Recommended
More Related Content
What's hot
What's hot (20)
Similar to Cyber security
Similar to Cyber security (20)
More from Manjushree Mashal
More from Manjushree Mashal (15)
Recently uploaded
Recently uploaded (20)
Cyber security
- 2. Outline Introduction to Cyber Security CIA in Cyber Security Major Security Problem - Cyber Attack Types of Cyber Attack Major Cyber attacks in INDIA Cyber Security as Profession 2
- 3. What is the meaning of the word CYBER What is the need of Cyber Security What are the security problems in Cyber field How to implement and maintain Security of a Cyber field around us.
- 4. It is acombining form relating to information technology, the Internet, and virtual reality. Meaning of the Word CYBER
- 5. Introduction to Cyber Security •The term Cyber Security is used to refer to the security offered through on-line services to protect your information. •Cyber Security is protection against the criminal or unauthorized use of electronic data 5
- 6. Why Cyber Security is important? 6 • Cyber Security is not a one-time process to achieve • It is an ever growing challenge encountered from time to time • When old problems are fixed and rectified, new targeted attacks challenge the Cyberspace • Cyber security is a process by itself and not the end
- 7. CIA in Cyber Security
- 8. CIA IN CYBER SECURITY https://youtu.be/rwigKjEsdTc
- 9. Top Five Risks- Global Instability • According to the World Economic Forum’s Global Risk Report 2018, Cyber-attacks are 3rd threat the World is facing today after natural disasters Top 5 Risks Natural disaster Extreme weather conditions Cyber-Attacks Data frauds Failure to address climate change 9
- 10. Definition of Cyber Attack 10 CIA of the Internet or • It refers to compromise in the resources or data stored in a Intranet connected computer • Deliberate exploitation of computer system resources, networks and technology connected through WWW • Compromises data by injecting malicious code into the actual code
- 11. First- Major Cyber Attack 11 • The Morris worm (1988) is the first known major cyber-attack • It was used as a weakness in the UNIX system and it replicated itself • The worm was developed by Robert T apan Morris • He was the first person ever to be convicted under the US computer fraud and abuse act
- 12. Purpose and Motivation for Cyber Attacks Money Curiosity Revenge Fun Praise Seekers 12
- 14. Viruses and Worms A Virus is a “program that is loaded onto your computer without your knowledge and runs against your wishes
- 15. Solution Install a security suite that protects the computer against threats such as viruses and worms.
- 16. Hackers In common a hacker is a person who breaks into computers, usually by gaining access to administrative controls.
- 17. How To prevent hacking It may be impossible to prevent computer hacking, however effective security controls including strong passwords, and the use of firewalls can helps.
- 18. Malware The word "malware" comes from the term "MALicious softWARE." Malware is any software that infects and damages a computer system without the owner's knowledge or permission.
- 19. To Stop Malware Download anti-malware program that also helps prevent infections. Activate Network Threat Protection, Firewall, Antivirus.
- 20. Trojan Horses Trojan horses are email viruses that can duplicate themselves, steal information, or harm the computer system. These viruses are the most serious threats to computers
- 21. How to Avoid Trojans Security suites, such as Avast Internet Security, will prevent you from downloading Trojan Horses.
- 23. Most Common types of Cyber-attacks CyberAttack types DoS and DDoS attack XSS attack SQL Injection attack Man-in-the-Middle attack Birthday attack Password attack Eavesdropping attack Phishing and spear phishing attack Drive-by download attack 23
- 24. DOS ATTACK
- 25. MAN IN THE MIDDEL ATTACK
- 26. IP SPOOFING
- 28. XSS ATTACK
- 29. DATA BREACH a data breach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission. Anyone can be at risk of a data breach — from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected. data breaches happen due to weaknesses in: Technology User behavior https://youtu.be/0kK902-ZvNM
- 31. Major Cyber attacks in india Cosmos Bank Cyber Attack in Pune UIDAI Aadhaar Software Hacked ATM System Hacked Bib B Amitabh Bachchan ‘s Twitter Account Hacked! --Social media hack Facebook database leak data of 419 million users Personal Data Exposed from JustDial Database Data Breach in BIGBASKET
- 32. Cyber Security Measures for Organizations to Prevent Cyber Attacks 1)Educate employees on the emerging cyber attacks with security awareness training. 2) Keep all software and systems updated from time to time with the latest security patches. 3)Get regular Vulnerability Assessment and Penetration Testing to patch and remove the existing vulnerabilities in the network and web application . 4)Limit employee access to sensitive data or confidential information and limit their authority to install the software. 5)Use highly strong passwords for accounts and make sure to update them at long intervals.
- 33. Network Attackers Tool(Penetration Testing Tool) Metasploit Framework
- 34. WIRESHARK sqlmap Kali Linux Social Engineering Tool Kit Cain and Able NMAP
- 35. Network Attack Prevention Tips Install Software Updates Use Unique Password Use Two Factor AUTHENTICATION USE STRONG PASSSWORD and PASSWORD MANAGER Use a firewall for your Internet connection. Browse Safely Online and Clear Browser after Leaving Computer
- 36. Tools used for Cyber Security Common tools used to prevent Data Leakage Passwords Anti-Virus/ Anti-Malware Software Software Patches Firewalls Authentication Encryption 36
- 38. CYBER SECURITY AS PROFESSION
- 39. JOB ROLES IN CYBER SECURITY
- 41. CYBER SECURITY ENGINEER SKILLS
- 42. Cyber Security Engineer career pathway
- 44. Conclusion 44 •We are living in digital era and digital technology has transformed our lives promoting the need for Cyber Security • Cyber Attacks have started affecting most of the systems today because of the dependency on technology • It is very important to know what are Cyber Attacks and how the Cyber Attacks affect the system
- 45. Cyber Security Is Everyone’s Responsibility
- 46. Thank you 46
Editor's Notes
- Cyber came from cybernetics Cybernetics influences game, system, and organizational theory. cybernetics arose as the study of control systems and communications between people and machines. If I say today we live in cyber age mean age of computer ,INFORMATION technology ,virtual reality A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules
- Cyber security Fundamentals – Confidentiality: Confidentiality is about preventing the disclosure of data to unauthorized parties. It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous. Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle (MITM) attacks, disclosing sensitive data. Standard measures to establish confidentiality include: • Data encryption • Two-factor authentication • Biometric verification • Security tokens Integrity Integrity refers to protecting information from being modified by unauthorized parties. Standard measures to guarantee integrity include: • Cryptographic checksums • Using file permissions • Uninterrupted power supplies • Data backups Availability Availability is making sure that authorized parties are able to access the information when needed. Standard measures to guarantee availability include: • Backing up data to external drives • Implementing firewalls • Having backup power supplies • Data redundancy Confidentiality is roughly equivalent to Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories. Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality). Availability means information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
- https://youtu.be/rwigKjEsdTc https://youtu.be/rwigKjEsdTc?t=1
- The attacker can do any of the following after gaining access to your network: • Block the traffic, resulting in a loss of access to the network by authorized users. • Send invalid data to applications or network services causing unexpected behavior of the applications or services. • Flood a computer or the entire network with traffic until an overload happens causing shutdown. DOS ATTACK TYPES (S)SYN flood A SYN flood is a type of DOS attack in which an attacker sends a series of SYN requests to a target’s system in an attempt to use vast amounts of server resources to make the system unresponsive to legitimate traffic. 2. Teardrop attacks A teardrop attack involves the hacker sending broken and disorganized IP fragments with overlapping, over-sized payloads to the victims machine. The intention is to obviously crash operating systems and servers due to a bug in the way TCP/IP fragmentation is re-assembled. All operating systems many types of servers are vulnerable to this type of DOS attack, including Linux. 3. Low-rate Denial-of-Service attacks Don’t be fooled by the title, this is still a deadly DoS attack! The Low-rate DoS (LDoS) attack is designed to exploit TCP’s slow-time-scale dynamics of being able to execute the retransmission time-out (RTO) mechanism to reduce TCP throughput. In short, a hacker can create a TCP overflow by repeatedly entering a RTO state through sending high-rate and intensive bursts – whilst at slow RTO time-scales. The TCP throughput at the victim node will be drastically reduced while the hacker will have low average rate thus making it difficult to be detected. 4. Internet Control Message Protocol (ICMP) flood Internet Control Message Protocol (ICMP) is a connectionless protocol used for IP operations, diagnostics, and errors. An ICMP Flood – the sending of an abnormally large number of ICMP packets of any type (especially network latency testing “ping” packets) – can overwhelm a target server that attempts to process every incoming ICMP request, and this can result in a denial-of-service condition for the target server. 5. Peer-to-peer attacks A peer-to-peer (P2P) network is a distributed network in which individual nodes in the network (called “peers”) act as both suppliers (seeds) and consumers (leeches) of resources, in contrast to the centralized client–server model where the client server or operating system nodes request access to resources provided by central servers Security Solutions Monitoring the packets to save your server from the entrance of the counterfeit packets. Timely upgrading of the security patches on your host’s operating system. Beware of running of your server very close to the last level of the capacity.
- Attacker is monitoring, capturing and controlling data sent between you and the person whom you are communicating with transparently At low levels of communication on the network layer, computers might not be able to determine with whom they are exchanging data. Attacker assumes your identity and attempts to gather as much information as possible, while the person you’re communicating with thinks it is you. Man-In-The-Middle (MITM) attack is the type of attack where attackers intrude into an existing communication between two computers and then monitor, capture, and control the communication. In Man-in-the-middle attack, an intruder assumes a legitimate users identity to gain control of the network communication. The other end of the communication path might believe it is you and keep on exchanging the data. Man-in-the-Middle (MITM) attacks are also known as "session hijacking attacks", which means that the attacker hijacks a legitimate user's session to control the communication. A man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data exactly. For example, the attacker can re-route a data exchange. Man-in-the-middle attacks are like someone assuming your identity in order to read your communications. The person on the other end may believe it is you because the attacker might be actively replying as you to keep the exchange going and get the desired information. This attack is capable of the same damage as an application-layer attack. Security Solutions Many preventive methods are available for Man-In-The-Middle (MITM) attack and some are listed below. • Public Key Infrastructure (PKI) technologies, • Verifying delay in communication • Stronger mutual authentication Using Public Key Infrastructures based authentications. It not only protects the applications from eavesdropping and other attacks but also validates the applications as a trusted one. Both the ends are authenticated hence preventing (MITM) Man-in-the-middle-attack. Setting up passwords and other high level secret keys in order to strengthen the mutual authentication. Time testing techniques such as Latency examination with long cryptographic hash functions confirming the time taken in receiving a message by both the ends. Suppose if the time taken by a message to be delivered at one end is 20 seconds and if the total time taken exceeds up to 60 seconds then it proves the existence of an attacker.
- The ability to inject packets into the Internet with a false source address is known as IP spoofing, IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it. IP Address Spoofing Attacks IP address spoofing is one of the most frequently used spoofing attack methods. In an IP address spoofing attack, an attacker sends IP packets from a false (or “spoofed”) source address in order to disguise itself. Denial-of-service attacks often use IP spoofing to overload networks and devices with packets that appear to be from legitimate source IP addresses. There are two ways that IP spoofing attacks can be used to overload targets with traffic. One method is to simply flood a selected target with packets from multiple spoofed addresses. This method works by directly sending a victim more data than it can handle. The other method is to spoof the target’s IP address and send packets from that address to many different recipients on the network. When another machine receives a packet, it will automatically transmit a packet to the sender in response. Since the spoofed packets appear to be sent from the target’s IP address, all responses to the spoofed packets will be sent to (and flood) the target’s IP address. IP spoofing attacks can also be used to bypass IP address-based authentication. This process can be very difficult and is primarily used when trust relationships are in place between machines on a network and internal systems. Trust relationships use IP addresses (rather than user logins) to verify machines’ identities when attempting to access systems. This enables malicious parties to use spoofing attacks to impersonate machines with access permissions and bypass trust-based network security measures. Security Solutions Filtering of packets entering into the network is one of the methods of preventing Spoofing. In other hand, filtering of incoming and outgoing traffic should also be implemented. ACLs helps prevent Spoofing by not allowing falsified IP addresses to enter. Accreditation to encryption should be provided in order to allow only trusted hosts to communicate with. SSL certificates should be used to reduce the risk of spoofing at a greater extent.
- SQL (pronounced “sequel”) stands for structured query language; it’s a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. This is especially problematic if the server stores private customer information from the website, such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information, which are tempting and lucrative targets for an attacker. An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website's search box and type in code that would force the site's SQL server to dump all of its stored usernames and passwords for the site. SQL injection attack is another type of attack to exploit applications that use client-supplied data in SQL statements. Here malicious code is inserted into strings that are later passed to database application for parsing and execution. The common method of SQL injection attack is direct insertion of malicious code into user-input variables that are concatenated with SQL commands and executed. Another type of SQL injection attack injects malicious code into strings and are stored in tables. An SQL injection attack is made later by the attacker. Following example shows the simplest form of SQL injection. var UserID; UserID = Request.form ("UserID"); var InfoUser = "select * from UserInfo where UserID = '" + UserID + "'"; If the user fills the field with correct information of his UserID (F827781), after the script execution the above SQL query will look like SELECT * FROM UserInfo WHERE UserID = 'F827781' Consider a case when a user fills the field with the below entry. F827781; drop table UserInfo-- After the execution of the script, the SQL code will look like SELECT * FROM UserInfo WHERE UserID = ' F827781';drop table UserInfo-- This will ultimately result in deletion of table UserInfo
- XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script. For example, it might send the victim’s cookie to the attacker’s server, and the attacker can extract it and use it for session hijacking. The most dangerous consequences occur when XSS is used to exploit additional vulnerabilities. These vulnerabilities can enable an attacker to not only steal cookies, but also log key strokes, capture screenshots, discover and collect network information, and remotely access and control the victim’s machine.
- Beware! Cyber security attacks in India grew 194% in 2020 375 cyberattacks 'India sees 375 cyberattacks everyday'17-Nov-2020 Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019
- Recently, grocery delivery platform Bigbasket faced a data breach where over 2 Cr users data was compromised 375 cyberattacks 'India sees 375 cyberattacks everyday'17-Nov-2020 Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019 2018 started with a massive data breach of personal records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites had leaked Aadhaar details of people online. Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders. If it wasn’t enough shocking, anonymous sellers were selling Aadhaar information of any person for Rs. 500 over Whatsapp. Also, one could get any person’s Aadhaar car printout by paying an extra amount of Rs.300. Around mid-2018, Canara bank ATM servers were targeted in a cyber attack. Almost 20 lakh rupees were wiped off from various bank accounts. here can be a question that social media profiles are subjected to hacking all the time. But with Amitabh Bachan’s statitude the hack became controversial and was announced as one of the Cyber Attacks on IndiaLately, Amitabh Bachchan’s twitter handle got hacked and the perpetrators posted hateful messages putting everybody in shock. An unprotected API end was the issue in this incident. Justdial one of India’s leading local search platform let a loose end which exposed all of their user data who accessed their services through the web, mobile, and their phone number. Leaked data includes name, email, number, address gender, etc. the shocking part according to reports is that since 2015 the API has been exposed like this.
- 1.Metasploit Framework – an open source tool for exploit development and penetration testing Metasploit is well known in the security community. Metasploit has exploits for both server and client based attacks; with feature packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go to tool if you want to break into a network or computer system. Defending against Metasploit: Keep all software updated with the latest security patches. Use strong passwords on all systems. Deploy network services with secure configurations.
- 2.Ettercap – a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW! Defending against Ettercap: Understand that ARP poisoning is not difficult in a typical switched network. Lock down network ports. Use secure switch configurations and NAC if risk is sufficient. 3.sslstrip – using HTTPS makes people feel warm, fuzzy and secure. Using sslstrip this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords and emails from your boss all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that warm and fuzzy feeling. Defending against sslstrip: Be aware of the possibility of MITM attacks (arp, proxies / gateway, wireless). Look for sudden protocol changes in browser bar. Not really a technical mitigation! 4.evilgrade – another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, itunes, quicktime and winamp! It really whips the llamas ass! Defending against evilgrade: Be aware of the possibility of MITM attacks (arp attacks, proxy / gateway, wireless). Only perform updates to your system or applications on a trusted network. 5. 5.Social Engineer Toolkit – makes creating a social engineered client side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open source client side attack weapon of choice. Defending against SET: User awareness training around spear phishing attacks. Strong Email and Web filtering controls. 6.sqlmap – SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting sql injection; but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system. Defending against sqlmap: Filter all input on dynamic websites (secure the web applications). Use mod_proxy or other web based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF). 7. Cain and Abel – Cracking passwords, sniffing VOIP and Man in the Middle (MITM) attacks against RDP are just a few examples of the many features of this Windows only tool. Defending against Cain and Abel: Be aware of the possibility of MITM attacks (arp attacks, untrusted proxy / gateway, wireless). Use strong passwords everywhere.