cyber security and its awareness

1. Port of Visakhapatnam – “The Eastern Gateway of India”
The Participants
Of
CYBER SECURITY AWARENESS
PROGRAM
19TH DECEMBER, 2019
1

2. Learning Objectives
Definitions of Privacy and Security
Cyber Security Infrastructure
Recognize Different Types of attacks
Differentiate between Various Types of Malware
Explain How to Secure a Computer
Practice Safe Computing

3. Key definitions
Term Definition
Computer Any electronic, magnetic, optical or other high speed data processing device or system which performs
logical, arithmetic, and memory functions by manipulation of electronic, magnetic or optical impulses,
and included all input, output, processing, storage, computer software, or communication facilities which
are connected or related to the computer in a computer system or computer network;
Cyber Security Protecting information, equipment, devices computer, computer resource, communication device and
information stored therein from unauthorized access, use, disclosure, disruption, modification or
destruction;
Data Representation of information, knowledge, facts, concepts, or instructions which are being prepared or
have been prepared in a formalized manner, and is intended to be processed, is being processed or has
been processed in a computer system or network; in any form (printouts, magnetic, optical storage)
Electronic Form Generated, received, sent or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device
Electronic
Record
Data, record or data generated, image or sound stored, received or sent in an electronic form
Digital Signature Authentication of any electronic record by a subscriber by means of an electronic method in Section 3
(asymmetric crypto system and hash function)
Electronic
Signature
Authentication of any electronic record by a subscriber by means of the electronic technique specified in
Second Schedule (e.g. Digital Signature)
Intermediary w.r.t any particular electronic record, any person who on behalf of another person receives, stores or
transmits that record, or provides any service with respect to that record and includes telecom service
providers, network service providers, internet service providers, web-hosting service providers, search
engines, online payment sites, online auction sites, online market places, and cyber cafes. 3

4. Why are we talking about
cybersecurity?
4

5. Data Privacy
• Information privacy, or data privacy: the
relationship between collection and
dissemination of data, technology, the public
expectation of privacy, and the legal and
political issues surrounding them.
• Information privacy is the right to control
what information about a person is released.
5

6. Cyber Security
According to H.R. 4246 “Cyber Security Information Act”:
cybersecurity: “The vulnerability of any computing system, software
program, or critical infrastructure to, or their ability to resist, intentional
interference, compromise, or incapacitation through the misuse of, or by
unauthorized means of, the Internet, public or private
telecommunications systems or other similar conduct that violates
Federal, State, or international law, that harms interstate commerce of
the United States, or that threatens public health or safety.”
6

7. Cyber Security in Different Contexts
corporate cybersecurity = availability, integrity and
secrecy of information systems and networks in the
face of attacks, accidents and failures with the goal
of protecting a corporation’s operations and assets
national cybersecurity = availability, integrity and
secrecy of the information systems and networks in
the face of attacks, accidents and failures with the
goal of protecting a nation’s operations and assets
7

8. One way to think about it
cybersecurity = availability, integrity and secrecy
of information systems and networks in the
face of attacks, accidents and failures with the
goal of protecting operations and assets
(Still a work in progress.)
8

9. Cyber Security Defined
• Cyber Security’s goal: Protect our information and
information systems
• Cyber Security is: “Protection of information
systems against unauthorized access to or
modification of information, whether in storage,
processing or transit, and against the denial of
service to authorized users, including those
measures necessary to detect, document, and
counter such threats.”
9

10. Privacy and Security of information
• Confidentiality: Safeguards information from being accessed by individuals without
the proper clearance, access level, and need to know.
• Integrity: Results from the protection of unauthorized modification or destruction
of information.
• Availability: Information services are accessible when they are needed.
Authentication means a security measure that establishes the validity of a
transmission, message, or originator, or a means of verifying an individual's
authorization to receive specific categories of information.
• Non-repudiation: Assurance the sender of data is provided with proof of delivery
and the recipient is provided with proof of the sender's identity, so neither can
later deny having processed the data.
10

11. Sensitive Data
• Information is considered sensitive if the loss of
Confidentiality, Integrity, or Availability could be expected to
have a serious, severe, or catastrophic adverse effect on
organizational operations, organizational assets, or
individuals.
• Types of sensitive information include:
– Personnel
– Financial
– Payroll
– Medical
– Privacy Act information.
11

12. Threats and Vulnerabilities
• What are we protecting our and our
stakeholders information from?
– Threats--any circumstances or events that can potentially
harm an information system by destroying it, disclosing the
information stored on the system, adversely modifying
data, or making the system unavailable
– Vulnerabilities--weakness in an information system or its
components that could be exploited.
Ex: Windows Xp Systems
12

13. Recognize Different Types of Cyber Attacks
13

14. Strategic Forces Shaping Cyber Attacks
Significant Cyber Events in 2019
2019
Events
Social
Media
Infrastructure &
Government
Healthcare
Hospitality
Business&
Smart Home
14

15. Cyber Security Infrastructure
According to S.I. 1901 “Cybersecurity Research and Education Act of 2002”:
“The term cybersecurity infrastructure includes--
(A) equipment that is integral to research and education capabilities in cybersecurity,
including, but not limited to--
(i) encryption devices;
(ii) network switches;
(iii) routers;
(iv) firewalls;
(v) wireless networking gear;
(vi) protocol analyzers;
(vii) file servers;
(viii) workstations;
(ix) biometric tools; and
(x) computers; and
(B) technology support staff (including graduate students) that is integral to research
and education capabilities in cybersecurity.”
15

16. Technical Aspects – Evidentiary objects
• Storage (files)
• Hard disk (raw data)
• Flash cards
• Volatile memory (RAM)
– Running processes
– DLLs
– Malware
– User names and passwords
• Registry keys
• Deleted files
• Cookies
• Browser caches/history
• Network connections history
• Network Logs
16

17. 17
Network-Based Attacks
Better Accessibility because of the network
– Web sites
– Email Servers
– File Servers
– DNS Servers
– Routers
– Etc.

18. 18
Network Attacks
• DOS, DDoS: coordinated attack by one or multiple sources
– SYN flooding: http://www.cert.org/advisories/CA-1996-21.html
– Aided by proliferation of DSL home users
• DNS, BIND
– Redirection :the site you’re on, is not really the site you think you’re on !
– Vulnerability in BIND to allow remote user to gain privileged access
• Routers
– Change routing information to disable network
– Cisco’s IOS proliferates the worldwide backbone of the Internet
• Sniffers
– examine network traffic going to and from other machines
– gather usernames and passwords
– capture electronic mail

19. 19
Network Attacks (cont.)
• Firewalls
• IDS, HoneyPots, SATAN, vulnerability
scanners
– http://www.sans.org/newlook/resources/IDF
AQ/ID_FAQ.htm
• Tripwire to detect configuration changes

20. Web Attacks
• Phishing
✓Email messages and IMs
✓Appear to be from someone with
whom you do business
✓Designed to trick you into providing
usernames and passwords
• Pharming
✓Redirects you to a phony website even if you
type the URL
✓Hijacks a company’s domain name

21. Examples of Web Attacks
• Cracking Session ID numbers
– https://www.tonybank.com/account.asp?sid=123456
78
– URL session tracking
– Hidden form elements
– Cookies
• Cracking a SQL database
– Enter an “incorrect” string to get an error message
which shows how the database forms a query.
– http://www.wiretrip.net/rfp/p/doc.asp?id=42
21

22. E-Mail Attacks
• Email bombing
– repeatedly sending an identical email message
to a particular address.
– http://www.cert.org/tech_tips/email_bombin
g_spamming.html
• MALware Attachments:
– worms, viruses, trojan horses, etc.
• SPAM
– Unsolicited “junk” mail
– At sites with mailers that permit relaying
22

23. E-Mail Attacks
• RTF files are ASCII text files and include
embedded formatting commands. RTF files
do not contain macros and cannot be
infected with a macro virus.
• An MP3 file consists of highly
compressed audio tracks. MP3 files are not
programs, and viruses cannot infect them.
23

24. Cybercrime: They Are Out to Get You –
Social Network Attacks (3 of 4)
• Fraud
Schemes that convince you to give money or
property to a person
Shill bidding is fake bidding to drive up the price of
an item

25. Malware:Pick Your Poison–Spam and
Cookies
• Spam
✓Spamming is sending mass unsolicited emails
✓Messages are called spam
✓Other forms:
• Fax spam
• IM spam
• Text spam
25

26. Malware:Pick Your Poison–Spam and
Cookies
• Cookies
✓Installed without your
permission
✓Help websites identify
you when you return
• Track websites and
pages
you visit to better target
ads
• May collect information
you don’t want to share
26

27. Malware:Pick Your Poison–Adwareand
Spyware
• Adware
✓Pop-ups or banner ads
✓Generate income
✓Use CPU cycles and Internet bandwidth
✓Reduce PC performance
27

28. Malware:Pick Your Poison–Adwareand
Spyware
• Spyware
✓Malware
✓Secretly gathers personal information
✓Usually installed by accident
✓Browser hijacker
28

29. Social Engineering
29
Hello, I'm calling from Technology for
America – we're a non-profit organization,
working to help ensure that the U.S. stays
at the forefront of computer technology.
Today we're conducting a telephone survey
about the usage of computer systems. Can
I ask you a few questions about your
computer system?
Social engineering is a collection of techniques intended to trick people into
divulging private information. Includes calls emails, web sites, text messages,
interviews, etc.

30. Social Engineering
30
Do
• Document the situation—
verify the caller identity,
obtain as much
information as possible, if
Caller ID is available, write
down the caller's
telephone number, take
detailed notes of the
conversation
• Contact your CISO
Don’t
• Participate in
surveys
• Share personal
information
• Give out computer
systems or network
information

31. Mobile Computing
• Always maintain physical control of
mobile devices!
31
• Properly label with
classification and contact
information
• Disable wireless functionality
when it is not in use

32. Example: DOS
• Denial-of-Service attacks are most frequently executed against
network connectivity. The goal is to prevent hosts or networks
from communicating over the network. A description of how this
can occur is at: http://www.cert.org/advisories/CA-1996-21.html
• In this case, the hacker begins the process of connecting to the
victim machine, but in such a way as to PREVENT the completion
of the connection. Since the victim machine has a limited number
of data structures for connections, the result is that legitimate
connections are denied while the victim machine is waiting to
complete bogus “half-open” connections.
http://www.cert.org/tech_tips/denial_of_service.html

33. Example: DOS (cont.)
• This type of attack does not depend on the attacker being able to
consume your network bandwidth. Here, the intruder is consuming
kernel data structures involved in establishing a network connection.
The implication is that an intruder can execute this attack from just a
dial-up connection against a machine on a very fast network.
• An intruder may also be able to consume all the available bandwidth
on your network by generating a large number of packets directed to
your network. Typically, these packets are ICMP ECHO packets, but in
principle could be anything (“smurfing”). Further, the intruder need
not be operating from a single machine – he may be able to coordinate
or co-opt several machines on different networks to achieve the same
effect: hence, DDoS.
• In addition to network bandwidth, intruders could consume other
resources: for example, anything that allows data to be written to disk
can be used to execute a DOS attack if there are no bounds on the
amount of data that could be written.
33

34. Denial of Service Attacks…
• Make networks or hosts unusable
• Disrupt services
• Difficult or Impossible to locate source
• Becoming very popular with attackers,
especially
– IRC sites
– Controversial sites or services
• Bottom Line: COSTLY!
http://www.cert.org/present/cert-overview-trends/sld001.htm
34

35. Intruder Detection Checklist
Look for Signs That Your System May Have Been Compromised
1. Examine log files
2. Look for setuid and setgid Files
3. Check system binaries
4. Check for packet sniffers
5. Examine files run by 'cron' and 'at'.
6. Check for unauthorized services
7. Examine /etc/passwd file
8. Check system and network configuration
9. Look everywhere for unusual or hidden files
10. Examine all machines on the local network
http://www.cert.org/tech_tips/intruder_detection_checklist.html
35

36. Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (1 of 5)
• Virus - a program that replicates itself
and infects computers
Needs a host file
May use an email program to infect
other computers
The attack is called the payload
Check to see if message is a hoax
36

37. Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (2 of 5)
• Logic Bomb
✓Behaves like a virus
✓Performs malicious act
✓Does not replicate
✓Attacks when certain conditions are met
• Time Bomb
✓A logic bomb with a trigger that is a specific
time or date
• April Fool’s Day
• Friday the 13th
37

38. Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (3 of 5)
• Worms
✓Self-replicating
✓Do not need a host to travel
✓Travel over networks to infect other
machines
✓Conficker worm
• First released in 2008
• Reemerged in 2010 with new behaviors
38

39. Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (4 of 5)
• Botnet
– Network of computer zombies or bots controlled by a
master
– Fake security notifications
– Denial-of-service attacks
• Cripple a server or network by sending out excessive traffic
• Trojan horse
– Appears to be legitimate program
– Actually malicious
– Might install adware, a toolbar, a keylogger, or open a
backdoor
39

40. Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (5 of 5)
• Ransomware
– Malware that prevents you from using your computer
until you pay a fine or fee
– Bitcoin is an anonymous, digital, encrypted currency
• Rootkit
– Set of programs
– Allows someone to gain control over system
– Hides the fact that the computer has been
compromised
– Nearly impossible to detect
– Masks behavior of other malware
40

41. How to Secure a Computer
41

42. Explain How to Secure a Computer
42

43. Shield’s Up – Software (1 of 2)
• Drive-by download
– A visited website installs a program in the background without
your knowledge
• Firewall
– Hardware device that blocks
access to your network
– Software that blocks access
to an individual machine
43

44. Shield’s Up – Software (2 of 2)
• Antivirus program
– Protects against viruses, Trojans, worms, spyware
– Windows 10 includes Windows Defender
• An antispyware program that performs both real-time protection
and system scanning
• Antispyware software
– Prevents adware and spyware from installing
• Security suite
– Package of security software
– Combination of features
44

45. Shield’s Up – Hardware (1 of 2)
• Router
– Connects two or more networks together
– Home router acts like firewall
• Network address translation (NAT)
Security feature of a router
Shields devices on private network from
the public network
45

46. Shield’s Up – Hardware (2 of 2)
• SSID (Service Set Identifier)
– Wireless network name
• Wireless encryption
Adds security by encrypting transmitted data
Wi-Fi Protected Setup (WPS) is one option
46

47. Shield’s Up – Operating System
• Most important piece of
security software
• Keep patched and
up-to-date
47

48. Practice Safe Computing
48

49. Practice Safe Computing
49

50. An Ounce of Prevention is Worth a Pound
of Cure –
User Accounts
• Three user account types
 Standard
 Administrator
 Guest
• User Account Control (UAC) notifies you prior to
changes made to your computer
 Do not turn this feature off
 Always read message before clicking Yes
• Malware tricks users into clicking fake Windows
notifications
50

51. An Ounce of Prevention is Worth a Pound
of Cure –
Passwords
51

52. Department Password Policy
• The Department has guidelines pertaining to password use.
– Passwords must be:
– Obscured during login and during transmission.
– Changed after the initial login.
– Forced by the system to be changed every 90 days.
– Strong - shall include three of the four characteristics:
• Numerals
• Alphabetic characters
• Upper and lower case letters
• Special characters
• Passwords shall be at least eight (8) characters in length.
52

53. Secure Passwords
Do
• Use a combination of:
lower and upper case
letters, numbers, and,
special characters
• Change it every 90 days
• Create a complex, strong
password, and protect its
secrecy
Don’t
• Use personal information
• Dictionary words
(including foreign
languages)
• Write it down
• Share it with anyone
53

54. An Ounce of Prevention is Worth a Pound
of Cure –Encryption
• Converts plain text into ciphertext
• Must have a key to decrypt it
54

55. An Ounce of Prevention is Worth a Pound
of Cure –Safely Installing Software
• Copies files to the computer
• Alters settings
55

56. An Ounce of Prevention is Worth a Pound of
Cure –Updating and Installing Software
• Protect yourself from downloading
problems
Only download from reliable sources
• Zero-day exploit
Attack that occurs on the day an exploit is
discovered before the publisher can fix it
• Bugs
Flaws in the programming of software
Patch or hotfix
Service pack 56

57. An Ounce of Prevention is Worth a Pound
of Cure –Acceptable Use Policies (AUP)
• Common in businesses and schools
• Rulesforcomputerandnetworkusers
• Depend on:
 Type of business
 Type of information
• Force users to practice safe
computing
57

58. Use of Social Media
• Be aware of what you post online!
• Monitor privacy settings
• Refrain from discussing any work-related
matters on such sites.
58

59. Report Suspicious Computer Problems
If your system acts
unusual!
59
Report immediately to
your CISO
Trojan Horse Spyware Worm

60. Laws Related to Computer Security
and Privacy
60

61. DiscussLaws RelatedtoComputerSecurity
andPrivacy
61

62. The Law is on Your Side – The
Enforcers
• No single authority
responsible for investigating
cybercrime
• Internet Crime Complaint
Center (IC3)
Place for victims to report
cybercrimes
ic3.gov
Reports processed and
forwarded to appropriate
agency
62

63. The Law is on Your Side – Current Laws
(1 of 2)
• Computer Fraud and Abuse Act
Makes it a crime to access classified
information
Passed in 1986; amendments between 1988
and 2002 added additional cybercrimes
• USA PATRIOT Act antiterrorism legislation
(2001)
63

64. The Law is on Your Side – Current Laws
(2 of 2)
• Cyber Security Enhancement Act
(2002)
Provisions for fighting cybercrime
• Convention on Cybercrime Treaty
Drafted by Council of Europe
Signed by more than 40 countries
64

65. Offences & Contraventions
Cyber
Contravention
Cyber Offences
+
43, 43A
Sec. 65 –
67, 72, 72A
Adjudicating
Officer
Police/Court
Sec 43
Sec 66
65

66. Cyber Contravention –Sec. 43
Unauthorized access –
 If any person without permission of the owner or any other person
who is the in charge of a computer, computer systems or computer
network commits any violation in Section 43 (a) – (j).
Penalty and compensation –
 Liable to pay damages by way of compensation to the tune of Rs. 5
Crores.
66

67. Section 66– Computer Related
Offences
“If any person, dishonestly, or fraudulently, does any act referred to
in section 43, he shall be punishable with imprisonment for a term
which may extend to three years or with fine which may extend to
five lakh rupees or with both.”
 Dishonestly or fraudulently as defined u/s 24/25 IPC
 Cognizable & Bailable.
67

68. Cyber Crimes – Sec43(a)
IT Act
“If any person, dishonestly, or fraudulently, does any act
referred
Unauthorized Access to the Computer
68

69. Cyber Crimes – Sec43(b)
IT Act
Downloading, Copying or Extracting
any Data from
any Computer
69

70. Cyber Crimes – Sec43(c)
Introducing Computer
Virus/Containment/Spyware
70

71. Cyber Crimes – Sec43(d)
IT Act
Damaging any Computer/Computer
System/Database /Program
.
71

72. Cyber Crimes – Sec43(e) IT Act
Disrupt or Causing Disruption
to Computer or
Computer Network
4/25/2017 N e e r a j A a r o ra 72

73. Cyber Crimes –
Sec43(f)
IT Act
Denial-of-Access
to
Any Person
73

74. Cyber Crimes – Sec43(g)
.
Assistance to Facilitate Unauthorized
Access to Computer
74

75. Cyber Crimes – Sec43(h)
Charges the Services to the Account of Another by
Tempering with Computer
Using Stolen Credit Cards
or
Others Bank Accounts
75

76. Cyber Crimes – Sec43(i)
Destroyed, Delete or Alter
An Information
Regarding in the Computer
Diminishes its value or effects it injuriously
4/25/2017 N e e r a j A a r o ra 76

77. Cyber Crimes – Sec43(j) & Sec65
Steal, Conceal or Destroy Computer Source Code
If source code is required to be maintain by Law,
such offence would be cognizable U/S 65
77

78. Section 66C– Punishment for
Identity Theft
“Whoever,
 fraudulently or dishonestly make use of
 the electronic signature, password or any
other unique identification feature of any other person,
 shall be punished with imprisonment of either description for a
term which may extend to three years and shall also be liable to
fine which may extend to rupees one lakh”
78

79. Securing the Department
• Don’t store PII on unencrypted storage devices
• Remove your Personal Identity Verification (PIV), or smart
card, when leaving your desktop PC
• Never transmit secure information over an unsecured fax
machine
• Check for security badges and make sure guests needing
escorts have them
• Don’t write down passwords
• Use only authorized thumb drives
• Properly label removable media such as CDs or DVDs
• Be careful how you dispose of anything that might contain
sensitive information
79

80. All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any
means, electronic, mechanical, photocopying, recording, or
otherwise, without the prior written permission of the publisher.
Printed in the United States of America.
80

81. 81
Case Study of Cyber Atacks
by Michelle Delio
10:35 a.m. Feb. 1, 2001 PST
A popular Web discussion board in which the subject
is computer security became the unwitting host of
an attack program directed at security consultant
firm Network Associates Wednesday night.
A cracker posted to the Bugtraq board what he said
was a script -- computer code that would allow
people to take advantage of a recently discovered
hole in BIND, the software that pushes information
across the Internet.
http://www.wired.com/news/technology/0,1282,41563,00.html

82. 82
But if someone downloaded and ran the posted script, it
instead launched a denial of service attack against
Network Associates (NAI) by sending packets of
garbage information in the hopes of overwhelming the
firm's servers.
Since Network Associates had already patched the hole,
its website's performance wasn't adversely affected.
"We have determined that a distributed denial of attack
was directed at NAI last night," an NAI spokeswoman
said, "but no penetration to the corporate network took
place. We are continuing to investigate the origin of this
attack." NAI was the first to raise the alarm over the
BIND exploit, and Bugtraq spokesperson Elias Levy said
he assumes that the attack was intended to see if NAI
had practiced what they preached and patched the hole.

83. Virus Live Case – Stuxnet
Very Effective, Size: 500 KiloByte.
Attacked in Three Phases
 it targets Microsoft Windows Machines and Networks.
 Sought Out Siemens Step7 software (Windows-based used to
Program Industrial Control Systems that Operate Equipment, such
as Centrifuges).
 Compromised Programmable Logic Controllers.
Spy on Industrial Systems and even Cause Fast-Spinning
Centrifuges to Tear themselves apart.
Can Spread Stealthily Between Computers running Windows.
Can Spread through USB thumb Drive.
83

84. Hack of Ukraine’s Powergrid
Send spyware to employees and asked
to click on micros
Hackers used a program called BlackEnergy3
Infected their machines and opened a backdoor to the
hackers.
Hackers harvested worker credentials for VPNs which was
used to remotely log in to the SCADA network.
84

85. Hack of Ukraine’s Powergrid
Reconfigured uninterruptible power supply to control
centers.
Replace malicious firmware on serial-to-Ethernet
converters at substations.
Entered SCADA networks through hijacked VPNs and
disable UPS systems.
Launched Telephone Denial-of-Service attack against
customer call centers to prevent reporting for outrage.
Used malware ‘KillDisk’ to wipe files from operator
stations.
Blackout
85

86. Bit Coin – Virtual Currency
Not in control of any Country
Anonymity on the Internet
International movement without restrictions
Acceptable for Hawala /Crime Transactions
Replace the gold or cash as a payment for illegal transaction
or tax evasion
86

87. Cybercrime Economy
Ransomware
 organized at international & national level
 Segmented & Coordinated
Darknet
 Sale of Vulnerabilities and exploits online
 Crime ware tool kits
 Stolen data Credit card numbers, PINs
 Email ids, passwords
 FTP credentials
 Sale of Botnets
 DDoS as a Service
 Hacking as a Service
87

88. Questions
88