BCS2014

Cyber Security

Lecture 1:
The Security Environment
Learning Objectives
• List and discuss the key characteristics of information security
• Describe the dominant categories of threats to information security
• Understand essential security concepts
• Use online resources to secure your network
• Explain the dangers of industrial espionage and know how to
protect

2
Learning Objectives
• Understand the basic methodology used by hackers
• Have an understanding of what identity theft is and how it is done
• Know specific steps that can be taken to avoid identity theft
• Understand what cyber stalking is, and be familiar with relevant laws
• Understand how DoS attacks are accomplished
• Know how to protect and defend against specific DoS attacks

3
Learning Objectives
• Understand viruses (worms) and what a Trojan horse is and
how it operates
• Understand ransomware and the latest trends in ransomware
• Have a better understanding of spyware and how it enters a
system
• Defend against various attacks using sound practices, antivirus
software, and antispyware software
• Know the various types of Internet investment scams and
auction frauds
• Know specific steps you can take to avoid fraud on the Internet

4
Introduction

You can have all the protection mechanisms in

place and still have security problems:
Introduction
The concept of computer security has become
synonymous with the concept of information security

Information security is no longer the sole

responsibility of a discrete group of people in the
company

6
Information Security Decision
Makers
1. Information security manager and professionals
(InfoSec Community)
- Those in the field of information security

2. Information technology manager and professionals

(Information Technology Community)
- Those in the field of IT

3. Non-technical business manager and professionals

(General Business Community)
- Those from the rest of the organization

7
What Is Security?
• How do you define security?

• Specialized areas of security

• Physical
• Operations
• Communications
• Network

Each of these areas contribute to the

information security program as a whole
8
Introduction to Security
• Security
- a state of being secure and free from danger
or harm.

• Information security (InfoSec)

- protection of the C.I.A. of information assets via the application of
policy, education, training and awareness and technology.

9
Specialized Areas of Security
Physical security The protection of physical items, objects, or areas from
unauthorized access and misuse.
Operations security The protection of the details of an organization’s
operations and activities.
Communications The protection of all communications media, technology,
security and content.
Cyber/computer The protection of computerized information processing
security systems and the data they contain and process.
Network security A subset of communications security and cybersecurity;
the protection of voice and data networking components,
connections and content.

10
Key Concepts in Information Security

Source: Management of Information Security, 5th Edition, Cengage Learning 11

 Key Concepts in Information Security
• Attack – intentional or unintentional act that can damage or otherwise
compromise information and the systems that support it.
• Exploit – a technique used to compromise a system.
• Loss – a single instance of an information asset suffering damage or
destruction, unintended or unauthorized modification or disclosure or
denial of use.
• Threat – an event that has the potential to adversely affect operations and
assets.
• Threat agent – the specific instance or a component of a threat.
• Vulnerability – a potential weakness in an asset or its defensive control
systems. 12
Threat vs Vulnerability vs Risk

13
Categories of Threats

14
Compromises to Intellectual Property
• Intellectual property (IP) can be trading secrets, copyrights,
trademarks and patents.
• IP is protected by copyright and other laws, carries the expectation of
proper attribution or credit to its source and potentially requires the
acquisition of permission for its use, as specified in those laws.
• The unauthorized appropriation of IP constitutes a threat to
information security.
• This category includes two primary areas:
Software piracy
Copyright protection and user registration
15
Deviations in Quality of Service
• An organization’s information system depends on the successful
operation of many interdependent support systems, including power
grids, data and telecommunications networks, parts suppliers, service
vendors and even janitorial staff and garbage haulers.
• Any of these support systems can be interrupted by severe weather,
employee illnesses or other unforeseen events.
• Irregularities in internet service, communications, and power supplies
can dramatically affect the availability of information and systems.
• Subcategories of this threat include Internet service issues,
Communications and other service provider issues, and Power
irregularities.
16
Espionage or Trespass
• When an unauthorized person gains access to information, the act is
categorized as espionage or trespass.
• Some information-gathering techniques are legal – for example, using
a Web browser to perform market research.
 These legal techniques are collectively called competitive intelligence.
• When information gatherers employ techniques that cross a legal or
ethical threshold, they are conducting industrial espionage.

17
Espionage
• Is NOT:
• Sophisticated glamour
• Exciting adventure

• Its ultimate goal:

• Collecting information
• Without fanfare or unwanted attention
• Without detection by target organization

18
Espionage
• NOT done only by governments, intelligence agencies, or
terrorists
• Spies for political and military goals

• Also done by private companies

• Industrial espionage
• Billions of dollars at stake
• Companies do not want to reveal they are perpetrators or
targets

19
What Is Industrial Espionage?
Industrial Espionage
• Spying to find out valuable information
• Competitor’s projects
• Client list
• Research data

• While the goal is different than military espionage, the

means are the same
• Electronic monitoring
• Photocopying files

20
Real-World Examples of Industrial
Espionage
• Hacker Group
• Fiat Versus General Motors
• Nuclear Secrets
• Uber
• Foreign Governments and Economic Espionage
• Larry Ellison, CEO of Oracle Corporation, openly defended his
hiring of a private detective to dumpster-dive at Microsoft to
obtain information

21
How Does Espionage Occur?
Espionage can occur in two ways:
• Easy low-tech way
• Employees take the data
• Social engineering
• Technology-oriented method
• Spyware
• Cookies
• Key loggers

22
How Does Espionage Occur?
• Low-tech industrial espionage
• Employees divulge sensitive data
• Information is portable – CDs, flash drives
• Social engineering, email
• Disgruntled employees
• Motives vary
• Spyware used in industrial espionage
• Any monitoring software can be used
• Spyware, key loggers, screen captures

23
Protecting Against Industrial Espionage
• Cannot make system totally secure
• Employ antispyware software
• Use firewalls and intrusion detection software
• Implement organizational security policies
• Encrypt all transmissions
• These techniques cannot guard against internal
sabotage

24
Protecting Against Industrial Espionage
How to lessen the risk of internal espionage:
• Give out data access on a “need-to-know” basis
• Separation of duties for critical data
• Limit portable storage media and cell phones
• No documents or media leave the building
• Perform employee background checks
• Scan PCs of departing employees
• Lock up tape backups, documents, and other media
• Encrypt hard drives of portable computers

25
 Hackers
• A hacker frequently spends long hours examining the types
and structures of targeted systems and uses skill, guile, and/or
fraud to attempt bypass controls placed on information owned
by someone else.
• Hackers possess a wide range of skill levels, as with most
technology users.
- However, most hackers are grouped in two two categories: the
expert hacker and the novice hacker.
• Once an attacker gains access to a system, the next step is to
increase privilege escalation.
- Most accounts associated with a system have only rudimentary
“use” permissions and capabilities, the attacker needs
administrative or “root” privileges. 26
Hackers
• A hacker wants to understand a system, often by
learning its weaknesses
• Many hackers are not criminals
• Hackers who test their organizations’ system security
are called penetration testers
• Certifications for penetration testing include:
• Offensive Security
• SANS Institute
• EC-Council’s Certified Ethical Hacker

27
Hackers
• Types of hackers:
• White hat – ethical hackers
• Black hat – hackers with malicious intent (also called
crackers)
• Gray hat – former black hat hacker turned white hat
• Script kiddies – inexperienced hackers
• Phreaking refers to hacking into phones
• Penetration testing
• Red team – emulates an adversary
• Blue team – defensive team

28
Penetration Testing
• Penetration testing is the methodical probing of a
target network to identify weaknesses in the network
• Penetration testing standards include:
• NIST 800-115
• National Security Agency (NSA) Information Assessment
Methodology
• PCI Penetration Testing Standard

29
Password Attacks
• Password attacks fall under the category of espionage or trespass just as lock-
picking falls under breaking and entering.
• Attempting to guess or reverse – calculate a password is often called cracking.
• There are alternative approaches to password cracking:
• Brute Force Attack – The application of computing and network resources to try every possible
password combination.
• Dictionary Attacks – a variation of the brute force attack that narrows the field using a dictionary
of common passwords and includes information related to the target user.
• Rainbow Tables – a database of hash values and their unencrypted equivalents against which an
encrypted password file can be compared.
• Social Engineering Password Attacks – Attackers posing as employees may attempt to gain
access to systems information asking other employees for their usernames and passwords, then
using the information to gain access to the systems.

30
Forces of Nature
• Present some of the most dangerous threats because they usually
occur with little warning and are beyond the control of people.
• Force majeure or “superior force” includes forces of nature as well as
civil disorder and acts of war.
• Include fire, flood, earthquake, and lightning as well as electrostatic
discharge.
• Because it is not possible to avoid threats from forces of nature,
organizations must implement controls to limit damage and prepare
contingency plans for continued operations.

31
Human Error or Failure
• This category includes acts performed without intent or malicious
purpose or in ignorance by an authorized user.
• Inexperience, improper training and incorrect assumptions are some
causes of human error or failure.
• One of the greatest threats to an organization’s information security is
its own employees, as they are threat agents closest to the
information.

32
Types of Human Error

Phishing
 URL Manipulation
 Web site forgery
Advance-fee Fraud (AFF)
Social Engineering

Pretexting

Spear Phishing 33
Information Extortion
• Also known as cyberextortion – the theft of credit card numbers.
• Recent information extortion attacks have involved specialized forms
of malware known as ransomware that encrypts the user’s data and
offer to unlock it if the user pays the attacker.
• E.g. WannaCry, Petya

34
 Ransomware
• Normally loaded onto a computer via a download/attachment/link
from an email or website.
• Will either lock the screen or encrypt your data.
• Once Ransomware is uploaded on your computer/tablet/phone it is
very difficult to remove without removing all the data.
• Wannacry attack 2017 - One of the biggest cyber-attacks to occur.
• Is said to have hit 300,000 computers in 150 countries.
• Companies affected include; NHS, Renault, FedEx, Spanish telecoms
and gas companies, German railways.

35
 How to tackle Ransomware
• Back up- Keep a backed-up copy of your data. Ensure its not
permanently connected to the network.
• Patch- Keep your software up to date. Wannacry was successful as
those affected computers hadn’t updated. The update contained a fix
for the problem.
• Attachments- Don’t click on links from emails/SMS as this could easily
be from an untrusted source and contain malware like Ransomware.

36
 Sabotage or Vandalism
• Involves the deliberate sabotage of a
computer system or business or acts of
vandalism to destroy an asset or damage the image of an organization.
• Website defacement attacks involve hacking organization’s web servers,
redirect users to other websites etc.
• Activism in the digital age:
Online activism – access, destroy, release critical data.
Cyberterrorism and cyberwarfare – hacking into and destroying critical
equipment.
Positive online activism – fundraising, raise awareness, promote
involvement.
37
Software Attacks
• Deliberate software attacks occur when an individual or group designs
and deploys software to attack a system.
• This attack can consist of specially crafted software that attackers trick
users into installing on their systems.
• Several forms of software attacks:
Malware, including viruses, worms and Trojan horses
Back doors, trap doors and maintenance hook
Denial-of-service and distributed DDoS
Email attacks
Communication interception attacks

38
Types of Software Attacks (Threats)
• Malware: MALicious softWARE
• Security breaches
• DoS: Denial of Service attacks
• Web attacks
• Session hijacking
• Insider threats
• DNS poisoning
• New attacks: Doxing

39
Malware
Software with a malicious purpose
• Viruses
• Trojan horses
• Spyware

40
Viruses
Viruses
• One of the two most common types of malware
• Designed to replicate and spread
• Usually spreads through email
• Uses system resources, causing network slowdowns or stoppage

41
Viruses (cont.)
How a Virus Spreads
• Finds a network connection; copies itself to other hosts on the
network
• Requires programming skill
OR
• Mails itself to everyone in host’s address book
• Requires less programming skill
• Most common method

42
Viruses (cont.)
Types of Viruses:
• Macro
• Boot sector
• Multi-partite
• Memory resident
• Armored
• Sparse infector
• Polymorphic
• Metamorphic

43
Viruses (cont.)
Virus Examples:
• Black Basta • Mindware
• Titanium • Thanatos
• WannaCry • Clop (or CL0p)
• Petya • FakeAV
• Shamoon • MacDefender
• Rombertik • Kedi RAT
• Gameover ZeuS • Sobig
• CryptoLocker and • Shlayer
CryptoWall • Mimail
• IoT Malware • Flame

44
Viruses (cont.)
Rules for Avoiding Viruses
• Use a virus scanner
• DO NOT open questionable attachments
• Use a code word for safe attachments from friends and colleagues
• Do not believe “security alerts” sent to you

45
 Malware (cont.) • A Trojan horse can:
• Download harmful software
Trojan Horses • Install a key logger or other spyware
• The other most common type of • Delete files
malware
• Open a backdoor for hackers
• Named after the wooden horse of
• Be crafted for an individual
ancient history
• Appears benign but secretly
downloads malware onto a
computer from within

46
Malware Creation
• Malware creation utilities include:
• TeraBIT Virus Maker (see the next slide)
• Sam’s Virus Generator
• Internet Worm Maker Thing
• JPS Virus Maker
• Deadlines Virus Maker
• Sonic Bat Virus Creator
• Windows hacking techniques include:
• Pass the Hash
• Net User Script
• Login as System

47
TeraBIT Virus Maker

48
Spyware
• Requires more technical knowledge
• Usually used for targets of choice
• Must be tailored to specific circumstances and then
deployed
• Forms of spyware:
• Web cookies
• Key loggers
• Some spyware uses are legal:
• Employers monitoring employees
• Parents monitoring their children on the Internet

49
Other Forms of Malware
Rootkits
• A rootkit is a collection of tools that a hacker uses to mask intrusion and
obtain administrator-level access to a computer or computer network
• May consist of utilities that also can
• Monitor traffic and keystrokes
• Create a backdoor into a system
• Alter log files
• Attack other machines on the network
• Alter existing system tools to circumvent detection

50
Other Forms of Malware (cont.)
Malicious Web-Based Code
• Also known as web-based mobile code
• Code that is portable to all operating systems or platforms, such as HTTP and
Java
• Multimedia rushed to market results in poorly scripted code
• Spreads quickly on the Web

51
Other Forms of Malware (cont.)
• Logic Bombs
• Execute malicious purpose when a specific criterion is met
• Often linked to a specific date/time
• Can be other criteria
• Spam
• Unwanted and unsolicited email sent out to multiple
parties
• Often used for marketing purposes

52
Other Forms of Malware (cont.)
• Advanced Persistent Threats (APTs)
• Advanced techniques, not script kiddies
• Ongoing over a significant period
• Deep Fakes
• Newer technology
• Videos that look so authentic that they can be mistaken for
being real
• Won’t harm computer but can cause disruption

53
Detecting and Eliminating Viruses and Spyware
• Antivirus software operates in two ways:
• Scans for virus signatures
• Keeps the signature file updated
• Watches the behavior of executables
• Attempts to copy itself
• Attempts to access email address book
• Attempts to change Registry settings in Windows
• Examples include Norton and McAfee

54
Detecting and Eliminating Viruses and
Spyware (cont.)
Anti-Malware and Machine Learning
• Machine learning helps defend against malware
• Antivirus products that use machine learning:
• Cylance Smart Antivirus
• Deep Instinct D-Client
• Avast Antivirus

55
Denial of Service (DoS) Attacks
• The attacker does not access
the system
• The attacker blocks access to
authorized users
• Distributed DoS (DDoS) uses
multiple machines to attack
the target

56
DoS Attacks
• One of the most common types of attacks
• Aims to prevent users from accessing system
• Requires a minimum of technical skill
• Effective because computers and other systems have
physical limitations:
• Number of simultaneous users
• Size of files
• Speed of data transmission
• Amount of data stored

57
Real-World Examples of DoS Attacks
• Google Attack
• AWS (Amazon Web Services) Attack
• Boston Globe Attack
• Memcache Attacks
• DDoS Blackmail
• Mirai

58
How to Defend Against DoS Attacks
In addition to previously mentioned methods:
• Configure your firewall to
• Filter out incoming ICMP packets
• Disallow any incoming traffic
• Use tools such as NetStat and others
• Disallow traffic not originating within the network
• Disable all IP broadcasts
• Filter for external and internal IP addresses
• Keep AV signatures, OS, and software patches current
• Have an Acceptable Use Policy

59
Web Attacks
• In a web attack, the attacker attempts to
breach a web application
• Common attacks of this type include:
• SQL injection
• Cross-site scripting

60
Session Hijacking
• Session hijacking is a complex form of attack
• The attack involves the attacker taking over an
authenticated session between the client machine
and the server
• Not a common form of attack

61
Insider Threats
• A type of security breach
• An insider threat occurs when someone
inside an organization:
• Misuses his access to data, or
• Accesses data he is not authorized to access

62
DNS Poisoning
• This type of attack involves altering Domain Name
System (DNS) records on a DNS server to redirect
client traffic to malicious websites
• This attack is typically used for identity theft

63
New Attacks: Doxing
• Doxing refers to the process of locating personal
information on an individual and broadcasting it,
often via the Internet
• This can include any personal information about any
person; most often used against public figures
• This type of attack is becoming more prevalent

64
Technical Hardware Failures or Errors
• Occurs when a manufacturer distributes equipment containing a
known or unknown flaw.
• In hardware terms, failures are measured in mean time between
failure (MTBF) and mean time to failure (MTTF).
• MTBF presumes that the item can be repaired or returned to service,
MTTF presumes the item must be replaced.
• From a repair standpoint, MTBF = MTTF + MTTD +MTTR , where
mean time to diagnose (MTTD) examines diagnosis time and mean
time to repair (MTTR) calculates repair time.

65
Technical Software Failures or Errors
• Large quantities of computer code are written, debugged, published
and sold before all their bugs are detected and resolved.
• Sometimes combinations of certain software and hardware reveal
new failures that range from bugs to untested failure conditions.
• Sometimes bugs are not errors, but purposeful shortcuts left by
programmers for benign or malign reasons, bypassing security checks
– known as trap door.
• Among the most popular is Bugtraq, hosted by Security Focus, which
provides up-to-the-minute information on the latest security
vulnerability as well as a thorough archive of past bugs.

66
Technological Obsolescence
• Antiquated or outdated infrastructure can lead to unreliable systems.
• Management must recognize that when technology becomes
outdated, there is a risk of losing data integrity from attacks.
• Ideally proper planning by management should prevent technology
from becoming obsolete, but when obsolescence is clear,
management must take immediate action.
• Perhaps the most significant case of technology obsolescence in
recent years is Microsoft’s Windows XP.

67
Theft
• The value of information is diminished when it is:
‐ copied without the owner’s knowledge.
‐ Physical theft can be controlled easily using a wide variety of measures, from
locked doors to trained security personnel and the installation of alarm
systems.
‐ Electronic theft, however, is a more complex problem to manage and control.
‐ Theft is often an overlapping category with software attacks, espionage or
trespass, information extortion and compromises to intellectual property.

68
Computer Security
Computer systems and networks around us:
• E-commerce via websites
• Internet-connected cars
• Smart phones and watches
• Internet of Things (IoT)
• Smart homes
• Smart medical devices

69
Basic Security Terminology
Devices:
• Firewall
• Filters network traffic
• Proxy server
• Disguises IP address of internal host
• Intrusion Detection System (IDS)
• Monitors traffic, looking for attempted attacks

Activities:
• Authentication
• Auditing

70
Online Security Resources
• CERT
• www.cert.org
• Microsoft Security Response Center
• https://www.microsoft.com/en-us/msrc?rtc=1
• F-Secure
• www.f-secure.com
• SANS
• www.sans.org

71
How Internet Fraud Works
• Investment Offers
• Common schemes
• Nigerian fraud
• Investment advice
• Pump and dump scam
• Auction Fraud
• Shill bidding
• Bid shielding
• Bid siphoning

72
Identity Theft
• One person takes on the identity of another for
economic gain (also known as identity fraud)
• Phishing is a common way to accomplish identity theft
• Forms of phishing include:
• Cross-site scripting
• Spear phishing
• Whaling

73
 Phishing
• Is the attempt to obtain sensitive information by deception.
• They will be after your login credentials, payment card details or to upload malware to your computer.
• The email will normally impersonate a genuine company or person.

74
Cyber Stalking
• Using the Internet to harass someone
• Real-world cyber stalking cases
• Criteria for evaluating cyber stalking:
• Credibility
• Frequency
• Specificity
• Intensity
• Internet fraud laws established in the U.S. and other
countries

75
Protecting Against Investment Fraud
• Only invest with well-known, reputable brokers
• Avoid the investment if a deal sounds too good to be
true
• Ask yourself why someone is informing you of a
great investment deal
• Even legitimate investments involve risk
• Never invest money that you cannot afford to lose

76
Protecting Against Identity Theft
• Do not provide personal information unless necessary
• Destroy documents that include personal information
• Check your credit frequently
• If your state has online driving records, check yours
once per year

77
Secure Browser Settings
• Microsoft Edge
• Medium High level of protection recommended
• Firefox
• Privacy & Security settings
• Google Chrome
• VPN service encrypts web traffic

78
Protecting Against Auction
Fraud
• Only use reputable auction sites
• If it sounds too good to be true, don’t bid
• Read feedback from other buyers
• Work only with reputable sellers
• Use a separate credit card (one with a low limit) for
online auctions

79
Protecting Against Online Harassment
• Do not use your real name in chat rooms or
discussion boards
• Set up a separate email account with an anonymous
service
• Keep harassment emails in digital and printed
formats
• Do not ignore cyberstalking
• 19% of cyber stalking cases escalate to stalking in the real
world
• Report to local law enforcement

80
Summary
• The narrower concept of computer security has been replaced by the broader
concept of InfoSec.
• Organizations often have three communities of interest: InfoSec managers
and professionals, IT managers and professionals, and nontechnical managers
and professional.
• There are 12 general categories of threats to InfoSec.
• Network security is a complex and constantly changing field.
• You need three levels of knowledge:
• Take the courses necessary to learn the basic terminology and techniques
• Be proactive in assessing risk and protecting the network
• Stay on top of new threats and solutions

81
Summary
• Fraud and identity theft are real and growing problems
• Everyone must take steps to protect themselves online
• Cyber stalking is often new to civilians and law
enforcement
• Cyber stalking cases can escalate into
real-world violence

82