Some differences between traditional

What is Security? security and information security

Security is the protection of assets. The
three main aspects are: • Information can be stolen - but you still
have it
• prevention • Confidential information may be copied and
sold - but the theft might not be detected
• detection • The criminals may be on the other side of
the world

• re-action
1 2

Computer Security
Computer security is the protection of computer systems
and information from harm, theft, and unauthorized use.
It is the process of preventing and detecting unauthorized
use of your computer system.
Terms used:
• Information security is securing information
from unauthorized access, modification &
deletion
• Computer Security means securing a standalone
machine by keeping it updated and patched
• Cybersecurity is defined as protecting computer
systems, which communicate over the
computer networks

3 4

1
 Components of computer The CIA Triad
system
• Hardware, the physical part of the computer,
like the system memory and disk drive
• Firmware, permanent software that is etched
into a hardware device’s nonvolatile memory
and is mostly invisible to the user
• Software, the programming that offers services,
like operating system, word processor, internet
browser to the user
5 6

• Confidentiality is ensuring that Confidentiality

information is available only to the
intended audience
• Integrity is protecting information from
being modified by unauthorized parties
• Availability is protecting information from
being modified by unauthorized parties
• The prevention of unauthorised disclosure
of information.
• Confidentiality is keeping information
secret or private.
• Confidentiality might be important for
military, business or personal reasons.

7 8

2

Integrity
• Integrity is the unauthorised writing or
modification of information.
• Integrity means that there is an external
consistency in the system - everything is as
it is expected to be.
• Data integrity means that the data stored on
a computer is the same as the source
documents.
9 10
• Virus – A malware which requires some form of
user’s interaction to infect the user’s device. The
classic example is an e-mail attachment containing
malicious executable code. If a user receives and
opens such an attachment, the user inadvertently
runs the malware on the device.
• Worm – A malware which can enter a device
without any explicit user interaction. For example,
a user may be running a vulnerable network
application to which an attacker can send malware.
Basic Network Attacks
• Malware – It is the malicious software which is
specifically designed to disrupt, damage, or gain
authorized access to a computer system. Much of
the malware out there today is self-replicating:
once it infects one host, from that host it seeks
entry into other hosts over the Internet, and from
the newly infected hosts, it seeks entry into yet
more hosts. In this manner, self-replicating
malware can spread exponentially fast.
• Botnet – A botnet is a group of computers connected
to the internet, that have been compromised by a
hacker using a computer virus. An individual
computer is called ‘zombie computer’. The result of
this threat is the victim’s computer, which is the bot
will be used for malicious activities.
• Rootkit: A rootkit is a computer program designed to
provide continued privileged access to a computer
while actively hiding its presence. Once a rootkit has
been installed, the controller of the rootkit will be
able to remotely execute files and change system
configurations on the host machine.
12
3
Keylogger: Also known as a keystroke logger,
keyloggers can track the real-time activity of a user
on his computer. It keeps a record of all the
keystrokes made by user keyboard. Keylogger is also
a very powerful threat to steal people’s login
credential such as username and password.
13
• Connection flooding: The attacker
establishes a large number TCP connections
at the target host. It is also known as a
"TCP connection flood“. it attempts to
occupy all possible TCP connections on a
server. By flooding the server with requests
for new connections, it prevents legitimate
requests from being established and served.
15
DoS (Denial of Service) – A DoS attack renders a
network, host, or other pieces of infrastructure unusable
by legitimate users. Most Internet DoS attacks fall into
one of three categories :
• Vulnerability attack: This involves sending a few well-
crafted messages to a vulnerable application or operating
system running on a targeted host. If the right sequence of
packets is sent to a vulnerable application or operating
system, the service can stop or, worse, the host can crash.
• Bandwidth flooding: The attacker sends a deluge of
packets to the targeted host—so many packets that the
target’s access link becomes clogged, preventing
legitimate packets from reaching the server.
• DDoS (Distributed DoS) – DDoS is a type
of DOS attack where multiple compromised
systems, are used to target a single system
causing a Denial of Service (DoS) attack.
DDoS attacks leveraging botnets with
thousands of comprised hosts are a common
occurrence today. DDoS attacks are much
harder to detect and defend against than a
DoS attack from a single host.
16
4
Packet sniffer – A passive receiver that records
a copy of every packet that flies by is called a
packet sniffer. By placing a passive receiver in
the vicinity of the wireless transmitter, that
receiver can obtain a copy of every packet that
is transmitted! These packets can contain all
kinds of sensitive information, including
passwords, social security numbers, trade
secrets, and private personal messages. some of
the best defenses against packet sniffing
involve cryptography.
Man-in-the-Middle Attack –It is a type of
cyberattack where a malicious actor inserts
him/herself into a conversation between two
parties, impersonates both parties and gains
access to information that the two parties were
trying to send to each other. A man-in-the-
middle attack allows a malicious actor to
intercept, send and receive data meant for
someone else, or not meant to be sent at all,
without either outside party knowing until it is
too late
19
• IP Spoofing – IP spoofing refers to
connection hijacking through a fake Internet
Protocol (IP) address. IP spoofing is the
action of masking a computer IP address so
that it looks like it is authentic. During this
masking process, the fake IP address sends
the message coupled with an IP address that
appears to be authentic and trusted
18
• Compromised-Key Attack – A key is a
secret code or number necessary to interpret
secured information. After an attacker
obtains a key, that key is referred to as a
compromised key. An attacker uses the
compromised key to gain access to a
secured communication without the sender
or receiver being aware of the attack.
20
5
 • Phishing – Phishing is a form of fraud in
which an attacker act as a genuine entity or
person in email or other communication
channels. The attacker uses phishing emails
to distribute malicious links or attachments
that can perform a variety of functions,
including the access of login credentials,
account information, credit card information
from victims.
21
• Avoid clicking on email attachments unless you
know the source
• Change passwords regularly, using a unique
combination of numbers, letters and case types
• Use the internet with caution and ignore pop-ups,
drive-by downloads while surfing
• Perform daily full system scans and create a
periodic system backup schedule to ensure your
data is retrievable should something happen to
your computer.
23
Computer Security Practices
Some preventive steps you can take include:
• Secure your computer physically by:
– Installing reliable, reputable security and anti-virus
software
– Activating your firewall, because a firewall acts as
a security guard between the internet and your
local area network
• Stay up-to-date on the latest software and news
surrounding your devices and perform
software updates as soon as they become
available 22
6 Indian Websites That Have Recently
Been Taken Down By Hackers
Telecom Regulatory Authority of India
(TRAI): Indian Telecom regulator TRAI's
website was hacked soon after it released
millions of email IDs which were used to send
the response to a consultation paper. Famous
hacker group Anonymus' India wing was
behind this and they claimed the responsibility
on twitter as well.
24
6
Indian Army: In April 2015, the army's
Principal Comptroller of Defence Accounts
Officers (PCDAO) website was reportedly
hacked in April 2015. It has personal and
financial information of army personnel.
Many officers were unable to access their
salary information.
University website hacks: JNU's library
website was compromised to warn the 'anti-
nationals' and 'Traitors'. The official website
of Orissa University of Agriculture and
Technology (OUAT) was also hacked
25
Central Bureau Of Investigation (CBI):
Pakistani hackers have been targeting Indian
cyberspace since a long time. In December
2010, they attacked the intelligence
agency CBI's website. The 'Pakistani Cyber
Army' also left a message about filtering
controls of National Informatics Center (NIC).
27
Indian Space Research Organisation
(ISRO): Indian Space Research
Organization's marketing arm Antrix saw its
website hacked in July 2015. Users were
redirected to a buying portal while trying to
access the website. Later on, there was a 404
error on the web page.
• Kerala Government website: Pakistani
hackers took down the Kerala government
website and replaced its page with "Pakistan
Zindabad" and "Security is just an illusion".
Hackers also displayed their names and
said, "We are an army of Pakistani hackers".
Marketplace for Vulnerabilities
• Option 1: bug bounty programs
– Google: up to $3133.7 in 2010, now up to $20K per
bug
– Facebook: up to $20K per bug
– Microsoft: up to $150K per bug
– Pwn2Own competition: $10-15K
• Option 2: vulnerability brokers
– ZDI, iDefense: $2-25K
• Option 3: gray and black markets
– Up to $100-250K reported (hard to verify)
slide 28
– A zero-day against iOS sold for $500K (allegedly)
7
 It’s a Business
• Several companies specialize in finding and
selling exploits
– ReVuln, Vupen, Netragard, Exodus Intelligence
– The average flaw sells for $35-160K
– $100K+ annual subscription fees
• Nation-state buyers
– “Israel, Britain, Russia, India and Brazil are some
of the biggest spenders. North Korea is in the
market, as are some Middle Eastern intelligence
services. Countries in the Asian Pacific, including
Malaysia and Singapore, are buying, too” slide 29
Marketplace for Stolen Data
• Single credit card number: $4-15
• Single card with magnetic track data: $12-30
• “Fullz”: $25-40
– Full name, address, phone, email addresses (with
passwords), date of birth, SSN, bank account
and routing numbers, online banking credentials,
credit cards with magnetic track data and PINs
• Online credentials for a bank account with
$70-150K balance: under $300
slide 30

Marketplace for Victims

• Pay-per-install on compromised machines
– US: $100-150 / 1000 downloads, “global mix”:
$12-15
– Can be used to send spam, stage denial of service
attacks, perform click fraud, host scam websites
• Botnets for rent
– DDoS: $10/hour or $150/week
– Spam: from $10/1,000,000 emails
• Tools and services
– Basic Trojans ($3-10), Windows rootkits ($300),
email, SMS, ICQ spamming tools ($30-50), botnet
slide 31

setup and support ($200/month, etc.)