Information Security (IS)

Prepared by: Prof. S. M. Pardeshi

Unit 1 Introduction
Cyber Attacks
Need of Security
Security Approaches
Principles of Security
Types of Attacks
Networking Basics- Local Area
Network(LAN)
Protocols
What is Information
 Information is stimuli that has meaning in some
context for its receiver. When information is entered
into and stored in a computer, it is generally referred
to as data. After processing such as formatting and
printing output data can again be perceived as
information.
 Data and information are not the same. Data refers to
numerical and qualitative observations. Information is
created when data is presented in a way that has
meaning to the recipient. To turn data into
information, it must be processed and organized.
Presenting data in a way that has meaning and value is
called information design
What is a Cyber Attack?

 When there is an unauthorized system/network access

by a third party, we term it as a cyber attack. The
person who carries out a cyberattack is termed as a 
hacker/attacker. 

A cyber attack is an offensive, unauthorized

system/network access by a third party. It aims at
destroying or stealing confidential information from a
computer network, information system, or personal
device.
 What are examples of a Cyber Attack?
Some cyber attack examples are - Twitter celebrity
profile attacks, emails with attachments containing
malware, emails with links to malicious websites, and
legitimate communication streams with malicious
packets. 

 What happens during a Cyber Attack?

Cyber attacks disable, destroy, disrupt, or control
computer systems to alter, manipulate, block, delete, or
steal the data in these systems. They can be made by
any individual or group via the internet using one or
more attack strategies. It leads to a financial loss of
money or the theft of information. 
How to Prevent Cyber Attacks?

 Change your passwords regularly and use strong alphanumeric

passwords which are difficult to crack. Refrain from using too
complicated passwords that you would tend to forget. Do not use
the same password twice.
 Update both your operating system and applications regularly.
This is a primary prevention method for any cyber attack. This
will remove vulnerabilities that hackers tend to exploit. Use
trusted and legitimate Anti-virus protection software.
 Use a firewall and other network security tools such as
Intrusion prevention systems, Access control, Application security,
etc.
 Avoid opening emails from unknown senders. Scrutinize the
emails you receive for loopholes and significant errors. 
 Make use of a VPN. This makes sure that it encrypts the traffic
between the VPN server and your device. 
 Secure your Wi-Fi networks and avoid using public Wi-Fi
without using a VPN. 
 Regularly back up your data. According to many security
professionals, it is ideal to have three copies of your data on two
different media types and another copy in an off-site location
(cloud storage).
 Employees should be aware of cybersecurity principles.
They must know the various types of cyberattacks and ways to
tackle them.
 Use Two-Factor or Multi-Factor Authentication. With two-
factor authentication, it requires users to provide two different
authentication factors to verify themselves. When you are asked
for over two additional authentication methods apart from your
username and password, we term it as multi-factor
authentication. This proves to be a vital step to secure your
account.
 Safeguard your mobile, as mobiles are also a cyberattack
target. Install apps from only legitimate and trusted sources,
make sure to keep your device updated. 
 Need of Security
 Information security ensures good data
management. It involves the use of technologies,
protocols, systems and administrative measures to
protect the confidentiality, integrity and availability of
information.

 The goal of IT security is to protect these assets,

devices and services from being disrupted, stolen or
exploited by unauthorized users, otherwise known
as threat actors. These threats can be external or
internal and malicious or accidental in both origin and
nature.
Benefits of Information Security
Protect Against Threats.
Remain in Compliance With Industry
Standards.
Gain Credibility and Trust.
Types of Cyber Attacks
 Types of Cyber Attacks
1. Malware Attack
 This is one of the most common types of cyberattacks. “Malware” refers to
malicious software viruses including worms, spyware, ransomware, adware,
and trojans. 

 The trojan virus disguises itself as legitimate software. Ransomware blocks

access to the network's key components, whereas Spyware is software that
steals all your confidential data without your knowledge. Adware is software
that displays advertising content such as banners on a user's screen. 

 Malware breaches a network through a vulnerability. When the user clicks a

dangerous link, it downloads an email attachment or when an infected pen
drive is used. 

 Let’s now look at how we can prevent a malware attack: Use antivirus
software, Use firewalls, avoid clicking on suspicious links and Update your
OS and browsers, regularly
2. Phishing Attack
 Phishing attacks are one of the most prominent widespread
types of cyberattacks. It is a type of social engineering attack
wherein an attacker impersonates to be a trusted contact and
sends the victim fake mails. 

 Unaware of this, the victim opens the mail and clicks on the
malicious link or opens the mail's attachment. By doing so,
attackers gain access to confidential information and account
credentials. They can also install malware through a phishing
attack. 

Phishing attacks can be prevented by following the below-

mentioned steps:
 Scrutinize the emails you receive. Most phishing emails have
significant errors like spelling mistakes and format changes from that
of legitimate sources.
 Make use of an anti-phishing toolbar.
 Update your passwords regularly.
3. Password Attack

It is a form of attack wherein a hacker cracks your password

with various programs and password cracking tools like
Aircrack, Cain, Abel, John the Ripper, Hashcat, etc. There are
different types of password attacks like brute force attacks,
dictionary attacks, and keylogger attacks.

Listed below are a few ways to prevent password attacks: 

 Use strong alphanumeric passwords with special characters.
 Abstain from using the same password for multiple websites
or accounts.
 Update your passwords; this will limit your exposure to a
password attack.
 Do not have any password hints in the open.
4. Man-in-the-Middle Attack

 A Man-in-the-Middle Attack (MITM) is also known as an

eavesdropping attack. In this attack, an attacker comes in
between a two-party communication, i.e., the attacker hijacks
the session between a client and host. By doing so, hackers steal
and manipulate data. 

 As seen below, the client-server communication has been cut

off, and instead, the communication line goes through the
hacker.

MITM attacks can be prevented by following the below-

mentioned steps:
 Be mindful of the security of the website you are using. Use
encryption on your devices.
 Refrain from using public Wi-Fi networks.
 5. SQL Injection Attack 
A Structured Query Language (SQL) injection attack occurs
on a database-driven website when the hacker manipulates a
standard SQL query. It is carried by injecting a malicious code
into a vulnerable website search box, thereby making the
server reveal crucial information.  

 This results in the attacker being able to view, edit, and delete
tables in the databases. Attackers can also get administrative
rights through this. 

To prevent a SQL injection attack:

 Use an Intrusion detection system, as they design it to detect
unauthorized access to a network.
 Carry out a validation of the user-supplied data. With a
validation process, it keeps the user input in check.
6. Denial-of-Service Attack
A Denial-of-Service Attack is a significant threat to companies. Here,
attackers target systems, servers, or networks and flood them with
traffic to exhaust their resources and bandwidth. 
 When this happens, catering to the incoming requests becomes
overwhelming for the servers, resulting in the website it hosts either
shut down or slow down. This leaves the legitimate service requests
unattended. 
 It is also known as a DDoS (Distributed Denial-of-Service) attack when
attackers use multiple compromised systems to launch this attack. 

Let’s now look at how to prevent a DDoS attack:

 Run a traffic analysis to identify malicious traffic.
 Understand the warning signs like network slowdown, intermittent website
shutdowns, etc. At such times, the organization must take the necessary
steps without delay.
 Formulate an incident response plan, have a checklist and make sure your
team and data center can handle a DDoS attack.
 Outsource DDoS prevention to cloud-based service providers.
7. Insider Threat
As the name suggests, an insider threat does not involve a third party
but an insider. In such a case; it could be an individual from within
the organization who knows everything about the organization.
Insider threats have the potential to cause tremendous damages. 
Insider threats are rampant in small businesses, as the staff there hold
access to multiple accounts with data. Reasons for this form of an
attack are many, it can be greed, malice, or even carelessness. Insider
threats are hard to predict and hence tricky.

To prevent the insider threat attack:

Organizations should have a good culture of security awareness.
Companies must limit the IT resources staff can have access to
depending on their job roles.
Organizations must train employees to spot insider threats. This will
help employees understand when a hacker has manipulated or is
attempting to misuse the organization's data.
8. Cryptojacking

 The term Cryptojacking is closely related to cryptocurrency.

Cryptojacking takes place when attackers access someone else’s
computer for mining cryptocurrency. 
 The access is gained by infecting a website or manipulating the victim to
click on a malicious link. They also use online ads with JavaScript code
for this. Victims are unaware of this as the Crypto mining code works in
the background; a delay in the execution is the only sign they might
witness. 

Cryptojacking can be prevented by following the below-mentioned

steps:
 Update your software and all the security apps as cryptojacking can
infect the most unprotected systems.
 Have cryptojacking awareness training for the employees; this will help
them detect crypotjacking threats.
 Install an ad blocker as ads are a primary source of cryptojacking
scripts. Also have extensions like MinerBlock, which is used to identify
and block crypto mining scripts.
 9. Zero-Day Exploit
A Zero-Day Exploit happens after the announcement of a network
vulnerability; there is no solution for the vulnerability in most
cases. Hence the vendor notifies the vulnerability so that the users
are aware; however, this news also reaches the attackers.
 Depending on the vulnerability, the vendor or the developer could
take any amount of time to fix the issue. Meanwhile, the attackers
target the disclosed vulnerability. They make sure to exploit the
vulnerability even before a patch or solution is implemented for it. 

Zero-day exploits can be prevented by:

 Organizations should have well-communicated patch management
processes. Use management solutions to automate the procedures.
Thus it avoids delays in deployment.
 Have an incident response plan to help you deal with a cyberattack.
Keep a strategy focussing on zero-day attacks. By doing so, the
damage can be reduced or completely avoided.
 10. Watering Hole Attack
The victim here is a particular group of an organization, region, etc. In
such an attack, the attacker targets websites which are frequently used by
the targeted group. Websites are identified either by closely monitoring the
group or by guessing.
After this, the attackers infect these websites with malware, which infects
the victims' systems. The malware in such an attack targets the user's
personal information. Here, it is also possible for the hacker to take remote
access to the infected computer.

Let's now see how we can prevent the watering hole attack:
 Update your software and reduce the risk of an attacker exploiting vulnerabilities.
Make sure to check for security patches regularly.
 Use your network security tools to spot watering hole attacks. Intrusion prevention
systems(IPS) work well when it comes to detecting such suspicious activities.
 To prevent a watering hole attack, it is advised to conceal your online activities.
For this, use a VPN and also make use of your browser’s private browsing feature.
A VPN delivers a secure connection to another network over the Internet. It acts as
a shield for your browsing activity. NordVPN is a good example of a VPN.
 Those were the top ten types of cyberattacks. Now, let us walk you through the
next section of our article on types of cyberattacks.
 Approaches to Information Security Implementation

 In order to determine the safety of data from potential violations

and cyber-attacks, the implementation of the security model has
an important phase to be carried out. In order to ensure the
integrity of the security model can be designed using two
methods:

1. Bottom-Up Approach:

The company’s security model is applied by system

administrators or people who are working in network security or
as cyber-engineers. The main idea behind this approach is for
individuals working in this field of information systems to use
their knowledge and experience in cybersecurity to guarantee
the design of a highly secure information security model.
 Key Advantages –
An individual’s technical expertise in their field
ensures that every system vulnerability is addressed
and that the security model is able to counter any
potential threats possible.

 Disadvantage –
Due to the lack of cooperation between senior
managers and relevant directives, it is often not
suitable for the requirements and strategies of the
organisation.
 2. Top-Down Approach:

This type of approach is initialized and initiated by the

executives of the organization.
 They formulate policies and outline the procedures to
be followed.
 Determine the project’s priorities and expected results
 Determine liability for every action needed

 It is more likely to succeed. That strategy usually

provides strong support from top management by
committing resources, a consistent preparation and
execution mechanism and opportunities to affect
corporate culture.
 Security management issues have been handled by
organizations in various ways. Traditionally, companies
adopted a bottom-up approach, where the process is
initiated by operational employees and their results are
subsequently propagated to upper management as per
the proposed policies.

 Since management has no information about the threat,

the effects, the idea of resources, possible returns and
the security method, this approach has occasionally
created a sudden and violent collapse.
Local Area Network (LAN)
A local area network (LAN) is a collection of devices
connected together in one physical location, such as a
building, office, or home. A LAN can be small or large,
ranging from a home network with one user to an
enterprise network with thousands of users and devices in
an office or school.

 Regardless of size, a LAN's single defining characteristic

is that it connects devices that are in a single, limited area.
In contrast, a wide area network (WAN) or metropolitan
area network (MAN) covers larger geographic areas.
Some WANs and MANs connect many LANs together.
What are the benefits of a LAN?
 The advantages of a LAN are the same as those for any
group of devices networked together. The devices can
use a single Internet connection, share files with one
another, print to shared printers, and be accessed and
even controlled by one another.
 Today, not only do businesses and schools use LANs,
but also restaurants, coffee shops, stores, and homes.
 Wireless connectivity has also greatly expanded the
types of devices that can be connected to a LAN. Now,
nearly everything imaginable can be "connected," from
PCs, printers, and phones to smart TVs, stereos,
speakers, lighting, thermostats, window shades, door
locks, security cameras--and even coffeemakers,
refrigerators, and toys.
Are there different types of LANs?

In general, there are two types of LANs:

1.
1. client/server LANs and
2. peer-to-peer LANs.
A client/server LAN consists of several devices (the
clients) connected to a central server. The server
manages file storage, application access, device access,
and network traffic. A client can be any connected device
that runs or accesses applications or the Internet. The
clients connect to the server either with cables or through
wireless connections.

 Typically, suites of applications can be kept on the LAN

server. Users can access databases, email, document
sharing, printing, and other services through applications
running on the LAN server, with read and write access
maintained by a network or IT administrator. Most
midsize to large business, government, research, and
education networks are client/server-based LANs.
A peer-to-peer LAN doesn't have a central server and
cannot handle heavy workloads like a client/server LAN
can, and so they're typically smaller. On a peer-to-peer
LAN, each device shares equally in the functioning of
the network. The devices share resources and data
through wired or wireless connections to a switch or
router. Most home networks are peer-to-peer.
Protocols
 Itis a set of rules that need to be followed by the
communicating parties in order to have successful
and reliable data communication.

 For example - Ethernet and HTTP. Hypertext

Transfer Protocol facilitates access of hypertext
from the World Wide Web by defining how
information are formatted and transmitted, and how
the Web servers and browsers should respond to
various commands.