SlideShare une entreprise Scribd logo

Cyber Security # Lec 2

Télécharger en tant que PPTX, PDF
Kabul Education University
Kabul Education University

A Series of cybersecurity lecture notes............................ (Types of Cyber Attacks)Methods, consequences and Impact)

Technologie
1  sur  33
Lec-2: Cyber Security Mr. Islahuddin Jalal MS (Cyber Security) – UKM Malaysia Research Title – 3C-CSIRT Model for Afghanistan BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬
Types of Cyberattacks • Cyberattacks compromise • Confidentiality by stealing money • Integrity by modifying data • Availability by denying access to data, services and systems • Some attacks may combine two or more of these types in a single attack but these three are the building block for most malicious cyberactivities.
Types of Cyber Attack • Phishing/spearphing • Drive-By / Watering Hole / Malvertising • Code Injection / Webshell • Keyloggig / Session hijacking • Pass-the-Hash and Pass-the- ticket • Credential harvesting • Gate-crashing • Malware /Botnet • DDoS • Identity Theft • Industrial Espionage • Pickpocket • Bank Heist • Ransomeware
Phishing / Spearphishing • Phishing and spearphishing are some of the most effective ways of getting into an enterprise’s network. • Attackers send e-mail to the victims (targeted e-mail to a specific person if it’s spearphishing), and the e-mail takes control of the victim’s computer.
Phishing / Spearphishing • Impact: • Gain control of a personal computer inside the enterprise’s network • Spearphishing, this control includes a computer belonging to a specific person, such as an executive or systems administrator. • Methods and Consequences: • There are three techniques commonly used for phishing and spearphishing attacks. • Email message containing malicious attachment • Email to contain a link to a web page • Email to contain a link to a web page that asks for the victim to type his / her logon credentials • Potential Defense • Training to help users recognize when they are being phished • Educating executives and systems administrators on the threats • Protecting email and web gateways • Hardening endpoint computers
Drive-By / Watering Hole / Malvertising • A drive-by or watering hole attack involves compromising a victim’s web site and then configuring that website to deliver malware to people who visit the site. • When unsuspecting users visit the site, their computers are infected with malware and the attackers are able to move their attack forward. • A malvertising attack has the same effect, but rather than directly compromising the site, attackers deliver malware through advertising feeds displayed on the web page alongside the victim’s content.
Drive-by / Watering Hole / Malvertising • Impact: • Victim enterprise is an intermediary in an attack while targeting the people who visit the website • Victim will get collateral damage • Victim Enterprise’s reputation will be damaged when the story comes out • Methods and Consequences: There are two techniques commonly used for such kinds of attacks. • Web sites with vulnerabilities are exploited to get control of the site directly from the internet • Compromise the victim enterprise to get access to the computers and accounts with administrative control over the site • Potential Defense • Web site operators need to have strong configuration control over public-facing web sites • Advertising networks should strongly filter their content and prevent unexpected and unacceptable behavior • Surfing the web carefully using non-administrative credentials • Fully patched endpoint computers • Hardening endpoint computers
Code Injection / Webshell • Servers are potentially just as vulnerable as endpoint computers, and they can be compromised using some of the same techniques. • Two attacks unique to servers are • Code injection • Webshells. • Code injection compromises a vulnerable web site by modifying requests to the site so they contain either scripting code or SQL code that is executed by the server without checking it. • If the server executes this code using administrative privileges, then the attackers can use the attack to take control of the server. • Once the attackers get control of the server, they can place a webshell into the server’s web site. • Webshell is a back door that allows attackers to come back to the server’s web site and execute commands directly on the server.
Code Injection / Webshells • Impact: • Gain the administrative control over an internet facing server • Provide backdoor into the enterprise that is always open and operational for the attacker • Data and information can be compromised • Methods and Consequences: • Commonly used techniques for code injection and Webshells is as follow: • Attacker toolkits is used which contain exploits designed to test internet facing web sites for vulnerabilities • Periodically re-scan the sites to catch vulnerabilities (due to bad patch or coding mistakes) • Once the vulnerability is found then starting exploitation of that vulnerability and compromise the server and then install backdoor • Potential Defense • Strict configuration control of internet-facing servers is the best defense • Periodically scan the web sites for the vulnerabilities
Keylogging / Session Hijacking • Keylogging: can be used to capture usernames and passwords of accounts with single-factor authentication, • Session hijacking: can be used to exploit accounts protected by multi- factor authentication. • Once attackers gain control of a victim’s endpoint computer, they can use a variety of methods to gain use of the victim’s online accounts.
Keylogging / Session Hijacking • Impact: • Gain control over the victim’s online account • This control include • Victim’s address book • E-mail • Financial account and money • Methods and Consequences: • Commonly used techniques for keylogging and session hijacking is as follow: • Finding methods to install keylogger in victim’s system • If successful, then the attacker will know each and every button pressed by the victim • Attacker will wait, until the credentials found • Once these logons occurred, attackers can impersonate the user and make use of the accounts • Potential Defense • Secure endpoint to never be infected in the first place • Use unprivileged accounts • Protect end system by Anti-virus, anti-malware, intrusion prevention etc • Use multi-factor authentication systems
Pass-the-Hash and Pass-the-Ticket • Pass-the-hash and pass-the-ticket are attack techniques that enable attackers to exploit credentials on an enterprise network. • These credentials are stored in computer memory and on hard drives. • These attacks effectively bypass the authentication mechanism of certain enterprise applications.
Pass-the-Hash and Pass-the-ticket • Impact: • Attacker move laterally within enterprise IT environments from computer to computer • Methods and Consequences: • Commonly used techniques for Pass-the-Hash and Pass-the-ticket is as follow: • Try to gain administrative control of the victim’s computer • Scan the memory and hard drives for hashes and tickets belongs to user • Once hashes and tickets found, then use them to connect to other computers on the enterprise network and move laterally. • Potential Defense • Reduce vulnerabilities • Try to avoid storing hashes and tickets on hard drives • Try to store hashes and tickets over a network which is more difficult
Credential Harvesting • Credential harvesting is a technique whereby attackers compromise systems that a large number of users visit. • They then harvest user credentials from those systems. • In this way, attackers can get the user credentials for a large portion of the enterprise, all in a single step.
Credentials Harvesting • Impact: • Large number of user credentials compromising in a single step. • Afford them to access administrator credentials • Methods and Consequences: • Two common approaches for conducting credential harvesting attack • First, to target public-facing systems with large numbers of users (such as: e-mail, web portal, virtual desktop systems) • Exploit vulnerability to gain control, and then start capturing user credentials • Second, to get inside the enterprise and target vulnerabilities in authentication systems • Once authentication system is compromised, can get access to credential hashes, ticket, and usernames and passwords • Potential Defense • Understanding the enterprise IT systems collect large numbers of user logons. • Protect those systems • Successful compromise should be detected and responded to in a timely fashion • Use multi-factor tokens for authentication
Gate-Crashing • Gate-crashing attacks involve attackers positioning themselves so they can exploit a vulnerability or a defender mistake to get past a particular security defense. • Due to the realities of security technology maintenance and human errors, almost every preventive defense gets disabled sometime, either intentionally or by accident. The gate-crashers make sure they are there to take advantage when it occurs.
Gate-crashing • Impact: • To slip past defenses when the opportunity arises • The attacker waits multiple times for just the right vulnerability or mistake to occur • Methods and Consequences: • Two common approaches for conducting Gate-crashing attack • Manually: must have active command-and-control connections to systems inside the victim’s network • Automatically: intelligent malware watches the victim network for openings and then exploits those opening when occurs • Potential Defense • Defense layering • Active monitoring • Security administrator must be educated on gate-crashing
Malware / Botnet • Malware is a generic term for malicious software, and it can include viruses, worms, Trojans, and others. • There is an extensive malware industry with commodity and custom toolkits that can be integrated together to perform remote control, session hijacking, credential harvesting, maintain persistence, and other functions. • It’s also important to consider remote control functions built into most modern operating systems as well since, with the right administrator credentials, those functions can be used for malicious purposes as well. • Once computers are infected with malware, they may be tied into a botnet so they can be accounted for and access to them can be sold to the highest bidder. Botnets can contain hundreds, thousands, or even millions of compromised machines that can then be used for any attacker purpose.
Malware / Botnet • Impact: • Monitor all activity on the victim computer • Record any credentials and accounts used by the victim • Allow the attacker to use the computer, either on its own or in conjunction with other machines in a botnet • Methods and Consequences: • Install the malware by exploiting the vulnerability or by the user of the computer willingly from malicious web site, email attachment or web link. • Malware may be custom-built or morphed so it is not recognized by signature-based anti-virus • Once compromised and joined to a botnet, the computer and its data become available to the botnet operator • Potential Defense • Hardening OS • Anti-virus • Anti-Malware • User privilege limitation and application
Distributed Denial of Service (DDoS) • DDoS involves flooding the victim’s computers with so much web traffic—generated from a distributed network—that the victim is unable to continuing delivering services over the Internet.
DDoS • Impact: • Targeted web site is often rendered unusable • Web sites become unavailable to its own user, customer or partners • Methods and Consequences: • Compromise the computers and also thousands of compromised computers available on the internet to hire. • Point the hired compromised network towards the target • Potential Defense • There are two approaches to defend against DDoS: • The first approach is to utilize content distribution networks that are hard to target and have the distributed capacity to resist all but the largest DDoS attacks. • The second approach is to respond quickly to block DDoS traffic at the network layer, thus mitigating its impact and allowing services to stay operational.
Identity Theft • Identity theft is one of the most common professional cyberattacks since stolen identities—particularly • social security numbers, • credit card numbers, and medical records • can be easily sold on the black market for cash. • Such attacks tend to focus on • Centralized IT systems • Databases • Hacking into point-of-sale (PoS) • Other critical systems to obtain identity information.
Identity Theft • Impact: • Severe for victim enterprises • Data disclosure • Compensation to victims • Possibly penalties • Methods and Consequences: • Gain access to victim networks and get privileged access to victim data. • Potential Defense • Protect data using different security mechanisms • Should thing through the life cycle of the data from capture to disposal • Monitor the traffic • Take regular backup • Look your data from the adversary’s perspective
Industrial Espionage • Industrial espionage is a common attack performed by professional and nation-state attackers to gain advantages in international business. • In the international marketplace, such advantages can be big business,indeed, with billions of dollars and entire market segments at stake.
Industrial Espionage • Impact: • Difficult to measure since it is often difficult to differentiate • Competitors reading each other’s playbooks • Economic impact of players who gain the advantage of knowing their competitors every move. • Data is stolen (meeting schedules, enterprise processes etc) can be just as useful in defeating competitors in the international marketplace • Methods and Consequences: • Target victim networks to achieve an initial entry • Then exploit the entry to move laterally and gain privilege within the victim networks. • Once, administrative control is taken then stealing business information • Potential Defense • Detective and preventive measure is needed
Pickpocket • A “pickpocket” attack involves hacking victim systems to steal relatively small amounts of money across a large number of transactions. • Some common examples of this attack include redirecting direct deposit accounts, payroll, or accounts payable accounts to send money to the attackers’ accounts instead.
Pickpocket • Impact: • The attackers quickly get away with a large amount of money when the many transactions involved are added up. • When this money is transferred via wire transfer or direct deposit, it can be difficult or even impossible to trace and recover. • Methods and Consequences: • Trying to intercept and redirect the financial transactions (payroll , accounts payable system etc.) • By the time the victim enterprise catches the redirection, the money is often gone. • Potential Defense • Rapid alerting and auditing system is need to catch unauthorized changes before money is moved • Acquire help from financial institution by imposing time delays between when account information is changed and the change become effective.
Bank Heist • While a pickpocket attack involves changing financial destinations and intercepting the victim’s money, a bank heist involves simply getting direct access to the victim’s bank accounts and stealing it.
Bank Heist • Impact: • Victim losing money from their accounts partially or completely. • Poor safeguards afforded to consumer’s accounts by financial institutions • Methods and Consequences: • Compromise victim systems with privileges to access business financial accounts • Once successful, transfer large sums of money out via hard-to-trace methods such as wire transfer • Potential Defense • Closely guarding the computers and credentials • Securely manage corporate financial accounts or allowing financial personnel to manage these accounts from their personal computers used to surf the web.
Ransomware • Ransomware compromises victim computers • Encrypts the data • Charges a ransom to get the keys to decrypt the data. • It can be expensive for individuals. • It can be devastating at an enterprise level.
Ransomware • Impact: • Large amount of corporate data are accessible by large numbers of employees. • Employee having write access and compromised ending up encrypting it for everyone • Methods and Consequences: • Common type of malware that is out on the internet, constantly used to get into victim computers and enterprises. • Potential Defense • Hardening end points • Training users to not get infected • Having good segmentation and access controls • Good backup for recovery
CONCLUSION • Be flexible and adaptable to changing threats! • Don’t ignore Information Security principles! • Mature your Threat and Vulnerability Mgmt process! • Conduct frequent incident response exercises! • Invest in people & training! • Delay the adversary!
Thank You For Your Patience

Recommandé

Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Kabul Education University
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2Kabul Education University
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security GoalsKabul Education University
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 

Recommandé

Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Kabul Education University
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2Kabul Education University
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security GoalsKabul Education University
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
Security Basics
Security BasicsSecurity Basics
Security BasicsRishi Prasath
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Unit4 next
Unit4 nextUnit4 next
Unit4 nextIntegral university, India
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5Kabul Education University
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 introKhawar Nehal khawar.nehal@atrc.net.pk
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
Software Security
Software SecuritySoftware Security
Software SecurityAkNirojan
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4 Kabul Education University
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
System security
System securitySystem security
System securitysommerville-videos
 
Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5sabtolinux
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Security
Security Security
Security chian417
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Tcp udp
Tcp udpTcp udp
Tcp udpProgrammer
 

Contenu connexe

Tendances

5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
Software Security
Software SecuritySoftware Security
Software SecurityAkNirojan
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5sabtolinux
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 

Tendances (20)

5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 
Security Basics
Security BasicsSecurity Basics
Security Basics
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
Unit4 next
Unit4 nextUnit4 next
Unit4 next
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
Data security
Data securityData security
Data security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Data Security
Data SecurityData Security
Data Security
 
Software Security
Software SecuritySoftware Security
Software Security
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
System security
System securitySystem security
System security
 
Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Security
Security Security
Security
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
 

En vedette

Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Canada
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityAvani Patel
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlOpenDNS
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...CiNPA Security SIG
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerOpenDNS
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewCiNPA Security SIG
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Osecarrow
 
OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewCiNPA Security SIG
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampAlexander Benoit
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 

En vedette (20)

Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Tcp udp
Tcp udpTcp udp
Tcp udp
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic Worker
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Os
 
OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) Overview
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-Camp
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 

Similaire à Cyber Security # Lec 2

Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...GIRISHKUMARBC1
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020Arun Velayudhan
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacksSugirtha Jasmine M
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineSumanPramanik7
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxAadityaRauniyar1
 
Secure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdfSecure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdfnanangAris1
 

Similaire à Cyber Security # Lec 2 (20)

Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacks
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Computer security
Computer securityComputer security
Computer security
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
 
Secure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdfSecure Coding BSSN Semarang Material.pdf
Secure Coding BSSN Semarang Material.pdf
 

Plus de Kabul Education University

Searching and seizing Computer according to Afghanistan law
Searching and seizing Computer according to Afghanistan lawSearching and seizing Computer according to Afghanistan law
Searching and seizing Computer according to Afghanistan lawKabul Education University
 

Plus de Kabul Education University (20)

Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
 
ITIL # Lecture 9
ITIL # Lecture 9ITIL # Lecture 9
ITIL # Lecture 9
 
Cryptography and Network security # Lecture 7
Cryptography and Network security # Lecture 7Cryptography and Network security # Lecture 7
Cryptography and Network security # Lecture 7
 
ITIL # Lecture 8
ITIL # Lecture 8ITIL # Lecture 8
ITIL # Lecture 8
 
Cryptography and Network security # Lecture 6
Cryptography and Network security # Lecture 6Cryptography and Network security # Lecture 6
Cryptography and Network security # Lecture 6
 
ITIL # Lecture 7
ITIL # Lecture 7ITIL # Lecture 7
ITIL # Lecture 7
 
Cryptography and Network security # Lecture 5
Cryptography and Network security # Lecture 5Cryptography and Network security # Lecture 5
Cryptography and Network security # Lecture 5
 
ITIL # Lecture 6
ITIL # Lecture 6ITIL # Lecture 6
ITIL # Lecture 6
 
ITIL # Lecture 5
ITIL # Lecture 5ITIL # Lecture 5
ITIL # Lecture 5
 
ITIL # Lecture 4
ITIL # Lecture 4ITIL # Lecture 4
ITIL # Lecture 4
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4
 
ITIL # Lecture 3
ITIL # Lecture 3ITIL # Lecture 3
ITIL # Lecture 3
 
ITIL # Lecture 2
ITIL # Lecture 2ITIL # Lecture 2
ITIL # Lecture 2
 
ITIL # Lecture 1
ITIL # Lecture 1ITIL # Lecture 1
ITIL # Lecture 1
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
Searching and seizing Computer according to Afghanistan law
Searching and seizing Computer according to Afghanistan lawSearching and seizing Computer according to Afghanistan law
Searching and seizing Computer according to Afghanistan law
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensics
 
Csc342 lec 7 network security des
Csc342 lec 7 network security desCsc342 lec 7 network security des
Csc342 lec 7 network security des
 
Lect 5 computer forensics
Lect 5 computer forensicsLect 5 computer forensics
Lect 5 computer forensics
 

Dernier

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Cyber Security # Lec 2

  • 1. Lec-2: Cyber Security Mr. Islahuddin Jalal MS (Cyber Security) – UKM Malaysia Research Title – 3C-CSIRT Model for Afghanistan BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬
  • 2. Types of Cyberattacks • Cyberattacks compromise • Confidentiality by stealing money • Integrity by modifying data • Availability by denying access to data, services and systems • Some attacks may combine two or more of these types in a single attack but these three are the building block for most malicious cyberactivities.
  • 3. Types of Cyber Attack • Phishing/spearphing • Drive-By / Watering Hole / Malvertising • Code Injection / Webshell • Keyloggig / Session hijacking • Pass-the-Hash and Pass-the- ticket • Credential harvesting • Gate-crashing • Malware /Botnet • DDoS • Identity Theft • Industrial Espionage • Pickpocket • Bank Heist • Ransomeware
  • 4. Phishing / Spearphishing • Phishing and spearphishing are some of the most effective ways of getting into an enterprise’s network. • Attackers send e-mail to the victims (targeted e-mail to a specific person if it’s spearphishing), and the e-mail takes control of the victim’s computer.
  • 5. Phishing / Spearphishing • Impact: • Gain control of a personal computer inside the enterprise’s network • Spearphishing, this control includes a computer belonging to a specific person, such as an executive or systems administrator. • Methods and Consequences: • There are three techniques commonly used for phishing and spearphishing attacks. • Email message containing malicious attachment • Email to contain a link to a web page • Email to contain a link to a web page that asks for the victim to type his / her logon credentials • Potential Defense • Training to help users recognize when they are being phished • Educating executives and systems administrators on the threats • Protecting email and web gateways • Hardening endpoint computers
  • 6. Drive-By / Watering Hole / Malvertising • A drive-by or watering hole attack involves compromising a victim’s web site and then configuring that website to deliver malware to people who visit the site. • When unsuspecting users visit the site, their computers are infected with malware and the attackers are able to move their attack forward. • A malvertising attack has the same effect, but rather than directly compromising the site, attackers deliver malware through advertising feeds displayed on the web page alongside the victim’s content.
  • 7. Drive-by / Watering Hole / Malvertising • Impact: • Victim enterprise is an intermediary in an attack while targeting the people who visit the website • Victim will get collateral damage • Victim Enterprise’s reputation will be damaged when the story comes out • Methods and Consequences: There are two techniques commonly used for such kinds of attacks. • Web sites with vulnerabilities are exploited to get control of the site directly from the internet • Compromise the victim enterprise to get access to the computers and accounts with administrative control over the site • Potential Defense • Web site operators need to have strong configuration control over public-facing web sites • Advertising networks should strongly filter their content and prevent unexpected and unacceptable behavior • Surfing the web carefully using non-administrative credentials • Fully patched endpoint computers • Hardening endpoint computers
  • 8. Code Injection / Webshell • Servers are potentially just as vulnerable as endpoint computers, and they can be compromised using some of the same techniques. • Two attacks unique to servers are • Code injection • Webshells. • Code injection compromises a vulnerable web site by modifying requests to the site so they contain either scripting code or SQL code that is executed by the server without checking it. • If the server executes this code using administrative privileges, then the attackers can use the attack to take control of the server. • Once the attackers get control of the server, they can place a webshell into the server’s web site. • Webshell is a back door that allows attackers to come back to the server’s web site and execute commands directly on the server.
  • 9. Code Injection / Webshells • Impact: • Gain the administrative control over an internet facing server • Provide backdoor into the enterprise that is always open and operational for the attacker • Data and information can be compromised • Methods and Consequences: • Commonly used techniques for code injection and Webshells is as follow: • Attacker toolkits is used which contain exploits designed to test internet facing web sites for vulnerabilities • Periodically re-scan the sites to catch vulnerabilities (due to bad patch or coding mistakes) • Once the vulnerability is found then starting exploitation of that vulnerability and compromise the server and then install backdoor • Potential Defense • Strict configuration control of internet-facing servers is the best defense • Periodically scan the web sites for the vulnerabilities
  • 10. Keylogging / Session Hijacking • Keylogging: can be used to capture usernames and passwords of accounts with single-factor authentication, • Session hijacking: can be used to exploit accounts protected by multi- factor authentication. • Once attackers gain control of a victim’s endpoint computer, they can use a variety of methods to gain use of the victim’s online accounts.
  • 11. Keylogging / Session Hijacking • Impact: • Gain control over the victim’s online account • This control include • Victim’s address book • E-mail • Financial account and money • Methods and Consequences: • Commonly used techniques for keylogging and session hijacking is as follow: • Finding methods to install keylogger in victim’s system • If successful, then the attacker will know each and every button pressed by the victim • Attacker will wait, until the credentials found • Once these logons occurred, attackers can impersonate the user and make use of the accounts • Potential Defense • Secure endpoint to never be infected in the first place • Use unprivileged accounts • Protect end system by Anti-virus, anti-malware, intrusion prevention etc • Use multi-factor authentication systems
  • 12. Pass-the-Hash and Pass-the-Ticket • Pass-the-hash and pass-the-ticket are attack techniques that enable attackers to exploit credentials on an enterprise network. • These credentials are stored in computer memory and on hard drives. • These attacks effectively bypass the authentication mechanism of certain enterprise applications.
  • 13. Pass-the-Hash and Pass-the-ticket • Impact: • Attacker move laterally within enterprise IT environments from computer to computer • Methods and Consequences: • Commonly used techniques for Pass-the-Hash and Pass-the-ticket is as follow: • Try to gain administrative control of the victim’s computer • Scan the memory and hard drives for hashes and tickets belongs to user • Once hashes and tickets found, then use them to connect to other computers on the enterprise network and move laterally. • Potential Defense • Reduce vulnerabilities • Try to avoid storing hashes and tickets on hard drives • Try to store hashes and tickets over a network which is more difficult
  • 14. Credential Harvesting • Credential harvesting is a technique whereby attackers compromise systems that a large number of users visit. • They then harvest user credentials from those systems. • In this way, attackers can get the user credentials for a large portion of the enterprise, all in a single step.
  • 15. Credentials Harvesting • Impact: • Large number of user credentials compromising in a single step. • Afford them to access administrator credentials • Methods and Consequences: • Two common approaches for conducting credential harvesting attack • First, to target public-facing systems with large numbers of users (such as: e-mail, web portal, virtual desktop systems) • Exploit vulnerability to gain control, and then start capturing user credentials • Second, to get inside the enterprise and target vulnerabilities in authentication systems • Once authentication system is compromised, can get access to credential hashes, ticket, and usernames and passwords • Potential Defense • Understanding the enterprise IT systems collect large numbers of user logons. • Protect those systems • Successful compromise should be detected and responded to in a timely fashion • Use multi-factor tokens for authentication
  • 16. Gate-Crashing • Gate-crashing attacks involve attackers positioning themselves so they can exploit a vulnerability or a defender mistake to get past a particular security defense. • Due to the realities of security technology maintenance and human errors, almost every preventive defense gets disabled sometime, either intentionally or by accident. The gate-crashers make sure they are there to take advantage when it occurs.
  • 17. Gate-crashing • Impact: • To slip past defenses when the opportunity arises • The attacker waits multiple times for just the right vulnerability or mistake to occur • Methods and Consequences: • Two common approaches for conducting Gate-crashing attack • Manually: must have active command-and-control connections to systems inside the victim’s network • Automatically: intelligent malware watches the victim network for openings and then exploits those opening when occurs • Potential Defense • Defense layering • Active monitoring • Security administrator must be educated on gate-crashing
  • 18. Malware / Botnet • Malware is a generic term for malicious software, and it can include viruses, worms, Trojans, and others. • There is an extensive malware industry with commodity and custom toolkits that can be integrated together to perform remote control, session hijacking, credential harvesting, maintain persistence, and other functions. • It’s also important to consider remote control functions built into most modern operating systems as well since, with the right administrator credentials, those functions can be used for malicious purposes as well. • Once computers are infected with malware, they may be tied into a botnet so they can be accounted for and access to them can be sold to the highest bidder. Botnets can contain hundreds, thousands, or even millions of compromised machines that can then be used for any attacker purpose.
  • 19. Malware / Botnet • Impact: • Monitor all activity on the victim computer • Record any credentials and accounts used by the victim • Allow the attacker to use the computer, either on its own or in conjunction with other machines in a botnet • Methods and Consequences: • Install the malware by exploiting the vulnerability or by the user of the computer willingly from malicious web site, email attachment or web link. • Malware may be custom-built or morphed so it is not recognized by signature-based anti-virus • Once compromised and joined to a botnet, the computer and its data become available to the botnet operator • Potential Defense • Hardening OS • Anti-virus • Anti-Malware • User privilege limitation and application
  • 20. Distributed Denial of Service (DDoS) • DDoS involves flooding the victim’s computers with so much web traffic—generated from a distributed network—that the victim is unable to continuing delivering services over the Internet.
  • 21. DDoS • Impact: • Targeted web site is often rendered unusable • Web sites become unavailable to its own user, customer or partners • Methods and Consequences: • Compromise the computers and also thousands of compromised computers available on the internet to hire. • Point the hired compromised network towards the target • Potential Defense • There are two approaches to defend against DDoS: • The first approach is to utilize content distribution networks that are hard to target and have the distributed capacity to resist all but the largest DDoS attacks. • The second approach is to respond quickly to block DDoS traffic at the network layer, thus mitigating its impact and allowing services to stay operational.
  • 22. Identity Theft • Identity theft is one of the most common professional cyberattacks since stolen identities—particularly • social security numbers, • credit card numbers, and medical records • can be easily sold on the black market for cash. • Such attacks tend to focus on • Centralized IT systems • Databases • Hacking into point-of-sale (PoS) • Other critical systems to obtain identity information.
  • 23. Identity Theft • Impact: • Severe for victim enterprises • Data disclosure • Compensation to victims • Possibly penalties • Methods and Consequences: • Gain access to victim networks and get privileged access to victim data. • Potential Defense • Protect data using different security mechanisms • Should thing through the life cycle of the data from capture to disposal • Monitor the traffic • Take regular backup • Look your data from the adversary’s perspective
  • 24. Industrial Espionage • Industrial espionage is a common attack performed by professional and nation-state attackers to gain advantages in international business. • In the international marketplace, such advantages can be big business,indeed, with billions of dollars and entire market segments at stake.
  • 25. Industrial Espionage • Impact: • Difficult to measure since it is often difficult to differentiate • Competitors reading each other’s playbooks • Economic impact of players who gain the advantage of knowing their competitors every move. • Data is stolen (meeting schedules, enterprise processes etc) can be just as useful in defeating competitors in the international marketplace • Methods and Consequences: • Target victim networks to achieve an initial entry • Then exploit the entry to move laterally and gain privilege within the victim networks. • Once, administrative control is taken then stealing business information • Potential Defense • Detective and preventive measure is needed
  • 26. Pickpocket • A “pickpocket” attack involves hacking victim systems to steal relatively small amounts of money across a large number of transactions. • Some common examples of this attack include redirecting direct deposit accounts, payroll, or accounts payable accounts to send money to the attackers’ accounts instead.
  • 27. Pickpocket • Impact: • The attackers quickly get away with a large amount of money when the many transactions involved are added up. • When this money is transferred via wire transfer or direct deposit, it can be difficult or even impossible to trace and recover. • Methods and Consequences: • Trying to intercept and redirect the financial transactions (payroll , accounts payable system etc.) • By the time the victim enterprise catches the redirection, the money is often gone. • Potential Defense • Rapid alerting and auditing system is need to catch unauthorized changes before money is moved • Acquire help from financial institution by imposing time delays between when account information is changed and the change become effective.
  • 28. Bank Heist • While a pickpocket attack involves changing financial destinations and intercepting the victim’s money, a bank heist involves simply getting direct access to the victim’s bank accounts and stealing it.
  • 29. Bank Heist • Impact: • Victim losing money from their accounts partially or completely. • Poor safeguards afforded to consumer’s accounts by financial institutions • Methods and Consequences: • Compromise victim systems with privileges to access business financial accounts • Once successful, transfer large sums of money out via hard-to-trace methods such as wire transfer • Potential Defense • Closely guarding the computers and credentials • Securely manage corporate financial accounts or allowing financial personnel to manage these accounts from their personal computers used to surf the web.
  • 30. Ransomware • Ransomware compromises victim computers • Encrypts the data • Charges a ransom to get the keys to decrypt the data. • It can be expensive for individuals. • It can be devastating at an enterprise level.
  • 31. Ransomware • Impact: • Large amount of corporate data are accessible by large numbers of employees. • Employee having write access and compromised ending up encrypting it for everyone • Methods and Consequences: • Common type of malware that is out on the internet, constantly used to get into victim computers and enterprises. • Potential Defense • Hardening end points • Training users to not get infected • Having good segmentation and access controls • Good backup for recovery
  • 32. CONCLUSION • Be flexible and adaptable to changing threats! • Don’t ignore Information Security principles! • Mature your Threat and Vulnerability Mgmt process! • Conduct frequent incident response exercises! • Invest in people & training! • Delay the adversary!
  • 33. Thank You For Your Patience