UNIT-I

Network and Information security Fundamentals: Network Basics, Network Components, Network Types,
Network Communication Types, Introduction to Networking Models, Cyber Security Objectives and Services,
Other Terms of Cyber Security, Myths Around Cyber Security, Recent Cyber Attacks, Generic Conclusion
about Attacks, Why and What is Cyber Security, Categories of Attack

Network Basics:
A computer network comprises two or more computers that are connected—either by cables (wired) or WiFi
(wireless)—with the purpose of transmitting, exchanging, or sharing data and resources. You can build a
computer network using hardware (e.g., routers, switches, access points, and cables) and software (e.g.,
operating systems or business applications).

Geographic location often defines a computer network. For example, a LAN (local area network) connects
computers in a defined physical space, like an office building, whereas a WAN (wide area network) can connect
computers across continents. The internet is the largest example of a WAN, connecting billions of computers
worldwide.
Computer networks enable communication for every business, entertainment, and research purpose. The
internet, online search, email, audio and video sharing, online commerce, live-streaming, and social networks
all exist because of computer networks.

Network Components:

Computer network components are the major parts which are needed to install the software. Some important
network components are NIC, switch, cable, hub, router, and modem. Depending on the type of network that
we need to install, some network components can also be removed. For example, the wireless network does not
require a cable.

Following are the major components required to install a network:

1.NIC:NIC stands for network interface card. NIC is a hardware component used to connect a computer with
another computer onto a network. It can support a transfer rate of 10,100 to 1000 Mb/s. The MAC address or
physical address is encoded on the network card chip which is assigned by the IEEE to identify a network card
uniquely. The MAC address is stored in the PROM (Programmable read-only memory).There are two types of
NIC:
 1. Wired NIC
2. Wireless NIC

Wired NIC: The Wired NIC is present inside the motherboard. Cables and connectors are used with wired NIC
to transfer data.

Wireless NIC: The wireless NIC contains the antenna to obtain the connection over the wireless network. For
example, laptop computer contains the wireless NIC.

2.Switches: A switch is a device that connects other devices and manages node-to-node communication within
a network, ensuring data packets reach their ultimate destination. While a router sends information between
networks, a switch sends information between nodes in a single network. When discussing computer networks,
‘switching’ refers to how data is transferred between devices in a network.

3. Network cable types: The most common network cable types are Ethernet twisted pair, coaxial, and fiber
optic. The choice of cable type depends on the size of the network, the arrangement of network elements, and
the physical distance between devices

4.Hub: A Hub is a hardware device that divides the network connection among multiple devices. When computer
requests for some information from a network, it first sends the request to the Hub through cable. Hub will
broadcast this request to the entire network. All the devices will check whether the request belongs to them or
not. If not, the request will be dropped.

The process used by the Hub consumes more bandwidth and limits the amount of communication so it is replaced
by more advanced computer network components such as Switches, Routers.

5. Routers: A router is a physical or virtual device that sends information contained in data packets between
networks. Routers analyse data within the packets to determine the best way for the information to reach its
ultimate destination. Routers forward data packets until they reach their destination node

6. Modem: A modem is a hardware device that allows the computer to connect to the internet over the existing
telephone line. A modem is not integrated with the motherboard rather than it is installed on the PCI slot found
on the motherboard. It stands for Modulator/Demodulator. It converts the digital data into an analog signal over
the telephone lines.

Network Types:

1.LAN (local area network): A LAN connects computers over a short distance, allowing them to share data,
files, and resources. For example, a LAN may connect all the computers in an office building, school, or
hospital. Typically, LANs are privately owned and managed
2.WLAN (wireless local area network): A WLAN is just like a LAN but connections between devices on the
network are made wirelessly

3.WAN (wide area network): As the name implies, a WAN connects computers over a wide area, such as
from region to region or even continent to continent. The internet is the largest WAN, connecting billions of
computers worldwide. You will typically see collective or distributed ownership models for WAN management

4.MAN (metropolitan area network): MANs are typically larger than LANs but smaller than WANs. It is
used to connect group of LAN networks. Cities and government entities typically own and manage MANs

5.PAN (personal area network): Personal Area Network is a network arranged within an individual person,
typically within a range of 10 meters. Personal Area Network is used for connecting the computer devices of
personal use is known as Personal Area Network Personal computer devices that are used to develop the personal
area network are the laptop, mobile phones, media player and play stations.
6.SAN (storage area network): A SAN is a specialized network that provides access to block-level storage—
shared network or cloud storage that, to the user, looks and works like a storage drive that’s physically attached
to a computer
7.CAN (campus area network): A CAN is also known as a corporate area network. A CAN is larger than a
LAN but smaller than a WAN. CANs serve sites such as colleges, universities, and business campuses

8.VPN (virtual private network): A VPN is a secure, point-to-point connection between two network end
points . A VPN establishes an encrypted channel that keeps a user’s identity and access credentials, as well as
any data transferred, inaccessible to hackers

Networking models:
The networking model describes the architecture, components, and design used to establish communication
between the source and destination systems. There are 2 models are available.

1. Open Systems Interconnection (OSI) Model

2. Transmission Control Protocol/Internet Protocol (TCP/IP) Model

1.Open System Interconnection (ISO) Model: This model has seven layers:
 • Application Layer: This layer is responsible for providing interface to the application user. This
layer encompasses protocols which directly interact with the user.
• Presentation Layer: This layer defines how data in the native format of remote host should be
presented in the native format of host. It performs Translation, Compression and
Encryption/decryption.
• Session Layer: This layer maintains sessions between remote hosts. It can establish the sessions
and it will manage the sessions and finally it can terminate the sissions. for example, once
user/password authentication is done, the remote host maintains this session for a while and does
not ask for authentication again in that time span.
• Transport Layer: This layer is responsible for end-to-end delivery between hosts in the format of
UDP/TCP.
• Network Layer: By using this layer it finds best way to move a packets from source to destination.
• Data Link Layer: This layer is responsible for converting received packets to frames depending
on NIC frame size.,. Link errors are detected at this layer.
• Physical Layer: This layer defines the hardware, cabling wiring, power output, pulse rate etc.

2.Layers of TCP/IP Model:

1. Application Layer
2. Transport Layer (TCP/UDP)
3. Network/Internet Layer (IP)
4. Data Link Layer (MAC)
5. Physical Layer

1.Application Layer: This layer is responsible for providing interface to the application user. This layer
encompasses protocols which directly interact with the user.
2.Transport Layer: This layer is responsible for end-to-end delivery between hosts.
3. Network Layer: By using this layer it finds best way to move a packets from source to destination.
4.Data Link Layer: This layer is responsible for converting received packets to frames depending on NIC
frame size.,. Link errors are detected at this layer.
5.Physical Layer: This layer defines the hardware, cabling wiring, power output, pulse rate etc.\
What is Cyber Security?

The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into
two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks,
programs, and data. And security is concerned with the protection of systems, networks, applications, and
information. In some cases, it is also called electronic information security or information technology
security.

Some other definitions of cybersecurity are:

"Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification or unauthorized access."

"Cyber Security is the set of principles and practices designed to protect our computing resources and online
information against threats."

Why cyber attacks:

Every business, regardless of its size, is a potential target of cyber attack. That is because every business has
key assets (financial or otherwise) that criminals may seek to exploit. By recognising the common motives
behind cyber attacks, you can build a better understanding of the risks you may face, and understand how best
to confront them.

Most often, cyber attacks happen because criminals want your:

• business' financial details

• customers' financial details (eg credit card data)
• sensitive personal data
• customers' or staff email addresses and login credentials
• customer databases
• clients lists
• IT infrastructure
• IT services (eg the ability to accept online payments)
• intellectual property (eg trade secrets or product designs)

Cyber security objectives:

The NIST Cybersecurity Framework splits security principles into five core functions; each represents a key
step in an organization’s security program.
Cyber security Services:

The CIA triad is a security model that is designed to guide policies for information security within the premises
of an organization or company. This model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad.

1. Confidentiality

Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information.Only right
people will get the information or data.
It prevents essential information from reaching the wrong people while making sure that the right people can
get it. Data encryption is a good example to ensure confidentiality.

i.Encryption:Encryption is a method of transforming information to make it unreadable for unauthorized users

by using an algorithm. The transformation of data uses a secret key (an encryption key) so that the transformed
data can only be read by using another secret key (decryption key). It protects sensitive data.

ii.Access control:Access control defines rules and policies for limiting access to a system. It is a process by
which users are granted access and certain privileges to systems, resources or information. In access control
systems, users need to present credentials before they can be granted access such as a person's name or a
computer's serial number.

iii.Authentication:An authentication is a process that ensures and confirms a user's identity or role. It can be
done in a number of different ways, but it is usually based on a combination of-

o something the person has (like a smart card),

o something the person knows (like a password),
 o something the person is (like a human with a fingerprint).

iv.Authorization:Authorization is a security mechanism which gives permission to do or have something. After

giving access control it will check the system or person that is allowed or not , based on an access control policy,
including computer programs, files, services, data and application features. It is normally preceded by
authentication for user identity verification. System administrators are typically assigned permission levels
covering all system and user resources. During authorization, a system verifies an authenticated user's access
rules and either grants or refuses resource access.

V.Physical Security:Physical security protects IT equipment from unauthorized access. It protects facilities,
personnel, resources and other properties assets from physical threats including theft, vandalism, fire and natural
disasters.

2. Integrity

Integrity method check data is genuine or not.Integrity refers to the methods for ensuring that data is real,
accurate and safeguarded from unauthorized user modification. It is the property that information has not be
altered in an unauthorized way, and that source of the information is genuine.

Tools for Integrity

i.Backups

Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in the event
when the original data or data files are lost or destroyed.

ii.Checksums

A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words, it is the
computation of a function that maps the contents of a file to a numerical value. They are typically used to compare
two sets of data to make sure that they are the same.

iii.Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily detected and automatically corrected.

3. Availability

Availability is the property in which information is accessible and modifiable in a timely fashion by those
authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized people.

Tools for Availability

o Physical Protections
o Computational Redundancies

i.Physical Protections

Physical safeguard means to keep information available even in the event of physical challenges. It ensure
sensitive information and critical information technology are housed in secure areas.

ii.Computational redundancies

It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve as
fallbacks in the case of failures.

Other Terms of Cyber Security :

In simple words, the terminology is the breakdown of terms and their usage. Terms are words and compound
words that in specific meanings in specific contexts meaning that the meaning of the same word could be
different in another context according to the given situation in everyday language.

1. Authentication :

This is one of the common cyber security terms. Authentication is the process of identifying someone's or
something's identity, making sure that something is true, genuine, or valid. This can be carried out either by
a PIN/password, retina scan, or biometric scan, sometimes even a combination of these things.

2. Botnet

A combination of the words “robot” and “network”, a botnet is a network of devices (computers, routers,
etc.) that have been infected with a malicious code and can be operated continuously to create malicious
security operations. These attacks can be of any type including click fraud, Bitcoin mining, sending spam e-
mails, and Dos/DDoS attacks. If a harm API downloaded in the user device that is called Bot. If a harm API
downloaded in the group of user devices that is called Botnet.

3. Data Breach or Data leak

A data breach is one of the basic cybersecurity terms that is the result when a hacker successfully attacks the
Business, government, and individual, gaining control of its network, system, server, or database and
exposing its data, usually personal data such as Credit Card numbers, Bank Account numbers, Username
passwords, Social Security numbers, and more.
4. Encryption

Encryption is the technique by which any kind of information can be converted into a secret form that
conceals the actual meaning of the information. It helps protect confidential information and sensitive &
critical data and can improve the security of communication.

5. Firewall

Firewalls can be in the form of software or hardware, monitors, and filters inbound and outbound network
traffic based on an organization's created security policies.

6. Malware

Malware is the short form for “malicious software”, describing a wide variety of malicious software or code
used to infect and/or damage a system. It comes in all shapes and sizes. For example, Ransomware, worms,
viruses, and trojans are all considered malware and can be in the format of Images, documents, pdf, or
multimedia and can be delivered through any channel like spam email, SMS, the man-in-the-middle attack,
etc.

7.Phishing

Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal,
eBay, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text
message with a link to persuade them to click on that links. This link will redirect them to fraudulent websites to
provide sensitive data such as personal information, banking and credit card information, social security numbers,
usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers
to control devices remotely.

8.Man-in-the-middle (MITM) attack

A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a

cybercriminal intercepts a conversation or data transfer between two individuals. Once the cybercriminal
places themselves in the middle of a two-party communication, they seem like genuine participants and can get
sensitive information and return different responses. The main objective of this type of attack is to gain access to
our business or customer data. For example, a cybercriminal could intercept data passing between the target
device and the network on an unprotected Wi-Fi network.

Myths Around Cyber Security:

1) We have invested in sophisticated security tools, so we are safe

2) We perform penetration tests regularly
3) Staying compliant with industry regulations is enough to keep business safe
4) A third-party security provider will secure everything
5) We should only secure internet-facing applications
6) We have never experienced a cyberattack, so our security posture is strong enough
7) Security is the responsibility of the IT department
8) We have achieved complete cybersecurity
9) We are unlikely to witness a security breach
10) Our passwords are strong enough to avoid data breach
11) Cybercriminals don’t target small and medium-sized businesses
12) Cyber threats come from external actors
13) Anti-virus and anti-malware software are enough to keep businesses safe
14) A password keeps a Wi-Fi network secure
15) We’ll know immediately if any of our systems are compromised
16) Bring Your Own Device (BYOD) is secure

Recent Cyber Attacks:

June 2023
June 27th

American Airlines Data Breach: Hackers have reportedly stolen personal information relating to ‘thousands'
of pilots that applied for roles at American Airlines and Southwest Airlines. Rather than being taken directly
from either airline, the information was extracted from a database maintained by a recruiting company. Around
8,000 pilots are thought to have been affected, including 2,200 represented by the Allied Pilots Association.

June 21st

UPS Canada Data Breach: United Parcel Service has strongly hinted to customers based in Canada via a letter
that their personal data may have been exposed in a breach, after fraudulent messages demanding payment
before delivery were spotted.
The strangely-worded letter sent out to customers suggested that “a person who searched for a particular
package or misused a package lookup tool” could have uncovered personal information relating to customers,
such as phone numbers.

June 21st

Bryan Cave/Mondelez Data Breach: Snack and confectionary manufacturer Mondelez, the parent company
that owns Oreo, Chips Ahoy!, Sour Patch Kids, Toblerone, Milka, Cadbury, and many other well-known
brands, has notified employees that their personal information has been compromised in a breach at law firm
Bryan Cave.
Bryan Cave provides Mondelez and a number of other large companies with legal services. According to
the data breach notice filed to the Maine Attorney General's Office, 51110 employees are thought to have been
affected. Although the data breach occurred in February of this year, it was only discovered three months later
in May, the filing reveals.
June 19th

Reddit Data Breach: Hackers purporting to be from the BlackCat ransomware gang have threatened Reddit
with leaking 80GB of confidential data they stole from its servers in February. The gang is demanding a $4.5
million payout and also wants Reddit to renege on its new pricing policy that garnered widespread backlash.

June 9th

Intellihartx Data Breach: Healthcare management firm Intellihartx confirmed that hackers stole the medical
details of over half a million patients, including social security numbers. According to a notice filed with Maine
attorney general’s office, the breach took place in January, but wasn't discovered until April.

June 1st

MOVE it hack, affecting Zellis, British Airways, BBC and others: MOVEit, a popular file transfer tool, was
compromised, leading to sensitive data belonging to many firms that use the software being compromised as
well. The hack was disclosed by Progress Software, makers of MOVEit, and since then, many companies have
reported being affected. These include payroll provider Zellis, British Airways, BBC, and the province of Nova
Scotia. However, it is believed that many more companies will have been impacted. Russian ransomware group
Clop has claimed responsibility for the attack on June 6th.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer
code, logic or data and lead to cybercrimes, such as information and identity theft.

We are living in a digital era. Now a day, most of the people use computer and internet. Due to the dependency
on digital things, the illegal computer activity is growing and changing like any type of crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks:

These are the attacks which occur on a website or web applications. Some of the important web-based attacks are
as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the application and fetch
the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create cookies to store the
state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.

3.Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit
card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.
4.Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a
bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted
connection.

System-based attacks:

These are the attacks which are intended to compromise a computer or a computer network. Some of the important
system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without the knowledge of a
user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other
computer programs when executed. It can also execute instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works
same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when
the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when
opened/executed some malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an
application or operating system can be accessed for troubleshooting or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services. Some bots program
run automatically, while others only execute commands when they receive specific input. Common examples of
bots program are the crawler, chatroom bots, and malicious bots.

Generic conclusion

Organizations are finding themselves under the pressure of being forced to react quickly to the dynamically
increasing number of cybersecurity threats. Since the attackers have been using an attack life cycle,
organizations have also been forced to come up with a vulnerability management life cycle. The vulnerability
management life cycle is designed to counter the efforts made by the attackers in the quickest and most
effective way. This chapter has discussed the vulnerability management life cycle in terms of the vulnerability
management strategy. It has gone through the steps of asset inventory creation, the management of information
flow, the assessment of risks, assessment of vulnerabilities, reporting and remediation, and ...

Why do cyber-attacks happen?

Although some hackers get a thrill or a sense of accomplishment from bulldozing others’ networks or computer
systems, most cyber-attacks are either criminal or political in nature. Here are the most common reasons why
cyber-attacks happen:

1. Cyber-attacks for the Financial Benefit:

This is a new take on extortion that can damage both businesses and individuals. There are numerous
variations, but the most common is when hackers seize control of a victim’s computer and freeze it, then
promise to restore access once a ransom is paid.

2. Cyber-attacks for Defrauding a Company:

The diversion of funds from their legitimate destination to a fraudster’s account is typical of this type of attack.
Phishing is a tactic used by criminals to extract enough information to launch an attack. They then gain access
to email servers and send emails that appear to be genuine but aren’t. Invoice fraud is one of the versions of this
technique. A legitimate provider sends an email notifying of a change of bank account data; however, the bank
account details provided are those of a fraudster. This type of fraud frequently mixes cyber-attack aspects with
offline elements such as social engineering.

3. Cyber-attacks for Data Breaches or Identity Theft:

When enormous volumes of information are exposed online, thieves can exploit it to perpetrate financial fraud.
Some fraudsters may only require credit card numbers, purchase histories, and names and addresses to commit
identity theft. Research indicates, criminals may accumulate personal data over time, boosting their potential to
profit from it. They might, for example, gather a name and address from one breach and a credit card number
from another, then combine the two to perpetrate identity theft.

4. Cyber-attacks for Political Motive:

Last but not least, there are politically driven cyber assaults. These assaults occur for propaganda purposes in
order to harm the public’s perception of a particular state or government. It could also be used for more
nefarious purposes, such as leaking sensitive intelligence, private information, or embarrassing information.
Cyber-attacks might conceivably go even farther, with government-backed hackers creating malware to corrupt
and destroy a weapons program or other critical infrastructure.