Unit 2 The OSI Model:

The Basics of the osi model

Networking Vulnerabilities

Vulnerability Scanner:

1: What is the vulnerability:

A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provider, possibly as a condition imposed by some authority. An Approved Scanning Vendor (ASV), for example, is a service provider that is certified and authorized by the Payment Card Industry (PCI) to scan payment card networks. Vulnerability scans are also used by attackers looking for points of entry..[1] A vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered[1].

2: How do we protect against it:

Use a firewall to prevent access to ports/services that should not be public. Restrict access to known IP addresses.

Brute force attacks:

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. How to protect against them: Secure Login Credentials. Move the Login Page. Limit Login Attempts.

The following link describes what we have researched as a group. We, together, found, through collobaration, the various vulnerabilities and how to combat them.

 [Group1 - Michael (Technical knowledge), Barry (Logical Knowledge), Elsie (Constructive Knowledge), Hammam (Research), Bharrat (Team Leader) ]

https://docs.google.com/document/d/1oKSQtzCN_HN-i6X1EF_z_hTBN82wTi_rmJcM1FpxxWM/edit?usp=sharing

Understand the dangers posed by cybersecurity to you and your business

UNIT 1

UNDERSTANDING

1.1 Basic Nature of Cyber Threats: 

Nothing seems sacred these days. Where there are a computer and someone with the capability and devious mind, you could potentially find a cyber threat. The trouble is, the nature of cyber threats have changed both in kind and intensity. The global States have raised their game and increased their intensity. What may have been spotty-faced teenagers operating from their mother’s basement, has transferred cyber threats as a major security challenge for businesses. The threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. A threat can be either “intentional” (i.e. hacking: an individual cracker or a criminal organization) or state-sponsored. In this definition, the threat is defined as a possibility. However, in the cybersecurity community, the threat is more closely identified with the actor or adversary attempting to gain access to a system. Or a threat might be identified by the damage being done, what is being stolen or the Tactics, Techniques, and Procedures (TTP) being used.”In this definition, the threat is defined as a possibility. However, in the cybersecurity community, the threat is more closely identified with the actor or adversary attempting to gain access to a system. Or a threat might be identified by the damage being done, what is being stolen or the Tactics, Techniques, and Procedures (TTP) being used”.1

1.2 Overview of Common Threats: 

Insider threats:” An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.”

The insider threat, whereby an employee acts, knowingly or unknowingly, in a counter-productive way to cause significant damage to his/her organization, has become a key risk for organizations around the world. This is in part driven by the greater access individuals have to critical information and systems as organizations become more and more connected. In addition, ever more sophisticated methods of carrying out a cyber attack and the availability of more outlets for leaking information are increasing the threat.[2]

Cryptojacking attacks: A cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme. This process is also called “cryptanalysis”. SQL injection Attack: A code injection technique, used to attack data-driven applications, in which criminal SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Phishing: Fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site. Phishing is an example of social engineering techniques being used.

Ransomware: A type of malicious software from that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. More advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

Advanced malware attacks: These typically follow a common attack sequence: Planning: Involves selecting a target and researching the target’s infrastructure to determine how the malware will be introduced, the communication methods used while the attack is in progress, and how/where the data will be extracted.

1.3 Main features of threats to individuals:

From identity theft and fraud to social networking hacking attacks, everybody needs to be sure their safe. Knowledge is key as the saying goes. Your personal details, pictures, account details, and much more concerning yourself can potentially be exploited by the criminal.

1.4 Main features of threats to companies:

The reputation of your company, and of course the day to day functioning are under threat from cybercriminals. Various types of viruses and hacks can bring your business to its knees. 

The number one weak link for businesses when it comes to cybersecurity — by a long, long way — is the people who work in the business.

From falling for phishing emails, and clicking on links or downloading documents that turn out to be malware, to being a victim of business email compromise (BEC) scams that end up losing the company a lot of money, employees are a company’s greatest liability when it comes to cybersecurity.

See also: https://thehackernews.com/2017/09/blueborne-bluetooth-hacking.html

Figure 1: Explanation from CIO|INSIGHT on Today’s security issues for businesses.[3]

1.5:

Analyze and Detail

2.1 Why do people cause and create security breaches:

For fun

Some hackers make attempts on computers, servers or network systems just for the personal gratification. Others may feel that they need to prove something to their peers or friends and hack something only for the challenge

To Steal

Another reason to hack a system is to steal information or money. A large portion of hacking attempts falls into this category. Banks and large companies are common targets for hacking jobs, but sometimes smaller companies or even a specific person’s computer are targeted, as well.

To disrupt

There are also some hackers, including hacking groups; that target a company to disrupt business, create chaos and just be a nuisance. These groups often are trying to make a statement with their hacking, demonstrate security inadequacies, or show general disapproval for the business itself. Examples of hacking groups that made headlines are Anonymous.

2.2 What is a threat and how do they work:

One resource demonstrates potential as “the possibility of a malicious attempt to damage or disrupt a computer network or system.”

The malicious programs inside e-mail attachments usually only strike if you open them. Effects of a virus can be anything from a simple prank that pops up messages to the complete destruction of programs and data.[4].

If a virus is sent through a network. This will spread like wildfire, even potentially globally. In some cases, it can change configurations of a database system (i.e; a worm).

2.3 Features of threats & How they operate:

IBM recently announced the shocking average cost of data breach. While down around 10 percent, the global average for a data breach is $3.62 million. For many companies, the cost of suffering a cyber attack is enough to take the business down entirely, so it has never been more vital for all organizations to invest in their cyber defenses. In order to equip suitable security, you first need to understand exactly where the danger comes from. Looking ahead to 2018, we examine the biggest cybersecurity threats both to individuals and companies across the world.[5] 

WannaCry is so-called encryption-based ransomware also known as Wanna Decryptor or WCRY. It encrypts users files using AES and RSA encryption ciphers meaning the hackers can directly decrypt system files using a unique decryption key. From my research, especially remembering how much broadcast it received, it manipulated the laws that, basically, were prevalent at the time in many businesses, and specifically the NHS. People had not updated their systems often, and correctly. A playground for hackers.

2.4 How attack against companies works:

You work in the financial department of your company and you just got an email from an executive.

It instructs you to pay a sum of £78,000 before a specified time. It includes instructions for how to wire the money to your vendor’s bank.

You send the money, as requested, and it quickly moves to a number of small banks and then ultimately to an overseas account, where it is unlikely your company—or law enforcement—will be able to recover it. This is how phishing works. 

2.5 Review & Hierarchy:

In the year 2011, a hacker was sentenced to nine years in prison because of the cyber-attack that he caused in a hospital. With this incident of physical damage to a hospital system, this individual used the skills that he had to install malware.

As a result of his action, the Hospital’s HVAC’s system was adversely altered causing the patient’s safety to be unduly jeopardized. By remotely controlling the temperature in the hospital, it posed an immediate threat since it placed drugs and other medical supplies at risk. In this situation, the hacker was controlling both the air and heating systems in the hospital from a remote location. Just goes to show how much of a danger some corrupted intentions can be used to cause massive, and potential health dangers.

Evaluate the impact of threats

3.5 Presentation with research document highlighting the affects:

3.1  According to on researcher[6] data breaches alone see upwards of 4.4 million data records being lost or stolen worldwide every single day. Take the 2015 data breach at UK telecoms company TalkTalk. Web pages containing databases no longer supported by their producer were accessed by hackers, who stole the personal data of 156,959 customers. The result was lots of negative publicity, reputational damage and a record fine of £400,000 from UK authorities. 

One of the world’s largest DDoS attack ever took place in 2016, when US network provider Dyn was targeted. The attackers had harnessed the Internet of Things (internet enabled devices like cameras and fridges) to conduct the attack, and took down many major websites as a result. As the Internet of Things continues to expand, the risk is set to increase.

3.2  Hacking is a term used to describe actions taken by someone to gain unauthorized access to a computer. The availability of information online on the tools, techniques, and malware makes it easier for even non-technical people to undertake malicious activities. 

What it is:  The process by which cyber criminals gain access to your computer.        What it can do:  Find weaknesses (or pre-existing bugs) in your security settings and exploit them in order to access your information.        

3.3 Determining live threats to websites:

Streaming: Ok, i agree, i have used them myself, but in my defence i didnt consider them illegal. I can clearly remember watching a sports event and many many pop-ups appear, asking you to click this or that to access this or that in order (criminally) to get you to sign to something that you will be totally unaware  lead to something other than what is being advertised. Scammers, hackers. Call them what you want. But when you do fall for their cunningness, your computer could be infected with cookies or worse. Either annoying or sinister.

3.4 Determining live threats to servers:

There is no such thing as perfect software, and there is  always room for further refinement. Good system administration  requires vigilance, constant tracking of bugs, and proper system  maintenance to ensure a secure computing environment. 

A common occurrence among system administrators is to install an  operating system without knowing what is actually being installed.  This can be troublesome, as most operating systems will not only  install the applications, but also setup a base configuration and turn  services on. This can cause unwanted services, such as telnet, DHCP,  or DNS to be running on a server or workstation without the  administrator realizing it, leading to unwanted traffic to the server  or even a path into the system for crackers.. 

[1]https://www.secureworks.com/blog/cyber-threat-basics

[2]https://www.paconsulting.com/insights/managing-people-risk-and-the-insider-threat/

[3] https://www.cioinsight.com/it-management/inside-the-c-suite/slideshows/the-11-top-threats-that-organizations-face-today

[4] https://www.bullguard.com/bullguard-security-center/pc-security/computer-threats/how-does-a-virus-work

[5] https://staysafeonline.org/blog/biggest-cybersecurity-threats-2018/

[6] https://www.regus.co.uk/work-uk/cybersecurity-threats-where-do-they-come-from-and-whats-at-risk/?psrch=1&msclkid=e090cb097c8a1d9752fa9795a609d2a9&utm_source=bing&utm_medium=cpc&utm_campaign=GB%20%3E%20EN%20%3E%20OF%20%3E%20SM%20%3E%20DSA%20%3E%20NEW&utm_term=regus.co.uk&utm_content=Homepage