SCT Unit-I
SCT Unit-I
SCT Unit-I
Network and Information security Fundamentals: Network Basics, Network Components, Network Types,
Network Communication Types, Introduction to Networking Models, Cyber Security Objectives and Services,
Other Terms of Cyber Security, Myths Around Cyber Security, Recent Cyber Attacks, Generic Conclusion
about Attacks, Why and What is Cyber Security, Categories of Attack
Network Basics:
A computer network comprises two or more computers that are connected—either by cables (wired) or WiFi
(wireless)—with the purpose of transmitting, exchanging, or sharing data and resources. You can build a
computer network using hardware (e.g., routers, switches, access points, and cables) and software (e.g.,
operating systems or business applications).
Geographic location often defines a computer network. For example, a LAN (local area network) connects
computers in a defined physical space, like an office building, whereas a WAN (wide area network) can connect
computers across continents. The internet is the largest example of a WAN, connecting billions of computers
worldwide.
Computer networks enable communication for every business, entertainment, and research purpose. The
internet, online search, email, audio and video sharing, online commerce, live-streaming, and social networks
all exist because of computer networks.
Network Components:
Computer network components are the major parts which are needed to install the software. Some important
network components are NIC, switch, cable, hub, router, and modem. Depending on the type of network that
we need to install, some network components can also be removed. For example, the wireless network does not
require a cable.
1.NIC:NIC stands for network interface card. NIC is a hardware component used to connect a computer with
another computer onto a network. It can support a transfer rate of 10,100 to 1000 Mb/s. The MAC address or
physical address is encoded on the network card chip which is assigned by the IEEE to identify a network card
uniquely. The MAC address is stored in the PROM (Programmable read-only memory).There are two types of
NIC:
1. Wired NIC
2. Wireless NIC
Wired NIC: The Wired NIC is present inside the motherboard. Cables and connectors are used with wired NIC
to transfer data.
Wireless NIC: The wireless NIC contains the antenna to obtain the connection over the wireless network. For
example, laptop computer contains the wireless NIC.
2.Switches: A switch is a device that connects other devices and manages node-to-node communication within
a network, ensuring data packets reach their ultimate destination. While a router sends information between
networks, a switch sends information between nodes in a single network. When discussing computer networks,
‘switching’ refers to how data is transferred between devices in a network.
3. Network cable types: The most common network cable types are Ethernet twisted pair, coaxial, and fiber
optic. The choice of cable type depends on the size of the network, the arrangement of network elements, and
the physical distance between devices
4.Hub: A Hub is a hardware device that divides the network connection among multiple devices. When computer
requests for some information from a network, it first sends the request to the Hub through cable. Hub will
broadcast this request to the entire network. All the devices will check whether the request belongs to them or
not. If not, the request will be dropped.
The process used by the Hub consumes more bandwidth and limits the amount of communication so it is replaced
by more advanced computer network components such as Switches, Routers.
5. Routers: A router is a physical or virtual device that sends information contained in data packets between
networks. Routers analyse data within the packets to determine the best way for the information to reach its
ultimate destination. Routers forward data packets until they reach their destination node
6. Modem: A modem is a hardware device that allows the computer to connect to the internet over the existing
telephone line. A modem is not integrated with the motherboard rather than it is installed on the PCI slot found
on the motherboard. It stands for Modulator/Demodulator. It converts the digital data into an analog signal over
the telephone lines.
Network Types:
1.LAN (local area network): A LAN connects computers over a short distance, allowing them to share data,
files, and resources. For example, a LAN may connect all the computers in an office building, school, or
hospital. Typically, LANs are privately owned and managed
2.WLAN (wireless local area network): A WLAN is just like a LAN but connections between devices on the
network are made wirelessly
3.WAN (wide area network): As the name implies, a WAN connects computers over a wide area, such as
from region to region or even continent to continent. The internet is the largest WAN, connecting billions of
computers worldwide. You will typically see collective or distributed ownership models for WAN management
4.MAN (metropolitan area network): MANs are typically larger than LANs but smaller than WANs. It is
used to connect group of LAN networks. Cities and government entities typically own and manage MANs
5.PAN (personal area network): Personal Area Network is a network arranged within an individual person,
typically within a range of 10 meters. Personal Area Network is used for connecting the computer devices of
personal use is known as Personal Area Network Personal computer devices that are used to develop the personal
area network are the laptop, mobile phones, media player and play stations.
6.SAN (storage area network): A SAN is a specialized network that provides access to block-level storage—
shared network or cloud storage that, to the user, looks and works like a storage drive that’s physically attached
to a computer
7.CAN (campus area network): A CAN is also known as a corporate area network. A CAN is larger than a
LAN but smaller than a WAN. CANs serve sites such as colleges, universities, and business campuses
8.VPN (virtual private network): A VPN is a secure, point-to-point connection between two network end
points . A VPN establishes an encrypted channel that keeps a user’s identity and access credentials, as well as
any data transferred, inaccessible to hackers
Networking models:
The networking model describes the architecture, components, and design used to establish communication
between the source and destination systems. There are 2 models are available.
1.Open System Interconnection (ISO) Model: This model has seven layers:
• Application Layer: This layer is responsible for providing interface to the application user. This
layer encompasses protocols which directly interact with the user.
• Presentation Layer: This layer defines how data in the native format of remote host should be
presented in the native format of host. It performs Translation, Compression and
Encryption/decryption.
• Session Layer: This layer maintains sessions between remote hosts. It can establish the sessions
and it will manage the sessions and finally it can terminate the sissions. for example, once
user/password authentication is done, the remote host maintains this session for a while and does
not ask for authentication again in that time span.
• Transport Layer: This layer is responsible for end-to-end delivery between hosts in the format of
UDP/TCP.
• Network Layer: By using this layer it finds best way to move a packets from source to destination.
• Data Link Layer: This layer is responsible for converting received packets to frames depending
on NIC frame size.,. Link errors are detected at this layer.
• Physical Layer: This layer defines the hardware, cabling wiring, power output, pulse rate etc.
1.Application Layer: This layer is responsible for providing interface to the application user. This layer
encompasses protocols which directly interact with the user.
2.Transport Layer: This layer is responsible for end-to-end delivery between hosts.
3. Network Layer: By using this layer it finds best way to move a packets from source to destination.
4.Data Link Layer: This layer is responsible for converting received packets to frames depending on NIC
frame size.,. Link errors are detected at this layer.
5.Physical Layer: This layer defines the hardware, cabling wiring, power output, pulse rate etc.\
What is Cyber Security?
The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into
two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks,
programs, and data. And security is concerned with the protection of systems, networks, applications, and
information. In some cases, it is also called electronic information security or information technology
security.
"Cyber Security is the set of principles and practices designed to protect our computing resources and online
information against threats."
The CIA triad is a security model that is designed to guide policies for information security within the premises
of an organization or company. This model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad.
1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information.Only right
people will get the information or data.
It prevents essential information from reaching the wrong people while making sure that the right people can
get it. Data encryption is a good example to ensure confidentiality.
ii.Access control:Access control defines rules and policies for limiting access to a system. It is a process by
which users are granted access and certain privileges to systems, resources or information. In access control
systems, users need to present credentials before they can be granted access such as a person's name or a
computer's serial number.
iii.Authentication:An authentication is a process that ensures and confirms a user's identity or role. It can be
done in a number of different ways, but it is usually based on a combination of-
V.Physical Security:Physical security protects IT equipment from unauthorized access. It protects facilities,
personnel, resources and other properties assets from physical threats including theft, vandalism, fire and natural
disasters.
2. Integrity
Integrity method check data is genuine or not.Integrity refers to the methods for ensuring that data is real,
accurate and safeguarded from unauthorized user modification. It is the property that information has not be
altered in an unauthorized way, and that source of the information is genuine.
i.Backups
Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in the event
when the original data or data files are lost or destroyed.
ii.Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words, it is the
computation of a function that maps the contents of a file to a numerical value. They are typically used to compare
two sets of data to make sure that they are the same.
3. Availability
Availability is the property in which information is accessible and modifiable in a timely fashion by those
authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized people.
o Physical Protections
o Computational Redundancies
i.Physical Protections
Physical safeguard means to keep information available even in the event of physical challenges. It ensure
sensitive information and critical information technology are housed in secure areas.
ii.Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve as
fallbacks in the case of failures.
1. Authentication :
This is one of the common cyber security terms. Authentication is the process of identifying someone's or
something's identity, making sure that something is true, genuine, or valid. This can be carried out either by
a PIN/password, retina scan, or biometric scan, sometimes even a combination of these things.
2. Botnet
A combination of the words “robot” and “network”, a botnet is a network of devices (computers, routers,
etc.) that have been infected with a malicious code and can be operated continuously to create malicious
security operations. These attacks can be of any type including click fraud, Bitcoin mining, sending spam e-
mails, and Dos/DDoS attacks. If a harm API downloaded in the user device that is called Bot. If a harm API
downloaded in the group of user devices that is called Botnet.
A data breach is one of the basic cybersecurity terms that is the result when a hacker successfully attacks the
Business, government, and individual, gaining control of its network, system, server, or database and
exposing its data, usually personal data such as Credit Card numbers, Bank Account numbers, Username
passwords, Social Security numbers, and more.
4. Encryption
Encryption is the technique by which any kind of information can be converted into a secret form that
conceals the actual meaning of the information. It helps protect confidential information and sensitive &
critical data and can improve the security of communication.
5. Firewall
Firewalls can be in the form of software or hardware, monitors, and filters inbound and outbound network
traffic based on an organization's created security policies.
6. Malware
Malware is the short form for “malicious software”, describing a wide variety of malicious software or code
used to infect and/or damage a system. It comes in all shapes and sizes. For example, Ransomware, worms,
viruses, and trojans are all considered malware and can be in the format of Images, documents, pdf, or
multimedia and can be delivered through any channel like spam email, SMS, the man-in-the-middle attack,
etc.
7.Phishing
Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal,
eBay, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text
message with a link to persuade them to click on that links. This link will redirect them to fraudulent websites to
provide sensitive data such as personal information, banking and credit card information, social security numbers,
usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers
to control devices remotely.
June 2023
June 27th
American Airlines Data Breach: Hackers have reportedly stolen personal information relating to ‘thousands'
of pilots that applied for roles at American Airlines and Southwest Airlines. Rather than being taken directly
from either airline, the information was extracted from a database maintained by a recruiting company. Around
8,000 pilots are thought to have been affected, including 2,200 represented by the Allied Pilots Association.
June 21st
UPS Canada Data Breach: United Parcel Service has strongly hinted to customers based in Canada via a letter
that their personal data may have been exposed in a breach, after fraudulent messages demanding payment
before delivery were spotted.
The strangely-worded letter sent out to customers suggested that “a person who searched for a particular
package or misused a package lookup tool” could have uncovered personal information relating to customers,
such as phone numbers.
June 21st
Bryan Cave/Mondelez Data Breach: Snack and confectionary manufacturer Mondelez, the parent company
that owns Oreo, Chips Ahoy!, Sour Patch Kids, Toblerone, Milka, Cadbury, and many other well-known
brands, has notified employees that their personal information has been compromised in a breach at law firm
Bryan Cave.
Bryan Cave provides Mondelez and a number of other large companies with legal services. According to
the data breach notice filed to the Maine Attorney General's Office, 51110 employees are thought to have been
affected. Although the data breach occurred in February of this year, it was only discovered three months later
in May, the filing reveals.
June 19th
Reddit Data Breach: Hackers purporting to be from the BlackCat ransomware gang have threatened Reddit
with leaking 80GB of confidential data they stole from its servers in February. The gang is demanding a $4.5
million payout and also wants Reddit to renege on its new pricing policy that garnered widespread backlash.
June 9th
Intellihartx Data Breach: Healthcare management firm Intellihartx confirmed that hackers stole the medical
details of over half a million patients, including social security numbers. According to a notice filed with Maine
attorney general’s office, the breach took place in January, but wasn't discovered until April.
June 1st
MOVE it hack, affecting Zellis, British Airways, BBC and others: MOVEit, a popular file transfer tool, was
compromised, leading to sensitive data belonging to many firms that use the software being compromised as
well. The hack was disclosed by Progress Software, makers of MOVEit, and since then, many companies have
reported being affected. These include payroll provider Zellis, British Airways, BBC, and the province of Nova
Scotia. However, it is believed that many more companies will have been impacted. Russian ransomware group
Clop has claimed responsibility for the attack on June 6th.
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer
code, logic or data and lead to cybercrimes, such as information and identity theft.
We are living in a digital era. Now a day, most of the people use computer and internet. Due to the dependency
on digital things, the illegal computer activity is growing and changing like any type of crime.
Web-based attacks:
These are the attacks which occur on a website or web applications. Some of the important web-based attacks are
as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and fetch
the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies to store the
state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.
3.Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit
card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.
4.Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a
bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted
connection.
System-based attacks:
These are the attacks which are intended to compromise a computer or a computer network. Some of the important
system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without the knowledge of a
user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other
computer programs when executed. It can also execute instructions that cause harm to the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works
same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when
the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when
opened/executed some malicious code will run in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an
application or operating system can be accessed for troubleshooting or other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services. Some bots program
run automatically, while others only execute commands when they receive specific input. Common examples of
bots program are the crawler, chatroom bots, and malicious bots.
Generic conclusion
Organizations are finding themselves under the pressure of being forced to react quickly to the dynamically
increasing number of cybersecurity threats. Since the attackers have been using an attack life cycle,
organizations have also been forced to come up with a vulnerability management life cycle. The vulnerability
management life cycle is designed to counter the efforts made by the attackers in the quickest and most
effective way. This chapter has discussed the vulnerability management life cycle in terms of the vulnerability
management strategy. It has gone through the steps of asset inventory creation, the management of information
flow, the assessment of risks, assessment of vulnerabilities, reporting and remediation, and ...
This is a new take on extortion that can damage both businesses and individuals. There are numerous
variations, but the most common is when hackers seize control of a victim’s computer and freeze it, then
promise to restore access once a ransom is paid.
The diversion of funds from their legitimate destination to a fraudster’s account is typical of this type of attack.
Phishing is a tactic used by criminals to extract enough information to launch an attack. They then gain access
to email servers and send emails that appear to be genuine but aren’t. Invoice fraud is one of the versions of this
technique. A legitimate provider sends an email notifying of a change of bank account data; however, the bank
account details provided are those of a fraudster. This type of fraud frequently mixes cyber-attack aspects with
offline elements such as social engineering.
When enormous volumes of information are exposed online, thieves can exploit it to perpetrate financial fraud.
Some fraudsters may only require credit card numbers, purchase histories, and names and addresses to commit
identity theft. Research indicates, criminals may accumulate personal data over time, boosting their potential to
profit from it. They might, for example, gather a name and address from one breach and a credit card number
from another, then combine the two to perpetrate identity theft.
Last but not least, there are politically driven cyber assaults. These assaults occur for propaganda purposes in
order to harm the public’s perception of a particular state or government. It could also be used for more
nefarious purposes, such as leaking sensitive intelligence, private information, or embarrassing information.
Cyber-attacks might conceivably go even farther, with government-backed hackers creating malware to corrupt
and destroy a weapons program or other critical infrastructure.