Cyber-Security
The technique of protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. Sometimes, it is called information technology security or electronic information security. In this chapter, we see the following contents
1. Cyber Security Goal:
Cyber Security aims to protect the organization's assets from cyber attacks. For this, they are using the “CIA triad” model. Confidentiality refers to data being accessible by authorized users (privacy). Integrity refers to data as “ Accurate, Authentic, and safeguarded data ” from unauthorized access. Availability refers to the fact that data should be available to authorized users to prevent downtime and productivity losses.
To achieve the CIA triad, they followed the “AAA” method. Authentication refers to “whether the user is the right person to do this job”. Authentication refers to “what types of permission the user has to do the job”. Accounting refers to tracking of user’s activity like logging, accessing, etc. All the details are stored in the user database along with the user identity.
This CIA and AAA method are important elements for the organization to protect the environment more securely from attack.
2. Types of Cyber Security
Network security is the practice of securing a computer network.
Application Security is protecting the software and devices.
Information security protects the integrity and privacy of data, both in storage and transit.
Identity management deals with the procedure for determining the level of access for persons within an organization.
Operational Security involves processing and making decisions on handling and securing data assets.
Disaster recovery defines how an organization responds to a cyber-security incident or any other event that causes the loss of operations (or) data. Disaster recovery policies dictate how to restore the data and operations to the organization and run the organization with the same operating capacity as before the event. Business continuity is the plan the organization gets falls, suddenly they operate on any location via any source.
User Education deals with teaching about how to protect the individual system (or) networks from attacks and how to respond when any malicious activity is causing the loss of operations or data.
3. who are called Cyber-attackers?
Cyber attack means stealing, exposing, modifying, disabling, delete applications and data through unwanted access from electronic devices or systems. It is usually performed by an individual (or) group of persons using malicious activities to gain profits financially (or) personally. They are called cyber criminals.
State-sponsored cyber attacks are sponsored by the government to show their interest in the form of religious, political, and social ideology. They are also called Hacktivists.
Insider threats are raised by former employees (or) current employees (or) third-party vendors of that organization.
4. Types of Cyber-attacks
There are several types of cyber attacks. Some of the most common methods are
Malware is a broad term that is also known as malicious software. Which is designed to steal data and damage or destroy computers and computer systems. The common forms of malware are Viruses, Worms, Trojans, rootkits, botnets, Adware, Spyware, Ransomware, etc.
DDoS (Distributed Denial of Service) means the collection of computers infected by malware (botnet) attacks the target system to crash (or) disable the service. It is difficult to trace the attacker also the attack is very fast.
DOS (Denial of service) means a single computer infected by malware (botnet) attacks the target system to crash (or) disable the service. It is easy to trace the attacker also the attack is slow.
Injection Attack means some data will be injected into a web application or database to fetch the required information. Some of the common types of injection attacks are SQL Injection, Code Injection, log Injection, XML Injection, cross-site scripting (XSS attack), etc.
Password Attack is a form of attack where a hacker cracks your password by using various programs and password-cracking tools. Some of the common types of this attack are brute force attacks, dictionary attacks, scamming, phishing, Man in the Middle (MitM), and keylogger attacks.
DNS Spoofing (DNS Hijacking) is an attack where the hacker injects the data into a DNS resolver’s cache causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer (or) any other computer. If not detected (or) detected after a long time it causes serious issues. DNS tunneling is an attack where the hacker injects the data into DNS queries and responses using protocols. So, they bypass the security measures and allow them to manage the remote server.
A supply chain attack uses third-party tools or services (less secure elements) as a ‘supply chain’ to attack the target’s system or network. These attacks are called “value-chain attacks” or “third-party attacks.” For this first, they attack the vendor by injecting malicious code and then attack the target.
Session Hijacking means the hacker hacks the user data (or) app data from the cookies during the session to collect information.
Zero-day attack is done before the security patches provided by the anti-virus provider. It is difficult to find and fix the flaw.
5. Cyber-security techniques to identify flaws
Cyber-security professionals use techniques that are used to defend networks, systems, and data against cyberattacks. They use a combination of both hardware and software to build security, networks, and infrastructure. They can recommend upgrading its hardware if it supports the software.
Firewalls are security systems within networks that monitor the flow of both incoming and outgoing data. Its job is to prevent unauthorized access to or from other networks. These are done with a pre-determined set of rules.
Managed Detection and Response Service (MDR) is a service that refers to the ongoing process of monitoring an organization’s network for suspicious activity and responding to threats in real-time to protect against cybersecurity attacks. MDR also uses Artificial Intelligence and machine learning for faster results.
Penetration Testing is designed to identify weaknesses within a system and attempts to exploit them. Testing is done deeply and the cost is expensive. It is also called pen testing. Vulnerability Scanning is designed to identify weaknesses and report vulnerabilities. Scanning is done periodically and the cost is not expensive.
Encryption converts readable text into an unreadable format called cipher text. When the intended recipient opens the message, the information is decrypted and converted into readable format. To do this, the sender and recipient both have to use an encryption key, which is a collection of algorithms. Some of the algorithms are SHA, AES, and Triple DES.
Public Key Infrastructure enables users and computer systems to securely exchange data over the internet and verify the identity between two parties. This can be done by managing (creating, using, archiving, destroying) the keys and certificates.
Anti Virus software is used to cover the most established and common threats. Typically Anti-Malware Software is used to cover modern threats.
Network-based Intrusion Detection System (IDS) observes network traffic for malicious transactions and sends immediate alerts to administrators when it is observed. While Intrusion Prevention System (IPS) observes network traffic for malicious transactions, sends immediate alerts to administrators, and attempts to take action to block (or) stop.
Best Practices in Cyber-Security
Use password management policies like Multi-Factor Authentication, Don’t re-use passwords, and increase the complexity of the password.
Secure your network by using the best security tools and techniques depending on your needs.
Be cautious when opening, and downloading unknown emails, links, and attachments.
Real-time data monitoring and strengthen your Identity Access Management.
Update your applications, systems, and security policies.
Back up your data regularly.
Have an awareness about cyber security to all.