0% found this document useful (0 votes)

577 views64 pages

Cyber Security Tutorial

Uploaded by

mugtaba Safi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

577 views64 pages

Cyber Security Tutorial

Uploaded by

mugtaba Safi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

‫بسم هللا الرحمن الرحيم‬

Kordofan University - ‫جامعة كردفان‬

Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

Cyber Security Tutorial

Cybersecurity is the protection of Internet-connected systems, including hardware, software,

and data from cyber attackers. It is primarily about people, processes, and technologies working
together to encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, and recovery policies and activities, including computer network
operations, information assurance, law enforcement, etc.

It is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification, or unauthorized access. Therefore,
it may also be referred to as information technology security.

Cyber-attack is now an international concern. It has given many concerns that could endanger
the global economy. As the volume of cyber-attacks grows, companies and organizations,
especially those that deal with information related to national security, health, or financial
records, needs to take steps to protect their sensitive business and personal information.

This Cyber Security tutorial provides basic and advanced concepts of Cyber Security
technology. It will cover the most popular concept of Cyber Security, such as what is Cyber
Security, Cyber Security goals, types of cyber-attacks, types of cyber attackers, policies, digital
signature, Cyber Security tools, security risk analysis, challenges, etc.
Prerequisites

It is a basic tutorial where we can quickly understand the topics discussed if we have a basic
understanding of how a firm or organization handles computer security. It is also helpful for us
to have some prior experience with computer updates, firewalls, antiviruses, and other security
measures.

Audience

Our Cyber Security tutorial is designed to help beginners and professionals.

Problems

We assure you that you will not find any problem with this tutorial. However, if you find any,
you can post it on the contact form.

Head Department Computer Science Dr. Mugtaba

Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

What is Cyber Security?

The technique of protecting internet-connected systems such as computers, servers,
mobile devices, electronic systems, networks, and data from malicious attacks is known
as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other
is security. Cyber refers to the technology that includes systems, networks, programs,
and data. And security is concerned with the protection of systems, networks,
applications, and information. In some cases, it is also called electronic information
security or information technology security.

Some other definitions of cybersecurity are:

"Cyber Security is the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, theft, damage, modification or
unauthorized access."

"Cyber Security is the set of principles and practices designed to protect our computing
resources and online information against threats."

Head Department Computer Science Dr. Mugtaba

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems. These
systems have a strong cybersecurity posture that requires coordinated efforts across all of its
systems. Therefore, we can categorize cybersecurity in the following sub-domains:

 Network Security: It involves implementing the hardware and software to secure a

computer network from unauthorized access, intruders, attacks, disruption, and misuse.
This security helps an organization to protect its assets against external and internal
threats.
 Application Security: It involves protecting the software and devices from unwanted
threats. This protection can be done by constantly updating the apps to ensure they are
secure from attacks. Successful security begins in the design stage, writing source code,
validation, threat modeling, etc., before a program or device is deployed.
 Information or Data Security: It involves implementing a strong data storage
mechanism to maintain the integrity and privacy of data, both in storage and in transit.
 Identity management: It deals with the procedure for determining the level of access
that each individual has within an organization.
 Operational Security: It involves processing and making decisions on handling and
securing data assets.
 Mobile Security: It involves securing the organizational and personal data stored on
mobile devices such as cell phones, computers, tablets, and other similar devices against
various malicious threats. These threats are unauthorized access, device loss or theft,
malware, etc.
 Cloud Security: It involves in protecting the information stored in the digital
environment or cloud architectures for the organization. It uses various cloud service
providers such as AWS, Azure, Google, etc., to ensure security against multiple threats.
 Disaster Recovery and Business Continuity Planning: It deals with the processes,
monitoring, alerts, and plans to how an organization responds when any malicious
activity is causing the loss of operations or data. Its policies dictate resuming the lost
operations after any disaster happens to the same operating capacity as before the event.
 User Education: It deals with the processes, monitoring, alerts, and plans to how an
organization responds when any malicious activity is causing the loss of operations or
data. Its policies dictate resuming the lost operations after any disaster happens to the
same operating capacity as before the event.

Head Department Computer Science Dr. Mugtaba

Importance of Cyber Security

Today we live in a digital era where all aspects of our lives depend on the network,
computer and other electronic devices, and software applications. All critical
infrastructure such as the banking system, healthcare, financial institutions, governments,
and manufacturing industries use devices connected to the Internet as a core part of
their operations. Some of their information, such as intellectual property, financial data,
and personal data, can be sensitive for unauthorized access or exposure that could have
negative consequences. This information gives intruders and threat actors to infiltrate
them for financial gain, extortion, political or social motives, or just vandalism.

Cyber-attack is now an international concern that hacks the system, and other security
attacks could endanger the global economy. Therefore, it is essential to have an excellent
cybersecurity strategy to protect sensitive information from high-profile security
breaches. Furthermore, as the volume of cyber-attacks grows, companies and
organizations, especially those that deal with information related to national security,
health, or financial records, need to use strong cybersecurity measures and processes to
protect their sensitive business and personal information.

Head Department Computer Science Dr. Mugtaba

Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security community provides a
triangle of three related principles to protect the data from cyber-attacks. This principle is called the
CIA triad. The CIA model is designed to guide policies for an organization's information security
infrastructure. When any security breaches are found, one or more of these principles has been violated.

We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is actually
a security model that helps people to think about various parts of IT security. Let us discuss each part in
detail.

Confidentiality

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves

ensuring the data is accessible by those who are allowed to use it and blocking access to others. It
prevents essential information from reaching the wrong people. Data encryption is an excellent
example of ensuring confidentiality.

Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily recover from
such an event. In addition, it indicates to make the source of information genuine.

Availability

This principle makes the information to be available and useful for its authorized people always. It

Head Department Computer Science Dr. Mugtaba

ensures that these accesses are not hindered by system malfunction or cyber-attacks.

Types of Cyber Security Threats

A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data,
gain access to a network, or disrupts digital life in general. The cyber community defines the following
threats available today:

Malware

Malware means malicious software, which is the most common cyber attacking tool. It is used by the
cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the important
types of malware created by the hacker:

 Virus: It is a malicious piece of code that spreads from one device to another. It can clean files
and spreads throughout a computer system, infecting files, stoles information, or damage device.
 Spyware: It is software that secretly records information about user activities on their system.
For example, spyware could capture credit card details that can be used by the cybercriminals
for unauthorized shopping, money withdrawing, etc.
 Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do
other harmful activities on our network.
 Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering
them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for
decryption.
 Worms: It is a piece of software that spreads copies of itself from device to device without
human interaction. It does not require them to attach themselves to any program to steal or
damage the data.
 Adware: It is advertising software used to spread malware and displays advertisements on our
device. It is an unwanted program that is installed without the user's permission. The main

Head Department Computer Science Dr. Mugtaba

objective of this program is to generate revenue for its developer by showing the ads on their
browser.
 Botnets: It is a collection of internet-connected malware-infected devices that allow
cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized
access, and data theft without the user's permission.

Phishing

Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like
PayPal, eBay, financial institutions, or friends and co-workers. They contact a target or targets via
email, phone, or text message with a link to persuade them to click on that links. This link will redirect
them to fraudulent websites to provide sensitive data such as personal information, banking and credit
card information, social security numbers, usernames, and passwords. Clicking on the link will also
install malware on the target devices that allow hackers to control devices remotely.

Man-in-the-middle (MITM) attack

A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a

cybercriminal intercepts a conversation or data transfer between two individuals. Once the
cybercriminal places themselves in the middle of a two-party communication, they seem like genuine
participants and can get sensitive information and return different responses. The main objective of this
type of attack is to gain access to our business or customer data. For example, a cybercriminal could
intercept data passing between the target device and the network on an unprotected Wi-Fi network.

Distributed denial of service (DDoS)

It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services,
or network's regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure
with Internet traffic. Here the requests come from several IP addresses that can make the system
unusable, overload their servers, slowing down significantly or temporarily taking them offline, or
preventing an organization from carrying out its vital functions.

Brute Force

A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible
combinations until the correct information is discovered. Cybercriminals usually use this attack to
obtain personal information about targeted passwords, login info, encryption keys, and Personal
Identification Numbers (PINS).

SQL Injection (SQLI)

SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for
backend database manipulation to access sensitive information. Once the attack is successful, the
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

malicious actor can view, change, or delete sensitive company data, user lists, or private customer
details stored in the SQL database.

Domain Name System (DNS) attack

A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the Domain
Name System to redirect site users to malicious websites (DNS hijacking) and steal data from affected
computers. It is a severe cybersecurity risk because the DNS system is an essential element of the
internet infrastructure.

Latest Cyber Threats

The following are the latest cyber threats reported by the U.K., U.S., and Australian governments:

Romance Scams

The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat through
dating sites, chat rooms, and apps. They attack people who are seeking a new partner and duping them
into giving away personal data.

Dridex Malware

It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the public,
government, infrastructure, and business worldwide. It infects computers through phishing emails or
existing malware to steal sensitive information such as passwords, banking details, and personal data for
fraudulent transactions. The National Cyber Security Centre of the United Kingdom encourages people
to make sure their devices are patched, anti-virus is turned on and up to date, and files are backed up to
protect sensitive data against this attack.

Emotet Malware

Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our device.
The Australian Cyber Security Centre warned national organizations about this global cyber threat in
2019.

The following are the system that can be affected by security breaches and attacks:

 Communication: Cyber attackers can use phone calls, emails, text messages, and messaging
apps for cyberattacks.
 Finance: This system deals with the risk of financial information like bank and credit card
detail. This information is naturally a primary target for cyber attackers.
 Governments: The cybercriminal generally targets the government institutions to get
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

confidential public data or private citizen information.

 Transportation: In this system, cybercriminals generally target connected cars, traffic control
systems, and smart road infrastructure.
 Healthcare: A cybercriminal targets the healthcare system to get the information stored at a
local clinic to critical care systems at a national hospital.
 Education: A cybercriminals target educational institutions to get their confidential research
data and information of students and employees.

Benefits of Cyber Security

The following are the benefits of implementing and maintaining cybersecurity:

 Cyberattacks and data breach protection for businesses.

 Data and network security are both protected.
 Unauthorized user access is avoided.
 After a breach, there is a faster recovery time.
 End-user and endpoint device protection.
 Regulatory adherence.
 Continuity of operations.
 Developers, partners, consumers, stakeholders, and workers have more faith in the company's
reputation and trust.

Cyber Safety Tips

Let us see how to protect ourselves when any cyberattacks happen. The following are the popular cyber
safety tips:

Conduct cybersecurity training and awareness: Every organization must train their staffs on
cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be
successful. If the staff does unintentional or intentional malicious activities, it may fail the best technical
safeguards that result in an expensive security breach. Therefore, it is useful to conduct security training
and awareness for staff through seminars, classes, and online courses that reduce security violations.

Update software and operating system: The most popular safety measure is to update the software
and O.S. to get the benefit of the latest security patches.

Use anti-virus software: It is also useful to use the anti-virus software that will detect and removes
unwanted threats from your device. This software is always updated to get the best level of protection.

Perform periodic security reviews: Every organization ensures periodic security inspections of all
software and networks to identify security risks early in a secure environment. Some popular examples
of security reviews are application and network penetration testing, source code reviews, architecture
design reviews, and red team assessments. In addition, organizations should prioritize and mitigate
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

security vulnerabilities as quickly as possible after they are discovered.

Use strong passwords: It is recommended to always use long and various combinations of characters
and symbols in the password. It makes the passwords are not easily guessable.

Do not open email attachments from unknown senders: The cyber expert always advises not to open
or click the email attachment getting from unverified senders or unfamiliar websites because it could be
infected with malware.

Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use insecure
networks because they can leave you vulnerable to man-in-the-middle attacks.

Backup data: Every organization must periodically take backup of their data to ensure all sensitive data
is not lost or recovered after a security breach. In addition, backups can help maintain data integrity in
cyber-attack such as SQL injections, phishing, and ransomware.

Head Department Computer Science Dr. Mugtaba

History of Cyber Security

The origin of cybersecurity began with a research project. It only came into existence because of the
development of viruses.

How did we get here?

In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline, sent the first electronic
message from the UCLA SDS Sigma 7 Host computer to Bill Duvall, a programmer, at the Stanford
Research Institute. This is a well-known story and a moment in the history of a digital world. The sent
message from the UCLA was the word "login." The system crashed after they typed the first two letters
"lo." Since then, this story has been a belief that the programmers typed the beginning message "lo and
behold." While factually believed that "login" was the intended message. Those two letters of
messages were changed the way we communicate with one another.

In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in Cambridge,
Massachusetts created the first computer worm (virus). He realized that it was possible for a computer
program to move across a network, leaving a small trail (series of signs) wherever it went. He named
the program Creeper, and designed it to travel between Tenex terminals on the early ARPANET,
printing the message "I'M THE CREEPER: CATCH ME IF YOU CAN."

An American computer programmer named Ray Tomlinson, the inventor of email, was also working
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act of attempting to
repair something) with the program and made it self-replicating "the first computer worm." He named
the program Reaper, the first antivirus software which would found copies of The Creeper and delete
it.
Where are we now?
After Creeper and Reaper, cyber-crimes became more powerful. As computer software and hardware
developed, security breaches also increase. With every new development came an aspect of
vulnerability, or a way for hackers to work around methods of protection. In 1986, the Russians were
the first who implement the cyber power as a weapon. Marcus Hess, a German citizen, hacked into 400
military computers, including processors at the Pentagon. He intended to sell secrets to the KGB, but an
American astronomer, Clifford Stoll, caught him before that could happen.

In 1988, an American computer scientist, Robert Morris, wanted to check the size of the internet. He
wrote a program for testing the size of the internet. This program went through networks, invaded Unix
terminals, and copied itself. The program became the first famous network virus and named as Moris
worm or internet worm. The Morris worm could be infected a computer multiple times, and each
additional process would slow the machine down, eventually to the point of being damaged. Robert
Morris was charged under the Computer Fraud and Abuse Act. The act itself led to the founding of the
Computer Emergency Response Team. This is a non-profit research centre for issues that could
endanger the internet as a whole.

Nowadays, viruses were deadlier, more invasive, and harder to control. We have already experienced
cyber incidents on a massive scale, and 2018 isn't close to over. The above is to name a few, but these
attacks are enough to prove that cybersecurity is a necessity for corporations and small businesses alike.

Head Department Computer Science Dr. Mugtaba

Cyber Security Goals

The objective of Cybersecurity is to protect information from being stolen, compromised or attacked.
Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs. The CIA triad is a security model that is designed to guide policies for information security
within the premises of an organization or company. This model is also referred to as the AIC
(Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central Intelligence
Agency. The elements of the triad are considered the three most crucial components of security.

The CIA criteria are one that most of the organizations and companies use when they have installed a
new application, creates a database or when guaranteeing access to some data. For data to be completely
secure, all of these security goals must come into effect. These are security policies that all work
together, and therefore it can be wrong to overlook one policy.

The CIA triad are-

1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information.
It involves the protection of data, providing access for those who are allowed to see it while disallowing
others from learning anything about its content. It prevents essential information from reaching the
wrong people while making sure that the right people can get it. Data encryption is a good example to
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

ensure confidentiality.

Tools for Confidentiality

Encryption

Encryption is a method of transforming information to make it unreadable for unauthorized users by

using an algorithm. The transformation of data uses a secret key (an encryption key) so that the
transformed data can only be read by using another secret key (decryption key). It protects sensitive
data such as credit card numbers by encoding and transforming data into unreadable cipher text. This
encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-key are the two
primary types of encryption.

Access control

Access control defines rules and policies for limiting access to a system or to physical or virtual
resources. It is a process by which users are granted access and certain privileges to systems, resources
or information. In access control systems, users need to present credentials before they can be granted
access such as a person's name or a computer's serial number. In physical systems, these credentials
may come in many forms, but credentials that can't be transferred provide the most security.

Authentication

An authentication is a process that ensures and confirms a user's identity or role that someone has. It can

Head Department Computer Science Dr. Mugtaba

be done in a number of different ways, but it is usually based on a combination of-

 something the person has (like a smart card or a radio key for storing secret keys),
 something the person knows (like a password),
 something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables organizations to keep their
networks secure by permitting only authenticated users to access its protected resources. These
resources may include computer systems, networks, databases, websites and other network-based
applications or services.

Authorization

Authorization is a security mechanism which gives permission to do or have something. It is used to

determine a person or system is allowed access to resources, based on an access control policy,
including computer programs, files, services, data and application features. It is normally preceded by
authentication for user identity verification. System administrators are typically assigned permission
levels covering all system and user resources. During authorization, a system verifies an authenticated
user's access rules and either grants or refuses resource access.

Physical Security

Physical security describes measures designed to deny the unauthorized access of IT assets like
facilities, equipment, personnel, resources and other properties from damage. It protects these assets
from physical threats including theft, vandalism, fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from
unauthorized user modification. It is the property that information has not be altered in an unauthorized
way, and that source of the information is genuine.

Tools for Integrity

Head Department Computer Science Dr. Mugtaba

Backups

Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in
the event when the original data or data files are lost or destroyed. It is also used to make copies for
historical purposes, such as for longitudinal studies, statistics or for historical records or to meet the
requirements of a data retention policy. Many applications especially in a Windows environment,
produce backup files using the .BAK file extension.

Checksums

A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words,
it is the computation of a function that maps the contents of a file to a numerical value. They are
typically used to compare two sets of data to make sure that they are the same. A checksum function
depends on the entire contents of a file. It is designed in a way that even a small change to the input file
(such as flipping a single bit) likely to results in different output value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily detected and automatically
corrected.

3. Availability
Availability is the property in which information is accessible and modifiable in a timely fashion by
those authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by
authorized people.

Tools for Availability

Head Department Computer Science Dr. Mugtaba

 Physical Protections
 Computational Redundancies

Physical Protections

Physical safeguard means to keep information available even in the event of physical challenges. It
ensure sensitive information and critical information technology are housed in secure areas.

Computational redundancies

It is applied as fault tolerant against accidental faults. It protects computers and storage devices that
serve as fallbacks in the case of failures.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter
computer code, logic or data and lead to cybercrimes, such as information and identity theft.

We are living in a digital era. Now a day, most of the people use computer and internet. Due to the
dependency on digital things, the illegal computer activity is growing and changing like any type of
crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

These are the attacks which occur on a website or web applications. Some of the important web-based
attacks are as follows-
1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the application
and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period of
time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create cookies to
store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user
data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login credentials and
credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic
communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification number.
This attack may be used by criminals to crack encrypted data, or by security, analysts to test an
organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a crash. It
uses the single system and single internet connection to attack a server. It can be classified into the
following-

Head Department Computer Science Dr. Mugtaba

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit
per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original
password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web server to
deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is available
on the web server or to execute malicious files on the web server by making use of the include
functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and server and
acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in
the intercepted connection.

System-based attacks
These are the attacks which are intended to compromise a computer or a computer network. Some of
the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting
copies of itself into other computer programs when executed. It can also execute instructions that cause

Head Department Computer Science Dr. Mugtaba

harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It
works same as the computer virus. Worms often originate from email attachments that appear to be
from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even
when the computer should be idle. It misleads the user of its true intent. It appears to be a normal
application but when opened/executed some malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a backdoor so
that an application or operating system can be accessed for troubleshooting or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services. Some bots
program run automatically, while others only execute commands when they receive specific input.
Common examples of bots program are the crawler, chatroom bots, and malicious bots.

Types of Cyber Attackers

In computer and computer networks, an attacker is the individual or organization who performs the
malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make
unauthorized use of an asset.

As the Internet access becomes more pervasive across the world, and each of us spends more time on
the web, there is also an attacker grows as well. Attackers use every tools and techniques they would try
and attack us to get unauthorized access.

There are four types of attackers which are described below-

Head Department Computer Science Dr. Mugtaba

Cyber Criminals
Cybercriminals are individual or group of people who use technology to commit cybercrime with the
intention of stealing sensitive company information or personal data and generating profits. In today's,
they are the most prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to do cybercrimes-

 Select computer as their target- In this, they attack other people's computers to do cybercrime,
such as spreading viruses, data theft, identity theft, etc.
 Uses the computer as their weapon- In this, they use the computer to do conventional crime
such as spam, fraud, illegal gambling, etc.
 Uses the computer as their accessory- In this, they use the computer to steal data illegally.

Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political
agenda, religious belief, or social ideology. According to Dan Lohrmann, chief security officer for
Security Mentor, a national security training firm that works with states said "Hacktivism is a digital
disobedience. It's hacking for a cause." Hacktivists are not like cybercriminals who hack computer
networks to steal data for the cash. They are individuals or groups of hackers who work together and see
themselves as fighting injustice.

State-sponsored Attacker
State-sponsored attackers have particular objectives aligned with either the political, commercial or

Head Department Computer Science Dr. Mugtaba

military interests of their country of origin. These type of attackers are not in a hurry. The government
organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these
before the holes are patched. It is very challenging to defeat these attackers due to the vast resources at
their disposal.

Insider Threats
The insider threat is a threat to an organization's security or data that comes from within. These type of
threats are usually occurred from employees or former employees, but may also arise from third parties,
including contractors, temporary workers, employees or customers.

Insider threats can be categorized below-

Malicious-

Malicious threats are attempts by an insider to access and potentially harm an organization's data,
systems or IT infrastructure. These insider threats are often attributed to dissatisfied employees or ex-
employees who believe that the organization was doing something wrong with them in some way, and
they feel justified in seeking revenge.

Insiders may also become threats when they are disguised by malicious outsiders, either through
financial incentives or extortion.

Accidental-

Accidental threats are threats which are accidently done by insider employees. In this type of threats, an
employee might accidentally delete an important file or inadvertently share confidential data with a
business partner going beyond company?s policy or legal requirements.

Head Department Computer Science Dr. Mugtaba

Negligent-

These are the threats in which employees try to avoid the policies of an organization put in place to
protect endpoints and valuable data. For example, if the organization have strict policies for external file
sharing, employees might try to share work on public cloud applications so that they can work at home.
There is nothing wrong with these acts, but they can open up to dangerous threats nonetheless.

Cyber Security Principles

The UK internet industry and Government recognized the need to develop a series of Guiding Principles
for improving the online security of the ISPs' customers and limit the rise in cyber-attacks.
Cybersecurity for these purposes encompasses the protection of essential information, processes, and
systems, connected or stored online, with a broad view across the people, technical, and physical
domains.

These Principles recognize that the ISPs (and other service providers), internet users, and UK
Government all have a role in minimizing and mitigating the cyber threats inherent in using the internet.

These Guiding Principles have been developed to respond to this challenge by providing a consistent
approach to help, inform, educate, and protect ISPs' (Internet Service Provider's) customers from online
crimes. These Guiding Principles are aspirational, developed and delivered as a partnership between
Government and ISPs. They recognize that ISPs have different sets of customers, offer different levels
of support and services to protect those customers from cyber threats.

Some of the essential cybersecurity principles are described below-

Head Department Computer Science Dr. Mugtaba

1. Economy of mechanism
2. Fail-safe defaults
3. Least Privilege
4. Open Design
5. Complete mediation
6. Separation of Privilege
7. Least Common Mechanism
8. Psychological acceptability
9. Work Factor
10. Compromise Recording

1. Economy of mechanism

This principle states that Security mechanisms should be as simple and small as possible. The Economy
of mechanism principle simplifies the design and implementation of security mechanisms. If the design
and implementation are simple and small, fewer possibilities exist for errors. The checking and testing
process is less complicated so that fewer components need to be tested.

Interfaces between security modules are the suspect area which should be as simple as possible.
Because Interface modules often make implicit assumptions about input or output parameters or the
current system state. If the any of these assumptions are wrong, the module's actions may produce
unexpected results. Simple security framework facilitates its understanding by developers and users and

Head Department Computer Science Dr. Mugtaba

enables the efficient development and verification of enforcement methods for it.

2. Fail-safe defaults

The Fail-safe defaults principle states that the default configuration of a system should have a
conservative protection scheme. This principle also restricts how privileges are initialized when a
subject or object is created. Whenever access, privileges/rights, or some security-related attribute is not
explicitly granted, it should not be grant access to that object.

Example: If we will add a new user to an operating system, the default group of the user should have
fewer access rights to files and services.

3. Least Privilege

This principle states that a user should only have those privileges that need to complete his task. Its
primary function is to control the assignment of rights granted to the user, not the identity of the user.
This means that if the boss demands root access to a UNIX system that you administer, he/she should
not be given that right unless he/she has a task that requires such level of access. If possible, the
elevated rights of a user identity should be removed as soon as those rights are no longer needed.

4. Open Design

This principle states that the security of a mechanism should not depend on the secrecy of its design or
implementation. It suggests that complexity does not add security. This principle is the opposite of the
approach known as "security through obscurity." This principle not only applies to information such as
passwords or cryptographic systems but also to other computer security related operations.

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a cryptographic
algorithm that protects the DVD movie disks from unauthorized copying.

5. Complete mediation

The principle of complete mediation restricts the caching of information, which often leads to simpler
implementations of mechanisms. The idea of this principle is that access to every object must be
checked for compliance with a protection scheme to ensure that they are allowed. As a consequence,
there should be wary of performance improvement techniques which save the details of previous
authorization checks, since the permissions can change over time.

Whenever someone tries to access an object, the system should authenticate the access rights associated
with that subject. The subject's access rights are verified once at the initial access, and for subsequent
accesses, the system assumes that the same access rights should be accepted for that subject and object.

Head Department Computer Science Dr. Mugtaba

The operating system should mediate all and every access to an object.

Example: An online banking website should require users to sign-in again after a certain period like we
can say, twenty minutes has elapsed.

6. Separation of Privilege

This principle states that a system should grant access permission based on more than one condition
being satisfied. This principle may also be restrictive because it limits access to system entities. Thus
before privilege is granted more than two verification should be performed.

Example: To su (change) to root, two conditions must be met-

 The user must know the root password.

 The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms allowing resources shared by
more than one user should be minimized as much as possible. This principle may also be restrictive
because it limits the sharing of resources.

Example: If there is a need to be accessed a file or application by more than one user, then these users
should use separate channels to access these resources, which helps to prevent from unforeseen
consequences that could cause security problems.

8. Psychological acceptability

This principle states that a security mechanism should not make the resource more complicated to
access if the security mechanisms were not present. The psychological acceptability principle
recognizes the human element in computer security. If security-related software or computer systems
are too complicated to configure, maintain, or operate, the user will not employ the necessary security
mechanisms. For example, if a password is matched during a password change process, the password
changing program should state why it was denied rather than giving a cryptic error message. At the
same time, applications should not impart unnecessary information that may lead to a compromise in
security.

Example: When we enter a wrong password, the system should only tell us that the user id or password
was incorrect. It should not tell us that only the password was wrong as this gives the attacker
information.

Head Department Computer Science Dr. Mugtaba

9. Work Factor

This principle states that the cost of circumventing a security mechanism should be compared with the
resources of a potential attacker when designing a security scheme. In some cases, the cost of
circumventing ("known as work factor") can be easily calculated. In other words, the work factor is a
common cryptographic measure which is used to determine the strength of a given cipher. It does not
map directly to cybersecurity, but the overall concept does apply.

Example: Suppose the number of experiments needed to try all possible four character passwords is 244
= 331776. If the potential attacker must try each experimental password at a terminal, one might
consider a four-character password to be satisfactory. On the other hand, if the potential attacker could
use an astronomical computer capable of trying a million passwords per second, a four-letter password
would be a minor barrier for a potential intruder.

10. Compromise Recording

The Compromise Recording principle states that sometimes it is more desirable to record the details of
intrusion that to adopt a more sophisticated measure to prevent it.

Example: The servers in an office network may keep logs for all accesses to files, all emails sent and
received, and all browsing sessions on the web. Another example is that Internet-connected surveillance
cameras are a typical example of a compromise recording system that can be placed to protect a
building.

Data Security Consideration

Data security is the protection of programs and data in computers and communication systems against
unauthorized access, modification, destruction, disclosure or transfer whether accidental or intentional
by building physical arrangements and software checks. It refers to the right of individuals or
organizations to deny or restrict the collection and use of information about unauthorized access. Data
security requires system managers to reduce unauthorized access to the systems by building physical
arrangements and software checks.

Data security uses various methods to make sure that the data is correct, original, kept confidentially
and is safe. It includes-

Head Department Computer Science Dr. Mugtaba

 Ensuring the integrity of data.

 Ensuring the privacy of the data.
 Prevent the loss or destruction of data.

Data security consideration involves the protection of data against unauthorized access, modification,
destruction, loss, disclosure or transfer whether accidental or intentional. Some of the important data
security consideration are described below:

Backups
Data backup refers to save additional copies of our data in separate physical or cloud locations from
data files in storage. It is essential for us to keep secure, store, and backup our data on a regular basis.
Securing of the data will help us to prevent from-
 Accidental or malicious damage/modification to data.
 Theft of valuable information.
 Breach of confidentiality agreements and privacy laws.
 Premature release of data which can avoid intellectual properties claims.
 Release before data have been checked for authenticity and accuracy.

Keeping reliable and regular backups of our data protects against the risk of damage or loss due to
power failure, hardware failure, software or media faults, viruses or hacking, or even human errors.

To use the Backup 3-2-1 Rule is very popular. This rule includes:

 Three copies of our data

 Two different formats, i.e., hard drive+tape backup or DVD (short term)+flash drive
 One off-site backup, i.e., have two physical backups and one in the cloud

Some important backup options are as follows-

Head Department Computer Science Dr. Mugtaba

1. Hard drives - personal or work computer

2. Departmental or institution server
3. External hard drives
4. Tape backups
5. Discipline-specific repositories
6. University Archives
7. Cloud storage

Some of the top considerations for implementing secure backup and recovery are-

1. Authentication of the users and backup clients to the backup server.

2. Role-based access control lists for all backup and recovery operations.
3. Data encryption options for both transmission and the storage.
4. Flexibility in choosing encryption and authentication algorithms.
5. Backup of a remote client to the centralized location behind firewalls.
6. Backup and recovery of a client running Security-Enhanced Linux (SELinux).
7. Using best practices to write secure software.

Archival Storage
Data archiving is the process of retaining or keeping of data at a secure place for long-term storage. The
data might be stored in safe locations so that it can be used whenever it is required. The archive data is
still essential to the organization and may be needed for future reference. Also, data archives are
indexed and have search capabilities so that the files and parts of files can be easily located and
retrieved. The Data archival serve as a way of reducing primary storage consumption of data and its
related costs.

Data archival is different from data backup in the sense that data backups created copies of data and
used as a data recovery mechanism to restore data in the event when it is corrupted or destroyed. On the
other hand, data archives protect the older information that is not needed in day to day operations but
may have to be accessed occasionally.

Data archives may have many different forms. It can be stored as Online, offline, or cloud storage-

 Online data storage places archive data onto disk systems where it is readily accessible.
 Offline data storage places archive data onto the tape or other removable media using data
archiving software. Because tape can be removed and consumes less power than disk systems.
 Cloud storage is also another possible archive target. For example, Amazon Glacier is designed
for data archiving. Cloud storage is inexpensive, but its costs can grow over time as more data is

Head Department Computer Science Dr. Mugtaba

added to the cloud archive.

The following list of considerations will help us to improve the long-term usefulness of our archives:

1. Storage medium
2. Storage device
3. Revisiting old archives
4. Data usability
5. Selective archiving
6. Space considerations
7. Online vs. offline storage

Storage medium

The first thing is to what storage medium we use for archives. The archived data will be stored for long
periods of time, so we must need to choose the type of media that will be lost as long as our retention
policy dictates.

Storage device

This consideration takes into account about the storage device we are using for our archives which will
be accessible in a few years. There is no way to predict which types of storage devices will stand the
best. So, it is essential to try to pick those devices that have the best chance of being supported over the
long term.

Revisiting old archives

Since we know our archive policies and the storage mechanisms we use for archiving data would
change over time. So we have to review our archived data at least once a year to see that if anything
needs to be migrated into a different storage medium.

For example, about ten years ago, we used Zip drives for archival then we had transferred all of my
archives to CD. But in today?s, we store most of our archives on DVD. Since modern DVD drives can
also read CDs, so we haven't needed to move our extremely old archives off CD onto DVD.

Data usability

In this consideration, we have seen one major problem in the real world is archived data which is in an
obsolete format.

For example, a few years ago, document files that had been archived in the early 1990s were created by
an application known as PFS Write. The PFS Write file format was supported in the late 80s and early
90s, but today, there are not any applications that can read that files. To avoid this situation, it might be
helpful to archive not only the data but also copies the installation media for the applications that
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

created the data.

Selective archiving

In this consideration, we have to sure about what should be archived. That means we will archive only a
selective part of data because not all data is equally important.

Space considerations

If our archives become huge, we must plan for the long-term retention of all our data. If we are
archiving our data to removable media, capacity planning might be simple which makes sure that there
is a free space in the vault to hold all of those tapes, and it makes sure that there is a room in our IT
budget to continue purchasing tapes.

Online vs. offline storage

In this consideration, we have to decide whether to store our archives online (on a dedicated archive
server) or offline (on removable media). Both methods of archival contain advantages and
disadvantages. Storing of data online keeps the data easily accessible. But keeping data online may be
vulnerable to theft, tampering, corruption, etc. Offline storage enables us to store an unlimited amount
of data, but it is not readily accessible.

Disposal of Data
Data destruction or disposal of data is the method of destroying data which is stored on tapes, hard disks
and other electronic media so that it is completely unreadable, unusable and inaccessible for
unauthorized purposes. It also ensures that the organization retains records of data for as long as they
are needed. When it is no longer required, appropriately destroys them or disposes of that data in some
other way, for example, by transfer to an archives service.

The managed process of data disposal has some essential benefits-

 It avoids the unnecessary storage costs incurred by using office or server space in maintaining
records which is no longer needed by the organization.
 Finding and retrieving information is easier and quicker because there is less to search.

The disposal of data usually takes place as part of the normal records management process. There are
two essential circumstances in which the destruction of data need to be handled as an addition to this
process-

Head Department Computer Science Dr. Mugtaba

 The quantity of a legacy record requires attention.

 The functions are being transferred to another authority and disposal of data records becomes
part of the change process.

The following list of considerations will help us for the secure disposal of data-

1. Eliminate access
2. Destroy the data
3. Destroy the device
4. Keep the record of which systems have been decommissioned
5. Keep careful records
6. Eliminate potential clues
7. Keep systems secure until disposal

Eliminate access

In this consideration, we have to ensure that eliminating access account does not have any rights to re
access the disposed of data again.

Destroy the Data

In this consideration, there is not necessary to remove data from storage media will be safe. Even these
days reformatting or repartitioning a drive to "erase" the data that it stores is not good enough. Today's
many tools available which can help us to delete files more securely. To encrypt the data on the drive
before performing any deletion can help us to make data more difficult to recover later.

Destroy the device

In the most cases, storage media need to be physically destroyed to ensure that our sensitive data is not
leaked to whoever gets the drives next. In such cases, we should not destroy them itself. To do this,
there should be experts who can make probably a lot better at safely and effectively rendering any data
on our drives unrecoverable. If we can't trust this to an outsider agency that specializes in the secure
destruction of storage devices, we should have a specialized team within our organization who has the
same equipment and skills as outside contractors.

Keep the record of which systems have been decommissioned

In this, we have to make sure that the storage media has been fully decommissioned securely and they
do not consist of something easily misplaced or overlooked. It is best if storage media that have not
been fully decommissioned are kept in a specific location, while decommissioned equipment placed
somewhere else so that it will help us to avoid making mistakes.

Head Department Computer Science Dr. Mugtaba

Keep careful records

In this consideration, it is necessary to keep the record of whoever is responsible for decommissioning a
storage media. If more than one person is assigned for such responsibility, he should sign off after the
completion of the decommissioning process. So that, if something happened wrong, we know who to
talk to find out what happened and how bad the mistake is.

Eliminate potential clues

In this consideration, we have to clear the configuration settings from networking equipment. We do
this because it can provide crucial clues to a security cracker to break into our network and the systems
that reside on it.

Keep system secure until disposal of data

In this consideration, we should have to make clear guidelines for who should have access to the
equipment in need of secure disposal. It will be better to ensure that nobody should have access
authentication to it before disposal of data won't get his or her hands on it.

Security Technologies
With the rapid growth in the Internet, cybersecurity has become a major concern to organizations
throughout the world. The fact that the information and tools & technologies needed to penetrate the
security of corporate organization networks are widely available has increased that security concern.

Today, the fundamental problem is that much of the security technology aims to keep the attacker out,
and when that fails, the defences have failed. Every organization who uses internet needed security
technologies to cover the three primary control types - preventive, detective, and corrective as well as
provide auditing and reporting. Most security is based on one of these types of things: something we
have (like a key or an ID card), something we know (like a PIN or a password), or something we are
(like a fingerprint).

Some of the important security technologies used in the cybersecurity are described below-

Head Department Computer Science Dr. Mugtaba

Firewall
Firewall is a computer network security system designed to prevent unauthorized access to or from a
private network. It can be implemented as hardware, software, or a combination of both. Firewalls are
used to prevent unauthorized Internet users from accessing private networks connected to the Internet.
All messages are entering or leaving the intranet pass through the firewall. The firewall examines each
message and blocks those that do not meet the specified security criteria.

Categories of Firewalls

Firewall can be categorised into the following types-

1. Processing mode:

The five processing modes that firewalls can be categorised are-

Head Department Computer Science Dr. Mugtaba

Packet filtering

Packet filtering firewalls examine header information of a data packets that come into a network. This
firewall installed on TCP/IP network and determine whether to forward it to the next network
connection or drop a packet based on the rules programmed in the firewall. It scans network data
packets looking for a violation of the rules of the firewalls database. Most firewall often based on a
combination of:

 Internet Protocol (IP) source and destination address.

 Direction (inbound or outbound).
 Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination
port requests.

Packet filtering firewalls can be categorized into three types-

1. Static filtering: The system administrator set a rule for the firewall. These filtering rules governing
how the firewall decides which packets are allowed and which are denied are developed and installed.

2. Dynamic filtering: It allows the firewall to set some rules for itself, such as dropping packets from
an address that is sending many bad packets.

3. Stateful inspection: A stateful firewalls keep track of each network connection between internal and
external systems using a state table.

Application gateways

It is a firewall proxy which frequently installed on a dedicated computer to provides network security.

Head Department Computer Science Dr. Mugtaba

This proxy firewall acts as an intermediary between the requester and the protected device. This firewall
proxy filters incoming node traffic to certain specifications that mean only transmitted network
application data is filtered. Such network applications include FTP, Telnet, Real Time Streaming
Protocol (RTSP), BitTorrent, etc.

Circuit gateways

A circuit-level gateway is a firewall that operates at the transport layer. It provides UDP and TCP
connection security which means it can reassemble, examine or block all the packets in a TCP or UDP
connection. It works between a transport layer and an application layers such as the session layer.
Unlike application gateways, it monitors TCP data packet handshaking and session fulfilment of
firewall rules and policies. It can also act as a Virtual Private Network (VPN) over the Internet by doing
encryption from firewall to firewall.

MAC layer firewalls

This firewall is designed to operate at the media access control layer of the OSI network model. It is
able to consider a specific host computer's identity in its filtering decisions. MAC addresses of specific
host computers are linked to the access control list (ACL) entries. This entry identifies specific types of
packets that can be sent to each host and all other traffic is blocked. It will also check the MAC address
of a requester to determine whether the device being used are able to make the connection is authorized
to access the data or not.

Hybrid firewalls

It is a type of firewalls which combine features of other four types of firewalls. These are elements of
packet filtering and proxy services, or of packet filtering and circuit gateways.

2. Development Era:

Firewall can be categorised on the basis of the generation type. These are-

 First Generation
 Second Generation
 Third Generation
 Fourth Generation
 Fifth Generation

First Generation:

The first generation firewall comes with static packet filtering firewall. A static packet filter is the
simplest and least expensive forms of firewall protection. In this generation, each packet entering and

Head Department Computer Science Dr. Mugtaba

leaving the network is checked and will be either passed or rejected depends on the user-defined rules.
We can compare this security with the bouncer of the club who only allows people over 21 to enter and
below 21 will be disallowed.

Second Generation:

Second generation firewall comes with Application level or proxy servers. This generation of firewall
increases the security level between trusted and untrusted networks. An Application level firewall uses
software to intercept connections for each IP and to perform security inspection. It involves proxy
services which act as an interface between the user on the internal trusted network and the Internet.
Each computer communicates with each other by passing network traffic through the proxy program.
This program evaluates data sent from the client and decides which to move on and which to drop.

Third Generation:

The third generation firewall comes with the stateful inspection firewalls. This generation of the firewall
has evolved to meet the major requirements demanded by corporate networks of increased security
while minimizing the impact on network performance. The needs of the third generation firewalls will
be even more demanding due to the growing support for VPNs, wireless communication, and enhanced
virus protection. The most challenging element of this evolution is maintaining the firewall's simplicity
(and hence its maintainability and security) without compromising flexibility.

Fourth Generation:

The fourth generation firewall comes with dynamic packet filtering firewall. This firewall monitors the
state of active connections, and on the basis of this information, it determines which network packets
are allowed to pass through the firewall. By recording session information such as IP addresses and port
numbers, a dynamic packet filter can implement a much tighter security posture than a static packet
filter.

Fifth Generation:

The fifth generation firewall comes with kernel proxy firewall. This firewall works under the kernel of
Windows NT Executive. This firewall proxy operates at the application layer. In this, when a packet
arrives, a new virtual stack table is created which contains only the protocol proxies needed to examine
the specific packet. These packets investigated at each layer of the stack, which involves evaluating the
data link header along with the network header, transport header, session layer information, and
application layer data. This firewall works faster than all the application-level firewalls because all
evaluation takes place at the kernel layer and not at the higher layers of the operating system.

3. Intended deployment structure:

Head Department Computer Science Dr. Mugtaba

Firewall can also be categorized based on the structure. These are-

Commercial Appliances

It runs on a custom operating system. This firewall system consists of firewall application software
running on a general-purpose computer. It is designed to provide protection for a medium-to-large
business network. Most of the commercial firewalls are quite complex and often require specialized
training and certification to take full advantage of their features.

Small Office Home Office

The SOHO firewall is designed for small office or home office networks who need protection from
Internet security threats. A firewall for a SOHO (Small Office Home Office) is the first line of defence
and plays an essential role in an overall security strategy. SOHO firewall has limited resources so that
the firewall product they implement must be relatively easy to use and maintain, and be cost-effective.
This firewall connects a user's local area network or a specific computer system to the Internetworking
device.

Residential Software

Residential-grade firewall software is installed directly on a user's system. Some of these applications
combine firewall services with other protections such as antivirus or intrusion detection. There are a
limit to the level of configurability and protection that software firewalls can provide.

4. Architectural Implementation

The firewall configuration that works best for a particular organization depends on three factors: the
objectives of the network, the organization's ability to develop and implement the architectures, and the
budget available for the function.

Head Department Computer Science Dr. Mugtaba

There are four common architectural implementations of firewalls:

Packet-filtering routers

Packet filtering firewall is used to control the network access by monitoring the outgoing and incoming
packets. It allows them to pass or halt based on the source and destination IP addresses, protocols and
ports. During communication, a node transmits a packet; this packet is filtered and matched with the
predefined rules and policies. Once it is matched, a packet is considered secure and verified and are able
to be accepted otherwise blocked them.

Screened host firewalls

This firewall architecture combines the packet-filtering router with a separate and dedicated firewall.
The application gateway needs only one network interface. It is allowing the router to pre-screen
packets to minimize the network traffic and load on the internal proxy. The packet-filtering router filters
dangerous protocols from reaching the application gateway and site systems.

Dual-homed host firewalls

The network architecture for the dual-homed host firewall is simple. Its architecture is built around the
dual-homed host computer, a computer that has at least two NICs. One NIC is to be connected with the
external network, and other is connected to the internal network which provides an additional layer of
protection. With these NICs, all traffic must go through the firewall in order to move between the
internal and external networks.

The Implementation of this architecture often makes use of NAT. NAT is a method of mapping
assigned IP addresses to special ranges of no routable internal IP addresses, thereby creating another

Head Department Computer Science Dr. Mugtaba

barrier to intrusion from external attackers.

Screened Subnet Firewalls

This architecture adds an extra layer (perimeter network) of security to the screened host architecture by
adding a perimeter network that further isolates the internal network from the Internet. In this
architecture, there are two screening routers and both connected to the perimeter net. One router sits
between the perimeter net and the internal network, and the other router sits between the perimeter net
and the external network. To break into the internal network, an attacker would have to get past both
routers. There is no single vulnerable point that will compromise the internal network.

VPNs

A VPN stands for virtual private network. It is a technology which creates a safe and an encrypted
connection on the Internet from a device to a network. This type of connection helps to ensure our
sensitive data is transmitted safely. It prevents our connection from eavesdropping on the network
traffic and allows the user to access a private network securely. This technology is widely used in the
corporate environments.

A VPN works same as firewall like firewall protects data local to a device wherever VPNs protects data
online. To ensure safe communication on the internet, data travel through secure tunnels, and VPNs
user used an authentication method to gain access over the VPNs server. VPNs are used by remote users
who need to access corporate resources, consumers who want to download files and business travellers
want to access a site that is geographically restricted.

Intrusion Detection System (IDS)

An IDS is a security system which monitors the computer systems and network traffic. It analyses that
traffic for possible hostile attacks originating from the outsider and also for system misuse or attacks
originating from the insider. A firewall does a job of filtering the incoming traffic from the internet, the
IDS in a similar way compliments the firewall security. Like, the firewall protects an organization
sensitive data from malicious attacks over the Internet, the Intrusion detection system alerts the system
administrator in the case when someone tries to break in the firewall security and tries to have access on
any network in the trusted side.

Intrusion Detection System have different types to detects the suspicious activities-

1. NIDS-

It is a Network Intrusion Detection System which monitors the inbound and outbound traffic to and
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

from all the devices over the network.

2. HIDS-

It is a Host Intrusion Detection System which runs on all devices in the network with direct access to
both internet and enterprise internal network. It can detect anomalous network packets that originate
from inside the organization or malicious traffic that a NIDS has failed to catch. HIDS may also identify
malicious traffic that arises from the host itself.

3. Signature-based Intrusion Detection System-

It is a detection system which refers to the detection of an attack by looking for the specific patterns,
such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
This IDS originates from anti-virus software which can easily detect known attacks. In this terminology,
it is impossible to detect new attacks, for which no pattern is available.

4. Anomaly-based Intrusion Detection System-

This detection system primarily introduced to detect unknown attacks due to the rapid development of
malware. It alerts administrators against the potentially malicious activity. It monitors the network
traffic and compares it against an established baseline. It determines what is considered to be normal for
the network with concern to bandwidth, protocols, ports and other devices.

Access Control
Access control is a process of selecting restrictive access to a system. It is a concept in security to
minimize the risk of unauthorized access to the business or organization. In this, users are granted
access permission and certain privileges to a system and resources. Here, users must provide the
credential to be granted access to a system. These credentials come in many forms such as password,
keycard, the biometric reading, etc. Access control ensures security technology and access control
policies to protect confidential information like customer data.

The access control can be categories into two types-

 Physical access control

 Logical access control

Physical Access Control- This type of access control limits access to buildings, rooms, campuses, and
physical IT assets.

Head Department Computer Science Dr. Mugtaba

Logical access control- This type of access control limits connection to computer networks, system
files, and data.

The more secure method for access control involves two - factor authentication. The first factor is that a
user who desires access to a system must show credential and the second factor could be an access code,
password, and a biometric reading.

The access control consists of two main components: authorization and authentication.
Authentication is a process which verifies that someone claims to be granted access whereas an
authorization provides that whether a user should be allowed to gain access to a system or denied it.

Head Department Computer Science Dr. Mugtaba

Threat to E-Commerce
E-Commerce refers to the activity of buying and selling things over the internet. Simply, it refers to the
commercial transactions which are conducted online. E-commerce can be drawn on many technologies
such as mobile commerce, Internet marketing, online transaction processing, electronic funds transfer,
supply chain management, electronic data interchange (EDI), inventory management systems, and
automated data collection systems.

E-commerce threat is occurring by using the internet for unfair means with the intention of stealing,
fraud and security breach. There are various types of e-commerce threats. Some are accidental, some
are purposeful, and some of them are due to human error. The most common security threats are an
electronic payments system, e-cash, data misuse, credit/debit card frauds, etc.

Electronic payments system:

With the rapid development of the computer, mobile, and network technology, e-commerce has become
a routine part of human life. In e-commerce, the customer can order products at home and save time for
doing other things. There is no need of visiting a store or a shop. The customer can select different
stores on the Internet in a very short time and compare the products with different characteristics such
as price, colour, and quality.

The electronic payment systems have a very important role in e-commerce. E-commerce organizations
use electronic payment systems that refer to paperless monetary transactions. It revolutionized the
business processing by reducing paperwork, transaction costs, and labour cost. E-commerce processing
is user-friendly and less time consuming than manual processing. Electronic commerce helps a business
organization expand its market reach expansion. There is a certain risk with the electronic payments
system.
Some of them are:

The Risk of Fraud

An electronic payment system has a huge risk of fraud. The computing devices use an identity of the
person for authorizing a payment such as passwords and security questions. These authentications are
not full proof in determining the identity of a person. If the password and the answers to the security
questions are matched, the system doesn't care who is on the other side. If someone has access to our
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

password or the answers to our security question, he will gain access to our money and can steal it from
us.

The Risk of Tax Evasion

The Internal Revenue Service law requires that every business declare their financial transactions and
provide paper records so that tax compliance can be verified. The problem with electronic systems is
that they don't provide cleanly into this paradigm. It makes the process of tax collection very frustrating
for the Internal Revenue Service. It is at the business's choice to disclose payments received or made via
electronic payment systems. The IRS has no way to know that it is telling the truth or not that makes it
easy to evade taxation.

The Risk of Payment Conflicts

In electronic payment systems, the payments are handled by an automated electronic system, not by
humans. The system is prone to errors when it handles large amounts of payments on a frequent basis
with more than one recipients involved. It is essential to continually check our pay slip after every pay
period ends in order to ensure everything makes sense. If it is a failure to do this, may result in conflicts
of payment caused by technical glitches and anomalies.

E-cash

E-cash is a paperless cash system which facilitates the transfer of funds anonymously. E-cash is free to
the user while the sellers have paid a fee for this. The e-cash fund can be either stored on a card itself or
in an account which is associated with the card. The most common examples of e-cash system are
transit card, PayPal, GooglePay, Paytm, etc.

E-cash has four major components-

1. Issuers - They can be banks or a non-bank institution.

2. Customers - They are the users who spend the e-cash.
3. Merchants or Traders - They are the vendors who receive e-cash.
4. Regulators - They are related to authorities or state tax agencies.

In e-cash, we stored financial information on the computer, electronic device or on the internet which is
vulnerable to the hackers. Some of the major threats related to e-cash system are-

Head Department Computer Science Dr. Mugtaba

Backdoors Attacks

It is a type of attacks which gives an attacker to unauthorized access to a system by bypasses the normal
authentication mechanisms. It works in the background and hides itself from the user that makes it
difficult to detect and remove.

Denial of service attacks

A denial-of-service attack (DoS attack) is a security attack in which the attacker takes action that
prevents the legitimate (correct) users from accessing the electronic devices. It makes a network
resource unavailable to its intended users by temporarily disrupting services of a host connected to the
Internet.

Direct Access Attacks

Direct access attack is an attack in which an intruder gains physical access to the computer to perform
an unauthorized activity and installing various types of software to compromise security. These types of
software loaded with worms and download a huge amount of sensitive data from the target victims.

Eavesdropping

This is an unauthorized way of listening to private communication over the network. It does not
interfere with the normal operations of the targeting system so that the sender and the recipient of the
messages are not aware that their conversation is tracking.

Credit/Debit card fraud

A credit card allows us to borrow money from a recipient bank to make purchases. The issuer of the
credit card has the condition that the cardholder will pay back the borrowed money with an additional

Head Department Computer Science Dr. Mugtaba

agreed-upon charge.

A debit card is of a plastic card which issued by the financial organization to account holder who has a
savings deposit account that can be used instead of cash to make purchases. The debit card can be used
only when the fund is available in the account.

Some of the important threats associated with the debit/credit card are-

ATM (Automated Teller Machine)-

It is the favourite place of the fraudster from there they can steal our card details. Some of the important
techniques which the criminals opt for getting hold of our card information is:

Skimming-

It is the process of attaching a data-skimming device in the card reader of the ATM. When the customer
swipes their card in the ATM card reader, the information is copied from the magnetic strip to the
device. By doing this, the criminals get to know the details of the Card number, name, CVV number,
expiry date of the card and other details.

Unwanted Presence-

It is a rule that not more than one user should use the ATM at a time. If we find more than one people
lurking around together, the intention behind this is to overlook our card details while we were making
our transaction.

Vishing/Phishing

Phishing is an activity in which an intruder obtained the sensitive information of a user such as
password, usernames, and credit card details, often for malicious reasons, etc.

Vishing is an activity in which an intruder obtained the sensitive information of a user via sending SMS
on mobiles. These SMS and Call appears to be from a reliable source, but in real they are fake. The
main objective of vishing and phishing is to get the customer's PIN, account details, and passwords.

Online Transaction

Online transaction can be made by the customer to do shopping and pay their bills over the internet. It is
as easy as for the customer, also easy for the customer to hack into our system and steal our sensitive
information. Some important ways to steal our confidential information during an online transaction
are-

Head Department Computer Science Dr. Mugtaba

 By downloading software which scans our keystroke and steals our password and card details.
 By redirecting a customer to a fake website which looks like original and steals our sensitive
information.
 By using public Wi-Fi

POS Theft

It is commonly done at merchant stores at the time of POS transaction. In this, the salesperson takes the
customer card for processing payment and illegally copies the card details for later use.

Security Policies
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

Security policies are a formal set of rules which is issued by an organization to ensure that the user who
are authorized to access company technology and information assets comply with rules and guidelines
related to the security of information. It is a written document in the organization which is responsible
for how to protect the organizations from threats and how to handles them when they will occur. A
security policy also considered to be a "living document" which means that the document is never
finished, but it is continuously updated as requirements of the technology and employee changes.

Need of Security policies-

1) It increases efficiency.

The best thing about having a policy is being able to increase the level of consistency which saves time,
money and resources. The policy should inform the employees about their individual duties, and telling
them what they can do and what they cannot do with the organization sensitive information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security policy of
the organization will back up any disciplinary action and also supporting a case in a court of law. The
organization policies act as a contract which proves that an organization has taken steps to protect its
intellectual property, as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to other vendors
during a business deal that involves the transference of their sensitive information. It is true in a case of
bigger businesses which ensures their own security interests are protected when dealing with smaller
businesses which have less high-end security systems in place.
4) It helps to educate employees on security literacy

A well-written security policy can also be seen as an educational document which informs the readers
about their importance of responsibility in protecting the organization sensitive data. It involves on
choosing the right passwords, to providing guidelines for file transfers and data storage which increases
employee's overall awareness of security and how it can be strengthened.

We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our specific
environment. There are some important cybersecurity policies recommendations describe below-

1. Virus and Spyware Protection policy

Head Department Computer Science Dr. Mugtaba

This policy provides the following protection:

 It helps to detect, removes, and repairs the side effects of viruses and security risks by using
signatures.
 It helps to detect the threats in the files which the users try to download by using reputation data
from Download Insight.
 It helps to detect the applications that exhibit suspicious behaviour by using SONAR heuristics
and reputation data.

2. Firewall Policy

This policy provides the following protection:

 It blocks the unauthorized users from accessing the systems and networks that connect to the
Internet.
 It detects the attacks by cybercriminals.
 It removes the unwanted sources of network traffic.

3. Intrusion Prevention policy

This policy automatically detects and blocks the network attacks and browser attacks. It also protects
applications from vulnerabilities. It checks the contents of one or more data packages and detects
malware which is coming through legal ways.

4. LiveUpdate policy

This policy can be categorized into two types one is LiveUpdate Content policy, and another is
LiveUpdate Setting Policy. The LiveUpdate policy contains the setting which determines when and how
client computers download the content updates from LiveUpdate. We can define the computer that
clients contact to check for updates and schedule when and how often clients computer check for
updates.

5. Application and Device Control

This policy protects a system's resources from applications and manages the peripheral devices that can
attach to a system. The device control policy applies to both Windows and Mac computers whereas
application control policy can be applied only to Windows clients.

6. Exceptions policy

This policy provides the ability to exclude applications and processes from detection by the virus and
spyware scans.

Head Department Computer Science Dr. Mugtaba

7. Host Integrity policy

This policy provides the ability to define, enforce, and restore the security of client computers to keep
enterprise networks and data secure. We use this policy to ensure that the client's computers who access
our network are protected and compliant with companies? securities policies. This policy requires that
the client system must have installed antivirus.

ISO standard is officially established On 23 February 1947. It is an independent, non-governmental

international organization. Today, it has a membership of 162 national standards bodies and 784
technical committees and subcommittees to take care of standards development. ISO has published over
22336 International Standards and its related documents which covers almost every industry, from
information technology, to food safety, to agriculture and healthcare.

ISO 27000 Series

It is the family of information security standards which is developed by the International Organization
for Standardization and the International Electrotechnical Commission to provide a globally recognized
framework for best information security management. It helps the organization to keep their
information assets secure such as employee details, financial information, and intellectual property.

The need of ISO 27000 series arises because of the risk of cyber-attacks which the organization face.
The cyber-attacks are growing day by day making hackers a constant threat to any industry that uses
technology.

The ISO 27000 series can be categorized into many types. They are-

ISO 27001- This standard allows us to prove the clients and stakeholders of any organization to
managing the best security of their confidential data and information. This standard involves a process-
based approach for establishing, implementing, operating, monitoring, maintaining, and improving our
ISMS.

ISO 27000- This standard provides an explanation of terminologies used in ISO 27001.

ISO 27002- This standard provides guidelines for organizational information security standards and
information security management practices. It includes the selection, implementation, operating and
management of controls taking into consideration the organization's information security risk
environment(s).

ISO 27005- This standard supports the general concepts specified in 27001. It is designed to provide the

Head Department Computer Science Dr. Mugtaba

guidelines for implementation of information security based on a risk management approach. To

completely understand the ISO/IEC 27005, the knowledge of the concepts, models, processes, and
terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is required. This standard is capable for
all kind of organizations such as non-government organization, government agencies, and commercial
enterprises.

ISO 27032- It is the international Standard which focuses explicitly on cybersecurity. This Standard
includes guidelines for protecting the information beyond the borders of an organization such as in
collaborations, partnerships or other information sharing arrangements with clients and suppliers.

2. IT Act
The Information Technology Act also known as ITA-2000, or the IT Act main aims is to provide the
legal infrastructure in India which deal with cybercrime and e-commerce. The IT Act is based on the
United Nations Model Law on E-Commerce 1996 recommended by the General Assembly of United
Nations. This act is also used to check misuse of cyber network and computer in India. It was officially
passed in 2000 and amended in 2008. It has been designed to give the boost to Electronic commerce, e-
transactions and related activities associated with commerce and trade. It also facilitate electronic
governance by means of reliable electronic records.

IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections concerning digital
signatures and other sections deal with the certifying authorities who are licenced to issue digital
signature certificates, sections 43 to 47 provides penalties and compensation, section 48 to 64 deal with
appeal to high court, sections 65 to 79 deal with offences, and the remaining section 80 to 94 deal with
miscellaneous of the act.

3. Copyright Act
The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs the subject of
copyright law in India. This Act is applicable from 21 January 1958. Copyright is a legal term which
describes the ownership of control of the rights to the authors of "original works of authorship" that are
fixed in a tangible form of expression. An original work of authorship is a distribution of certain works
of creative expression including books, video, movies, music, and computer programs. The copyright
law has been enacted to balance the use and reuse of creative works against the desire of the creators of
art, literature, music and monetize their work by controlling who can make and sell copies of the work.

The copyright act covers the following-

Head Department Computer Science Dr. Mugtaba

 Rights of copyright owners

 Works eligible for protection
 Duration of copyright
 Who can claim copyright

The copyright act does not covers the following-

 Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries

 Works that are not fixed in a tangible form (such as a choreographic work that has not been
notated or recorded or an improvisational speech that has not been written down)
 Familiar symbols or designs
 Titles, names, short phrases, and slogans
 Mere variations of typographic ornamentation, lettering, or coloring

4. Patent Law
Patent law is a law that deals with new inventions. Traditional patent law protect tangible scientific
inventions, such as circuit boards, heating coils, car engines, or zippers. As time increases patent law
have been used to protect a broader variety of inventions such as business practices, coding algorithms,
or genetically modified organisms. It is the right to exclude others from making, using, selling,
importing, inducing others to infringe, and offering a product specially adapted for practice of the
patent.

In general, a patent is a right that can be granted if an invention is:

 Not a natural object or process

 New
 Useful
 Not obvious.

5. IPR
Intellectual property rights is a right that allow creators, or owners of patents, trademarks or copyrighted
works to benefit from their own plans, ideas, or other intangible assets or investment in a creation.
These IPR rights are outlined in the Article 27 of the Universal Declaration of Human Rights. It
provides for the right to benefit from the protection of moral and material interests resulting from
authorship of scientific, literary or artistic productions. These property rights allow the holder to

Head Department Computer Science Dr. Mugtaba

exercise a monopoly on the use of the item for a specified period.

Non-repudiation
Non-repudiation means assurance of something that cannot be denied. It ensures that someone to a
contract or communication cannot later deny the authenticity of their signature on a document or in a
file or the sending of a message that they originated.

Integrity
Integrity ensures that the message is real, accurate and safeguards from unauthorized user modification
during the transmission.

Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm

The key generation algorithm selects private key randomly from a set of possible private keys. This
algorithm provides the private key and its corresponding public key.

2. Signing algorithm

A signing algorithm produces a signature for the document.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's authenticity.

How digital signatures work

Digital signatures are created and verified by using public key cryptography, also known as asymmetric
cryptography. By the use of a public key algorithm, such as RSA, one can generate two keys that are
mathematically linked- one is a private key, and another is a public key.

The user who is creating the digital signature uses their own private key to encrypt the signature-related

Head Department Computer Science Dr. Mugtaba

document. There is only one way to decrypt that document is with the use of signer's public key.

This technology requires all the parties to trust that the individual who creates the signature has been
able to keep their private key secret. If someone has access the signer's private key, there is a possibility
that they could create fraudulent signatures in the name of the private key holder.

The steps which are followed in creating a digital signature are:

1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or file content is
encrypted by using a private key of a sender to form the digital signature.
3. Now, the original message or file content along with the digital signature is transmitted.
4. The receiver decrypts the digital signature by using a public key of a sender.
5. The receiver now has the message or file content and can compute it.
6. Comparing these computed message or file content with the original computed message. The
comparison needs to be the same for ensuring integrity.

Types of Digital Signature

Different document processing platform supports different types of digital signature. They are described
below:

Certified Signatures
The certified digital signature documents display a unique blue ribbon across the top of the document.
The certified signature contains the name of the document signer and the certificate issuer which
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

indicate the authorship and authenticity of the document.

Approval Signatures
The approval digital signatures on a document can be used in the organization's business workflow.
They help to optimize the organization's approval procedure. The procedure involves capturing
approvals made by us and other individuals and embedding them within the PDF document. The
approval signatures to include details such as an image of our physical signature, location, date, and
official seal.

Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally. This signature appears on
a document in the same way as signatures are signed on a physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a document in the
taskbar. We can use invisible digital signatures when we do not have or do not want to display our
signature but need to provide the authenticity of the document, its integrity, and its origin.

3. PKI Services
PKI stands for Public Key Infrastructure. This tool supports the distribution and identification of public
encryption keys. It enables users and computer systems to securely exchange data over the internet and
verify the identity of the other party. We can also exchange sensitive information without PKI, but in
that case, there would be no assurance of the authentication of the other party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server communication
and is responsible for HTTPS and padlock that we can see in our browser address bar. PKI solve many
numbers of cybersecurity problems and deserves a place in the organization security suite.

PKI can also be used to:

 Enable Multi-Factor Authentication and access control

 Create compliant, Trusted Digital Signatures.
 Encrypt email communications and authenticate the sender's identity.
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

 Digitally sign and protect the code.

 Build identity and trust into IoT ecosystems.

4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to breach
organization security So, there is a necessity for every businesses to be used more powerful forms of
defences of cybersecurity. MDR is an advanced security service that provides threat hunting, threat
intelligence, security monitoring, incident analysis, and incident response. It is a service that arises from
the need for organizations (who has a lack of resources) to be more aware of risks and improve their
ability to detect and respond to threats. MDR also uses Artificial Intelligence and machine learning to
investigate, auto detect threats, and orchestrate response for faster result.

The managed detection and response has the following characteristics:

 Managed detection and response is focused on threat detection, rather than compliance.
 MDR relies heavily on security event management and advanced analytics.
 While some automation is used, MDR also involves humans to monitor our network.
 MDR service providers also perform incident validation and remote response.

5. Penetration Testing
Penetration testing, or pen-test, is an important way to evaluate our business's security systems and
security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities exist in
operating systems, services and application, improper configurations or risky end-user behavior. In
Penetration testing, cybersecurity professionals will use the same techniques and processes utilized by
criminal hackers to check for potential threats and areas of weakness.

A pen test attempts the kind of attack a business might face from criminal hackers such as password
cracking, code injection, and phishing. It involves a simulated real-world attack on a network or
application. This tests can be performed by using manual or automated technologies to systematically
evaluate servers, web applications, network devices, endpoints, wireless networks, mobile devices and
other potential points of vulnerabilities. Once the pen test has successfully taken place, the testers will
present us with their findings threats and can help by recommending potential changes to our system.

6. Staff Training
Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees who
understand the cybersecurity which is one of the strongest forms of defence against cyber-attacks.
Today's many training tools available that can educate company's staff about the best cybersecurity
practices. Every business can organize these training tools to educate their employee who can

Head Department Computer Science Dr. Mugtaba

understand their role in cybersecurity.

We know that cyber-criminals continue to expand their techniques and level of sophistication to breach
businesses security, it has made it essential for organizations to invest in these training tools and
services. Failing to do this, they can leave the organization in a position where hackers would be easily
targeted their security system. So, the expense of the investment on these training tools might put a
reward for the business organization with long-term security and protection.

2. Blockchain Revolution
Blockchain technology is the most important invention in computing era. It is the first time in human
history that we have a genuinely native digital medium for peer-to-peer value exchange. The blockchain
is a technology that enables cryptocurrencies like Bitcoin. The blockchain is a vast global platform that
allows two or more parties to do a transaction or do business without needing a third party for
establishing trust.

It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The professionals
in cybersecurity can make some educated guesses regarding blockchain. As the application and utility
of blockchain in a cybersecurity context emerges, there will be a healthy tension but also
complementary integrations with traditional, proven, cybersecurity approaches.

3. IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can be accessible
through the internet. The connected physical devices have a unique identifier (UID) and have the ability
to transfer data over a network without any requirements of the human-to-human or human-to-computer
interaction. The firmware and software which is running on IoT devices make consumer and businesses
highly susceptible to cyber-attacks.

When IoT things were designed, it is not considered in mind about the used in cybersecurity and for
commercial purposes. So every organization needs to work with cybersecurity professionals to ensure
the security of their password policies, session handling, user verification, multifactor authentication,
and security protocols to help in managing the risk.

4. AI Expansion
AI short form is Artificial intelligence. According to John McCarthy, father of Artificial Intelligence
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

defined AI: "The science and engineering of making intelligent machines, especially intelligent
computer programs."

It is an area of computer science which is the creation of intelligent machines that do work and react
like humans. Some of the activities related to artificial intelligence include speech recognition,
Learning, Planning, Problem-solving, etc. The key benefits with AI into our cybersecurity strategy has
the ability to protect and defend an environment when the malicious attack begins, thus mitigating the
impact. AI take immediate action against the malicious attacks at a moment when a threats impact a
business. IT business leaders and cybersecurity strategy teams consider AI as a future protective control
that will allow our business to stay ahead of the cybersecurity technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party cloud infrastructure or
on a back-end service such as google cloud function, Amazon web services (AWS) lambda, etc. The
serverless apps invite the cyber attackers to spread threats on their system easily because the users
access the application locally or off-server on their device. Therefore it is the user responsibility for the
security precautions while using serverless application.

The serverless apps do nothing to keep the attackers away from our data. The serverless application
doesn't help if an attacker gains access to our data through a vulnerability such as leaked credentials, a
compromised insider or by any other means then serverless.

We can run software with the application which provides best chance to defeat the cybercriminals. The
serverless applications are typically small in size. It helps developers to launch their applications
quickly and easily. They don't need to worry about the underlying infrastructure. The web-services and
data processing tools are examples of the most common serverless apps.

 The employees of the organizations mostly acquire IT security certifications.

 The training and the final exam have consisted of the credential process.
 It must be renewed periodically, such as for every 3-4 years.
 To be reaccredited, we'll need continuing education credits and the ability to pass the current
exam.

Costs for Cyber Security Certification

When we want to get the cybersecurity certification, nothing can stop us from getting our dream job if
we have the skills.

We cannot here lie about the expense of the certification. The cybersecurity certification can be

Head Department Computer Science Dr. Mugtaba

expensive and time-consuming.

Any entry-level certification takes three-nine months to complete and costs us back $300-$600 for the
examination. This certification leads to promotion, better job prospects and raise. It will help you to get
a hike in your salary.

Which Certification to Choose

When you want to enroll in entry-level training, you may start by considering the given certification:

1. CompTIA Security+
2. GSEC: GIAC Security Essential Certification
3. SSCP: System Security Certified Practitioner

Spend a little time to study detail about all the above certification categories and compare the CompTIA
Security+, and GSEC has a solid reputation within the industry. It is approved for DoD 8570 Baseline
Information Assurance.

Or you can select security+, which is one of the most well-known beginners' certification. But these
certifications will depend on your level of expertise, and action depends upon your level of expertise
and your field of interest.

Some of the popular certification

CISSP: Certified Information System Security Professional is a high-level certification that is focused
on security policy and management. It is the most frequently acquired certification in the business by
the individuals. It is one of the top-paying IT security certifications.

CISA: Certified Information System Auditor has been designed for the professionals who audit, control,
monitor and assess information technology and business systems.

Head Department Computer Science Dr. Mugtaba

CISM: Certified Information Security Manager has been geared towards people in managerial positions
such as the CIO of IT security.

GCIH: GIAC Certified Incident Handler is for the incident handlers responsible for detecting,
responding to and resolving computer security incidents.

CEH: Certified Ethical Hacker has been discussed among white hat hackers and penetration testers.

OSCP: Offensive Security Certified Professional has been designed for the penetration testers and
includes a rigorous 24-hour certification exam.

Head Department Computer Science Dr. Mugtaba

Implementing Atbash Cipher

Atbash Cipher is a type of substitute cipher in which we can reverse all the alphabet letters in reverse
order with the help of a single cipher key. We can change the order of A-Z to Z-A. It is used to encode
the alphabet into the Hebrew alphabet.

Relationship to Affine

Atbash cipher is a part of Affine cipher in which both keys are used. In Affine cipher, a= 25 and b=25.

Algorithm

The keys which are used in Atibash Cipher are as follows.

1. A B C D E F G H I J K L M N O P Q R S T U V W XY Z
2. Z Y X W V U T S R Q P O N M LK J I H G F E D C B A

Encryption
To encrypt a message, we need to choose the word from the above letters. Then we have to replace the
letter with the below letter. Suppose we have the word "JAVATPOINT ."The first letter of the word is
J, which can be replaced with Q .The second letter is A, which can be replaced with Z. The third letter
of the word is V, which can be replaced with E. The letter T can be replaced with G. The letter P can be
replaced with L. The letter O can be replaced with M. The letter I can be replaced with R.. The letter N
can be replaced with M. The whole message can be encrypted as below.

1. JAVATPOINT
2. QZEZGKLRMG

Decryption

Similarly, if we want to decrypt the message "QZEZGKLRMG," it can be possible by following the
above steps. The letter Q can be replaced with J. The letter Z can be replaced with A. The letter E can
be replaced with V. The letter G can be replaced with T. The letter K can be replaced with P. The letter
L can be replaced with O. The letter R can be replaced with I. The letter M can be replaced with N .The
whole message can be decrypted as below.

1. QZEZGKLRMG
2. JAVATPOINT

The Approach
Here, we can perform the mapping operation of every element with the help of a key value. It looks for
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

the pair in the dictionary, and with the help of the above series, the encryption and decryption process
takes place.

Example:

1. # Python program to implement Atbash Cipher

2. # This script uses dictionaries to lookup various alphabets
3. lookup_table = {'A' : 'Z', 'B' : 'Y', 'C' : 'X', 'D' : 'W', 'E' : 'V',
4. 'F' : 'U', 'G' : 'T', 'H' : 'S', 'I' : 'R', 'J' : 'Q',
5. 'K' : 'P', 'L' : 'O', 'M' : 'N', 'N' : 'M', 'O' : 'L',
6. 'P' : 'K', 'Q' : 'J', 'R' : 'I', 'S' : 'H', 'T' : 'G',
7. 'U' : 'F', 'V' : 'E', 'W' : 'D', 'X' : 'C', 'Y' : 'B', 'Z' : 'A'}
8.
9. def atbash(message):
10. cipher = ''
11. for letter in message:
12. # checks for space
13. if(letter != ' '):
14. #adds the corresponding letter from the lookup_table
15. cipher += lookup_table[letter]
16. else:
17. # adds space
18. cipher += ' '
19.
20. return cipher
21.
22. # Driver function to run the program
23. def main():
24. #encrypt the given message
25. message = 'JAVATPOINT'
26. print(atbash([Link]()))
27.
28. #decrypt the given message
29. message = 'QZEZGKLRMG'
30. print(atbash([Link]()))
31.
32. # Executes the main function
33. if __name__ == '__main__':
34. main()

Output:

QZEZGKLRMG
Head Department Computer Science Dr. Mugtaba
Fadelelmola Elsafi Elnour
‫بسم هللا الرحمن الرحيم‬
Kordofan University - ‫جامعة كردفان‬
Faculty of Computer Studies and Statistics - ‫كلية دراسات الحاسوب واإلحصاء‬
)‫السنة الرابعة ( علوم – تقانة‬

JAVATPOINT

Advantages of Atbash Cipher

Atbash cipher has both a=25 and b=25. So we do not need to write the different functions for encryption
and decryption. So we can reuse the same function for both encryption and decryption.

It has one constant key it is the easiest cipher to break and provides almost no security. Anyone can
assume that it is Atbash and decrypt the message by reversing the letters.

Head Department Computer Science Dr. Mugtaba

Fadelelmola Elsafi Elnour

Java Script PG TRB Computer Instructor 2021 SRT STUDY CIRCLE GROUP
No ratings yet
Java Script PG TRB Computer Instructor 2021 SRT STUDY CIRCLE GROUP
4 pages
Multicore Processors and Software Challenges
No ratings yet
Multicore Processors and Software Challenges
96 pages
Baghdad University M.Sc. Computer Exam 2012
No ratings yet
Baghdad University M.Sc. Computer Exam 2012
13 pages
Structures and Strategies For State Space Search
No ratings yet
Structures and Strategies For State Space Search
49 pages
اسئلة ميدتيرم مادة اساسيات الامن السيبراني
No ratings yet
اسئلة ميدتيرم مادة اساسيات الامن السيبراني
8 pages
Digital Image Processing Solutions Manual
No ratings yet
Digital Image Processing Solutions Manual
142 pages
Cloud Computing, Service-Oriented Computing, Distributed Computing, and Virtualization
No ratings yet
Cloud Computing, Service-Oriented Computing, Distributed Computing, and Virtualization
26 pages
- ⁨تجميع أسئلة برمجة جافا 1⁩
No ratings yet
- ⁨تجميع أسئلة برمجة جافا 1⁩
9 pages
Data Structures Complexity CheatSheet
No ratings yet
Data Structures Complexity CheatSheet
3 pages
Knowledge Economy and Digital Transformation
100% (1)
Knowledge Economy and Digital Transformation
16 pages
Data Structures & Algorithms MCQs
No ratings yet
Data Structures & Algorithms MCQs
26 pages
PHP String Functions Guide
No ratings yet
PHP String Functions Guide
12 pages
Theory of Computation Question Paper 2015 - Tutorialsduniya
No ratings yet
Theory of Computation Question Paper 2015 - Tutorialsduniya
7 pages
Multiple Choice Questions
No ratings yet
Multiple Choice Questions
16 pages
Computation Theory: Lecture One
100% (2)
Computation Theory: Lecture One
7 pages
Web Services Basics: Mike P. Papazoglou Mikep@uvt - NL
No ratings yet
Web Services Basics: Mike P. Papazoglou Mikep@uvt - NL
35 pages
Deep Learning Concepts
No ratings yet
Deep Learning Concepts
13 pages
Basic Computer Instructor: Paper-I
No ratings yet
Basic Computer Instructor: Paper-I
2 pages
All Model Paper BCA
No ratings yet
All Model Paper BCA
12 pages
This Set of Software Engineering Multiple Choice Questions & Answers (MCQS) Focuses On "Software Engineering Ethics - 1"
No ratings yet
This Set of Software Engineering Multiple Choice Questions & Answers (MCQS) Focuses On "Software Engineering Ethics - 1"
6 pages
OOP vs Procedural Programming Basics
No ratings yet
OOP vs Procedural Programming Basics
35 pages
WSN DS A Dataset For Intrusion Detection
No ratings yet
WSN DS A Dataset For Intrusion Detection
17 pages
Questions and Answers For Object Oriented Progamming in C++
No ratings yet
Questions and Answers For Object Oriented Progamming in C++
77 pages
Template-01 - FYP Registration & Supervisor Consent Form-1
No ratings yet
Template-01 - FYP Registration & Supervisor Consent Form-1
4 pages
First Year B.Sc. Computer Science Subjects
No ratings yet
First Year B.Sc. Computer Science Subjects
129 pages
COMPUTER NETWORKS OSI MODEL MCQs
No ratings yet
COMPUTER NETWORKS OSI MODEL MCQs
52 pages
Bihar STET Paper 2
No ratings yet
Bihar STET Paper 2
3 pages
Junior Training Sheet - Template - V7.0 PDF
No ratings yet
Junior Training Sheet - Template - V7.0 PDF
45 pages
Identity and Access Management
No ratings yet
Identity and Access Management
3 pages
Unit-1 Lecture PPT Notes
No ratings yet
Unit-1 Lecture PPT Notes
96 pages
Data Structures and Algorithm - 1st Exam
No ratings yet
Data Structures and Algorithm - 1st Exam
14 pages
UGC NET OS Exam Prep
No ratings yet
UGC NET OS Exam Prep
6 pages
Data Structures for CS Students
No ratings yet
Data Structures for CS Students
50 pages
Ui Ux Materials
No ratings yet
Ui Ux Materials
1 page
Unit II Notes
No ratings yet
Unit II Notes
36 pages
Big O Notation and Algorithm Efficiency
No ratings yet
Big O Notation and Algorithm Efficiency
20 pages
LDP-1 MCQ Reference Ques
No ratings yet
LDP-1 MCQ Reference Ques
34 pages
Ds Mindmap New
No ratings yet
Ds Mindmap New
6 pages
ChatGPT - MyLearning On Research Methodology in Computer Science
No ratings yet
ChatGPT - MyLearning On Research Methodology in Computer Science
22 pages
PHD IT Entrance Examination Guide 2022
No ratings yet
PHD IT Entrance Examination Guide 2022
3 pages
Mathematical Logic and Proof Techniques
No ratings yet
Mathematical Logic and Proof Techniques
21 pages
UPPSC Computer Old Paper
No ratings yet
UPPSC Computer Old Paper
10 pages
Computer Architecture Cheat Sheet
No ratings yet
Computer Architecture Cheat Sheet
1 page
Big Data Analytics Course Syllabus
No ratings yet
Big Data Analytics Course Syllabus
4 pages
Postal: Computer Science & IT
100% (1)
Postal: Computer Science & IT
2 pages
Algorithm Exam for CS Students
No ratings yet
Algorithm Exam for CS Students
49 pages
Understanding De-normalization in DBMS
No ratings yet
Understanding De-normalization in DBMS
10 pages
Iot Stet Notes
100% (1)
Iot Stet Notes
48 pages
Academic Performance Factors Survey
No ratings yet
Academic Performance Factors Survey
5 pages
Test Bank For Invitation To Computer Science 7th Edition
No ratings yet
Test Bank For Invitation To Computer Science 7th Edition
11 pages
M2-R4 Internet Technology and Web Design PDF
100% (1)
M2-R4 Internet Technology and Web Design PDF
17 pages
Owasp MCQ
No ratings yet
Owasp MCQ
16 pages
SprankleCh1 Ed9
No ratings yet
SprankleCh1 Ed9
8 pages
Data Structure and Algorithm MCQs
No ratings yet
Data Structure and Algorithm MCQs
9 pages
Syllabus PGT Computer Science PDF
No ratings yet
Syllabus PGT Computer Science PDF
8 pages
3.0 Cyber Security Notes
No ratings yet
3.0 Cyber Security Notes
76 pages
Understanding Cyber Security Basics
No ratings yet
Understanding Cyber Security Basics
9 pages
Comprehensive Cyber Security Guide
No ratings yet
Comprehensive Cyber Security Guide
78 pages
Cyber Security Tutorial
No ratings yet
Cyber Security Tutorial
80 pages
What Is Cyber Security
No ratings yet
What Is Cyber Security
12 pages
Sigma Sustainability Report 2022 1
No ratings yet
Sigma Sustainability Report 2022 1
87 pages
Joseph of Arimathea: The Man With Two Graves by Jonathan Gray
100% (1)
Joseph of Arimathea: The Man With Two Graves by Jonathan Gray
65 pages
Mixed Research in Built Environment
No ratings yet
Mixed Research in Built Environment
21 pages
Tugas Bahasa Inggris, Humam Budi Atsany, Kelas 10.G
No ratings yet
Tugas Bahasa Inggris, Humam Budi Atsany, Kelas 10.G
2 pages
( ) 1.the Art of Communication (05) - ( ) 3 (20 ) (Q)
No ratings yet
( ) 1.the Art of Communication (05) - ( ) 3 (20 ) (Q)
6 pages
Fiji GEDSI Assessment Application Form
No ratings yet
Fiji GEDSI Assessment Application Form
11 pages
First Break All The Rules Summary
No ratings yet
First Break All The Rules Summary
2 pages
ZPAPM70 Manual ZA USA
No ratings yet
ZPAPM70 Manual ZA USA
30 pages
Journ 9 Q3 Exam
No ratings yet
Journ 9 Q3 Exam
5 pages
Personal Details: Application For The Use of Remita Platform
No ratings yet
Personal Details: Application For The Use of Remita Platform
1 page
English Prediction Exercises
No ratings yet
English Prediction Exercises
10 pages
Math Teacher Application - Karren Savuro
No ratings yet
Math Teacher Application - Karren Savuro
10 pages
Challenges in Writing Computer Essays
100% (2)
Challenges in Writing Computer Essays
6 pages
Text - D724992a - Chennai Region - Infosys
No ratings yet
Text - D724992a - Chennai Region - Infosys
28 pages
Miss Finch Assignment
No ratings yet
Miss Finch Assignment
4 pages
Sourcing Template Config
No ratings yet
Sourcing Template Config
48 pages
Ttranslation of Neologisms
No ratings yet
Ttranslation of Neologisms
50 pages
Mid Assignment
No ratings yet
Mid Assignment
33 pages
Liberating Perspectives on Human Impairment
No ratings yet
Liberating Perspectives on Human Impairment
19 pages
Notice Supplementary Exam 2025 Class X XII
No ratings yet
Notice Supplementary Exam 2025 Class X XII
6 pages
New Perspectives on Translation History
No ratings yet
New Perspectives on Translation History
30 pages
CUK Teaching Positions Recruitment
No ratings yet
CUK Teaching Positions Recruitment
12 pages
Wuthering Heights and Violation Of: Class
No ratings yet
Wuthering Heights and Violation Of: Class
5 pages
Amura Health February 2024 Payslip
No ratings yet
Amura Health February 2024 Payslip
1 page
Ayres Loadmaster DSU Case Study
No ratings yet
Ayres Loadmaster DSU Case Study
26 pages
Personal Background and Career Aspirations
No ratings yet
Personal Background and Career Aspirations
8 pages
Concentration of Wealth in Canada
100% (2)
Concentration of Wealth in Canada
259 pages
T'boli Tribe: Culture and Heritage
No ratings yet
T'boli Tribe: Culture and Heritage
4 pages
Unit 1 - Sales Management: Chapter 1: Evolution of Sales Function
No ratings yet
Unit 1 - Sales Management: Chapter 1: Evolution of Sales Function
6 pages
BF Project Monitoring and Control Template - Google Sheets
No ratings yet
BF Project Monitoring and Control Template - Google Sheets
5 pages