SlideShare a Scribd company logo

CyberSecurity presentation for basic knowledge about this topic

Download as PPT, PDF
P
piyushkamble6

Cybersecurity skills that are in high demand include networking and system administration, knowledge of operating systems and virtual machines, coding, cloud security, artificial intelligence, and an understanding of hacking. Secure web browsing is important, and some signs that a website is secure include URLs beginning with "https" instead of "http" and a lock icon displayed in the web browser window.

Related slideshows

Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
1 of 50
UNIT-3 Cyber Security
Introduction We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber  technology that includes systems, networks, programs, and data. Security  concerned with the protection of systems, networks, applications, and information. It is also called Electronic Information Security or Information Technology Security.
CyberSecurity presentation for basic knowledge about this topic
Motivation
Network Security Surveillance Identity And Access Control (IAM) Software Security Risk Management Security During Software Development Security Against Distributed Denial of Service (DDoS) Applications of Cyber Security
Challenges
CyberSecurity presentation for basic knowledge about this topic
• Any malicious act that attempts to gain access to a computer network without authorization or permission from the owners. • It refers to the wide range of malicious activities that can damage or disrupt a computer system, a network or the information it contain. • Most common cyber threats: • Social Engineered Trojans. • Unpatched Software. • Phishing. • Network worms. Cyber Threat
Cyber threats can come from a wide variety of sources, some notable examples include: • National governments. • Terrorists. • Industrial secret agents. • Rogue employees. • Hackers. • Business competitors. • Organization insiders.
• Threats can be classified by multiple criteria: • Attacker's Resources • Attacker's Organization • Attacker's Funding • On basis of these criteria, threats are of three types: • Unstructured Threats • Structured Threats • Highly Structured threats Cyber Threat Classifications
• Resources: Individual or small group. • Organization: Little or no organization. • Funding: Negligible. • Attack: Easy to detect and make use of freely available cyberattack tool. • Exploitation based on documented vulnerabilities.
• Resources: Well trained individual or group. • Organization: Well planned. • Funding: Available. • Attack: Against particular individual or organizations. • Exploitation based on information Gathering. Structured Cyber Threats
• Extensive organization, resources and planning over time. • Attack: Long term attack on particular machine or data. • Exploitation with multiple methods:- Technical, social and insider help. Highly Structured Cyber Threats
Malware refers to malicious software.  It is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems.  It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software
Malware is a program that must be triggered or somehow executed before it can infect your computer system and spread to others. Here are some examples on how malware is distributed: a) Social network b) Pirated software c) Removable media d) Emails e) Websites How Malware Spreads?
 Viruses  Trojan horses  Worms  Spyware  Zombie  Phishing  Spam  Adware  Ransomware Types of Malware
A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.  Viruses can also replicate themselves.  All computer viruses are manmade.  Viruses copy themselves to other disks to spread to other computers.  They can be merely annoying or they can be vastly destructive to your files. Viruses
 Macro virus  Boot virus  Logic Bomb virus  Directory virus  Resident virus
A Trojan Horse program has the appearance of having a useful and desired function. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer.  A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort.  These are often used to capture your logins and passwords Trojan Horses
CyberSecurity presentation for basic knowledge about this topic
 Remote access Trojans (RATs)  Backdoor Trojans (backdoors)  IRC Trojans (IRC bots)  Keylogging Trojans
A computer worm is a self-replicating computer program.  It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention.  It does not need to attach itself to an existing program. Worms
Spyware is a type of malware installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Spyware programs lurk on your computer to steal important information, like your passwords and logins and other personal identification information and then send it off to someone else Spyware
Zombie programs take control of your computer and use it and its Internet connection to attack other computers or networks or to perform other criminal activities. Zombie
Phishing (pronounced like the word 'fishing') is a message that tries to trick you into providing information like your social security number or bank account information or logon and password for a web site. The message may claim that if you do not click on the link in the message and log onto a financial web site that your account will be blocked, or some other disaster Phishing
Spam is email that you did not request and do not want. One person's spam is another's useful newsletter or sale ad. Spam is a common way to spread viruses, trojans, and the like Spam
Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often software and applications offer “free” versions that come bundled with adware. Adware
Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom. The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer. Ransomware
Cyber Attacks
• Advanced Persistent Threat (APT): • A network attack in which an unauthorized person gains access to network and stays there undetected for a long period of time. • Backdoor: • Method of bypassing normal authentication and gaining access in OS or application. Types of Cyber Attacks
• Buffer Overflow: • An exploit that takes advantage of the program that is waiting for a user’s input. • Man-in-the-middle Attack: • This attack intercepts and relays messages between two parties who are communicating directly with each other. Types of Cyber Attacks Contin….
• Cross-Site Scripting (XSS): • A code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser. • Denial of Service Attack: • Any attack where the attackers attempt to prevent the authorized users from accessing the service.
• SQL injection: • A very common exploited web application vulnerability that allows malicious hacker to steal and alter data in website’s database. • Zero-day exploit: • A vulnerability in a system or device that has been disclosed but is not yet patched.
• A successful cyber attack can cause major damage to organizations or systems, as well as to business reputation and consumer trust. • Some potential results include: • Financial loss. • Reputational damage. • Legal consequences. Impacts of Cyber Attacks
 NMAP  Wireshark  Metasploit  Aircrack  Hashcat  Burpsuite…… etc. Tools for Cyber Security Assessment
 NMAP NMAP (Network Mapper) is an open-source tool used for scanning the networks. It is mainly useful to discover hosts, information gathering about the network devices on which service or port is open publicly .  NMAP supports major OS platforms like Windows, Linux and even MAC OS. The main advantage of NMAP is flexible, easily portable, free, and well documented.
NMAP In other words, you can use Nmap to scan IP addresses, search for security loopholes, and scan for open ports on your computer network by sending packets and analyzing the responses. What Does Nmap Do? Scan every active IP address Perform entire network scanning Identify server vulnerabilities Develop visual mappings. Automate system and vulnerability scans
Wireshark Wireshark is used globally by many for analyzing network protocol. This tool help to capture using pcap, store and analyze each packet in a detailed fashion. Wireshark has many uses, including troubleshooting networks that have performance issues. Cybersecurity professionals often use Wireshark to trace connections, view the contents of suspect network transactions and identify bursts of network traffic. Wireshark supports OS platforms like Windows, Linux, Solaris, macOS etc. Wireshark is also an open-source tool similar to the tcpdump with a user interface option.
Usage of Wireshark Wireshark is a safe tool used by government agencies, educational institutions, corporations, small businesses and nonprofits alike to troubleshoot network issues. Additionally, Wireshark can be used as a learning tool. Common Wireshark Use Cases Here’s a common example of how a Wireshark capture can assist in identifying a problem. The figure below shows an issue on a home network, where the internet connection was very slow.
Common Wireshark Use Cases
AI Based Cyber Threat
AI in Cyber Security
Networking and System Administration Knowledge of Operating Systems and Virtual Machines Coding Cloud Security Artificial Intelligence (AI) An Understanding of Hacking
Secure web-browsing A secure website's URL should begin with "https" rather than "http". The "s" at the end of "http" stands for secure and is using an SSL (Secure Sockets Layer) connection. THE LOCK ICON Another sign to look for is the "Lock" icon that is displayed somewhere in the window of your web browser. Different browsers may position the lock in different places, but a few examples of what it may look like can be found here:
Recognize suspicious links • Inspect short links. They may hide the real destination of the link. • Verify links in unsolicited emails. They may be phishing attempts to get your personal info. • Beware of links with strange character strings. They may contain malware or phishing. • Check a link yourself by hovering your cursor over it without clicking. You can see the real address in the lower left corner of your browser. • Copy the address for testing. You can use online tools to scan the link for malware or phishing. • Phishtank: PhishTank is a collaborative clearing house for data and information about phishing on the Internet. • PhishTank | Join the fight against phishing
Update Browsers and plugins Add-ons (Plugins and Extensions), like the Web Browser on which it is installed, also need to be managed and kept up-to-date. Most Add-on Updates address Security Vulnerabilities and Critical Issues that NEED to be resolved. It is VERY IMPORTANT that these are kept up-to-date. How to update Google Chrome 1. Open the Google Chrome web browser. 2. Click the ellipses menu icon, located in the top right corner. 3. Click the Settings button, located near the bottom of the list. 4. Click About Chrome, located toward the bottom of the list. 5. If the version of Chrome that you are running is current, the message will read Google Chrome is up to date (Version Number).
Recognize untrusted source warnings • Never click on a link from an untrusted source. • Close windows containing pop-up ads or unexpected warnings by clicking on the “X” button in the uppermost right hand corner of that window, not by clicking within the window. • Use antivirus software, and update it regularly to recognize the latest threats.
Social media security Social media security refers to the measures businesses and individuals take to protect the privacy, confidentiality and information of their social media accounts. It envelops various aspects such as privacy settings, account authentication, awareness of phishing and scams, third-party apps and permissions, secure browsing habits and more. Benefits of social media security • It protects personal privacy • It enhances online reputation management
• Phishing attacks and scams • Imposter accounts • Malware attacks and hacks • Vulnerable third-party apps • Password theft • Privacy settings and data security • Unsecured mobile devices
1. Create a social media policy- A social media policy is a set of guidelines that outline how your business and your employees should use social media responsibly. 2. Require two-factor authentication(2 FA)-Two-factor authentication is not foolproof, but it does provide a powerful extra layer of security for your social media accounts. 2FA is a combination of more than one authentication factor for verification. Example :- Marking biometric attendance using an ID card and fingerprint(biometric). 3. Train your staff on social media security awareness- Even the best social media policy won’t protect your organization if your employees don’t follow it, so train your staff regularly. 4. Regularly check for new social media security issues- Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses

More Related Content

CyberSecurity presentation for basic knowledge about this topic

  • 2. Introduction We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber  technology that includes systems, networks, programs, and data. Security  concerned with the protection of systems, networks, applications, and information. It is also called Electronic Information Security or Information Technology Security.
  • 5. Network Security Surveillance Identity And Access Control (IAM) Software Security Risk Management Security During Software Development Security Against Distributed Denial of Service (DDoS) Applications of Cyber Security
  • 8. • Any malicious act that attempts to gain access to a computer network without authorization or permission from the owners. • It refers to the wide range of malicious activities that can damage or disrupt a computer system, a network or the information it contain. • Most common cyber threats: • Social Engineered Trojans. • Unpatched Software. • Phishing. • Network worms. Cyber Threat
  • 9. Cyber threats can come from a wide variety of sources, some notable examples include: • National governments. • Terrorists. • Industrial secret agents. • Rogue employees. • Hackers. • Business competitors. • Organization insiders.
  • 10. • Threats can be classified by multiple criteria: • Attacker's Resources • Attacker's Organization • Attacker's Funding • On basis of these criteria, threats are of three types: • Unstructured Threats • Structured Threats • Highly Structured threats Cyber Threat Classifications
  • 11. • Resources: Individual or small group. • Organization: Little or no organization. • Funding: Negligible. • Attack: Easy to detect and make use of freely available cyberattack tool. • Exploitation based on documented vulnerabilities.
  • 12. • Resources: Well trained individual or group. • Organization: Well planned. • Funding: Available. • Attack: Against particular individual or organizations. • Exploitation based on information Gathering. Structured Cyber Threats
  • 13. • Extensive organization, resources and planning over time. • Attack: Long term attack on particular machine or data. • Exploitation with multiple methods:- Technical, social and insider help. Highly Structured Cyber Threats
  • 14. Malware refers to malicious software.  It is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems.  It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software
  • 15. Malware is a program that must be triggered or somehow executed before it can infect your computer system and spread to others. Here are some examples on how malware is distributed: a) Social network b) Pirated software c) Removable media d) Emails e) Websites How Malware Spreads?
  • 16.  Viruses  Trojan horses  Worms  Spyware  Zombie  Phishing  Spam  Adware  Ransomware Types of Malware
  • 17. A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.  Viruses can also replicate themselves.  All computer viruses are manmade.  Viruses copy themselves to other disks to spread to other computers.  They can be merely annoying or they can be vastly destructive to your files. Viruses
  • 18.  Macro virus  Boot virus  Logic Bomb virus  Directory virus  Resident virus
  • 19. A Trojan Horse program has the appearance of having a useful and desired function. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer.  A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort.  These are often used to capture your logins and passwords Trojan Horses
  • 21.  Remote access Trojans (RATs)  Backdoor Trojans (backdoors)  IRC Trojans (IRC bots)  Keylogging Trojans
  • 22. A computer worm is a self-replicating computer program.  It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention.  It does not need to attach itself to an existing program. Worms
  • 23. Spyware is a type of malware installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Spyware programs lurk on your computer to steal important information, like your passwords and logins and other personal identification information and then send it off to someone else Spyware
  • 24. Zombie programs take control of your computer and use it and its Internet connection to attack other computers or networks or to perform other criminal activities. Zombie
  • 25. Phishing (pronounced like the word 'fishing') is a message that tries to trick you into providing information like your social security number or bank account information or logon and password for a web site. The message may claim that if you do not click on the link in the message and log onto a financial web site that your account will be blocked, or some other disaster Phishing
  • 26. Spam is email that you did not request and do not want. One person's spam is another's useful newsletter or sale ad. Spam is a common way to spread viruses, trojans, and the like Spam
  • 27. Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often software and applications offer “free” versions that come bundled with adware. Adware
  • 28. Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom. The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer. Ransomware
  • 30. • Advanced Persistent Threat (APT): • A network attack in which an unauthorized person gains access to network and stays there undetected for a long period of time. • Backdoor: • Method of bypassing normal authentication and gaining access in OS or application. Types of Cyber Attacks
  • 31. • Buffer Overflow: • An exploit that takes advantage of the program that is waiting for a user’s input. • Man-in-the-middle Attack: • This attack intercepts and relays messages between two parties who are communicating directly with each other. Types of Cyber Attacks Contin….
  • 32. • Cross-Site Scripting (XSS): • A code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser. • Denial of Service Attack: • Any attack where the attackers attempt to prevent the authorized users from accessing the service.
  • 33. • SQL injection: • A very common exploited web application vulnerability that allows malicious hacker to steal and alter data in website’s database. • Zero-day exploit: • A vulnerability in a system or device that has been disclosed but is not yet patched.
  • 34. • A successful cyber attack can cause major damage to organizations or systems, as well as to business reputation and consumer trust. • Some potential results include: • Financial loss. • Reputational damage. • Legal consequences. Impacts of Cyber Attacks
  • 35.  NMAP  Wireshark  Metasploit  Aircrack  Hashcat  Burpsuite…… etc. Tools for Cyber Security Assessment
  • 36.  NMAP NMAP (Network Mapper) is an open-source tool used for scanning the networks. It is mainly useful to discover hosts, information gathering about the network devices on which service or port is open publicly .  NMAP supports major OS platforms like Windows, Linux and even MAC OS. The main advantage of NMAP is flexible, easily portable, free, and well documented.
  • 37. NMAP In other words, you can use Nmap to scan IP addresses, search for security loopholes, and scan for open ports on your computer network by sending packets and analyzing the responses. What Does Nmap Do? Scan every active IP address Perform entire network scanning Identify server vulnerabilities Develop visual mappings. Automate system and vulnerability scans
  • 38. Wireshark Wireshark is used globally by many for analyzing network protocol. This tool help to capture using pcap, store and analyze each packet in a detailed fashion. Wireshark has many uses, including troubleshooting networks that have performance issues. Cybersecurity professionals often use Wireshark to trace connections, view the contents of suspect network transactions and identify bursts of network traffic. Wireshark supports OS platforms like Windows, Linux, Solaris, macOS etc. Wireshark is also an open-source tool similar to the tcpdump with a user interface option.
  • 39. Usage of Wireshark Wireshark is a safe tool used by government agencies, educational institutions, corporations, small businesses and nonprofits alike to troubleshoot network issues. Additionally, Wireshark can be used as a learning tool. Common Wireshark Use Cases Here’s a common example of how a Wireshark capture can assist in identifying a problem. The figure below shows an issue on a home network, where the internet connection was very slow.
  • 41. AI Based Cyber Threat
  • 42. AI in Cyber Security
  • 43. Networking and System Administration Knowledge of Operating Systems and Virtual Machines Coding Cloud Security Artificial Intelligence (AI) An Understanding of Hacking
  • 44. Secure web-browsing A secure website's URL should begin with "https" rather than "http". The "s" at the end of "http" stands for secure and is using an SSL (Secure Sockets Layer) connection. THE LOCK ICON Another sign to look for is the "Lock" icon that is displayed somewhere in the window of your web browser. Different browsers may position the lock in different places, but a few examples of what it may look like can be found here:
  • 45. Recognize suspicious links • Inspect short links. They may hide the real destination of the link. • Verify links in unsolicited emails. They may be phishing attempts to get your personal info. • Beware of links with strange character strings. They may contain malware or phishing. • Check a link yourself by hovering your cursor over it without clicking. You can see the real address in the lower left corner of your browser. • Copy the address for testing. You can use online tools to scan the link for malware or phishing. • Phishtank: PhishTank is a collaborative clearing house for data and information about phishing on the Internet. • PhishTank | Join the fight against phishing
  • 46. Update Browsers and plugins Add-ons (Plugins and Extensions), like the Web Browser on which it is installed, also need to be managed and kept up-to-date. Most Add-on Updates address Security Vulnerabilities and Critical Issues that NEED to be resolved. It is VERY IMPORTANT that these are kept up-to-date. How to update Google Chrome 1. Open the Google Chrome web browser. 2. Click the ellipses menu icon, located in the top right corner. 3. Click the Settings button, located near the bottom of the list. 4. Click About Chrome, located toward the bottom of the list. 5. If the version of Chrome that you are running is current, the message will read Google Chrome is up to date (Version Number).
  • 47. Recognize untrusted source warnings • Never click on a link from an untrusted source. • Close windows containing pop-up ads or unexpected warnings by clicking on the “X” button in the uppermost right hand corner of that window, not by clicking within the window. • Use antivirus software, and update it regularly to recognize the latest threats.
  • 48. Social media security Social media security refers to the measures businesses and individuals take to protect the privacy, confidentiality and information of their social media accounts. It envelops various aspects such as privacy settings, account authentication, awareness of phishing and scams, third-party apps and permissions, secure browsing habits and more. Benefits of social media security • It protects personal privacy • It enhances online reputation management
  • 49. • Phishing attacks and scams • Imposter accounts • Malware attacks and hacks • Vulnerable third-party apps • Password theft • Privacy settings and data security • Unsecured mobile devices
  • 50. 1. Create a social media policy- A social media policy is a set of guidelines that outline how your business and your employees should use social media responsibly. 2. Require two-factor authentication(2 FA)-Two-factor authentication is not foolproof, but it does provide a powerful extra layer of security for your social media accounts. 2FA is a combination of more than one authentication factor for verification. Example :- Marking biometric attendance using an ID card and fingerprint(biometric). 3. Train your staff on social media security awareness- Even the best social media policy won’t protect your organization if your employees don’t follow it, so train your staff regularly. 4. Regularly check for new social media security issues- Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses

Editor's Notes

  1. Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off.
  2. What is a Trojan Horse Virus? Types & Prevention in 2023 (wallarm.com)
  3. Nmap is a network scanning tool
  4. How to Use Nmap | UpGuard
  5. Top 8 In-Demand Cybersecurity Jobs for 2024 and Beyond (techtarget.com)
  6. How to Test a Suspicious Link Without Clicking It (lifewire.com)
  7. Web Browsers: Update Browsers & Manage Add-ons - GROK Knowledge Base (lsu.edu)
  8. Social Media Security Tools and Tips to Mitigate Risks [2024] (hootsuite.com)