NED University of Engineering and Technology

Department of Computer and Information Systems Engineering

Fall Semester 2021
M. Engineering Specialization in Computer Systems
(Evening Program)

CS-542 Cyber Security

Lecture 01

Muhammad Nabeel Ibrahim Khan

Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INTRODUCTION

What is Information Technology?

• Information technology (IT) is the use of computers to store, retrieve,
transmit, and manipulate data, or information, often in the context of a
business or other enterprise.
OR
• Information technology (IT) is the use of any computers, storage, networking
and other physical devices, infrastructure and processes to create, process,
store, secure and exchange all forms of electronic data. Typically, IT is used in
the context of enterprise operations as opposed to personal or entertainment
technologies. The commercial use of IT encompasses both computer
technology and telephony. IT can also refer to the architectures,
methodologies and regulations governing the use and storage of data.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INFORMATION TECHNOLOGY

IT in a broader scale encompasses the following:

• Hardware Infrastructures(Physical Media/assets/resources i.e Computers,
Servers, Routers etc)
• Software Infrastructures(OS, App Software, Databases etc)
• Regulations/rules/protocols/SOP’s/Policies governing the above
infrastructures.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INFORMATION TECHNOLOGY

• All in all we can deduce that IT systems are way more complex because of the
nature of technologies involved and the level of integration done in order to
synergize the meaningful information or productivity associated with them.
• Therefore, IT systems require even more complex policies in order to run
smoothly and effectively whatever the conditions may arise.
• If the policies or the underlying infrastructures are weak(in any way) then the
business productivity of any organization could be on stake or the
organization could have serious Losses or Risks associated with these losses.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

LOSSES

Losses could be of many types

• Data Losses
• Financial Losses
• Reputational Losses
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

DATA LOSSES

• Means losing files or data through which you create information.

• Means losing time and money to recover information that is essential for the
proper functioning of your business.
• Some forms of data losses are recoverable, but they require time and
resources.
• Data losses can be attributed to a number of factors but are largely
associated with common causes as discussed further.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CAUSES OF DATA LOSSES

• Human error
• Viruses and malware
• Hard drive damage
• Power outages
• Computer theft
• Disasters
• Software corruption
• Hard drive formatting
• Hackers and Insiders
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

HUMAN ERROR

• Humans are not infallible — we all make mistakes and sometimes they’re big
ones.
• For businesses, these mistakes can result in the unintentional deletion of data
files or sections of text.
• Without realizing it, employees can overwrite important files or delete
information that is essential to your business.
• Human error can also play a role in many other main causes of data loss,
including hard drive damage, liquid spills, software corruption and hard drive
formatting.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

VIRUSES AND MALWARE

• Most people think of viruses when you ask them what causes data losses.
• For businesses, viruses can steal and delete swaths of data or bring business
operations to a crawl, destroying company functionality.
• A computer often gets a virus from an email-based attack or through
phishing that tempts an employee to click on a corrupted link. This link then
allows the virus or malware to enter the computer system to damage or
steal files.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

HARD DRIVE DAMAGE

• Most data losses occur due to hardware malfunctions, with the primary
perpetrator being the hard drive.
• Hard drives are the most fragile parts of computers, and around 140
thousand hard drives crash every week.
• Of these crashes, 60 percent are due to mechanical issues and 40 percent are
a result of human misuse or mishandling, including dropping or jostling a
computer or laptop.
• Hard drives can also be damaged if a computer overheats, typically caused by
overuse or a build-up of dust in the computer.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

POWER OUTAGES

• Power outages can interrupt business operations substantially, shutting

software systems down without warning.
• Not only can this result in the loss of unsaved data, but it can also cause
existing files to be corrupted due to improper shutdown procedures.
• Sometimes, entire programs may be rendered non-functional by a poorly timed
power outage.
• If a computer shuts down while it is writing to the hard drive system, it may
never start up again.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

COMPUTER OR LAPTOP THEFT

• In the modern workplace, more and more people are becoming mobile. This
often means they are working from laptops or smartphones rather than PCs.
Laptop theft is a serious risk and can happen anywhere if a laptop is left
unattended.
According to a study by Kensington:
• 25 percent of IT theft occurs in cars or other transportation vehicles
• 23 percent takes place in the office
• 15 percent happens in airports or hotels
• 12 percent occurs in restaurants
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

DISASTERS

• From tornadoes to fire, disasters can happen when you least expect them and
have devastating impacts on your business.
• They can destroy your computer, your data and even your business entirely.
• To minimize the effects of a disaster and ensure you can carry on, back up
your data on a weekly basis and store files in a secure location.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

DISASTERS

Natural disasters can cause irreparable damage to a business if data is not backed
up:
• 93 percent of companies that lost their data center for 10 or more days from a
disaster filed for bankruptcy within one year
• 50 percent of companies that lost data management due to a disaster filed for
bankruptcy immediately
• 30 percent of businesses that experience a severe fire go out of business
within a year
• 70 percent of businesses that experience a severe fire go out of business
within five years
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

SOFTWARE CORRUPTION

• Unexpected or improper software shutdowns may seem innocent on the

surface but can cause serious issues for your data.
• Improper shutdowns can corrupt your data or delete your progress, wasting
time and losing valuable data.
• When software is corrupted it may not be able to run again, meaning you
cannot access data stored in that software.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

HARD DRIVE FORMATTING

• Accidental formatting of your hard drive can cause you to lose data instantly.
• Employees can format a hard drive by accident if they misunderstand system
prompts or error messages.
• Reformatting can also occur during system updates and result in data loss.
• While accidentally reformatting a hard drive can lead to panic when files and
documents can no longer be accessed, you can often recover lost data from
hard drive formatting by running a data recovery software.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

HACKERS AND INSIDERS

• In recent years, hacking and data breaches have become a much more
common problem, making good cybersecurity measures essential.
• Unauthorized guests in your network can cause serious damage to your data,
deleting and stealing any data they wish.
• They can even damage entire network processes if they have sufficient access
to your system.
• Minimize the potential for such losses by using firewalls in your system to
keep out hackers.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INFORMATION TECHNOLOGY RISK

• Potential for technology shortfalls that results in losses.

• Includes potential for project failures, operational problems and information
security incidents.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

TYPES OF IT RISKS

• Architecture Risks
• IT structures that fail to support operations or projects
• Artificial Intelligence Risks
• Risk associated with technologies that learn and self improve.
• Asset Management Risk
• Failure to control IT assets such as loss of mobile devices.
• Audit Risks
• Risk that an IT audit will miss things such as security vulnerabilities.
• Legacy Technology Risk
• Out of date technology that is difficult to maintain and at risk of failures
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

TYPES OF IT RISK

• Most of the preceding are IT Risks that contribute towards information security
incidents
• What is Information Security?
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INFORMATION SECURITY (IS)

According [Link]:
“IS is designed to protect the confidentiality, integrity and availability of
computer system data from those with malicious intentions. Confidentiality
,integrity and availability are sometimes referred to as the CIA Triad of
information security. This triad has evolved into what is commonly termed as the
Parkerian hexad, which includes confidentiality, possession (or control),
integrity, authenticity, availability and utility”.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INFORMATION SECURITY (IS)

[Link] states :
“Information security (infosec) is a set of strategies for managing the processes,
tools and policies necessary to prevent, detect, document and counter threats to
digital and non-digital information. Infosec responsibilities include establishing a
set of business processes that will protect information assets regardless of how
the information is formatted or whether it is in transit, is being processed or is at
rest in storage”.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CIA TRIAD OF INFOSEC

• The CIA (Confidentiality, Integrity, and Availability) triad of information

security is an information security benchmark model used to evaluate the
information security of an organization.
• The CIA triad of information security implements security using three key
areas related to information systems including confidentiality, integrity and
availability.
• The CIA triad of information security was created to provide a baseline
standard for evaluating and implementing information security regardless of
the underlying system and/or organization.
• The three core goals have distinct requirements and processes within each
other.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CONFIDENTIALITY

• Ensures that data or an information system is accessed by only an authorized

person. User Id’s and passwords, access control lists (ACL) and policy based
security are some of the methods through which confidentiality is achieved
• ACL refers to the permissions attached to an object that specify which users
are granted access to that object and the operations it is allowed to perform.
Each entry in an access control list specifies the subject and an associated
operation that is permitted.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

ACL
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

ACL

• The main idea of using an ACL is to provide security to your network. Without
it, any traffic is either allowed to enter or exit, making it more vulnerable to
unwanted and dangerous traffic.
• As shown in the preceding picture, the routing device has an ACL that is
denying access to host C into the Financial network, and at the same time, it is
allowing access to host D.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CONFIDENTIALITY (CONTINUED)

• Confidentiality, in the context of computer systems, allows authorized users to

access sensitive and protected data. Specific mechanisms ensure
confidentiality and safeguard data from harmful intruders.
• For example, a U.S. government or military worker must obtain a certain
clearance level, depending on a position's data requirements, such as,
classified, secret or top secret. Those with secret clearances cannot access top
secret information.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CONFIDENTIALITY (CONTINUED)

Best practices used to ensure confidentiality are as follows:

• An authentication process, which ensures that authorized users are
assigned confidential user identification and passwords. Another type of
authentication is biometrics.
• Role-based security methods may be employed to ensure user or viewer
authorization. For example, data access levels may be assigned to
specified department staff.
• Access controls ensure that user actions remain within their roles. For
example, if a user is authorized to read but not write data, defined
system controls may be integrated.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INTEGRITY

• Integrity assures that the data or information system can be trusted. Ensures
that it is edited by only authorized persons and remains in its original state.
Data encryption and hashing algorithms are key processes in providing
integrity.
• Integrity, in the context of computer systems, refers to methods of ensuring
that data is real, accurate and safeguarded from unauthorized user
modification.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INTEGRITY (CONTINUED)

• Data integrity maintenance is an information security requirement. Integrity is

a major Information Assurance IA component because users must be able to
trust information.
• Untrusted data is devoid of integrity. Stored data must remain unchanged
within an information system (IS), as well as during data transport.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INTEGRITY (CONTINUED)

• Events like storage erosion(gradual destruction), error and intentional data or

system damage can create data changes.
• For example, hackers may cause damage by infiltrating systems with malware,
including Trojan horses, which overtake computer systems, as well as worms
and viruses.
• An employee may create company damage through intentionally false data
entry.
• Data integrity verification measures include checksums and the use of data
comparisons.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

MALWARES: VIRUSES, WORMS & TROJAN HORSES

Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

MALWARES: VIRUSES, WORMS & TROJAN HORSES

• A virus is a type of malicious software (malware) comprised of small pieces

of code attached to legitimate programs. When that program runs, the virus
runs.
• A computer worm is a type of malicious software program whose primary
function is to infect other computers while remaining active on infected
systems.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

MALWARES: VIRUSES, WORMS & TROJAN HORSES

• A computer worm is self-replicating malware that duplicates itself to spread to

uninfected computers.
• Worms often use parts of an operating system that are automatic and invisible
to the user.
• It is common for worms to be noticed only when their uncontrolled replication
consumes system resources, slowing or halting other tasks.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

MALWARES: VIRUSES, WORMS & TROJAN HORSES

Trojan Horse actually refers to piece of history that many of you might know
• How many of you know about the story of troy?
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

MALWARES: VIRUSES, WORMS & TROJAN HORSES

• A Trojan horse is not a virus. It is a destructive program that looks as a

genuine application. Unlike viruses, Trojan horses do not replicate
themselves but they can be just as destructive.
• Trojans are also known to create a backdoor on your computer that gives
malicious users access to your system, possibly allowing confidential or
personal information to be compromised. Unlike viruses and worms, Trojans
do not reproduce by infecting other files nor do they self-replicate.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

INTEGRITY (CONTINUED)

• Checksum or hash sum is an error-detection method, i.e. a transmitter

computes a numerical value according to the number of set or unset bits in a
message and sends it along with each message.
• At the receiver end, the same checksum function (formula) is applied to the
message to retrieve the numerical value. If the received checksum value
matches the sent value, the transmission is considered to be successful and
error-free.
• This verifies the integrity of the data sent.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

AVAILABILTY

• Ensures data and information systems are available when required.

Hardware maintenance, software patching/upgrading and network
optimization ensures availability.
• Availability, in the context of a computer system, refers to the ability of a
user to access information or resources in a specified location and in the
correct format.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

AVAILABILITY

• Data availability must be ensured by storage, which may be local or at an

offsite facility. In the case of an offsite facility, an established business
continuity plan should state the availability of this data when onsite data is not
available.
• At all times, information must be available to those with clearance.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CIA TRIAD
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

PARKERIAN HEXAD

• The Parkerian Hexad is a definition of a set of components added to the CIA

Triad to model a more comprehensive and complete security model: The
atomic components of the Parkerian Hexad are based on the CIA Triad i.e.
Confidentiality, Availability and Integrity. Additions: Possession/Control,
Authenticity and Utility.
• Possession correlates to Confidentiality
• Authenticity correlates Integrity
• Utility correlates to Availability
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

PARKERIAN HEXAD
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

What is Ashley Madison?

• A dating site with the tagline “Life is short. Have an affair” which offers
married people the opportunity to cheat on their spouses.
• With a claimed 37m users, it is one of the biggest of its sort, and no
stranger to controversy
• The site is run by Canadian company Avid Life Media, which operates a
portfolio of similarly niche and controversial dating sites.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

• On July 12, 2015, ALM employees arrived at work to find a message from
Impact Team.
• Impact stated that they had stolen the data of 37 million members of Ashley
Madison.
• Impact Team demanded to take Ashley Madison and similar website offline
permanently in all forms. If ALM doesn’t comply, they will release all customer
records, including profiles with all the customers’ personal information and
matching credit card transactions, real names and addresses, and employee
documents and emails
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

How does the site work?

• Unlike many dating sites, Ashley Madison does not charge for
membership directly.
• Instead, users pay for credits, which are used to send messages and
open chat sessions.
• Users can also use their credits to send gifts or pay more to put their
message at the top of a members inbox.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

What’s been stolen?

• The site’s database of members, as well as a huge amount of internal
corporate data. The database is split into three parts: the largest contains
profile information, including the names, street addresses, and dates of birth
of users.
• That database also contains the users’ entries in three checkbox lists, variously
detailing their personal information such as what sort of person they’re
looking for, and as biographical information such as whether or not they
smoke and drink.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

What’s been stolen?

• A second database contained the users’ email addresses, as well as information
about what mailing lists they were opted-in to. This is the database which has
been the source of many of the stories up till now, because it is the easiest to
search in general terms. Unsurprisingly, users have signed up with email
addresses from the UK and US governments and militaries, as well as a number
of large corporations and educational establishments.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

What’s been stolen?

• The third is a database of credit card transaction information. But the
information isn’t enough to steal users’ cash, and Ashley Madison has been
very clear that full credit card information wasn’t leaked
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Where’s the information now?

• The main dump is hosted on a Tor platform “hidden service” – a website
which can only be accessed through the anonymous browser. Unlike a normal
website, which visitors connect to directly, a hidden service is accessed via an
encrypted connection routed through third-parties which obscure the
website’s address from its visitors, and vice-versa. That means that it’s very
difficult to use the legal system to take down the main dump, since no-one yet
knows who to send the takedown notices too.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Where’s the information now?

• On top of that, the dump itself is now being disseminated using bittorrent, a
peer-to-peer transfer protocol. The file is broken up into multiple blocks, which
are then shared directly from one downloader’s computer to the next.
• With no central repository, it is all but impossible to prevent the transfer
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Who did it?

• On the day of the hack, Ashley Madison’s chief executive Noel Biderman told
security reporter Brian Krebs that it might have been an inside job. “We’re on
the doorstep of [confirming] who we believe is the culprit, and unfortunately
that may have triggered this mass publication,” Biderman, said. “I’ve got their
profile right in front of me, all their work credentials. It was definitely a person
here that was not an employee but certainly had touched our technical
services.”
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Who did it?

• The Impact Team announced the attack on 12 July 2015 and threatened to
expose the identities of Ashley Madison's users if its parent company, Avid Life
Media, did not shut down Ashley Madison and its sister site.
• And they exposed them big time.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

What repercussions did the site face?

• Users whose details were leaked are filing a $567 million class-action lawsuit
against the company.
• But the distress of a data breach of concerned parties was more than financial
loss.
What repercussions did the users face?
• The Impact Team and other attackers/hackers have continued to run
blackmail campaigns demanding payment of $500 to $2,000 for not sending
the information stolen from Ashley Madison to family members and friends.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Hacktivism as an excuse
• Impact Team justified their actions on the grounds that Ashley Madison lied to
users and didn’t protect their data properly.
• For example, Ashley Madison claimed that users could have their personal
accounts completely deleted for $19. However, this was not the case
• Another promise of deleting sensitive credit card information was never
fulfilled. Purchase details were not removed, and included users’ real names
and addresses
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Lessons to be learned
• Strong passwords are extremely important.
• Passwords on the site were hashed using MD5, which is vulnerable to brute
force attack.
• The subsequent investigation also revealed that several million Ashley Madison
passwords were very weak.
• Among the 4,000 passwords that were the easiest to crack, "123456" and
"password" were the most commonly used passwords on the live website.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Lessons to be learned
• One of the most controversial aspects of the whole Ashley Madison affair is
that of the deletion of information.
• Hackers exposed a huge amount of data which supposedly had been deleted.
• Permanent and irretrievable deletion of data is one of the most important
factors in personal information management
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

CASE STUDY (ASHLEY MADISON)

Lessons to be learned
• Subsequent audit showed, the entire platform suffered from serious security
problems.
• Another aspect to consider is that of insider threats.
• Internal users can cause irreparable harm, and the only way to prevent that
is to implement strict protocols to log, monitor and audit employee actions.
Department of Computer & Information Systems Engineering CS-542
NED University of Engineering &Technology Cyber Security

THANKYOU