FCS_Unit_2_Notes

Cyber Security Vulnerabilities and attacks

2.1. Cyber Security Vulnerabilities-

Overview-

Cybersecurity vulnerabilities refer to weaknesses or flaws in software, hardware,network configurations, or human behavior that can be exploited by malicious actors to compromise theconfidentiality, integrity, or availability of information systems. Understanding these vulnerabilities iscrucial for developing effective cybersecurity strategies.

vulnerabilities in software

1) Bugs and Coding Errors: Software may contain bugs or errors in the code that can be exploited by attackers.

2) Unpatched Software: Failure to apply security patches and updates can leave software vulnerable to known exploits.

3) Default Configurations: Software often comes with default settings that may not be secure. If not properly configured, these defaults can create vulnerabilities.

System administration

Cybersecurity system administration involves managing and maintaining the security of information systems, networks, and technology infrastructure within an organization. System administrators play a critical role in implementing, monitoring, and enforcing security measures to protect against cyber threats. Here are key aspects of cybersecurity system administration:

1) Access Control:

User Account Management: System administrators are responsible for creating, modifying, and disabling user accounts. They ensure that users have appropriate access levels based on their roles and responsibilities.

Authentication and Authorization: Implementing strong authentication methods and authorization mechanisms to control access to systems and sensitive data.

2) Configuration Management:

System Hardening: System administrators secure servers and devices by applying best practices for system hardening, which involves minimizing unnecessary services, disabling unnecessary ports, and configuring security settings.

Patch Management: Regularly applying security patches and updates to operating systems, software, and firmware to address known vulnerabilities.

3) Network Security:

Firewall Management: Configuring and maintaining firewalls to control incoming and outgoing network traffic and prevent unauthorized access.

Intrusion Detection and Prevention Systems (IDPS): Deploying and managing systems that monitor network and system activities for signs of malicious activities.

Complex Network Architectures

Complex network architectures in cybersecurity refer to intricate and sophisticated designs of interconnected systems, devices, and components that aim to enhance the security posture of an organization. These architectures are essential for managing the complexities of modern IT environments, where networks span across diverse technologies, cloud services, and various endpoints. Here are key considerations and components related to complex network architectures in cybersecurity:

1) Network Segmentation:

• Definition:Network segmentation involves dividing a larger network into smaller, isolated segments to contain and control the spread of cyber threats.
• Purpose:Segmentation enhances security by limiting lateral movement for attackers within the network. It helps in isolating critical assets and sensitive data from potential threats.

2) Zero Trust Architecture:

• Definition:Zero Trust is a security model that assumes no trust, even for users and devices inside the network perimeter. It requires verification for anyone and anything trying to connect to resources.
• Purpose:Zero Trust architectures provide enhanced security by requiring continuous authentication, authorization, and monitoring, reducing the risk of unauthorized access.

3) Microsegmentation:

• Definition:Microsegmentation is an advanced form of network segmentation, where security policies are applied to individual workloads or applications rather than broader network segments.
• Purpose:Microsegmentation provides granular control over communication flows, limiting lateral movement and minimizing the attack surface within the network.

4) Software-Defined Networking (SDN):

• Definition:SDN separates the control plane from the data plane in networking, allowing dynamic and programmable management of network resources.
• Purpose:SDN enables efficient and flexible network management, making it easier to implement and enforce security policies in response to evolving threats.

5) Virtual Private Networks (VPNs):

• Definition:VPNs create encrypted tunnels over public networks, allowing secure communication between remote users or branch offices and the corporate network.
• Purpose:VPNs protect data in transit, ensuring confidentiality and integrity, especially for remote workers or organizations with geographically dispersed offices.

Threat Actors

The term threat actor is broad and relatively all-encompassing, extending to any person or group that poses a threat to cybersecurity. Threat actors are often categorized into different types based on their motivation and, to a lesser degree, their level of sophistication.

1) Cybercriminals

These individuals or groups commit cyber crimes, mostly for financial gain. Common crimes committed by cybercriminals include ransomware attacks, and phishing scams that trick people into making money transfers or divulging credit card information, login credentials, intellectual property or other private or sensitive information.

2) Nation-state actors

Nation states and governments frequently fund threat actors with the goal of stealing sensitive data, gathering confidential information, or disrupting another government’s critical infrastructure. These malicious activities often include espionage or cyberwarfare and tend to be highly funded, making the threats complex and challenging to detect.

3) Hacktivists

These threat actors use hacking techniques to promote political or social agendas, such as spreading free speech or uncovering human rights violations. Hacktivists believe they are affecting positive social change and feel justified in targeting individuals, organizations, or government agencies to expose secrets or other sensitive information. A well-known example of a hacktivist group is Anonymous,an international hacking collective that claims to advocate for freedom of speech on the internet.

4) Thrill seekers

Thrill seekers are just what they sound like—they attack computer and information systems primarily for fun. Some want to see how much sensitive information or data they can steal; others want to use hacking to better understand how networks and computer systems work. One class of thrill seekers, called script kiddies, lack advanced technical skills, but use pre-existing tools and techniques to attack vulnerable systems, primarily for amusement or personal satisfaction. Though they don't always seek to cause harm, thrill seekers can still cause unintended damage by interfering with a network's cybersecurity and opening the door to future cyberattacks.

5) Insider threats

Unlike most other actor types, insider threat actors do not always have malicious intent. Some hurt their companies through human error, e.g. by unwittingly installing malware, or losing a company-issued device that a cybercriminal finds and uses to access the network. But malicious insiders do exist—for example, the disgruntled employee who abuses access privileges to steal data for monetary gain, or causes damage to data or applications in retaliation for being passed over for promotion.

6) Cyberterrorists

Cyberterrorists launch politcally or ideologically motivated cyberattacks that threaten or result in violence. Some cyberterrorists are nation-state actors; others actor on their own or on behalf of a non-government group.

Attacks

Cyber-attacks can be classified into the following categories:

1) Web- based attack

2) System-based attack

I) Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important web-based attacks are as follows-

1.Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information.

Example-SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security.

II) System-based attacks

These are the attacks which are intended to compromise a computer or a computer network. Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when opened/executed some malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services. Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.

Weak Authentication

Weak authentication in cybersecurity refers to the use of inadequate or easily compromised methods to verify the identity of users accessing systems, applications, or data. Authentication is a critical component of cybersecurity, as it ensures that only authorized individuals have access to sensitive information and resources. Weak authentication measures can leave systems vulnerable to unauthorized access, identity theft, and other security threats. Here are common examples of weak authentication practices:

1) Password Weakness:

• Common Passwords:The use of easily guessable passwords, such as "password123" or "admin," poses a significant security risk.
• No Complexity Requirements:Lack of requirements for complex passwords (e.g., a mix of uppercase and lowercase letters, numbers, and symbols) can make passwords easier to crack.
• Password Reuse:Reusing passwords across multiple accounts increases the impact of a security breach.

2) Default Credentials:

• Failure to Change Defaults:Systems, devices, or applications often come with default usernames and passwords. Failure to change these defaults increases the risk of unauthorized access.

3) Single-Factor Authentication (SFA):

• Username and Password Only:Relying solely on a username and password without an additional layer of authentication (e.g., a one-time password or biometric verification) is less secure.

4) Inadequate Multi-Factor Authentication (MFA):

• Limited Authentication Factors:MFA involves using multiple factors for authentication (e.g., something you know, have, or are). If MFA is implemented but lacks diversity in factors, it may be vulnerable.

5) Unsecured Authentication Protocols:

• Use of Insecure Protocols:Protocols like Telnet and HTTP transmit credentials in plaintext, making it easier for attackers to intercept and use them.

Unprotected Broadband communications

Unprotected broadband communications can pose significant cybersecurity risks, as these networks carry vast amounts of data and are susceptible to various threats. Broadband communications refer to high-speed, high-capacity internet connections that enable the transmission of data, voice, and multimedia content. Ensuring the security of broadband communications is crucial to safeguard sensitive information, maintain privacy, and protect against cyber threats.

Poor Cyber Security Awareness

Poor cybersecurity awareness is a significant challenge that can expose individuals and organizations to various cyber threats. Awareness gaps can lead to the improper handling of sensitive information, falling victim to phishing attacks, neglecting security best practices, and an overall increased risk of cybersecurity incidents.

Strategies to Improve Cybersecurity Awareness:

1. Training and Education Programs:
   • Develop and implement regular cybersecurity training programs for employees, covering topics such as phishing, password security, and social engineering.
2. Simulated Phishing Exercises:
   • Conduct simulated phishing exercises to test users' ability to recognize phishing attempts and provide immediate feedback for learning.
3. Communication and Awareness Campaigns:
   • Launch ongoing communication campaigns to raise awareness about emerging threats, best practices, and the importance of cybersecurity.
4. Policy Development and Enforcement:
   • Establish clear and comprehensive cybersecurity policies, and enforce them consistently across the organization. Regularly communicate policy updates.
5. User-Friendly Security Measures:
   • Implement user-friendly security measures to encourage compliance, such as two-factor authentication, biometric authentication, and secure password reset processes.

Cyber Security Safeguards-

Overview

Cybersecurity safeguards refer to a set of measures, practices, and technologies implemented to protect information systems, networks, and data from unauthorized access, attacks, and damage. These safeguards are crucial for maintaining the confidentiality, integrity, and availability of digital assets in the face of evolving cyber threats.

1) Access control

• Definition:Access controls restrict and manage user access to systems, networks, and data based on their roles and responsibilities.
• Purpose:Prevent unauthorized access, limit privileges, and ensure that individuals have appropriate levels of access.

2) Audit:

• Description:Auditing involves the systematic examination of systems, processes, and activities to ensure compliance, identify vulnerabilities, and detect suspicious behavior.
• Purpose:Verify adherence to security policies, assess the effectiveness of security controls, and identify areas for improvement.

3) Authentication:

• Description: Authentication is the process of verifying the identity of a user, system, or device attempting to access a network or application.
• Purpose: Ensure that only authorized entities gain access to resources, preventing unauthorized access and potential security breaches.

4) Biometrics:

• Description: Biometrics involves the use of unique biological or behavioral characteristics, such as fingerprints or facial recognition, for user identification.
• Purpose: Enhance authentication security by using distinctive and difficult-to-replicate physical or behavioral attributes.

5) Cryptography:

• Description: Cryptography is the practice of securing communication and data through the use of mathematical algorithms to encrypt and decrypt information.
• Purpose: Protect data confidentiality, integrity, and authenticity through encryption, digital signatures, and other cryptographic techniques.

6) Deception:

• Description: Deception involves creating decoy systems or information to mislead attackers and divert their attention from critical assets.
• Purpose: Deter and detect attackers by introducing confusion and misdirection within the network.

7) Denial of Service (DoS) Filters:

• Description: DoS filters are security mechanisms designed to identify and mitigate Denial of Service attacks that aim to disrupt or overwhelm network services.
• Purpose: Prevent or minimize the impact of DoS attacks by filtering out malicious traffic and maintaining service availability.

8) Ethical Hacking:

• Description: Ethical hacking involves authorized individuals or teams mimicking the actions of malicious hackers to identify vulnerabilities and weaknesses.
• Purpose: Proactively assess and improve the security posture of systems by identifying and addressing potential security flaws.

9) Firewalls:

• Description: Firewalls are network security devices that monitor and control incoming and outgoing traffic based on predetermined security rules.
• Purpose: Act as a barrier between trusted internal networks and untrusted external networks, blocking unauthorized access and potential threats.

10) Intrusion Detection Systems (IDS):

• Description: IDS monitors network or system activities to detect and respond to suspicious behavior or security policy violations.
• Purpose: Provide real-time alerts and response capabilities to potential security incidents or breaches.

Threat Management.

Threat management is a crucial component of cybersecurity that involves the identification, assessment, and response to potential threats and risks to an organization's information systems and data.

Description: Threat management encompasses strategies and processes to identify, assess, and respond to cybersecurity threats and risks.

Purpose: Proactively manage and mitigate threats to the organization's information systems and data.