Cyber Security Fundamentals and Ethical hackingpptx

Cyber Security Fundamentals By Gambo Umar Baita.AMT.MICT Centre for Management Development(CMD) [email protected] 08023738082

Learning Objectives At the end of the session, participants will be able to: Define the concept of cyber security; Discuss the types of Cyber threats; Describe the role of the penetration tester; Identify the internal and external threats; and Discuss the System Vulnerability.

Concept of Cyber Security Initially the term used was Computer Security ( Compusec ); it then evolved into Infosec – Information security – to include data and networks – now with web its called Cyber Security

Cyber Security Cyber security is the body of technologies, processes and practices involved in protecting individuals and organizations from cyber crime. It is designed to protect integrity of networks, computers, programs and data from attack, damage or unauthorized access. 4

Cyber Crime Cyber crimes are, as the name implies, crimes committed using computers, phones or the internet. Some types of cyber crime include: Illegal interception of data. System interferences. Copyrights infringements. Sale of illegal items. 5

Cyber Security Principles CIA Confidentiality : Who is authorized to use data? Integrity : Is data „ good? ” Availability : Can access data whenever need it? C I A S S = Secure CIA or CIAAAN…  (other security components added to CIA) Authentication Authorization Non-repudiation …

7 Security Attack Classification

8 Security Attacks Interruption: This is an attack on availability Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity

Cyber Threat A Cyber threat is any malicious act that attempts to gain access to a computer network without authorization or permission from the owners. It refers to the wide range of malicious activities that can damage or disrupt a computer system, a network or the information it contain. Most common cyber threats: Social Engineered Trojans, Unpatched Software, Phishing, Network worms, etc. 9

Sources of Cyber Threats Cyber threats can come from a wide variety of sources, some notable examples include: National governments. Terrorists. Industrial secret agents. Rogue employees. Hackers. Business competitors. Organization insiders. 10

CYBERTHREATS

Consequences

13 The Role of Security and Penetration Testers Companies hire ethical hackers to perform penetration tests Penetration tests discover vulnerabilities in a network Security tests are performed by a team of people with varied skills Penetration test models: White box model Black box model Gray box model Security testers can earn certifications

14 Certified Ethical Hacker (CEH)

Hands-On Ethical Hacking and Network Defense 15 What You Can Do Legally Laws involving technology change as rapidly as technology itself Find what is legal for you locally Laws change from place to place Be aware of what is allowed and what is not allowed

Hands-On Ethical Hacking and Network Defense 16 Laws of the Land Tools on your computer might be illegal to possess Contact local law enforcement agencies before installing hacking tools Written words are open to interpretation Governments are getting more serious about punishment for cybercrimes

Developed by Blaise de Vigenere Also called Vigenere cipher Uses a sequence of monoalpabetic ciphers in tandem e.g. C 1 , C 2 , C 2 , C 1 , C 2 Example Substitution Cipher Polyalphabetic Caesar Cipher Encrypted Message: Gnu, n etox dhz. tenvj Message: Bob, I love you. Alice Cipher: Monoalphabetic Cipher Key Plain Text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C1(k=6) F G H I J K L M N O P Q R S T U V W X Y Z A B C D E C2(k=20) T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

Obtain a key to for the algorithm and then shift the alphabets For instance if the key is word we will shift all the letters by four and remove the letters w, o, r, & d from the encryption We have to ensure that the mapping is one-to-one no single letter in plain text can map to two different letters in cipher text no single letter in cipher text can map to two different letters in plain text Substitution Cipher Using a key to shift alphabet Encrypted Message: ?? Message: Bob, I love you. Alice Cipher: WORD Plain Text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C1(k=6) W O R D A B C E F G H I J K L M N P Q S T U V X Y Z

Types of Cyber Attacks Advanced Persistent Threat (APT): A network attack in which an unauthorized person gains access to network and stays there undetected for a long period of time. Backdoor: Method of bypassing normal authentication and gaining access in OS or application. 19

Types of Cyber Attacks Continued Buffer Overflow: An exploit that takes advantage of the program that is waiting for a user’s input. Man-in-the-middle Attack This attack intercepts and relays messages between two parties who are communicating directly with each other. 20

Types of Cyber Attacks Continued Cross-Site Scripting (XSS): A code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser. Denial of Service Attack: Any attack where the attackers attempt to prevent the authorized users from accessing the service. 21

Types of Cyber Attacks Continued SQL injection: A very common exploited web application vulnerability that allows malicious hacker to steal and alter data in website’s database. Zero-day exploit: A vulnerability in a system or device that has been disclosed but is not yet patched. 22

Impacts of Cyber Attacks A successful cyber attack can cause major damage to organizations or systems, as well as to business reputation and consumer trust. Some potential results include: Financial loss. Reputational damage. Legal consequences. 23

Types of Malicious Code Virus: Malicious software program, when it is executed, it replicates itself by modifying other computer programs and inserting its own code. Network Worm: Standalone malware which replicates itself in order to spread to other computers. 24

Types of Malicious Code Continued Trojan Horse: A program that claims to free your computer from viruses but instead introduces viruses onto your system. Botnet: Used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection. 25

Types of Malicious Code Continued Keylogger: A type of surveillance technology used to monitor and record each keystroke typed on specific computer’s keyboard. Rootkit: Collection of tools or programs that enable administrator-level access to computer or computer network. 26

Types of Malicious Code Continued Spyware: Software that is hidden from the user in order to gather information about internet interaction, keystrokes, passwords, and other valuable data. Adware: Designed to display advertisements on your computer and redirect your search requests to advertising websites to collect marketing data about you. 27

Types of Malicious Code Continued Ransomware: Malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid. 28

What is a Vulnerability? A cyber-security term that refers to a flaw in a system that can leave it open to attack. Vulnerability is the composition of three elements: A flaw in system. Access of attacker to that flaw. Capability of attacker to exploit the flaw. 29

Classification of Vulnerabilities Vulnerabilities are classified according to the asset: Hardware. Software. Network. Personal. Physical site. Organizational. 30

Causes Some of the vulnerability in the system occur due to: Missing patches. Cleartext credentials. Using unencrypted channels. RF Emanation. 31

Top Eight Cybersafety Actions ACTIONS

Threats to Access Control Dictionary Attack Brute Force Attack Phishing Identity Theft

Emerging Threats Phishing Ransomware Distributed Denial of Service (DDoS) Attacks Internet of Things (IoT) Intellectual Property Theft State Sponsored Cyber Espionage

In Conclusion In today’s world, cyber security is a crucial part of any business. We must understand the importance of annual assessments and following good cyber guidelines. We must understand the consequences of failing to respect the threat posed by hackers and attackers. Even the largest businesses can be forced out of business after a cyber attack. We must at least implement the fundamentals in a “best effort” to stop intrusions and data breaches.

What is Hacking? Hacking refers to an array of activities which are done to intrude some one else’s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.

A Brief History of Hacking 1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published 1990s -National Crackdown on hackers -Kevin Mitnick arrested -Microsoft’s NT operating system pierced

A Brief History of Hacking 2001 In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. 2007 Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account.

Types of Tests Infrastructure (Network) Web Dial-Up (War Driving) Wireless Social Engineering Physical Application MIS 5211.001 40

Famous Hackers in History Ian Murphy Kevin Mitnick Johan Helsinguis Mark Abene Linus Torvalds Robert Morris

Basic Hacking Skills Learn how to program. This, of course, is the fundamental hacking skill. If you don't know any computer languages, you cant do hacking. Get one of the open-source Unix's and learn to use and run it The single most important step any newbie can take towards acquiring hacker skills is to get a copy of Linux or one of the BSD-Unix’s, install it on a personal machine, and run it. Learn how to use the World Wide Web and write HTML . To be worthwhile, your page must have content -- it must be interesting and/or useful to other hackers.

Hacking Premeasured When you start hacking the first thing you need to do is: to make sure the victim will not find out your real identity. So hide your IP by masking it or using a anonymous proxy server. This is only effective when the victim has no knowledge about computers and internet. Organizations like the F.B.I, C.I.A and such will find you in no time, so beware ! The best thing to do is using a dialup connection that has a variable IP address. Be smart, when you signup for a internet dialup connection use a fake name and address. When hacking never leave traces of your hacking attempts, clear log files and make sure you are not monitored. So use a good firewall that keeps out retaliation hacking attempts of your victim .

IP Addresses Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network. An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12 All data sent or received by a system will be addressed from or to the system. An attacker’s first step is to find out the IP Address of the target system.

IP Addresses: Finding out an IP Address A remote IP Address can easily be found out by any of the following methods: Through Instant Messaging Software Through Internet Relay Chat Through Your website Through Email Headers

Finding an IP Address via Instant Messengers Case: If you are chatting on messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Your System------Chat Server----  Friend’s System Friend’s System---------Chat Server-------  Your System Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, goto MSDOS or the command line and type: C:\>netstat -n This command will give you the IP Address of your friend’s computer.

Finding an IP Address via your website One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code. Countermeasures One should surf the Internet through a Proxy Server. One can also make use of the numerous Free Anonymous Surfing Proxy Services. For Example, www.anonymizer.com

NETWORK HACKING

General Hacking Methods A typical attacker works in the following manner: Identify the target system. Gathering Information on the target system. Finding a possible loophole in the target system. Exploiting this loophole using exploit code. Removing all traces from the log files and escaping without a trace.

Various Types of Attacks There are an endless number of attacks, which a system administrator has to protect his system from. However, the most common ones are: Denial of Services attacks (DOS Attacks) Threat from Sniffing and Key Logging Trojan Attacks IP Spoofing Buffer Overflows All other types of Attacks

Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users. There are numerous types of Denial of Services Attacks or DOS Attacks.

DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCP\IP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCP\IP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. This attack can easily be executed by the ‘ping’ command as follows: ping -l 65540 hostname

Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: The Server Part of the Trojan is installed on the target system through trickery or disguise. This server part listens on a predefined port for connections. The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. Once this is done, the attacker has complete control over the target system.

Trojan Attacks: Detection and Countermeasures Detection & Countermeasures Port Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software.

55 Definitions of Terrms Computer Security G eneric name for the collection of tools designed to protect data and to thwart hackers Network Security M easures to protect data during their transmission Internet Security (our focus!) M easures to protect data during their transmission over a collection of interconnected networks

What is Cyberwarfare? Conflict using cyberspace Stuxnet malware Designed to damage Iran’s nuclear enrichment plant Used modular coding Used stolen digital certificates What is Cyberwarfare

Use to gain advantage over adversaries, nations or competitors Can sabotage the infrastructure of other nations Give the attackers the ability to blackmail governmental personnel Citizens may lose confidence in the government’s ability to protect them. Affect the citizens’ faith in their government without ever physically invading the targeted nation. The Purpose of Cyberwarfare

Cybersecurity Fundamentals Endpoint Protection – Updated, Monitored, Managed Edge Protection – Updated, Monitored, Managed Network Monitoring Backup, Backup, Backup Redundancy – Eliminating Single Points of Failure

Emerging Threats

Emerging Threats – Ransomware In 2016 there was a 6000 spike in Ransomware Attacks December 2016 - IBM Security

WannaCry Leveraged a Microsoft Vulnerability Patch was released in March but many organizations hadn’t updated yet. 200,000 infected computers in 1 week $4 Billion in damages so far.

Emerging Threats – Ransomware “You have just 7 days to send us the Bitcoin or we will remove your private keys and it’s impossible to recover your files.” Leaders of the L.A. Community College decided to pay the $28,000 ransom. Hollywood Presbyterian Medical Center in Southern California acknowledged paying a $17,000 ransom in February 2016 to regain control of its systems after an attack after two-weeks of having critical systems offline.

Ransomware Delivery Mechanisms

Ransomware Prevention is a Layered Approach Backup technology is crucial to protecting critical data. On site, off site, and hybrid cloud solutions. Endpoint protection. Antivirus / Antimalware Endpoint Detection and Response (white list / black list) Network Monitoring and SIEM The enterprise immune system. Behavioral analytics and correlation. Next Generation Firewall with layered integration. Looking for ransomware communication protocols. Behaviors, Heuristics, Signatures, Rules, Protocols, etc.

Case Study: Private Education Facility School hit with ransomware that locked down systems Good Backups - 8 hour data recovery efforts Post Incident Analysis Parents learned of incident due to downtime Reputational Damage Current infrastructure did not protect against ransomware Installed ransomware endpoint and edge protection

Emerging Threats: Sophisticated Phishing Schemes

Today’s phishing schemes have a much higher success rate.

More targeted, more sophistication, more success. Very few, if any spelling errors. Highly targeted. Generally an assistant or administrator. Sense of urgency. Repercussions if not handled quickly. Looks and feels legitimate. Hackers have canvassed the situation carefully to coincide with real world events.

Phishing prevention. Educate employees, train them, test them. Software and cloud services companies. Use updated anti-spam filters for the company email. Use blacklist technology to block URLs (links)

Case Study: Casino/Hotel Hacked Malware introduced onto Hotel payment kiosks compromising credit card information. (Segmentation) POS taken offline temporarily. Casino/Hotel payment operations impacted. Implemented Network Monitoring.

Cyber Security Fundamentals and Ethical hackingpptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Cyber Security Fundamentals and Ethical hackingpptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint