malware

Spyware
The most rapidly growing types of malware
• Cookies
• Key logger
How Malware
How to Stop?
Phishing Attack
What is Phishing used for?

40
Phishing Awareness
Password Attacks
Types of Password Attacks
Stop Password Attacks
Distributed Denial of Services (DDoS)
Packet Flood
Prevention
Man in the Middle
Prevent MITM
Drive-by Download

50
How it work?
Malvertising
Prevention
Rogue Software
Propagation
Prevention
Web Attacks

SQL injection

The attacker attempts to breach a web


application. Common attacks of this type are
SQL injection
This is a complex attack that involves actually
taking over an authenticated session.
DNS Poisoning

DNS Poisoning

This involves altering DNS records on a


DNS server to redirect client traffic to
malicious websites, usually for identity
theft.
Cyber Crime?

Cybercrime, or computer-oriented crime, is a crime that


involves a computer and a network. The computer may have
been used source of a crime, or it may be the target.
IMPORTANCE OF INFORMATION SECURITY As per PWC Global
Economic Crime Report
2016, Cyber Crime was
amongst the top 3 most
commonly reported types
of economic crime

As per Europol 2013 report,


Cyber Crime is now more
profitable than the drug
trade
Classification of Cyber Crimes

■ Insider Attack:
❑ Person with authorized system access

❑ Dissatisfied or unhappy inside employees or contractors

❑ Motive could be revenge or greed

❑ Well aware of the policies, processes, IT architecture and weakness of the


security system
❑ Comparatively easy for a insider attacker to steel sensitive information,
crash the network, etc.
❑ Could be prevented by using IDS/IPS

■ External Attack:
❑ Hired by an insider or an external entity to the organization

❑ Organization not only faces financial loss but also the loss of reputation

❑ Attackers usually scan and gathering information

❑ Keeps regular eye on the log and carefully analyzing these firewall logs

❑ IDS/IPS can also protect from external attackers


Classification of Cyber Crimes (Cont.)
■ Cyber attacks can also be classified as:
❑ Unstructured attacks

■ Generally person who don't have any predefined motives to


perform the cyber attack
■ Try to test a tool readily available over the internet

❑ Structure attacks:
■ Performed by highly skilled and experienced people

■ Motives of these attacks are clear in their mind

■ Access to sophisticated tools and technologies to gain access to


other networks without being noticed
■ Expertise to develop or modify the existing tools to satisfy their
0
purpose
■ Usually performed by professional criminals, by a country on
other rival countries, politicians to damage the image of the
rival person or the country, terrorists, rival companies, etc.
Reasons for Commission of Cyber Crimes

■ Money:
❑ People are motivated towards committing cyber crime is to make quick and

easy money.
■ Revenge:
❑ Take revenge with other person/organization/society/caste or religion

❑ Defaming its reputation or bringing economical or physical loss.

❑ This comes under the category of cyber terrorism.

■ Fun:
❑ The amateur do cyber crime for fun.

■ Recognition:
❑ It is considered to be pride if someone hack the highly secured networks

■ Anonymity:
❑ Anonymity that a cyber space motivates the person to commit cyber crime

■ Cyber Espionage:
❑ At times the government itself is involved in cyber trespassing to keep eye

on other person/network/country
Kinds of Cyber Crimes
■ Cyber Stalking
❑ Stalking, harassing, threatening someone, or defame a person

❑ The behavior includes false accusations, threats, sexual exploitation to

minors, monitoring, etc.


Child Pornography
❑ Possessing image or video of a minor (under 18), engaged in sexual conduct.

■ Forgery and Counterfeiting


❑ Produce counterfeit which matches the original document

❑ Not possible to judge the authenticity of the document

■ Software Piracy and Crime related to IPRs:


❑ An illegal reproduction and distribution

■ Cyber Terrorism
❑ Use of computer resources to intimidate or force government, the civilian

population or any segment thereof in furtherance of political or social


objectives
■ Phishing
❑ Acquiring personal and sensitive information of an individual via email

❑ Vishing (voice phishing), Smishing


Kinds of Cyber Crimes (Cont.)

■ Creating and distributing viruses over internet


❑ Spreading of an virus can cause business and financial loss

■ Spamming
❑ Sending of unsolicited and commercial bulk message

❑ Spams not only irritate the recipients and overload the network but also waste

the time and occupy the valuable memory space


Cross Site Scripting


❑ Injecting a malicious client side script into a trusted website

❑ Malicious script gets access to the cookies and other sensitive information and

sent to remote servers


■ Online Auction Fraud
❑ Online auction fraud schemes which often lead to either overpayment of the

product or the item is never delivered


■ Cyber Squatting
❑ Reserving the domain names of someone else's trademark

❑ Sell it afterwards at higher price


Kinds of Cyber Crimes (Cont.)

■ Computer Vandalism
❑ Physical destroying computing resources using physical force or

malicious code
■ Computer Hacking
❑ Modifying computer hardware and software to accomplish a goal

❑ Simply demonstrations of the technical ability, to sealing, modifying or

destroying information for social, economic or political reasons


Steps to Fix a Crime
Essential Terminologies
The Security Functionality and Usability Triangle
Motive, Goals, and Objectives of Information Security Attacks
Top Information Security Attack Vectors
Information Warfare
What is Hacking ??
Who is Hacker ??
Hacker Classes
Hacking Phases: Scanning
Hacking Phases: Scanning
Hacking Phases: Gaining Access
Hacking Phases: Maintaining Access
Hacking Phases: Clearing Tracks
What is Ethical Hacking ??
Why an Ethical Hacker is Necessary
Why an Ethical Hacker is Necessary
Skills of an Ethical Hacker
Online Security Resources

Online Security Recourse

CERT
www.cert.org
Microsoft Security Advisor
www.microsoft.com/security/default.mspx
F-Secure
www.f-secure.com
SANS
www.sans.org

You might also like