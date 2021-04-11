Successfully reported this slideshow.
Cyber Security Training For Beginners | Cyber Security Tutorial
Apr. 11, 2021

Cyber Security Training For Beginners | Cyber Security Tutorial

This presentation on Cyber Security training for beginners will help you understand the concept of cybersecurity from scratch. Here, we will look at various networking concepts, cyberattacks, understand the need for cybersecurity.

Post Graduate Program in Cyber Security:
This Post Graduate Program in Cyber Security is designed to equip you with the skills required to become an expert in the rapidly growing field of Cyber Security. This cyber security course aims to help you stay abreast all the latest trends in cyber security as well. This Post Graduate Program in Cyber Security will help you learn comprehensive approaches to protecting your infrastructure and securing your data, including risk analysis and mitigation, cloud-based security, and compliance. You will receive foundational to advanced security skills through industry-leading certification courses that are part of the program.

Key Features:
✅ Simplilearn Post Graduate Certificate
✅ Masterclasses from MIT Faculty
✅ Featuring Modules from MIT SCC and EC-Council
✅ 150+ hours of Applied Learning
✅ Get noticed by the top hiring companies
✅ EC-Council learning kit
✅ Industry case studies in cyber security
✅ MIT SCC Professional Learning Community
✅ Capstone project in 3 domains
✅ 25+ hands-on projects

Learn more at https://www.simplilearn.com/pgp-cyber-security-certification-training-course?utm_campaign=CyberSecurity&utm_medium=Description&utm_source=Slideshare

Cyber Security Training For Beginners | Cyber Security Tutorial

  1. 1. Today’s Agenda 1. The Rise of Cybercrimes 2. Different Types of Cyberattacks 3. What Is Cyber Security? 4. Basic Network Terminologies 5. Cyber Security Goals 6. Tackling Cybercrime
  2. 2. The Rise of Cybercrimes Did you know about the deadly WannaCry ransomware attack? It was one of the most severe worldwide cyberattacks, caused by the WannaCry cryptoworm Origin of the attack May 2017 12
  3. 3. Click here to watch the video
  4. 4. The Rise of Cybercrimes Did you know about the deadly WannaCry ransomware attack? It was one of the most severe worldwide cyberattacks, caused by the WannaCry cryptoworm Attack started from an exposed vulnerable SMB port Within a day more than 230,000 computers were infected across 150 countries How did the attack happen?
  5. 5. The Rise of Cybercrimes Did you know about the deadly WannaCry ransomware attack? It was one of the most severe worldwide cyberattacks, caused by the WannaCry cryptoworm Computers running the Microsoft OS Users that used the unsupported version of Microsoft Windows and also those users who hadn’t installed the new Microsoft security update of April 2017 Victims of the attack
  6. 6. The Rise of Cybercrimes Did you know about the deadly WannaCry ransomware attack? It was one of the most severe worldwide cyberattacks, caused by the WannaCry cryptoworm WannaCry cryptoworm encrypted the data and locked the users out of the target systems In return, the users were asked for a ransom of $300 - $600 which has to be paid via bitcoin Description of the attack
  7. 7. The Rise of Cybercrimes Did you know about the deadly WannaCry ransomware attack? It was one of the most severe worldwide cyberattacks, caused by the WannaCry cryptoworm Impact of the attack 200,000 to 300,000 computers were infected Both private and government organizations were hit, computers in hospitals were corrupted, Nissan and Renault had to put their business on hold as their computers were infected
  8. 8. The Rise of Cybercrimes In February 2019, Dunkin’ Donuts announced that the users of their rewards program were targeted by a credential stuffing attack. In such an attack, users’ credentials are stolen Hacker
  9. 9. The Rise of Cybercrimes In February 2019, Dunkin’ Donuts announced that the users of their rewards program were targeted by a credential stuffing attack. In such an attack, users’ credentials are stolen Hacker The user’s first and last name, and email IDs were stolen
  10. 10. The Rise of Cybercrimes In February 2019, Dunkin’ Donuts announced that the users of their rewards program were targeted by a credential stuffing attack. In such an attack, users’ credentials are stolen Hacker The user’s first and last name, and email IDs were stolen Let’s now look into the different types of such cyberattacks
  11. 11. Different Types of Cyberattacks The different types of cyberattacks are : Malware Attack Social Engineering Attack Man in the Middle Attack Denial of Service Attack SQL Injection Attack Password Attack
  12. 12. Malware Attack Malware refers to malicious software, viruses, ransomware, and worms. Trojan virus is also a form of malware that disguises itself as a legitimate software
  13. 13. It gets into a system when the user clicks on suspicious links or downloads attachments or uses an infected pen drive. It then obtains all the information from the client’s system User opens links or uses a corrupted pen drive User’s system gets corrupted User Malware Attack
  14. 14. It gets into a system when the user clicks on suspicious links or downloads attachments or uses an infected pen drive. It then obtains all the information from the client’s system User opens links or uses a corrupted pen drive User’s system gets corrupted User Malware Attack
  15. 15. It is the art of manipulating people so that they end up giving their confidential information. It is broken down into 3 categories Social Engineering Attack
  16. 16. It is the art of manipulating people so that they end up giving their confidential information. It is broken down into 3 categories Social Engineering Attack Spear Phishing Attack Phishing Attack Whaling Phishing Attack
  17. 17. Social Engineering Attack Phishing attack is a practice wherein the hacker usually sends fraudulent emails, which appear to be coming from a trusted source. It is done to install malware or to steal sensitive data like credit card information, and log in credentials User’s system gets affected User opens the mail with the attachment and unknowingly downloads the virus Phishing Attack
  18. 18. Social Engineering Attack Spear Phishing is a variation of Phishing. Here, the attacker targets a specific individual or a group of people Hacker identifies a victim Hacker then sends a targeted legitimized looking email Unaware of this, the victim opens the email which has malware Now, hacker steals data from the victim’s computer Spear Phishing Attack
  19. 19. Social Engineering Attack Whaling Phishing attack is a type of attack that specifically targets wealthy, powerful and prominent individuals Whaling Phishing Attack
  20. 20. Man in the Middle Attack This attack is also known as eavesdropping attack. The attacker hijacks a session between the client and the server Client Client-server communication Server Attacker
  21. 21. Man in the Middle Attack This attack is also known as eavesdropping attack. The attacker hijacks a session between the client and the server Client Client-server communication Server Attacker Got the IP address!
  22. 22. Man in the Middle Attack This attack is also known as eavesdropping attack. The attacker hijacks a session between the client and the server Client Client-server communication Server Attacker
  23. 23. Denial of Service Attack A Denial-of-Service attacks’ motive is to flood systems and networks with traffic to exhaust its resources and bandwidth. By doing so, it is unable to cater to legitimate service requests
  24. 24. Denial of Service Attack When attackers use multiple systems to launch this attack, it is known as Distributed Denial of Service (DDOS) attack
  25. 25. SQL Injection Attack In a database driven website, the hacker manipulates a standard SQL query. Malicious code is inserted into a SQL server to obtain information Malicious code inserted into a SQL server
  26. 26. SQL Injection Attack In a database driven website, the hacker manipulates a standard SQL query. Malicious code is inserted into a SQL server to obtain information Hacker now has access to the database
  27. 27. Password Attack The easiest way to hack a system is by cracking a user's password. This is done in various ways
  28. 28. Password Attack The easiest way to hack a system is by cracking a user's password. This is done in various ways Brute force attack – every possible combination A, a, Aa, AAAA, aaaa, B, b….
  29. 29. Password Attack The easiest way to hack a system is by cracking a user's password. This is done in various ways Brute force attack – every possible combination A, a, Aa, AAAA, aaaa, B, b…. Dictionary attack – common passwords 1234, ABCD,……
  30. 30. Active Attack In an active attack the intruder attempts to disrupt the network’s normalcy, modifies data and tries to alter the system resources
  31. 31. In an active attack the intruder attempts to disrupt the network’s normalcy, modifies data and tries to alter the system resources Active Attack Sender Receiver Attacker
  32. 32. In an active attack the intruder attempts to disrupt the network’s normalcy, modifies data and tries to alter the system resources Sender Receiver Attacker 5989 Active Attack
  33. 33. In an active attack the intruder attempts to disrupt the network’s normalcy, modifies data and tries to alter the system resources Sender Receiver Attacker 5989 2989 Message is modified Active Attack 2989
  34. 34. In an active attack the intruder attempts to disrupt the network’s normalcy, modifies data and tries to alter the system resources Sender Receiver Attacker 5989 2989 2989 Message is modified Active Attack
  35. 35. Passive Attack In passive attack, the intruder intercepts data traveling through the network. Here, the intruder eavesdrops but does not modify the message Sender Receiver Attacker
  36. 36. Passive Attack In passive attack, the intruder intercepts data traveling through the network. Here, the intruder eavesdrops but does not modify the message Sender Receiver Attacker 5989 5989 Message is read by the attacker
  37. 37. Passive Attack In passive attack, the intruder intercepts data traveling through the network. Here, the intruder eavesdrops but does not modify the message Sender Receiver Attacker 5989 5989 Message is read by the attacker But have you ever wondered why these attacks happen?
  38. 38. Reasons for Cyberattacks Cyberterrorism Such an attack is carried out by terrorist groups against nations to fulfill their agendas. Networks and computers are attacked
  39. 39. Reasons for Cyberattacks Cyberwarfare Here, nations hack into other nations’ network to cause damage. By doing so, critical data is stolen, and infrastructure can also be hampered
  40. 40. Reasons for Cyberattacks Here, technology is used to gain information without consent from its owners. This can be done for monetary, social, or political gain Cyber espionage
  41. 41. Reasons for Cyberattacks Personal differences Cyber attacks are also made due to certain intellectual challenges. This type of a hacker hacks for his own personal or social reasons
  42. 42. Reasons for Cyberattacks Personal differences Cyber attacks are also made due to certain intellectual challenges. This type of a hacker hacks for his own personal or social reasons To prevent such attacks, cyber security is implemented
  43. 43. What Is Cyber Security? Cyber Security refers to the practice of protecting networks, programs, computer systems, and their components from unauthorized digital access and attacks
  44. 44. Cyber Security refers to the practice of protecting networks, programs, computer systems, and their components from unauthorized digital access and attacks Cyberattack Cyber Security What Is Cyber Security?
  45. 45. Cyber Security and Information Security are different from one another Information Security Processes and tools deployed to protect sensitive information Cyber Security Set of techniques used to protect the integrity of networks What Is Cyber Security?
  46. 46. Reply Rate Click-Through Rate Compromising confidential data Financial crisis Information can be hacked which in turn can be used to spoil a company’s image A company can spend a lot of money and time in restoring the lost data Customers will discontinue business with an organization if their information is leaked Customer trust hampered The Cost of Not Being Cybersecure
  47. 47. Reply Rate Click-Through Rate Compromising confidential data Financial crisis Information can be hacked which in turn can be used to spoil a company’s image A company can spend a lot of money and time in restoring the lost data Customers will discontinue business with an organization if their information is leaked Customer trust hampered The Cost of Not Being Cybersecure
  48. 48. Reply Rate Click-Through Rate Compromising confidential data Financial crisis Information can be hacked which in turn can be used to spoil a company’s image A company can spend a lot of money and time in restoring the lost data Customers will discontinue business with an organization if their information is leaked Customer trust hampered The Cost of Not Being Cybersecure
  49. 49. Reply Rate Click-Through Rate Compromising confidential data Financial crisis Information can be hacked which in turn can be used to spoil a company’s image A company can spend a lot of money and time in restoring the lost data Customers will discontinue business with an organization if their information is leaked Customer trust hampered The Cost of Not Being Cybersecure Let us now have a look at the basic network terminologies, which is used in implementing cyber security
  50. 50. Basic Network Terminologies - Network A network is a group of devices connected to each other, the connection can either be wired or wireless
  51. 51. A network is a group of devices connected to each other, the connection can either be wired or wireless A network can be used for communication Basic Network Terminologies - Network
  52. 52. A network is a group of devices connected to each other, the connection can either be wired or wireless A network can be used for communication Basic Network Terminologies - Network
  53. 53. A network is a group of devices connected to each other, the connection can either be wired or wireless Basic Network Terminologies - Network Hardware devices such as printers and other input devices are also shared through a network
  54. 54. Basic Network Terminologies - Server Server is a device that handles requests for data, information, and network services from other computers and devices known as clients. All your data is stored on this server
  55. 55. Basic Network Terminologies - Server Server is a device that handles requests for data, information, and network services from other computers and devices known as clients. All your data is stored on this server Client Client Client Server Client-server model
  56. 56. Basic Network Terminologies - Internet Internet is referred to as a collection of multiple networks. It connects millions of networks across the world
  57. 57. Basic Network Terminologies - Internet Internet is referred to as a collection of multiple networks. It connects millions of networks across the world Network 1
  58. 58. Basic Network Terminologies - Internet Internet is referred to as a collection of multiple networks. It connects millions of networks across the world Network 1 Network 1
  59. 59. Basic Network Terminologies - Internet Internet is referred to as a collection of multiple networks. It connects millions of networks across the world Network 1 Network 1 Network 1 …… Internet
  60. 60. Basic Network Terminologies – TCP/ IP Transmission Control Protocol/ Internet Protocol is defined as the set of rules that determine the data connectivity and transmission between devices through the internet
  61. 61. Basic Network Terminologies – IP Address Internet protocol address is a numerical address which is assigned to each computer on a network. Without an IP address, a device cannot connect to the internet
  62. 62. Basic Network Terminologies – IP Address Internet protocol address is a numerical address which is assigned to each computer on a network. Without an IP address, a device cannot connect to the internet 172.16.254.1 IP address is a 32-bit address
  63. 63. Basic Network Terminologies – MAC Address Media Access Control (MAC) address is a unique identification number that is assigned to each hardware in the network. It is also known as the physical address, and it cannot be changed
  64. 64. Media Access Control (MAC) address is a unique identification number that is assigned to each hardware in the network. It is also known as the physical address, and it cannot be changed 00-2B-63-44-B5-E6 MAC address is a 12-digit hexadecimal number Basic Network Terminologies – MAC Address
  65. 65. Basic Network Terminologies – Router Router is a device that passes packets back and forth across networks. It routes the data in the appropriate path A home router passes the incoming traffic from the internet to your devices and passes the outgoing traffic from your local devices to the internet
  66. 66. Domain is referred to as a group of computers and other devices that are interconnected and treated as a whole Basic Network Terminologies – Domain
  67. 67. Domain name is nothing but the base part of a website name Basic Network Terminologies – Domain Name https://cybersecurity.com
  68. 68. Domain name is nothing but the base part of a website name Basic Network Terminologies – Domain Name https://cybersecurity.com https://cybersecurity.com Domain name
  69. 69. The Domain Name System (DNS) is like a phonebook. It is responsible for mapping the domain name into its corresponding IP address Basic Network Terminologies – DNS
  70. 70. The Domain Name System (DNS) is like a phonebook. It is responsible for mapping the domain name into its corresponding IP address Basic Network Terminologies – DNS https://cybersecurity.com Local PC DNS Server What is the IP of cybersecurity.com?
  71. 71. The Domain Name System (DNS) is like a phonebook. It is responsible for mapping the domain name into its corresponding IP address Basic Network Terminologies – DNS https://cybersecurity.com Local PC DNS Server This is the IP address: 172.16.254.1
  72. 72. Dynamic Host Configuration Protocol (DHCP) is the protocol that dynamically assigns IP addresses to devices in the network Basic Network Terminologies – DHCP
  73. 73. Dynamic Host Configuration Protocol (DHCP) is the protocol that dynamically assigns IP addresses to devices in the network Basic Network Terminologies – DHCP DHCP Server
  74. 74. Dynamic Host Configuration Protocol (DHCP) is the protocol that dynamically assigns IP addresses to devices in the network Basic Network Terminologies – DHCP DHCP Server 192.16.252.1 192.17.253.1 192.16.254.1 Here, are your IP addresses
  75. 75. Virtual Private Network (VPN) is a connection between a VPN server and a VPN client. It is a secure tunnel across the internet Basic Network Terminologies – VPN VPN client Hacker VPN server Internet
  76. 76. Virtual Private Network (VPN) is a connection between a VPN server and a VPN client. It is a secure tunnel across the internet Basic Network Terminologies – VPN VPN client Hacker VPN server Internet Encrypted tunnel
  77. 77. Botnet refers to the network of computers that are installed with malicious codes. Hackers use this to send spam messages without being traced easily Basic Network Terminologies – Botnet
  78. 78. Botnet refers to the network of computers that are installed with malicious codes. Hackers use this to send spam messages without being traced easily Basic Network Terminologies – Botnet Botmaster
  79. 79. Botnet refers to the network of computers that are installed with malicious codes. Hackers use this to send spam messages without being traced easily Basic Network Terminologies – Botnet Botnet Botmaster
  80. 80. Botnet refers to the network of computers that are installed with malicious codes. Hackers use this to send spam messages without being traced easily Basic Network Terminologies – Botnet Botnet Botmaster Malicious code
  81. 81. Botnet refers to the network of computers that are installed with malicious codes. Hackers use this to send spam messages without being traced easily Basic Network Terminologies – Botnet Botnet Victims Botmaster Malicious code
  82. 82. During the investigating of the attack, the Botmaster cannot be traced easily Basic Network Terminologies – Botnet Botnet Victims Botmaster Malicious code Tracing back Tracing back
  83. 83. Basic Network Terminologies – Botnet Botnet Victims Botmaster Malicious code Tracing back Tracing back Botmaster cannot be traced During the investigating of the attack, the Botmaster cannot be traced easily
  84. 84. Network Security Control Network Security Control refers to the different measures which are employed to enhance the security of a network
  85. 85. Network Security Control refers to the different measures which are employed to enhance the security of a network Let's have a look at the different types of network security control Firewall Intrusion Detection System (IDS) Honeypots Network Security Control
  86. 86. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Let's have a look at the different types of network security control Firewall Intrusion Detection System (IDS) Honeypots Network Security Control
  87. 87. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall
  88. 88. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall Firewall Private network Internet
  89. 89. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall Firewall Private network Internet
  90. 90. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall Firewall Private network Internet Good traffic
  91. 91. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall Firewall Private network Internet Good traffic
  92. 92. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall Firewall Private network Internet
  93. 93. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall Firewall Private network Internet Bad traffic
  94. 94. Firewall is a hardware or software that is responsible for blocking either incoming or outgoing traffic from the internet to your computer. Firewalls are required to secure a network Network Security Control - Firewall Firewall Private network Internet Bad traffic Firewall blocks bad traffic
  95. 95. Intrusion Detection System (IDS) is designed to detect unauthorized access to a system. It is used together with a firewall and a router Network Security Control - IDS Internet Router Firewall Switch Private network
  96. 96. Intrusion Detection System (IDS) is designed to detect unauthorized access to a system. It is used together with a firewall and a router Network Security Control - IDS Router Firewall Private network Switch IDS There is an alert when an attack is detected Management system ..
  97. 97. Honeypots are computer systems which are used to lure attackers. It is used to deceive attackers and defend the real network from any at Network Security Control - Honeypots
  98. 98. Honeypots are computer systems which are used to lure attackers. It is used to deceive attackers and defend the real network from any at Network Security Control - Honeypots Firewall Real network Honeypot Attacker Attacks honeypot thinking its victim’s network Real network is safe Internet
  99. 99. Security Testing is a software testing method which is carried out to identify threats and loopholes in a system. Carrying out this test will prevent any sort of system exploitation Security Testing
  100. 100. Security Testing is a software testing method which is carried out to identify threats and loopholes in a system. Carrying out this test will prevent any sort of system exploitation Security Testing Let's have a look at the different types of network security control Vulnerability Scanning Penetration Testing Security Auditing
  101. 101. It is a process of examining a system for weaknesses and issues before a potential hacker does. This process is an ongoing one and it should be carried out regularly Security Testing – Vulnerability Scanning
  102. 102. Penetration Testing simulates an attack from a malicious outsider. It checks for vulnerabilities which could be exploited by a hacker. This testing imitates the same methods a hacker would use, it is the most aggressive form of testing Security Testing – Penetration Testing The 3 types of penetration testing are Black box testing, Gray box testing and White box testing
  103. 103. Penetration Testing simulates an attack from a malicious outsider. It checks for vulnerabilities which could be exploited by a hacker. This testing imitates the same methods a hacker would use, it is the most aggressive form of testing Security Testing – Penetration Testing Application Input Output Black box testing Tester has zero knowledge of the application
  104. 104. Penetration Testing simulates an attack from a malicious outsider. It checks for vulnerabilities which could be exploited by a hacker. This testing imitates the same methods a hacker would use, it is the most aggressive form of testing Security Testing – Penetration Testing Application Input Output Black box testing Tester has zero knowledge of the application Input Tester has some knowledge of the application Output Gray box testing Application
  105. 105. Penetration Testing simulates an attack from a malicious outsider. It checks for vulnerabilities which could be exploited by a hacker. This testing imitates the same methods a hacker would use, it is the most aggressive form of testing Security Testing – Penetration Testing Application Input Output Black box testing Tester has zero knowledge of the application Input Tester has some knowledge of the application Output Gray box testing Application Application Input Tester has complete knowledge of the application Output White box testing
  106. 106. Security Auditing is an internal check which is carried out to find out flaws in the organization’s information system Security Testing – Security Auditing
  107. 107. Cyber Security Goal – CIA Confidentiality, Integrity, and Availability (CIA) is a security model that is designed to protect information within a company CIA triad
  108. 108. Cyber Security Goal – CIA Confidentiality, Integrity, and Availability (CIA) is a security model that is designed to protect information within a company CIA triad Confidentiality
  109. 109. Cyber Security Goal – CIA Confidentiality, Integrity, and Availability (CIA) is a security model that is designed to protect information within a company CIA triad Confidentiality Integrity
  110. 110. Cyber Security Goal – CIA Confidentiality, Integrity, and Availability (CIA) is a security model that is designed to protect information within a company CIA triad Confidentiality Integrity Availability
  111. 111. Tackling Cybercrime We can have a check on cybercrimes by adopting the following measures Use unique and strong passwords
  112. 112. Tackling Cybercrime We can have a check on cybercrimes by adopting the following measures Avoid public Wi-Fi Use unique and strong passwords
  113. 113. Tackling Cybercrime We can have a check on cybercrimes by adopting the following measures Avoid public Wi-Fi Ignore and delete mails from unknown senders Use unique and strong passwords
  114. 114. Tackling Cybercrime We can have a check on cybercrimes by adopting the following measures Avoid public Wi-Fi Ignore and delete mails from unknown senders Use unique and strong passwords Make use of antivirus software
  115. 115. Tackling Cybercrime We can have a check on cybercrimes by adopting the following measures Avoid public Wi-Fi Ignore and delete mails from unknown senders Use unique and strong passwords Make use of antivirus software Use two step verification process
  116. 116. Tackling Cybercrime We can have a check on cybercrimes by adopting the following measures Avoid public Wi-Fi Ignore and delete mails from unknown senders Use unique and strong passwords Make use of antivirus software Use two step verification process Be careful while downloading apps
  117. 117. Questions & Answers
