CYBER SECURITY(17JG1A05B3)

CYBER SECURITY

Computer security, cyber security or information technology security (IT security) is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.

The field is growing in importance due to increasing reliance on computer systems, the Internet and wireless networks such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smart phones, televisions and the various tiny devices that constitute the Internet of things. Due to its complexity, both in terms of politics and technology, it is also one of the major challenges of the contemporary world.

Vulnerabilities & Attacks:-

A) Backdoor:-

A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access or by an attacker for malicious reasons; but regardless of the motives for their existence, they create vulnerability.

B) Denial-of-service attacks:-

Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users.  Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victims account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from a large number of points – and defending is much more difficult. Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim.

C) Direct-access attacks:-

An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, key-loggers, covert listening devices or using wireless mice. Even when the system is protected by standard security measures, these may be able to be by-passed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks.

D) Eavesdropping:-

Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInSight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware; TEMPEST is a specification by the NSA referring to these attacks.

E) Multi vector, polymorphic attacks:-

Surfacing in 2017, a new class of multi-vector, polymorphic cyber threats surfaced that combined several types of attacks and changed form to avoid cyber security controls as they spread. These threats have been classified as fifth generation cyber attacks.

F) Phishing:-

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Preying on a victim's trust, phishing can be classified as a form of social engineering.

G) Privilege escalation:-

Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level. For example, a standard computer user may be able to fool the system into giving them access to restricted data; or even to "become root" and have full unrestricted access to a system.

H) Social engineering:-  

Social engineering aims to convince a user to disclose secrets such as passwords, card numbers, etc. by, for example, impersonating a bank, a contractor, or a customer.

A common scam involves fake CEO emails sent to accounting and finance departments. In early 2016, the FBI reported that the scam has cost US businesses more than $2 bn in about two years.

In May 2016, the Milwaukee Bucks NBA team was the victim of this type of cyber scam with a perpetrator impersonating the team's president Peter Feigin, resulting in the handover of all the team's employees' 2015 W-2 tax forms.

I) Spoofing:-

Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain. There are several types of spoofing, including:

·         Email spoofing: - where an attacker forges the sending (From, or source) address of an email.

·         IP address spoofing: - where an attacker alters the source IP address in a network packet to hide their identity or impersonate another computing system.

·         MAC spoofing: - where an attacker modifies the Media Access Control (MAC) address of their network interface to pose as a valid user on a network.

·         Bio metric spoofing: - where an attacker produces a fake biometric sample to pose as another user.

J) Tampering:-

Tampering describes a malicious modification of products. So-called "Evil Maid" attacks and security services planting of surveillance capability into routers are examples.

Information security culture should be adopted.

Systems at Risk:-

1)  Financial systems

2) Utilities & Industrial equipment

3) Aviation

4) Consumer devices

5) Large corporations

6) Automobiles

7) Government systems

8) Internet of things (IOT) & Physical vulnerabilities

9) Medical systems

10) Energy Sector

Impact of Security breaches:-

Serious financial damage has been caused by security breaches, but because there is no standard model for estimating the cost of an incident, the only data available is that which is made public by the organizations involved. "Several computer security consulting firms produce estimates of total worldwide losses attributable to virus and worm attacks and to hostile digital acts in general. The 2003 loss estimates by these firms range from $13 billion (worms and viruses only) to $226 billion (for all forms of covert attacks). The reliability of these estimates is often challenged; the underlying methodology is basically anecdotal." Security breaches continue to cost businesses billions of dollars but a survey revealed that 66% of security staffs do not believe senior leadership takes cyber precautions as a strategic priority.

However, reasonable estimates of the financial cost of security breaches can actually help organizations make rational investment decisions. According to the classic Gordon-Loeb Model analyzing the optimal investment level in information security, one can conclude that the amount a firm spends to protect information should generally be only a small fraction of the expected loss (i.e., the expected value of the loss resulting from a cyber/information security breach).

Attacker Motivation:-

As with physical security, the motivations for breaches of computer security vary between attackers. Some are thrill-seekers or vandals, some are activists, and others are criminals looking for financial gain. State-sponsored attackers are now common and well resourced, but started with amateurs such as Markus Hess who hacked for the KGB, as recounted by Clifford Stoll, in The Cuckoo's Egg.

A standard part of threat modelling for any particular system is to identify what might motivate an attack on that system, and who might be motivated to breach it. The level and detail of precautions will vary depending on the system to be secured. A home personal computer, bank, and classified military network face very different threats, even when the underlying technologies in use are similar

Counter Measures:-

1.     Security by design
2.     Security architecture
3.     Security measures
4.     Vulnerability management
5.    Reducing vulnerability
6.   Hardware protection mechanisms
7.    Secure operating systems
8.   Secure coding
9.   Capabilities and access control lists
10.  End user security training
11.   Response to breaches

Keys:-

·         Access control

·         Anti-key-loggers

·         Anti-malware

·         Anti-spyware

·         Anti-subversion software

·         Anti-tamper software

·         Antivirus software

·         Cryptographic software

·         Computer-aided dispatch (CAD)

·         Firewall

·         Intrusion detection system (IDS)

·         Intrusion prevention system (IPS)

·         Log management software

·         Records management

·         Sandbox

·         Security information management

·         SIEM

·         Anti-theft

·         Parental control

·         Software and operating system updating