Department of Information Security (IS),

Military College of Signals (MCS), NUST

Course : Introduction to Information Security Engineering
Course Code : IS-201
Lecture Hours : 3/week

Instructor : Major Ammar Hassan

ammar.hassan@mcs.nust.edu.pk

https://ammarhassan.me/

1
2
 About Me (Ammar Hassan)
▪ MS Information Security - 2021 to 2023 (Gold Medallist)
▪ MCS (Masters in Computer Science) - 2017 to 2019 (Distinction)
▪ BETE (Telecommunication Engr) – 2008 to 2012
▪ Certified Ethical Hacking (CEH) Practical
▪ Certified App Sec Practioner (CAP)
▪ Cisco Certified Networking Technician (CCENT)
▪ Microsoft Azure Administrator
▪ Certified Secure Computer User (CSCU)
Hassan 3
 Objectives of the Course

Understand the Information Security Fundamentals

Applying ethical hacking and penetration testing methodologies to

assess and enhance system security

Investigating security incidents and assessing the Security posture

of Networks and systems

Identify and Mitigate Host based, Network based and Web

Application Vulnerabilities and threats
Hassan 4
 Brief Outline of Course

▪ Fundamentals of Information Security ▪ Cyber Attack Patterns/ Hacking

Methodology
▪ Social Engineering
▪ Basic Reconnaissance and OSINT
▪ Basic Cryptography and digital Forensics Techniques
essentials
▪ Defense in Depth
▪ NW Security and secure Protocols
▪ Web Applications Security
▪ Breaking into a computer (Threats and
Attacks) ▪ Digital Forensics

▪ Identification, Authentication and ▪ Online Privacy

Authorization
Hassan 5
 Grading Criteria

ASSIGNMENTS QUIZ’S 10% MID TERM 30% FINAL EXAM

10% 50%

Note: Subject to change, students will be notified

Hassan 6
 Individual Presentations

Topic: Major Information Security Incidents

▪ 4x Students in a week

▪ Topic to be chosen on first come first serve basis

▪ Nominal roll wise presentations

▪ 1st Assignment (One Page summary required)

▪ Class Senior to coordinate

What? How? Why?

Hassan 7
 Introduction to Information Security

Need for Information Security

What is Information Security

Cyber Threat Landscape

Major Information Security Incidents

Purpose of Information Security

Hassan 8
Need for Information Security

Hassan 9
Need for Information Security

Hassan 10
Hassan 11
 Folk Model

Home‐computer Users at Risk Due to Use of

‘ Folk Model’ Security

EAST LANSING, Mich. — Most home computers are vulnerable to hacker attacks because
the users either mistakenly think they have enough security in place or they don’t believe
they have enough valuable information that would be of interest to a hacker.
That’s the point of a paper published this month by Michigan State University’s Rick Wash,
who says that most home‐computer users rely on what are known as “folk models.” Those
are beliefs about what hackers or viruses are that people use to make decisions about
security to keep their information safe.
Unfortunately, they don’t often work the way they should.

Hassan 12
 Folk Model

Home‐computer Users at Risk Due to Use of

‘ Folk Model’ Security

Hassan 13
 Folk Model

Home‐computer Users at Risk Due to Use of

‘ Folk Model’ Security

nadeem.khawar@hotmail.com ndmkh***
imsyedasif_ruba@yahoo.com nbanv***
abdullahtahir331@gmail.com Pyari******

Hassan 14
 Folk Model
abdullahtahir331@gmail.com
CENSORED PASSWORD SHA-1 HASH
Pyari****** 4d2d6f68d008601ebd33f546dc3c903b05350796
Pyari******** a5270250bd452e4a2589af5d1a4c69a069ae39b4
Pyari******* 4a7006b098bdc22a442e0632ea49fc73a824d093
Pyari******* da775dbce5107c9fda419bbe5f922d1fb1a22db3
Pyari******** 9e5882f60963e50b868d5e33091d62ea471942f2
pakis**** 088e4a2e6f0c20048cd3e53c639c7092bffb8524
Amiab***** 310394218fdf286b09fae67874f94df424968135
Amiab****** 59b0184d316438d870c37e3b1ca91f443348b998
Arsen***** bf62fa8f8a70f62ca9623ad9335ed63ccab9c915
Pyari********* 99f1fe77f96b27ef0e30230ea2c19a20765d6ed3
XwTNR*********** cd311299d7e362015fbfdc452226519a810becde
kS6wB*********** 9113bdd9411a7c0f15558e5ef4477f6450f55c96
!1QQQ**** 9a06a22f11346238b10240f5815094cfa3e80a46

Hassan 15
 Introduction to Information Security

Need for Information Security

What is Information Security

Cyber Threat Landscape

Major Information Security Incidents

Purpose of Information Security

Hassan 16
 What is Information Security

The protection of information and information systems from

unauthorized access, use, disclosure, disruption,

modification, or destruction in order to provide

confidentiality, integrity, and availability.

Hassan 17
 What is Information Security

▪ Physical Security addresses the issues necessary to

protect the physical items, objects or areas of an

organization from unauthorized access and misuse.

▪ Personal Security addresses the protection of the

individual or group of individuals who are authorized to

access the organization and its operations.

Hassan 18
 What is Information Security

▪ Operational Security protection of the details of a

particular operation or series of activities.

▪ Communication Security concerned with the protection

of an organization’s communications media, technology,

and content

▪ Network Security is the protection of networking

components, connections, and contents.

Hassan 19
 What is Information Security

▪ Information Security protection of information and its

critical elements, including the systems and hardware that

use, store, or transmit that information.

Hassan 20
 Layers of Security

• Safeguards the personnel, hardware, programs,

Physical Security networks, and data from physical threats

• Protects the networks and their services from

Network Security unauthorized modification, destruction, or disclosure

• Protects the system and its information from theft,

System Security corruption, unauthorized access, or misuse

• Covers the use of software, hardware, and procedural

Application Security methods to protect applications from external threats

• Ensures that a valid user is logged in and that the

User Security logged‐in user is allowed to use an application/ program

Hassan 21
 Introduction to Information Security

Need for Information Security

What is Information Security

Cyber Threat Landscape

Major Information Security Incidents

Purpose of Information Security

Hassan 22
 Cyber Threat Landscape - Stats
▪ 95 percent of cybersecurity breaches are caused by human error. (World Economic Forum)
▪ The worldwide information security market is forecast to reach $366.1 billion in 2028. (Fortune Business
Insights)
▪ The U.S. was the target of 46 percent of cyberattacks in 2020, more than double any other country. (Microsoft)
▪ 54 percent of companies say their IT departments are not sophisticated enough to handle advanced
cyberattacks. (Sophos)
▪ 43 percent of all breaches are insider threats, either intentional or unintentional. (Check Point)
▪ Data breaches exposed 22 billion records in 2021. (RiskBased Security)
▪ Approximately 70 percent of breaches in 2021 were financially motivated, while less than five percent were
motivated by espionage. (Verizon)

Hassan 23
 Cyber Threat Landscape

An environment of interdependent network of IT infrastructure which includes internet, telecomm

networks, computer systems and embedded processors / controllers in critical industries / enterprises

Hassan 24
 Cyber Threat Landscape

Approx 51 % of world population is an active user of internet and related

technologies, and almost 100% are the effectees
Hassan 25
EDWARD SNOWDEN’S REVELATIONS

Hassan 26
 Edward Snowden

He was a former system administrator for the Central Intelligence Agency (CIA) and a
counterintelligence trainer at the Defense Intelligence Agency (DIA)

Hassan 27
 Edward Snowden

The information revealed numerous global surveillance programs, many run by the NSA and
the Five Eyes with the cooperation of telecommunication companies and European
governments

Hassan 28
 Edward Snowden

Disclosed some of the material to several media outlets

Hassan 29
Edward Snowden

Hassan 30
Edward Snowden

Hassan 31
 Five Eyes Alliance

Patchwork of secret spying programs and intelligence-sharing agreements

Hassan 32
 Five Eyes Alliance

They have found ways to infiltrate all aspects of modern communications networks, forcing
companies to hand over their customers data under secret orders, and secretly tapping fibre
optic cables between the same companies' data centers

Hassan 33
 PRISM

The NSA has direct access via the PRISM program to the servers of some of the biggest U.S.
tech companies, including Apple, Google and Microsoft. Clandestine surveillance program
under which the United States National Security Agency (NSA) collects internet
communications of foreign nationals from at least nine major US internet companies

Hassan 34
 PRISM

Number one source of raw intelligence used for NSA analytic reports", and it accounts for
91% of the NSA's Internet traffic

Hassan 35
PRISM

Hassan 36
 PRISM

Prism can collect anything that you post online from Gmail, Facebook, Skype, Outlook or
Yahoo

Hassan 37
 Project Chess

Skype started a secret program, called Project Chess, to make Skype calls accessible to
intelligence agencies and law enforcement

Hassan 38
 Project Chess
Skype then joined the PRISM program in February 2009

Hassan 39
 Boundless Informant

Provides "near real-time" statistics on the

agency's spying capabilities, broken down by
country. Big data analysis and data
visualization tool used by the United States
National Security Agency (NSA). It gives NSA
managers summaries of the NSA's world
wide data collection activities by counting
metadata

Hassan 40
 SPYING OF HONGKONG, CHINESE
AND SPANISH CITIZENS

NSA hacked civilian computer networks in both Hong Kong and mainland China

Hassan 41
 SPYING OF HONGKONG, CHINESE
AND SPANISH CITIZENS

That NSA collected 60 million Spanish telephone calls over just 30 days in late 2012 and
early 2013

Hassan 42
 Monitoring of Foreign Diplomats

U.S. and the U.K. spied on foreign leaders and diplomats at the 2009 G20 summit

Hassan 43
 Monitoring of Foreign Diplomats

Bugged the South African foreign ministry and planned to spy on envoys to the 2009
Commonwealth Summit

Hassan 44
 UK’s Tempura Program

GCHQ’s Tempura taps into large fiber optic cables that carry massive amounts of Internet
and telephone traffic

Hassan 45
 NSA’s Upstream Program

The "Upstream" program collects from the fiber-optic cable networks that carry much of the
world’s Internet and phone data

Hassan 46
 XKEYSCORE

XKeyscore or XKEYSCORE (abbreviated as XKS) is a formerly secret computer system first

used by the United States National Security Agency for searching and analyzing Internet
data it collects worldwide every day

Hassan 47
 XKEYSCORE

Network of 700 servers scattered across the globe that collect "nearly everything a user
does on the Internet" and store it in databases searchable by name, email, IP address,
region and language

Hassan 48
 XKEYSCORE

A top-secret National Security Agency program allows analysts to search with no prior
authorization through vast databases containing emails, online chats and the browsing
histories of millions of individuals

Hassan 49
 XKEYSCORE

One presentation claims the program covers "nearly everything a typical user does on the
internet", including the content of emails, websites visited and searches, as well as their
metadata

Hassan 50
 Tailored Access Operations (TAO)

Tailored Access Operations (TAO) is a cyber-warfare intelligence-gathering unit of the

National Security Agency (NSA) Consisting more than 1,000 military and civilian computer
hackers, intelligence analysts, targeting specialists, computer hardware and software
designers, and electrical engineers

Hassan 51
Tailored Access Operations (TAO)

Network Exploitation technique

Hassan 52
Tailored Access Operations (TAO)

Hassan 53
 Spying on Smartphone Data

NSA has the ability to tap into data - including emails, contacts, notes and physical location -
from all the major smart phones on the market

Hassan 54
 Monitoring of Financial Networks

Branch of the NSA called Follow the Money performs bulk data collection on international
networks belonging to Visa, Mastercard, the Society for Worldwide Interbank. The NSA's
surveillance of SWIFT violates a 2010 agreement with the European Union

Hassan 55
 Introduction to Information Security

Need for Information Security

What is Information Security

Cyber Threat Landscape

Major Information Security Incidents

Purpose of Information Security

Hassan 56
 Backdoor found in Netis or Netcore Routers

▪ Netcore or Netis has a backdoor that can easily

run arbitrary code on these routers
▪ Open UDP port listening at port 53413
▪ Port is accessible from the WAN side of the
router
▪ Hardcoded password located in the router’s
firmware
How funny the security is
▪ Users cannot modify or disable this backdoor

Hassan 57
 Russian Cyber Attack on Estonia

▪ Reportedly, Russia conducted Distributed Denial of Service (DDoS) cyber attack

against Estonia in 2007
▪ National identification, banking, parking services etc were inaccessible

Hassan 58
 Operation Orchard - 2007

▪ Malware installed by Mossad, in laptop of a senior officer of Syrian Army

▪ Syrian nuclear plans hacked by Israel
▪ Israel conducted air strikes and destroyed nuclear facility at Kibar Camp

Kibar Camp
(Before and After Air Strikes)

Hassan 59
 Russian Cyber Attack on Georgia

▪ War between Russia and Georgia in 2008

▪ Cyberattacks Conducted by Russia
▪ Result – Paralysis of major public services for 5 days

Hassan 60
 US’s Cyber Attack on Iran (Stux Net)

▪ US and Israel launched cyber attack on Iran using malware named as Stuxnet in
2010
▪ Reportedly, one fifth of Iranian nuclear centrifuges were damaged

Hassan 61
 Cyber Attack on Ukraine

▪ Cyber attack on Ukraine’s power grid in 2015 and 2016

▪ Massive power outage
▪ Reportedly attack originated from Russia

Hassan 62
 Cyber Attacks on Banks

▪ Bangladesh’s Central Bank, 101 million USD – Feb 2016

▪ Ukrainian Bank – 10 million USD – Jun 2016

Hassan 63
 US Elections Hacked

▪ US Suspected that Russia hacked their elections

Hassan 64
 Dutch Elections

▪ Amid “Hacking” fears, Dutch Government decided that general elections will be
entirely conducted manually, and votes will be counted by hand and tallied with
pen and paper

Hassan 65
 Introduction to Information Security

Need for Information Security

What is Information Security

Cyber Threat Landscape

Major Information Security Incidents

Purpose of Information Security

Hassan 66
 Information Security Purpose

“Security to identify the threats against, the risks and the associated
potential damage to, and the safeguarding of Information Assets..”

Hassan 67
 Information Security Purpose

An organization needs information security for four important reasons:

1. To protect the organization’s ability to function

2. To enable the safe operation of applications implemented on the

organization’s IT systems

3. To protect the data the organization collects and uses

4. To safeguard the technology assets in use at the organization

Hassan 68
 Assets

▪ People, property, and information. People may include employees and

customers along with other invited persons such as contractors or guests.
▪ Property assets consist of both tangible and intangible items that can be
assigned a value. Intangible assets include reputation and proprietary
information.
▪ Information may include databases, software code, critical company records,
and many other intangible items.

Hassan 69
 Vulnerability

▪ Weaknesses or gaps in a security program that can be exploited by threats to gain

unauthorized access to an asset

Hassan 70
 Threat

▪ Threat – Anything that can exploit a vulnerability, intentionally or accidentally,

and obtain, damage, or destroy an asset.
▪ A threat is what we’re trying to protect against.

Hassan 71
 Risk

▪ Risk – The potential for loss, damage or

destruction of an asset as a result of a threat

exploiting a vulnerability.

or

▪ Probability of a threat becoming real, and the

corresponding potential damages

Hassan 72
Motives and Goals of a Hacker

Hassan 73
 Skills of an Information Security Engineer

Technical Skills

• In-depth knowledge of major OS e.g.

Windows, Linux, Mac Non – Technical Skills
• In-depth knowledge of networking concepts,
technologies etc • Ability to learn and adapt new technology
• Should be a computer expert adept in • Committed to organizations security policies
technical domains • Awareness of local standards and laws
• Should possess high technical knowledge to
launch sophisticated attacks and counter them

Hassan 74
Thanks

Hassan 75