The Participants

Of
CYBER SECURITY AWARENESS
PROGRAM

19TH DECEMBER, 2019

Port of Visakhapatnam – “The Eastern Gateway of India”

1
 Learning Objectives

Definitions of Privacy and Security

Cyber Security Infrastructure
Recognize Different Types of attacks
Differentiate between Various Types of Malware
Explain How to Secure a Computer
Practice Safe Computing
 Key definitions
Term Definition

Computer Any electronic, magnetic, optical or other high speed data processing device or system which performs
logical, arithmetic, and memory functions by manipulation of electronic, magnetic or optical impulses,
and included all input, output, processing, storage, computer software, or communication facilities which
are connected or related to the computer in a computer system or computer network;

Cyber Security Protecting information, equipment, devices computer, computer resource, communication device and
information stored therein from unauthorized access, use, disclosure, disruption, modification or
destruction;

Data Representation of information, knowledge, facts, concepts, or instructions which are being prepared or
have been prepared in a formalized manner, and is intended to be processed, is being processed or has
been processed in a computer system or network; in any form (printouts, magnetic, optical storage)

Electronic Form Generated, received, sent or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device

Electronic Data, record or data generated, image or sound stored, received or sent in an electronic form

Record
Digital Signature Authentication of any electronic record by a subscriber by means of an electronic method in Section 3
(asymmetric crypto system and hash function)

Electronic Authentication of any electronic record by a subscriber by means of the electronic technique specified in
Second Schedule (e.g. Digital Signature)
Signature
Intermediary w.r.t any particular electronic record, any person who on behalf of another person receives, stores or
transmits that record, or provides any service with respect to that record and includes telecom service
providers, network service providers, internet service providers, web-hosting service providers, search
engines, online payment sites, online auction sites, online market places, and cyber cafes. 3
Why are we talking about
cybersecurity?

4
 Data Privacy
• Information privacy, or data privacy: the
relationship between collection and
dissemination of data, technology, the public
expectation of privacy, and the legal and
political issues surrounding them.
• Information privacy is the right to control
what information about a person is released.

5
 Cyber Security
According to H.R. 4246 “Cyber Security Information Act”:

cybersecurity: “The vulnerability of any computing system, software

program, or critical infrastructure to, or their ability to resist, intentional
interference, compromise, or incapacitation through the misuse of, or by
unauthorized means of, the Internet, public or private
telecommunications systems or other similar conduct that violates
Federal, State, or international law, that harms interstate commerce of
the United States, or that threatens public health or safety.”

6
 Cyber Security in Different Contexts
corporate cybersecurity = availability, integrity and
secrecy of information systems and networks in the
face of attacks, accidents and failures with the goal
of protecting a corporation’s operations and assets

national cybersecurity = availability, integrity and

secrecy of the information systems and networks in
the face of attacks, accidents and failures with the
goal of protecting a nation’s operations and assets

7
 One way to think about it
cybersecurity = availability, integrity and secrecy
of information systems and networks in the
face of attacks, accidents and failures with the
goal of protecting operations and assets

(Still a work in progress.)

8
 Cyber Security Defined
• Cyber Security’s goal: Protect our information and
information systems
• Cyber Security is: “Protection of information
systems against unauthorized access to or
modification of information, whether in storage,
processing or transit, and against the denial of
service to authorized users, including those
measures necessary to detect, document, and
counter such threats.”

9
 Privacy and Security of information
• Confidentiality: Safeguards information from being accessed by individuals without
the proper clearance, access level, and need to know.

• Integrity: Results from the protection of unauthorized modification or destruction

of information.

• Availability: Information services are accessible when they are needed.

Authentication means a security measure that establishes the validity of a
transmission, message, or originator, or a means of verifying an individual's
authorization to receive specific categories of information.

• Non-repudiation: Assurance the sender of data is provided with proof of delivery

and the recipient is provided with proof of the sender's identity, so neither can
later deny having processed the data.

10
 Sensitive Data
• Information is considered sensitive if the loss of
Confidentiality, Integrity, or Availability could be expected to
have a serious, severe, or catastrophic adverse effect on
organizational operations, organizational assets, or
individuals.
• Types of sensitive information include:
– Personnel
– Financial
– Payroll
– Medical
– Privacy Act information.

11
 Threats and Vulnerabilities
• What are we protecting our and our
stakeholders information from?
– Threats--any circumstances or events that can potentially
harm an information system by destroying it, disclosing the
information stored on the system, adversely modifying
data, or making the system unavailable
– Vulnerabilities--weakness in an information system or its
components that could be exploited.
Ex: Windows Xp Systems

12
Recognize Different Types of Cyber Attacks

13
Strategic Forces Shaping Cyber Attacks
Significant Cyber Events in 2019

Social
Media

Business& Infrastructure &

Smart Home Government
2019
Events

Hospitality Healthcare

14
 Cyber Security Infrastructure
According to S.I. 1901 “Cybersecurity Research and Education Act of 2002”:

“The term cybersecurity infrastructure includes--

(A) equipment that is integral to research and education capabilities in cybersecurity,
including, but not limited to--
(i) encryption devices;
(ii) network switches;
(iii) routers;
(iv) firewalls;
(v) wireless networking gear;
(vi) protocol analyzers;
(vii) file servers;
(viii) workstations;
(ix) biometric tools; and
(x) computers; and
(B) technology support staff (including graduate students) that is integral to research
and education capabilities in cybersecurity.”

15
Technical Aspects – Evidentiary objects
• Storage (files)
• Hard disk (raw data)
• Flash cards
• Volatile memory (RAM)
– Running processes
– DLLs
– Malware
– User names and passwords
• Registry keys
• Deleted files
• Cookies
• Browser caches/history
• Network connections history
• Network Logs

16
 Network-Based Attacks

Better Accessibility because of the network

– Web sites
– Email Servers
– File Servers
– DNS Servers
– Routers
– Etc.

17
 Network Attacks
• DOS, DDoS: coordinated attack by one or multiple sources
– SYN flooding: http://www.cert.org/advisories/CA-1996-21.html
– Aided by proliferation of DSL home users
• DNS, BIND
– Redirection :the site you’re on, is not really the site you think you’re on !
– Vulnerability in BIND to allow remote user to gain privileged access

• Routers
– Change routing information to disable network
– Cisco’s IOS proliferates the worldwide backbone of the Internet

• Sniffers
– examine network traffic going to and from other machines
– gather usernames and passwords
– capture electronic mail

18
 Network Attacks (cont.)

• Firewalls
• IDS, HoneyPots, SATAN, vulnerability
scanners
– http://www.sans.org/newlook/resources/IDF
AQ/ID_FAQ.htm
• Tripwire to detect configuration changes

19
 Web Attacks

• Phishing
✓Email messages and IMs
✓Appear to be from someone with
whom you do business
✓Designed to trick you into providing
usernames and passwords
• Pharming
✓Redirects you to a phony website even if you
type the URL
✓Hijacks a company’s domain name
 Examples of Web Attacks
• Cracking Session ID numbers
– https://www.tonybank.com/account.asp?sid=123456
78
– URL session tracking
– Hidden form elements
– Cookies
• Cracking a SQL database
– Enter an “incorrect” string to get an error message
which shows how the database forms a query.
– http://www.wiretrip.net/rfp/p/doc.asp?id=42

21
 E-Mail Attacks
• Email bombing
– repeatedly sending an identical email message
to a particular address.
– http://www.cert.org/tech_tips/email_bombin
g_spamming.html
• MALware Attachments:
– worms, viruses, trojan horses, etc.
• SPAM
– Unsolicited “junk” mail
– At sites with mailers that permit relaying
22
 E-Mail Attacks

• RTF files are ASCII text files and include

embedded formatting commands. RTF files
do not contain macros and cannot be
infected with a macro virus.
• An MP3 file consists of highly
compressed audio tracks. MP3 files are not
programs, and viruses cannot infect them.

23
 Cybercrime: They Are Out to Get You –
Social Network Attacks (3 of 4)
• Fraud
Schemes that convince you to give money or
property to a person
Shill bidding is fake bidding to drive up the price of
an item
 Malware: Pick Your Poison – Spam and
Cookies
• Spam
✓Spamming is sending mass unsolicited emails
✓Messages are called spam
✓Other forms:
• Fax spam
• IM spam
• Text spam

25
 Malware: Pick Your Poison – Spam and
Cookies
• Cookies
✓Installed without your
permission
✓Help websites identify
you when you return
• Track websites and
pages
you visit to better target
ads
• May collect information
you don’t want to share
26
 Malware: Pick Your Poison – Adware and
Spyware
• Adware
✓Pop-ups or banner ads
✓Generate income
✓Use CPU cycles and Internet bandwidth
✓Reduce PC performance

27
 Malware: Pick Your Poison – Adware and
Spyware
• Spyware
✓Malware
✓Secretly gathers personal information
✓Usually installed by accident
✓Browser hijacker

28
 Social Engineering
Hello, I'm calling from Technology for
America – we're a non-profit organization,
working to help ensure that the U.S. stays
at the forefront of computer technology.

Today we're conducting a telephone survey

about the usage of computer systems. Can
I ask you a few questions about your
computer system?

Social engineering is a collection of techniques intended to trick people into

divulging private information. Includes calls emails, web sites, text messages,
interviews, etc.

29
 Social Engineering
Do Don’t
• Document the situation— • Participate in
verify the caller identity,
surveys
obtain as much
information as possible, if • Share personal
Caller ID is available, write information
down the caller's
telephone number, take • Give out computer
detailed notes of the systems or network
conversation information
• Contact your CISO

30
 Mobile Computing
• Always maintain physical control of
mobile devices!

• Properly label with

classification and contact
information
• Disable wireless functionality
when it is not in use

31
 Example: DOS
http://www.cert.org/tech_tips/denial_of_service.html

• Denial-of-Service attacks are most frequently executed against

network connectivity. The goal is to prevent hosts or networks
from communicating over the network. A description of how this
can occur is at: http://www.cert.org/advisories/CA-1996-21.html
• In this case, the hacker begins the process of connecting to the
victim machine, but in such a way as to PREVENT the completion
of the connection. Since the victim machine has a limited number
of data structures for connections, the result is that legitimate
connections are denied while the victim machine is waiting to
complete bogus “half-open” connections.
 Example: DOS (cont.)
• This type of attack does not depend on the attacker being able to
consume your network bandwidth. Here, the intruder is consuming
kernel data structures involved in establishing a network connection.
The implication is that an intruder can execute this attack from just a
dial-up connection against a machine on a very fast network.
• An intruder may also be able to consume all the available bandwidth
on your network by generating a large number of packets directed to
your network. Typically, these packets are ICMP ECHO packets, but in
principle could be anything (“smurfing”). Further, the intruder need
not be operating from a single machine – he may be able to coordinate
or co-opt several machines on different networks to achieve the same
effect: hence, DDoS.
• In addition to network bandwidth, intruders could consume other
resources: for example, anything that allows data to be written to disk
can be used to execute a DOS attack if there are no bounds on the
amount of data that could be written.

33
 Denial of Service Attacks…
http://www.cert.org/present/cert-overview-trends/sld001.htm

• Make networks or hosts unusable

• Disrupt services
• Difficult or Impossible to locate source
• Becoming very popular with attackers,
especially
– IRC sites
– Controversial sites or services
• Bottom Line: COSTLY!

34
 Intruder Detection Checklist
http://www.cert.org/tech_tips/intruder_detection_checklist.html

Look for Signs That Your System May Have Been Compromised
1. Examine log files
2. Look for setuid and setgid Files
3. Check system binaries
4. Check for packet sniffers
5. Examine files run by 'cron' and 'at'.
6. Check for unauthorized services
7. Examine /etc/passwd file
8. Check system and network configuration
9. Look everywhere for unusual or hidden files
10. Examine all machines on the local network

35
 Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (1 of 5)
• Virus - a program that replicates itself
and infects computers
Needs a host file
May use an email program to infect
other computers
The attack is called the payload
Check to see if message is a hoax

36
 Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (2 of 5)

• Logic Bomb
✓Behaves like a virus
✓Performs malicious act
✓Does not replicate
✓Attacks when certain conditions are met
• Time Bomb
✓A logic bomb with a trigger that is a specific
time or date
• April Fool’s Day
• Friday the 13th
37
 Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (3 of 5)
• Worms
✓Self-replicating
✓Do not need a host to travel
✓Travel over networks to infect other
machines
✓Conficker worm
• First released in 2008
• Reemerged in 2010 with new behaviors

38
 Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (4 of 5)
• Botnet
– Network of computer zombies or bots controlled by a
master
– Fake security notifications
– Denial-of-service attacks
• Cripple a server or network by sending out excessive traffic

• Trojan horse
– Appears to be legitimate program
– Actually malicious
– Might install adware, a toolbar, a keylogger, or open a
backdoor
39
 Malware: Pick Your Poison – Viruses,
Worms, Trojans, and Rootkits (5 of 5)
• Ransomware
– Malware that prevents you from using your computer
until you pay a fine or fee
– Bitcoin is an anonymous, digital, encrypted currency
• Rootkit
– Set of programs
– Allows someone to gain control over system
– Hides the fact that the computer has been
compromised
– Nearly impossible to detect
– Masks behavior of other malware
40
How to Secure a Computer

41
Explain How to Secure a Computer

42
 Shield’s Up – Software (1 of 2)
• Drive-by download
– A visited website installs a program in the background without
your knowledge

• Firewall
– Hardware device that blocks
access to your network
– Software that blocks access
to an individual machine

43
 Shield’s Up – Software (2 of 2)

• Antivirus program
– Protects against viruses, Trojans, worms, spyware
– Windows 10 includes Windows Defender
• An antispyware program that performs both real-time protection
and system scanning

• Antispyware software
– Prevents adware and spyware from installing
• Security suite
– Package of security software
– Combination of features
44
 Shield’s Up – Hardware (1 of 2)

• Router
– Connects two or more networks together
– Home router acts like firewall
• Network address translation (NAT)
Security feature of a router
Shields devices on private network from
the public network

45
 Shield’s Up – Hardware (2 of 2)

• SSID (Service Set Identifier)

– Wireless network name
• Wireless encryption
Adds security by encrypting transmitted data
Wi-Fi Protected Setup (WPS) is one option

46
 Shield’s Up – Operating System

• Most important piece of

security software
• Keep patched and
up-to-date

47
Practice Safe Computing

48
Practice Safe Computing

49
An Ounce of Prevention is Worth a Pound
of Cure –
User Accounts
• Three user account types
 Standard
 Administrator
 Guest
• User Account Control (UAC) notifies you prior to
changes made to your computer
 Do not turn this feature off
 Always read message before clicking Yes
• Malware tricks users into clicking fake Windows
notifications
50
An Ounce of Prevention is Worth a Pound
of Cure –
Passwords

51
 Department Password Policy
• The Department has guidelines pertaining to password use.
– Passwords must be:
– Obscured during login and during transmission.
– Changed after the initial login.
– Forced by the system to be changed every 90 days.
– Strong - shall include three of the four characteristics:
• Numerals
• Alphabetic characters
• Upper and lower case letters
• Special characters
• Passwords shall be at least eight (8) characters in length.

52
 Secure Passwords
Do Don’t
• Use a combination of: • Use personal information
lower and upper case • Dictionary words
letters, numbers, and, (including foreign
special characters languages)
• Change it every 90 days • Write it down
• Create a complex, strong • Share it with anyone
password, and protect its
secrecy

53
An Ounce of Prevention is Worth a Pound
of Cure –Encryption
• Converts plain text into ciphertext
• Must have a key to decrypt it

54
An Ounce of Prevention is Worth a Pound
of Cure –Safely Installing Software
• Copies files to the computer
• Alters settings

55
An Ounce of Prevention is Worth a Pound of
Cure –Updating and Installing Software
• Protect yourself from downloading
problems
Only download from reliable sources
• Zero-day exploit
Attack that occurs on the day an exploit is
discovered before the publisher can fix it
• Bugs
Flaws in the programming of software
Patch or hotfix
Service pack 56
An Ounce of Prevention is Worth a Pound
of Cure –Acceptable Use Policies (AUP)
• Common in businesses and schools
• Rules for computer and network users
• Depend on:
 Type of business
 Type of information

• Force users to practice safe

computing

57
 Use of Social Media
• Be aware of what you post online!
• Monitor privacy settings
• Refrain from discussing any work-related
matters on such sites.

58
Report Suspicious Computer Problems
If your system acts
unusual!
Report immediately to
your CISO

Trojan Horse Spyware Worm

59
Laws Related to Computer Security
and Privacy

60
Discuss Laws Related to Computer Security
and Privacy

61
 The Law is on Your Side – The
Enforcers
• No single authority
responsible for investigating
cybercrime
• Internet Crime Complaint
Center (IC3)
Place for victims to report
cybercrimes
ic3.gov
Reports processed and
forwarded to appropriate
agency
62
The Law is on Your Side – Current Laws
(1 of 2)
• Computer Fraud and Abuse Act
Makes it a crime to access classified
information
Passed in 1986; amendments between 1988
and 2002 added additional cybercrimes
• USA PATRIOT Act antiterrorism legislation
(2001)

63
The Law is on Your Side – Current Laws
(2 of 2)
• Cyber Security Enhancement Act
(2002)
Provisions for fighting cybercrime
• Convention on Cybercrime Treaty
Drafted by Council of Europe
Signed by more than 40 countries

64
Offences & Contraventions

+
Cyber
Cyber Offences
Contravention

Sec. 65 –
43, 43A
67, 72, 72A

Adjudicating
Police/Court
Officer

Sec 43

Sec 66

65
Cyber Contravention –Sec. 43
Unauthorized access –
 If any person without permission of the owner or any other person
who is the in charge of a computer, computer systems or computer
network commits any violation in Section 43 (a) – (j).

Penalty and compensation –

 Liable to pay damages by way of compensation to the tune of Rs. 5
Crores.

66
Section 66– Computer Related
Offences
“If any person, dishonestly, or fraudulently, does any act referred to
in section 43, he shall be punishable with imprisonment for a term
which may extend to three years or with fine which may extend to
five lakh rupees or with both.”

 Dishonestly or fraudulently as defined u/s 24/25 IPC

 Cognizable & Bailable.

67
 IT Act
Cyber Crimes – Sec43(a)
“If any person, dishonestly, or fraudulently, does any act
referred

Unauthorized Access to the Computer

68
 IT Act
Cyber Crimes – Sec43(b)

Downloading, Copying or Extracting

any Data from
any Computer

69
Cyber Crimes – Sec43(c)
Introducing Computer
Virus/Containment/Spyware

70
 IT Act
Cyber Crimes – Sec43(d)
Damaging any Computer/Computer
System/Database /Program

71
Cyber Crimes – Sec43(e) IT Act
Disrupt or Causing Disruption
to Computer or
Computer Network

4/25/2017 N e e r a j A a r o ra 72
Cyber Crimes – IT Act
Sec43(f)
Denial-of-Access
to
Any Person

73
Cyber Crimes – Sec43(g)

Assistance to Facilitate Unauthorized

Access to Computer

74
Cyber Crimes – Sec43(h)
Charges the Services to the Account of Another by
Tempering with Computer

Using Stolen Credit Cards

or
Others Bank Accounts

75
 Cyber Crimes – Sec43(i)
Destroyed, Delete or Alter
An Information
Regarding in the Computer

Diminishes its value or effects it injuriously

4/25/2017 N e e r a j A a r o ra 76
Cyber Crimes – Sec43(j) & Sec65
Steal, Conceal or Destroy Computer Source Code

If source code is required to be maintain by Law,

such offence would be cognizable U/S 65

77
Section 66C– Punishment for
Identity Theft
“Whoever,

 fraudulently or dishonestly make use of

 the electronic signature, password or any

other unique identification feature of any other person,

 shall be punished with imprisonment of either description for a

term which may extend to three years and shall also be liable to
fine which may extend to rupees one lakh”

78
 Securing the Department
• Don’t store PII on unencrypted storage devices
• Remove your Personal Identity Verification (PIV), or smart
card, when leaving your desktop PC
• Never transmit secure information over an unsecured fax
machine
• Check for security badges and make sure guests needing
escorts have them
• Don’t write down passwords
• Use only authorized thumb drives
• Properly label removable media such as CDs or DVDs
• Be careful how you dispose of anything that might contain
sensitive information

79
All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any
means, electronic, mechanical, photocopying, recording, or
otherwise, without the prior written permission of the publisher.
Printed in the United States of America.

80
 Case Study of Cyber Atacks
http://www.wired.com/news/technology/0,1282,41563,00.html

by Michelle Delio
10:35 a.m. Feb. 1, 2001 PST

A popular Web discussion board in which the subject

is computer security became the unwitting host of
an attack program directed at security consultant
firm Network Associates Wednesday night.

A cracker posted to the Bugtraq board what he said

was a script -- computer code that would allow
people to take advantage of a recently discovered
hole in BIND, the software that pushes information
across the Internet.

81
But if someone downloaded and ran the posted script, it
instead launched a denial of service attack against
Network Associates (NAI) by sending packets of
garbage information in the hopes of overwhelming the
firm's servers.

Since Network Associates had already patched the hole,

its website's performance wasn't adversely affected.
"We have determined that a distributed denial of attack
was directed at NAI last night," an NAI spokeswoman
said, "but no penetration to the corporate network took
place. We are continuing to investigate the origin of this
attack." NAI was the first to raise the alarm over the
BIND exploit, and Bugtraq spokesperson Elias Levy said
he assumes that the attack was intended to see if NAI
had practiced what they preached and patched the hole.

82
Virus Live Case – Stuxnet
Very Effective, Size: 500 KiloByte.
Attacked in Three Phases
 it targets Microsoft Windows Machines and Networks.
 Sought Out Siemens Step7 software (Windows-based used to
Program Industrial Control Systems that Operate Equipment, such
as Centrifuges).
 Compromised Programmable Logic Controllers.
Spy on Industrial Systems and even Cause Fast-Spinning
Centrifuges to Tear themselves apart.

Can Spread Stealthily Between Computers running Windows.

Can Spread through USB thumb Drive.

83
Hack of Ukraine’s Powergrid

Send spyware to employees and asked

to click on micros

Hackers used a program called BlackEnergy3

Infected their machines and opened a backdoor to the

hackers.

Hackers harvested worker credentials for VPNs which was

used to remotely log in to the SCADA network.

84
Hack of Ukraine’s Powergrid
Reconfigured uninterruptible power supply to control
centers.
Replace malicious firmware on serial-to-Ethernet
converters at substations.
Entered SCADA networks through hijacked VPNs and
disable UPS systems.
Launched Telephone Denial-of-Service attack against
customer call centers to prevent reporting for outrage.
Used malware ‘KillDisk’ to wipe files from operator
stations.

Blackout

85
 Bit Coin – Virtual Currency
Not in control of any Country

Anonymity on the Internet

International movement without restrictions

Acceptable for Hawala /Crime Transactions

Replace the gold or cash as a payment for illegal transaction

or tax evasion

86
 Cybercrime Economy
Ransomware
 organized at international & national level
 Segmented & Coordinated

Darknet
 Sale of Vulnerabilities and exploits online
 Crime ware tool kits
 Stolen data Credit card numbers, PINs
 Email ids, passwords
 FTP credentials
 Sale of Botnets
 DDoS as a Service
 Hacking as a Service

87
Questions

88