Cyber Security Introduction

"Cybersecurity is primarily about people, processes, and technologies working

together to encompass the full range of threat reduction, vulnerability
reduction, deterrence, international engagement, incident response, resiliency,
and recovery policies and activities, including computer network operations,
information assurance, law enforcement, etc."
Cybersecurity is the protection of Internet-connected systems, including
hardware, software, and data from cyber-attacks. It is made up of two words
one is cyber and other is security. Cyber is related to the technology which
contains systems, network and programs or data. Whereas security related to
the protection which includes systems security, network security and
application and information security.
It is the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, theft, damage,
modification or unauthorized access. It may also be referred to as information
technology security.
We can also define cybersecurity as the set of principles and practices
designed to protect our computing resources and online information against
threats. Due to the heavy dependency on computers in a modern industry that
store and transmit an abundance of confidential and essential information
about the people, cybersecurity is a critical function and needed insurance of
many businesses.
Why is cybersecurity important?
We live in a digital era which understands that our private information is more
vulnerable than ever before. We all live in a world which is networked
together, from internet banking to government infrastructure, where data is
stored on computers and other devices. A portion of that data can be sensitive
information, whether that be intellectual property, financial data, personal
information, or other types of data for which unauthorized access or exposure
could have negative consequences.
Cyber-attack is now an international concern and has given many concerns
that hacks and other security attacks could endanger the global economy.
Organizations transmit sensitive data across networks and to other devices in
the course of doing businesses, and cybersecurity describes to protect that
information and the systems used to process or store it.
1
As the volume of cyber-attacks grows, companies and organizations,
especially those that deal information related to national security, health, or
financial records, need to take steps to protect their sensitive business and
personal information.
History of Cyber Security
The origin of cybersecurity began with a research project. It only came into
existence because of the development of viruses.
How did we get here?
In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline,
sent the first electronic message from the UCLA SDS Sigma 7 Host computer
to Bill Duvall, a programmer, at the Stanford Research Institute. This is a
well-known story and a moment in the history of a digital world. The sent
message from the UCLA was the word "login." The system crashed after they
typed the first two letters "lo." Since then, this story has been a belief that the
programmers typed the beginning message "lo and behold." While factually
believed that "login" was the intended message. Those two letters of messages
were changed the way we communicate with one another.
In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies
in Cambridge, Massachusetts created the first computer worm (virus). He
realized that it was possible for a computer program to move across a network,
leaving a small trail (series of signs) wherever it went. He named the
program Creeper, and designed it to travel between Tenex terminals on the
early ARPANET, printing the message "I'M THE CREEPER: CATCH ME IF
YOU CAN."
An American computer programmer named Ray Tomlinson, the inventor of
email, was also working for BBN Technologies at the time. He saw this idea
and liked it. He tinkered (an act of attempting to repair something) with the
program and made it self-replicating "the first computer worm." He named the
program Reaper, the first antivirus software which would found copies of The
Creeper and delete it.
Where are we now?
After Creeper and Reaper, cyber-crimes became more powerful. As computer
software and hardware developed, security breaches also increase. With every
new development came an aspect of vulnerability, or a way for hackers to
work around methods of protection. In 1986, the Russians were the first who
implement the cyber power as a weapon. Marcus Hess, a German citizen,
hacked into 400 military computers, including processors at the Pentagon. He
2
intended to sell secrets to the KGB, but an American astronomer, Clifford
Stoll, caught him before that could happen.
In 1988, an American computer scientist, Robert Morris, wanted to check the
size of the internet. He wrote a program for testing the size of the internet.
This program went through networks, invaded Unix terminals, and copied
itself. The program became the first famous network virus and named as
Moris worm or internet worm. The Morris worm could be infected a computer
multiple times, and each additional process would slow the machine down,
eventually to the point of being damaged. Robert Morris was charged under
the Computer Fraud and Abuse Act. The act itself led to the founding of the
Computer Emergency Response Team. This is a non-profit research centre for
issues that could endanger the internet as a whole.
Nowadays, viruses were deadlier, more invasive, and harder to control. We
have already experienced cyber incidents on a massive scale, and 2018 isn't
close to over. The above is to name a few, but these attacks are enough to
prove that cybersecurity is a necessity for corporations and small businesses
alike.
Cyber Security Goals
The objective of Cybersecurity is to protect information from being stolen,
compromised or attacked. Cybersecurity can be measured by at least one of
three goals-
 Protect the confidentiality of data.
 Preserve the integrity of data.
 Promote the availability of data for authorized users.
These goals form the confidentiality, integrity, availability (CIA) triad, the
basis of all security programs. The CIA triad is a security model that is
designed to guide policies for information security within the premises of an
organization or company. This model is also referred to as the AIC
(Availability, Integrity, and Confidentiality) triad to avoid the confusion with
the Central Intelligence Agency. The elements of the triad are considered the
three most crucial components of security.
The CIA criteria are one that most of the organizations and companies use
when they have installed a new application, creates a database or when
guaranteeing access to some data. For data to be completely secure, all of
these security goals must come into effect. These are security policies that all
work together, and therefore it can be wrong to overlook one policy.
3
 The CIA triad are-

1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized
disclosure of information. It involves the protection of data, providing access
for those who are allowed to see it while disallowing others from learning
anything about its content. It prevents essential information from reaching the
wrong people while making sure that the right people can get it. Data
encryption is a good example to ensure confidentiality.
Tools for Confidentiality

Encryption
Encryption is a method of transforming information to make it unreadable for
unauthorized users by using an algorithm. The transformation of data uses a
secret key (an encryption key) so that the transformed data can only be read by
using another secret key (decryption key). It protects sensitive data such as
credit card numbers by encoding and transforming data into unreadable cipher
text. This encrypted data can only be read by decrypting it. Asymmetric-key
and symmetric-key are the two primary types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to
physical or virtual resources. It is a process by which users are granted access
and certain privileges to systems, resources or information. In access control
systems, users need to present credentials before they can be granted access
such as a person's name or a computer's serial number. In physical systems,
these credentials may come in many forms, but credentials that can't be
transferred provide the most security.
Authentication
4
An authentication is a process that ensures and confirms a user's identity or
role that someone has. It can be done in a number of different ways, but it is
usually based on a combination of-
o something the person has (like a smart card or a radio key for storing

secret keys),
o something the person knows (like a password),

o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables

organizations to keep their networks secure by permitting only authenticated
users to access its protected resources. These resources may include computer
systems, networks, databases, websites and other network-based applications
or services.
Authorization
Authorization is a security mechanism which gives permission to do or have
something. It is used to determine a person or system is allowed access to
resources, based on an access control policy, including computer programs,
files, services, data and application features. It is normally preceded by
authentication for user identity verification. System administrators are
typically assigned permission levels covering all system and user resources.
During authorization, a system verifies an authenticated user's access rules and
either grants or refuses resource access.
Physical Security
Physical security describes measures designed to deny the unauthorized access
of IT assets like facilities, equipment, personnel, resources and other
properties from damage. It protects these assets from physical threats
including theft, vandalism, fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that
information has not be altered in an unauthorized way, and that source of the
information is genuine.
Tools for Integrity

5
Backups
Backup is the periodic archiving of data. It is a process of making copies of
data or data files to use in the event when the original data or data files are lost
or destroyed. It is also used to make copies for historical purposes, such as for
longitudinal studies, statistics or for historical records or to meet the
requirements of a data retention policy. Many applications especially in a
Windows environment, produce backup files using the .BAK file extension.
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data
transfer. In other words, it is the computation of a function that maps the
contents of a file to a numerical value. They are typically used to compare two
sets of data to make sure that they are the same. A checksum function depends
on the entire contents of a file. It is designed in a way that even a small change
to the input file (such as flipping a single bit) likely to results in different
output value.
Data Correcting Codes
It is a method for storing data in such a way that small changes can be easily
detected and automatically corrected.
3. Availability
Availability is the property in which information is accessible and modifiable
in a timely fashion by those authorized to do so. It is the guarantee of reliable
and constant access to our sensitive data by authorized people.
Tools for Availability
o Physical Protections

o Computational Redundancies

Physical Protections
Physical safeguard means to keep information available even in the event of
physical challenges. It ensure sensitive information and critical information
technology are housed in secure areas.
Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers
and storage devices that serve as fallbacks in the case of failures.
6
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses
malicious code to alter computer code, logic or data and lead to cybercrimes,
such as information and identity theft.
We are living in a digital era. Now a day, most of the people use computer and
internet. Due to the dependency on digital things, the illegal computer activity
is growing and changing like any type of crime.
Cyber-attacks can be classified into the following categories:

Web-based attacks
These are the attacks which occur on a website or web applications. Some of
the important web-based attacks are as follows-

1. Injection attacks
It is the attack in which some data will be injected into a web application to
manipulate the application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is
introduced into a DNS resolver's cache causing the name server to return an
incorrect IP address, diverting traffic to the attacker?s computer or any other
computer. The DNS spoofing attacks can go on for a long period of time
without being detected and can cause serious security issues.

3. Session Hijacking
It is a security attack on a user session over a protected network. Web
applications create cookies to store the state and user sessions. By stealing the
cookies, an attacker can have access to all of the user data.

4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like
user login credentials and credit card number. It occurs when an attacker is
masquerading as a trustworthy entity in electronic communication.
7
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates
a large number of guesses and validates them to obtain actual data like user
password and personal identification number. This attack may be used by
criminals to crack encrypted data, or by security, analysts to test an
organization's network security.

6. Denial of Service
It is an attack which meant to make a server or network resource unavailable
to the users. It accomplishes this by flooding the target with traffic or sending
it information that triggers a crash. It uses the single system and single internet
connection to attack a server. It can be classified into the following-
 Volume-based attacks- Its goal is to saturate the bandwidth of the
attacked site, and is measured in bit per second.
 Protocol attacks- It consumes actual server resources, and is measured in
a packet.
 Application layer attacks- Its goal is to crash the web server and is
measured in request per second.

7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated
them to get original password.

8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one
can make a web server to deliver web pages for which he is not authorized to
browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential
files which is available on the web server or to execute malicious files on the
web server by making use of the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection
between client and server and acts as a bridge between them. Due to this, an
attacker will be able to read, insert and modify the data in the intercepted
connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a
computer network. Some of the important system-based attacks are as follows-
8
1. Virus
It is a type of malicious software program that spread throughout the computer
files without the knowledge of a user. It is a self-replicating malicious
computer program that replicates by inserting copies of itself into other
computer programs when executed. It can also execute instructions that cause
harm to the system.

2. Worm
It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often
originate from email attachments that appear to be from trusted senders.

3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting
and unusual activity, even when the computer should be idle. It misleads the
user of its true intent. It appears to be a normal application but when
opened/executed some malicious code will run in the background.

4. Backdoors
It is a method that bypasses the normal authentication process. A developer
may create a backdoor so that an application or operating system can be
accessed for troubleshooting or other purposes.

5. Bots
A bot (short for "robot") is an automated process that interacts with other
network services. Some bots program run automatically, while others only
execute commands when they receive specific input. Common examples of
bots program are the crawler, chatroom bots, and malicious bots.

Types of Cyber Attackers

In computer and computer networks, an attacker is the individual or
organization who performs the malicious activities to destroy, expose, alter,
disable, steal or gain unauthorized access to or make unauthorized use of an
asset.
As the Internet access becomes more pervasive across the world, and each of
us spends more time on the web, there is also an attacker grows as well.

9
Attackers use every tools and techniques they would try and attack us to get
unauthorized access.
There are four types of attackers which are described below-

Cyber Criminals
Cybercriminals are individual or group of people who use technology to
commit cybercrime with the intention of stealing sensitive company
information or personal data and generating profits. In today's, they are the
most prominent and most active type of attacker.

Cybercriminals use computers in three broad ways to

do cybercrimes-
o Select computer as their target- In this, they attack other people's

computers to do cybercrime, such as spreading viruses, data theft,

identity theft, etc.
o Uses the computer as their weapon- In this, they use the computer to

do conventional crime such as spam, fraud, illegal gambling, etc.

o Uses the computer as their accessory- In this, they use the computer

to steal data illegally.

Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious
activity to promote a political agenda, religious belief, or social ideology.
According to Dan Lohrmann, chief security officer for Security Mentor, a
national security training firm that works with states said "Hacktivism is a
digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They
are individuals or groups of hackers who work together and see themselves as
fighting injustice.
State-sponsored Attacker
State-sponsored attackers have particular objectives aligned with either the
political, commercial or military interests of their country of origin. These
type of attackers are not in a hurry. The government organizations have highly
skilled hackers and specialize in detecting vulnerabilities and exploiting these
10
before the holes are patched. It is very challenging to defeat these attackers
due to the vast resources at their disposal.
Insider Threats
The insider threat is a threat to an organization's security or data that comes
from within. These type of threats are usually occurred from employees or
former employees, but may also arise from third parties, including contractors,
temporary workers, employees or customers.
Insider threats can be categorized below-

Malicious-
Malicious threats are attempts by an insider to access and potentially harm an
organization's data, systems or IT infrastructure. These insider threats are
often attributed to dissatisfied employees or ex-employees who believe that
the organization was doing something wrong with them in some way, and they
feel justified in seeking revenge.
Insiders may also become threats when they are disguised by malicious
outsiders, either through financial incentives or extortion.
Accidental-
Accidental threats are threats which are accidently done by insider employees.
In this type of threats, an employee might accidentally delete an important file
or inadvertently share confidential data with a business partner going beyond
company?s policy or legal requirements.
Negligent-
These are the threats in which employees try to avoid the policies of an
organization put in place to protect endpoints and valuable data. For example,
if the organization have strict policies for external file sharing, employees
might try to share work on public cloud applications so that they can work at
home. There is nothing wrong with these acts, but they can open up to
dangerous threats nonetheless.
Cyber Security Principles
The UK internet industry and Government recognized the need to develop a
series of Guiding Principles for improving the online security of the ISPs'
11
customers and limit the rise in cyber-attacks. Cybersecurity for these purposes
encompasses the protection of essential information, processes, and systems,
connected or stored online, with a broad view across the people, technical, and
physical domains.
These Principles recognize that the ISPs (and other service providers), internet
users, and UK Government all have a role in minimizing and mitigating the
cyber threats inherent in using the internet.
These Guiding Principles have been developed to respond to this challenge by
providing a consistent approach to help, inform, educate, and protect ISPs'
(Internet Service Provider's) customers from online crimes. These Guiding
Principles are aspirational, developed and delivered as a partnership between
Government and ISPs. They recognize that ISPs have different sets of
customers, offer different levels of support and services to protect those
customers from cyber threats.
Some of the essential cybersecurity principles are described below-

1. Economy of mechanism
This principle states that Security mechanisms should be as simple and small
as possible. The Economy of mechanism principle simplifies the design and
implementation of security mechanisms. If the design and implementation are
simple and small, fewer possibilities exist for errors. The checking and testing
process is less complicated so that fewer components need to be tested.
Interfaces between security modules are the suspect area which should be as
simple as possible. Because Interface modules often make implicit
assumptions about input or output parameters or the current system state. If
the any of these assumptions are wrong, the module's actions may produce
unexpected results. Simple security framework facilitates its understanding by
developers and users and enables the efficient development and verification of
enforcement methods for it.
12
2. Fail-safe defaults
The Fail-safe defaults principle states that the default configuration of a
system should have a conservative protection scheme. This principle also
restricts how privileges are initialized when a subject or object is created.
Whenever access, privileges/rights, or some security-related attribute is not
explicitly granted, it should not be grant access to that object.
Example: If we will add a new user to an operating system, the default group
of the user should have fewer access rights to files and services.
3. Least Privilege
This principle states that a user should only have those privileges that need to
complete his task. Its primary function is to control the assignment of rights
granted to the user, not the identity of the user. This means that if the boss
demands root access to a UNIX system that you administer, he/she should not
be given that right unless he/she has a task that requires such level of access. If
possible, the elevated rights of a user identity should be removed as soon as
those rights are no longer needed.
4. Open Design
This principle states that the security of a mechanism should not depend on the
secrecy of its design or implementation. It suggests that complexity does not
add security. This principle is the opposite of the approach known as "security
through obscurity." This principle not only applies to information such as
passwords or cryptographic systems but also to other computer security
related operations.
Example: DVD player & Content Scrambling System (CSS) protection. The
CSS is a cryptographic algorithm that protects the DVD movie disks from
unauthorized copying.
5. Complete mediation
The principle of complete mediation restricts the caching of information,
which often leads to simpler implementations of mechanisms. The idea of this
principle is that access to every object must be checked for compliance with a
protection scheme to ensure that they are allowed. As a consequence, there
should be wary of performance improvement techniques which save the
details of previous authorization checks, since the permissions can change
over time.
Whenever someone tries to access an object, the system should authenticate
the access rights associated with that subject. The subject's access rights are
13
verified once at the initial access, and for subsequent accesses, the system
assumes that the same access rights should be accepted for that subject and
object. The operating system should mediate all and every access to an object.
Example: An online banking website should require users to sign-in again
after a certain period like we can say, twenty minutes has elapsed.
6. Separation of Privilege
This principle states that a system should grant access permission based on
more than one condition being satisfied. This principle may also be restrictive
because it limits access to system entities. Thus before privilege is granted
more than two verification should be performed.
Example: To su (change) to root, two conditions must be met-
o The user must know the root password.

o The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms
allowing resources shared by more than one user should be minimized as
much as possible. This principle may also be restrictive because it limits the
sharing of resources.
Example: If there is a need to be accessed a file or application by more than
one user, then these users should use separate channels to access these
resources, which helps to prevent from unforeseen consequences that could
cause security problems.
8. Psychological acceptability
This principle states that a security mechanism should not make the resource
more complicated to access if the security mechanisms were not present. The
psychological acceptability principle recognizes the human element in
computer security. If security-related software or computer systems are too
complicated to configure, maintain, or operate, the user will not employ the
necessary security mechanisms. For example, if a password is matched during
a password change process, the password changing program should state why
it was denied rather than giving a cryptic error message. At the same time,
applications should not impart unnecessary information that may lead to a
compromise in security.

14
Example: When we enter a wrong password, the system should only tell us
that the user id or password was incorrect. It should not tell us that only the
password was wrong as this gives the attacker information.
9. Work Factor
This principle states that the cost of circumventing a security mechanism
should be compared with the resources of a potential attacker when designing
a security scheme. In some cases, the cost of circumventing ("known as work
factor") can be easily calculated. In other words, the work factor is a common
cryptographic measure which is used to determine the strength of a given
cipher. It does not map directly to cybersecurity, but the overall concept does
apply.
Example: Suppose the number of experiments needed to try all possible four
character passwords is 244 = 331776. If the potential attacker must try each
experimental password at a terminal, one might consider a four-character
password to be satisfactory. On the other hand, if the potential attacker could
use an astronomical computer capable of trying a million passwords per
second, a four-letter password would be a minor barrier for a potential
intruder.
10. Compromise Recording
The Compromise Recording principle states that sometimes it is more
desirable to record the details of intrusion that to adopt a more sophisticated
measure to prevent it.
Example: The servers in an office network may keep logs for all accesses to
files, all emails sent and received, and all browsing sessions on the web.
Another example is that Internet-connected surveillance cameras are a typical
example of a compromise recording system that can be placed to protect a
building.

15