Unit 1

Introduction to Information Security

Prepared by
Mrs. D. D. Pawar
What is Information
• Information is the output that results from
analysing, contextualizing, structuring,
interpreting or in other ways processing data.
• Information infuses meaning and value into the
data.
• Data is a collection of text, numbers and
symbols with no meaning.
• Information is the result of processing data,
usually by computer.
• Information can be about facts, things,
concepts, or anything relevant to the topic
concerned. It may provide answers to questions
like who, which, when, why, what, and how.
Information System
• An information system (IS) is a collection of hardware, software, data, and
people that work together to collect, process, store, and disseminate
information.
• An IS can be used for a variety of purposes, such as supporting business
operations, decision making, and communication.
• Types of Information System
• Transaction Processing Systems (TPS)
• Management Information Systems (MIS)
• Decision Support Systems (DSS)
• Executive Support Systems (ESS)
• Enterprise Resource Planning (ERP)
• Customer Relationship Management (CRM)
• Supply Chain Management (SCM)
• Geographic Information Systems (GIS)
 Information Security
• Information security is the practice of protecting information by mitigating
information risks.

• It involves the protection of information systems and the information processed,

stored, and transmitted by these systems from unauthorized access, use,
disclosure, disruption, modification, or destruction.

• This includes the protection of personal information, financial information, and

sensitive or confidential information stored in both digital and physical forms.

• Effective information security requires a comprehensive and multi-disciplinary

approach, involving people, processes, and technology.
 Need of Information Security
• Protecting Confidential Information: Confidential information, such as personal data,
financial records, trade secrets, and intellectual property, must be kept secure to
prevent it from falling into the wrong hands. This type of information is valuable and
can be used for identity theft, fraud, or other malicious purposes.

• Complying with Regulations: Many industries, such as healthcare, finance, and

government, are subject to strict regulations and laws that require them to protect
sensitive data. Failure to comply with these regulations can result in legal and
financial penalties, as well as damage to the organization’s reputation.

• Maintaining Business Continuity: Information security helps ensure that critical

business operations can continue in the event of a disaster, such as a cyber-attack or
natural disaster.
• Protecting Customer Trust: Customers expect organizations to keep their data safe
and secure. Breaches or data leaks can erode customer trust, leading to a loss of
business and damage to the organization’s reputation.

• Preventing Cyber-attacks: Cyber-attacks, such as viruses, malware, phishing, and

ransomware, are becoming increasingly sophisticated and frequent. Information
security helps prevent these attacks and minimizes their impact if they do occur.

• Protecting Employee Information: Organizations also have a responsibility to

protect employee data, such as payroll records, health information, and personal
details. This information is often targeted by cybercriminals, and its theft can lead
to identity theft and financial fraud.
Information classification
• It is a process used in information security to categorize data based on its
level of sensitivity and importance.

• The purpose of classification is to protect sensitive information by

implementing appropriate security controls based on the level of risk
associated with that information.
General Classification of Information
• Public: Information that is not sensitive and can be shared freely with anyone.
• Internal: Information that is sensitive but not critical, and should only be shared
within the organization.
• Confidential: Information that is sensitive and requires protection, and should only
be shared with authorized individuals or groups.
• Secret: Information that is extremely sensitive and requires the highest level of
protection, and should only be shared with a select group of authorized
individuals.
• Top Secret: Information that if disclosed would cause exceptionally grave damage
to the national security and access to this information is restricted to a very small
number of authorized individuals with a need-to-know.
Schemes for Information Classifications as follows.

• Government Organization

1. Unclassified – Information that is neither sensitive nor classified. The public release of
this information does not violate confidentiality.
2. Sensitive but Unclassified – Information that has been designed as a major secret but
may not create serious damage if disclosed.
3. Confidential – The unauthorized disclosure of confidential information could cause some
damage to the country’s national security
4. Secret – The unauthorized disclosure of this information could cause serious damage to
the countries national security.
5. Top Secret – It is the highest level of information classification. Any unauthorized
disclosure of top-secret information will cause grave damage to the country’s national
security.
 • Private Organizations

1. Public – Information that is similar to unclassified information. However, if it is

disclosed, it is not expected to seriously impact the company.

2. Sensitive – Information that required a higher level of classification than normal

data. This information is protected from a loss of confidentiality as well as from
loss of integrity owing to an unauthorized alteration.

3. Private – Typically, this is the information i.e. considered of a personal nature and
is intended for company use only, its disclosure could adversely affect the company
or its employee salary levels and medical information could be considered as
examples of “private information”.
 Criteria for Information Classification
• Value – It is the most commonly used criteria for classifying data in the private sector. If the
information is valuable to an organization it needs to be classified.

• Age – The classification of the information may be lowered if the information value
decreases over time.

• Useful Life – Information will be more useful if it will be available to make the changes as
per requirements than, it will be more useful.

• Personal association – If the information is personally associated with a specific individual

or is addressed by a privacy law then it may need to be classified.
Basic Principles of Information Security
Confidentiality
• This first principle is meant to prevent the unauthorized access or
disclosure of enterprise information; it seeks to assure that only
authorized users have access to data. The confidentiality principle
is considered to be compromised when someone who doesn’t
have the proper authorization is able to access your organization’s
data and then damage, compromise, or delete it.
Integrity
• Data integrity is about maintaining the data’s accuracy,
trustworthiness, consistency, and reliability. This means that the
data should not be compromised or improperly modified (either
inadvertently or maliciously) by someone without the proper
authority.
Availability
• Availability means that information is easily accessible to
authorized users whenever needed, minimizing interruptions or
downtime.
• The main purpose of availability is to provide data, technological
infrastructure, and applications when the organisation needs
them.
• Data stored on the cloud is an example of availability. Herein
authorised individuals can easily access data from any device
connected to the system.
Cyber Attack
• A cyber attack occurs when hackers try to penetrate computer systems or networks
with a personal agenda or some purpose to damage or steal information by gaining
unauthorized access to computer systems.

• It is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and
identity theft.
• It can occur to anyone, either companies or government agencies, which can then
have stolen data and financial losses.
Types of Attack
• Active Attacks
• In active attacks, the attacker intercepts the connection
and efforts to modify the message's content.
• It is dangerous for integrity and availability of the
message. Active attacks involve Masquerade,
Modification of message, Repudiation, Replay, and Denial
of service.
• In active attacks, the victim gets notified about the
attack. The implication of an active attack is typically
difficult and requires more effort.
• They can be prevented by any of following measures
1) Use of one-time password help in the authentication
of the transactions between two parties.
2) There could be a generation of the random session key
that will be valid for a single transaction. It should
prevent the malicious user from retransmitting the
actual information once the session ends.
 Passive Attack
• In passive attacks, the attacker observes the messages,
then copy and save them and can use it for malicious
purposes.
• The attacker does not try to change the information or
content he/she gathered. Although passive attacks do
not harm the system, they can be a danger for the
confidentiality of the message.
• Unlike active attacks, in passive attacks, victims do not
get informed about the attack. It is difficult to detect as
there is no alteration in the message.
• Passive attacks can be prevented by using some
encryption techniques.
1) We should avoid posting sensitive information or
personal information online. Attackers can use this
information to hack your network.
2) We should use the encryption method for the messages
and make the messages unreadable for any unintended
 Denial of Service(DOS)
• Denial of Service (DoS) is a form of
cybersecurity attack that involves denying
the intended users of the system or
network access by flooding traffic or
requests.
• In this DoS attack, the attacker floods a
target system or network with traffic or
requests in order to consume the available
resources such as bandwidth, CPU cycles,
or memory and prevent legitimate users
from accessing them.
• For example, if a bank website can handle
10 people a second by clicking the Login
button, an attacker only has to send 10 fake
requests per second to make it so no
Distributed Denial of Service(Ddos)
• DDoS (Distributed Denial of Service) is a more sophisticated type of DoS attack.
• It is a type of DOS attack where multiple systems, which are trojan infected, target a
particular system which causes a DoS attack.
Backdoor
• A backdoor attack is a way to access a computer system or encrypted data that
bypasses the system's customary security mechanisms.
• A developer may create a backdoor so that an application, operating system (OS) or
data can be accessed for troubleshooting or other purposes. Attackers make use of
backdoors that software developers install, and they also install backdoors
themselves as part of a computer exploit.
• Examples
• Microsoft Exchange Server Vulnerabilities
• In 2021, hackers exploited vulnerabilities in Microsoft Exchange Server to install backdoors
on thousands of servers.
• Samsung Android Backdoor
• In 2014, a backdoor was discovered in some Samsung Android products, including the
Galaxy devices. This backdoor allowed remote access to the data stored on the device.
Trapdoor
• A trap door is kind of a secret entry point into a program that allows anyone to gain
access to any system without going through the usual security access procedures.
• Another definition of a trap door is it is a method of bypassing normal authentication
methods. Therefore it is also known as a back door.
• Trap Doors are quite difficult to detect and also in order to find them the
programmers or the developers have to go through the components of the system.
• Programmers use Trap door legally to debug and test programs. Trap doors turn to
threats when any dishonest programmers gain illegal access.
• Program development and software update activities should be the first focus of
security measures. The operating system that controls the trap doors is difficult to
implement.
Sniffing
• Sniffing is the process of monitoring and capturing all the packets passing through a
given network using sniffing tools. It is a form of “tapping phone wires” and get to
know about the conversation.
• There is so much possibility that if a set of enterprise switch ports is open, then one
of their employees can sniff the whole traffic of the network. Anyone in the same
physical location can plug into the network using Ethernet cable or connect
wirelessly to that network and sniff the total traffic.
What can be sniffed?

• Email traffic
• FTP passwords
• Web traffics
• Telnet passwords
• Router configuration
• Chat sessions
• DNS traffic
How to prevent sniffing attacks
• Use Encrypted Connections
• Use Secure Networks
• Keep Devices and Software Updated
• Use Firewall Protection
• Monitor Your Network
• Beware of Malicious Emails and Attachments
• Use Strong, Unique Passwords
Phishing
• Phishing is a form of online fraud in which hackers attempt to get your private
information such as passwords, credit cards, or bank account data.
• This is usually done by sending false emails or messages that appear to be from
trusted sources like banks or well-known websites.
• They aim to convince you so that they can manage to have your information and use
it as a fraudster. Always ensure that you are certain about whom you are dealing
with before you provide any information.
• The main motive of the attacker behind phishing is to gain confidential information
like:
• Password
• Credit card details
• Social security numbers
• Date of birth
How is Phishing Carried Out

• Clicking on an unknown file or attachment

• Using an open or free wifi hotspot

• Responding to social media requests

• Clicking on unauthenticated links or ads

How to prevent Phishing
• Authorized Source: Download software from authorized sources only where you have
trust.
• Confidentiality: Never share your private details with unknown links and keep your data
safe from hackers.
• Check URL: Always check the URL of websites to prevent any such attack. it will help you
not get trapped in Phishing Attacks.
• Avoid replying to suspicious things: If you receive an email from a known source but
that email looks suspicious, then contact the source with a new email rather than using
the reply option.
• Phishing Detection Tool: Use phishing-detecting tools to monitor the websites that are
crafted and contain unauthentic content.
• Try to avoid free wifi: Avoid using free Wifi, it will lead to threats and Phishing.
• Keep your system updated: It’s better to keep your system always updated to protect
from different types of Phishing Attacks.
• Keep the firewall of the system ON: Keeping ON the firewalls helps you filter ambiguous
and suspicious data and only authenticated data will reach you.
Spoofing
• Spoofing is a sort of fraud in which someone or something forges the sender’s
identity and poses as a reputable source, business, colleague, or other trusted
contact in order to obtain personal information, acquire money, spread malware, or
steal data.

• Types of Spoofing:
• IP Spoofing
• ARP Spoofing
• Email Spoofing
• Website Spoofing Attack
• DNS Spoofing
Man in the Middle Attack
• A man-in-the-middle (MITM) attack is a cyberattack in which a hacker steals sensitive
information by eavesdropping on communications between two online targets such as
a user and a web application.If an attacker puts himself between a client and a
webpage, a Man-in-the-Middle (MITM) attack occurs. This form of assault comes in
many different ways.
• Phishing attacks are one common means of entry for MITM attackers. By clicking on a
malicious link in an email, a user can unknowingly launch a man-in-the browser
attack.
• MITM attacker might also eavesdrop on private communications between two people.
In this scenario, the attacker diverts and relays messages between the two people,
sometimes altering or replacing messages to control the conversation.
• For example, In order to intercept financial login credentials, a fraudulent banking
website can be used. Between the user and the real bank webpage, the fake site lies
"in the middle."
Types of MITM Attack
Prevention of MITM

1. Wireless access point (WAP) Encryption

2. Use a VPN

3. Public Key Pair Authentication

4. Strong Network User Credentials

5. Communication security

6. Avoid using public wi-fi

Replay attack
• In this attack, the hacker or any person with unauthorized access, captures the traffic
and sends communication to its original destination, acting as the original sender.
• The receiver feels that it is an authenticated message but it is actually the message
sent by the attacker. The main feature of the Replay Attack is that the client would
receive the message twice, hence the name, Replay Attack.
• It occurs when a cybercriminal eavesdrops on a secure network communication,
intercepts it, and then fraudulently delays or resends it to misdirect the receiver into
doing what the hacker wants.
Prevention from Replay Attack
• Timestamp method –
Prevention from such attackers is possible, if timestamp is used along with the data.
Supposedly, the timestamp on a data is more than a certain limit, it can be discarded,
and sender can be asked to send the data again.

• Session key method –

Another way of prevention, is by using session key. This key can be used only once
(by sender and receiver) per transaction, and cannot be reused.
TCP/IP Hijacking
• TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is a
communication protocol by which network devices interconnect on the internet and
communicate with each other.
• TCP/IP hijacking is a man-in-the-middle network attack. This is a network attack where
an authorized user can gain access to another user’s or client’s authorized network
connection.
• After hijacking a TCP/IP session, an attacker is able to easily read and modify the
transferred packets and the hacker is also able to send its own requests to the user.
• The first major goal of an attacker is to obtain the IPs of two devices that
communicate using the same network or connection. To do this, the attacker
monitors the data transmission on the network until the IP of the device is obtained.
• After successfully grabbing the user IP. Hackers can easily attack the connection.
• In order to gain access to the connection, the hacker put down the connection of
another user through a DOS attack, and the user’s connection waits for reconnection.
• By spoofing the disconnected user’s IP, hackers can easily restore communication.
Preventive Measures

• Do not click on unwanted or unknown links.

• Check the web application for all errors.
• Use an Intrusion Detection System (IDS) to monitor network traffic for unwanted or
unknown activity and detect ARP spoofing/poisoning.
• Use a switch instead of a hub for increased security.
• Always send the session ID over SSL for increasing security.
• Use a different number of session IDs for each page.
• Always use a secure protocol like HTTP instead of a plain text protocol like HTTP, until
you don’t know which is right.
Social Engineering
• Social engineering is a manipulation technique that exploits human error to gain
private information, access, or valuables.
• In cybercrime, these “human hacking” scams tend to lure unsuspecting users into
exposing data, spreading malware infections, or giving access to restricted systems.
Attacks can happen online, in-person, and via other interactions.
• Generally, social engineering attackers have one of two goals:
• Sabotage: Disrupting or corrupting data to cause harm or inconvenience.
• Theft: Obtaining valuables like information, access, or money.
Malware
• Malware is software that gets into the system without user consent to steal the
user’s private and confidential data, including bank details and passwords.
• Malware can take many forms. Individuals and organizations need to be aware of the
different types of malware and take steps to protect their systems, such as using
antivirus software, keeping software and systems up-to-date, and being cautious
when opening email attachments or downloading software from the internet.
• They also generate annoying pop-up ads and change system settings.
Malware includes computer viruses, worms, Trojan horses, ransomware, spyware,
and other malicious programs.
• Viruses – A Virus is a malicious executable code attached to another executable file.
The virus spreads when an infected file is passed from system to system. Viruses can be
harmless or they can modify or delete data. Opening a file can trigger a virus. Once a
program virus is active, it will infect other programs on the computer.
• Worms – Worms replicate themselves on the system, attaching themselves to different
files and looking for pathways between computers, such as computer network that
shares common file storage areas. Worms usually slow down networks. A virus needs a
host program to run but worms can run by themselves. After a worm affects a host, it
is able to spread very quickly over the network.
• Trojan horse – A Trojan horse is malware that carries out malicious operations under
the appearance of a desired operation such as playing an online game. A Trojan horse
varies from a virus because the Trojan binds itself to non-executable files, such as
image files, and audio files.
• Ransomware – Ransomware grasps a computer system or the data it contains until the
victim makes a payment. Ransomware encrypts data in the computer with a key that is
unknown to the user. The user has to pay a ransom (price) to the criminals to retrieve
data. Once the amount is paid the victim can resume using his/her system.
• Adware – It displays unwanted ads and pop-ups on the computer. It comes along with
software downloads and packages. It generates revenue for the software distributer by
displaying ads.
• Spyware – Its purpose is to steal private information from a computer system for a third
party. Spyware collects information and sends it to the hacker.
• Logic Bombs – A logic bomb is a malicious program that uses a trigger to activate the
malicious code. The logic bomb remains non-functioning until that trigger event happens.
Once triggered, a logic bomb implements a malicious code that causes harm to a computer.
• Rootkits – A rootkit modifies the OS to make a backdoor. Attackers then use the backdoor to
access the computer distantly. Most rootkits take advantage of software vulnerabilities to
modify system files.
• Backdoors – A backdoor bypasses the usual authentication used to access a system. The
purpose of the backdoor is to grant cyber criminals future access to the system even if the
organization fixes the original vulnerability used to attack the system.
• Keyloggers – Keylogger records everything the user types on his/her computer system to
obtain passwords and other sensitive information and send them to the source of the
keylogging program.
Threat and Risk Analysis
Introduction to Asset
• An asset is any data, device or other component of an organisation’s systems that is
valuable – often because it contains sensitive data or can be used to access such
information.
• For example, an employee’s desktop computer, laptop or company phone would be
considered an asset, as would applications on those devices.
• An organization's most common assets are information assets. These are things such
as databases and physical files – i.e. the sensitive data that you store.
Threat
• A threat is any incident that could negatively affect an asset – for example, if it’s lost,
knocked offline or accessed by an unauthorized party.
• Threats can be categorized as circumstances that compromise the confidentiality,
integrity or availability of an asset, and can either be intentional or accidental.
• Intentional threats include things such as criminal hacking or a malicious insider
stealing information, whereas accidental threats generally involve employee error, a
technical malfunction or an event that causes physical damage, such as a fire or
natural disaster.
• Types of Threat
• Intentional-Malware, phishing, and accessing someone’s account illegally, etc
• Unintentional- Unintentional threats are considered human errors, for example, forgetting
to update the firewall or the anti-virus could make the system more vulnerable.
• Natural- Natural disasters can also damage the data, they are known as natural threats.
 Vulnerability
• A vulnerability is an organizational flaw that can be exploited by a threat to destroy, damage or
compromise an asset.
• You are most likely to encounter a vulnerability in your software, due to their complexity and
the frequency with which they are updated. These weaknesses, known as bugs, can be used by
criminal hackers to access to sensitive information.
• Vulnerabilities include inherent human weaknesses, such as our susceptibility to phishing
emails; structural flaws in the premises, such as a leaky pipe near a power outlet; and
communication errors, such as employees’ sending information to the wrong person.
• Types of Vulnerability
• Network- Network vulnerability is caused when there are some flaws in the network’s hardware or
software.
• Operating system- When an operating system designer designs an operating system with a policy
that grants every program/user to have full access to the computer, it allows viruses and malware to
make changes on behalf of the administrator.
• Human- Users’ negligence can cause vulnerabilities in the system.
• Process- Specific process control can also cause vulnerabilities in the system.
 Risk
• Cyber risk is a potential consequence of the loss or damage of assets or data caused by a
cyber threat. Risk can never be completely removed, but it can be managed to a level that
satisfies an organization’s tolerance for risk. So, our target is not to have a risk-free system,
but to keep the risk as low as possible.
• Cyber risks can be defined with this simple formula- Risk = Threat + Vulnerability.
• Types of Risk
• External- External cyber risks are those which come from outside an organization, such as
cyberattacks, phishing, ransomware, DDoS attacks, etc.
• Internal- Internal cyber risks come from insiders. These insiders could have malicious intent or
are just not be properly trained.