Uploaded byMsVaishaliKumar
PPTX, PDF112 views

Unit 1.pptx

This document provides an introduction to cyber security, including definitions and key concepts. It describes cyber security as protecting internet-connected systems from malicious attacks. The document then outlines different types of cyber security such as network security, application security, information security, identity management, cloud security, mobile security, endpoint security, and IoT security. It discusses the importance of cyber security and its goals of ensuring data protection, confidentiality, integrity, and availability. Finally, it defines common cyber security terminology.

Embed presentation

Download to read offline
Unit 1 Fundamentals of Cyber Security
Introduction to Cyber Security • The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. • Cybersecurity into two parts one is cyber, and the other is security. • Cyber refers to the technology that includes systems, networks, programs, and data. • And security is concerned with the protection of systems, networks, applications, and information.
Cont... • Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access. • Cyber Security is the set of principles and practices designed to protect our computing resources and online information against threats. • Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access
Types of Cyber Security • Network Security: It involves implementing the hardware and software to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. • It involves technologies such as Firewalls, Intrusion detection systems (IDS), Virtual private networks (VPNs), and Network segmentation.
Cont.. • Application Security: • It involves protecting the software and devices from unwanted threats. • This protection can be done by constantly updating the apps to ensure they are secure from attacks. • Successful security begins in the design stage, writing source code, validation, threat modeling, etc., before a program or device is deployed.
Cont.. • Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. • It includes Encryption, Access controls, Data classification, and Data loss prevention (DLP) measures. • Identity management: It deals with the procedure for determining the level of access that each individual has within an organization.
Cont.. • Cloud Security: It involves securing data, applications, and infrastructure hosted on cloud platforms, and ensuring appropriate access controls, data protection, and compliance. • It uses various cloud service providers such as AWS, Azure, Google, etc., to ensure security against multiple threats.
Cont.. • Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. • These threats are unauthorized access, device loss or theft, malware, etc. • Regularly backing up mobile device data is important to prevent data loss in case of theft, damage, or device failure. • Mobile devices often connect to various networks, including public Wi-Fi, which can pose security risks. It is important to use secure networks whenever possible, such as encrypted Wi-Fi networks or cellular data connections.
Cont.. • Endpoint Security: refers to securing individual devices such as computers, laptops, smartphones, and IoT devices. • It includes antivirus software, intrusion prevention systems (IPS), device encryption, and regular software updates.
Cont.. • Internet of Things (IoT) Security : Devices frequently run on old software, leaving them vulnerable to recently identified security vulnerabilities. • This is generally the result of connectivity problems or the requirement for end users to manually download updates. • Manufacturers frequently ship Internet of Things (IoT) devices (such as home routers) with easily crackable passwords, which may have been left in place by suppliers and end users. • These devices are easy targets for attackers using automated scripts for mass exploitation when they are left exposed to remote access.
Importance of Cyber Security • Self Study
Cyber Security Goals • Cyber Security's main objective is to ensure data protection. • There is a triangle of three related principles to protect the data from cyber-attacks. • This principle is called the CIA triad. • The CIA triad which stands for Confidentiality, Integrity, and Availability is a design model to guide companies and organizations to form their security policies.
CIA Model • When any security breaches are found, one or more of these principles has been violated. • The components of the triad are considered to be the most important and fundamental components of security.
CIA Model- Confidentiality • Confidentiality : is equivalent to privacy that avoids unauthorized access of information. • It involves ensuring the data is accessible by those who are allowed to use it and blocking access to others. • It prevents essential information from reaching the wrong people. • Data encryption is an excellent example of ensuring confidentiality.
CIA Model- Integrity • This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by threat actors or accidental user modification. • If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event. • It indicates to make the source of information genuine.
CIA Model- Availability • This principle makes the information to be available and useful for its authorized people always. • It ensures that these accesses are not hindered by system malfunction or cyber- attacks.
Cyber Security Terminologies • Vulnerability: A Security Vulnerability is a weakness, flaw, or error found within a security system that has the potential to be leveraged by a threat agent in order to compromise a secure network. • In the process of building and coding technology mistakes happen. What’s left behind from these mistakes is commonly referred to as a bug. • bugs aren’t inherently harmful, many can be taken advantage of by nefarious actors—these are known as vulnerabilities. • Vulnerabilities can be leveraged to force software to act in ways it’s not intended to. • Once a bug is determined to be a vulnerability, it is registered as common vulnerability or exposure (CVE), and assigned a Common Vulnerability Scoring System (CVSS) score to reflect the potential risk it could introduce to your organization.
Security Vulnerability Examples • There are a number of Security Vulnerabilities, some common examples are: • Broken Authentication: When authentication credentials are compromised, user sessions and identities can be hijacked by malicious actors to pose as the original user. • SQL Injection: As one of the most prevalent security vulnerabilities, SQL injections attempt to gain access to database content via malicious code injection. A successful SQL injection can allow attackers to steal sensitive data, spoof identities, and participate in a collection of other harmful activities. • Cross-Site Scripting: Much like an SQL Injection, a Cross-site scripting (XSS) attack also injects malicious code into a website. However, a Cross-site scripting attack targets website users, rather than the actual website itself, which puts sensitive user information at risk of theft.
Cont.. • Cross-Site Request Forgery: A Cross-Site Request Forgery (CSRF) attack aims to trick an authenticated user into performing an action that they do not intend to do. This, paired with social engineering, can deceive users into accidentally providing a malicious actor with personal data. • Security Misconfiguration: Any component of a security system that can be leveraged by attackers due to a configuration error can be considered a “Security Misconfiguration.”
Cyber Threat • Exploit: A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data. • Hacker (Black Hat, White Hat): Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda, or simply boredom. – White Hat : A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for the purposes of informing the host of where security needs to be buffed up.
Cont.. • Security breach — A security breach is any incident that results in unauthorized access to computer data, applications, networks or devices. • Facebook saw internal software flaws lead to the loss of 29 million users' personal data in 2018. This compromised accounts included that of company CEO Mark Zuckerberg. • Data Breach-The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. • Generally, a data breach results in internal data being made accessible to external entities without authorization. • Risk assessment — The process of evaluating the state of risk of an organization. Risk assessment is often initiated through taking an inventory of all assets, assigning each asset a value, and then considering any potential threats against each asset. • Threats are evaluated for their exposure factor (EF) in order to calculate a relative risk value known as the ALE (Annualized Loss Expectancy). • The largest ALE indicates the biggest concern or risk for the organization.
Cont.. • Threat assessment — The process of evaluating the actions, events and behaviors that can cause harm to an asset or organization. Threat assessment is an element of risk assessment and management. • link jacking — A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. • For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the original source of the article.
Social Engineering • Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. • It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. • Social engineering attacks happen in one or more steps.
Cont.. • A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. • Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.
Social Engineering Lifecycle
Baiting • Baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. • Baiting scams don’t necessarily have to be carried out in the physical world. Online forms of baiting consist of enticing ads that lead to malicious sites or that encourage users to download a malware-infected application.
Scareware • Scareware involves victims being bombarded with false alarms and fictitious threats. • Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit or is malware itself. • Scareware is also referred to as deception software, rogue scanner software and fraudware.
Cont.. • A common scareware example is the legitimate-looking popup banners appearing in your browser while surfing the web, displaying such text such as, “Your computer may be infected with harmful spyware programs.” It either offers to install the tool (often malware-infected) for you, or will direct you to a malicious site where your computer becomes infected.
Pretexting • Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task. • The attacker usually starts by establishing trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons who have right-to-know authority. • The pretexter asks questions that requires to confirm the victim’s identity, through which they gather important personal data.
Phishing • As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. • It then trick them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
Phishing • An example is an email sent to users of an online service that alerts them of a policy violation requiring immediate action on their part, such as a required password change. • It includes a link to an illegitimate website— nearly identical in appearance to its legitimate version—prompting the unsuspecting user to enter their current credentials and new password. Upon form submission the information is sent to the attacker.
Social engineering prevention • Don’t open emails and attachments from suspicious sources – If you don’t know the sender in question, you don’t need to answer an email. Even if you do know them and are suspicious about their message, cross-check and confirm the news from other sources, such as via telephone or directly from a service provider’s site. • Use multifactor authentication – One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise.
Cont. • Be wary of tempting offers – If an offer sounds too enticing, think twice before accepting it as fact. • Keep your antivirus/antimalware software updated – Make sure automatic updates are engaged, or make it a habit to download the latest signatures first thing each day.
Footprinting • Footprinting refers to the process of collecting data over time in order to make a targeted cyberattack . • The process of cybersecurity footprinting involves profiling organizations and collecting data about the network, host, employees and third-party partners. • This information includes the OS used by the organization, firewalls, network maps, IP addresses, domain name system information, security configurations of the target machine, URLs, virtual private networks, staff IDs, email addresses and phone numbers.
Cont.. • Footprinting can be performed manually or using automated tools. • It may involve scanning for open ports, identifying user accounts, and mapping network topologies. • By understanding the layout of the target’s infrastructure, attackers can identify potential vulnerabilities that may be exploitable.
What Information Is Collected in Footprinting? • Network topology. Collecting this type of information involves identifying the IP addresses and hostnames of all systems on the network and mapping out the connections among them. • Operating systems and applications. Information about the target’s operating system and applications can be used to identify potential security vulnerabilities. For example, if a company uses an outdated version of Windows, it may be vulnerable to specific attacks that are not possible against newer versions.
Cont.. • User accounts. Footprinting can reveal usernames and passwords for user accounts on the target system, which can be helpful in the later stages of an attack. • Web servers. This includes the servers’ software versions, installed modules, and enabled features.
Types of Footprinting • There are two main types of footprinting: passive and active. • Passive footprinting involves collecting data without actively engaging with the target system. • Under this approach, information is collected through crawling websites and social media platforms, among other methods. • For example, tools like tcpdump and Wireshark can be used to capture packets sent and received by the target system.
Active Footprinting • Active footprinting involves interacting with the target system to gather information. This can be done manually or using automated tools like using the traceroute commands. • Active footprinting is more intrusive and can potentially cause harm to the target system if not done carefully, but it can also gather information that can’t be collected through passive footprinting.
Steps of Footprinting • 1. Identifying Targets: The first step is to identify which systems or organizations to footprint by scanning networks for open ports or performing reconnaissance using Google searches and other tools. • 2. Gathering Information: After the target has been identified, the next step is to gather as much information about it as possible
Cont.. • 3. Analyzing Results: After all relevant data has been collected, it needs to be analyzed to determine the most vulnerable points. This is done by identifying common weaknesses across multiple systems or comparing results against known exploits. • 4. Planning Attacks: The final step is to use the information gathered during footprinting to plan a successful attack against the target’s systems, networks, and devices. This may involve developing custom exploits or choosing a suitable attack vector based on the data collected.
Advantages of footprinting • Footprinting techniques in ethical hacking help businesses identify and secure IT infrastructure before a threat actor exploits a vulnerability. Users can also build a database of known vulnerabilities and loopholes. • Footprinting also helps companies better understand their current security posture through analysis of data gathered about the firewall, security configuration and more. • Drawing a network map helps cover all trusted routers, servers and other network topologies. Users can pursue a reduced attack surface by narrowing it down to a specific range of systems.
Scanning • Scanning can be considered a logical extension (and overlap) of active reconnaissance that helps attackers identify specific vulnerabilities. • The attacker has gained valuable insights about the target. • But a deeper insights are required. • Scanning helps in getting more specific information about the target. • Attackers use automated tools such as network scanners and application scanners to locate systems and attempt to discover vulnerabilities. • The scanning methods may differ based on the attack objectives, which are set up before the attackers actually begin this process.
Types of scanning in ethical hacking • Scanning is the second step in ethical hacking. • It helps the attacker get detailed information about the target. • Scanning could be basically of three types: 1. Port Scanning 2. Network Scanning 3. Vulnerability Scanning
Port Scanning • Port Scanning is Detecting open ports and running services on the target host. • Port scanning could be further divided into 5 types: 1. Ping Scan – This is the simplest scan. Ping scan sends ICMP packets and wait for the response from the target. If there is a response, the target is considered to be active and listening. 2. TCP Half Open – Also, referred to as SYN scan, this is another very common type of scanning method 3. TCP Connect – TCP connect is similar to TCP half open, except for the fact that a complete TCP connection is established in TCP connect port scanning. 4. UDP – UDP is used by very common services like DNS, SNMP, DHCP. So, sending a UDP packet and waiting for a response helps gather information about UDP ports. 5. Stealth Scanning – As the word says, stealth means a quieter activity. When an attacker wants to be undetected while scanning, a stealth scan is used.
Network Scanning • Network scanning is the process or technique by which we scan the network to gain details such as active hosts, open ports including running TCP and UDP services, open vulnerabilities, details about the host like operating system and much more. • For IP (internet protocol) networks, generally “ping” is used for reaching a host and checking its status. Ping is an ICMP (Internet Control Message Protocol) utility and sends packets to the target and receives an ICMP echo reply.
Vulnerability Scanning • Vulnerability Scanning – Scanning to gather information about known vulnerabilities in a target. • Vulnerability scans are conducted via automated vulnerability scanning tools to identify potential risk exposures and attack vectors across an organization’s networks, hardware, software, and systems.
Difference Between Scanning and FootPrinting • During active reconnaissance, there is contact with the target network. • However, in the scanning step (2nd step of ethical hacking), the attacker already has basic information about the network and the infrastructure. • The aim is to get details like active host names, open ports, operating systems on the active hosts, etc. • While they might seem the same, scanning is not possible or rather, would not be successful without an in-depth and detailed reconnaissance. The scanning step further expands reconnaissance and takes it to the next level.
Security Architecture • Cybersecurity establishments need an adaptive security architecture. • It’s a valuable framework to help enterprises classify all potential and existing security investments to determine where they’re deficient and make sure there’s a balanced approach to cyber security.
Security Architecture
Perimeter Security • The set of physical & technical security and programmatic policies that provide levels of protection against remote malicious activity; used to and protect the back-end systems from unauthorized access. • When properly configured, the perimeter defense security model can prevent, delay, absorb and/or detect attacks, thus reducing the risk to critical back-end systems.
Network Security • The layer that partitions the broader network of assets and connections into enclaves; • an enclave is a distinctly bounded area enclosed within a larger unit. • Enclaves incorporate their individual access controls and protection mechanisms. • Network Security layer when properly used can prevent damages to travel from one enclave to others and also sets policies of accesses specific to the enclaves.
Cont.. • Endpoint Security: Security protection mechanisms and controls that reside directly on an endpoint device (final devices such as computers, laptops, mobile devices, tablets, etc.) interfacing with any network or system. • Application Security: Security protection mechanisms and controls that are embedded within the applications residing on the network, enclaves, and Endpoint devices. Examples of such applications could be – MS Office, ERP application, Mobile Apps, etc.
Cont.. • Data Security: The layer of security that protects data in the Enterprise regardless of the data’s state, that is, whether it is in motion, at rest or in use. • Prevention: This is achieved by Policies, procedures, training, threat modelling, risk assessment, penetration testing and all other inclusive sustainment activities to posture a secure position. • Operations: Constant observation of the Enterprise with a keen eye, coupled with the right tools and processes, to recognize incidents & events, and respond accordingly in a timely manner.
Security Operations (SecOps) • Security operations (SecOps) is a term used to describe the collaboration between security and operations teams within an organization. • IT operations has continued to expand over the years, branching out into individual specialties that tends to create siloed (individual) activities. • SecOps seeks to foster more collaboration between IT security and IT operations to help prioritize network and data security and mitigate risk without sacrificing IT performance. • A key tenet of SecOps, however, is to ensure that security is a fundamental part of every project and included in even the earliest stages of project development.
Cont… • The SecOps team is a team of highly skilled IT and security professionals who monitor threats and assess risk across an organization. The SecOps team is the lifeblood of a security operations center (SOC). • Roles include SOC analysts, security engineers, a security manager, an IT operations manager and system admins, who all report up to the chief information security officer (CISO). • The goal of SecOps is to improve an organization’s security posture, identify security issues and detect vulnerabilities, and facilitate a unified approach to security across individual departments. This approach helps with cross-team collaboration to complete tasks more efficiently and eliminate duplication of effort.
Cyber terrorism • Cyber terrorism (also known as digital terrorism) is defined as disruptive attacks by recognised terrorist organisations against computer systems with the intent of generating alarm, panic, or the physical disruption of the information system. • Cyberterrorism is often defined as a politically motivated attack against information systems, programs and data that threatens violence or results in violence.
Thank You

More Related Content

PPTX
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
PPTX
Information Security Bachelor in Information technology unit 1
byssuserf35ac9
 
PPTX
Cybersecurity Training For Sales People.pptx
bysubodh258201
 
PDF
InfoSec 101 Cyber attack vs cyber defense
byyatarz
 
PDF
Cyber Ethics Notes.pdf
byAnupmaMunshi
 
PPTX
unit -ii security1.pptx for Information system management
byemjalaraju1
 
PPTX
Cyber Sequrity.pptx is life of cyber security
byperweeng31
 
PPTX
Information Security
byUmangThakkar26
 
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
Information Security Bachelor in Information technology unit 1
byssuserf35ac9
 
Cybersecurity Training For Sales People.pptx
bysubodh258201
 
InfoSec 101 Cyber attack vs cyber defense
byyatarz
 
Cyber Ethics Notes.pdf
byAnupmaMunshi
 
unit -ii security1.pptx for Information system management
byemjalaraju1
 
Cyber Sequrity.pptx is life of cyber security
byperweeng31
 
Information Security
byUmangThakkar26
 

Similar to Unit 1.pptx

PPTX
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
PDF
Cyber Security.pdf
bypreethajoseph5
 
PPTX
Introduction to cyber security module1.pptx
bymeghana25s2000
 
PDF
overview of cyber security and related chapters
byphoenixbyte
 
PPTX
Cybersecurity and digital Security fundamentals for students
byyogenderjalal2000
 
PPTX
Cyber crime and Information Security.pptx
bySAINATHYADAV11
 
PPTX
cyber security presentation.pptx
bykishore golla
 
PPTX
Information security and cyber law Unit -1.pptx
bymohitsolanki2807
 
PPTX
U-1.pptx..........................................
by322103310075
 
PPTX
What is Cyber & information security.pptx
byamnamahfooz615
 
PPTX
Module 1Introduction to cyber security.pptx
bySkippedltd
 
PPTX
Cyber Security awareness of cyber security
byBabaBoss5
 
PPTX
Topic – cyber security, Introduction,future scope
bygauravnainwal2291
 
PPTX
Cyber Security and data Security for all.pptx
byRajagopalKeshavan
 
PPTX
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
PDF
module 1 Cyber Security Concepts
bySitamarhi Institute of Technology
 
PDF
Module 1.pdf
bySitamarhi Institute of Technology
 
PPTX
MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx
bypavanscholar123
 
PPTX
CYBER SECURITY PPT.pptx CYBER SECURITY APPLICATION AND USAGE
bybadalkumarmuduli2023
 
PDF
Cyber Security
byJamshidRaqi
 
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
Cyber Security.pdf
bypreethajoseph5
 
Introduction to cyber security module1.pptx
bymeghana25s2000
 
overview of cyber security and related chapters
byphoenixbyte
 
Cybersecurity and digital Security fundamentals for students
byyogenderjalal2000
 
Cyber crime and Information Security.pptx
bySAINATHYADAV11
 
cyber security presentation.pptx
bykishore golla
 
Information security and cyber law Unit -1.pptx
bymohitsolanki2807
 
U-1.pptx..........................................
by322103310075
 
What is Cyber & information security.pptx
byamnamahfooz615
 
Module 1Introduction to cyber security.pptx
bySkippedltd
 
Cyber Security awareness of cyber security
byBabaBoss5
 
Topic – cyber security, Introduction,future scope
bygauravnainwal2291
 
Cyber Security and data Security for all.pptx
byRajagopalKeshavan
 
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
module 1 Cyber Security Concepts
bySitamarhi Institute of Technology
 
Module 1.pdf
bySitamarhi Institute of Technology
 
MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx
bypavanscholar123
 
CYBER SECURITY PPT.pptx CYBER SECURITY APPLICATION AND USAGE
bybadalkumarmuduli2023
 
Cyber Security
byJamshidRaqi
 

Recently uploaded

PPTX
Value engineering and cost analysis with case study
byhp9879098082
 
PPTX
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
PPT
Cloud computing-1.ppt presentation preview
byMohanaPriya780617
 
PPTX
Introduction to AI and Applications Module-4.pptx
byKalaiselviSubramania2
 
PPTX
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
PDF
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
PDF
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
PDF
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
PPTX
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 
PDF
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
PPTX
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
PPTX
Fitting Infiltration Models to Infiltration using Excel (1).pptx
byTomNickoRivera1
 
PDF
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
PPT
Oracle Advanced subquery and types of subquery
bytejaswinikulkarni549
 
PPTX
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
PDF
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
PPTX
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
PDF
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
PDF
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
PDF
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
Value engineering and cost analysis with case study
byhp9879098082
 
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
Cloud computing-1.ppt presentation preview
byMohanaPriya780617
 
Introduction to AI and Applications Module-4.pptx
byKalaiselviSubramania2
 
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
Fitting Infiltration Models to Infiltration using Excel (1).pptx
byTomNickoRivera1
 
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
Oracle Advanced subquery and types of subquery
bytejaswinikulkarni549
 
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 

Unit 1.pptx

  • 1.
    Unit 1 Fundamentals ofCyber Security
  • 2.
    Introduction to CyberSecurity • The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. • Cybersecurity into two parts one is cyber, and the other is security. • Cyber refers to the technology that includes systems, networks, programs, and data. • And security is concerned with the protection of systems, networks, applications, and information.
  • 3.
    Cont... • Cyber Securityis the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access. • Cyber Security is the set of principles and practices designed to protect our computing resources and online information against threats. • Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access
  • 4.
    Types of CyberSecurity • Network Security: It involves implementing the hardware and software to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. • It involves technologies such as Firewalls, Intrusion detection systems (IDS), Virtual private networks (VPNs), and Network segmentation.
  • 5.
    Cont.. • Application Security: •It involves protecting the software and devices from unwanted threats. • This protection can be done by constantly updating the apps to ensure they are secure from attacks. • Successful security begins in the design stage, writing source code, validation, threat modeling, etc., before a program or device is deployed.
  • 6.
    Cont.. • Information orData Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. • It includes Encryption, Access controls, Data classification, and Data loss prevention (DLP) measures. • Identity management: It deals with the procedure for determining the level of access that each individual has within an organization.
  • 7.
    Cont.. • Cloud Security:It involves securing data, applications, and infrastructure hosted on cloud platforms, and ensuring appropriate access controls, data protection, and compliance. • It uses various cloud service providers such as AWS, Azure, Google, etc., to ensure security against multiple threats.
  • 8.
    Cont.. • Mobile Security:It involves securing the organizational and personal data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. • These threats are unauthorized access, device loss or theft, malware, etc. • Regularly backing up mobile device data is important to prevent data loss in case of theft, damage, or device failure. • Mobile devices often connect to various networks, including public Wi-Fi, which can pose security risks. It is important to use secure networks whenever possible, such as encrypted Wi-Fi networks or cellular data connections.
  • 9.
    Cont.. • Endpoint Security:refers to securing individual devices such as computers, laptops, smartphones, and IoT devices. • It includes antivirus software, intrusion prevention systems (IPS), device encryption, and regular software updates.
  • 10.
    Cont.. • Internet ofThings (IoT) Security : Devices frequently run on old software, leaving them vulnerable to recently identified security vulnerabilities. • This is generally the result of connectivity problems or the requirement for end users to manually download updates. • Manufacturers frequently ship Internet of Things (IoT) devices (such as home routers) with easily crackable passwords, which may have been left in place by suppliers and end users. • These devices are easy targets for attackers using automated scripts for mass exploitation when they are left exposed to remote access.
  • 11.
    Importance of CyberSecurity • Self Study
  • 12.
    Cyber Security Goals •Cyber Security's main objective is to ensure data protection. • There is a triangle of three related principles to protect the data from cyber-attacks. • This principle is called the CIA triad. • The CIA triad which stands for Confidentiality, Integrity, and Availability is a design model to guide companies and organizations to form their security policies.
  • 13.
    CIA Model • Whenany security breaches are found, one or more of these principles has been violated. • The components of the triad are considered to be the most important and fundamental components of security.
  • 14.
    CIA Model- Confidentiality •Confidentiality : is equivalent to privacy that avoids unauthorized access of information. • It involves ensuring the data is accessible by those who are allowed to use it and blocking access to others. • It prevents essential information from reaching the wrong people. • Data encryption is an excellent example of ensuring confidentiality.
  • 15.
    CIA Model- Integrity •This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by threat actors or accidental user modification. • If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event. • It indicates to make the source of information genuine.
  • 16.
    CIA Model- Availability •This principle makes the information to be available and useful for its authorized people always. • It ensures that these accesses are not hindered by system malfunction or cyber- attacks.
  • 17.
    Cyber Security Terminologies •Vulnerability: A Security Vulnerability is a weakness, flaw, or error found within a security system that has the potential to be leveraged by a threat agent in order to compromise a secure network. • In the process of building and coding technology mistakes happen. What’s left behind from these mistakes is commonly referred to as a bug. • bugs aren’t inherently harmful, many can be taken advantage of by nefarious actors—these are known as vulnerabilities. • Vulnerabilities can be leveraged to force software to act in ways it’s not intended to. • Once a bug is determined to be a vulnerability, it is registered as common vulnerability or exposure (CVE), and assigned a Common Vulnerability Scoring System (CVSS) score to reflect the potential risk it could introduce to your organization.
  • 18.
    Security Vulnerability Examples •There are a number of Security Vulnerabilities, some common examples are: • Broken Authentication: When authentication credentials are compromised, user sessions and identities can be hijacked by malicious actors to pose as the original user. • SQL Injection: As one of the most prevalent security vulnerabilities, SQL injections attempt to gain access to database content via malicious code injection. A successful SQL injection can allow attackers to steal sensitive data, spoof identities, and participate in a collection of other harmful activities. • Cross-Site Scripting: Much like an SQL Injection, a Cross-site scripting (XSS) attack also injects malicious code into a website. However, a Cross-site scripting attack targets website users, rather than the actual website itself, which puts sensitive user information at risk of theft.
  • 19.
    Cont.. • Cross-Site RequestForgery: A Cross-Site Request Forgery (CSRF) attack aims to trick an authenticated user into performing an action that they do not intend to do. This, paired with social engineering, can deceive users into accidentally providing a malicious actor with personal data. • Security Misconfiguration: Any component of a security system that can be leveraged by attackers due to a configuration error can be considered a “Security Misconfiguration.”
  • 20.
    Cyber Threat • Exploit:A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data. • Hacker (Black Hat, White Hat): Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda, or simply boredom. – White Hat : A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for the purposes of informing the host of where security needs to be buffed up.
  • 21.
    Cont.. • Security breach— A security breach is any incident that results in unauthorized access to computer data, applications, networks or devices. • Facebook saw internal software flaws lead to the loss of 29 million users' personal data in 2018. This compromised accounts included that of company CEO Mark Zuckerberg. • Data Breach-The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. • Generally, a data breach results in internal data being made accessible to external entities without authorization. • Risk assessment — The process of evaluating the state of risk of an organization. Risk assessment is often initiated through taking an inventory of all assets, assigning each asset a value, and then considering any potential threats against each asset. • Threats are evaluated for their exposure factor (EF) in order to calculate a relative risk value known as the ALE (Annualized Loss Expectancy). • The largest ALE indicates the biggest concern or risk for the organization.
  • 22.
    Cont.. • Threat assessment— The process of evaluating the actions, events and behaviors that can cause harm to an asset or organization. Threat assessment is an element of risk assessment and management. • link jacking — A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. • For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the original source of the article.
  • 23.
    Social Engineering • Socialengineering is the term used for a broad range of malicious activities accomplished through human interactions. • It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. • Social engineering attacks happen in one or more steps.
  • 24.
    Cont.. • A perpetratorfirst investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. • Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.
  • 25.
  • 26.
    Baiting • Baiting attacksuse a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. • Baiting scams don’t necessarily have to be carried out in the physical world. Online forms of baiting consist of enticing ads that lead to malicious sites or that encourage users to download a malware-infected application.
  • 27.
    Scareware • Scareware involvesvictims being bombarded with false alarms and fictitious threats. • Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit or is malware itself. • Scareware is also referred to as deception software, rogue scanner software and fraudware.
  • 28.
    Cont.. • A commonscareware example is the legitimate-looking popup banners appearing in your browser while surfing the web, displaying such text such as, “Your computer may be infected with harmful spyware programs.” It either offers to install the tool (often malware-infected) for you, or will direct you to a malicious site where your computer becomes infected.
  • 29.
    Pretexting • Here anattacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task. • The attacker usually starts by establishing trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons who have right-to-know authority. • The pretexter asks questions that requires to confirm the victim’s identity, through which they gather important personal data.
  • 30.
    Phishing • As oneof the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. • It then trick them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
  • 31.
    Phishing • An exampleis an email sent to users of an online service that alerts them of a policy violation requiring immediate action on their part, such as a required password change. • It includes a link to an illegitimate website— nearly identical in appearance to its legitimate version—prompting the unsuspecting user to enter their current credentials and new password. Upon form submission the information is sent to the attacker.
  • 32.
    Social engineering prevention •Don’t open emails and attachments from suspicious sources – If you don’t know the sender in question, you don’t need to answer an email. Even if you do know them and are suspicious about their message, cross-check and confirm the news from other sources, such as via telephone or directly from a service provider’s site. • Use multifactor authentication – One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise.
  • 33.
    Cont. • Be waryof tempting offers – If an offer sounds too enticing, think twice before accepting it as fact. • Keep your antivirus/antimalware software updated – Make sure automatic updates are engaged, or make it a habit to download the latest signatures first thing each day.
  • 34.
    Footprinting • Footprinting refersto the process of collecting data over time in order to make a targeted cyberattack . • The process of cybersecurity footprinting involves profiling organizations and collecting data about the network, host, employees and third-party partners. • This information includes the OS used by the organization, firewalls, network maps, IP addresses, domain name system information, security configurations of the target machine, URLs, virtual private networks, staff IDs, email addresses and phone numbers.
  • 35.
    Cont.. • Footprinting canbe performed manually or using automated tools. • It may involve scanning for open ports, identifying user accounts, and mapping network topologies. • By understanding the layout of the target’s infrastructure, attackers can identify potential vulnerabilities that may be exploitable.
  • 36.
    What Information IsCollected in Footprinting? • Network topology. Collecting this type of information involves identifying the IP addresses and hostnames of all systems on the network and mapping out the connections among them. • Operating systems and applications. Information about the target’s operating system and applications can be used to identify potential security vulnerabilities. For example, if a company uses an outdated version of Windows, it may be vulnerable to specific attacks that are not possible against newer versions.
  • 37.
    Cont.. • User accounts.Footprinting can reveal usernames and passwords for user accounts on the target system, which can be helpful in the later stages of an attack. • Web servers. This includes the servers’ software versions, installed modules, and enabled features.
  • 38.
    Types of Footprinting •There are two main types of footprinting: passive and active. • Passive footprinting involves collecting data without actively engaging with the target system. • Under this approach, information is collected through crawling websites and social media platforms, among other methods. • For example, tools like tcpdump and Wireshark can be used to capture packets sent and received by the target system.
  • 39.
    Active Footprinting • Activefootprinting involves interacting with the target system to gather information. This can be done manually or using automated tools like using the traceroute commands. • Active footprinting is more intrusive and can potentially cause harm to the target system if not done carefully, but it can also gather information that can’t be collected through passive footprinting.
  • 40.
    Steps of Footprinting •1. Identifying Targets: The first step is to identify which systems or organizations to footprint by scanning networks for open ports or performing reconnaissance using Google searches and other tools. • 2. Gathering Information: After the target has been identified, the next step is to gather as much information about it as possible
  • 41.
    Cont.. • 3. AnalyzingResults: After all relevant data has been collected, it needs to be analyzed to determine the most vulnerable points. This is done by identifying common weaknesses across multiple systems or comparing results against known exploits. • 4. Planning Attacks: The final step is to use the information gathered during footprinting to plan a successful attack against the target’s systems, networks, and devices. This may involve developing custom exploits or choosing a suitable attack vector based on the data collected.
  • 42.
    Advantages of footprinting •Footprinting techniques in ethical hacking help businesses identify and secure IT infrastructure before a threat actor exploits a vulnerability. Users can also build a database of known vulnerabilities and loopholes. • Footprinting also helps companies better understand their current security posture through analysis of data gathered about the firewall, security configuration and more. • Drawing a network map helps cover all trusted routers, servers and other network topologies. Users can pursue a reduced attack surface by narrowing it down to a specific range of systems.
  • 43.
    Scanning • Scanning canbe considered a logical extension (and overlap) of active reconnaissance that helps attackers identify specific vulnerabilities. • The attacker has gained valuable insights about the target. • But a deeper insights are required. • Scanning helps in getting more specific information about the target. • Attackers use automated tools such as network scanners and application scanners to locate systems and attempt to discover vulnerabilities. • The scanning methods may differ based on the attack objectives, which are set up before the attackers actually begin this process.
  • 44.
    Types of scanningin ethical hacking • Scanning is the second step in ethical hacking. • It helps the attacker get detailed information about the target. • Scanning could be basically of three types: 1. Port Scanning 2. Network Scanning 3. Vulnerability Scanning
  • 45.
    Port Scanning • PortScanning is Detecting open ports and running services on the target host. • Port scanning could be further divided into 5 types: 1. Ping Scan – This is the simplest scan. Ping scan sends ICMP packets and wait for the response from the target. If there is a response, the target is considered to be active and listening. 2. TCP Half Open – Also, referred to as SYN scan, this is another very common type of scanning method 3. TCP Connect – TCP connect is similar to TCP half open, except for the fact that a complete TCP connection is established in TCP connect port scanning. 4. UDP – UDP is used by very common services like DNS, SNMP, DHCP. So, sending a UDP packet and waiting for a response helps gather information about UDP ports. 5. Stealth Scanning – As the word says, stealth means a quieter activity. When an attacker wants to be undetected while scanning, a stealth scan is used.
  • 46.
    Network Scanning • Networkscanning is the process or technique by which we scan the network to gain details such as active hosts, open ports including running TCP and UDP services, open vulnerabilities, details about the host like operating system and much more. • For IP (internet protocol) networks, generally “ping” is used for reaching a host and checking its status. Ping is an ICMP (Internet Control Message Protocol) utility and sends packets to the target and receives an ICMP echo reply.
  • 47.
    Vulnerability Scanning • VulnerabilityScanning – Scanning to gather information about known vulnerabilities in a target. • Vulnerability scans are conducted via automated vulnerability scanning tools to identify potential risk exposures and attack vectors across an organization’s networks, hardware, software, and systems.
  • 48.
    Difference Between Scanningand FootPrinting • During active reconnaissance, there is contact with the target network. • However, in the scanning step (2nd step of ethical hacking), the attacker already has basic information about the network and the infrastructure. • The aim is to get details like active host names, open ports, operating systems on the active hosts, etc. • While they might seem the same, scanning is not possible or rather, would not be successful without an in-depth and detailed reconnaissance. The scanning step further expands reconnaissance and takes it to the next level.
  • 49.
    Security Architecture • Cybersecurityestablishments need an adaptive security architecture. • It’s a valuable framework to help enterprises classify all potential and existing security investments to determine where they’re deficient and make sure there’s a balanced approach to cyber security.
  • 50.
  • 51.
    Perimeter Security • Theset of physical & technical security and programmatic policies that provide levels of protection against remote malicious activity; used to and protect the back-end systems from unauthorized access. • When properly configured, the perimeter defense security model can prevent, delay, absorb and/or detect attacks, thus reducing the risk to critical back-end systems.
  • 52.
    Network Security • Thelayer that partitions the broader network of assets and connections into enclaves; • an enclave is a distinctly bounded area enclosed within a larger unit. • Enclaves incorporate their individual access controls and protection mechanisms. • Network Security layer when properly used can prevent damages to travel from one enclave to others and also sets policies of accesses specific to the enclaves.
  • 53.
    Cont.. • Endpoint Security:Security protection mechanisms and controls that reside directly on an endpoint device (final devices such as computers, laptops, mobile devices, tablets, etc.) interfacing with any network or system. • Application Security: Security protection mechanisms and controls that are embedded within the applications residing on the network, enclaves, and Endpoint devices. Examples of such applications could be – MS Office, ERP application, Mobile Apps, etc.
  • 54.
    Cont.. • Data Security:The layer of security that protects data in the Enterprise regardless of the data’s state, that is, whether it is in motion, at rest or in use. • Prevention: This is achieved by Policies, procedures, training, threat modelling, risk assessment, penetration testing and all other inclusive sustainment activities to posture a secure position. • Operations: Constant observation of the Enterprise with a keen eye, coupled with the right tools and processes, to recognize incidents & events, and respond accordingly in a timely manner.
  • 55.
    Security Operations (SecOps) •Security operations (SecOps) is a term used to describe the collaboration between security and operations teams within an organization. • IT operations has continued to expand over the years, branching out into individual specialties that tends to create siloed (individual) activities. • SecOps seeks to foster more collaboration between IT security and IT operations to help prioritize network and data security and mitigate risk without sacrificing IT performance. • A key tenet of SecOps, however, is to ensure that security is a fundamental part of every project and included in even the earliest stages of project development.
  • 56.
    Cont… • The SecOpsteam is a team of highly skilled IT and security professionals who monitor threats and assess risk across an organization. The SecOps team is the lifeblood of a security operations center (SOC). • Roles include SOC analysts, security engineers, a security manager, an IT operations manager and system admins, who all report up to the chief information security officer (CISO). • The goal of SecOps is to improve an organization’s security posture, identify security issues and detect vulnerabilities, and facilitate a unified approach to security across individual departments. This approach helps with cross-team collaboration to complete tasks more efficiently and eliminate duplication of effort.
  • 57.
    Cyber terrorism • Cyberterrorism (also known as digital terrorism) is defined as disruptive attacks by recognised terrorist organisations against computer systems with the intent of generating alarm, panic, or the physical disruption of the information system. • Cyberterrorism is often defined as a politically motivated attack against information systems, programs and data that threatens violence or results in violence.
  • 58.