The Need for Security

CC16 – IT Security
Unit 1
Table of Content
• Introduction to IT Security
• The Environment
• Attack Concepts & Techniques
Introduction to IT Security
What is IT Security? | IT Security vs. Information Security | Goals |Domains
What is IT Security?
• A set of cyber security strategies that prevent
unauthorized access
• Focuses on protecting organizational assets against
cyberattacks and other threats
IT Security vs. Information Security
• IT Security:
• Securing digital data (technical) through computer network
security
• Protect against cyber attacks.

• Information Security:
• Processes and tools designed to protect sensitive business
information
• Sensitive data examples include business policies, files, phone
calls or faxes.
Goal of IT Security
Goal of IT Security
1. Confidentiality:
• Data access is restricted to
authorized users only. CONFIDENTIALITY

• All messages are encrypted

and can only be decrypted
by authorized recipients.
• Ensures that sensitive
information is protected from
unauthorized access.
AVAILABILITY INTEGRITY
Goal of IT Security
2. Integrity:
• Maintains the accuracy and
consistency of data. CONFIDENTIALITY

• Uses hashing to detect

unauthorized modifications.
• Any change in the original data
results in a different hash value,
allowing detection of tampering.
• Commonly used in file
verification, password storage, AVAILABILITY INTEGRITY

and digital signatures.

Goal of IT Security
3. Availability:
• Ensures that systems, services,
and data are accessible when CONFIDENTIALITY

needed.
• Achieved through regular data
backups and system
redundancy.
• Implements failover mechanisms
and other high-availability
strategies. AVAILABILITY INTEGRITY
Domains of IT Security
1. Network Security: Firewalls, intrusion prevention
2. Internet Security: HTTPS, secure browsing
3. Endpoint Security: Antivirus, EDR
4. Cloud Security: Data encryption, access control
5. Application Security: Code review, patching
6. Information Security: Data protection, encryption
7. Operational Security: Access policies, role-based control
8. Mobile Security: MDM, biometrics
9. IoT Security: Device hardening, updates
10. User Education: Phishing awareness, training
11. Cybersecurity: Threat defense, system protection
The Environment
What is Cybersecurity? | Importance | Challenges |Impact of
a Security Breach
What is Cybersecurity?
• Protection of networked systems and data from unauthorized use or
harm (Cisco)
• Refers to a set of techniques used to protect the integrity of an
organization’s security architecture and safeguard its data against
attack, damage, or unauthorized access (Palo Alto Networks)
• The practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks
(Kaspersky)
What is Cybersecurity All About?
• A successful cybersecurity approach has multiple layers of
protection spread across computers, networks, programs
or data that one intends to keep safe
• In an organization, the people, processes and technology
must all complement one another to create and effective
defense from cyber attacks
• A unified threat management system can automate
integrations across products and accelerate key security
operations functions: detection, investigation, and
remediation
Importance of Cybersecurity
• A single cybersecurity attack
can result in everything from
identity theft, extortion
attempts, to the loss of
important data
• Cyberattacks may also occur
in critical infrastructures like
power stations, hospitals, and
financial service companies
Importance of Cybersecurity
• Increasingly Sophisticated Attacks: New tactics
• Widely Available Hacking Tools: Tor, emulators, rooting,
Flipper Zero
• Compliance: Check threat management plan
• Rising Cost of Breaches: Trade secrets, data value
• Strategic, Board-Level Concern: Stakeholder concern
• Cybercrime is Big Business: Paid to harm competitors
Challenges of Cybersecurity
• Internet of Things (IoT): Expanding attack surface
• Rapidly Evolving Risks: Constantly changing threats
• Big & Confidential Data: Protecting sensitive information
• Organized & State-sponsored Hacker Groups: Advanced,
funded attacks
• Remote Working: Securing dispersed networks
• High-speed Internet: Faster attacks, more exposure
• BYOD (Bring Your Own Device): Weak security on personal
devices
Impact of a Security Breach
• Ruined Reputation
• Vandalism
• Theft
• Revenue Lost
• Damaged Intellectual Property
Attack Concepts
Types of Attackers | Terms | Cybersecurity Threats | Malware |
Types of Malware | Symptoms of Malware
Types of Attackers
Cyber Attackers

Outsiders Insiders
• Employees and
ex-employees
Organized Attackers • Contract Staff
• Cyber Criminals • Trusted Partners
• Hacktivists
Hackers
• Terrorists
• Black hats
• State-sponsored
• Grey hats Amateurs
• White hats
Definition of Terms
• Vulnerability
• Weaknesses or flaws in the hardware or software

• Exploit
• (v) Method used to take advantage vulnerability
• (n) Tools used to take advantage vulnerability

• Breach
• Successful exploit if vulnerability
Types of Cybersecurity Threats
• Cybercrime
• Efforts by bad actors to profit from their malicious attacks
• May be direct financial theft, identity theft, selling info from data break,
hijacking computing resources for crypto-jacking to mine
cryptocurrencies
• Disruption
• Attempts to disrupt operations of organizations by attacking their IT
and operational technology (OT) infrastructure to damage it,
temporarily shut it down, or hold it for ransom
Types of Cybersecurity Threats
• Espionage
• Attacks backed by state agencies that are part of a boarder
espionage and military activity.
Malware
• Malicious software that infects a computer, ranging from
mild inconvenience to dangerous experience.
• Usually as a bundled software in a software suite or as a
hidden software
Types of Malware
• Spyware: Records/snoops on files, may include keyloggers.
• Adware: Displays unwanted ads, often bundled in software like VLC or
emulators.
• Bot (Botnets): Infected computers used to disrupt connections, controlled
via a CNC (Command and Control system).
• Rootkit: Exploits access privileges to gain control, like the recent incident
with Linus Tech Tips and a stored cookie being intercepted.
• Scareware: Scares victims with false deadlines, often linked to scam call
centers (e.g., Jim Browning’s investigations into scams targeting vulnerable
individuals).
Types of Malware
• Ransomware: Takes your computer hostage unless you pay a
money to unlock it
• Virus: Needs a bridge, needs human intervention, uses USB
• Trojan Horse: Activated after a while or after opening the file.
May contain a virus or a worm.
• Worm: Self-propagating
• MiTM (Man in the Middle Attack): Intercepting a connection
between you and the supposed network
Symptoms of Malware
• There is an increase in CPU usage
• There is a decrease in computer speed
• The computer freezes or crashes often
• There is a decrease in Web browsing speed
• There are unexplainable problems with network connections
• Files are modified
• Files are deleted
Symptoms of Malware
• There is a presence of unknown files, programs, or desktop
icons
• There are unknown processes running
• Programs are turning off or reconfiguring themselves
• Email is being sent without the user’s knowledge or
consent
Attack Techniques
Methods of Infiltration | Methods to Deny Service | Blended
Attacks | Impact Reduction
Methods of Infiltration
1. Social Engineering
• Pretexting: Fabricated stories to gain trust (e.g., lottery win, long-lost
relative).
• Tailgating: Following someone into a restricted area.
• Something for Something: Offering something in return (similar to the
Nigerian prince scam).
• Phishing: Fraudulent emails posing as legitimate entities; Spear phishing
targets specific individuals; Whaling targets executives.
• Smishing: SMS scams (e.g., fake lottery wins or promotions).
• Vishing: Telephone scams (e.g., impersonating tech support or using AI
voice modulation).
Methods of Infiltration
2. Password Cracking
• Brute-force: Attacking by trying all possible password
combinations.
• Network Sniffing: Intercepting and analyzing network traffic to
capture sensitive data.
• Social Engineering: Manipulating individuals into revealing
confidential information.
Methods of Infiltration
3. Vulnerability Exploitation
a) Gather info about the target using a port scanner or social
engineering
b) Determine learned info from (a)
c) Look for vulnerability
d) Use a known exploit or a write a new exploit
Methods of Infiltration
4. Advanced Persistent Threats
• Usually well-funded
• Deploy customized malware
Methods to Deny Service
• Overwhelm quantity of traffic
• Send enormous quantity of data at a rate that cannot be
handled

• Maliciously formatted packets

• Sent to a host or application and the receiver is unable to handle
it
• Zombie – Infected Host
• Botnet – Network of Infected Hosts
Methods to Deny Service
• SEO
• Search Engine Optimization
• Techniques to improve a website’s ranking by search engine

• SEO Poisoning
• Increase traffic to malicious websites
• Force malicious sites to rank higher
Blended Attacks
• Uses multiple techniques to compromise a target
• Uses a hybrid of worms, Trojan horses, spyware, keyloggers,
spam, and phishing schemes
• Common example
• Spam email, instant messages or legitimate websites to distribute
links
• DDoS combined with phishing emails
Impact Reduction
• Communicate the Issue
• Be sincere and accountable
• Provide details
• Understand the cause of the breach
• Take steps to avoid another similar breach in the future
• Ensure all systems are clean
• Educate employees, partners, and customers
References
• https://www.cisco.com/c/en/us/products/security/what-is-it-
security.html
• https://www.checkpoint.com/cyber-hub/cyber-security/what-
is-it-security/
• https://www.ncsc.gov/uk/section/about-ncsc/what-is-cyber-
security
• https://www.greenbone.net/en/it-security-information-security-
and-data-security/#head1b