Download Cyber security and its challenges and more Study notes Engineering in PDF only on Docsity!
DEPARTMENT OF COMPUTER SCIENCE AND
ENGINEERING
DIGITAL NOTES
ON
CYBER SECURITY
(R20A6202)
B.TECH III YEAR–II SEM
(R20) REGULATION
Prepared by S J Shruthi Rani Yadav
MALLAREDDY COLLEGE OF ENGINEERING &TECHNOLOGY
(AutonomousInstitution–UGC,Govt.ofIndia)
Recognizedunder2(f)and12(B) ofUGC ACT (AffiliatedtoJNTUH,Hyderabad,ApprovedbyAICTE-AccreditedbyNBA&NAAC–‘A’Grade- ISO9001:2015Certified) Maisammaguda,Dhulapally(PostVia.Hakimpet),Secunderabad–500100,TelanganaState,India
MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY
III Year B.Tech. CSE- II Sem L/T/P/C
PROFESSIONALELCTIVE – IV
(R20A6202)
CYBER SECURITY
COURSE OBJECTIVES:
This course will enable the students:
- To familiarize various types of cyber-attacks and cyber-crimes
- To give an overview of the cyber laws
- To study the defensive techniques against these attacks
- To study cyber security challenges and implications.
- To know about Cyber Security. UNIT - I Introduction to Cyber Security : Basic Cyber Security Concepts, layers of security, Vulnerability, threat, Harmful acts, Internet Governance – Challenges and Constraints, Computer Criminals, CIATriad, Assets and Threat, motive of attackers, active attacks, passive attacks, Software attacks, hardware attacks, Spectrum of attacks, Taxonomy of various attacks, IP spoofing, Methods of defense, Security Models, risk management, Cyber Threats- Cyber Warfare, Cyber Crime, Cyber terrorism, Cyber Espionage, etc., Comprehensive Cyber Security Policy. UNIT - II Cyberspace and the Law & Cyber Forensics : Introduction, Cyber Security Regulations, Roles of International Law. The INDIAN Cyberspace, National Cyber Security Policy. Introduction, Historical background of Cyber forensics, Digital Forensics Science, The Need for Computer Forensics, Cyber Forensics and Digital evidence, Forensics Analysis of Email, Digital Forensics Lifecycle, Forensics Investigation, Challenges in Computer Forensics, Special Techniques for Forensics Auditing. UNIT - III Cybercrime: Mobile and Wireless Devices : Introduction, Proliferation of Mobile and Wireless Devices, Trends in Mobility, Credit card Frauds in Mobile and Wireless Computing Era, Security Challenges Posed by Mobile Devices, Registry Settings for Mobile Devices, Authentication service Security, Attacks on Mobile/Cell Phones, Mobile Devices: Security
INDEX
S.NO UNIT TOPIC PAGE NO
1 I Introduction to Cyber Security 1 - 23 2 II Cyberspace and the Law & Cyber Forensics
3 III Cybercrime: Mobile and Wireless Devices
4 IV Cyber Security: Organizational Implications
5 V Privacy Issues, Cybercrime: Examples and Mini-Cases
UNIT-I
Basics cyber security concepts:
Introduction to Cyber Security
Cyber Security is referred to the security offered through online services to protect the online information. With an increasing amount of people getting connected to the Internet, the security threats are also massively increasing. Cyber Security: It is the body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, theft, damage, modification or unauthorized access. It is also called as Information Technology Security. OR Cyber Security is the setoff principles and practices designed to protect the computing resources and online information against threats. Understanding Cyber Security:
Password Cracking: Password attacks are attacks by hackers that are able to determine passwords or find passwords to different protected electronic areas and social network sites. Maintenance: Use always strong password. Never use same password for two different sites.
LAYERS OF SECURITY
The 7 layers of cyber security should center on the mission critical assets.
- Mission Critical Assets: This is the data which need to be protected.
- Data Security: It protects the storage and transfer of data.
- Application Security: It protects access to an application which handles the mission criticalassets and internal security of the application.
- Endpoint Security: It protects the connection between devices and the network.
- Network Security: It protects an organization’s network to prevent unauthorized access of thenetwork.
- Perimeter Security: It includes both the physical and digital security methodologies that protectthe overall business.
- The Human Layer: Humans are the weakest link in any cyber security posture. Human security control includes phishing simulations and access management control that protect mission critical assets from a wide variety of human threats, including cyber criminals, malicious insiders and negligent users. Vulnerability, Threats and Harmful Acts: Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt threat actors to exploit them. Types of vulnerabilities in network security: SQL injections, Server misconfigurations,
Cyber Security expert assert that Cyber Criminals are using more ruthless methods to achieve their objectives and the proficiency of attacks are expected to advance as they continue to develop new methods of cyber attacks. Identity Thieves: Identity thieves are cyber criminals who try to gain access to their victim’s personal information. They use their information to make financial transaction while impersonating their victims. Identity theft is one of the oldest cyber crime. Internet Stalkers: Internet Stalkers are individuals who maliciously monitor the online activity of their victims to acquire personal information. This form of cyber crime is conducted through the use of social networking platforms and malware, which are able to track an individual’s computer activity with very little detection. Businesses should be aware of Internet Stalkers. Phishing Scammers: Phishing are cyber criminals who attempt to get hold of personal or sensitive information through victim’s computer. This is often done via phishing websites that are designed to copycat small business, corporate or government websites. Once such information is obtained, phishers either use the information themselves for identity fraud scams or sell it in the dark web. Cyber Terrorists: Cyber Terrorism is a well-developed politically inspired cyber attack in which the cyber criminal attempts to steal data or corrupt corporate or Government computer systems and networks resulting in harm to countries, business, organizations and even individuals. The key difference between an act of cyber terrorism and a regular cyber attack is that within an attack of cyber terrorism, hackers are politically motivated as opposed to just seeking financial gain. CIA Triad The CIA Triad is actually a security model that has been developed to help people think about various parts of IT security. CIA triad broken down: Confidentiality:
Protecting confidentiality is dependent on being able to define and enforce certain access levels for information. This process involves separating information into various collections that are organized by authorized user, who needs to access the information and how sensitive that information actually is - i.e. the amount of damage suffered if the confidentiality was breached. Standard measures to establish confidentiality include: Data Encryption Two-factor authentication Biometric Verification Security Tokens. Integrity This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed. Standard measures to guarantee Integrity include: Cryptography checksums Using file permissions Uninterrupted power supplies Data backups. Availability This is the final component of the CIA Triad and refers to the actual availability of your data. Authentication mechanisms, access channels and systems all have to work properly for the information theyprotect and ensure it's available when it is needed. Standard measures to guarantee Availability include: Backing up data to external drives Implementing firewalls Having backup power supplies Data redundancy Assets and Threat An asset is any data, device or other component of an organization’s systems that is valuable – often because it contains sensitive data or can be used to access such information. For example: An employee’s desktop computer, laptop or company phone would be considered an asset, as would applications on those devices. Likewise, critical infrastructure, such as servers and support systems, are assets. An organization’s most common assets are
Types of Cyber Attacks A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft. Cyber-attacks can be classified into the following categories: **1) Web-based attacks
- System-based attacks Web-based attacks** These are the attacks which occur on a website or web applications. Some of the important web-based attacks are as follows-
1. Injection attacks It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information. Example- SQL Injection, code Injection, log Injection, XML Injection etc. 2. DNS Spoofing DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues. 3. Session Hijacking It is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data. 4. Phishing Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication. 5. Brute force It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security.
3. Worm It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders. 4. Trojan horse It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when opened/executed some malicious code will run in the background. 5. Backdoors It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes. 6. Bots A bot (short for "robot") is an automated process that interacts with other network services. Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chatroom bots, and malicious bots. Active attacks: An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target. Types of Active attacks: Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain access or to gain greater privileges than they are authorized for. A masquerade may be attempted through the use of stolen login IDs and passwords, through finding security gaps in programs or through bypassing the authentication mechanism. Session replay : In this type of attack, a hacker steals an authorized user’s log in information by stealing the session ID. The intruder gains access and the ability to do anything the authorized user can do on the website. Message modification : In this attack, an intruder alters packet header addresses to direct a message to a different destination or modify the data on a target machine. In a denial of service (DoS) attack, users are deprived of access to a network or web resource. This is generally accomplished by overwhelming the target with more traffic than it can handle. In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems
(sometimes called a botnet or zombie army) attack a single target. Passive Attacks: Passive attacks are relatively scarce from a classification perspective, but can be carried out with relative ease, particularly if the traffic is not encrypted. Types of Passive attacks: Eavesdropping (tapping) : the attacker simply listens to messages exchanged by two entities. For the attack to be useful, the traffic must not be encrypted. Any unencrypted information, such as a password sent in response to an HTTP request, may be retrieved by the attacker. Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce information relating to the exchange and the participating entities, e.g. the form of the exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain information or succeed in unencrypting the traffic. Software Attacks: Malicious code (sometimes called malware ) is a type of software designed to take over or damage a computer user's operating system, without the user'sknowledge or approval. It can be very difficult to remove and very damaging. Commonmalware examples are listed in the following table: Attack Characteristics Virus (^) A virus is a programthat attempts to damage a computer system and replicate itself to other computer systems. A virus: Requires a host to replicate and usually attaches itself to a host file or a hard drive sector. Replicates each time the host is used. Often focuses on destruction or corruption of data. Usually attaches to files with execution capabilities such as .doc, .exe, and .bat extensions. Often distributes via e-mail. Many viruses can e-mail themselves to everyone in your address book. Examples: Stoned, Michelangelo, Melissa, I Love You.
Hardware Attacks: Common hardware attacks include: Manufacturing backdoors, for malware or other penetrative purposes; backdoors aren’t limited to software and hardware, but they also affect embedded radio- frequency identification (RFID) chips and memory Eavesdropping by gaining access to protected memory without opening other hardware Inducing faults, causing the interruption of normal behavior Hardware modification tampering with invasive operations Backdoor creation; the presence of hidden methods for bypassing normal computer authentication systems Counterfeiting product assets that can produce extraordinary operations and those made to gain malicious access to systems. Spectrum of attacks: Types of spectrum Anxiety, stress, and dissociation. Several types of spectrum are in use in these areas. Obsessions and compulsions. An obsessive–compulsive spectrum – this can include a Wide range of disorders. General developmental disorders. An autistic spectrum – in its simplest form this Joins together autism and Asperger. Psychosis. The schizophrenia spectrum or psychotic spectrum – there are numerouspsychotic spectrum disorders Taxonomy of various attacks The purpose of the Cyber Attacks section is to provide a general overview regarding cyber attacks, and to show some pragmatic ways to classify them and organize them via taxonomies. Cyber attack: An offensive action by a malicious actor that is intended to undermine the functions of networked computers and their related resources, including unauthorized access, unapproved changes, and malicious destruction. Examples of cyber attacks include Distributed Denial of Service (DDoS) and Man-in-the- Middle (MITM) attacks. The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A cyber attack is an offensive action, whereas a cyber threat is the possibility that a particular attack may occur, and the cyber risk associated with the subject threat estimates the probability of potential losses that may result.
For example, a Distributed Denial of Service (DDoS) cyber attack by a botnet is a cyber threat for many enterprises with online retail websites, where the associated cyber risk is a function of lost revenues due to website downtime and the probability that a DDoS cyber attack will occur. Cyber Attack Malware Taxonomy MALW ARE TYPE
REQUI
RES
HOST
FILE
TO
INFEC
T?
SELF-
SPREAD
ING?
APPEAR
S
LEGITIM
ATE
(HARML
ESS)?
CAN
CARR
Y
HARM
FUL
PAYLO
AD?
CAN
COMM
O
WITH
COMM
AND &
CONTR
OL
SERVE
R?
CAN
ATTAC
K OS
KERNE
L &
FIRMW
ARE?
Virus A A N/A A N/A A Worm A A N/A A N/A A Trojan A A A A N/A A Bots/Botne t
N/A N/A N/A A A A
Spyware A A N/A A A A Rootkit N/A N/A N/A A N/A A Blended Threat
A A A A A A
IP Spoofing: IP spoofing is the creation of Internet Protocol (IP) packets which have a modified source address in order to either hide the identity of the sender, to impersonate another computer system, or both. It is a technique often used by bad actors to invoke DDoS attacks against a target device or the surrounding infrastructure. Sending and receiving IP packets is a primary way in which networked computers and other devices communicate, and constitutes the basis of the modern internet. All IPpackets contain a header which precedes the body of the packet and contains important routing information,
