DEV Community

vishwasnarayanre
vishwasnarayanre

Posted on • Edited on

Cyber Security

First, I would say understand the seven layers of the Cyber security.

Alt Text

Now understand all the hardware and software and the ports just run on Operating System and have a specific driver and any set of the hardware's defined thus its hackable.

What is cyber security?

The practice of protecting computers, websites, mobile devices, electronic services, networks, and data against malware threats is known as cyber defense. It's sometimes referred to as information infrastructure protection or electronic data security. The concept is used in a number of ways, ranging from enterprise to mobile computing, and can be classified into a few general groups for the computer defence.

Computer defence(never go offensive), also known as cybersecurity or information technology security, is the safeguarding of computer systems and networks from information leakage, theft or harm to their devices, applications, or electronic records, as well as interruption or misdirection of the services they offer.

It's no surprise that online security breaches are becoming so common. Despite the fact that digital is pervading every aspect of our lives, most people are terrible at security. In a 2016 Pew Research poll on cybersecurity, the vast majority of online adults correctly answered just two of thirteen questions.
Let's do something about it by strengthening our own personal digital protections.While not to be confused with the internet, the word "cyberspace" refers to identities or incidents that occur during the contact process. Consider a website, which exists in CyberSpace as well.Interactions of others If you make a tweet, upload a photo, or share a message, all of these social experiences take place in Cyber Space, and this Cyber Space is evolving in seconds rather than minutes. Many of these activities are taking place "in cyberspace," not in their actual environments. You can see a picture below of different digital devices that are linked through the internet.The comoanies assets are on the internet.

I've made it a tradition over the last 2 years or so to do an annual audit of my personal digital security. Every year, I review all of my online activities for security risks and make a commitment to improve. As a product of the endeavor, these are the behaviors I employ for the search and bounty.

In general, I attempt to address these core questions:

  • What data is available about me, and where is it stored and what kind of a domain it?

Never say to a person where you have hosted your websites through always make sure to use a custom domain name certificate and also have a certified SSL for your websites.

  • What are the risks that I’m going to guard against (playing defensive against all the offenses) i.e. what is my Threat Model?

Please make sure that you have all the ethical aspects when you do the bounty or the cyberattack and also dont missuse your freedom.

  • What are the impacts to my privacy and also about my social presence?

You should be very carefull abut what is your social presence and also about all the aspects that you want to take care.

Network protection is the practise of defending a computer network against intruders, whether they be targeted attackers or opportunistic malware.

Application secutiry is concerned with keeping apps and computers safe from attacks. A hacked programme could allow access to the data it is supposed to secure. Protection starts in the design stage, well before a software or system is implemented.

Information protection safeguards the confidentiality and anonymity of data when it is in storage and transit.

The procedures and decisions for managing and maintaining computer properties are included in operational security. This includes the permissions that users have when connecting to a network as well as the procedures that govern how and where data can be accessed or exchanged.

Disaster recovery and business continuity describe how a company reacts to a cyber-security incident or some other situation that results in the loss of activities or records. Disaster recovery procedures govern how an organisation recovers its activities and records in order to resume operations at the same level as before the disaster.Business sustainability is the plan that a company uses when it is unable to function due to a lack of funding.

End-user education tackles the most unpredictability of cyber-security: individuals. By failing to observe sound security standards, someone may inadvertently inject a virus into an otherwise stable environment. Instructing users to remove questionable email attachments rather than inserting unknown plug-in.

Types of cyber threats and attacks that you might face
The threats countered by cyber-security are three-fold:
Today, the term is almost entirely used to refer to information security issues. We've taken to visualising the digital phenomena as a tangible one because it's difficult to imagine how digital signals flowing over a wire might reflect an assault.A cyber assault is an attack launched against us (or our digital devices) through cyberspace. Cyberspace, a non-existent cyber space, has become a term for understanding digital weaponry designed to threaten us.What is true, though, is the attacker's motive as well as the possible effect. While certain cyber attacks are minor annoyances, others are very serious, even endangering human lives.

Cyber attacks are a major concern. Cyber attacks will result in power outages, the loss of military facilities, and the disclosure of national security information. They will lead to the stealing of important and confidential data, such as medical information. They have the ability to interrupt phone and internet networks as well as paralyze devices, rendering data inaccessible. It is not an exaggeration to suggest that cyber attacks have the potential to disrupt the functioning of life as we know it.

Threats are now becoming more severe. According to Gartner, "cybersecurity risks pervade every organisation and aren't always directly under IT's control."Market executives are pushing forward with digital business plans, and those leaders are making technology-related risk decisions on a daily basis. Increased cyber vulnerability exists, but so do computer protection solutions.”

Virtually every cyber threat falls into one of these three modes. In terms of attack techniques, malicious actors have an abundance of options.

Actors in cyberspace : In cybersecurity, the "enemy" we may learn about is known as a "threat actor" - a concept that may apply to lone individuals, organised crime organisations, or whole entities attempting to compromise an individual's or organization's protection.

  1. Cybercrime includes single threat actors or groups targeting systems (like DDOS) for financial gain or to cause disruption.

  2. Cyber-attack often involves politically motivated information gathering and threats which can be like an apocalypse.

  3. Cyberterrorism is predetermined to undermine electronic systems to cause panic or fear in the victim.

Cyber attacks may originate from a wide range of locations, individuals, and contexts. Among the malicious actors are:

Individuals that create attack vectors using their own software tools
Criminal organizations that are run like corporations, with large numbers of employees developing attack vectors and executing attacks

  • Nation states
  • Terrorists
  • Industrial spies
  • Organized crime groups
  • Unhappy insiders
  • Hackers
  • Business competitors

So, how do malicious actors gain control of computer systems? Here are some common methods used to threaten cyber-security:

Malware
Malware is short for malicious applications. Malware is software developed by a cybercriminal or intruder to disable or destroy a legitimate user's computer. It is one of the most popular cyber threats. Malware, which is often distributed through unsolicited email attachments or legitimate-looking downloads, can be used by cybercriminals to make money or in politically motivated cyber-attacks.

There are a number of different types of malware, including:

  • Virus : A software that binds itself to clean files and spreads within a computer system, infecting files with malicious code.

  • Trojans : Malware that behaves as legitimate apps. Cybercriminals deceive users into installing Trojans on their computers, which inflict harm or capture data.

  • Spyware : A software that secretly tracks what a user does in order for cybercriminals to use this material. Spyware, for example, may record credit card information.

Probably shoulder surfing and spoofing might also come uder this category.

  • Ransomware: Malware that encrypts a user's files and data and threatens to delete it until a ransom is paid.

  • Adware: Advertising tech that has the potential to distribute malware in the victims local system or the server.

  • Botnets : Malware-infected computer networks that cybercriminals use to execute activities online without the user's consent.

SQL injection

SQL (structured language query) injection is a method of cyber-attack used to gain access to and steal data from a database. Cybercriminals take advantage of flaws in data-driven applications to inject malicious code into a database with a malicious SQL comment. This grants them access to the database's classified details.

this attack is a fact that we still know how the computer or the server behaves.

Phishing

Phishing occurs as cybercriminals send emails that claim to be from a reputable organisation and request personal information from victims. Phishing attacks are often used to trick users into providing credit card information and other sensitive information.

Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat in which a cybercriminal intercepts contact between two people in order to steal information. On an insecure WiFi network, for example, an attacker might intercept data passing between the victim's computer and the network.

Denial-of-service attack
A denial-of-service attack occurs as cybercriminals overload networks and servers with traffic in order to block a computer system from serving legitimate requests. This makes the machine inoperable and prevents an entity from performing critical functions.
and many more

Domains of Cyber Security
Below are the domains of Cybersecurity as a subject.

  • Access Control Systems and Methodology
  • Telecommunications and Network Security
  • Business Continuity Planning and Disaster Recovery Planning
  • Security Management Practices
  • Security Architecture and Models
  • Law, Investigation, and Ethics
  • Application and Systems Development Security
  • Cryptography
  • Computer Operations Security
  • Physical Security

Access Control Systems and Methodology:
The primary goal of Cyber Security is to safeguard your files. But, first, we'll learn more about Data and the different access control schemes and methodologies.
Six Dimensions of Data Quality Assessment :
A Data Quality(DQ) Dimension is a well-known concept that describes a data attribute that can be analysed or tested against predefined criteria in order to analyse data quality.
The six core data quality dimensions are:

  1. Consistency
  2. Completeness
  3. Correctness
  4. Accessibility
  5. Timeliness
  6. Accuracy

States of Data :
Understanding the various states of digital data will help you choose the various types of security measures and encryption methods to use on the data. In this section, we will look at three types of data states.

  1. Data at rest/storage : Data at rest refers to data that has been stored on a physical medium or backup medium, such as hard drives or even cell devices. What distinguishes data at rest is that it is unused and is not actually being exchanged or stored.
  2. Data in motion/transmission: The second data process has begun. Data in motion is actually being sent over a network or is sitting in a computer's RAM waiting to be read, modified, or interpreted. Emails or data shared through FTP or SSH are examples.
  3. Data in process : The third step of data is in use or in operation. This data state is not passively stored on a storage medium. This is the data that one or more programmes are processing. This is the information that is currently being created, modified, appended, or deleted.

The third step of data is in use or in operation. This data state is not passively stored on a storage medium. This is the data that one or more programmes are processing. This is the information that is currently being created, modified, appended, or deleted.

Confidentiality :It guarantees that only approved parties have access to computer-related assets, also known as confidentiality or privacy.
Measures taken to discourage classified information from meeting the wrong persons and to ensure that only designated individuals have access to it.

Technique used is Encryption

Encryption to ensure Confidentiality:
If we choose to word “HELLO,” we can use cryptography to substitute each alphabet of HELLO with its neighbour alphabet, such as H replacing I, E replacing F, and so on, rendering the word meaningless. Then we decrypt using the same method as on the other hand.
Bitlocker is a disk/drive-level encryption. We cannot apply BitLocker on file.
The NTFS file system is used for Windows. EFS (Encrypted File System)-File Level Encryption is accessible. Right-click on the file and choose Properties (Compress the contents in blue color).

Features of EFS: There are two colors that show encryption and decryption.
Policies are at the heart of the whole operation. To hold a data backup. When an employee resigns, the corporation reformats the scheme, erasing the BitLocker keys and other data.

Types of Encryption

There are two top-level types of encryption. Symmetric and Asymmetric

  1. Symmetric Encryption :
    Encrypts and decrypts data with the same key.Consider using a desktop password manager. You enter your name, which is encrypted with your exclusive key. When it is time to recover the data, the same key is used, and the data is decrypted.

  2. Asymmetric Encryption :
    It employs a private key and a public key pair.
    A single key will encrypt but not decrypt its own decrypted data. The paired key is needed to decrypt.

Asymmetric encryption is used for topics like HTTPS Transport Layer Security (TLS) and data signing.

Access Controls:
Access controls authenticate and authorize individuals to access the information they are allowed to see and use

  1. Something you know — (you know passwords)
  2. Something you are — (biometric scan)
  3. Something you have — (ATM card)
  4. Something you do — (signature style)

Integrity of Data :

Integrity : This ensures the properties can only be changed by registered parties and in approved ways. Ensures the material is in a format that is true and valid for the purposes for which it was created. It entails ensuring the quality, precision, and trustworthiness of data over the entire life cycle.
Hash is the technique used.

Hash: Hash Calculator that accepts a file as input and applies an algorithm to it. The object of hashing is to demonstrate that the original file has not been altered.
Let's look at a real-world example of hashing using the Microsoft File Checksum Integrity Verifier. You will have it from the internet.

Availability of Data :
It ensures the funds are available to approved parties at all times. High availability (99.9 percent) with a 0.1 percent error rate, and 99.999 uptime with a 0.0001 error rate when improved. It is carried out by techniques such as hardware repair, programme patching, and network optimization.
A Denial of Service Attack is a classic example of a malicious actor's lack of availability (DOS).

SLA : The Service Level Agreement is a legally binding contract. It is a contract between a service provider and a customer. Specific facets of service — such as consistency, affordability, and obligations — are settled upon between the service provider and the service consumer. If a service recipient should not accept files in a timely manner, the service provider is fined.

Before discussing the types of DOS attacks, let’s have a look at Ping Command.

  • Ping is a computer network management software utility that is used to measure a host's reachability on an Internet Protocol network. A quick way to see if a computer can connect with another computer or network system over the network.(available both in Windows anf Linux)
  • ping 127.0.0.1 (127.0.0.1 is a loopback address)
  • ping <any ip> is for any domain to be tested.

Types of DOS Attacks:
Will discuss a few of the DOS Attacks

  1. Ping of Death
  2. Ping of Flood
  3. Smurf Attack
  4. Fraggle Attack

Ping of Death:

A Ping of Death attack is a form of Denial of Service (DoS) attack in which the attacker sends a packet that is greater than the maximum allowed capacity, forcing the target computer to freeze or crash.

Ping of Flood:

Ping flood, also known as ICMP flood, is a popular Denial of Service (DoS) attack in which an attacker overwhelms a victim's device with ICMP echo requests, also known as pings. As an example, consider the Education Board's website.

Fraggle Attack :
A Fraggle attack is a form of DOS attack in which the attacker sends a large amount of spoofed UDP traffic to a network router's broadcast address.

Note:

"Bugs and Viruses play a majour role in destoying the software thus some first found were."

On September 9, 1947 CE, the world's first computer bug was discovered. On September 9, 1947, a team of computer scientists at Harvard University announced the world's first computer bug—a moth stuck in their computer.

The first computer virus, known as the "Creeper Virus," was discovered in 1971. The virus was finally removed by a machine known as "The Reaper," although it is important to remember that the Reaper was also a virus.

TeleCommunications and Network Security:

The focus is on messaging, protocols, and network facilities, as well as the possible flaws involved with each. It refers to the procedures and policies put in place to deter and track unauthorised access and abuse of a computer network and its infrastructure.

Protocols:
Network Protocols are a series of rules that regulate the exchanging of information in a simple, dependable, and protected manner. There are three kinds of network protocols, as mentioned below:

  • TCP/IP
  • OSI Model
  • CISCO Hierarchical Model
  • TCP/IP VS OSI Model

The two most popular network protocols are TCP/IP and the OSI model. The primary distinction between them TCP/IP is a functional model used for forming a stable link and communicating over a network, while OSI is a logical model.

Hierarchical Model of Cisco:
Cisco has developed a three-layered hierarchical architecture for creating a dependable infrastructure. Each of the layers has its own functionality and features, which aids in the reduction of network complexity.

  1. Access Layer : Control network resource access for users and workgroups. Layer 2 switches are usually used in this layer.
  2. Distribution Layer : It acts as a bridge between the entry layer and the main layer. This layer is usually made up of multilayer switches.
  3. Core Layer : This layer, also known as the Backbone layer, is in charge of easily moving large volumes of traffic. Planning for the Unexpected: Contingency Planning : IR(Incident Response)-There are several tears, so the first move is to identify, contain, investigate (forensics), execute the remedy, and register (document) DR(Disaster Recovery) : Floods and earthquakes are examples of high-level problems that cause significant damage. BCP(Business Continuity Planning) : When all is lost in a storm, how will the company continue? Laws, Investigations, and Ethics.

Law, Investigation, and Ethics is one of the most intriguing defence realms. As the name suggests, this security domain addresses the legal aspects of information security.Cryptography is a form of encryption.

Cryptography, or data coding, is one of the most commonly used authentication methods today. The Cryptography security domain is intended to teach you how and when to use encryption.
What’s next?

This article was written to provide you with a short overview and how-to guide for Cyber Security Fundamentals. Feel free to play around with it ethically.

Latest cyber threats

What are the most recent cyber attacks that people and companies must be aware of? Here are some of the most recent cyber attacks identified by the governments of the United Kingdom, the United States, and Australia.

Hijack of Telegram
Telegram has a critical flaw that allows hackers to spread cryptojacking malware.
Hackers gained access to Telegram's email details and messenger of some of the top cryptocurrency companies. The hackers, according to rumours at the time, used Signaling System 7 (SS7), which is used to link mobile networks all over the world.

According to cybersecurity analysts, the hackers were searching for two-factor authentication (2FA) login information from the server.

They took over the network's short message services centre (SMSC) and used it to send calls for location alerts to over 20 high-profile victims.

The attackers carried out the assault in order to obtain cryptocurrencies. It is a frequent attack in the crypto space, but victims are still unsure how to defend their networks from such attacks.

However, with blockchain technologies at work, it appears that the crypto world has superior authentication mechanisms than using call or SMS-based 2FA.

Cybersecurity researchers believe that protocols such as SS7 can not be used by telecom experts because they lack the necessary security standards to guard against advanced attacks in the modern era.

Dridex malware
The US Department of Justice (DoJ) indicted the leader of an organised cyber-criminal organisation in December 2019 for their role in a multinational Dridex ransomware attack. This malicious campaign had a global impact on the public, economy, infrastructure, and industry.

Dridex is a financial trojan with many capabilities. It has been infecting machines via phishing emails or existing malware since 2014. It has incurred huge financial damages amounting to hundreds of millions of dollars by stealing passwords, banking records, and personal data that can be used in illegal transactions.

In reaction to the Dridex threats, the United Kingdom's National Cyber Security Centre urges the public to "ensure that computers are patched, anti-virus software is turned on and up to date, and files are backed up."

Romance scams

In February 2020, the FBI sent a warning to U.S. people about trust theft perpetrated by cybercriminals using dating forums, chat rooms, and applications. Perpetrators prey on individuals looking for new relationships, duping victims into disclosing sensitive information.

According to the FBI, romance cyber attacks targeted 114 victims in New Mexico in 2019, resulting in $1.6 million in financial losses.

Emotet malware
The Australian Cyber Security Centre sent an alert to national entities in late 2019 about a pervasive global cyber threat posed by Emotet malware.

Emotet is a complex trojan that has the ability to harvest data as well as load other malware. Emotet thrives on simple passwords, serving as a reminder of the value of having a safe password to protect against cyber attacks.

Sopra Steria Attack

On October 20, Sopra Steria, a French IT service provider, was targeted by a ransomware attack by a new version of the Ryuk ransomware, which was previously unknown to cybersecurity providers.

Sopra Steria stated after the attack that the attack infected a portion of its IT architecture. According to the firm, the data breach caused no harm or leakage of consumer data.

When it comes to ransomware threats, Ryuk is one of the most potent in this day and era. The ransomware has infiltrated high-profile companies such as Prosegur, a Spanish logistics firm, and EWA, a US defence contractor.

End-user protection
End-user safety, also known as endpoint defence, is a critical component of cyber security. After all, it is frequently a person (the end-user) that unintentionally downloads ransomware or some kind of cyber threat to their desktop, laptop, or mobile device.

But, how can cyber-security safeguards safeguard end users and systems? To begin, cryptographic protocols are used to encrypt emails, directories, and other sensitive data in cyber-security. This not only safeguards information in transit, but also prevents it from destruction or fraud.

Furthermore, end-user protection programme checks machines for malicious malware, quarantines it, and then deletes it from the system. Security programmes can also identify and delete malicious code concealed in the Master Boot Record (MBR) and are programmed to encrypt or erase data from the hard drive of a device.

Real-time intrusion prevention is also a subject of electronic security protocols. Many people use heuristic and behavioural analysis to track a program's and its code's actions in order to protect against viruses or Trojans that change form with each execution (polymorphic and metamorphic malware).Security programmes can isolate potentially malicious programmes in a virtual bubble isolated from the user's network in order to observe their actions and learn how to spot new pathogens more effectively.

As cyber-security experts discover emerging risks and ways to fight them, security programmes begin to develop new protections. Employees must be trained about how to use end-user security tools in order to get the best out of it. Importantly, keeping it going and upgrading it on a regular basis means that it will protect consumers from the most recent cyber attacks.

Cyber safety tips - safeguard yourself from cyber-attacks
How will companies and individuals protect themselves from cyber threats? Here are our top cyber safety tips:

  1. Update your software and operating system, you benefit from the latest security patches updates from the company that has given the software, One of the safest ways to defend your devices from any hacking attempt is to keep your system informed on a daily basis. The majority of attacks occur as hackers discover a security flaw or loophole that they can manipulate. However, with routine patches, those bugs will be eliminated. It is best to run programme upgrades for your device as soon as they become usable.

  2. Use anti-virus software, security solutions like Kaspersky Total Security will detect and removes threats. Keep your software updated for the best level of protection.

  3. Use strong passwords, ensure your passwords are not easily guessable and make sure that you regularly change the software every fiscal time(change every 90 days recommended).

  4. Do not open email attachments from unknown senders: These could be infected with malware, or just can be a phishing mail to gather all your information. Do not click on links in emails from unknown senders or unfamiliar website,

  5. Avoid using unsecure Wi-Fi networks in public places like hotels and malls etc,Unsecure networks leave you vulnerable to man-in-the-middle attacks.

  6. If your archives or records are corrupted and stolen, a previous backup of those files will assist in fully restoring them. It is important to backup the data and archive it in a reliable cloud storage service or on an external hard drive. As a result, if a file is lost due to a hacking event or system corruption, you will copy those data again.

The methods mentioned above are some of the most powerful ways to defend your device from malware intrusion or attack.

happy learning folks thank you.

Top comments (0)