CYBER SECURITY

WEEK-I: DAY 1

Data: Data is distinct pieces of information, usually formatted in a special way. Data is
measured, collected and reported, and analyzed, whereupon it is often visualized using graphs,
images or other analysis tools
Protect Your Personal Information Online
 Create strong passwords.
 Don't overshare on social media.
 Use free Wi-Fi with caution.
 Watch out for links and attachments.
 Check to see if the site is secure.
 Consider additional protection.

What is online identity?

Online identification refers to any bit of information associated with a specific individual found
on the internet. While online identification is most often connected with entire personal
accounts, such as banking profiles, it can consist of any personally identifiable information.
Internet identity (IID), also online identity or internet persona, is a social identity that an
Internet user establishes in online communities and websites.

Where is your data?

Data Centers are the source of almost all internet data. Their servers contain huge amounts of
information we access on a daily basis. The internet consists of a network of connected
computer networks that communicates using TCP/IP protocols on a global scale.

Smart devices
A smart device, as the name suggests, is an electronic gadget that is able to connect, share and
interact with its user and other smart devices. A smart device is an electronic device, generally
connected to other devices or networks via different wireless protocols (Bluetooth, Zigbee,
near-field communication, Wi-Fi, 5G) that can operate to some extent interactively and
autonomously. Several notable types of smart devices are smartphones, smart cars, smart
thermostats, smart doorbells, smart locks, smart refrigerators, phablets and tablets, smart
watches, smart bands, smart key chains, smart glasses, and many others.
What do attackers want?
In computer and computer networks, an attacker is the individual or organization who performs
the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to
or make unauthorized use of an asset.
 Financial gain,
 Disrupting a competitor ,
 Seeking revenge ,
 Personal agenda

What is Identity theft?

It is a practice of using another person’s name and personal information and pretending it to
be them. Identity theft is when someone steals your personal information and uses it without
your permission. There are various forms of identity theft, but the most common is financial.

Protecting your organization data

 Implement a data security plan. ...
 Encrypt data.
 Communicate data securely.
 Use access controls and firewalls.
 Use external service providers carefully.
 Keep some data off the network.

Traditional data
Traditional data is the structured data that is being majorly maintained by all types of businesses
starting from very small to big organizations. In a traditional database system, a centralized
database architecture used to store and maintain the data in a fixed format or fields in a file.

Cloud
Cloud storage is a cloud computing model that stores data on the Internet through a cloud
computing provider who manages and operates data storage as a service. It’s delivered on
demand with just-in-time capacity and costs, and eliminates buying and managing your own
data storage infrastructure.

IoT
The Internet of Things (IoT) describes the network of physical objects—“things”—that are
embedded with sensors, software, and other technologies for the purpose of connecting and
exchanging data with other devices and systems over the internet.

Big data
We can consider big data an upper version of traditional data. Big data deal with too large or
complex data sets which is difficult to manage in traditional data-processing application
software. It deals with large volume of both structured, semi structured and unstructured data

Types of data?
1. Personal data: Personal data is information that relates to an identified or identifiable
individual. What identifies an individual could be as simple as a name or a number or
could include other identifiers such as an IP address or a cookie identifier, or other
factors.
2. Public data: Public data is the data that exists everywhere else. This is information
that's freely available on the web. For example, data might include individual prices,
weights, addresses, ages, names, temperatures, dates, or distances.
3. Sensitive data: Sensitive data is confidential information that must be kept safe and
out of reach from all outsiders unless they have permission to access it. Access to
sensitive data should be limited through sufficient data security and information
security practices designed to prevent data leaks and data breaches.
4. Non-sensitive data: Non-Sensitive Personal Data any Personal Data that is not
Sensitive Personal Data. Examples of non-sensitive data would include gender, date of
birth, place of birth and postcode. Although this type of data isn't sensitive, it can be
combined with other forms of data to identify an individual.

Data classification: The process of analyzing unstructured or structured data and categorizing
it based on contents, file type, and other metadata is referred to as data classification.
1. Unclassified: If something is unclassified, it has not been given a grade or put into a
category, for example because it is of a low or basic standard.

2. Restricted: All data concerning design, manufacture, or utilization of atomic weapons;

the production of special nuclear material.

3. Confidential: Confidential data is personal identifiable information (PII) that you don't
want anyone to obtain without your permission. This may include Social Security
number, Phone numbers, Driver's license numbers, Bank account numbers, Tax
information and more.
 4. Secret: "Secret" shall be applied to information, the unauthorized disclosure of which
reasonably could be expected to cause serious damage to the national security.

5. Top secret: "Top Secret" shall be applied to information, the unauthorized disclosure
of which reasonably could be expected to cause exceptionally grave damage to the
national security.

What is Cyber Security?

Cyber security is the application of technologies, processes, and controls to protect systems,
networks, programs, devices and data from cyber-attacks.

Cyber security principles

The purpose of the cyber security principles is to provide strategic guidance on how an
organization can protect their systems and data from cyber threats. These cyber security
principles are grouped into four key activities:

 Govern: Identifying and managing security risks.

 Protect: Implementing controls to reduce security risks.
 Detect: Detecting and understanding cyber security events to identify cyber security
incidents.
 Respond: Responding to and recovering from cyber security incidents.
CIA
The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability. The CIA
triad is a common model that forms the basis for the development of security systems. They
are used for finding vulnerabilities and methods for creating solutions.

Confidentiality means that only authorized individuals/systems can view sensitive or

classified information. The data being sent over the network should not be accessed by
unauthorized individuals.

The next thing to talk about is integrity. Well, the idea here is to make sure that data has not
been modified. Corruption of data is a failure to maintain data integrity.

Availability means that the network should be readily available to its users. This applies to
systems and to data. To ensure availability, the network administrator should maintain
hardware, make regular upgrades.

AAA
Authentication, authorization, and accounting (AAA) is a security framework that controls
access to computer resources, enforces policies, and audits usage.

Authentication involves a user providing information about who they are. Users present login
credentials that affirm they are who they claim. AAA server compares a user’s credentials with
its database of stored credentials by checking if the username, password, and other
authentication tools align with that specific user.
During authorization, a user can be granted privileges to access certain areas of a network or
system. The areas and sets of permissions granted a user are stored in a database along with the
user’s identity. The user’s privileges can be changed by an administrator.

Accounting keeps track of user activity while users are logged in to a network by tracking
information such as how long they were logged in, the data they sent or received, their Internet
Protocol (IP) address, the Uniform Resource Identifier (URI) they used, and the different
services they accessed.

Vulnerability
A vulnerability in security refers to a weakness or opportunity in an information system that
cybercriminals can exploit and gain unauthorized access to a computer system. Vulnerabilities
weaken systems and open the door to malicious attacks. Vulnerabilities mostly happened
because of Hardware, Software, Network and Procedural vulnerabilities.

Threat
A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or
disrupt digital life in general. Cyber threats include computer viruses, data breaches, and Denial
of Service (DoS) attacks. Cyber threats can come from within an organization by trusted users
or from remote locations by unknown parties.

Risk
Cyber security risk is the probability of exposure or loss resulting from a cyber-attack or data
breach on your organization. A better, more encompassing definition is the potential loss or
harm related to technical infrastructure, use of technology or reputation of an organization.

Attack
A cyber-attack is any attempt to gain unauthorized access to a computer, computing system.
A cyber-attack is an attempt to disable computers, steal data, or use a breached computer
system to launch additional attacks.
Impact
Economic Costs Theft of intellectual property, corporate information, disruption in trading,
and the cost of repairing damaged systems.

Reputational Cost Loss of consumer trust, loss of current and future customers to
competitors, and poor media coverage.

Regulatory Costs GDPR (General Data Protection Regulation) and other data breach laws
mean that your organization could suffer from regulatory fines or sanctions as a result of
cybercrimes.

People, Process and Technology

Then secure your organization with the Three Pillars Cyber Security model.

1. People IT teams are trained with the latest cyber security skills and qualifications to
implement the controls, technologies, and best practices for your organization.

2. Process Bring in a coherent structure, and way of working to mitigate risks or deal with
threats in real-time. Continually update documents because hackers are constantly
evolving their attack techniques.

3. Technology without a doubt raises the levels of defense. However, if implemented

without proper planning, or a limited understanding of the environment it is intended
to defend, it will become a root cause of many more problems.

McCumbers Cube
In 1991, John McCumber created a model framework for establishing and evaluating
information security (information assurance) programs, now known as The McCumber Cube.
This security model is depicted as a three-dimensional Rubik's Cube-like grid.

Desired Goals
Confidentiality: assurance that sensitive information is not intentionally or accidentally
disclosed to unauthorized individuals.
Integrity: assurance that information is not intentionally or accidentally modified in such a
way as to call into question its reliability.
Availability: ensuring that authorized individuals have both timely and reliable access to data
and other resources when needed.

Information States
Storage: Data at rest (DAR) in an information system, such as that stored in memory or on a
magnetic tape or disk.
Transmission: transferring data between information systems - also known as data in transit
(DIT).
Processing: performing operations on data in order to achieve a desired objective.

Safeguards
Policy and practices: administrative controls, such as management directives, that provide a
foundation for how information assurance is to be implemented within an organization.

Human factors: ensuring that the users of information systems are aware of their roles and
responsibilities regarding the protection of information systems and are capable of following
standards.
Technology: software and hardware-based solutions designed to protect information systems
(examples: anti-virus, firewalls, intrusion detection systems, etc.)

Cyber Security - Brief history

In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in Cambridge,
Massachusetts created the first computer worm (virus). He realized that it was possible for a
computer program to move across a network, leaving a small trail (series of signs) wherever it
went. He named the program Creeper, and designed it to travel between Tenex terminals on
the early ARPANET, printing the message "I'M THE CREEPER: CATCH ME IF YOU CAN."

An American computer programmer named Ray Tomlinson, the inventor of email, was also
working for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act
of attempting to repair something) with the program and made it self-replicating "the first
computer worm." He named the program Reaper, the first antivirus software which would
found copies of The Creeper and delete it.

Types
Infrastructure Security, typically applied to enterprise IT environments, is a process of
protecting the underlying networking infrastructure by installing preventative measures to deny
unauthorized access, modification, deletion, and theft of resources and data.

Network Security refers to the measures taken by any enterprise or organization to secure its
computer network and data using both hardware and software systems.

Cloud security is a discipline of cyber security dedicated to securing cloud computing

systems. This includes keeping data private and safe across online-based infrastructure,
applications, and platforms.

Internet of Things (IoT) devices are computerized Internet-connected objects, such as

networked security cameras, smart refrigerators, and WiFi-capable automobiles. IoT security
is the process of securing these devices and ensuring they do not introduce threats into a
network

Application security aims to protect software application code and data against cyber threats.
You can and should apply application security during all phases of development, including
design, development, and deployment.
Purpose and Importance
Cyber security is crucial because it safeguards all types of data against theft and loss.
 Sensitive data,
 Protected health information (PHI),
 Personally identifiable information (PII),
 Intellectual property,
 Personal information and data
 Government and business information systems are all included

Challenges
Today cyber security is the main component of the country's overall national security and
economic security strategies. In India, there are so many challenges related to cyber security.
The recent important cyber security challenges are mentioned below.
 DAY-2

TOPOLOGY
The term network topology refers to the arrangements, either physical or logical, of nodes and
connections within a network. It could be said that a topology explains how a network is
physically connected, and how the information in the network flows logically.

MESH TOPOLOGY: A mesh topology, every device is connected to another device via a
particular channel. A mesh topology is a network setup where each computer and network
device is interconnected with one another. This topology setup allows for most transmissions
to be distributed even if one of the connections goes down. It is a topology commonly used
for wireless networks.

STAR TOPOLOGY: In star topology, all the devices are connected to a single hub through
a cable. This hub is the central node and all other nodes are connected to the central node. In a
star topology, the central hub acts like a server and the connecting nodes act like clients. When
the central node receives a packet from a connecting node, it can pass the packet on to other
nodes in the network. A star topology is also known as a star network.
BUS TOPOLOGY: Bus topology is a network type in which every computer and network
device is connected to a single cable. It transmits the data from one end to another in a single
direction. Bus topology, also known as line topology, is a type of network topology in which
all devices in the network are connected by one central RJ-45 network cable or coaxial cable.
The single cable, where all data is transmitted between devices, is referred to as the bus,
backbone, or trunk.

OSI MODEL
The OSI stands for Open System Interconnection. It is a conceptual model used for network
communication. The data moves down the OSI model, and each layer adds additional
information. The Open Systems Interconnection (OSI) model describes seven layers that
computer systems use to communicate over a network. The modern Internet is not based on
OSI, but on the simpler TCP/IP model. However, the OSI 7-layer model is still widely used,
as it helps visualize and communicate how networks operate, and helps isolate and troubleshoot
networking problems.
1. Physical Layer
The physical layer transmit raw bit stream over the physical medium. The physical layer is
responsible for the physical cable or wireless connection between network nodes. It defines the
connector, the electrical cable or wireless technology connecting the devices, and is responsible
for transmission of the raw data, which is simply a series of 0s and 1s, while taking care of bit
rate control.

2. Data Link Layer

The data link layer establishes and terminates a connection between two physically-connected
nodes on a network. It breaks up packets into frames and sends them from source to destination.
This layer is composed of two parts—Logical Link Control (LLC), which identifies network
protocols, performs error checking and synchronizes frames, and Media Access Control
(MAC) which uses MAC addresses to connect devices and define permissions to transmit and
receive data.
3. Network Layer
The network layer is responsible for sending and receiving data frames structured in packets.
Technologies in the networking layer use routers to send packets to nodes on different
networks. The network layer has two main functions. One is breaking up segments into network
packets, and reassembling the packets on the receiving end. The other is routing packets by
discovering the best path across a physical network.
4. Transport Layer
The transport layer deals with the transmission of data segments, which are sequences of data
at variable lengths. The transport layer takes data transferred in the session layer and breaks it
into “segments” on the transmitting end. It is responsible for reassembling the segments on the
receiving end, turning it back into data that can be used by the session layer. The transport layer
carries out flow control, sending data at a rate that matches the connection speed of the
receiving device, and error control, checking if data was received incorrectly and if not,
requesting it again.

5. Session Layer
The session layer handles the communications between two or more computers. Protocols here
are used to create a “session” between entities, which is common in applications that use remote
procedure calls. The session layer creates communication channels, called sessions, between
devices. It is responsible for opening sessions, ensuring they remain open and functional while
data is being transferred, and closing them when communication ends.

6. Presentation Layer
The presentation layer is about data translation and formatting. In this layer, protocols handle
things like encryption, decryption, and compression and decompress. The presentation layer
prepares data for the application layer. It defines how two devices should encode, encrypt, and
compress data so it is received correctly on the other end. The presentation layer takes any data
transmitted by the application layer and prepares it for transmission over the session layer.

7. Application Layer
The application layer is the top layer of the OSI Model and sits closest to the end-user
application. The application layer is used by end-user software such as web browsers and email
clients. It provides protocols that allow software to send and receive information and present
meaningful data to users. A few examples of application layer protocols are the Hypertext
Transfer Protocol (HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple
Mail Transfer Protocol (SMTP), and Domain Name System (DNS).

TCP/IP MODEL
The TCP/IP model is a concise version of the OSI model. It contains four layers, unlike
seven layers in the OSI model. The layers are.
1. Application Layer
Application layer interacts with an application program, which is the highest level of OSI
model. The application layer is the OSI layer, which is closest to the end-user. It means the
OSI application layer allows users to interact with other software application.

2. Transport Layer
Transport layer builds on the network layer in order to provide data transport from a process
on a source system machine to a process on a destination system. It is hosted using single or
multiple networks, and also maintains the quality of service functions.

3. Internet Layer
An internet layer is a second layer of TCP/IP layes of the TCP/IP model. It is also known as a
network layer. The main work of this layer is to send the packets from any network, and any
computer still they reach the destination irrespective of the route they take.

4. Network Interface Layer

Network Interface Layer is this layer of the four-layer TCP/IP model. This layer is also called
a network access layer. It helps you to define details of how data should be sent using the
network.
It also includes how bits should optically be signaled by hardware devices which directly
interfaces with a network medium, like coaxial, optical, coaxial, fiber, or twisted-pair cables.
INTERNET PROTOCOL
The Internet Protocol (IP) is a protocol, or set of rules, for routing and addressing packets of
data so that they can travel across networks and arrive at the correct destination. Data traversing
the Internet is divided into smaller pieces, called packets. IP information is attached to each
packet, and this information helps routers to send packets to the right place. Every device
or domain that connects to the Internet is assigned an IP address, and as packets are directed to
the IP address attached to them, data arrives where it is needed.

TYPES OF IP
1. IPV4: Internet Protocol version 4 (IPv4) is the fourth version of the Internet
Protocol (IP). It is one of the core protocols of standards-based inter-
networking methods in the Internet and other packet-switched networks. IPv4 uses a 32-
bit address space which provides 4,294,967,296 unique addresses, but large blocks are
reserved for special networking purposes.

Parts of IPv4
 Network part: The network part indicates the distinctive variety that’s appointed to
the network. The network part conjointly identifies the category of the network that’s
assigned.

 Host Part: The host part uniquely identifies the machine on your network. This part of
the IPv4 address is assigned to every host.

 Subnet number: This is the nonobligatory part of IPv4. Local networks that have
massive numbers of hosts are divided into subnets and subnet numbers are appointed
to that.

IPV6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP),
the communications protocol that provides an identification and location system for computers
on networks and routes traffic across the Internet. IPv6 was developed by the Internet
Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address
exhaustion, and is intended to replace IPv4. An IPv6 address is represented as eight groups of
four hexadecimal digits, each group representing 16 bits the groups are separated by colons (:).
An example of an IPv6 address is: [Link]

NETWORK RESOURCES
ROUTER A router is a device that connects two or more packet-switched networks or sub
networks. It serves two primary functions: managing traffic between these networks by
forwarding data packets to their intended IP addresses, and allowing multiple devices to use
the same Internet connection.

FIREWALL a Firewall is a network security device that monitors and filters incoming and
outgoing network traffic based on an organization's previously established security policies.

HUB a hub is the most basic networking device that connects multiple computers or other
network devices. A network hub is a node that broadcasts data to every computer or Ethernet-
based device connected to it. A hub is less sophisticated than a switch, the latter of which can
isolate data transmissions to specific devices. Network hubs are best suited for small, simple
local area network (LAN) environments.

SWITCH is an electrical component that can disconnect or connect the conducting path in an
electrical circuit, interrupting the electric current or diverting it from one conductor to another.

Hacker
Hacker is an individual who uses computer, networking or other skills to overcome a technical
problem. The term also may refer to anyone who uses their abilities to gain unauthorized access
to systems or networks in order to commit crimes.
Types of hackers
Black Hat Hackers are the "bad guys" of the hacking scene. They go out of their way to
discover vulnerabilities in computer systems and software to exploit them for financial gain or
for more malicious purposes, such as to gain reputation, carry out corporate espionage, or as
part of a nation-state hacking campaign. These individuals’ actions can inflict serious damage
on both computer users and the organizations they work for. They can steal sensitive personal
information, compromise computer and financial systems, and alter or take down the
functionality of websites and critical networks.

White Hat Hackers can be seen as the “good guys” who attempt to prevent the success of
black hat hackers through proactive hacking. They use their technical skills to break into
systems to assess and test the level of network security, also known as ethical hacking. This
helps expose vulnerabilities in systems before black hat hackers can detect and exploit them.
The techniques white hat hackers use are similar to or even identical to those of black hat
hackers, but these individuals are hired by organizations to test and discover potential holes in
their security defenses.

Grey Hat Hackers sit somewhere between the good and the bad guys. Unlike black hat
hackers, they attempt to violate standards and principles but without intending to do harm or
gain financially. Their actions are typically carried out for the common good. For example,
they may exploit a vulnerability to raise awareness that it exists, but unlike white hat hackers,
they do so publicly. This alerts malicious actors to the existence of the vulnerability.

Hacking Methodology
1. RECONNAISSANCE
During this phase that the hacker finds valuable information such as old passwords, names of
important employees (such as the head of the network department), and performs an active
reconnaissance to know how the organization functions. As a next step, the hacker completes
a process called foot printing to collect data on the security posture, reduces the focus area such
as finding out specific IP addresses, identifies vulnerabilities within the target system, and
finally draws a network map to know exactly how the network infrastructure works to break
into it easily.

2. SCANNING
In this phase, the hacker identifies a quick way to gain access to the network and look for
information. There are three methods of scanning: pre-attack, port scanning/sniffing, and
information extraction. Each of these phases demonstrates a specific set of vulnerabilities that
the hacker can utilize to exploit the system's weaknesses. The pre-attack phase is where the
hacker scans the network for specific information based on the information gathered during
reconnaissance.

3. GAINING CONTROL
The hacker gains access to the system, applications, and network, and escalates their user
privileges to control the systems connected to it.

4. MAITAINING ACCESS
Here, the hacker secures access to the organization’s Rootkits and Trojans and uses it to launch
additional attacks on the network.

5. LOG CLEARING
Once the hacker gains access, they cover their tracks to escape the security personnel. They do
this by clearing the cache and cookies, tampering the log files, and closing all the open ports.
This step is important because it clears the system information making hacking a great deal
harder to track.
 DAY-3
Types of Malwares
Malware Attack
All malware can be used to steal data, passwords, financial information, or company trade
secrets. Their differences are often in how they’re designed or spread. To help you better
understand the malware landscape, to follow we’ll explore the eight most common types of
malware and how your IT team can defend your organization against them.

Viruses
A Virus is a malicious executable code attached to another executable file. The virus spreads
when an infected file is passed from system to system. A virus infects other programs and can
spread to other systems, in addition to performing its own maliciousness. The virus is attached
to a file and is executed once the file is launched. The virus will then encrypt, corrupt, delete
or move your data and files.

Worms –
Worms replicate themselves on the system, attaching themselves to different files and looking
for pathways between computers, such as computer network that shares common file storage
areas. Like a virus, a worm can spread itself to other devices or systems. However, a worm
does not infect other programs. Worms often go after known exploits. Therefore, to protect
yourself against worms you should make sure every device is updated with the latest patches.
Firewalls and email filtering will also help you detect suspect files or links that may contain a
worm.

Spyware
Its purpose is to steal private information from a computer system for a third party. Spyware
collects information and sends it to the hacker. Cyber criminals use spyware to monitor the
activities of users. By logging the keystrokes a user inputs throughout the day, the malware can
provide access to user names, passwords, and personal data.

Trojan horse
A Trojan horse is malware that carries out malicious operations under the appearance of a
desired operation such as playing an online game. A Trojan horse varies from a virus because
the Trojan binds itself to non-executable files, such as image files, audio files.
Ransomware
Ransomware grasps a computer system or the data it contains until the victim makes a
payment Ransomware attacks encrypt a device’s data and holding it for ransom until the
hacker is paid to release it. If the ransom isn’t paid by a deadline, the hacker will threaten to
delete the data or possible expose it.

Backdoors
A backdoor bypasses the usual authentication used to access a system. The purpose of the
backdoor is to grant the cyber criminals future access to the system even if the organization
fixes the original vulnerability used to attack the system.

Rootkits
A rootkit modifies the OS to make a backdoor. Attackers then use the backdoor to access the
computer distantly. Rootkit is software that gives malicious actors remote control of a
victim's computer with full administrative privileges. Rootkits can be injected into
applications, kernels, hypervisors, or firmware. They spread through phishing, malicious
attachments, malicious downloads, and compromised shared drives.

Scareware
Scareware is a type of malware attack that claims to have detected a virus or other issue on a
device and directs the user to download or buy malicious software to resolve the problem

Symptoms of attack
It is important to be aware of the signs to look out for to determine if you have been attacked
or hacked. You would also want to know how to respond immediately to avoid any compromise
of your business or systems. These are the usual tell-tale signs that signal you or your
organization have been attacked:
1. Usual files, applications, or services cannot be accessed.
2. Accounts have been locked or the passwords have been changed without your
knowledge.
3. Files or software have been deleted or installed, or the contents have been changed
without your involvement.
 4. Suspicious pop-ups load when you access the internet, or unknown files or programmes
appear.
5. Slower than normal internet speeds due to a spike in network traffic (or computers
“hang” or crash).
6. Files have been unexpectedly encrypted, blocking your access to them.
7. Programmes running, turning off or reconfiguring themselves.
8. Emails sent automatically without the user’s knowledge.
9. No control over functions of the computer

Methods of infiltration
Social Engineering
Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions.

Pre-texting
Pretexting is a certain type of social engineering technique that manipulates victims into
disclose information. A pretext is a made-up scenario developed by threat actors for the purpose
of stealing a victim’s personal data.

Tail gating
Tailgating is one of the simplest forms of a social engineering attack. It is an easy way for an
unauthorized party to get around security mechanisms that are assumed to be secure. The
security comes into question due to a combination of human carelessness (the followed party)
and ingenuity (the following party).

Something for something (quid pro quo)

quid pro quo attack is a type of baiting method. However, instead of trying to get someone to
fall for something out of their own curiosity or fear, cyber actors offer them something in return.
The Latin phrase means “a favor for a favor,” and that's essentially what it boils down to.

DDOS (Distributed Denial of Service)

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal
traffic of a targeted server, service or network by overwhelming the target or its surrounding
infrastructure with a flood of Internet traffic.
DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as
sources of attack traffic. Exploited machines can include computers and other networked
resources such as IoT devices.

Botnet
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets
can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam,
and allow the attacker to access the device and its connection. The owner can control the botnet
using command and control (C&C) software. The word "botnet" is a portmanteau of the words
"robot" and "network". The term is usually used with a negative or malicious connotation.

On the Path attack

On-path attackers place themselves between two devices (often a web browser and a web
server) and intercept or modify communications between the two. The attackers can then
collect information as well as impersonate either of the two agents.

What is SEO Poisoning?

(SEO)- Search engine optimization poisoning is a tactic in which threat actors create malicious
websites and use techniques, such as keywords, to increase their rankings and display as one
of the first search results.

Wi-Fi Password Cracking

Password cracking is the process of using an application program to identify an unknown or
forgotten password to a computer or network resource. It can also be used to help a threat actor
obtain unauthorized access to resources.
Password Attacks
Password spraying
A Password Spraying Attack is a type of brute force attack where a malicious actor attempts
the same password on many accounts before moving on to another one and repeating the
process

Dictionary attack
A dictionary attack is a method of breaking into a password-protected computer, network or
other IT resource by systematically entering every word in a dictionary as a password.

Brute force
A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on
guessing possible combinations of a targeted password until the correct password is discovered.
The longer the password, the more combinations that will need to be tested. A brute force attack
can be time consuming.

Password Cracking
Rainbow
A rainbow table works by doing a cryptanalysis very quickly and effectively. Unlike brute
force attack, which works by calculating the hash function of every string present with them,
calculating their hash value and then compare it with the one in the computer, at every step.

Traffic interception
Interception attacks allow unauthorized users to access our data, applications, or environments,
and are primarily an attack against confidentiality. Interception might take the form of
unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-
mail, and can be conducted against data at rest or in motion.

Advanced Persistent Threats

An advanced persistent threat (APT) is a sophisticated, sustained cyber-attack in which an
intruder establishes an undetected presence in a network in order to steal sensitive data over a
prolonged period of time. An APT attack is carefully planned and designed to infiltrate a
specific organization.
Security Vulnerability and Exploits
A vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized
access to a computer system. After exploiting a vulnerability, a cyber-attack can run malicious
code, install malware, and even steal sensitive data.

An exploit is a piece of code, a chunk of data, or a sequence of commands that takes advantage
of a software vulnerability or security flaw in an application or a system to cause unexpected
behavior to occur.

Hardware Vulnerabilities
A hardware vulnerability is an exploitable weakness in a computer system that enables attack
through remote or physical access to system hardware. Any means by which code can be
introduced to a computer is inherently a hardware vulnerability.

Meltdown and Spectre

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware
vulnerabilities allow programs to steal data which is currently processed on the computer.
While programs are typically not permitted to read data from other programs, a malicious
program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other
running programs. This might include your passwords stored in a password manager or
browser, your personal photos, emails, instant messages and even business-critical documents.

Software Vulnerabilities
A software vulnerability is a defect in software that could allow an attacker to gain control of
a system. These defects can be because of the way the software is designed, or because of a
flaw in the way that it’s coded.

Categorizing Software Vulnerabilities

1. Core Application Vulnerabilities
2. Image, Flash and PDF Malware
3. Open-Source Package Hijacks

Software updates
Makers are responsible to continually monitor for publications of new vulnerabilities that affect
software they sold. Once such a vulnerability is discovered they must patch it as quickly as
possible and send an update to the users. End users have the responsibility of keeping their
systems up-to-date, especially with installing security-related software patches.

Defense in depth
Defense in Depth (DID) refers to an information security approach in which a series of security
mechanisms and controls are thoughtfully layered throughout a computer network to protect
the confidentiality, integrity, and availability of the network and the data within. While no
individual mitigation can stop all cyber threats, together they provide mitigations against a wide
variety of threats while incorporating redundancy in the event one mechanism fails. When
successful, this approach significantly bolsters network security against many attack vectors.
An effective DID strategy may include these (and other) security best practices, tools, and
policies.
Layers

Needs for Defense in depth

Defense in depth helps you ensure that you are protecting your systems as effectively as
possible. It forces you to account for security even when you’re various tools and solutions
have been compromised.

Examples
Host Encryption
When you enable encryption at host, data stored on the VM host is encrypted at rest and flows
encrypted to the Storage service
Antivirus
Antivirus is a kind of software used to prevent, scan, detect and delete viruses from a computer.
Once installed, most antivirus software runs automatically in the background to provide real-
time protection against virus attacks. Comprehensive virus protection programs help protect
your files and hardware from malware such as worms, Trojan horses and spyware, and may
also offer additional protection such as customizable firewalls and website blocking.

Firewall
A Firewall is a network security device that monitors and filters incoming and outgoing
network traffic based on an organization’s previously established security policies. At its most
basic, a firewall is essentially the barrier that sits between a private internal network and the
public Internet. A firewall’s main purpose is to allow non-threatening traffic in and to keep
dangerous traffic out.

E mail Gateway
An email gateway is a type of email server that protects an organizations or users internal email
servers. This server acts as a gateway through which every incoming and outgoing email passes
through

Password Management
Password management is a set of principles and best practices to be followed by users while
storing and managing passwords in an efficient manner to secure passwords as much as they
can to prevent unauthorized access.

Honeypot
A honeypot is a computer security mechanism set to detect, deflect, or, in some manner,
counteract attempts at unauthorized use of information systems. Generally, a honeypot consists
of data. That appears to be a legitimate part of the site which contains information or resources
of value to attackers.

Multi-factor Authentication
Multifactor Authentication (MFA) is a security feature offered by many websites, applications
and devices that dramatically improves account security. Sometimes MFA is also referred to
as Two-Factor Authentication or 2FA. Technically, MFA could refer to a system where there
are more than two forms of authentication.
 DAY 4
Data maintenance
Data maintenance is the process of organizing and curating data according to University needs.
Properly maintaining and caring for data is essential to ensuring that data remains accessible
and usable for its intended purposes.

Using free tools

[Link] Data Management Suite
[Link] Data Management
[Link] Infosphere Master Data Management Server
[Link] Master Data Services
[Link] Cloud - Big Data analytics

Backup your data

1. Copy everything to a USB stick
2. Burn it all to a CD or DVD
3. Use an external hard drive
4. Print out physical copies
5. Invest in a NAS device
6. Use the Time Machine
7. Subscribe to a backup service

How do you delete your data permanently?

You can delete files in Windows by using the File Explorer, which is the folder that holds all
your files. Find the file you want to get rid of, then use the Windows File Explorer Ribbon to
delete it. Here’s how:
1. Click the folder icon in the taskbar at the bottom of your screen or press the Windows
Key + E to open Windows File Explorer.
2. Navigate to your file and click it to highlight it.
3. Click Delete in the File Explorer Ribbon at the top of the window, or click the arrow
underneath the Delete option and select permanently delete. Clicking Delete sends the
file to the Recycle Bin, while selecting the permanently delete option deletes the file
for good.
Who owns your data?
Data is the new currency and the basis for our have-it-your-way, right-now, real-cheap
economy voluntary sharing of that data grants certain permissions to recipients and others who
might come into possession of our personal data and data that is considered private or
confidential.

Terms of service
Terms of service are the legal agreements between a service provider and a person who wants
to use that service. The person must agree to abide by the terms of service in order to use the
offered services. Terms of service can also be merely a disclaimer, especially regarding the use
of websites.

Data use policy

The Data Use Policy is a compulsory legal disclosure of how a website operator collects, retains
and shares personally identifiable information. In other words, it’s often a list of ways your
personal data is not private and under their control.

Privacy setting
Privacy settings are "the part of a social networking website, internet browser, piece of
software, etc. that allows you to control who sees information about you". With the growing
prevalence of social networking services, opportunities for privacy exposures also grows.

Safeguarding your online privacy

1. Turn on private browsing
2. Hide your IP address
3. Remember to log out
4. Google yourself periodically
5. Using Google Alerts

Two factor authentication

Two-factor authentication is a security process that increases the likelihood that a person is
who they say they are. The process requests users to provide two different authentication
factors before they are able to access an application or system, rather than simply their
username and password.
Open authorization
It is an open standard for access delegation, commonly used as a way for internet users to grant
websites or applications access to their information on other websites but without giving them
the passwords.
Social sharing
Social sharing describes when social media users broadcast web content on a social network
to their connections, groups, or specific individuals.

Email and web browser privacy

 Ensure use of only fully supported browsers and email clients.
 Use DNS Filtering services
 Maintain and Enforce network based URL Filters
 Restrict Unnecessary or unauthorized Browser and email client extension
 Implement DMARC
 Block Unnecessary file type

Protecting your computing devices

 Use a firewall.
 Keep all software up to date.
 Use antivirus software and keep it current.
 Make sure your passwords are well-chosen and protected.
 Don't open suspicious attachments or click unusual links in messages.
 Browse the web safely.
 Stay away from pirated material.
 PROTECTING YOUR COMPUTING DEVICES

1. Turn the firewall on

2. Install antivirus and antispyware
3. Manage your operating system and browser
4. Set up password protection.