Week 1 -1st Sem

Security 1
Overview of Security
Overview of Security
CIA Triad
AAA of Security
Security Threats
Threat Actors
Malware Infections
Common Delivery Methods
Botnets and Zombies
Active Interception and Privilege
Backdoors and Logic Bombs
Symptoms of Infection
Removing Malware
Preventing Malware
Network Security
Network security is a broad term that covers a multitude of
technologies, devices and processes. In its simplest term, it is a
set of rules and configurations designed to protect the integrity,
confidentiality and accessibility of computer networks and data
using both software and hardware technologies. Every
organization, regardless of size, industry or infrastructure, requires
a degree of network security solutions in place to protect it from
the ever-growing landscape of cyber threats in the wild today.
Network Security
Today's network architecture is complex and is faced with a threat
environment that is always changing and attackers that are always
trying to find and exploit vulnerabilities. These vulnerabilities can exist
in a broad number of areas, including devices, data, applications, users
and locations. For this reason, there are many network security
management tools and applications in use today that address
individual threats and exploits and also regulatory non-compliance.
When just a few minutes of downtime can cause widespread
disruption and massive damage to an organization's bottom line and
reputation, it is essential that these protection measures are in place.
CIA Triad
CIA - Confidentiality, Integrity and Availability
The CIA Triad is actually a security model that has been developed to
help people think about various parts of IT security.
AAA of Security
Authentication, authorization, and accounting (AAA) is a method you can
use in your network to control which administrators are allowed to
connect to which devices (authentication), what they can do on these
devices (authorization), and log what they actually did while they were
logged in (accounting).
Security Threats
Security Threat is defined as a risk that which can potentially harm
computer systems and organization. The cause could be physical such
as someone stealing a computer that contains vital data. The cause
could also be non-physical such as a virus attack.
People, not computers, create computer threats. Computer predators
victimize others for their own gain. Give a predator access to the
Internet — and to your PC — and the threat they pose to your security
increases exponentially.
Computer hackers are unauthorized users who break into computer
systems in order to steal, change or destroy information, often by
installing dangerous malware without your knowledge or consent.
Their clever tactics and detailed technical knowledge help them
access the information you really don’t want them to have.
Ethical Hacker (White hat)
Cracker (Black hat)
Grey hat
Script kiddies
Threat Actors
A threat actor is a person or entity that has the ability or intent to
impact the security of other individuals or companies
Threat actors can be internal or external to the organization being
targeted, and they may or may not possess the technical skillsets
needed to infiltrate and compromise networks and corporate data
Malware is the collective name for a number of malicious software
variants, including viruses, ransomware and spyware. Shorthand
for malicious software, malware typically consists of code
developed by cyberattackers, designed to cause extensive damage
to data and systems or to gain unauthorized access to a network.
Malware is typically delivered in the form of a link or file over email
and requires the user to click on the link or open the file to execute
the malware.
Malware has actually been a threat to individuals and organizations
since the early 1970s when the Creeper virus first appeared. Since
then, the world has been under attack from hundreds of thousands
of different malware variants, all with the intent of causing the
most disruption and damage as possible.
A computer virus is what most of the media and regular end-users
call every malware program reported in the news. Fortunately,
most malware programs aren't viruses. A computer virus modifies
other legitimate host files (or pointers to them) in such a way that
when a victim's file is executed, the virus is also executed
Worms have been around even longer than computer viruses, all
the way back to mainframe days. Email brought them into fashion
in the late 1990s, and for nearly a decade, computer security pros
were besieged by malicious worms that arrived as message
attachments. One person would open a wormed email and the
entire company would be infected in short order
Computer worms have been replaced by Trojan horse malware
programs as the weapon of choice for hackers. Trojans
masquerade as legitimate programs, but they contain malicious
instructions. They've been around forever, even longer than
computer viruses, but have taken hold of current computers more
than any other type of malware.
Malware programs that encrypt your data and hold it as hostage
waiting for a cryptocurrency pay off has been a huge percentage of
the malware for the last few years, and the percentage is still
growing. Ransomware has often crippled companies, hospitals,
police departments, and even entire cities.
Spyware is most often used by people who want to check on the
computer activities of loved ones. Of course, in targeted attacks,
criminals can use spyware to log the keystrokes of victims and
gain access to passwords or intellectual property.
Adware and spyware programs are usually the easiest to remove,
often because they aren't nearly as nefarious in their intentions as
other types of malware. Find the malicious executable and prevent
it from being executed — you're done.
A rootkit is a clandestine computer program designed to provide
continued privileged access to a computer while actively hiding its
presence. The term rootkit is a connection of the two words "root"
and "kit." Originally, a rootkit was a collection of tools that enabled
administrator-level access to a computer or network. Root refers to
the Admin account on Unix and Linux systems, and kit refers to the
software components that implement the tool. Today rootkits are
generally associated with malware – such as Trojans, worms,
viruses – that conceal their existence and actions from users and
other system processes.
Spamming is the point at which a cyber-criminal sends messages
intended to profit on fake or phony products.
Much of it is sent by botnets, networks of virus-infected
computers, complicating the process of tracking down the
spammers. According to various estimates, about 80% of all email
in the world may be spam
Common Delivery Methods
Phishing is a method of trying to gather personal information using
deceptive e-mails and websites. Here's what you need to know
about this venerable, but increasingly sophisticated, form of cyber
Botnets and Zombies
News about internet crimes often mentions "bots", "zombies", and
"botnets". It's not hard to figure out from the context that these are
computer or network security threats. But what exactly are they,
how do they work, and what kind of damage can they cause?
A bot, short for "robot", is a type of software application or script
that performs automated tasks on command. Bad bots perform
malicious tasks that allow an attacker to remotely take control over
an affected computer. Once infected, these machines may also be
referred to as zombies.
Active Interception and Privilege
Active GSM interception systems allow an attacker to actively
interfere in communications between mobile phones and base
stations by means of a so-called IMSI-catcher, in essence a
transmitter and receiver that simulates the functionality of a GSM
base station. Recent attack methods involve spoofing so-called
femtocells to feign that you are the user’s mobile network provider,
while in fact you are taking over his network traffic.
Backdoors and Logic Bombs
A backdoor occurs when a programmer provides as a means to
grant themselves or others future access to a system.
A logic bomb is commonly defined as an attribute or a portion of
code running within a program that remains inactive until a specific
event or time occurs.
Symptoms of Infection
Your computer is slowing down
Annoying ads are displayed
Pop-up messages
Internet traffic suspiciously increases
Your browser homepage changed without your input
Unusual messages show unexpectedly
Your security solution is disabled
Your friends say they receive strange messages from you
Unfamiliar icons are displayed on your desktop
Unusual error messages
You can’t access the Control Panel
Everything seems to work perfectly on your PC
You get the error on the browser
You get suspicious shortcut files
Preventing Malware
Practice safe browsing
Use strong passwords and/or password managers
Make sure you’re on a secure connection
Log out of websites after you’re done
Layer your security
Use firewall, anti-malware, anti-ransomware, and anti-exploit
Preventing Malware
Protect vulnerabilities
Update your operating system, browsers, and plugins
Enable click-to-play plugins
Remove software you don’t use (especially legacy programs).
Preventing Malware
Watch out for social engineering
Read emails with an eagle eye
Do not call fake tech support numbers
Do not believe the cold callers
Removing Malware