CIT855: ADVANCE CYBER SECURITY

Summary of Unit 1: Cyber Security Goals

Exam Points:
 CIA Triad: The cornerstone of cybersecurity, the CIA Triad refers to Confidentiality,
Integrity, and Availability of data. These three principles ensure information security
within an organization.
o Confidentiality: This principle safeguards information by preventing unauthorized
disclosure. It ensures that only authorized users can access and view sensitive data.
Encryption, access controls, and authentication mechanisms are employed to achieve
confidentiality.
o Integrity: This principle upholds the accuracy and completeness of data. It guarantees
that information hasn't been altered or tampered with in an unauthorized way. Backups,
checksums, and data correcting codes are tools that help maintain data integrity.
o Availability: This principle ensures that authorized users have timely and reliable
access to information whenever needed. Physical security measures and redundant
systems help guarantee availability in case of outages or disruptions.
 Tools for achieving CIA triad:
o Confidentiality:
 Encryption: Scrambles data using algorithms and keys, making it unreadable to
unauthorized users.
 Access Control: Defines rules and policies that restrict access to systems and data
based on user permissions.
 Authentication: Verifies the identity of a user attempting to access a system or
information.
 Authorization: Grants specific permissions to users based on their roles and access
control policies.
 Physical Security: Safeguards physical IT assets like servers and storage devices
from unauthorized access, theft, or damage.
o Integrity:
 Backups: Regularly creating copies of data allows for recovery in case of data loss or
corruption.
 Checksums: Numerical values used to verify the integrity of data by detecting any
unauthorized modifications.
 Data Correcting Codes: Techniques for storing data with the ability to automatically
identify and rectify minor errors.
o Availability:
 Physical Protections: Implementing security measures like restricted access areas
and environmental controls to safeguard IT infrastructure from physical threats.

1
 Computational Redundancies: Utilizing backup systems or components that can take
over if a primary system fails, ensuring continued data accessibility.
Summary of Unit 2: Cyber Security Principles
Exam Points:
 Main Principle of Cybersecurity: Shifting focus from solely preventing breaches to
proactively preventing successful cyberattacks. This approach emphasizes making it
more difficult for attackers to achieve their goals.
 Cyber Security Principles:
o Economy of Mechanism: Keeping security mechanisms as simple and streamlined as
possible reduces the potential for errors and simplifies implementation and testing.
o Fail-Safe Defaults: Systems should be configured with conservative security settings
by default. This minimizes the risk of vulnerabilities arising from human error or
misconfiguration.
o Least Privilege: Granting users only the minimum privileges necessary to perform their
tasks. This principle minimizes the potential damage if a user account is compromised.
o Open Design: Security shouldn't rely on keeping the design or implementation of
security mechanisms secret. Public knowledge of these mechanisms allows for wider
scrutiny and identification of potential weaknesses.
o Complete Mediation: Every access attempt to a resource should be checked against
established security policies to ensure authorization. This prevents unauthorized access
even if a user has gained access credentials through other means.
o Separation of Privilege: Critical tasks or actions may require multiple levels of
authorization or verification to be completed. This adds an extra layer of security and
reduces the risk of unauthorized modifications or actions.
o Least Common Mechanism: When multiple users require access to shared resources,
it's advisable to minimize the number of mechanisms used to control that access. This
simplifies management and reduces the attack surface.
o Psychological Acceptability: Security mechanisms should be designed to be user-
friendly and not hinder legitimate access to resources. Complex or cumbersome
security measures can lead to users bypassing them altogether.
o Work Factor: The effort required to circumvent a security measure should be
significantly greater than the potential value of the information or resources being
protected. This discourages attackers by making their attempts too time-consuming or
resource-intensive.
o Compromise Recording: In some cases, it may be more beneficial to record the
details of intrusion attempts rather than focusing solely on preventing them altogether.
This information can be valuable for forensic analysis and improving future security
defenses.
In-Text Questions:
 Q1. What is the main principle of cybersecurity?

2
o A1. Identifying security weaknesses before attackers do, often achieved through
simulated attacks (penetration testing).
 Q2. What are the benefits of cybersecurity?
o A2. Cybersecurity offers a wide range of benefits, including protection of sensitive data
from unauthorized access, prevention of financial losses due to fraud or cybercrime,
safeguarding intellectual property, and maintaining customer confidence through the
secure
UNIT 3: SECURITY POLICIES AND STANDARDS
1. Security Policies and Standards
 Security Policies: A written document outlining an organization's rules for protecting its
information assets and IT systems. They guide user behavior and ensure a consistent
approach to security.
 Security Standards: Established guidelines for implementing security procedures.
They promote best practices, efficiency, and interoperability.
2. Need for Security Policies
 Increased Efficiency: Consistent policies save time, money, and resources by clearly
outlining user responsibilities.
 Discipline and Accountability: Policies define consequences for security breaches,
aiding in legal disputes.
 Business Transactions: Policies may be shared with vendors to ensure they meet
security requirements during data exchange.
 Employee Education: Policies raise awareness about security practices and user
responsibilities.
3. Sample Cyber Security Policies
 Virus and Spyware Protection: Defines procedures for detecting, removing, and
preventing malware infections.
 Firewall Policy: Controls access to a network by blocking unauthorized users and
traffic.
 Intrusion Prevention Policy: Automatically detects and blocks cyberattacks on
networks, applications, and browsers.
 LiveUpdate Policy: Defines how and when security software updates are downloaded
and installed on user devices.
 Application and Device Control: Limits the use of unauthorized programs and
restricts access to peripheral devices.
 Exception's Policy: Provides flexibility to exclude specific applications or processes
from security scans when necessary.
 Host Integrity Policy: Ensures client computers meet security standards and have
required software installed (e.g., antivirus).
4. International Organization for Standardization (ISO)
3
 Develops international standards for various industries, including IT security.
5. ISO 27000 Series
 A family of standards focusing on information security management best practices.
 ISO 27001: Standard for establishing, implementing, and maintaining an Information
Security Management System (ISMS).
 ISO 27002: Provides guidelines for selecting and implementing security controls based
on an organization's risk environment.
 ISO 27005: Supports the implementation of information security based on a risk
management approach.
 ISO 27032: Focuses specifically on cybersecurity for information sharing beyond
organizational boundaries.
6. Information Technology Act (IT Act)
 Indian legislation enacted in 2000 to provide a legal framework for e-commerce and
cybercrime.
 Defines procedures for digital signatures, electronic recordkeeping, and cybercrime
penalties.
7. Copyright Act
 Defines the legal ownership and control rights for creators of original creative works
(e.g., books, music, software).


8. Patent Law
 Grants exclusive rights to inventors for new, useful, and non-obvious inventions.
9. Intellectual Property Rights (IPR)
 Legal rights allowing creators to benefit from their original ideas, inventions, and
creative works.
In-Text Questions Answered
 Security Policy: A documented approach for protecting an organization's IT assets and
physical security.
 Security Standard: A set of rules derived from security policies that ensure consistency
and efficiency in security practices.
Self-Assessment Exercises - Answers
 i. Security Policies (Examples):
o Acceptable Use Policy
o Data Breach Response Policy
o Disaster Recovery Plan
o Business Continuity Plan
o Remote Access Policy
4
o Access Control Policy
 ii. Security Standards (Examples):
o ISO 27001 (ISMS)
o PCI DSS (Payment Card Industry Data Security Standard)
o HIPAA (Health Insurance Portability and Accountability Act)
Key Takeaways
 Security policies and standards are crucial for protecting information assets and IT
systems.
 Understanding these policies and standards is essential for professionals working in IT
security.
 The ISO 27000 series and the IT Act are important international references for
information security.
MODULE 2
UNIT 2: CYBER SECURITY RISK ANALYSIS
Exam Points:
 Understanding cyber security risk analysis: It's the process of identifying, analyzing,
and prioritizing potential threats to an organization's IT assets.
 Benefits of risk analysis:
o Identifies and compares the financial and organizational impact of risks.
o Helps find gaps in information security and determine how to address them.
o Improves communication and decision-making regarding information security.
o Strengthens security policies and procedures.
o Raises employee awareness about security risks and their potential financial impacts.
 Steps in the risk analysis process:
1. Conduct a risk assessment survey: gather input from management and departments.
2. Identify the risks: evaluate IT systems and the organization for potential threats.
3. Analyze the risks: assess the likelihood and consequences of each identified risk.
4. Develop a risk management plan: create a plan to mitigate, transfer, accept, or avoid
risks.
5. Implement the risk management plan: put the plan into action to reduce or eliminate
risks.
6. Monitor the risks: continuously monitor security risks and update the plan as needed.
 Types of risk analysis:
o Qualitative: Uses judgment and observation to prioritize risks based on probability and
impact.
o Quantitative: Uses data to estimate the overall effect of risks on project objectives.
5
 In-text Question Answers (NOT examinable):
 The steps in risk analysis are listed in section 3.2.
 The difference between qualitative and quantitative analysis is explained in section 3.3.
Self-assessment Exercise Answer (NOT examinable):
 The different phases of risk analysis are risk identification, risk analysis, risk evaluation,
and risk management.
Key Takeaway:
Cyber security risk analysis is crucial for organizations to understand and manage their
security vulnerabilities. By following the risk analysis process and implementing
appropriate controls, organizations can significantly reduce the risk of costly security
incidents and data breaches.
Unit 3: Cyber Security Threats - Summary of Examinable Points
1.0 Introduction
 Cyber threats can disrupt critical infrastructure, steal data, and cause financial losses.
 This unit covers various types of cyber threats and mitigation methods.
3.0 Main Content
 Types of Cyber Security Threats:
o Malware: Malicious software that disrupts or damages a system. Examples include
viruses, spyware, trojans, ransomware, worms, adware, and botnets.
o Phishing: Emails, texts, or calls tricking users into revealing personal information or
clicking malicious links.
o Man-in-the-Middle Attack: Interception of communication between two parties to steal
data.
o Distributed Denial of Service (DDoS): Overwhelming a system with traffic to make it
unavailable.
o Brute Force Attack: Trial-and-error method to guess passwords or encryption keys.
o SQL Injection (SQLi): Injecting malicious code into a website to access sensitive
information stored in a database.
o Domain Name System (DNS) Attack: Redirecting users to malicious websites by
exploiting weaknesses in the DNS system.
 Latest Cyber Threats (Examples):
o Romance Scams
o Dridex Malware
o Emotet Malware
In-Text Questions
 i. Common cyber threats: Malware, social engineering, man-in-the-middle attacks,
denial-of-service attacks, injection attacks.
6
 ii. Fraud prevention: Implementing threat-mitigating policies and procedures.
Self-Assessment Exercise
 i. Non-physical threats: Potential causes of incidents leading to data loss, business
disruption, or sensitive information exposure.
4.0 Conclusion
This unit covers various cyber threats including:
 Malware and phishing attacks
 Man-in-the-middle attacks
 Brute force attacks
 Communication problems and solutions
 Distributed denial-of-service attacks
 SQL injection attacks
 Domain name system attacks
 Latest cyber threats
5.0 Summary
This unit covers:
 Malware and phishing attacks
 Man-in-the-middle attacks and brute force attacks
 Communication problems and solutions
 Distributed denial-of-service attacks
 SQL injection attacks and domain name system attacks
 Latest cyber threats
Unit 4: Cyber Security Threats to E-Commerce - Summary of Examinable Points
1. Introduction
 E-commerce transactions involve risks of stolen payment data, login credentials, and
personal information.
 The COVID-19 pandemic has increased reliance on online shopping, making e-
commerce sites more vulnerable to attacks.
 This unit focuses on threats to electronic payment systems and associated financial
risks.
2. Main Content
 Electronic Payments System
o Definition: Enables cashless transactions through electronic methods (debit/credit
cards, direct bank deposits).
o Benefits: Reduced paperwork, operational costs, and processing time.

7
o Risks: Evasion of tax, payment conflicts, unauthorized access (backdoors, DoS
attacks), eavesdropping.
 E-Cash
o Definition: Anonymously transferable digital cash stored on user devices or online
accounts.
o Components: Issuers, customers, merchants, regulators.
o Risks: Backdoor attacks, DoS attacks, direct access attacks, eavesdropping.
 Credit/Debit Card Fraud
o Methods:
 ATM Theft
 Skimming: Stealing card details using a device on the ATM card reader.
 Unwanted Presence: Someone watching your PIN or card details during transactions.
 Vishing/Phishing: Fake messages or calls tricking users into revealing card details.
 Online Transactions
 Malicious software: Stealing keystrokes or passwords.
 Fake websites: Replicating legitimate sites to steal data.
 Public Wi-Fi: Unsecure networks vulnerable to interception.
 Point of Sales Theft
 Salesclerk copying customer card details during transactions.
3. Self-Assessment Questions
 Q1: Explain Electronic Payments Systems
o Answer: Electronic payment systems allow cashless transactions using debit/credit
cards or direct bank deposits.
 Q2: Differentiate between Electronic Payments and E-Cash
o Answer: Electronic payments are for any cashless transaction, while e-cash is a specific
type of digital cash stored electronically. E-cash is more vulnerable to hacking.
4. Conclusion
 E-money is used for payments to merchants, while e-cash is used for person-to-person
transactions.
 This unit examined cyber threats to e-commerce, electronic payment systems, and
associated frauds.
5. Summary
 This unit covered:
o Cyber security threats in e-commerce.
o Electronic payment systems and their development.

8
o Risks of fraud, tax evasion, and payment conflicts.
o E-cash and credit/debit card fraud issues (including ATM theft).
MODULE 3: CYBER SECURITY MANAGEMENT
Unit 1: Data Security Concerns
Examiner Points:
 Data Security: Protection of data from unauthorized access, modification, destruction,
disclosure, or transfer. Achieved through physical and software controls.
 Data Security Considerations:
o Backups: Regularly scheduled copies of data stored securely to recover from loss or
damage. (3.1)
 Backup 3-2-1 Rule: 3 copies, 2 formats, 1 off-site location (3.1)
o Archival Storage:** Long-term storage of inactive data for future reference. (3.2)
 Considerations: Storage medium, device, revisiting archives, data usability, selective
archiving, space, online vs offline (3.2.1 - 3.2.7)
o Disposal of Data:** Secure destruction of data on storage media to prevent
unauthorized access. (3.3)
 Considerations: Destroy the data, destroy the device, record of decommissioned
systems, keep careful records, eliminate potential clues, keep system secure until
disposal (3.3.1 - 3.3.6)
In-Text Questions:
 Backup: A copy of data used to recover from data loss. (3.1)
 Archival Storage: Storage for inactive data for future use or record-keeping. (3.2)
Self-Assessment Exercise:
 Data Security Considerations: Protecting data from unauthorized access, disclosure
or corruption to avoid information breaches. (3.3)

UNIT 2: SECURITY TECHNOLOGIES

Sure, the unit covers the following examinable points:
 Security Technologies: It defines security technologies and gives reasons why they
are important.
 Firewalls:
o What firewalls are and their different processing modes (packet filtering, application
gateways, circuit gateways, MAC layer firewalls, hybrid firewalls).
o Firewall development eras (first generation, second generation, third generation, fourth
generation, fifth generation).
o Intended deployment structures (commercial appliances, SOHO firewalls, residential
software firewalls).
9
o Architectural implementations (packet-filtering routers, screened host firewalls, dual-
homed host firewalls, screened subnet firewalls).
 Virtual Private Network (VPN): What a VPN is and how it works.
 Intrusion Detection System (IDS): What an IDS is, its different detection approaches
(signature-based, anomaly-based) and its two types (network intrusion detection system
(NIDS), host intrusion detection system (HIDS)).
 Access Control: What access control is, its two types (physical access control, logical
access control) and its two main components (authentication, authorization).
In-text questions:
 Network intrusion detection system (IDS): A security system that monitors network
traffic for suspicious activities.
 Authentication vs Authorization: Authentication verifies a user's claimed identity while
authorization determines a user's access rights.
UNIT 3: CYBER SECURITY TOOLS
Firewalls
 Definition: A security tool that controls incoming and outgoing network traffic.
 Function: Protects private networks from unauthorized access.
 Limitations: Skilled hackers might bypass firewalls.
Antivirus Software
 Definition: A program that detects, prevents and removes malware.
 Function: Protects against viruses, Trojan horses, worms, spyware, etc.
 Additional features: Scans emails and web links for malicious content.
Public Key Infrastructure (PKI) Services
 Definition: A set of tools that manages encryption keys and digital certificates.
 Function: Enables secure data exchange and verifies the identity of parties involved.
 Uses:
o Multi-factor authentication
o Digital signatures
o Encrypted email communication
o Securing code
o Building trust in IoT ecosystems
Managed Detection and Response (MDR) Service
 Definition: A security service that provides threat hunting, monitoring, analysis, and
response.
 Use Case: For organizations lacking resources to manage cybersecurity risks.
 Features:
10
o Focuses on threat detection rather than compliance.
o Relies on security event management and advanced analytics.
o Combines automation with human expertise.
o Provides incident validation and remote response.
Penetration Testing (Pen-Test)
 Definition: A method to evaluate an IT infrastructure's security by simulating cyber
attacks.
 How it works: Cybersecurity professionals use hacker techniques to identify
vulnerabilities.
 Types of attacks simulated: Password cracking, code injection, phishing.
 Benefits:
o Identifies security weaknesses.
o Helps prioritize security investments.
Vulnerability Assessment
 Definition: The process of identifying weaknesses in computer systems and networks.
 How it differs from pen-testing: Vulnerability assessment is passive, pen-testing is
active.
Staff Training
 Importance: Educated staff is a strong defense against cyber attacks.
 Training content: Latest cybersecurity practices and employee roles in security.
In-text questions:
 Penetration testing and how it's performed.
 Difference between vulnerability assessment and penetration testing.
Self-assessment exercise:
 Importance of penetration testing in an enterprise.
Conclusion
 Security tools protect data and applications.
 Benefits of security tools:
o Educated employees
o Reduced human error
o Compliance
o Customer trust
o Mitigating evolving threats
Absolutely, here's a breakdown of the unit by unit pointing out all the examinable points:
Unit 4: Cyber Security Operations
11
 1.0 Introduction
 This unit covers how Security Information and Events (SIEM) are managed effectively.
 It details staffing requirements for managing security events and escalation chains.
 It explores incident classification and highlights events to monitor for security
orchestration and response (SOAR).
3.0 Main Content
3.1 SIEM (Security Information and Event Management)
 SIEM collects logs from various systems that might contain security information.
 An event is an observation from logs, user logins, network attacks, or application
transactions.
 An incident is a negative event impacting the organization, like a security threat.
 SIEM processes security alerts from various sources and can correlate multiple events
to identify incidents.
 SIEM analyzes events from network, host, and application areas:
o Network events - most common but lack context (who, what, why).
o Host events - provide more details about what happened on a device.
o Application events - offer the most context about user activity and application
functionality.
 SIEM might require configuration by the SOC team to understand events from specific
applications.
3.2 SOC Staffing
 SOC staffing varies depending on the organization's size and needs.
 Here's a breakdown of potential SOC roles:
o SOC Chief: Defines policies and strategies to counter threats.
o SOC Architect: Ensures systems and architecture support SOC activities.
o Analyst Lead: Develops and maintains processes (playbooks) for analysts.
o Level 1 Analysts: Respond to alerts and escalate issues when needed.
o Level 2 Analysts: Have more technical expertise to resolve complex alerts and escalate
incidents to the Incident Response Team (IRT) when necessary.
o IRT: Responds to and resolves security incidents impacting the organization.
o Penetration Testers: Support the SOC with their knowledge of attacker tactics and help
with root cause analysis.
3.3 Escalation Chains
 A defined process for contacting the right people when different incidents occur is
crucial.

12
 Incidents can impact various departments, so the SOC should know who to contact and
how.
 An example escalation chain could involve creating a ticket in a tracking system,
sending SMS and email to primary contacts, followed by phone calls if there's no
response.
3.4 Classification of Incidents
 Incidents are classified based on:
o Category: Type of incident (e.g., insider hacking, malware infection).
o Criticality: Impact on systems and urgency of response.
o Sensitivity: Confidentiality of the information involved.
 Classification helps the SOC determine the appropriate response measures.
 Examples of incidents:
o Insider hacking
o Malware on a workstation
o Worm spreading across the network
o Distributed Denial-of-Service (DDoS) attack
o Leaked credentials
3.5 Security Orchestration, Automation and Response (SOAR)
 Automation is essential for a modern SOC to respond quickly to threats.
 SOAR helps automate responses to security incidents for faster mitigation.
 SOAR allows the SOC to leverage actionable data to stop evolving threats.
 Traditional SOCs might take a long time to detect threats, while attackers can quickly
spread within a network.
 SOAR integrates concepts like Infrastructure as Code (IaC) and Software Defined
Networking (SDN) for faster remediation and access control.
3.5.1 What to Monitor
 It's important to collect high-fidelity logs that are relevant to identify and stop attackers
quickly.
 Here's a table outlining difficulty levels for attackers to change indicators used for threat
detection:
Indicator Difficulty to change
File checksums and hashes Very easy
Ip addresses Easy
Domain names Simple
Network and host artifacts Annoying
Tools Challenging
Tactics, techniques and procedures (TTPs) Hard

13
 In-Text Questions
1. What are the major areas for SIEM analyses?
 Answer: Network, host, and application areas.
2. Enumerate four examples of incidents.
 Answer: Inside Hacking, Malware on Client Workstation, Worm spreading across the
network, Distributed Denial of Service Attack, Leaked Credentials.
Self-Assessment Exercise
i. Discuss the best practices in dealing with incident reports.
 Answer: While not directly addressed in this unit, best practices for incident reports
likely involve creating teams with the right skills, defining incident management
guidelines, establishing communication channels, and cultivating a security-conscious
culture within the organization.
MODULE 4: CYBER ATTACKS AND ATTACHERS
Unit 1: Types of Cyber Attacks and Attackers
Examining points:
 Cyberattacks: Malicious activities targeting computer systems and networks to steal,
alter, or destroy data.
 Types of Cyber Attacks:
o Web-based attacks: Occur on websites or web applications. Examples include:
 Injection Attacks (SQL injection, etc.)
 DNS Spoofing
 Session Hijacking
 Phishing
 Brute Force Attack
 Denial-of-Service (DoS) Attack
 Dictionary Attack
 URL Interpretation
 File Inclusion Attack
 Man-in-the-Middle Attack (covered in Unit 2)
o System-based attacks: Target computers or networks. Examples include:
 Viruses
 Worms
 Trojan Horses
 Backdoors
 Bots

14
 Types of Cyber Attackers:
o Cybercriminals: Hack for financial gain.
o Hacktivists: Hack for a political or social cause.
o State-sponsored attackers: Government-backed hackers pursuing national interests.
o Insider threats: Individuals with authorized access who misuse it (malicious,
accidental, or negligent).
In-text questions and answers:
1. Enumerate web-based attacks. (List provided in answer)
2. Who is an attacker in terms of cyber security? An unauthorized process or person
trying to access restricted systems or data.
Self-assessment exercise (answers not provided):
i. Differentiate between web-based and system-based attacks. * Web-based attacks
target websites/applications, while system-based attacks target computers/networks. ii.
Discuss the current trend of attackers' methods. * Using AI, targeting mobile
devices, exploiting cloud vulnerabilities, data breaches, IoT/5G risks, increased
automation, and targeted ransomware.
Conclusion:
Cyberattacks aim to gain unauthorized access to systems and data. This unit covered
different attack types, attackers' motivations, and specific threats like state-sponsored
attackers and insider threats.
Summary of Unit 2: Man-in-the-Middle Attacks
Exam Points:
 What is a Man-in-the-Middle (MITM) Attack?
A cyberattack where an attacker inserts themselves into communication between two
parties, allowing them to eavesdrop or manipulate data.
 Types of MITM Attacks (You should be able to identify at least five):
1. Wi-Fi Eavesdropping: Intercepting communication on unsecured Wi-Fi networks.
2. DNS Spoofing: Redirecting traffic to a malicious website by spoofing DNS addresses.
3. IP Spoofing: Impersonating another device by using its IP address.
4. HTTPS Spoofing: Creating fake HTTPS websites to steal login credentials.
5. ARP Spoofing: Linking a fake MAC address to a legitimate IP address to intercept
traffic.
 Detection of MITM Attacks:
Difficult to detect directly. Prevention is crucial.
 Prevention of MITM Attacks:
1. Use strong encryption (WPA) on wireless access points.
2. Use a VPN to encrypt internet traffic.
15
3. Implement public key pair authentication (e.g., RSA) for secure communication.
4. Use strong passwords and regularly update them.
5. Enable two-factor authentication for added security.
6. Practice good network hygiene on all devices.
7. Avoid using public Wi-Fi or be cautious when doing so.
Additional Notes:
 The unit also briefly covers the difference between web-based attacks (exploiting
vulnerabilities in applications) and system-based attacks (spreading malicious
software).
Unit 3: Cyber Security Wi-Fi Attacks
1.0 Introduction
 Wi-Fi networks are essential for businesses but have security vulnerabilities.
 Attackers can exploit these vulnerabilities to steal data or launch further attacks.
3.0 Main Content
 3.1 Wi-Fi Security
o Wi-Fi security options include:
 No security (weak)
 Access control list (MAC filtering - weak)
 Pre-Shared Key (PSK - WPA/WPA2/WPA3)
 Enterprise authentication (most secure)
o Strong passwords are important for PSK security.
o Cracking tools like aircrack-ng can be used to break weak passwords.
 3.2 Hidden SSID
o Hiding the SSID doesn't improve security and can make it harder to connect.
 3.3 MAC Address Filtering
o MAC filtering is weak security because MAC addresses can be spoofed.
 3.4 Pre-Shared Key (PSK)
o PSK uses WPA/WPA2/WPA3 for encryption. WPA3 is the latest and most secure
option.
o Strong passwords are important for PSK security.
 3.5 Enterprise Authentication
o Offers strong security with key management but requires a complex infrastructure.
 3.6 Fake Wi-Fi Access Points
o Attackers can create fake Wi-Fi networks to steal data or monitor traffic.
In-Text Questions
16
 1. Protocols using radio for signaling: Bluetooth, NFC, RFID, ZigBee, Z-Wave
 2. Acronyms: WPA - Wi-Fi Protected Access, WEP - Wired Equivalent Privacy
4.0 Conclusion
 Wi-Fi security is essential because Wi-Fi is widely used.
5.0 Summary: This unit covered:
 Wi-Fi security options and their strengths/weaknesses
 How hidden SSIDs and MAC filtering work (and why they are not very secure)
 Enterprise authentication for secure key management
 How to identify and avoid fake Wi-Fi access points
Exam Points:
 Understand the different Wi-Fi security options and their effectiveness.
 Know the limitations of hidden SSIDs and MAC filtering.
 Recognize the importance of strong passwords for PSK security.
 Be aware of the security benefits and drawbacks of enterprise authentication.
 Be able to identify fake Wi-Fi access points.

17