UNIT-4

Cyber Security Threats:

Cybersecurity threats refer to any potential attacks, vulnerabilities, or dangers that could lead
to unauthorized access, data breaches, or damage to digital systems, networks, and data.
These threats can be both active and passive, with each having its own characteristics,
methods of execution, and consequences.

1. Security Threats and Attacks

Passive Attacks:

 Passive attacks are those where the attacker monitors or eavesdrops on the
communication or system without actively disrupting or altering it.
 Purpose: The main aim is to gather information (e.g., passwords, private
conversations, sensitive data).
 Example: Sniffing or Traffic Analysis.

Active Attacks:

 Active attacks involve an attacker actively trying to alter, disrupt, or damage the
system or network.
 Purpose: The aim is to steal, modify, or destroy data, or disrupt system operations.
 Example: Denial-of-Service (DoS) or Man-in-the-Middle (MITM) attacks.

2. Types and Effects of Cyber Security Threats

1. Computer Virus:
o Definition: A computer virus is malicious software that attaches itself to a
legitimate program or file and spreads to other files and programs when
executed.
o Effect: Corrupts files, disrupts system operations, and can cause data loss or
system crashes.
o Example: ILOVEYOU virus, which spread via email in 2000.
2. Malware (Malicious Software):
o Definition: Malware is a broad category of harmful software designed to
exploit or damage systems. It includes viruses, worms, Trojans, spyware,
adware, etc.
o Effect: Malware can damage files, steal data, monitor user activities, or
disrupt system functioning.
o Example: Conficker, a well-known worm that infected millions of computers
globally.
3. Adware:
o Definition: Adware is software that automatically displays or downloads
unwanted advertisements on a user's computer.
o Effect: Slows down the system and floods the user with unwanted ads. It may
also track online behavior.
o Example: Unwanted pop-up ads that appear during internet browsing.

4. Ransomware:
o Definition: Ransomware is a type of malware that encrypts the user's files or
locks their system and demands a ransom to restore access.
o Effect: Critical data is held hostage until the victim pays the ransom, often
leading to financial and reputational damage.
o Example: WannaCry ransomware attack that affected computers worldwide
in 2017.

5. Spyware:
o Definition: Spyware is software that secretly monitors and collects
information from a user’s system without their consent.
o Effect: It can steal sensitive information like passwords, credit card details, or
track browsing habits.
o Example: Keyloggers, which record keystrokes to capture passwords.

6. Emotet:
o Definition: Emotet is a type of malware that functions as a loader, spreading
other types of malicious payloads like ransomware and stealing sensitive data.
o Effect: It spreads via phishing emails and can lead to massive data breaches
and financial loss.
o Example: Emotet campaigns often disguise malicious links or attachments in
emails.

7. Identity Theft:
o Definition: Identity theft occurs when cybercriminals steal someone’s
personal information to commit fraud or impersonate the individual.
o Effect: Affected individuals may suffer financial losses, credit damage, and
loss of reputation.
o Example: Using stolen personal information to open credit accounts in
another person’s name.

8. Denial of Service (DoS):

 o Definition: A DoS attack aims to overload a system or network with traffic,
making it unavailable to legitimate users.
o Effect: Disrupts services, causing downtime and loss of business productivity.
o Example: Distributed Denial-of-Service (DDoS) attacks use multiple
systems to flood a server.

9. Man-in-the-Middle (MITM) Attack:

o Definition: In a MITM attack, an attacker intercepts and potentially alters
communication between two parties without their knowledge.
o Effect: Sensitive information such as passwords, credit card details, or
personal messages can be stolen.
o Example: Intercepting communication between a user and a bank website to
steal login credentials.

10. Phishing:
o Definition: Phishing is a type of cyberattack where attackers trick users into
divulging personal information, usually through fake emails or websites.
o Effect: The victim may provide sensitive information, which is then used for
fraudulent activities.
o Example: A fake email claiming to be from a bank asking for account details.

11. SQL Injection:

o Definition: SQL injection is an attack where malicious SQL code is inserted
into an input field, allowing attackers to access and manipulate a website's
database.
o Effect: Sensitive data such as user credentials, credit card details, or personal
information may be stolen or altered.
o Example: Attacker submitting OR 1=1 into a login form to bypass
authentication.

12. Password Attacks:

o Definition: Password attacks are attempts to steal or guess a password to gain
unauthorized access to a system.
o Types of attacks:
 Brute Force Attack: Trying every possible combination of passwords.
 Dictionary Attack: Using a list of common words or passwords to
guess the correct one.
 Rainbow Table Attack: Using precomputed hash values to quickly
find matching passwords.
o Effect: Unauthorized access to accounts, leading to data theft or system
compromise.
Network Security:

Network security involves implementing measures to protect the integrity, confidentiality,

and accessibility of data and resources on a network. It helps defend against unauthorized
access, attacks, and breaches.

1. Risk Assessment and Security Measures

Risk Assessment:

 Definition: Risk assessment in network security involves identifying, analyzing, and

evaluating potential security risks that could threaten a network's infrastructure and
data.
 Process:
1. Identify Assets: What is valuable? This includes data, systems, and
applications.
2. Identify Threats and Vulnerabilities: Determine possible threats and
weaknesses (e.g., outdated software, poor network segmentation).
3. Assess Risks: Evaluate the potential impact and likelihood of threats to assets.
4. Implement Mitigation Measures: Develop and apply measures to reduce or
eliminate risks (e.g., firewalls, encryption).

Security Measures:

 Security measures are the protocols, tools, and practices used to protect a network
from cyber threats.
 Examples include firewalls, encryption, antivirus software, multi-factor authentication
(MFA), etc.

2. Types of Network Security Assets

1. Data:
oSensitive information stored or transmitted across the network (e.g., personal
data, financial records).
o Security Measure: Use of encryption, access controls, and secure data
transmission protocols.
2. Applications:
o Software programs used on the network that may contain vulnerabilities.
o Security Measure: Regular application updates, secure software development
practices, and vulnerability scanning.
3. Systems:
o Hardware and operating systems that support network infrastructure.
o Security Measure: Installing security patches, using strong authentication
mechanisms, and securing endpoints.
 4. Network:
o The actual physical and virtual communication pathways that allow data to
flow.
o Security Measure: Network segmentation, firewall rules, and intrusion
detection/prevention systems (IDS/IPS).

3. Security Issues and Security Measures

Firewall:

 A firewall is a network security device that monitors and controls incoming and
outgoing network traffic based on predetermined security rules.
 Function: It acts as a barrier between a trusted internal network and untrusted
external networks (e.g., the internet).
 Types:
o Packet Filtering Firewalls
o Stateful Inspection Firewalls
o Proxy Firewalls
o Next-Generation Firewalls (NGFW)

Encryption/Decryption:

 Encryption is the process of converting data into a code to prevent unauthorized

access, and decryption is the reverse process of converting encrypted data back into
its original form.
 Function: Ensures the confidentiality and integrity of data during transmission or
storage.
 Common Algorithms:
o AES (Advanced Encryption Standard)
o RSA (Rivest-Shamir-Adleman)
o TLS/SSL (Transport Layer Security / Secure Sockets Layer) for secure
communication over the internet.

4. Prevention Measures

1. Intrusion Detection and Prevention Systems (IDPS):

o IDPS tools are used to detect and prevent potential threats and attacks in real-
time.
o IDS monitors network traffic for suspicious activities, while IPS can take
action to block or prevent attacks.
2. Multi-Factor Authentication (MFA):
o Requires users to provide two or more forms of verification before gaining
access to sensitive systems or data (e.g., a password plus a fingerprint or code
sent to a mobile device).
3. Access Control:
 o Limit access to systems and data based on the user’s role or clearance level.
This is often done through Role-Based Access Control (RBAC).
4. Regular Updates and Patching:
o Keeping software, hardware, and systems updated is crucial to prevent
exploitation of known vulnerabilities.
5. Security Awareness Training:
o Training employees and users to recognize phishing attempts, malicious links,
and safe practices is vital for reducing human error.