Advanced Cyber Security

Week 1

Prepared by: Dr. Syed Asif Raza

About Instructor

Who am I?
About Instructor
Name: Dr. Syed Asif Raza
Qualification: PhD, South Korea
Designation: Assistant Professor
University Department: Computer Science at Sukkur
IBA University
Email: asif.shah@iba-suk.edu.pk

Campus

Research
Group/Lab
Experience & Research Interests
 Experience:
 Korea Institute of Science and Technology Information (KISTI), S. Korea
 Fermi National Accelerator Lab (FNAL), USA
 NESCOM HQ, Islamabad,
 National Telecommunication Corporation (NTC) HQ, Islamabad
 DataCheck (pvt) Ltd.
 NADRA RHQ, Pakistan

 Research Interests
 Software-Defined Networking (SDN), Network Function Virtualization
(NFV), Cloud Computing, Virtualization
 Network Security, Blockchain Technology, HPC/HTC
Research Contribution
Google scholar URL:
https://bit.ly/2TGCUjA
SDN/NFV papers
1. "AmoebaNet: An SDN-enabled network service
for big data science."Journal of Network and
Computer Applications” (JNCA), (IF: 3.99)
2. CAMOR: Congestion Aware Multipath Optimal
Routing Solution by Using Software-Defined
Networking”, (PlatCon), 2017
3. "An adaptive load monitoring solution for
logically centralized SDN controller.“ (APNOMS),
2016
4. "Network Softwarization: A Study of SDN and
NFV Integration." In ICCT, 2016
5. “BigData Express –Toward Schedulable, Predictable,
High-performance Data Transfer”, in 2017 (Poster)
Cloud/Virtualization/Other papers
1."Aperformance analysis of precopy, postcopy and hybrid live VM
migration algorithms in scientific cloud computing environment”
(HPCS), 2015
2."Improve Performance and Throughput of VMs for Scientific
Workloads in a Cloud Environment." (PlatCon), 2016, (Best Paper
Award)
3."An Optimal and Utilization Aware Virtual Machine Scheduling for
Scientific Workloads in Cloud Data Center." In ICCT, 2016
4."PerformanceEvaluation of Scientific Workflow on OpenStack and
OpenVZ." In International Conference on Cloud Computing, 2015
5."OpenStack and Docker Comparison for Scientific Workflow wrt
Execution and Energy", ISCA 2016
6."Performance Analysis of NAS and SAN Storage for Scientific
Workflow." (PlatCon), 2016
7."Monitoring
of Virtual Machine’s Launching Time in OpenStack and
OpenNebula." ICCT, 2016
8.Monitoringof Joining Time of Virtual Machine to HTCondor Pool in
Federated Cloud Environment.“, ICCT, 2016
9."Study of control communication system for 6LowPAN." In ICCT,
2016
"Study
10. of Device Management System (DMS) on 6LowPAN." In
ICCT, 2015
11.Federated
Cloud Demonstration: Fermilab HEP Cloud, KISTI
GCloud, AWS”, Supercomputing Conference 2015. (Poster)
I don’t know about you!!!

• Name?
• Hometown?
• Experience in IT?
• Field of interest in CS (e.g. ML,
Network, Security, etc.)
• Expectation from this course?

Now its time to introduce

yourself
About Course!

7
Text Books
 Textbook:
 Michael E. Whitman and Herbert J. Mattord, Principles of Information Security,
Thomson/Course Technology, Fifth Edition 

 William Stallings, “Cryptography and Network Security”, 5th edition, Pearson Prentice Hall.

 Network Security Essentials: Applications and Standards, by William Stallings. Prentice

Hall, Hardcover, Published November 1999, 366 pages, ISBN 0130160938
Marks Breakdown
 Marks breakdown
 Midterm 30%
 Assignments (weekly) 10%
 Weekly Reading 10%
 Research Paper 10%
 Group Video Project 10%
 Final exam 30%
My Rules
 …..ask questions (Through Discussion Forums), Feel free to ask any question

 If you have any question during class raise your hand first and then ask question

 Don’t take notes, these slides will be available on google classroom soon

 Correct me if I make a mistake (remember I am in continuous learning mode)

 Respect to other’s opinion in class

 No cross-talk during class

 10 minutes late comers will have to pay penalty of Rs. 300.

 Finally – use of mobile phones in class is strictly prohibited without permission.

10
Contact and Course Logistics
 Instructor: Dr. Syed Asif Raza
 Email: asif.shah@iba-suk.edu.pk
 Office: Academic block I, Room No. 7
 WhatsApp: 03118004640
 Counseling Hours:
 3:00-5:00pm, All working days, however, it is strongly recommended that
appointments are set up through email beforehand
 Course Website
 https://classroom.google.com
 Joining Code: h5ev5ve
 Check often for announcements
 Assignments/Projects
 Discussion/Help
Tips for Success
 Use a personal calendar to plan your
semester
 Stay on top of the readings
 Attend all classes – have short meetings
with your team after class time
 Be sure to retrieve your graded quizzes
and assignments
 Contact with me if you have any
questions of problems

12
We want you to succeed!

 Your success is our success!

 Use the course as a launch pad for exploration

 Be careful not to do anything that breaks the

law or University Policy!

13
Weekly Reading
 Weekly Reading Assignment details:
 Read and review 2 research paper related to cyber security every week.
 1-2 page(s) write-up for each paper: just a few paragraphs: Submit your report the
day before upcoming class
 include your observation to the points that the papers deal with
 their motivation, problems: relevant? Important issue? Trivial?
 their solution is efficient? Make sense? Any other approaches?
 discussion items or further works?

15
Research Paper
 Start working on a research topic of cyber security and prepare a research paper
on that topic:
 Research paper should be at least 14 pages (two-column) IEEE format
 Mid-report Deadline: 1st March 2020
 Final research paper Deadline: 1st May 2020

16
Group Video Project
 Develop a 5-minute digital video that will:
 Describe and explain some aspect of cyber security
 Provide practical advice to the viewer
 The idea is for this video to raise awareness about cyber security
 You have to upload the Video on YouTube and share link with me
 Max. 2 team members can work together to produce high quality video
 This project breakdown into 4 stages
 Really excellent videos will be linked to the SIBAU Web site as examples of the
quality work

17
Group Video Project (Stage 1: Team
Formation)
Document must contain the following sections with headers:
 Team name
 Names of all team members
 Information for all members –including CMS-ID, email, cell phone, etc.
 Bulleted list of responsibilities of team members
 Description of communication and meeting strategy. How will you communicate?
When will you meet? How will you share work?
 Designate a team leader.  This is not the ‘boss.’ 
 Deadline: 29th Jan. 2020

18
Group Video Project (Stage 2: Topic
Selection)
The proposal must contain the following sections with headers:
 Title page with team name and title for video
 Description of topic – including explanation of why this topic is relevant to information
security
 Examples of information you might present in the video
 Description of intended audience
 Detailed project plan, listing project milestones and due dates leading up to
completed project
 Complete description of all technologies to be used in completing project
 Listing of 4-5 references you will possibly use in gathering data for video
 Deadline: 18th Feb. 2020

19
Project Topics
 There are many possible topics. This is just a very short sample:
 Malware
 Firewalls
 Safe use of social networking
 Home Wi-Fi security
 Safe browsing in public Wi-Fi hotspots
 Data encryption
 Protecting children online
 Cyber-bullying

 Please feel free to propose a different topic – but talk with me before you
develop your proposal.

20
Group Video Project (Stage 3: Progress
Report)
Give an informal presentation on your progress in this project
 You will be expected to show the work you have done so far
 You will also be expected to provide:
 A detailed list of references/resources in MLA format
 A detailed script/storyboard for your video that explains where you will be acquiring
video, stills, music and other content
 Updated detailed timeline, showing tasks completed and tasks yet to be completed
with anticipated completion dates.

 Deadline: 25th March 2020

21
Group Video Project (Stage 4: Final Video
&Your
 Report)
completed project video will be uploaded to YOUTUBE. 
 The URL of the video will be delivered by the due date.
 Final report will have the following sections:
 Good front material – team name, class/section, name of project/topic
 Detailed transcript and storyboard for video
 Detailed description of all technologies used
 Explanation of process followed
 Complete references in MLA format with explanation of information gained from that
reference
 A breakdown of the work completed by each team member.
 Deadline: 5th May 2020
22
Starting with a Video!
 Israel Rules The World Of Cyber Security!
 https://www.youtube.com/watch?v=ca-C3voZwpM

23
Reality!

“People are the weakest link. You can have the best
technology, firewalls, intrusion-detection systems, biometric
devices – and somebody can call an unsuspecting employee.
That’s all she wrote, baby. They got everything.”

- Kevin Mitnik

24
What Is Security?
 “A state of being secure and free from danger or harm; the actions taken to
make someone or something secure.”

 Security is not a ‘thing’ – rather, it is a ‘process.’

 --

25
Why We Need Cyber
Security???

26
Case 1: Internet Under Siege
 February 7 - 9, 2000
Yahoo!, Amazon, Buy.com, CNN.com, eBay, E*Trade, ZDNet websites hit with massive DOS

 Attacks received the attention of president Clinton and Attorney General Janet
Reno.

 “A 15-year-old kid could launch these attacks, it doesn’t take a great

deal of sophistication to do”
– Ron Dick, Director NIPC, February 9

 U.S. Federal Bureau of Investigation (FBI) officials have estimated the attacks
caused $1.7 billion in damage
 --
Case 2: Slammer Worm
 January 2003
Infects 90% of vulnerable computers within 10 minutes
 Effect of the Worm
- Interference with elections
- Cancelled airline flights
- 911 emergency systems affected in Seattle
- 13,000 Bank of America ATMs failed
 No malicious payload!
 Estimated ~$1 Billion in productivity loss
 --
Case 3: WorldCom
 July 2002
WorldCom declares bankruptcy
 Problem
WorldCom carries 13% - 50% of global internet traffic. About 40% of Internet
traffic uses WorldCom’s network at some point
 October 2002
Outage affecting only 20% of WorldCom users snarls traffic around the globe
 Congressional Hearings
Congress considers, but rejects, extension of FCC regulatory powers to prevent
WorldCom shutdown

Vulnerabilities are not just technical

Case 4: September 11
 Wireless Tower on Top of Trade Center Destroyed

 AT&T has record call volumes

 “Flash” usage severely limits availability

 Rescue efforts hampered

Physical Vulnerability!

Legitimate Usage!
With Live Demo!
A Digital Era.

32
Golden Age for Data Exploits

33
Cyber Attacks

34
History of Cyber Attacks

35
Cyber Security?

36
Cyber Security?
 Cyber security?
 Cyber security is the protection of Internet connected system, including hardware,
software, and program or data from cyber attacks.

 Precautions taken to guard against unauthorized access to data (in electronic form) or
information systems connected with internet

 Prevent crime related to Internet

37
Protect Against What?

38
CIA TRIAD?

39
CIA TRIAD (Video)

https://www.youtube.com/watch?v=rwigKjEsdTc

- 40 -
C.I.A. triangle or Security Objectives
 Confidentiality
 “Preserving authorized restriction on information access and disclosure, including
means for protecting personal privacy and proprietary information.”

 Integrity
 “Guarding against improper information modification or destruction, and includes
ensuring information non-repudiation and authenticity.”

 Availability
 “Ensuring timely and reliable access and use of information.”

- 41 -
Attacks on CIA

42
Steps to Fix a Crime

43
Vulnerability, Threat & Risk

44