BCSE 410L Cyber Security

Fall Semester 24-25

[Link] banu , Associate Professor, SCOPE, VIT University

 Name : [Link] Banu

 Designation : Associate Professor(Sr)

 Email : jsairabanu@[Link]

 Cabin : SJT313-A28

 Contact Hours :F1 and TF1

 Contact No: 9894669877 [ only 9.00 -5.00 pm]

[Link] banu , Associate Professor, SCOPE, VIT University
Syllabus

[Link] banu , Associate Professor, SCOPE, VIT University

Syllabus
Syllabus
Syllabus
Foundation for Cyber Security

UNIT -1

[Link] banu , Associate Professor, SCOPE, VIT University

Cyber Security
Cyber Security refers to a set of guidelines and procedures that are aimed to
safeguard our online data and computer resources from potential dangers.

Cyber refers to the integration of databases, computer networks, computer

programmes and computer systems.

Security refers to protection of data, application networks and systems.

Cyber Security also known as electronic information security and information

technology.

[Link] banu , Associate Professor, SCOPE, VIT University

Elements of Cyber Security
Information Security is a state of well-being of information and infrastructure in which the possibility of theft,
tampering, and disruption of information and services is low or tolerable.

Confidentiality: Assurance that the information is accessible only to those authorized to have access

Integrity: The trustworthiness of data or resources in terms of preventing improper or unauthorized changes

Availability : Assurance that the systems responsible for delivering, storing and processing information are accessible
when required by the authorized users.

Authenticity: Refers to the characteristic of a communication, document, or any data that ensures the quality of
being genuine

Non-Repudiation : A guarantee that the sender of a message cannot later deny having sent the message and that the
recipient cannot deny having received the message.

[Link] banu , Associate Professor, SCOPE, VIT University

Hacking

Hacking refers to exploiting system vulnerabilities and compromising

security controls to gain unauthorized or inappropriate access to a
systems resources.

It involves modifying system or application features to achieve a

goal outside of the creators original purpose.

Hacking can be used to steal and redistribute intellectual property,

leading to business loss.
[Link] banu , Associate Professor, SCOPE, VIT University
Hacker

Some hack with malicious intent such as to steal business data,

credit card information, social security numbers, email passwords
and other sensitive data.
[Link] banu , Associate Professor, SCOPE, VIT University
Hacker classes

[Link] banu , Associate Professor, SCOPE, VIT University

Hacking Process

[Link]

2. Scanning

3. Gaining Access

4. Maintaining Access

5. Clearing Tracks (so no one can reach them)

[Link] banu , Associate Professor, SCOPE, VIT University
Hacking Phase-Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker seeks to gather
information about a target prior to launching an attack.

This information could be the future point of return, noted for ease of entry for an attack,
when more about the target is known on a road scale

The reconnaissance target range may include the target organization’s clients, employees,
operations, network and systems.
Reconnaissance Types

[Link] banu , Associate Professor, SCOPE, VIT University

Hacking Phase-Scanning

[Link] banu , Associate Professor, SCOPE, VIT University

Hacking Phase-Gaining Access

[Link] banu , Associate Professor, SCOPE, VIT University

Hacking Phase-Maintaining

Maintaining access to refers to the phase when the attacker tries to retain their ownership
of the system.

Attackers may prevent the system from being owned by other attackers by securing their
exclusive access with backdoors, rootkits or Trojans

Attackers can upload, download, or manipulate data, applications and configurations on

the owned system.

Attackers use the compromised system to launch further attacks

[Link] banu , Associate Professor, SCOPE, VIT University

Hacking Phase-Clearing tracks

Attackers always cover their tracks to hide their identity

[Link] banu , Associate Professor, SCOPE, VIT University

Ethical Hacker

Ethical hackers or white Hat hackers or Penetration testers.

They hack systems to discover vulnerabilities to protect against

unauthorized access, abuse and misuse.

Ethical Hackers perform security assessments for an organization with the

permission of concerned authorities

[Link] banu , Associate Professor, SCOPE, VIT University

Ethical Hacking

Ethical hacking involves the use of hacking tools, tricks and techniques to
identify vulnerabilities and ensure system security.

It focuses on simulating the techniques used by attackers to verify the

existence of exploitable vulnerabilities in a systems security.

Ethical hacking is necessary as it allows for counter attacks against

malicious hackers through anticipating the methods used to break into the
system.

[Link] banu , Associate Professor, SCOPE, VIT University

Why Ethical hacking
Reasons why organizations recruit ethical hackers:

To prevent hackers from going access to the organizations information systems

To prevent adequate preventive measures in order to avoid security breaches

To uncover vulnerabilities in systems and explore their potential as a security risk

To help safeguard customer data

To analyze and strengthen an organization’s security posture, including policies, network

protection infrastructure and end-user practices

To enhance security awareness at all levels in a business

[Link] banu , Associate Professor, SCOPE, VIT University
Why Ethical hacking
Ethical hackers try to answer the following questions

What can an intruder see on the target system? (Reconnaissance and scanning phases)

What can an intruder do with that information?( Gaining access and Maintaining Access
phases)

Are all components of the information system adequately protected, updated and patched?
(Reconnaissance and covering track phases)

How much time, effort and money are required to obtain adequate protection?

Are the information security measures in compliance with legal and industry standards?
[Link] banu , Associate Professor, SCOPE, VIT University
Scope and Limitation of Ethical hacking
Scope:
Ethical Hacking is a crucial component of risk assessment, auditing, counter fraud and
information security best practices

It is used to identify risks and highlight remedial actions. It also reduces ICT costs by
resolving vulnerabilities

Limitations:
Unless the business already know what they are looking for and why they are hiding an
outside vendor to hack systems in the first place, chances are there would not be much to
gain from the experience.

An ethical hacker can only help the organization to better understand its security system; it
is up to the organization to place the right safeguards on the network
Skills of an Ethical Hacker
Technical Skills:
Non Technical Skills
In depth Knowledge of major operating
environments such as windows, Unix, Linux, and The ability to learn and adopt new technologies
Macintosh quickly

In depth Knowledge of networking concepts, Strong with work ethics and good problem solving
technologies and related hardware and software and communication skills

A computer expert at technical domains. Committed to the organization’s security policies

Knowledge about security areas and related An awareness of local standards and laws
issues

High technical Knowledge for launching

sophisticated attacks.
[Link] banu , Associate Professor, SCOPE, VIT University
LAYERS OF SECURITY
LAYERS OF SECURITY

Mission Critical Assets: This is the assets which need to be protected.

[Firewall, IDS, IPS]

Data Security: It protects the storage and transfer of data.[Encryption

mechanism]

Application Security: It protects access to an application which handles

the mission critical assets and internal security of the application.[Web
application firewall]

Endpoint Security: It protects the connection between devices and the

network.[antivirus programs]
LAYERS OF SECURITY

Network Security: It protects an organization’s network to prevent

unauthorized access of the network.[encryption, secure proptocols and
robust n/w architectures]

Perimeter Security: It includes both the physical and digital security

methodologies that protect the overall business.[Firewall,IDS,IPS,VPN]

The Human Layer: Humans are the weakest link in any cyber security
posture. Human security control includes phishing simulations and
access management control that protect mission critical assets from a
wide variety of human threats, including cyber criminals, malicious
insiders and negligent users.
OSI model -Attacks

[Link] banu , Associate Professor, SCOPE, VIT University

Physical layer attack
Layers are classified into two categories:
Host layers: the application layer, the presentation layer, the session layer and the transport layer.
Media layers: the network layer, the data link layer and the physical layer.

The physical layer is responsible for transmitting and receiving unstructured raw data between devices
and physical transmission media. It can be implemented through diverse hardware technologies.

This OSI model layer communicates and interacts with: the data link layer.

It translates logical communications requests from the data link layer into hardware-specific operations in
order to transmit and receive signals.

The PDU (protocol Data unit ) of the physical layer is bit, symbols

The most common security attack on the physical layer is: a sniffing attack.

[Link] banu , Associate Professor, SCOPE, VIT University

Physical Layer Attacks

1. Physical Layer Attacks in Wired Network.

2. Physical Layer Attacks in Wireless network

Physical Layer Attacks in Wired Network:

Attack Counter Measure

Unknown device Rouge device Detection and
protection
Key Logger Physical inspection
Wire tapping Physical Examination
Physical Layer Attacks

Physical Layer Attacks in Wireless network

Attack Counter Measure

Physical attacks High Placement and out of reach

Evil Twin Sacrificial Node and Hidden SSID
MITM Encrypting Wireless Traffic
Data Link Layer attack
The data link layer is responsible for transferring data frames between two directly connected
nodes, within the same local area network.

It packages raw bits from the physical layer into frames. It might also perform error checking
and correction.

This OSI model layer communicates and interacts with: the network layer and the physical
layer.

The most common security attack on the data link layer is: a spoofing attack.

The PDU (protocol Data unit ) of the data link layer is frames.

[Link] banu , Associate Professor, SCOPE, VIT University

MAC Spoofing

A MAC spoofing attack is when a hacker mimics your MAC address to redirect data sent to
your device to another device. It allows the attacker to gain unauthorized access to a
network to launch a man-in-the-middle attack
MAC Flooding

MAC flooding is a cyber attack targeting switches on a local area network (LAN). It involves
sending many packets with fake MAC addresses to overflow the switch's address table,
causing it to become full and unable to process any legitimate traffic
VLAN Hopping

VLAN hopping is a cyberattack to access network resources that are logically isolated on a
separate VLAN. By "hopping" to a segment of the network that is supposed to be restricted,
the attacker can discover new sensitive systems and data to target.
Network Layer attack
The network layer is responsible for providing means of transferring packets between
connected nodes, via one or several networks. It structures and manages multi-node
networks, using routers and switches to manage its traffic.

This OSI model layer communicates and interacts with: the transport layer and the data link
layer.

The most common security attack on the network layer is: a man-in-the-middle attack.

The PDU (protocol Data unit ) of the data link layer is packets.

[Link] banu , Associate Professor, SCOPE, VIT University

Network Layer Functions
Man in the Middle- SMURF Attack

A Smurf attack is a distributed denial-of-service (DDoS) attack in which an attacker attempts

to flood a targeted server with Internet Control Message Protocol (ICMP) packets.
Ping of Death Attack

A Ping of death (PoD) attack is a denial-of-service (DoS) attack, in which the

attacker aims to disrupt a targeted machine by sending a packet larger than the
maximum allowable size, causing the target machine to freeze or crash.
Tear Drop Attack

A teardrop attack is a denial-of-service (DoS) attack that involves sending

fragmented packets to a target machine. Since the machine receiving such
packets cannot reassemble them due to a bug in TCP/IP fragmentation
reassembly, the packets overlap one another, crashing the target network
device.
Transport layer attack
The transport layer is responsible for providing means of transferring variable-length data
sequences from a source host to a destination host. The protocols on this host layer provide
end-to-end communication services for applications.

It recognizes two modes, connection-oriented and connectionless, to provide reliable

transmission between points on a network.

This OSI model layer communicates and interacts with: the session layer and the network
layer.

The most common security attacks on the transport layer are: reconnaissance and DoS attacks.

The PDU of transport layer is TCP segment for TCP, and the datagram for UDP

[Link] banu , Associate Professor, SCOPE, VIT University

Functions of Transport layer
Reconnaissance attack

A reconnaissance attack in the transport layer typically involves an attacker

attempting to gather information about a target system or network by actively
probing the transport layer protocols, such as TCP or UDP.

This can include techniques such as port scanning, which involves sending
messages to various ports on the target system to determine which ports are
open and potentially vulnerable to attack.

Additionally, an attacker may use tools such as packet sniffers to capture and
monitor network traffic to gather information.
TCP Session Hijack

A TCP session hijacking attack involves an attacker intercepting and manipulating

the TCP packets between two devices.
Fraggle

A Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large

amount of spoofed UDP traffic to a router’s broadcast address within a network.
It is very similar to a Smurf Attack, which uses spoofed ICMP traffic rather than
UDP traffic to achieve the same goal.
SynFlood

A SYN flood (half-open attack) is a type of denial-of-service (DDoS) attack which aims to make
a server unavailable to legitimate traffic by consuming all available server resources. By
repeatedly sending initial connection request (SYN) packets, the attacker is able to overwhelm
all available ports on a targeted server machine, causing the targeted device to respond to
legitimate traffic sluggishly or not at all.
Land attack

A LAND Attack is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source
and destination information of a TCP segment to be the same. A vulnerable machine will
crash or freeze due to the packet being repeatedly processed by the TCP stack.
Session Layer attack
The session layer is responsible for opening, managing and closing sessions between end-user
application processes. It establishes, manages and terminates the connections between local
and remote applications.

This host layer creates the setup, controls the connection, ends the teardown between
computers, and checkpoints and recovers sessions.

This OSI model layer communicates and interacts with: the presentation layer and the
transport layer.

The most common security attack on the session layer is: a hijacking attack.

[Link] banu , Associate Professor, SCOPE, VIT University

Hijacking attack(XSS)

Cross-site scripting (XSS) is an attack in which an attacker injects malicious

executable scripts into the code of a trusted application or website.
Sesion side jacking

This attack is a specific method of session hijacking, which is exploiting a

valid session token to gain unauthorized access to a target system or
information.
Malware
Malware attacks are any type of malicious software designed to cause harm or
damage to a computer, server, client or computer network and/or infrastructure
without end-user knowledge.
Examples of Malware Attacks:
Pony malware -malware for stealing passwords and credentials.
Loki- information-stealing malware that targets credentials and passwords
Krypton Stealer - The malware also targets credit card numbers and other
sensitive data stored in browsers, such as browsing history, auto-completion,
download lists, cookies and search history.
Triton malware- The Triton malware is designed to disable Triconex safety
instrumented system (SIS) controllers.
Presentation attack

The presentation layer, also known as the “syntax layer”, is responsible for formatting
and translating data into the format the application layer specifies.

It is to say, it acts as the network’s data translator to ensure that the data sent out by
the application layer is readable by the receiving system’s application layer.

The most common security attack on the presentation layer is: a phishing attack.

[Link] banu , Associate Professor, SCOPE, VIT University

Phishing attack

Phishing is a type of cyberattack that uses fraudulent emails, text messages,

phone calls or websites to trick people into sharing sensitive data, downloading
malware or otherwise exposing themselves to cybercrime.
Application Layer attack

Application layer

The application layer, also known as the “desktop layer”, is responsible for communicating with
applications, both host-based and user-facing. This is the layer closest to the user. It enables
network access to application services and allows users to receive data. Besides, it specifies the
shared communications protocols and interface methods hosts use in communication
networks.

The most common security attack on the application layer is: an exploit attack.

[Link] banu , Associate Professor, SCOPE, VIT University

Exploit attack
An exploit is a piece of software, a chunk of data, or a sequence of commands that
takes advantage of a bug or vulnerability to cause unintended or unanticipated
behavior to occur on computer software, hardware.

[Link] banu , Associate Professor, SCOPE, VIT University

Links:

[Link] --- OSI layers