Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
106 views10 pages

Cybersecurity Essentials Guide

The document discusses cyber attacks and defense strategies. It describes common motives for attacks like theft of information, disruption of services, and illegal access. Various types of attacks are outlined such as phishing, malware, and denial of service attacks. The document then discusses vulnerabilities exploited by attackers and describes defense techniques including access control, encryption, testing, and incident response. Finally, it provides guiding principles for secure system design and definitions of common security terms.

Uploaded by

Ramesh Rams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
106 views10 pages

Cybersecurity Essentials Guide

The document discusses cyber attacks and defense strategies. It describes common motives for attacks like theft of information, disruption of services, and illegal access. Various types of attacks are outlined such as phishing, malware, and denial of service attacks. The document then discusses vulnerabilities exploited by attackers and describes defense techniques including access control, encryption, testing, and incident response. Finally, it provides guiding principles for secure system design and definitions of common security terms.

Uploaded by

Ramesh Rams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

ARAVINDA THEJAS CHANDRA 1

INTRODUCTION

• Cyber Attacks

• Defence strategies and techniques

• Guiding Principles

ARAVINDA THEJAS CHANDRA 2


CYBER ATTACKS
Motives
What are the main goals of an attacker?

• Theft of sensitive Information


(Ex: Military plans, Political espionage, identity theft)

• Disruption of service

• Illegal access to or use of resources

ARAVINDA THEJAS CHANDRA 3


COMMON ATTACKS
• Phishing and pharming attacks
• Skimming attacks
• Password Guessing attacks(ex: Dictionary attacks)
• Eaves dropping or snooping
• Denial of Service(DOS)

Attacks caused by various types of malware


• Worms
• Viruses
• Trojan
• Spyware

ARAVINDA THEJAS CHANDRA 4


NOTABLE CYBER ATTACKS

ARAVINDA THEJAS CHANDRA 5


VULNERABILITIES
Vulnerability is a weakness or lacuna in a procedure,protocol,
procedure,protocol, hardware or software
within an organization that has a potential to cause damage.
Behind every attack is a vulnerability of some type or the other.

Classes of vulnerability
• Human vulnerabilities
• Protocol vulnerabilistie
• Software vulnerabilities
-Buffer overflow
-Validation of user input not performed(cross-
performed(cross-site scripting)
- SQL Injection Vulnerability
• Configuration vulnerabilities

ARAVINDA THEJAS CHANDRA 6


COMMON ATTACKS AND VULNERABILITIES

ARAVINDA THEJAS CHANDRA 7


DEFENCE STRATEGIES AND TECHNIQUES
• Acess control-
control-Authentication and Authorization
• Data protection
- Data Confidentiality (achieved using Encryption)
- Data Integrity( achieved using cryptographic checksum)
• Prevention and Detection
Acess control and Encryption are preventive strategies
-Black box testing
-White box testing
-Intrusion Detection System.( Ex: snort is an open source Network based IDS)
• Response, Recovery and Forensics
shutting down system partly or fully, virus worms qurantined,
qurantined, cyber forensics

ARAVINDA THEJAS CHANDRA 8


GUIDING PRINCIPLES
1. Security is as much (or more) is a human problem than a technological problem
and must be addressed at different levels.
2. Security sould be factored in at inception, not as an afterthought.
3. Security by obscurity(or by complexity) is often bogus.
4. Always consider the “Default Deny” policy for adoption in acess control.
5. An entity should be given the least amount/level of permission/privileges to
accomplish a given task.(RBAC-
task.(RBAC- Role-
Role-Based Access control)
6. Use “Defense in depth” to enhance security of an architectural design.
7. Indentify vulnerabilities and respond appropriately.
Risk= Assets X Vulnerabilities X Threat
8. Carefully study tradeoffs involving security before making any.

ARAVINDA THEJAS CHANDRA 9


DEFINITIONS OF COMMONLY USED TERMS IN SECURITY

ARAVINDA THEJAS CHANDRA 10

You might also like