CYBER SAFETY &

SECURITY

Presented By- Bhaiyasaheb Bodhak

Internet and smart Gadgets are now integral part of our lives
The term cyber security is used to refer to the security
offered through on-line services to protect your online
information.
What is the Internet?

The Internet is a vast network that connects computers all over

the world. Through the Internet, people can share information
and communicate from anywhere with an Internet connection.
It is a combining form relating to information
technology, the internet and virtual reality.
What is the VR?
Virtual reality (VR) is a simulated experience that employs
pose tracking and 3D near-eye displays to give the user an
immersive feel of a virtual world. Applications of virtual reality
include entertainment (particularly video games), education
(such as medical or military training) and business (such as
virtual meetings).
What is Encryption?

Data encryption is a computing process that encodes

plaintext/cleartext (unencrypted, human-readable data)
into ciphertext (encrypted data) that is accessible only
by authorized users with the right cryptographic key.
Simply put, encryption converts readable data into some
other form that only people with the right password can
decode and view – and is a vital component of
digital transformation.
What is the Purpose of Encryption?

Encryption plays a vital role in protecting sensitive data that

is transmitted over the Internet or stored at rest in computer
systems. Not only does it keep the data confidential, but it can
authenticate its origin, ensure that data has not changed after
it was sent, and prevent senders from denying they sent an
encrypted message
 IMPORTANCE OF CYBER SECURITY
 The Internet allows an attacker to work from anywhere on the
planet.
 Risks caused by poor security knowledge and practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and your organization)
 According to the SANS Institute, the top vectors for vulnerabilities
available to a cyber criminal are:
Web Browser
Instant Messaging Clients
Web Applications
 CYBER SECURITY
• Cyber security refers to the body of technologies, processes, and
practices designed to protect networks, devices, programs, and data
from attack, damage, or unauthorized access.
 Cyber security is Safety
Security: We must protect our computers and data
in the same way that we secure the doors to
our homes.
Safety: We must behave in ways that protect us
against risks and threats that come with technology.
WHAT IS A SECURE SYSTEM? (CIA TRIAD)

• Confidentiality – restrict access to

authorized individuals
• Integrity – data has not been altered
in an unauthorized manner
• Availability – information can be
accessed and modified by authorized
individuals in an appropriate
Availabilit
y timeframe
CIA TRIAD

Example:
Confidentiality Criminal steals
customers’
usernames,
passwords, or
credit card
information

Protecting
information from
unauthorized
access and
disclosure
CIA TRIAD

Integrit
y
Protecting
information from
unauthorized
modification
Example:
Someone alters
payroll information
or a proposed
product design
CIA TRIAD

Availability Example:
Your
customers
are unable
to access
your online
services
Preventing
disruption
in how
informatio
n is
accessed
THREATS AND VULNERABILITIES

 Whatare we protecting our and our

stakeholders information from?
Threats: Any circumstances or events that can
potentially harm an information system by
destroying it, disclosing the information stored
on the system, adversely modifying data, or
making the system unavailable
Vulnerabilities: Weakness in an information
system or its components that could be
exploited.
 MALWARE
 Malware = “malicious software”
 Malware is any kind of unwanted software that is
installed without
your consent on your computer and other digital devices.
Viruses, Worms, Trojan horses, Bombs, Spyware, Adware,
Ransomware are subgroups of malware.
 VIRUSES
 A virus tries to infect a carrier, which in turn relies on the carrier to
spread the virus around.
 A computer virus is a program that can replicate itself and spread from
one computer to another.
 Direct infection: virus can infect files every time a user opens that specific
infected program, document or file.
 Fast Infection: is when a virus infects any file that is accessed by the
program that is infected.
 Slow infection: is when the virus infects any new or modified program, file
or document.
 Great way to trick a antivirus program!

 Sparse Infection: is the process of randomly infecting files, etc. on the

computer.
 RAM-resident infection: is when the infection buries
itself in your Computer’s Random Access Memory.
 BOMBS
 Logic Bombs: is programming code that is designed to execute or
explode when a certain condition is reached.
 Most the time it goes off when a certain time is reached or a program fails to execute.
But it these bombs wait for a triggered event to happen.
 Most common use of this is in the financial/business world.

 Most IT employees call this the disgruntled employee syndrome.

TROJANS
 Trojan horse: is a program or software designed to look like a useful or
legitimate file.
 Once the program is installed and opened it steals information or deletes data.
 Trojan horses compared to other types of malware is that it usually runs only
once and then is done functioning.
 Some create back-door effects
 Another distribution of Trojans is by infecting a server that hosts websites.
 Downfall of Trojans: very reliant on the user.
 WORMS
 Worms and viruses get interchanged commonly in the media.
 In reality a worm is more dangerous than a virus.
 User Propagation vs. Self Propagation
 Worm is designed to replicate itself and disperse
throughout the user’s network.
 Email Worms and Internet Worms are the two most common worm.
 EMAIL WORM
 Email worm goes into a user’s contact/address book
and chooses every user in that contact list.
 It then copies itself and puts itself into an attachment;
then the user
will open the attachment and the process will start over again!
 Example: I LOVE YOU WORM
 INTERNET WORMS

 An Internet Worm is designed to be conspicuous to the user.

 The worms scans the computer for open internet ports that the worm
can download itself into the computer.
 Once inside the computer the worms scans the internet to infect more
computers.
 RANSOMWARE
 Ransomware is a type of malware that
restricts your access to systems and
files, typically by encryption and then
demands a ransom to restore access.
 Often, systems are infected by
ransomware through a link in a
malicious email. When the user clicks
the link, the ransomware is
downloaded to the user’s computer,
smartphone or other device.
Ransomware may spread through
connected networks.
COVID-19 CYBER THREATS
COVID-19 CYBER THREATS
 CYBER CRIME
Cyber Crime is a generic term that refers to all criminal activities done
using the medium of communication devices, computers, mobile
phones, tablets etc. It can be categorized in three ways:
•The computer as a target – attacking the computers of others.
•The computer as a weapon- Using a computer to commit
“traditional crime” that we see in the physical world.
•The computer as an accessory- Using a computer as a “fancy filing
cabinet” to store illegal or stolen information.
How do you look like to Bad guys?

192.168.1.10
  PHISHING AND SPEAR- PHISHING ATTACKS

 Social Engineering Scams

WHAT  Common Malware and
KINDS OF Ransomware
THREATS  Fake websites that steal data or
ARE THERE? infect devices
 And much more
 PHISHING
 Phishing refers to the practice of creating fake emails or SMS that appear
to come from someone you trust, such as: Bank, Credit Card Company,
Popular Websites
 The email/SMS will ask you to “confirm your account details or your
vendor’s account details”, and then direct you to a website that looks
just like the real website, but whose sole purpose is for steal
information.
 Of course, if you enter your information, a cybercriminal could use it to
steal your identity and possible make fraudulent purchases with your
money.
EXAMPLE OF PHISHING
SOCIAL ENGINEERING

 When attempting to steal information or a person’s identity, a

hacker will often try to trick you into giving out sensitive
information rather than breaking into your computer.
 Social Engineering can happen:
 Over the phone
 By text message
 Instant message
 Email
Types of hackers
1. Black Hat Hacker-
Motives: To profit from data breaches
2. Grey Hat Hacker-
Motives: Personal enjoyment
3. White Hat Hacker-
Motives: Help businesses prevent cyber security attacks
1. Black Hat Hackers
Black hat hackers are also knowledgeable computer experts but
with the wrong intention. They attack other systems to get access
to systems where they do not have authorized entry. On gaining
entry they might steal the data or destroy the system. The hacking
practices these types of hackers use depend on the individual’s
hacking capacity and knowledge. As the intentions of the hacker
make the hacker a criminal.

Motives & Aims: To hack into organizations’ networks and steal

bank data, funds or sensitive information. Normally, they use the
stolen resources to profit themselves, sell them on the black
market or harass their target company.
2. Grey Hat Hackers
The intention behind the hacking is considered while categorizing
the hacker. The Gray hat hacker falls between the black and white
hat hackers. They are not certified, hackers. These types of hackers
work with either good or bad intentions.

Motives & Aims: The difference is, they don’t want to rob people
nor want to help people in particular. Rather, they enjoy
experimenting with systems to find loopholes, crack defenses, and
generally find a fun hacking experience.
3. WHITE HAT HACKERS
WHITE HAT HACKERS ARE TYPES OF HACKERS WHO’RE PROFESSIONALS
WITH EXPERTISE IN CYBERSECURITY. THEY ARE AUTHORIZED OR
CERTIFIED TO HACK THE SYSTEMS. THESE WHITE HAT HACKERS WORK
FOR GOVERNMENTS OR ORGANIZATIONS BY GETTING INTO THE
SYSTEM. THEY HACK THE SYSTEM FROM THE LOOPHOLES IN THE
CYBERSECURITY OF THE ORGANIZATION.

MOTIVES & AIMS: THE GOALS OF THESE TYPES OF HACKERS ARE

HELPING BUSINESSES AND DETECTING GAPS IN NETWORKS’ SECURITY.
THEY AIM TO PROTECT AND ASSIST COMPANIES IN THE ONGOING
BATTLE AGAINST CYBER THREATS. A WHITE HAT HACKER IS ANY
INDIVIDUAL WHO WILL HELP PROTECT THE COMPANY FROM RAISING
CYBER CRIMES.
ETHICAL HACKING
SYSTEM HACKING
 System hacking is a vast subject that
consists of hacking the different software-
based technological systems such as laptops,
desktops, etc.
 System hacking is defined as the
compromise of computer systems and
software to access the target computer
and steal or misuse their sensitive
information.
 Here the malicious hacker exploits the
weaknesses in a computer system or
network to gain unauthorized access to its data
or take illegal advantage.
 Hackers generally use viruses, malware,
Trojans, worms, phishing techniques, email
spamming, social engineering, exploit
operating system vulnerabilities, or port
vulnerabilities to access any victim's system
 Attacks today are AUTOMATED!
It’s not some dude sitting at his hacker desk all day typing out
ping commands to IP addresses via the command prompt
manually…
Security Awareness -Securing Password
1. Use always strong password
2. Never use same password for two different sites.
 USE STRONG PASSWORDS
MAKE PASSWORDS EASY TO REMEMBER BUT HARD TO GUESS

• Be at least ten characters in length

• Must contain characters from at least two of the following four types of
characters:
• English upper case (A-Z)
• English lower case (a-z)
• Numbers (0-9)
• Non-alphanumeric special characters ($, !, %, ^, …)
• Must not contain the user’s name or part of the user’s name
• Must not contain easily accessible or guessable personal information about
the user or user’s family, such as birthdays, children’s names, addresses,
45 etc.
CREATING STRONG PASSWORDS
• A familiar quote can be a good start:
“LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS”
William Shakespeare

• Using the organization standard as a guide, choose the

first character of each word:
• LIASMWTFOS
• Now add complexity the standard requires:
• L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed
English case: password satisfies all 4 types).

• Or be more creative!
46
SECURITY AWARENESS – SOCIAL MEDIA
• Social Media (FB, Instagram, twitter, etc) is now an integral
part of our daily life
• Be sensitive in what you upload on your social networking
account (status, pics, etc)
• Use security and privacy options provided by social media
sites
• SMS based second factor authentication
• Access control (who can see what)
• Keep your personal details, personal.
SECURITY AWARENESS – SMART MOBILE DEVICES
• Connect to ONLY authorized wifi access
• Use auto lock features
• Download apps from authorized app stores ONLY
• Use Privacy options provided by various mobile
Operating system
• Do NOT accept calls from weird numbers OR do not give
a call back
SECURITY AWARENESS – DESKTOPS/LAPTOPS
• Ensure your Antivirus is updated and scans are configured for a
routine check
• Implement personal firewall
• Keep your Operating system updated with latest patches
• Avoid installing cracked softwares
• Keep OS files and personal files in different HDD partition
• Factory Restore is the best option to clean your system
SECURITY AWARENESS – INTERNET
• Internet use is a two edge sword. Be SMART on using Internet
• NEVER visit untrusted websites
• NEVER user referral links to visit a website. Instead type in the URL
address in the browser
• Always download software from authorized / Trusted sources
• Do Not Connect to unknown or unprotected wi-fi zones
ANTI-VIRUS AND ANTI-SPYWARE SOFTWARE
• Anti-virus software detects certain types of malware and can
destroy it before any damage is done.
• Install and maintain anti-virus and anti-spyware software.
• Be sure to keep anti-virus software updated.

51
HOST-BASED FIREWALLS
• A firewall acts as a barrier between your computer/private
network and the internet. Hackers may use the internet to
find, use and install applications on your computer. A firewall
prevents many hacker connections to your computer.
• Firewalls filter network packets that enter or leave your
computer

52
SUMMARY
• Cybersecurity will require
a significant workforce
with deep domain
knowledge.
• Almost everything is
hooked up to the internet
in some sort of form.
• Could one click of the
mouse start World War
III?