NETWORK & DEVICE SECURITY

AND LATEST TECHNOLOGY

By:
ER. Udit Narayan Sharma
Cyber Crime & Cyber Forensic Investigator
Economic Offences Unit,
Bihar, Patna
 AGENDA
• Cyber Space
• Introduction
• Understanding Network Security
• Types of Security Measures
• Best Practices for Network Security
• Best Practices for Device Security
• Case Studies
• Scanning tools
• Emerging Trends and Technologies
• Q&A Session
CYBER SPACE
CYBER AWARENESS VIDEO
 INTRODUCTION
Network security : Refers to the policies, practices, and technologies designed to protect computer networks
and their components from unauthorized access, misuse, malfunction, modification, destruction, or improper
disclosure. It encompasses both hardware and software technologies, aimed at ensuring the integrity,
confidentiality, and availability of data and resources within a network.

Key Components of Network Security:

• Firewalls: Devices or software that filter incoming and outgoing network traffic based on security rules.
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Tools that monitor network traffic
for suspicious activity and can take action to prevent or mitigate attacks.
• Encryption: The process of converting data into a coded format to prevent unauthorized access, ensuring
data confidentiality during transmission.
• Virtual Private Networks (VPNs): Secure connections that allow users to access a network remotely while
encrypting their data.
• Access Control: Mechanisms that restrict access to network resources based on user credentials, roles, and
permissions.
• Security Policies: Documented guidelines that outline the rules and practices for protecting network
resources and data.
Importance of Network Security:
• Protection Against Threats: Safeguards against various cyber threats,
including malware, hacking, and phishing.
• Data Integrity and Confidentiality: Ensures that sensitive information is
not accessed or altered by unauthorized users.
• Compliance: Helps organizations meet regulatory requirements related
to data protection and privacy.
• Business Continuity: Minimizes the risk of downtime and disruptions
caused by security incidents, ensuring ongoing operations.
 CIA Triad
The CIA triad is a foundational
model in information security that
outlines three core principles:
Confidentiality, Integrity, and
Availability. Together, these
principles guide the development of
security policies and measures to
protect sensitive data and systems.
Confidentiality -
Definition: Ensures that information is accessible only to those authorized to have access.
Key Practices:
• Access Controls: Implementing user authentication and authorization mechanisms (e.g.,
passwords, biometrics).
• Encryption: Protecting data in transit and at rest to prevent unauthorized access.
• Data Classification: Categorizing data based on its sensitivity to enforce appropriate
security measures.
Integrity -
Definition: Ensures that data is accurate, complete, and unaltered by unauthorized individuals.
Key Practices:
• Data Validation: Implementing checks to ensure data input is correct and meets specified
criteria.
• Checksums and Hash Functions: Using cryptographic techniques to verify data integrity
by creating unique signatures for data sets.
• Audit Trails: Keeping logs of changes to data to track who accessed or modified it and
when.
Availability -
Definition: Ensures that information and resources are accessible to authorized users
when needed.
Key Practices:
• Redundancy: Implementing backup systems and data replication to ensure access in
case of failures.
• Disaster Recovery Plans: Preparing strategies for data recovery in case of an incident
(e.g., natural disasters, cyberattacks).
• Network Security Measures: Protecting against DDoS attacks and other threats that
could disrupt service availability.

Importance of the CIA Triad -

•Holistic Security Approach: The CIA triad provides a comprehensive framework for
evaluating and implementing security measures.
•Risk Management: Helps organizations identify and mitigate risks associated with data
breaches, data corruption, and service outages.
•Compliance: Aligns security practices with regulatory requirements and industry
standards for data protection.
 Types of Network Connection

VPN
LAN WAN
 PORTS
Ports – Ports are the
virtual points in
networking where
network connections
start and end. Each ports
are associated with
specific service.
Ex. Suppose A sends an
mp3 file to B using file
transfer protocols
FTP protocols uses port
21
Common Threats
 Types of Security Measures

• Firewalls: A firewall is a security system designed to monitor and control incoming and outgoing network traffic
based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted
external networks, such as the internet.
Intrusion Detection and Prevention Systems (IDPS)
 Logs, monitoring, and SIEMs
• Logs, monitoring, and SIEMs - A SIEM (Security information and event management) is
a tool that analyses the logs from all systems and correlates the events. It looks for
indications of compromise (IOC). An IOC does not always translate into evidence of an
actual event, so it must be analysed by humans. This is where a security operation
centre (SOC) and an incident response team (IRT) must determine the next actions to
take.
 Best Practices for Network Security
1. Use Strong Passwords -
•Implement complex password policies requiring a mix of letters, numbers, and symbols.
•Encourage regular password changes and avoid password reuse.
2. Implement Multi-Factor Authentication (MFA) -
•Add an extra layer of security by requiring additional verification methods (e.g., SMS, authentication apps).
3. Regular Software Updates -
•Keep all operating systems, applications, and network devices updated to patch vulnerabilities.
4. Network Segmentation -
•Divide the network into segments to limit access and reduce the risk of widespread breaches.
5. Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) -
•Use firewalls to filter traffic and monitor for suspicious activities with IDS/IPS solutions.
6. Secure Configuration of Network Devices -
•Change default settings and passwords on routers, switches, and firewalls.`
7.Encryption-
•Use encryption for sensitive data in transit and at rest to protect it from unauthorized access.
8. Regular Security Audits and Penetration Testing-
•Conduct routine security assessments to identify and remediate vulnerabilities.
9. Employee Training and Awareness-
•Train employees on security best practices, phishing awareness, and incident response protocols.
10. Implement a Security Incident Response Plan-
•Develop and regularly update a plan to quickly respond to security incidents.
11. Backup Data Regularly-
•Perform regular backups of critical data and ensure that recovery procedures are in place.
12. Limit User Access and Privileges-
•Use the principle of least privilege, granting users only the access necessary for their roles.
13. Monitor Network Traffic-
•Use network monitoring tools to detect unusual patterns or anomalies.
14. Secure Remote Access-
•Implement secure methods for remote access (e.g., VPNs) and enforce strict access controls.
15. Review and Update Security Policies-
•Regularly review and update security policies to adapt to new threats and changes in the environment.
 Best Practices for Device Security
1. Keep Software Updated -
•Regularly update operating systems, applications, and firmware to patch vulnerabilities.

2. Use Strong Authentication Methods -

•Implement complex passwords and enable multi-factor authentication (MFA) for additional security.

3. Encrypt Sensitive Data-

•Use encryption for data at rest and in transit to protect it from unauthorized access.

4. Install Security Software-

•Use antivirus, anti-malware, and firewall software to protect against threats.

5. Limit Device Access-

•Use access controls to restrict who can access devices and sensitive data, adhering to the principle of least
privilege.

6. Secure Network Connections-

•Avoid public Wi-Fi for sensitive activities, and use a virtual private network (VPN) when necessary.
7. Disable Unused Features and Services -
•Turn off unnecessary services, such as Bluetooth and location services, to reduce exposure to attacks.
8. Implement Remote Wipe Capabilities-
•Enable remote wipe features to erase data from devices if they are lost or stolen.
9. Regular Backups-
•Schedule regular backups of important data to recover from potential data loss.
10. Monitor Devices for Unusual Activity-
•Use monitoring tools to detect and respond to suspicious activities promptly.
11. Educate Users-
•Train employees on security awareness, including phishing and safe browsing practices.
12. Establish a Device Management Policy-
•Develop a policy for managing devices, including security protocols and procedures for device lifecycle management.
13. Use Secure Configuration Settings-
•Configure devices with security best practices, changing default settings and passwords.
14. Implement Physical Security Measures-
•Protect devices from physical theft with locks, secure storage, and surveillance.
15. Review and Update Security Practices Regularly-
•Periodically assess and update security practices to address new threats and vulnerabilities.
Case Studies of Network
&
Device Security
Breaches
 Crowd Strike Outage

Crowd strike Outage

Microsoft has faced a widespread
outage, leading to disruptions across
multiple services and leaving users
worldwide experiencing the infamous
'Blue Screen of Death' (BSOD). This IT
breakdown, primarily linked to an issue
with CrowdStrike's Falcon Sensor
software, has caused significant
disruptions and sparked humorous
reactions online as users joked about
an early weekend arrival.
 APT-36 Attack
• APT-36 group is a Pakistan-based advanced persistent threat group which has specifically targeted employees of Indian

government related organizations.

• This group has remained active throughout 2022 using various techniques such as malvertising, and credential phishing

attacks.
• APT-36 has evolved their tactics, techniques and procedures (TTPs) incorporating new distribution methods and new
tools.
• The threat actor registered multiple new domains hosting web pages masquerading as the official Kavach app
download
portal.
• They abused the Google Ads paid search feature to push the malicious domains to the top of Google search results for
users in India.
• Beginning August 2022, the group started using a new data exfiltration tool which we have named Limepad. This tool
was
previously undocumented.
• While most binaries used by APT-36 in this campaign will execute only if the user’s machine is configured with India
time
zone (IST), we also found 2 binaries using the same code base which included a time zone check for both - India and Sri
Lanka. Since both India and Sri Lanka have the same time zone, we consider this check redundant.
• Credential harvesting attacks were used to spoof the National Informatics Center’s Kavach login page with the goal of
stealing credentials of government employees.
 Deadly
cyber attack
in Lebanon
reveals the
new face of
warfare
In 2004, General S. Padmanabhan, former chief of the Indian Army, envisioned a future where wars would be fought not just with
soldiers and tanks but with invisible weapons: cyber systems embedded in everyday devices.
What once seemed speculative has become a chilling reality in Lebanon, where a series of explosions involving Hezbollah’s
communication devices are suspected to have been triggered by a sophisticated cyber attack.
The explosions, which left at least nine dead and over 2,800 injured, have exposed a new frontier in modern warfare: cyberspace.
Hezbollah’s trusted pager network, thought to be secure and reliable, was suddenly compromised and turned into a series of bombs,
targeting those carrying them.
According to a Hezbollah official, the number of casualties continues to rise as the group reels from this unexpected assault. Only days
before, Hezbollah had received a new shipment of pagers, devices the group believed were less vulnerable to hacking than modern
smartphones.
 Some of the Latest Cybersecurity Technologies Include

•Artificial Intelligence (AI) and Machine Learning (ML): Artificial intelligence and Machine Learning are revolutionizing
the cybersecurity industry. These technologies analyze vast amounts of data, learn from patterns, and make predictions
about potential threats. By utilizing these technologies, cybersecurity experts can identify and respond to threats faster and
more accurately than ever before.

•Zero Trust Architecture: Zero trust is a security model that requires strict identity verification for every person or device
that tries to access an organization’s network or resources. This model assumes that no one is trusted by default, even if
they are within the organization’s network perimeter. Zero trust architecture has gained popularity in recent years due to
the increasing number of cyberattacks targeting businesses and organizations.

•Blockchain: Blockchain technology is most associated with cryptocurrencies, but it has the potential to transform
cybersecurity as well. By creating a decentralized database, blockchain can provide secure storage for sensitive
information. Because there is no central authority controlling the data, it is much more difficult for hackers to gain
unauthorized access.

•Quantum Computing: Quantum computing is a technology that uses quantum mechanics to process data. It has the
potential to solve complex problems much faster than traditional computers. While this technology is still in its infancy, it
has the potential to revolutionize the field of cybersecurity by allowing more secure encryption.

•Cloud Security: Cloud computing has become an essential part of many businesses, but it also introduces new security
risks. Cloud security technologies are emerging to address these risks, such as multi-factor authentication, encryption, and
access controls. By utilizing these technologies, businesses can ensure that their data is secure in the cloud.

•Internet of Things (IoT) Security: IoT devices are becoming more prevalent in homes and businesses, and they are
often vulnerable to cyberattacks. IoT security technologies include encryption, access controls, and monitoring to protect
IoT devices and the data they collect.
Scanning Tools
Saymine app
BIS CARE APP
 Essentials hacks

• *#21# OR *#67# - To check whether your phone

services are forwarded or not.

• ##002# - To disable the forwarded services of mobile

phone .
Cyber Security Hygiene Guidelines & Incident response Mechanism
Q&A Session
 THANKS
ER. Udit Sharma
Cyber Crime & Cyber Forensic Investigator

+91 9650579063
Linkedin – Udit Sharma
https://in.linkedin.com/in/udit-sharma-204782151

Economic Offences Unit ,Cyber Crime Cell, Bihar, Patna