Cyber Security Fundamentals (M)
, School of Computing Science, University of Glasgow, Scotland. http://www.mariaevangelopoulou.com/
Structure of Lectures
Copyright By PowCoder代写 加微信 powcoder
Sections that will be covered:
Cyber Security Basic background, Look into networking,
Cyber Attacks and defence,
Web applications’ vulnerabilities, Trending in Cyber,
Penetration testing & Digital Forensics. Guest lectures to be confirmed.
CSF 2022 CSF Intro
➢ For this course (good practice); 1) You will need to check your emails for any updates; 2) Come prepared when pre-reading material is given; 3) Participate in class activities; 4) Complete the assessment which covers 20% of the course; 5) Attend lectures and labs (lab work 10%); do quizzes (10%) 6) Help your fellow classmates when necessary and ask for help when you have an issue.
➢ There will be lab sessions starting after the first two weeks. Some of the lab sessions will be essential in order to keep up with the lecture material; there will also be lab sessions that will cover your assessment. Please note that lecture material is normally given the day before the lecture; any quiz sessions tutorial and lecture notes will be given afterwards.
➢ We will have a series of lectures; these lectures will have a different style as they will focus on both theoretical and practical aspects of cyber security. We will start with our first lecture discussing the basic terms in cyber security and we will move on to explaining the basic underlying networking. A more in depth look will be taken into different kind of cyber attacks an defence mechanisms. Concentrating on web application vulnerabilities we will move on discussing different trends on cyber such as ransomware, bitcoins and more. We will continue our lectures with the five steps of Penetration testing and we will move on to a “Digital Forensics” lecture; this will give an insight in the computer and network forensics world by investigating how a forensic procedure is done. In the end, we will have a exam preparation session. Guests will be confirmed in the following weeks.
➢ Please mail me for any questions:
Lecturer’s instructions
When you see the red sign in a slide it means that you must not use anything described in the specific slide without the necessary authorisation. The lecturer of this course will not be responsible for any misuse.
When you see the green sign in a slide it means that you can use anything described in the specific slide on your own.
CSF 2022 CSF Intro
➢ Some tools need special permissions in order to run them in a secure manner without violating any laws!!!
➢ Because of this we have created these signs to indicate to you which tools are ok to be used and which are not!
➢ One of the most important slides as if you don’t follow this rule it can have serious impact on you, so please don’t use anything under the banner of the red (first) sign.
What is Cyber Security?
Is Cyber Security important & why?
@totalizemedia.co.uk
CSF 2022 CSF Intro
@InfoSec Institute
➢ As you can see from the graph we rely more and more on networking infrastructures for our operation and safekeeping of data. On one hand flexibility and accessibility is increased for the user, but also the danger of loss/leakage, disruption and more is increasing. Discussion in class about this subject and explanation on some graph details. Moreover, the sophistication of attacks and complexity have increased.
➢ PoS stands for Point of Sale; where the target is sale and payment terminals.
CSF 2022 CSF Intro
What needs to be protected?
• Personal Data
• Confidential documents
• Operational Data
• Applications – API / Services
• Transactions
• Social Media
➢ So what do you think that needs to be protected? (discussion in class)
➢ Example: Personal data: Photos, ID, Passwords, NiNo, Confidential
personal documents, banking, medical records…
➢ Confidential documents; in this case especially in a work environment you will see that there is a classification system for some of the documents depending on the content.
➢ Operational data; knowing how a critical infrastructure operated is a powerful thing to know, especially for a malicious entity.
➢ Application data; the same goes about data stored from the applications we use. Think about what happened with Facebook when the company sold users’ data and violated the users’ trust.
➢ Transactions; data about preferences on what someone is purchasing. Bank account numbers; card pin numbers.
➢ Social media; someone might think that social media is not a powerful tool but can you imagine how a malicious entity can take advantage of this freely given information? Your preferences, your location, your friendships..
Defend & Remediate
CSF 2022 CSF Intro
Perimeter Scanner
Firewall Proxy
End Point /AV
➢ This is an example of layered defend mechanisms that can be applied to a company. Some companies have more or less layers of defence employed.
➢ The usual strategy for cyber security defend mechanisms is to follow a layered architecture (defence in depth). Building lots of defend mechanisms around the things that we want to protect; like an onion with lots of layers; if you want to reach the core you have to pass the other stages first. Why this is a good technique? Because a failsafe exists. If one of the layers fail to detect an attack, maybe one of the other employed mechanisms will succeed. However, do not forget that everything is about configuration. Just employing a tool does not guarantee that has been employed correctly; the way of configuring any tool is really important. Is there a system 100% secure? No, there is no system in the world 100% secure. Can you think another protection low level mechanism? Setting user permissions; password protection and encryption of files. What about critical infrastructures? Is there a problem there? Yes because mainly due to the importance of their operation updates might not be allowed to take place from a safety aspect. In these types of infrastructure the risk of making the operation unstable due to an update is taken seriously. However, no updating leads to possible creation of security holes.
➢ AV stands for antivirus software. In network security, endpoint is mainly security software that can be located on a server or gateway and also on local devices. Basically it is installed on possibly entry points when authentication and updates take place when needed. In general, antivirus is scanning the system to match its’ signature virus database and detect an infection. Endpoint is a behavioural antivirus that tries to identify patterns.
➢ A proxy server behaves as an intermediary for requests from clients requesting some service, such as a file, web page, or other resource available from a different server and the proxy server evaluates the request. For example; if malware exists on the client and tries to communicate with the Command and Control (CNC) server of the attacker in order to download the payload, the proxy server will be a defence layer that will evaluate the request and block the connection.
➢ A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules. Consider it as a barrier between a trusted internal network and untrusted external network.
The difference in a proxy firewall is that it also monitors incoming traffic and make deep packet inspection for identifying any signs of attack. Proxy firewalls are considered to be the most secure type of firewall because they prevent direct network contact with other systems as they have their own IP address. However, this can cause a bottleneck which will lead to degradation of performance and at the same time can make the proxy firewall a single point of failure for the system.
➢ An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. An Intrusion Prevention System (IPS), also acts when a suspicious activity is identified in order to prevent any damage. Firewall Vs IDS: A firewall limits access between networks to prevent intrusion and do not alert if an attack has been identified. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm.
➢ Perimeter Scan is basically external vulnerability scanning (easier and faster) in a structured and simplified manner and it is really useful especially for big organisations.
CSF 2022 CSF Intro
Cyber attack Techniques
Passive Attack
• Information Gathering
• Vulnerability Scan.
• Usually the first step of a more complex attack & long term.
Active Attack
• GainAccess.
• Disruption & Damage of Service.
• Usually short term attack.
➢ How can an attack occur?
➢You can have a malicious entity that has gained access passively gathering information and at the same time do vulnerability scanning that will not raise suspicion. These type of attacks occur with different techniques; for example masquerading as a legitimate user or by man in the middle where the malicious entity is undetected in the network gathering information. Usually these type of attacks are long term and might only represent a stage of a multi – staged attack; it always depend on the goal of the attacker.
➢ In a more active attack usually the malicious entity doesn’t care about detection in the system; it is usually a short term type of attack (but it can be persistent) or might be the extension of a passive attack.
CSF 2022 CSF Intro
Cyber attack Goals & Attackers
• Data Loss / Leakage
• Reputation
• Financial
• Disruption
• Loss of life
Type of attackers
• Hacktivists
• Malicious insider
• Malicious outsider • Attack by accident • Government
• Competitors
➢Can you think what the goals of a cyber attack can be? And who might be the malicious entity? (Discussion in teams)
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com