Transcription of Introduction to Cyber-Security
1 Introduction to cyber -SecurityC4 DLabJune , 2016 Christopher, (PhD)CyberSecurityIntroduction to cyber SecurityC4 DLabHackingHacking Is an attempt to circumvent or bypass the securitymechanisms of an information system or network Ethical identifies weakness and recommends solution Hacker Exploits weaknesses It is the art of exploring various security breaches Has consequences denial of serviceC4 DLab Is an attempt to circumvent or bypass the securitymechanisms of an information system or network Ethical identifies weakness and recommends solution Hacker Exploits weaknesses It is the art of exploring various security breaches Has consequences denial of serviceHacking.
2 Reasons & Justification To steal services, data or files Thrill and excitement To promote some tools or skills Disease: Feel like doing it! Believe that all info needs to be free Ethical hacking-showsecurity problemsC4 DLab To steal services, data or files Thrill and excitement To promote some tools or skills Disease: Feel like doing it! Believe that all info needs to be free Ethical hacking-showsecurity problemsHacking: Discussion How is your organization? How are staffresponding to tightenning of securityloopholes?C4 DLabHacking techniques Hacking techniques are different ways whichhackers use to exploit systems. Can be as many hacking techniques as there arehackers.
3 Some are known,others unknown (developingeveryday) IT security personnel s work is to keep track ofupcoming and threatening hacking Hacking techniques are different ways whichhackers use to exploit systems. Can be as many hacking techniques as there arehackers. Some are known,others unknown (developingeveryday) IT security personnel s work is to keep track ofupcoming and threatening hacking techniques Vulnerability scanning:a tool used to quickly checkcomputers on a network for known weaknesses ports Brute force password guessing Dictionary attack Password cracking:process of recoveringpasswords from data Packet sniffer Spoofing attack (Phishing):masquerades asanother by falsifying dataC4 DLab Vulnerability scanning:a tool used to quickly checkcomputers on a network for known weaknesses ports Brute force password guessing Dictionary attack Password cracking.
4 Process of recoveringpasswords from data Packet sniffer Spoofing attack (Phishing):masquerades asanother by falsifying dataHacking techniques Programmed Virus, worms ortrojans Social A hacker cancontact the system administrator and poseas a user who cannot get access to his or hersystem; or a call may come in masqueradesas the boss who is about to fire IT Programmed Virus, worms ortrojans Social A hacker cancontact the system administrator and poseas a user who cannot get access to his or hersystem; or a call may come in masqueradesas the boss who is about to fire IT techniques Social engineeringMay be an act of Intimidation Helpfulness:Oppossite of Intimidation Name-dropping: Using names of authorisedusers Sending an email to a legitimateuser, seeking a response that contains vitalinformationC4 DLab Social engineeringMay be an act of Intimidation Helpfulness:Oppossite of Intimidation Name-dropping: Using names of authorisedusers Sending an email to a legitimateuser, seeking a response that contains vitalinformationHacking Techniques Keystroke logging.
5 Akeyloggeris a tooldesigned to record ("log") every keystrokeon an affected machine for later retrieval Key loggers can be Legitimate:, to detect evidence of employeefraud, Mac oniphone,ipads?? Illegitimate: To steal info, virusesC4 DLab Keystroke logging:Akeyloggeris a tooldesigned to record ("log") every keystrokeon an affected machine for later retrieval Key loggers can be Legitimate:, to detect evidence of employeefraud, Mac oniphone,ipads?? Illegitimate: To steal info, virusesHackers techniques: Denial of service DoS:an attempt made by attackers to make computers resourcesinaccessibleto its anticipated user Attackers may not use their systems, they create Botnets(a network of zombie computers) All computers in a botnet are notified to do somethingon a single computer/ network or server Distributed Denial of service (DDoS) is on a network orweb serviceC4 DLab DoS.
6 An attempt made by attackers to make computers resourcesinaccessibleto its anticipated user Attackers may not use their systems, they create Botnets(a network of zombie computers) All computers in a botnet are notified to do somethingon a single computer/ network or server Distributed Denial of service (DDoS) is on a network orweb serviceHacking: Information gathering Identity managementis the process for managing the entirelife cycle of digital identities, including the profiles of people,systems, and services, as well as the use of emergingtechnologies to control access to company resources. Identity theft Access managementis the process of regulating access toinformation assets by providing a policy -based control of whocan use a specific system based on an individual's role and thecurrent role's permissions and restrictions.
7 Unauthorised AccessC4 DLab Identity managementis the process for managing the entirelife cycle of digital identities, including the profiles of people,systems, and services, as well as the use of emergingtechnologies to control access to company resources. Identity theft Access managementis the process of regulating access toinformation assets by providing a policy -based control of whocan use a specific system based on an individual's role and thecurrent role's permissions and restrictions. Unauthorised AccessInformation gathering What do robbers do before they break intothe bank or anything else? They gatherinformation. You can gather information to Protect yourself To harm others (hackers) Just to know or solve a problem Example: What do robbers do before they break intothe bank or anything else?
8 They gatherinformation. You can gather information to Protect yourself To harm others (hackers) Just to know or solve a problem Example: of interest to attackersC4 DLabSource: : Insider threats Amalicious insider threatis a current or formeremployee, contractor, or otherbusiness partner who has or hadauthorized accessto an organization'snetwork, system, or data andintentionallyexceeded or misused that access ina manner that negatively affected the confidentiality, integrity, or availability ofthe organization's information or information systems.( ) Insiders are now the biggest threat compared to hackers It is a big threat-agree/disagree? Case of entire payroll publishing,Edward Snowden (former CIA-Disclosed toseveral media outlets thousands of classified documents from his formeremployers)!
9 ! Example report for your readingC4 DLab Amalicious insider threatis a current or formeremployee, contractor, or otherbusiness partner who has or hadauthorized accessto an organization'snetwork, system, or data andintentionallyexceeded or misused that access ina manner that negatively affected the confidentiality, integrity, or availability ofthe organization's information or information systems.( ) Insiders are now the biggest threat compared to hackers It is a big threat-agree/disagree? Case of entire payroll publishing,Edward Snowden (former CIA-Disclosed toseveral media outlets thousands of classified documents from his formeremployers)!! Example report for your readingHacking: Rogue wireless points Rogue wireless points entice you to connect.
10 Consequences can be very bad Information gathering Stealing data Installing malware C4 DLab Rogue wireless points entice you to connect. Consequences can be very bad Information gathering Stealing data Installing malware Hacking: Spam and email threats Spam is unsolicited email Spaming is the single most attack to firewalls Threats include Information harvesting Malware Introduction Denial of service Identity theftC4 DLab Spam is unsolicited email Spaming is the single most attack to firewalls Threats include Information harvesting Malware Introduction Denial of service Identity theftHacking: Spam and email threats Phishing: Emails that ask for your personalinformation Spear-Phishing carefully crafted emailsto fool even security expertsC4 DLab Phishing.