Introduction to Cyber Security (1) (1)
Uploaded by
danishsyed1123Introduction to Cyber Security (1) (1)
Uploaded by
danishsyed1123Introduction to Cyber
Security
Basic Cyber Security
● Cybersecurity is a practice organizations engage in to protect their information,
systems and devices from unwanted attacks and digital threats. Also called
information technology security, efforts to prevent cyber attacks are extremely
important because they can help organizations protect sensitive data, prevent
losses from system downtime and save money on breach responses.
● Having a robust and comprehensive cybersecurity strategy is incredibly important
for businesses, especially those responsible for protecting sensitive customer
information.
Cybersecurity concepts
1. The confidentiality, integrity and availability (CIA) triad
Confidentiality, integrity and availability (CIA) are three key tenants of cybersecurit y.
● Confidentiality: Confidentiality refers to processes organizations take to protect data from
unauthorized viewing or use. This can help keep sensitive information secure and safe and improve
customer trust.
● Integrity: The second element of the triad, integrity, has to do with maintaining accurate and
complete information by protecting it from unauthorized alterations.
● Availability: The last element of the triad, availability, covers data's accessibility to authorized
viewers. This means that those who have the authority to view or change information can do so.
2. Cyberattacks
● Malware: Malware is a type of software created to disrupt a system, bypass information
authorization requirements, leak information or prevent authorized access attempts. To protect
against socially engineered malware, cybersecurity professionals often use anti-malware programs along
with end-user education efforts.
● Phishing: Phishing attacks often strive to get login information using spam emails or false
information. Two-factor authentication is one method organizations can use to protect against these
attacks.
● Social media: Social media often poses many security threats, too. Malignant friend requests or
application downloads could carry hacking dangers.
● Persistent: Advanced persistent threats (APT) are enduring and sophisticated attacks that usually rely on
phishing or socially engineered malware to work. They can be challenging to anticipate and protect
against.
● Software patches: Patches, or vulnerabilities, are security lapses that pose opportunities for
cyberattacks. Prioritizing patchless software and protection measures can reduce vulnerabilities and
3. Identify access management (IAM)
IAM is a popular policy framework for managing online user identities. Access is based on specific IT systems.
The goal of IAM is to connect users with the correct level of access they need so they can execute their
system functions successfully.
4. Incident response (IR)
A company's IR protocols are the steps it follows after it detects an intrusion.
Establishing organized protocols can help organizations mitigate risks associated with attacks, breaches and
intrusions. It's important to establish protocols for each type of threat so personnel and systems can react
appropriately.
5. Security information and event management (SIEM)
SIEM is an essential component of building a successful Security Operations Center (SOC). It aims to
centralize all log data related to security.
To do this, organizations must use software that's compatible with all their data sources so that it can undergo
analysis systematically and continuously.
8. Cloud access security brokers (CASB)
CASB refers to policy plans cloud service providers have with their users. Plans often include standard
enforcement procedures like encryptions, alerts and authentication practices.
A strong policy can help create trusting relationships that adequately meet cloud service users' needs.
9. User and entity behavior analytics (UEBA)
UEBA is a thorough analysis meant to identify user behavior that deviates from normal use .
Comprehensive analytics can help security teams and software predict and understand user behavior. Ultimately,
this can reduce log session noise.
10. Indicator of compromise (IOC)
IOCs are network intrusion signals. Triggered by data, it's often possible to detect IOCs during log data analysis.
Differentiations from normal patterns, like geographic irregularities, unusual outbound site traffic, or unfamiliar
activity, are some common examples of IOCs.
11. Distributed denial of service (DDoS)
Hackers sometimes use DDoS to divert security measures during an attack. It could be a disruption to a web
services' operations or hackers might create multiple IP addresses to flood a site.
These efforts can make a web service unusable and especially vulnerable to compromise.
Layers of security
All potential access points and sites where hackers could obtain access to your network,
data, and organization must be carefully considered.
look at the 7 levels ,how they are vulnerable, and what we can do to secure
them with different security strategies.
The Human Layer
● Humans are the weakest link in any cyber security strategy, and they are
alone responsible for 90% of data breaches.
● Mission-critical assets are protected from a variety of human threats, such as
cybercriminals, malevolent insiders, and careless users, by human security
controls including phishing simulations and access management rules.
Security Strategy:
● Education and training, which include instructions on how to recognize and
deal with phishing attacks, strong password strategies, system
hardening, and cyber security awareness, are the best ways to keep the
human layer secure.
● Access controls are a smart notion for protecting the human layer
since they can reduce the amount of harm that could result from a successful
attack.
Perimeter Security
● The physical and digital security techniques that safeguard the entire company are
included in perimeter security controls.
● Here, we must first define our perimeter before determining the sort of data being
transmitted across this layer, and then we must secure both the data and the device.
Security Strategy:
This includes firewalls, data encryption, antivirus software, device management (which
is crucial if your company has a bring-your-own-device and setting up a secure demilitarized
zone for further security.
Network Security
● Network security measures to safeguard a company’s network and guard against
unwanted access.
● The key worry of the network layer is what users and devices can access once they are
within your system.
Security Strategy:
● If no one person has access to everything, then any successful cyberattack only results in
a small portion of the network being breached.
● The best practice for security at this layer is to only give employees and devices access to
Endpoint Security
Endpoint security measures safeguard the network connection between devices.
Security Strategy: Endpoint encryption is required to make sure that the
devices are operating in secure environments.
Application Security
Controls for application security guard against access to an application, access to
your mission-critical assets by an application, and internal application security.
Security Strategy:
The most basic thing you can do here is to keep your programs up to date. This
guarantees that the application is as secure as possible and that any known
security vulnerabilities are addressed.
Data Security
Data security measures protect the storage and movement of data, which is the target of cybercrime. The
most care must be taken with this layer because it is the foundation of your company.
Security Strategy:
At this level, keeping things secure entails file and disc encryption, frequent backups of all crucial data and
procedures, two-factor authentication, enterprise rights management, and rules that make sure data is erased
from devices that are no longer in use or that are being given to another employee.
Mission-Critical Assets:
● This layer focuses on safeguarding assets that are crucial to an organization's operations and
business continuity.
● These could include proprietary software, sensitive customer data, or essential hardware.
● Protection strategies here involve implementing layered defenses like firewalls, intrusion detection and
prevention systems, and robust access controls. For instance, regularly updating and patching
mission-critical applications ensures that vulnerabilities are addressed, minimizing the risk of exploitation
and ensuring the uninterrupted functionality of essential assets.
Vulnerability
Vulnerabilities are weaknesses in a system that gives threats the opportunity to
compromise assets.
1. Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system hardware
through physically or remotely.
For examples:
1. Old version of systems or devices
2. Unprotected storage
3. Unencrypted devices, etc.
2. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can
violate the security policy. For examples:
4. Lack of input validation
5. Unverified uploads
6. Cross-site scripting
7. Unencrypted data, etc.
3. Network Vulnerability:
A weakness happen in network which can be hardware or software.
For examples:
1. Unprotected communication
2. Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
3. Social engineering attacks
4. Misconfigured firewalls
4. Procedural Vulnerability:
A weakness happen in an organization operational methods.
For examples:
5. Password procedure – Password should follow the standard password policy.
6. Training procedure – Employees must know which actions should be taken
and what to do to handle the security. Employees must never be asked for
user credentials online. Make the employees know social engineering and
phishing threats.
Cybersecurity Threats
Cybersecurity threats are acts performed by individuals with harmful intent, whose goal is to steal data,
cause damage to or disrupt computing systems. Common categories of cyber threats include malware,
social engineering, man in the middle (MitM) attacks, denial of service (DoS), and injection attacks
Common Sources of Cyber Threats
Nation states—hostile countries can launch cyber attacks against local companies and institutions,
aiming to interfere with communications, cause disorder, and inflict damage.
Terrorist organizations—terrorists conduct cyber attacks aimed at destroying or abusing critical
infrastructure, threaten national security, disrupt economies, and cause bodily harm to citizens.
Criminal groups—organized groups of hackers aim to break into computing systems for economic
benefit. These groups use phishing, spam, spyware and malware for extortion, theft of private
information, and online scams.
Hackers—individual hackers target organizations using a variety of attack techniques. They are usually
motivated by personal gain, revenge, financial gain, or political activity. Hackers often develop new
threats, to advance their criminal ability and improve their personal standing in the hacker
community.
Malicious insiders—an employee who has legitimate access to company assets, and abuses their
privileges to steal information or damage computing systems for economic or personal gain. Insiders
may be employees, contractors, suppliers, or partners of the target organization. They can also be
outsiders who have compromised a privileged account and are impersonating its owner.
Types of Cybersecurity Threats
Malware Attacks
● Malware is an abbreviation of “malicious software”, which includes
viruses, worms, trojans, spyware, and ransomware, and is the most
common type of cyberattack.
● Malware infiltrates a system, usually via a link on an untrusted
website or email or an unwanted software download.
● It deploys on the target system, collects sensitive data, manipulates
and blocks access to network components, and may destroy data or
shut down the system altogether.
types of malware attacks:
Viruses—a piece of code injects itself into an application. When the application runs,
the malicious code executes.
Worms—malware that exploits software vulnerabilities and backdoors to gain access to
an operating system. Once installed in the network, the worm can carry out attacks such
as distributed denial of service (DDoS).
Trojans—malicious code or software that poses as an innocent program, hiding in apps,
games or email attachments. An unsuspecting user downloads the trojan, allowing it to
gain control of their device.
Ransomware—a user or organization is denied access to their own systems or data via
encryption. The attacker typically demands a ransom be paid in exchange for a
decryption key to restore access, but there is no guarantee that paying the ransom will
actually restore full access or functionality.
Cryptojacking—attackers deploy software on a victim’s device, and begin using their
computing resources to generate cryptocurrency, without their knowledge. Affected
systems can become slow and cryptojacking kits can affect system stability.
Spyware—a malicious actor gains access to an unsuspecting user’s data, including
sensitive information such as passwords and payment details. Spyware can affect desktop
browsers, mobile phones and desktop applications.
Adware—a user’s browsing activity is tracked to determine behavior patterns and
interests, allowing advertisers to send the user targeted advertising. Adware is related to
spyware but does not involve installing software on the user’s device and is not necessarily
used for malicious purposes, but it can be used without the user’s consent and compromise
their privacy.
Fileless malware—no software is installed on the operating system. Native files like WMI
and PowerShell are edited to enable malicious functions. This stealthy form of attack is
difficult to detect (antivirus can’t identify it), because the compromised files are recognized
as legitimate.
Rootkits—software is injected into applications, firmware, operating system kernels or
hypervisors, providing remote administrative access to a computer. The attacker can start
the operating system within a compromised environment, gain complete control of the
computer and deliver additional malware.
Social Engineering Attacks
Social engineering involves tricking users into providing an entry point for malware. The victim
provides sensitive information or unwittingly installs malware on their device, because the
attacker poses as a legitimate actor.
types of social engineering attacks:
Baiting—the attacker lures a user into a social engineering trap, usually with a promise of
something attractive like a free gift card. The victim provides sensitive information such as
credentials to the attacker.
Pretexting—similar to baiting, the attacker pressures the target into giving up information
under false pretenses. This typically involves impersonating someone with authority, for
example an IRS or police officer, whose position will compel the victim to comply.
Phishing—the attacker sends emails pretending to come from a trusted source. Phishing often
involves sending fraudulent emails to as many users as possible, but can also be more targeted.
For example, “spear phishing” personalizes the email to target a specific user, while “whaling”
takes this a step further by targeting high-value individuals such as CEOs.
Vishing (voice phishing)—the imposter uses the phone to trick the target into
disclosing sensitive data or grant access to the target system. Vishing typically
targets older individuals but can be employed against anyone.
Smishing (SMS phishing)—the attacker uses text messages as the means of
deceiving the victim.
Piggybacking—an authorized user provides physical access to another individual
who “piggybacks” off the user’s credentials. For example, an employee may grant
access to someone posing as a new employee who misplaced their credential
card.
Tailgating—an unauthorized individual follows an authorized user into a location,
for example by quickly slipping in through a protected door after the authorized
user has opened it. This technique is similar to piggybacking except that the
person being tailgated is unaware that they are being used by another individual.
Supply Chain Attacks
● Supply chain attacks are a new type of threat to software developers and vendors.
Its purpose is to infect legitimate applications and distribute malware via source
code, build processes or software update mechanisms.
● Supply chain attacks are especially severe because the applications being
compromised by attackers are signed and certified by trusted vendors.
● In a software supply chain attack, the software vendor is not aware that its
applications or updates are infected with malware. Malicious code runs with the
same trust and privileges as the compromised application.
Types of supply chain attacks include:
Compromise of build tools or development pipelines
Compromise of code signing procedures or developer accounts
Malicious code sent as automated updates to hardware or firmware components
Malicious code pre-installed on physical devices
Man-in-the-Middle Attack
A Man-in-the-Middle (MitM) attack involves intercepting the communication between two endpoints, such as a
user and an application. The attacker can eavesdrop on the communication, steal sensitive data, and
impersonate each party participating in the communication.
Examples of MitM attacks include:
Wi-Fi eavesdropping—an attacker sets up a Wi-Fi connection, posing as a legitimate actor, such
as a business, that users may connect to. The fraudulent Wi-Fi allows the attacker to monitor the
activity of connected users and intercept data such as payment card details and login credentials.
Email hijacking—an attacker spoofs the email address of a legitimate organization, such as a bank, and
uses it to trick users into giving up sensitive information or transferring money to the attacker. The user
follows instructions they think come from the bank but are actually from the attacker.
DNS spoofing—a Domain Name Server (DNS) is spoofed, directing a user to a malicious website posing as
a legitimate site. The attacker may divert traffic from the legitimate site or steal the user’s credentials.
IP spoofing—an internet protocol (IP) address connects users to a specific website. An attacker can spoof
an IP address to pose as a website and deceive users into thinking they are interacting with that website.
HTTPS spoofing—HTTPS is generally considered the more secure version of HTTP, but can also be used to
trick the browser into thinking that a malicious website is safe. The attacker uses “HTTPS” in the URL to
conceal the malicious nature of the website.
Denial-of-Service Attack
A Denial-of-Service (DoS) attack overloads the target system with a large volume of traffic, hindering the ability of the
system to function normally. An attack involving multiple devices is known as a distributed denial-of-service (DDoS)
attack.
DoS attack techniques include:
HTTP flood DDoS—the attacker uses HTTP requests that appear legitimate to overwhelm an application or web
server. This technique does not require high bandwidth or malformed packets, and typically tries to force a target
system to allocate as many resources as possible for each request.
SYN flood DDoS—initiating a Transmission Control Protocol (TCP) connection sequence involves sending a SYN
request that the host must respond to with a SYN-ACK that acknowledges the request, and then the requester
must respond with an ACK. Attackers can exploit this sequence, tying up server resources, by sending SYN
requests but not responding to the SYN-ACKs from the host.
UDP flood DDoS—a remote host is flooded with User Datagram Protocol (UDP) packets sent to random ports. This
technique forces the host to search for applications on the affected ports and respond with “Destination
Unreachable” packets, which uses up the host resources.
ICMP flood—a barrage of ICMP Echo Request packets overwhelms the target, consuming both inbound and outgoing
bandwidth. The servers may try to respond to each request with an ICMP Echo Reply packet, but cannot keep up
with the rate of requests, so the system slows down.
NTP amplification—Network Time Protocol (NTP) servers are accessible to the public and can be exploited by an
attacker to send large volumes of UDP traffic to a targeted server. This is considered an amplification attack due
to the query-to-response ratio of 1:20 to 1:200, which allows an attacker to exploit open NTP servers to execute
Injection Attacks
Injection attacks exploit a variety of vulnerabilities to directly insert malicious input into the code of a web
application. Successful attacks may expose sensitive information, execute a DoS attack or compromise the
entire system.
main vectors for injection attacks:
SQL injection—an attacker enters an SQL query into an end user input channel, such as a web form or
comment field. A vulnerable application will send the attacker’s data to the database, and will
execute any SQL commands that have been injected into the query. Most web applications use
databases based on Structured Query Language (SQL), making them vulnerable to SQL injection. A
new variant on this attack is NoSQL attacks, targeted against databases that do not use a relational
data structure.
Code injection—an attacker can inject code into an application if it is vulnerable. The web server
executes the malicious code as if it were part of the application.
OS command injection—an attacker can exploit a command injection vulnerability to input commands
for the operating system to execute. This allows the attack to exfiltrate OS data or take over the
system.
LDAP injection—an attacker inputs characters to alter Lightweight Directory Access Protocol (LDAP)
queries. A system is vulnerable if it uses unsanitized LDAP queries. These attacks are very severe
because LDAP servers may store user accounts and credentials for an entire organization.
XML eXternal Entities (XXE) Injection—an attack is carried out using specially-
constructed XML documents. This differs from other attack vectors because it exploits
inherent vulnerabilities in legacy XML parsers rather than unvalidated user inputs. XML
documents can be used to traverse paths, execute code remotely and execute server-
side request forgery (SSRF).
Cross-Site Scripting (XSS)—an attacker inputs a string of text containing malicious
JavaScript. The target’s browser executes the code, enabling the attacker to redirect
users to a malicious website or steal session cookies to hijack a user’s session. An
application is vulnerable to XSS if it doesn’t sanitize user inputs to remove JavaScript
code.
Computer Criminals
● Computer criminals in the context of cybersecurity are individuals or groups who engage in malicious activities
related to computer systems, networks, or data.
● These criminals exploit vulnerabilities in digital infrastructure for various illegal and unethical purposes, ranging
from financial gain to espionage or cyberterrorism.
● Understanding the different types of computer criminals, their methods, and the impact of their actions is critical to
building robust cybersecurity defenses.
Types of Computer Criminals
1. Hackers
2. Cybercriminals
3. State-Sponsored Hackers (Cyber Espionage)
4. Cyberterrorists
5. Insider Threats
6. Script Kiddies
Hackers
● Description: Hackers are individuals who use their technical skills to gain unauthorized access to
computer systems or networks. They may do so to steal data, alter systems, or simply demonstrate
their capabilities.
● Types of Hackers:
○ Black Hat Hackers: These are malicious hackers who break into systems for personal gain
or to cause damage. They are often involved in activities such as data theft, spreading
malware, or launching attacks like ransomware.
○ White Hat Hackers: Ethical hackers who identify security vulnerabilities and help
organizations strengthen their systems. They are often employed by companies to perform
penetration testing.
○ Gray Hat Hackers: Individuals who may cross legal boundaries without malicious intent.
They might find and disclose vulnerabilities to the public or organizations without
authorization.
Cybercriminals
● Description: Cybercriminals engage in illegal activities using the Internet and digital tools. These
activities include online fraud, identity theft, and financial crimes.
● Methods:
○ Phishing: Cybercriminals deceive individuals into providing sensitive information such as
usernames, passwords, or credit card details by impersonating legitimate entities through
fake emails or websites.
○ Ransomware Attacks: These criminals encrypt a victim’s files or data and demand payment
in exchange for restoring access. Ransomware attacks can target individuals, businesses, or
even critical infrastructure.
○ Financial Fraud: Using digital platforms to commit fraud, including credit card theft, bank
account hacking, or fraudulent transactions.
State-Sponsored Hackers (Cyber Espionage)
● Description: State-sponsored hackers are individuals or groups employed or supported by a
government to engage in cyber espionage or cyber warfare. These criminals target other governments,
corporations, or individuals to steal sensitive data, disrupt operations, or conduct sabotage.
● Examples: Espionage campaigns might focus on intellectual property theft, political interference, or
disrupting critical infrastructure in rival states.
● Methods: They use sophisticated techniques, including advanced persistent threats (APT), to infiltrate
networks and remain undetected for long periods.
Cyberterrorists
● Description: Cyberterrorists are individuals or groups that use the Internet and computer systems to
promote political, religious, or ideological agendas by inflicting harm or fear.
● Methods:
○ Denial-of-Service (DoS) Attacks: Flooding systems with traffic to make websites or services
unavailable.
○ Targeting Critical Infrastructure: Attacking infrastructure such as power grids, transportation
systems, or communication networks to create disruption, economic losses, or loss of life.
● Goal: Their primary objective is often to create fear, cause societal disruption, or damage a state's economy
or international reputation.
Insider Threats
● Description: Insider threats refer to individuals within an organization who use their authorized
access to systems, networks, or data for malicious purposes, either intentionally or unintentionally.
● Types:
○ Disgruntled Employees: Employees who, motivated by personal grievances, misuse their
access to cause harm, steal sensitive data, or sabotage systems.
○ Negligent Employees: Employees who unintentionally cause security breaches through
carelessness, such as falling for phishing attacks or using weak passwords.
● Methods: Insider threats often exploit privileged access and may bypass external security
measures due to their familiarity with internal systems.
Script Kiddies
● Description: Script kiddies are individuals, typically less skilled than
professional hackers, who use pre-existing tools or scripts to carry out
cyberattacks. These tools are often readily available on the Internet.
● Motivation: Their activities may be motivated by a desire for notoriety, personal
amusement, or causing disruption, rather than financial gain.
● Methods: They typically use automated tools to perform attacks like Distributed
Denial of Service (DDoS) attacks or website defacements.
CIA Triad
When should you use the CIA triad?
● You should use the CIA triad in the majority of security situations, particularly because
each component is critical. However, it is particularly helpful when developing
systems around data classification and managing permissions and access
privileges.
● It should also stringently employ the CIA triad when addressing the cyber vulnerabilities
of your organization.
● It can be a powerful tool in disrupting the Cyber Kill Chain, which refers to the
process of targeting and executing a cyberattack.
● In addition, the CIA triad can be used when training employees regarding cybersecurity.
● You can use hypothetical scenarios or real-life case studies to help employees think in
terms of the maintenance of confidentiality, integrity, and availability of information and
systems.
Asset and Thread
What’s an asset?
● An asset is any data, device or other component of an organisation’s systems that is
valuable – often because it contains sensitive data or can be used to access such
information.
● For example, an employee’s desktop computer, laptop or company phone would
be considered an asset, as would applications on those devices. Likewise, critical
infrastructure, such as servers and support systems, are assets.
● An organisation’s most common assets are information assets. These are things such
as databases and physical files – i.e. the sensitive data that you store.
What’s a threat?
● A threat is any incident that could negatively affect an asset – for example, if
it’s lost, knocked offline or accessed by an unauthorised party.
● Threats can be categorised as circumstances that compromise the confidentiality,
integrity or availability of an asset, and can either be intentional or accidental.
● Intentional threats include things such as criminal hacking or a malicious insider
stealing information, whereas accidental threats generally involve employee error,
a technical malfunction or an event that causes physical damage, such as a fire or
natural disaster.
Motive of attackers
1. Financial Gain
● The primary motivation of a hacker is money, and getting it can be done with a variety
of methods.
● They could directly gain entry to a bank or investment account; steal a
password to your financial sites and then transfer the assets over to one of
their own; swindle an employee into completing a money transfer through a
complicated spear phishing technique, or conduct a ransomware attack on
your entire organization.
● The possibilities are endless, but most hackers are out to make a profit.
2. Recognition & Achievement
● Some hackers are motivated by the sense of achievement that comes
with cracking open a major system. Some may work in groups or
independently, but, on some scale, they would like to be recognized.
● This also ties into the fact that cyber criminals are competitive by nature, and
they love the challenge their actions bring. In fact, they often drive one another
to complete more complicated hacks.
3. Insider Threats
● Individuals who have access to critical information or systems can easily
choose to misuse that access—to the detriment of their organization.
● These threats can come from internal employees, vendors, a
contractor or a partner—and are viewed as some of the greatest
cyber security threats to organizations.
● However, not all insider threats are intentional, according to an
Insider Threat Report from Crowd Research Partners. Most (51%) are due to
carelessness, negligence, or compromised credentials, but the potential
impact is still present even in an unintentional scenario.
4. Political Motivation – “Hacktivism”
● Some cyber criminal groups use their hacking skills to go after large organizations.
● They are usually motivated by a cause of some sort, such as highlighting
human rights or alerting a large corporation to their system vulnerabilities.
Or, they may go up against groups whose ideologies do not align with their
own.
● These groups can steal information and argue that they are practicing free speech, but
more often than not, these groups will employ a DDoS (Distributed Denial of Service)
attack to overload a website with too much traffic and cause it to crash.
5. State Actors
● State-sponsored actors receive funding and assistance from a nation-state. They
are specifically engaged in cyber crime to further their nation’s own interests. Typically,
they steal information, including “intellectual property, personally identifying information,
and money to fund or further espionage and exploitation causes.”
● However, some state-sponsored actors do conduct damaging cyberattacks and claim that
their cyberespionage actions are legitimate activity on behalf of the state.
6. Corporate Espionage
● This is a form of cyber attack used to gain an advantage over a competing
organization.
● Conducted for commercial or financial purposes, corporate espionage involves:
● Acquiring property like processes or techniques, locations, customer data,
pricing, sales, research, bids, or strategies
● Theft of trade secrets, bribery, blackmail, or surveillance.
Active attacks
● There are basically two forms of threats: active and passive attacks. An
active attack is an attack in which attackers directly harm your
computer systems. They can create several problems, such as crashing
files, stealing data, etc.
● On the other hand, a Passive attack refers to an attack in which the
attackers quietly watch and collect the information without your
knowledge.
● They do not modify or destroy the data but collect the data secretly.
Therefore, having adequate knowledge about these threats will enable us
to protect our personal information and computers safely.
● Sometimes, there is an integration of both types of attacks. In
addition, technology is not the only means for attackers, some get your
private information using tricky methods, such as manipulating someone
to give them your password.
Active Attacks
● Active attacks are unauthorized actions that alter the system or data.
● In an active attack, the attacker will directly interfere with the target to
damage or gain unauthorized access to computer systems and networks.
This is done by injecting hostile code into communications, masquerading
as another user, or altering data to get unauthorized access.
Types of active attacks are as follows:
1. Masquerade Attack
2. Modification of Messages
3. Repudiation
4. Replay Attack
5. Denial of Service (DoS) Attack
1. Masquerade Attack
Masquerade attacks are considered one type of cyber attack in which the attacker
disguises himself to pose as some other person and accesses systems or data.
It could either be impersonating a legal user or system and demanding other users or systems to
provide information with sensitive content or access areas that are not supposed to be accessed
normally.
There are several types of masquerading attacks, including:
● Username and Password Masquerade: In this masquerade attack, a person uses
either stolen or even forged credentials to authenticate themselves as a valid
user while gaining access to the system or application.
● IP address masquerade: This is an attack where the IP address of a malicious user is
spoofed or forged such that the source from which the system or the application
is accessed appears to be trusted.
● Website masquerade: A hacker creates a fake website that resembles as a
legitimate one in order to gain user information or even download malware.
● Email masquerade: This is an e-mail masquerade attack through which an
attacker sends an apparently trusted source email so that the recipient can
mistakely share sensitive information or download malware.
2. Modification of Messages
This is when someone changes parts of a message without permission, or mixes up
the order of messages, to cause trouble.
Imagine someone secretly changing a letter you sent, making it say something different. This
kind of attack breaks the trust in the information being sent. For example, a message meaning
“Allow JOHN to read confidential file X” is modified as “Allow Smith to read confidential file X”.
3. Repudiation
Repudiation attacks are a type of cyber attack wherein some person does something damaging online,
such as a financial transaction or sends a message one does not want to send, then denies
having done it. Such attacks can seriously hinder the ability to trace down the origin of the attack or
to identify who is responsible for a given action, making it tricky to hold responsible the right person.
There are several types of repudiation attacks, including:
● Message repudiation attacks: In this attack, a message has been sent by an attacker,
but the attacker later denies the sending of the message. This can be achieved either
through spoofed or modified headers or even by exploiting vulnerabilities in the messaging
system.
● Transaction repudiation attacks: Here, in this type of attack, a transaction-for example,
monetary transaction-is made, and at after some time when the evidence regarding
the same is being asked to be give then the attacker denies ever performing that
particular transaction. This can be executed either by taking advantage of the vulnerability
in the transaction processing system or by the use of stolen and forged credentials.
● Data repudiation attacks: In a data repudiation attack, data is changed or deleted. Then
an attacker will later pretend he has never done this. This can be done by exploiting
4. Replay
It is a passive capturing of a message with an objective to transmit it for the production of an
authorized effect. Thus, in this type of attack, the main objective of an attacker is saving a
copy of the data that was originally present on that particular network and later on
uses it for personal uses. Once the data gets corrupted or leaked it becomes an insecure and
unsafe tool for its users.
5. Denial of Service (DoS) Attack
Denial of Service (DoS) is a form of cybersecurity attack that involves denying the intended
users of the system or network access by flooding traffic or requests. In this DoS attack, the
attacker floods a target system or network with traffic or requests in order to
consume the available resources such as bandwidth, CPU cycles, or memory and
prevent legitimate users from accessing them.
There are several types of DoS attacks, including:
● Flood attacks: Here, an attacker sends such a large number of packets or requests to a
system or network that it cannot handle them all and the system gets crashed.
● Amplification attacks: In this category, the attacker increases the power of an
attack by utilizing another system or network to increase traffic then directs it
all into the target to boost the strength of the attack.
To Prevent DoS attacks, organizations can implement several measures, such as:
1. Using firewalls and intrusion detection systems to monitor network traffic and block
suspicious activity.
2. Limiting the number of requests or connections that can be made to a system or network.
Passive attacks
● A Passive attack attempts to learn or make use of information from the system
but does not affect system resources.
● Passive Attacks are in the nature of eavesdropping on or monitoring
transmission. The goal of the opponent is to obtain information that is being
transmitted.
● Passive attacks involve an attacker passively monitoring or collecting data
without altering or destroying it. Examples of passive attacks include
eavesdropping, where an attacker listens in on network traffic to collect
sensitive information, and sniffing, where an attacker captures and analyzes
data packets to steal sensitive information.
Types of Passive attacks are as follows:
1. The Release of Message Content
2. Traffic Analysis
1. The Release of Message Content
Telephonic conversation, an electronic mail message, or a transferred file may
contain sensitive or confidential information. We would like to prevent an opponent from
learning the contents of these transmissions.
2. Traffic Analysis
Suppose that we had a way of masking (encryption) information, so that the attacker even
if captured the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host
and could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that
was taking place.
The most useful protection against traffic analysis is encryption of SIP (session Initiation
Protocol)traffic. To do this, an attacker would have to access the SIP proxy (or its call log) to
determine who made the call.
Software Attacks
Free Wi-Fi
Ransomware
Bluejacking
Bluejacking uses a feature originally intended to exchange contact information to send anonymous, unwanted messages to
other users with Bluetooth-enabled mobile phones or laptops. In some cases, this is used to send obscene or threatening
messages or images. It could be used to spread malware, as well.
Bluesnarfing
Bluesnarfing is the actual theft of data from Bluetooth enabled devices (especially phones). Like bluejacking, it depends on
a connection to a Bluetooth phone being available. A Bluetooth user running the right software from a laptop can discover a
nearby phone and steal the contact list, phonebook and images etc. Furthermore, your phone’s serial number can be
downloaded and used to turn off the phone. Again, the only current defense is to turn your Bluetooth off by setting it to
“undiscoverable.”
Phishing and Smishing Scams
Email viruses (phishing) and SMS viruses (smishing)
Macro viruses
This type of virus, also known as a document virus, takes advantage of macros (commands embedded in word
processing and spreadsheet software that run automatically) to infect your computer. A macro virus can copy itself
and spread from one file to another. If you open a file that contains a macro virus, it copies itself into the
application’s start up files and infects the computer. The next file you open using the same program, and every file
thereafter, will become infected; the infection can therefore spread rapidly across a network.
Boot sector viruses
Boot-sector viruses (the oldest type of viruses) are mostly spread through infected storage devices such as
USB drives. When your computer is turned on, the hardware seeks out the boot-sector program, the program
the computer runs when it starts up. This is generally located on the hard drive but can also be on a storage
device such as a USB drive.
Adware
Spyware
Hardware Attacks
Hardware attacks in cybersecurity refer to attempts to exploit weaknesses in the physical components of
computer systems and devices. These attacks target the hardware itself, often aiming to extract sensitive
information, tamper with systems, or bypass security measures. Unlike software attacks, which exploit
vulnerabilities in the operating system or applications, hardware attacks operate at a deeper, physical level.
Here are some common types of hardware attacks:
1. Side-Channel Attacks
● Definition: These attacks exploit the physical characteristics of hardware, such as timing, power
consumption, or electromagnetic emissions, to gather sensitive data.
● Example:
○ Timing Attacks: An attacker can measure how long it takes a system to process certain operations
(like encryption) to infer secrets such as cryptographic keys.
○ Power Analysis Attacks (Differential Power Analysis, DPA): By measuring the power
consumption of a device during encryption or other operations, attackers can extract cryptographic
keys or other sensitive data.
2. Fault Injection Attacks
● Definition: These attacks introduce faults into a system’s hardware (via voltage spikes,
temperature changes, or clock manipulation) to induce errors and cause unintended behavior,
such as bypassing security protections or exposing sensitive data.
● Example:
○ Electromagnetic Fault Injection (EMFI): An attacker uses electromagnetic fields to
disturb the normal operation of a device and extract information or cause it to malfunction.
3. Direct Physical Attacks
● Definition: This involves physically manipulating the hardware of a device to extract sensitive
data or bypass security measures.
● Example:
○ Chip-off Attacks: The attacker physically removes a memory chip (e.g., NAND flash or
EEPROM) from a device, reads the data directly, and extracts valuable information like
passwords or encryption keys.
○ Microprobing: The attacker uses microprobes to tap into the electrical signals on a chip’s
surface to access data during processing.
4. Firmware Attacks
● Definition: Attackers may target the firmware of a device, which controls the hardware and enables the execution of
software. Malicious firmware can be used to bypass security features, compromise the system, or gain persistent access.
● Example:
○ Bootkit Attacks: Malicious code inserted into the boot process (the BIOS or UEFI) can compromise the system
before the operating system is even loaded, providing root-level access.
5. Physical Access Attacks
● Definition: These attacks rely on an attacker having physical access to a device or system, enabling them to directly
manipulate or compromise hardware.
● Example:
○ USB Rubber Ducky: A USB device that looks like a regular flash drive but functions as a keyboard, allowing an
attacker to inject malicious commands directly into a system when plugged in.
○ BadUSB: Exploiting vulnerabilities in USB devices by reprogramming them to impersonate a different device, such as
a keyboard or mouse, to execute malicious actions.
6. Man-in-the-Middle (MITM) Attacks on Hardware
● Definition: These attacks involve intercepting or manipulating the communication between hardware components, such as
between a device and its peripherals, in order to spy on or alter data.
● Example:
○ Thunderbolt Attacks: The Thunderbolt interface allows high-speed data transfer, but it can also be used to inject
malicious code into a device or extract data from it without proper authorization.
7. Physical Layer Attacks (PHY Attacks)
● Definition: These attacks exploit vulnerabilities in the hardware’s communication protocols at the physical
layer (PHY) of the network stack.
● Example:
○ Radio Frequency (RF) Attacks: By exploiting flaws in wireless communication systems, such as Wi-
Fi or Bluetooth, attackers can interfere with signals, gain unauthorized access, or eavesdrop on
communication.
8. Supply Chain Attacks
● Definition: These attacks involve compromising the manufacturing or distribution process of hardware
devices to insert malicious components or code before the device reaches its intended user.
● Example:
○ Trojaned Hardware: Attackers may implant malicious chips into devices during manufacturing, which
are then activated when the device is deployed, enabling remote control or data theft.
○ Firmware Tampering in Supply Chain: Attackers may infiltrate the firmware updates during the
manufacturing phase, ensuring that the device is compromised once it's used in the field.
Mitigation Strategies:
● Physical Security Measures: Locking down devices and hardware to prevent
unauthorized access.
● Tamper-Resistant Hardware: Using hardware that is resistant to physical attacks,
such as secure elements or Trusted Platform Modules (TPM).
● Encryption: Encrypting sensitive data both at rest and in transit, making it harder to
extract even if a device is compromised.
● Secure Boot: Ensuring that only trusted, verified firmware and software are allowed to
load during the system startup process.
● Monitoring and Detection: Implementing systems that can detect unusual patterns in
power consumption, electromagnetic emissions, or device behavior that might indicate
an ongoing attack.
Spectrum of Attacks
The spectrum of attacks in cybersecurity covers a wide range of tactics, techniques, and procedures (TTPs) used by malicious actors to
breach systems, steal information, or cause disruption. These attacks can target various components of an organization, including software,
hardware, network infrastructure, and even human behavior. Cybersecurity professionals often categorize these attacks based on their
method, impact, or phase of execution. Here’s a breakdown of the spectrum of common cybersecurity attacks:
1. Network-Based Attacks
These attacks exploit vulnerabilities in network infrastructure to gain unauthorized access, intercept data, or disrupt services.
● Man-in-the-Middle (MITM) Attacks: An attacker intercepts and possibly alters communications between two parties (e.g., between a
user and a website).
● Denial of Service (DoS) / Distributed Denial of Service (DDoS): Attackers flood a network or server with excessive traffic, causing it
to become unresponsive and making services unavailable to legitimate users.
● Packet Sniffing/Packet Injection: Intercepting and analyzing network traffic to extract sensitive data or inject malicious packets into
the network.
2. Application-Based Attacks
These attacks target weaknesses or vulnerabilities in software applications to compromise functionality, extract data, or gain unauthorized
access.
● SQL Injection (SQLi): Malicious SQL code is injected into a database query to manipulate or gain unauthorized access to the
database.
● Cross-Site Scripting (XSS): Attackers inject malicious scripts into web pages, which are then executed by the users' browsers,
potentially stealing data or spreading malware.
● Cross-Site Request Forgery (CSRF): Attackers trick users into performing actions they didn't intend, often on web applications
where the user is authenticated.
● Command Injection: Exploiting vulnerabilities in a web application to execute arbitrary commands on a server.
3. Social Engineering Attacks
These attacks target the human aspect of security, manipulating individuals into revealing confidential information or performing actions that
compromise security.
● Phishing: Attackers send fraudulent emails or messages, often disguised as legitimate entities, to trick individuals into revealing sensitive
information (passwords, bank account details, etc.).
● Spear Phishing: A more targeted form of phishing, where the attacker customizes the attack based on the victim's personal or
organizational information.
● Vishing (Voice Phishing): Attackers use phone calls to impersonate trusted entities (e.g., banks or government officials) to gain sensitive
information.
● Baiting: Offering something enticing (such as free software) to lure users into downloading malicious files or exposing personal data.
4. Malware-Based Attacks
Malicious software, or malware, is used to compromise systems, steal data, or cause harm to infrastructure.
● Viruses: Malicious code that attaches itself to legitimate files and spreads when the file is executed.
● Worms: Self-replicating malware that spreads across networks without requiring user interaction.
● Trojans: Malware disguised as legitimate software that, when executed, gives attackers remote access to the infected system.
● Ransomware: Malware that encrypts a user's data and demands payment (usually cryptocurrency) for the decryption key.
● Spyware: Software that secretly monitors a user’s activities, often for the purpose of stealing sensitive information.
● Adware: Software that displays unwanted advertisements and can collect browsing data.
5. Privilege Escalation Attacks
These attacks aim to gain higher levels of access within a system, often through exploiting vulnerabilities or misconfigurations.
● Vertical Privilege Escalation: An attacker gains higher-level access (e.g., from user to admin) to perform unauthorized actions.
● Horizontal Privilege Escalation: The attacker gains access to another user's account or data without changing their own privileges.
● Exploitation of Zero-Day Vulnerabilities: Attackers exploit software or hardware vulnerabilities that are unknown to the vendor or the
public, before patches are released.
6. Insider Threats
These attacks come from individuals within the organization, such as employees, contractors, or other trusted parties.
● Malicious Insider: An employee or trusted party intentionally causes harm, such as stealing data, sabotaging systems, or assisting
external attackers.
● Unintentional Insider Threats: Employees or contractors inadvertently compromise security, such as clicking on a phishing email
or misconfiguring a system.
7. Supply Chain Attacks
These attacks target the supply chain, compromising software, hardware, or services before they reach the end user.
● Hardware Backdoors: Malicious components are inserted into hardware during the manufacturing or distribution process, which
can then be activated later.
● Software Supply Chain Attacks: Malicious code is inserted into software packages during development, distribution, or updating
processes, as seen with the SolarWinds hack.
● Third-Party Compromise: Attackers target third-party vendors or contractors that have access to an organization's network or
systems.
8. Cryptographic Attacks
Cryptographic attacks focus on breaking or circumventing encryption schemes used to protect sensitive data.
● Brute Force Attacks: Attackers attempt every possible combination of keys or passwords until they find the correct one.
● Cryptanalysis: Techniques that exploit weaknesses in cryptographic algorithms to decrypt data or break cryptographic protection
(e.g., breaking AES encryption).
● Replay Attacks: Capturing a transmission and resending it to trick a system into performing actions, such as making payments or
granting access.
9. Physical Security Attacks
These attacks target the physical infrastructure of an organization, such as devices or network equipment, to gain
unauthorized access.
● Device Theft: Stealing hardware devices like laptops or mobile phones to access sensitive data or systems.
● USB-based Attacks: Using USB devices, like the USB Rubber Ducky, to inject malicious code into a
computer when plugged in.
● Keylogger Devices: Attaching hardware keyloggers to computers to capture keystrokes and steal login
credentials or other sensitive information.
10. Advanced Persistent Threats (APT)
These are long-term, sophisticated attacks that typically involve advanced tools and tactics. They are often state-
sponsored or highly organized and aim to infiltrate and remain undetected within a network for extended periods.
● APT Groups: These attackers use complex attack methods to infiltrate critical infrastructure or corporate
systems, often for espionage, theft of intellectual property, or sabotage.
● Targeted Attacks: These attacks focus on specific individuals, organizations, or industries, often through
carefully crafted phishing emails or exploiting specific vulnerabilities.
11. IoT (Internet of Things) Attacks
As IoT devices become more ubiquitous, they are increasingly targeted by attackers.
● Botnets (e.g., Mirai): IoT devices with weak security are hijacked and turned into a network of bots to
launch DDoS attacks or perform other malicious activities.
● Firmware Vulnerabilities: Exploiting weaknesses in the firmware of IoT devices to gain access, manipulate
behavior, or exfiltrate data.
● Lack of Authentication: Many IoT devices have poor or no authentication mechanisms, making them an
easy target for attackers.
12. Cloud Security Attacks
Cloud-based infrastructure is also a frequent target for attackers due to the massive amount of data stored in
cloud environments.
● Data Breaches: Exploiting vulnerabilities in cloud services to access sensitive data.
● Misconfiguration: Incorrectly configured cloud settings can expose services or data to unauthorized users.
● Cross-Tenant Attacks: Exploiting vulnerabilities in multi-tenant cloud systems to access data or resources
of other tenants.
IP Spoofing
IP Spoofing is a type of cyberattack in which an attacker alters the source IP address in the header of an IP packet to
make it appear as though it is coming from a trusted or legitimate source. The goal of IP spoofing is typically to deceive
the recipient of the packet into believing the message is from a trusted source, allowing the attacker to gain unauthorized
access or cause other forms of disruption.
Key Characteristics of IP Spoofing:
● Fabrication of Source Address: The attacker changes the source address of an IP packet to make it appear as
though it is from another trusted source, even though it is not.
● Can be Used in Various Attacks: IP spoofing is not an attack on its own but can be a component of more complex
attacks, such as DoS (Denial of Service) or DDoS (Distributed Denial of Service), man-in-the-middle attacks, or session
hijacking.
● No Response from the Attacker: Since the attacker uses a fake source IP address, any response from the targeted
system is sent to the spoofed address, not the attacker’s actual address, making it difficult for the victim to trace the
attack.
How IP Spoofing Works:
1. Packet Creation: The attacker creates a packet with a forged source IP address, making it look like it is from a
legitimate or trusted device.
2. Transmission: The attacker sends the forged packet to the target system.
3. Target System Receives: The target system processes the packet as if it came from a legitimate source, possibly
accepting requests or triggering actions based on the forged IP.
4. Misleading Responses: The targeted system may send responses or accept requests that are actually intended for
someone else, potentially leading to unauthorized access, data exfiltration, or service disruption.
Types of Attacks Using IP Spoofing:
1. Denial of Service (DoS) / Distributed Denial of Service (DDoS) Attacks:
○ DDoS using IP Spoofing: In a DDoS attack, multiple systems (often part of a botnet) are
used to flood a target with traffic, and IP spoofing is used to hide the identity of the source
systems. This makes it harder to block the attackers and can overwhelm the target system.
○ Smurf Attack: A specific type of DDoS attack where the attacker sends ICMP (ping) requests
to a broadcast address, using a spoofed IP address of the victim as the source. This causes
all devices in the network to reply to the victim, overwhelming their system.
2. Man-in-the-Middle (MITM) Attacks:
○ In a MITM attack, IP spoofing can be used to intercept or alter communications between two
systems. The attacker pretends to be one of the communicating parties by spoofing their IP
address, allowing them to eavesdrop or manipulate the communication.
3. Session Hijacking:
○ The attacker uses IP spoofing to hijack a session between a client and a server. By
impersonating the legitimate client’s IP address, the attacker may gain unauthorized access
to the server, potentially stealing session cookies or other sensitive data.
4. Network Injection Attacks:
○ IP spoofing can also be used to inject malicious data or commands into a network, by making
the packets appear as if they are coming from trusted sources. This can be used to cause
malicious software to be installed or commands to be executed on a system.
Methods of Defense
The methods of defense in cybersecurity aim to prevent, detect, and respond to attacks while minimizing vulnerabilities and
enhancing overall security posture. Below are the primary methods of defense in cybersecurity: Prevention Methods are as
follows which focus on preventing cyber attacks before they occur.
A. Firewalls
Firewalls are one of the most fundamental tools in network security. They filter incoming and outgoing network traffic based on
predefined security rules.
● Network Firewalls: Control traffic between trusted internal networks and untrusted external networks.
● Host-based Firewalls: Protect individual devices, such as servers or personal computers, by controlling network traffic to and
from the system.
B. Intrusion Prevention Systems (IPS)
An IPS monitors network traffic for signs of malicious activity or policy violations. Unlike Intrusion Detection Systems (IDS), which
only detect attacks, IPS actively blocks or prevents malicious activities.
C. Antivirus and Anti-Malware Software
These programs detect, prevent, and remove malicious software (malware) such as viruses, worms, trojans, and spyware.
● Signature-based Detection: Identifies malware based on known patterns (signatures).
● Heuristic-based Detection: Detects unknown threats based on behavior analysis and anomaly detection.
● Least Privilege Principle: Ensures users have the minimum necessary access rights to perform their tasks, reducing the risk
of accidental or intentional misuse.
D. Strong Authentication and Access Control
Implementing robust authentication mechanisms ensures that only authorized users can access systems or data.
● Multi-Factor Authentication (MFA): Requiring multiple forms of verification (e.g., a password plus a one-time code sent via
SMS or email).
● Role-Based Access Control (RBAC): Assigns specific access rights based on the user's role within the organization to limit
unauthorized access.
E. Encryption
Encryption ensures that even if an attacker intercepts communication or data, they cannot read or alter it without the decryption
key.
● Data Encryption: Encrypting sensitive data both at rest (stored data) and in transit (data being transmitted over networks).
● End-to-End Encryption: Ensures data is encrypted from the sender to the receiver, making it difficult for attackers to
intercept or tamper with the data during transmission.
F. Patch Management
Keeping software and systems up-to-date with the latest security patches is critical in defending against vulnerabilities. Many
cyberattacks exploit unpatched software flaws, so regular patching of operating systems, applications, and firmware is essential.
G. Network Segmentation
Dividing a network into smaller, isolated segments helps contain attacks and limits lateral movement within the network. For
example, critical assets such as databases or servers can be isolated from less secure parts of the network.
H. Endpoint Security
2. Detection Methods
These methods focus on identifying potential attacks or security breaches in real time.
A. Intrusion Detection Systems (IDS)
IDS monitors network traffic and system activities for suspicious behavior and potential security breaches. Unlike an IPS, an
IDS simply alerts administrators about possible threats.
● Signature-based IDS: Looks for known patterns or signatures of attacks.
● Anomaly-based IDS: Identifies deviations from established behavior patterns (e.g., unusual login times or traffic spikes).
B. Security Information and Event Management (SIEM)
SIEM systems aggregate and analyze log data from various sources (e.g., firewalls, servers, applications) to detect patterns
that might indicate an attack or breach.
● Event Correlation: SIEM correlates different security events across the network to identify complex, multi-step attacks.
● Real-time Alerts: SIEM systems provide administrators with real-time alerts of potential security incidents, helping to
speed up detection and response times.
C. Behavioral Analytics
Behavioral analytics involves analyzing normal user and system behavior to detect deviations that may indicate an attack, such
as an employee accessing unusual files or an external IP making numerous login attempts.
● User and Entity Behavior Analytics (UEBA): Uses machine learning to identify suspicious activities by analyzing user
and entity behavior patterns.
3. Response and Recovery Methods
Once an attack is detected, having a clear response and recovery plan is crucial to minimize damage and restore systems.
A. Incident Response Plan
An Incident Response Plan (IRP) outlines the steps to take when a security incident occurs, ensuring that the response is swift and coordinated.
Key elements of an IRP include:
● Preparation: Establishing roles, responsibilities, and communication plans ahead of time.
● Detection and Analysis: Identifying and analyzing the nature of the incident.
● Containment, Eradication, and Recovery: Limiting the spread of the attack, removing the threat, and restoring services.
● Post-Incident Review: Learning from the incident to improve future security measures.
B. Disaster Recovery and Business Continuity
Disaster recovery involves strategies for recovering data and restoring services after a major incident, while business continuity focuses on keeping
the business operational during or after an attack.
● Data Backup: Regularly backing up critical data and storing it in secure, geographically distributed locations ensures recovery after a
breach or data loss.
● Redundancy and Failover Systems: Implementing redundant systems, such as load balancers or secondary servers, can ensure
continued service availability during an attack.
C. Forensics and Root Cause Analysis
After an incident, it is crucial to perform forensic analysis to understand how the attack happened and what vulnerabilities were exploited. This
helps in:
● Identifying attack vectors.
● Strengthening defenses.
● Preventing similar incidents in the future.
4. Education and Awareness
Cybersecurity defense isn't just about technology; it's also about people. Educating employees, users, and stakeholders is essential in
preventing and mitigating attacks.
● Security Awareness Training: Teaching users to recognize common threats like phishing emails, social engineering, and suspicious
websites.
● Regular Security Drills: Conducting mock phishing tests or simulated attacks to help users recognize threats and respond
appropriately.
● Promoting Cyber Hygiene: Encouraging practices like strong password management, avoiding risky behaviors (e.g., clicking on
suspicious links), and maintaining updated systems.
5. Advanced Defense Techniques
A. Artificial Intelligence and Machine Learning (AI/ML)
AI and machine learning can significantly enhance detection and defense by analyzing large volumes of data and
identifying threats faster than traditional methods. Machine learning algorithms can be used to:
● Detect anomalies in network traffic.
● Identify new attack patterns that do not match existing signatures.
● Automatically respond to threats by blocking or isolating malicious activity.
B. Zero Trust Architecture
The Zero Trust security model assumes that threats could exist both inside and outside the network, so no user or
device should be trusted by default, even if they are inside the network perimeter. This involves:
● Continuously verifying user identity and device health.
● Limiting access to resources based on the least-privilege principle.
C. Deception Technology
Deception technology involves setting up fake assets (e.g., decoy servers, databases) that appear legitimate to
attackers but are actually traps designed to lure attackers into exposing themselves. This helps organizations:
● Detect and analyze attacks early.
● Disrupt the attackers' progress.
Security Models
Security models in cybersecurity provide frameworks that guide the design and implementation of security policies, ensuring that systems, data, and
networks are protected in accordance with established principles. These models are typically built around the concepts of confidentiality, integrity, and
availability (often referred to as the CIA triad), and they offer structured ways to manage and enforce security controls within an organization or system.
Here are some of the most commonly used security models in cybersecurity:
1. Bell-LaPadula Model (BLP) – Confidentiality-Oriented Model
The Bell-LaPadula Model primarily focuses on confidentiality and is widely used in environments where data security is the highest priority, such as
military and governmental applications.
Key Principles:
● No Read Up (Simple Security Property): A subject (e.g., a user) with a lower security clearance cannot read data at a higher classification
level (e.g., they cannot access top-secret files).
● No Write Down (Star Property): A subject with higher clearance cannot write data to a lower classification level (e.g., they cannot write
classified information into an unclassified system).
This model prevents unauthorized access to sensitive information by enforcing clear rules on how users with different security clearances interact with
classified data.
Applications:
● Military systems
● Classified government data
● High-security corporate environments
2. Biba Model – Integrity-Oriented Model
The Biba Model is focused on maintaining the integrity of data, ensuring that data cannot be tampered with or modified inappropriately.
Key Principles:
● No Write Up (Simple Integrity Property): A subject cannot write data to a higher integrity level (e.g., a user with low integrity cannot modify high-integrity data).
● No Read Down (Star Integrity Property): A subject cannot read data from a lower integrity level (e.g., a high-integrity user cannot access low-integrity data, as it might be
corrupted).
The Biba model is used in environments where data integrity is more important than confidentiality, and it helps prevent unauthorized modifications and data corruption.
Applications:
● Systems where data accuracy and consistency are crucial (e.g., financial applications, healthcare systems)
● Industrial control systems
3. Clark-Wilson Model – Integrity and Well-Formed Transactions
The Clark-Wilson Model focuses on data integrity through a set of rules that enforce well-formed transactions and separation of duties.
Key Principles:
● Well-formed Transaction: Ensures that all transactions are performed in a way that preserves the integrity of the data. It ensures that only authorized users can perform
specific actions on the system.
● Separation of Duties: This principle ensures that the tasks involved in any sensitive operation are divided among different users to prevent any one user from having too
much control over a process.
The model enforces rules about how users and processes can manipulate data, ensuring the integrity of the system and its operations.
Applications:
● Financial systems (e.g., banking transactions)
● E-commerce platforms
● Healthcare and regulatory systems
4. Lattice-Based Model – Confidentiality and Access Control
The Lattice-Based Model is commonly used in systems with multilevel security (MLS), where users have different security classifications
(e.g., Top Secret, Secret, Unclassified). It combines both confidentiality and access control by defining a lattice structure for subjects and
objects.
Key Principles:
● Users and objects are assigned levels of security, and the lattice defines rules for how a user can access data based on their
classification.
● Access Control: The model allows the specification of access controls based on both the security levels of the subject (e.g., user)
and the object (e.g., file, document).
Applications:
● Government and military environments with multiple levels of security classification.
● Systems that require controlled access to sensitive information, such as defense networks.
5. Access Control Matrix Model
The Access Control Matrix provides a conceptual framework for access control, organizing permissions into a matrix of subjects (users) and
objects (files, resources). This model shows which users (subjects) can access which objects and the specific actions they are allowed to
perform.
Key Principles:
● Subjects: Users or processes attempting to access the system.
● Objects: Resources that subjects are trying to access (files, directories, databases, etc.).
● Access Rights: Permissions that subjects have on objects (read, write, execute, delete).
Applications:
● General-purpose security models for access control.
● Widely used in operating systems, databases, and file management systems.
6. ** Brewer-Nash Model (Chinese Wall Model)** – Confidentiality and Conflict of Interest
The Brewer-Nash Model, often called the Chinese Wall Model, is focused on preventing conflicts of interest in systems where users
may have access to sensitive data from competing organizations. It ensures that users can only access data related to one "wall"
(i.e., organization) at a time to avoid conflicts of interest.
Key Principles:
● Conflict of Interest: Users are only permitted to access data related to one particular organization or group (i.e., one “wall”).
Access to data from conflicting organizations is prevented.
● Dynamic Access Control: Access rights are dynamically adjusted based on the user’s previous actions to prevent conflicts.
Applications:
● Financial institutions (e.g., preventing an analyst from accessing sensitive information about competing firms).
● Consulting firms that handle sensitive client data.
7. Mandatory Access Control (MAC)
Mandatory Access Control (MAC) is a security model in which access to resources is determined by the system, not by the user. It
enforces strict access control policies based on security labels assigned to both users and objects (e.g., files or directories).
Key Principles:
● Security Labels: Users and data objects are classified based on labels such as clearance levels or classifications.
● No User Control: The system enforces access decisions, and users cannot modify access control settings or permissions.
Applications:
● Military and government systems (e.g., classified data access).
● Secure operating systems, such as SELinux.
8. Discretionary Access Control (DAC)
In Discretionary Access Control (DAC), the owner of a resource (e.g., a file) has the discretion to set access permissions for other users. The system
provides tools to specify who can access and modify resources.
Key Principles:
● Owner-Centric: The owner or creator of an object (file, directory) can decide who has access to it and what actions they can perform.
● Less Restrictive: DAC is generally more flexible and less restrictive compared to MAC.
Applications:
● Most general-purpose operating systems (e.g., Linux, Windows).
● Personal files and applications where access control is less stringent.
9. Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) is an access control model where permissions are assigned to roles rather than individuals. Users are assigned
roles, and the permissions associated with those roles dictate what actions the users can perform.
Key Principles:
● Roles: A user is assigned to one or more roles (e.g., administrator, manager, employee).
● Permissions: Roles have specific access rights to resources (e.g., read, write).
● Separation of Duties: Certain roles are restricted from performing conflicting actions.
Applications:
● Enterprise systems (e.g., HR systems, finance systems).
● Organizations that need structured and role-specific access management.
Risk Management
Risk management in cybersecurity refers to the process of identifying, assessing, and prioritizing risks to the confidentiality, integrity, and availability of an organization’s
information systems and data. It involves making decisions on how to mitigate or manage risks, including implementing security controls and strategies to reduce the
potential impact of security threats. The goal of cybersecurity risk management is to protect an organization's assets, minimize the likelihood of a security breach, and
ensure business continuity in the face of cyber threats.
Key Steps in Cybersecurity Risk Management:
1. Risk Identification
The first step in the risk management process is identifying potential risks that could affect an organization’s information systems, operations, and data. This includes:
● Threat Identification: Understanding potential sources of harm, such as hackers, insiders, malware, natural disasters, or hardware failures.
● Vulnerability Identification: Identifying weaknesses in the system that can be exploited by threats, such as outdated software, misconfigured systems, or lack
of proper encryption.
● Asset Identification: Determining what assets (e.g., sensitive data, intellectual property, systems, networks) need protection.
This phase involves comprehensive risk assessments, where different threats and vulnerabilities are examined, and the assets at risk are identified.
2. Risk Assessment (Risk Analysis)
Once the risks are identified, they need to be analyzed to understand their potential impact and likelihood. This helps to prioritize risks and allocate resources effectively.
● Risk Likelihood: Assessing how likely a particular threat is to exploit a specific vulnerability. This could be based on historical data, threat intelligence, or trends
observed in the threat landscape.
● Impact Assessment: Determining the potential consequences of a risk materializing, including financial loss, reputational damage, operational disruption, legal
liabilities, and customer trust.
● Risk Rating: Assigning a risk level based on the likelihood and impact (e.g., low, medium, high) to help prioritize actions. This can be done using qualitative or
quantitative methods, or a risk matrix.
3. Risk Evaluation
After assessing the risks, organizations need to evaluate which risks need to be addressed immediately and which can be tolerated. This decision is based on the risk appetite and
risk tolerance of the organization.
● Risk Appetite: The amount of risk the organization is willing to take in pursuit of its objectives.
● Risk Tolerance: The level of variation in performance the organization is willing to accept without jeopardizing its security or operations.
At this stage, the organization decides whether to accept, mitigate, transfer, or avoid each identified risk.
4. Risk Mitigation and Treatment
This step involves identifying appropriate strategies and controls to manage the identified risks. Based on the risk evaluation, organizations implement measures to reduce,
control, or eliminate risks. There are several common risk treatment options:
● Risk Avoidance: Modifying plans or processes to eliminate the risk entirely. For example, changing a business process to avoid using a risky technology or halting a
project that involves sensitive data.
● Risk Mitigation: Implementing security controls to reduce the likelihood and/or impact of the risk. This might include deploying firewalls, encrypting data, conducting
regular security training, patching vulnerabilities, and securing endpoints.
● Risk Transfer: Transferring the risk to another party, often through insurance or outsourcing. For example, an organization might purchase cyber insurance to transfer the
financial consequences of a data breach.
● Risk Acceptance: Deciding to accept the risk because the cost of mitigation outweighs the potential damage, or the risk is low and unlikely to occur. This can be
appropriate for minor risks where the impact would be minimal.
5. Implementation of Controls
Once the risk treatment strategies are selected, appropriate security controls need to be implemented to reduce or manage the identified risks. These controls are generally
categorized as:
● Technical Controls: Tools and systems designed to prevent or detect threats, such as firewalls, antivirus software, encryption, intrusion detection systems (IDS), and
multi-factor authentication (MFA).
● Administrative Controls: Policies, procedures, and guidelines that establish security standards and govern user behavior. For example, access control policies, incident
response plans, and regular security audits.
● Physical Controls: Security measures that protect physical access to systems, such as locked server rooms, access card systems, and surveillance cameras.
6. Monitoring and Reviewing
Risk management is an ongoing process, and after implementing controls, continuous monitoring and review are essential
to ensure their effectiveness.
● Continuous Monitoring: Regular monitoring of systems and networks to detect any anomalies, vulnerabilities, or
threats. This includes using Security Information and Event Management (SIEM) systems, intrusion detection
systems (IDS), and network monitoring tools.
● Periodic Risk Assessments: Conducting periodic risk assessments to reassess current risks, vulnerabilities, and
threats in light of changes in the environment, such as new business processes, technologies, or emerging threats.
● Audits and Penetration Testing: Conducting regular security audits and penetration tests to evaluate the
robustness of security measures and identify any overlooked risks.
7. Incident Response and Recovery
Despite the best efforts to manage risk, some security incidents may still occur. A well-defined incident response plan is
crucial for minimizing damage and ensuring business continuity.
● Incident Detection and Analysis: Detecting security incidents promptly, analyzing their impact, and identifying the
source of the attack.
● Containment and Mitigation: Taking immediate steps to contain the incident, prevent further damage, and begin
recovery.
● Recovery: Restoring affected systems and data to normal operations as quickly as possible. This may include
restoring data from backups or rebuilding compromised systems.
● Post-Incident Review: Analyzing the incident to learn from the experience and improve risk management
strategies and security controls.
Risk Management Frameworks
Several established frameworks help organizations implement effective risk management in cybersecurity. Some of the most widely
used frameworks include:
● NIST Risk Management Framework (RMF): Provides a structured approach to risk management, focusing on identifying,
assessing, responding to, and monitoring cybersecurity risks.
● ISO/IEC 27001: A widely recognized standard for managing information security risks. It provides guidelines for establishing,
implementing, operating, monitoring, and improving an information security management system (ISMS).
● COBIT (Control Objectives for Information and Related Technologies): A framework for IT governance and management
that includes risk management practices.
● ** FAIR (Factor Analysis of Information Risk)**: A quantitative risk management framework that allows organizations to assess
and measure risk in monetary terms.
Cyber Warfare
Cyber Warfare in cybersecurity refers to the use of digital attacks by one nation-state or organized group against
another to disrupt, damage, or destroy critical infrastructure, steal sensitive information, or destabilize a society.
Cyber warfare can involve a range of tactics, including cyberattacks, cyber espionage, and the manipulation of
digital assets for strategic, military, or political purposes. It represents a modern form of warfare that is typically
conducted in the digital domain, targeting government, military, and civilian infrastructure.
Key Aspects of Cyber Warfare:
1. Objectives of Cyber Warfare
Cyber warfare is often driven by national interests and geopolitical goals, with objectives ranging from espionage
to direct sabotage of infrastructure. Some common objectives of cyber warfare include:
● Espionage: Stealing sensitive information, such as government secrets, military plans, or corporate
intellectual property. Cyber espionage can be used to gain an advantage in political, economic, or military
domains.
● Disruption of Critical Infrastructure: Attacking key systems such as power grids, communication
networks, financial institutions, and transportation systems to destabilize the targeted country.
● Cyber Propaganda: Using digital means to manipulate public opinion, spread disinformation, or sow
discord within the population of a target nation.
● Sabotage: Damaging or destroying critical systems to incapacitate the enemy’s capabilities. For example,
malware that targets industrial control systems (ICS) could cause physical damage to critical infrastructure
like nuclear plants or manufacturing facilities.
2. Types of Cyber Attacks in Cyber Warfare
Cyber warfare often involves various sophisticated types of cyberattacks designed to achieve strategic goals. Some of the
most common types of cyber attacks in cyber warfare include:
● Distributed Denial of Service (DDoS): DDoS attacks involve overwhelming a target server, network, or website
with traffic to make it unavailable to users. In the context of cyber warfare, these attacks may target government or
military websites to disrupt operations and demoralize the public.
● Malware and Ransomware: Malicious software, including viruses, worms, and ransomware, can be deployed to
destroy, damage, or steal data. For example, the Stuxnet worm (a well-known cyber weapon) targeted Iran's
nuclear facilities, damaging centrifuges used for uranium enrichment. Ransomware could be used to lock critical
infrastructure until a ransom is paid, disrupting key services in the target country.
● Advanced Persistent Threats (APTs): APTs are highly sophisticated, long-term cyberattacks where attackers
remain undetected in a target system for an extended period. These types of attacks are often carried out by state-
sponsored actors aiming for espionage, data exfiltration, and ongoing surveillance. APTs can infiltrate military,
government, or energy infrastructure and collect intelligence over time.
● Supply Chain Attacks: In cyber warfare, attackers may infiltrate the supply chain of critical infrastructure providers
to gain access to targeted systems. These attacks involve compromising trusted vendors or contractors to insert
malware or exploit vulnerabilities. A notorious example is the SolarWinds attack, which involved compromising
software updates to infiltrate U.S. government networks.
● Data Breaches and Exfiltration: In cyber warfare, one of the most common strategies is stealing sensitive or
classified data. Data breaches are carried out through cyberattacks to steal intellectual property, government
secrets, or military intelligence. This information can then be used for economic advantage or to gain strategic
knowledge of the target country’s operations.
● Cyber Espionage: State-sponsored hackers often use cyber espionage to infiltrate government systems, military
networks, and corporations to extract confidential information. Cyber espionage can support geopolitical goals by
gathering intelligence and undermining the opponent's security posture.
3. State-Sponsored Actors in Cyber Warfare
Cyber warfare is typically conducted by nation-states or state-sponsored groups with significant resources,
expertise, and political motives. Some of the most prominent nation-states involved in cyber warfare activities
include:
● United States: The U.S. government has acknowledged the use of cyber warfare as part of its broader
defense strategy, with the establishment of U.S. Cyber Command (USCYBERCOM). The U.S. has been
both a target of and a perpetrator of cyberattacks in geopolitical contexts.
● Russia: Russia is widely regarded as a key player in cyber warfare, with numerous allegations of
involvement in cyberattacks aimed at destabilizing foreign governments and interfering in elections. Russian
cyber activities are often attributed to groups like APT28 (Fancy Bear) and APT29 (Cozy Bear).
● China: China has been linked to a variety of cyber espionage operations targeting both government and
corporate networks to steal intellectual property and sensitive information. Cyber warfare in China is often
aimed at supporting economic, technological, and geopolitical goals.
● Iran: Iran has been involved in cyberattacks against various targets, including critical infrastructure in the
Middle East and U.S. government networks. Iran's cyber capabilities have been used in retaliation against
political and military adversaries.
● North Korea: North Korea has been involved in high-profile cyberattacks, including the Sony Pictures
hack and the WannaCry ransomware attack. Cyber warfare in North Korea is often linked to state-
sponsored hacking groups like Lazarus Group, with financial theft and espionage being major motives.
4. Impact and Consequences of Cyber Warfare
The impact of cyber warfare can be profound and far-reaching. It can affect individuals, organizations,
and governments in the following ways:
● Economic Disruption: Cyberattacks targeting financial institutions, stock exchanges, and
businesses can cause widespread economic disruption, leading to financial losses, decreased
productivity, and investor uncertainty.
● Political Instability: Cyberattacks that disrupt government operations, elections, and critical
infrastructure can undermine political stability, erode public trust, and provoke social unrest. For
example, cyber interference in elections can influence the outcome of democratic processes.
● Physical Damage: Cyberattacks targeting industrial control systems (ICS) and critical
infrastructure, such as power grids or transportation networks, can result in physical damage,
service interruptions, and loss of life. The Stuxnet attack on Iran’s nuclear program is a well-known
example of how cyberattacks can have real-world consequences.
● National Security Threats: Cyber warfare can undermine national security by stealing sensitive
military information, crippling defense systems, or even disabling critical communications and
satellite systems.
Cyberterrorism
Cyberterrorism in the context of cybercrime refers to the use of digital technologies, particularly the internet, to
carry out terrorist activities with the intent to cause harm, disruption, or fear. Cyberterrorism aims to inflict damage
to national security, critical infrastructure, or civilian populations by exploiting vulnerabilities in digital systems,
thereby instilling terror, creating chaos, and destabilizing societies. Unlike conventional terrorism, which often
relies on physical attacks, cyberterrorism focuses on cyberattacks that can cause significant disruption without
necessarily causing physical harm.
Key Characteristics of Cyberterrorism:
1. Motivations:
○ Political or Ideological Goals: Cyberterrorists are often driven by political or ideological objectives.
Their goal is to further a specific agenda, such as opposing a government, ideology, or cultural group.
○ Instilling Fear and Panic: The ultimate goal of cyberterrorism is often to create widespread fear and
panic within society, which can have a psychological and socio-political impact.
○ Disrupting Critical Infrastructure: Cyberterrorists target critical infrastructure, such as power grids,
financial systems, transportation networks, and healthcare services, with the aim of causing
widespread disruptions or even economic and social chaos.
○ Cyber Espionage and Information Warfare: Cyberterrorists may steal or manipulate sensitive data
or conduct information warfare to weaken public confidence in government or institutions.
A comprehensive cybersecurity policy
A comprehensive cybersecurity policy is a critical document that
outlines the guidelines, procedures, and best practices for safeguarding
an organization's digital assets, including its networks, systems, data, 7. Access Control and Authentication
and personnel. It is designed to mitigate the risks associated with cyber
8. Network Security
threats and ensure the confidentiality, integrity, and availability of
information. The policy defines the roles and responsibilities of
9. Incident Response and Management
individuals within the organization and establishes a framework for
responding to security incidents.
10. Security Awareness and Training
Below is a structure for creating a comprehensive cybersecurity
policy: 11. Business Continuity and Disaster
Recovery
1. Introduction and Purpose
12. Compliance and Legal Requirements
2. Scope
13. Third-Party and Supply Chain Security
3. Governance and Leadership
14. Monitoring, Reporting, and Continuous
4. Information Security Objectives Improvement
5. Risk Management and Assessment 15. Enforcement and Consequences
6. Data Protection and Privacy
You might also like
- CYBER SECURITY HANDBOOK Part-1: Hacking the Hackers: Unraveling the World of CybersecurityFrom EverandCYBER SECURITY HANDBOOK Part-1: Hacking the Hackers: Unraveling the World of CybersecurityNo ratings yet
- Presentation 1.0{INTRODUCTION TO CYBERSECURITY}No ratings yetPresentation 1.0{INTRODUCTION TO CYBERSECURITY}32 pages
- Cyber Security - 240918 - 175413 - 240918 - 175433No ratings yetCyber Security - 240918 - 175413 - 240918 - 17543324 pages
- Cyber security and data privacy awarness training (1)No ratings yetCyber security and data privacy awarness training (1)14 pages
- The Cybersecurity Bible Protect What Matters Most the Definitive Guide to Fortifying Your Digital Shield With Advanced... (Walker, Shawn) (Z-Library)No ratings yetThe Cybersecurity Bible Protect What Matters Most the Definitive Guide to Fortifying Your Digital Shield With Advanced... (Walker, Shawn) (Z-Library)287 pages
- Cyber Security: (Prof. Ashok K. Bhateja, IIT Delhi)No ratings yetCyber Security: (Prof. Ashok K. Bhateja, IIT Delhi)10 pages
- Security in Cloud Computing MODULE 5 BtechNo ratings yetSecurity in Cloud Computing MODULE 5 Btech52 pages
- Computer Security_ a Comprehensive OverviewNo ratings yetComputer Security_ a Comprehensive Overview6 pages
- Ensuring Cybersecurity: Effective Strategies and RecommendationsNo ratings yetEnsuring Cybersecurity: Effective Strategies and Recommendations5 pages
- Topic 1 - Introduction To Computer SecurityNo ratings yetTopic 1 - Introduction To Computer Security38 pages
- I am sharing 'ABHISAYANDUTTA_SEC301CA1' with youNo ratings yetI am sharing 'ABHISAYANDUTTA_SEC301CA1' with you10 pages
- Adam and Rob: Elementary Podcast Transcript - Series 3 Episode 15No ratings yetAdam and Rob: Elementary Podcast Transcript - Series 3 Episode 154 pages
- DX4700-DX4800 Series H.264 Hybrid Video Recorders Specification SheetNo ratings yetDX4700-DX4800 Series H.264 Hybrid Video Recorders Specification Sheet4 pages
- CyberPunk 2020 - Unofficial - Edge Runner Issue 1No ratings yetCyberPunk 2020 - Unofficial - Edge Runner Issue 129 pages
- Digital Footprint: Pros, Cons, and Future: Volume IV, Issue X, October 2015No ratings yetDigital Footprint: Pros, Cons, and Future: Volume IV, Issue X, October 20155 pages
- Active Directory Right Management ServiceNo ratings yetActive Directory Right Management Service22 pages
- Google Dorking Techniques by Red TeamersNo ratings yetGoogle Dorking Techniques by Red Teamers7 pages
- 19-04 EIGRP - The Enhanced Interior Gateway Routing ProtocolNo ratings yet19-04 EIGRP - The Enhanced Interior Gateway Routing Protocol14 pages
- Airbnb Corporate Communication Strategy in Social Media PDFNo ratings yetAirbnb Corporate Communication Strategy in Social Media PDF10 pages
- Office 2013 PRO PLUS Offline Activation Chei RETAILNo ratings yetOffice 2013 PRO PLUS Offline Activation Chei RETAIL5 pages
- SignCommand Announces True Cloud-Based SoftwareNo ratings yetSignCommand Announces True Cloud-Based Software2 pages
